diff --git a/.gitignore b/.gitignore index fcc5638..9a74f5b 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ build include lib sqlite +examples/ca/CA.pl diff --git a/examples/ca/CA.pl.diff b/examples/ca/CA.pl.diff new file mode 100644 index 0000000..366b67f --- /dev/null +++ b/examples/ca/CA.pl.diff @@ -0,0 +1,22 @@ +--- CA.pl 2019-10-12 19:56:43.000000000 +0000 ++++ CA.pl 2020-03-05 07:58:41.112690266 +0000 +@@ -25,8 +25,8 @@ + my $verbose = 1; + + my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || ""; +-my $DAYS = "-days 365"; +-my $CADAYS = "-days 1095"; # 3 years ++my $DAYS = "-days 36500"; ++my $CADAYS = "-days 365000"; # 1000 years + my $REQ = "$openssl req $OPENSSL_CONFIG"; + my $CA = "$openssl ca $OPENSSL_CONFIG"; + my $VERIFY = "$openssl verify"; +@@ -34,7 +34,7 @@ + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "./CA"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; diff --git a/examples/ca/CA/cacert.pem b/examples/ca/CA/cacert.pem new file mode 100644 index 0000000..a537cac --- /dev/null +++ b/examples/ca/CA/cacert.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Validity + Not Before: Mar 5 09:05:10 2020 GMT + Not After : Jul 7 09:05:10 3019 GMT + Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b: + 11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7: + a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3: + ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f: + 51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0: + e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d: + 36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78: + a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed: + 68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16: + 60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1: + c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f: + 24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2: + 3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9: + e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe: + 44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7: + e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05: + b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33: + 56:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + X509v3 Authority Key Identifier: + keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11: + b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50: + 39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba: + 4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee: + a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48: + 00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e: + e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da: + ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4: + 22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41: + 97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93: + 4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc: + 2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29: + 37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73: + 98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5: + 66:75:e8:70 +-----BEGIN CERTIFICATE----- +MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv +VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg +Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx +EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex +GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a +7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ +6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx +3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y +P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b +37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE +FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ +nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG +HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV +uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m +v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5 +eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM +3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ +InkfP2hv9WZ16HA= +-----END CERTIFICATE----- diff --git a/examples/ca/CA/careq.pem b/examples/ca/CA/careq.pem new file mode 100644 index 0000000..af1cf15 --- /dev/null +++ b/examples/ca/CA/careq.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxETAP +BgNVBAcMCERlYnJlY2VuMQ8wDQYDVQQKDAZjb1RVUk4xCzAJBgNVBAMMAkNBMRsw +GQYJKoZIhvcNAQkBFgxtaXNpQG1hamQuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDYdipZRHPaJTiTVNjFKxG9MIAhX0eVfetePpgNp6gwjAdtGu6J +wUzMZIGQs6tUH5tyI8UvCjJSvietL1HuYp7tRNC6qnJnA6LuoONdnjfs7gspWejY +1YShbTZdhWsNc6Ay/rb6me+MeKkC9Dq9E7wam3JVC+cM7WgAwud4St/OFCqZ8d6X +FmBE8fz4dOUzMcz5/12ewcfGIXVICCb1fPFW7BXFfyQPCAN04NoQvz2QZwkesj+0 +9BXfU+ho6NEoji03+eA6oykAPQpmfHGrVOXa/kQYPLS+xc5JJozMq4iPt+OtW9+y +1KP4qQZPOG63BbM6vWPN9yYV4Jj9MH7TM1aNAgMBAAGgADANBgkqhkiG9w0BAQsF +AAOCAQEAmvXWsoJQneJFFHb+qTNjkA3sHduyB+kQ5qUVlFoT6U6IKyWnVUqAKc9a +eFKw94yq/01cqOBd4MWKTg9k/wjjmkJA9WtXMrVq8HW1rKVRCCJxtzUKTR3pet/z +gs3YwbTlqpljtpn3qEzspMaeyvh391A4IVykDZHGR12+4LqZhoUyGl1QJ7KgQwGM ++Vi2TL3fY8PDxvGFmGvWnUIWYkB31vAuDz1xOqm2JlP0kTHMUPiVBlwJVuHdATy2 +sWZEzsNnXBt2vAVwhTdFEajF4ut8guPQWW8XcTiaEOGJUIY8J4Yb2wqHk+4HsIFV +i2vua41jc90Ki3EA0+QDB7BJAvC4yw== +-----END CERTIFICATE REQUEST----- diff --git a/examples/ca/CA/crlnumber b/examples/ca/CA/crlnumber new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/examples/ca/CA/crlnumber @@ -0,0 +1 @@ +01 diff --git a/examples/ca/CA/index.txt b/examples/ca/CA/index.txt new file mode 100644 index 0000000..bc5700a --- /dev/null +++ b/examples/ca/CA/index.txt @@ -0,0 +1,3 @@ +V 30190707090510Z 4C9BEC95D121491D5D65A71A614667DD42186546 unknown /C=HU/ST=Hungary/O=coTURN/CN=CA/emailAddress=misi@majd.eu +V 300303090521Z 4C9BEC95D121491D5D65A71A614667DD42186547 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/emailAddress=misi@majd.eu +V 300303090542Z 4C9BEC95D121491D5D65A71A614667DD42186548 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Client/emailAddress=misi@majd.eu diff --git a/examples/ca/CA/index.txt.attr b/examples/ca/CA/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/examples/ca/CA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/examples/ca/CA/index.txt.attr.old b/examples/ca/CA/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/examples/ca/CA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/examples/ca/CA/index.txt.old b/examples/ca/CA/index.txt.old new file mode 100644 index 0000000..46b0a92 --- /dev/null +++ b/examples/ca/CA/index.txt.old @@ -0,0 +1,2 @@ +V 30190707090510Z 4C9BEC95D121491D5D65A71A614667DD42186546 unknown /C=HU/ST=Hungary/O=coTURN/CN=CA/emailAddress=misi@majd.eu +V 300303090521Z 4C9BEC95D121491D5D65A71A614667DD42186547 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/emailAddress=misi@majd.eu diff --git a/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186546.pem b/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186546.pem new file mode 100644 index 0000000..a537cac --- /dev/null +++ b/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186546.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Validity + Not Before: Mar 5 09:05:10 2020 GMT + Not After : Jul 7 09:05:10 3019 GMT + Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b: + 11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7: + a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3: + ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f: + 51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0: + e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d: + 36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78: + a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed: + 68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16: + 60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1: + c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f: + 24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2: + 3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9: + e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe: + 44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7: + e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05: + b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33: + 56:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + X509v3 Authority Key Identifier: + keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11: + b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50: + 39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba: + 4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee: + a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48: + 00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e: + e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da: + ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4: + 22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41: + 97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93: + 4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc: + 2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29: + 37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73: + 98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5: + 66:75:e8:70 +-----BEGIN CERTIFICATE----- +MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv +VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg +Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx +EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex +GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a +7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ +6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx +3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y +P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b +37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE +FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ +nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG +HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV +uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m +v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5 +eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM +3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ +InkfP2hv9WZ16HA= +-----END CERTIFICATE----- diff --git a/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186547.pem b/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186547.pem new file mode 100644 index 0000000..2a1fea8 --- /dev/null +++ b/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186547.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Validity + Not Before: Mar 5 09:05:21 2020 GMT + Not After : Mar 3 09:05:21 2030 GMT + Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/emailAddress=misi@majd.eu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac: + cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04: + 57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00: + b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d: + f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e: + 5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d: + 40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8: + 02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51: + 2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f: + bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b: + 2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39: + ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5: + 02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df: + 09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81: + f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1: + 70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6: + 26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3: + 7b:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F + X509v3 Authority Key Identifier: + keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f: + 21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a: + 1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b: + 99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2: + 83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68: + b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7: + 2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22: + a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64: + 36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3: + 84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1: + ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6: + 93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07: + 91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c: + 9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2: + 06:0e:88:d7 +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv +VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe +Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw +DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U +VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s +z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s +yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5 +TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO +YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI +deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j +e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud +IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht +EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA +DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt +p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER +ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW +GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc= +-----END CERTIFICATE----- diff --git a/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186548.pem b/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186548.pem new file mode 100644 index 0000000..22cb0b1 --- /dev/null +++ b/examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186548.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Validity + Not Before: Mar 5 09:05:42 2020 GMT + Not After : Mar 3 09:05:42 2030 GMT + Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/emailAddress=misi@majd.eu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e: + bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01: + 2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c: + 92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76: + 58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0: + b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35: + 92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b: + 36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5: + de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c: + 74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c: + e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa: + f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf: + 35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c: + c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61: + a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac: + fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39: + 74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f: + 7c:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C + X509v3 Authority Key Identifier: + keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a: + a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc: + 64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b: + 8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea: + 2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6: + 8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8: + ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b: + bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82: + dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5: + 51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46: + ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25: + 0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab: + f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0: + 4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10: + 2a:7e:cc:b6 +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv +VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe +Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw +DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U +VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+ +v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1 +OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz +j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc +jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV +OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP +fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud +IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb +KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x +1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb ++eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH +Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P +RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY= +-----END CERTIFICATE----- diff --git a/examples/ca/CA/private/cakey.pem b/examples/ca/CA/private/cakey.pem new file mode 100644 index 0000000..8b102d3 --- /dev/null +++ b/examples/ca/CA/private/cakey.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeK2OY7PJbzYCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKP+q72oc4q7BIIEyHkaZfqjSX9W +HIHqbQtHOMlAtqSxmAyV6C3pXLwNuEpo4cYwyPUdJwMNxm8OjsxuH708daZu5QWl +7EVNV4WY9ff4/4geJAp9ZrqJN5TsgFIUyss5NzHjTMPUz/yunr0Hk5OOVLusTCqF +Ys0Qdo2Gy33NZCK53U22pa0S/szppN4DIDujSOuUAiyxJdz12cCUyw/OlAXvDLJb +I9oObKWpbYBtJSLk5aWblZDUTVmFWngkTIc76wchBXu7WntLjXdMG2lv4Gy/ozUb +vsYvEADNRJFOpYyfWvmEFNKvEcVxfzshnms9TdzhDCmYhmYR+NfamYq5Om+81Pv3 +h+z1Zd7x3uYs8NM+DbRKhwHS6jkQCxelWdQbeSJj/Fz9VpWSrJlkmhXI+7qkBCsv +DVoz017Y2zK/iM5JRPTH65tnNMeH61Zj4EOHBEzMBE6EvugJcSqPXfBKtVMwVAzV +Mva8gtOlMN0Ce9dmG+HZKDek6S++5AbkxuOwRb+YOVXjUrNXXf0YqglM9Nb/RCr4 +Z+gkuTCwARJZqjebZnUw1mSZp2R89X774wNDHAlw96tSW2OZlfPmbvXBnwT7QwPm +YBZT6CrLL7LEIs0G5zFh1L/PCQi7EyNaE9Ixw52nqc5Ej2M6Rj6XcdCRdw5IKmh/ +BbTzD0LxfNh+XKpAIzkuNfGkwUVtfldmfpW3xRKzI1o+rbgDGMA/eEFYWmyE9326 +/vsv7daE4zWAG4O5OdGKMKBABCqM92X2YU7bZoNQS25dy7uZsQ8zvkcI1Q1GKMW0 +Lg2oDTSTSrPRVgLAcb0o06Frvler5F277OBfBm1+6+7aL3hct4TZjb+0pp5SuxrS +7PpRXMFYzbQ+Z7YrRv6uwrrxVl99Ok/jBGLYT+CllZ+PNvRbcgsy0xUIz6KTbQQZ +H4qqkObdKFHQLqfP9+YUwjE2akR/prOR2Dfoq648L/eEF4qpGCADaXFoHODWfiqz +VQHvLP4FN4ppYn3jB4lSTIl+7s92XznK5aN5AERRdUIfjPnZB8lQkDP/qwwCI0Ki +SRxUtsrMef1biTKL5HI3On2wPLFQCGVEmiQoD8uEqaB/vAdJy5ZdQ3HA547TxLmy +TJ6je8QMFUcO3n1pJWeUHuL+WyGrcstOEkZiFQyVpAFFeS7h6u2UI7HyNXGaP1mk ++vWulewlMjWHw05qG9wLqEiDkpZgmx4garfWbR2rggBu1Jlg4svS2jdmytuKQ735 +E1e5g7TCSzv6sHzdHfQ2WaVvfM5YfxqWpgPhNH2t7rScoLTvI2txyhpIIEIMn+ip +tBM15Ai+L92gr4wLJlsBOcKOWSN46ucqQsGla3so0PZAtU4hVPEJ+PzaR2czStUk +MzrKfG1qox+JW8BBiW2zV2idKy2440Sn/NSqMyvZgEFn7GDaAcTsZi2FhRLT1Fg+ +2c5viBTaCRdh20QDQQu3skEhbFU5GjeZEqCO25hX5L3BZPnQtwQujc2RU9aGWwPm +o/nrp8ilBRI18qFdxfqFEV6ftdVNXlrV+cMgtuwPNX6vnmKWjN67/cDIUML3ab+e +9cx0rBvCBvMn7Q0AvY/RcsVP0DaLmov7ciuvih0ptCgYThov7FJ2V+q+2LbNLwSc +qpi/6R+l6bIjP0UITKZlug== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/examples/ca/CA/serial b/examples/ca/CA/serial new file mode 100644 index 0000000..a094257 --- /dev/null +++ b/examples/ca/CA/serial @@ -0,0 +1 @@ +4C9BEC95D121491D5D65A71A614667DD42186549 diff --git a/examples/ca/CA/serial.old b/examples/ca/CA/serial.old new file mode 100644 index 0000000..bfc6fa1 --- /dev/null +++ b/examples/ca/CA/serial.old @@ -0,0 +1 @@ +4C9BEC95D121491D5D65A71A614667DD42186548 diff --git a/examples/ca/openssl.conf b/examples/ca/openssl.conf new file mode 100644 index 0000000..e18aa4e --- /dev/null +++ b/examples/ca/openssl.conf @@ -0,0 +1,364 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# System default +openssl_conf = default_conf + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./CA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 3650 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = HU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Hungary + +localityName = Locality Name (eg, city) +localityName_default = Debrecen + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = coTURN + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +#organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = misi@majd.eu +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 + +#unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./CA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) +[default_conf] +ssl_conf = ssl_sect + +[ssl_sect] +system_default = system_default_sect + +[system_default_sect] +MinProtocol = TLSv1.2 +CipherString = DEFAULT@SECLEVEL=2 diff --git a/examples/ca/run.sh b/examples/ca/run.sh new file mode 100755 index 0000000..77d6f86 --- /dev/null +++ b/examples/ca/run.sh @@ -0,0 +1,16 @@ +#!/bin/bash +#set -x +# key passwd: coTURN +cp /usr/lib/ssl/misc/CA.pl ./CA.pl +patch < CA.pl.diff +export OPENSSL_CONFIG="-config openssl.conf" +./CA.pl -newca + +for i in "server" "client"; +do + ./CA.pl -newreq-nodes + ./CA.pl -signCA + mv newcert.pem turn_${i}_cert.pem + mv newkey.pem turn_${i}_pkey.pem + rm newreq.pem +done; diff --git a/examples/ca/turn_client_cert.pem b/examples/ca/turn_client_cert.pem new file mode 100644 index 0000000..22cb0b1 --- /dev/null +++ b/examples/ca/turn_client_cert.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Validity + Not Before: Mar 5 09:05:42 2020 GMT + Not After : Mar 3 09:05:42 2030 GMT + Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/emailAddress=misi@majd.eu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e: + bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01: + 2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c: + 92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76: + 58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0: + b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35: + 92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b: + 36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5: + de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c: + 74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c: + e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa: + f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf: + 35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c: + c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61: + a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac: + fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39: + 74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f: + 7c:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C + X509v3 Authority Key Identifier: + keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a: + a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc: + 64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b: + 8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea: + 2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6: + 8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8: + ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b: + bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82: + dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5: + 51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46: + ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25: + 0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab: + f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0: + 4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10: + 2a:7e:cc:b6 +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv +VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe +Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw +DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U +VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+ +v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1 +OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz +j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc +jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV +OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP +fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud +IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb +KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x +1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb ++eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH +Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P +RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY= +-----END CERTIFICATE----- diff --git a/examples/ca/turn_client_pkey.pem b/examples/ca/turn_client_pkey.pem new file mode 100644 index 0000000..f48c322 --- /dev/null +++ b/examples/ca/turn_client_pkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvbTgxIxIS51qN +7RwCfr/C73rRwLJLtDibp13dASyg53xbek1xS8lbd+izTJJbjENXtsmMRGZqnozy +dlii9TijT++vWse/5XKYwLguoXXMFou/o2rm/cklNZIxsngqQnuhziW+MkVuCzYi ++Gyc84+/yIx51VkC9d4fZ/zvxyeIpzWx1+7cHHQR/DxWM7XniM7zztu5PODrFbwA +Xyn0nI5NYd/aqvT8++dLddzcz/BLO2fPvzW4D1sglGDdO+V67A4wLMH79iFb7YA0 +nVlclTmiYaQT+le59YXUob+Rz9fcrPoyR+7ShpsU0TWIHi2fOXSG3vEE3uE5L6iR +v4v3T3zlAgMBAAECggEBAINzP+vx75UirwQybA6ik2aqtEmALxnzDYf1PaxhOOPJ +EbIqTuVaeKOFkmToN7NJwxxy50un5WZ3L/5vF7PkNHCLcXrgd1UfxWMY5eprKi2n +p0gOWAiGmra7EbUTml9wOdvg8P84BDaVSBekNx7Ukx6OVFTmvTAutCascSfq/4Cx +K71zaW/I9hrU8oNDBDzolVW4gW8ObNLGhoDqmvkoXrlrGEBNqkuErbbYZA1k/001 +lurEh7Zp7Kp6jjHcRm83a7bWiRYGtv1K9kR9MKKLW7au8zyjYcesTvS2QjY+k20W +vE2kmyAosbJShFzTmZn8kwgh6c0BPyFDEI5XleMeefECgYEA6ZhgG87wyU4RDU1N +PxLV9ufbSYpW91KP1iuZ5Z6QdLGWZeWKjvxtoLAa3z9ceIBVvFqCGDn4DfwIaNLe +tGsjeyXre1R3/B0S/oAJbmbRV4pWl/jSzgbzCTGW7x1mpqgpJdHFmTbqTxkNB6cM +fpzTPfM012KfRglD9D+2DTOCyEsCgYEAwECXQRIe7/657J68GHSBCaQ+rzDL3nRe +exe4duHyXok0yohk7OiPepKQ1hdYq2PHhGEj6b5OgFppWeA66M/ndjX4S10oCtN0 +oEb7honFz4ZmHmqQ6UotAuBx7tq06v+KI/eTvefTVh9mujdwMW4sAowhx9Dw6PkR +ipFCdi458Y8CgYEAhJ//ySoYKaMKKWw/NFVkZ9fB+CH0OF2GzslYijcZuzdstZO6 +tG37bCUwTJozzTLH+rXEcS7QeFglCibXTMYbkfq4lQAjU1/KffaB5E26A6LGgWhD +f7gQWqLuF/qwYmTNX+yW7ONx6tDFRhgBDw3JHb4svTEATwpJq65UlXAui7sCgYBD +krBXO8JKApNg+s4MHm74b5VkyFbv4qEOzOCWUIZ6+ejnQxeOOZOstnVX+q681v5a +pjYUQ0KeVKjw4SJzkBe/8epKuvyHCZnVd/2SZTx0271q9XPnu52khDUnihHLA3SP +fcadGi2q+LCHxVKW3S1028JH1EXI7TpgJPxiQ480OwKBgQDmi0BiSFaxNVcJm+pq +rbmK2pRPl49VOlc7px89ilZgoIeU8jwWQyqXRooarFhV1H0SA6oh52jYljiIIFVn +qwKfS3Sjo6iW3ytjGcRLeNS0Sk8D2XMky7Mw120ZxatTsKw3ztmYFAlSYdxRMnue +zkYzcxL3N2LvHeY8SOwyxayfxg== +-----END PRIVATE KEY----- diff --git a/examples/ca/turn_server_cert.pem b/examples/ca/turn_server_cert.pem new file mode 100644 index 0000000..2a1fea8 --- /dev/null +++ b/examples/ca/turn_server_cert.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu + Validity + Not Before: Mar 5 09:05:21 2020 GMT + Not After : Mar 3 09:05:21 2030 GMT + Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/emailAddress=misi@majd.eu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac: + cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04: + 57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00: + b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d: + f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e: + 5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d: + 40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8: + 02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51: + 2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f: + bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b: + 2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39: + ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5: + 02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df: + 09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81: + f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1: + 70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6: + 26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3: + 7b:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F + X509v3 Authority Key Identifier: + keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42 + + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f: + 21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a: + 1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b: + 99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2: + 83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68: + b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7: + 2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22: + a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64: + 36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3: + 84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1: + ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6: + 93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07: + 91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c: + 9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2: + 06:0e:88:d7 +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv +VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe +Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw +DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U +VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s +z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s +yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5 +TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO +YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI +deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j +e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud +IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht +EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA +DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt +p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER +ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW +GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc= +-----END CERTIFICATE----- diff --git a/examples/ca/turn_server_pkey.pem b/examples/ca/turn_server_pkey.pem new file mode 100644 index 0000000..980bbe0 --- /dev/null +++ b/examples/ca/turn_server_pkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC82/cXNRd8Rnlk +iWFfrM+PbZcTh4rW8avf9mlOBFfBTWw9d8lQDT22ic2sALUCReRMeO9vGH5XTrxi +TfbebMh36sWytGUtRna/Xl/4RXhV9E0grJHwTyPLXUApRN6c9wrmSKSANd3L6AKQ +Wfcx+UxQ/pjv3X9gUS1EChSiV5ZRNj9zZttFX72d9II6zqt1T9CQbUPRey93MYjb +L0qpTmI5xxR/Oe/iCLcYp2z42TXVo/hk9QJRIhuOesVErt+xFwtx3wmCiUlwxZug +8zwCSHXngfkkUVYkO/+4aNMTLqL00XAzqXrWF/3KpWsTdMnOtiZPAf/rurX5oXCA +2hHfo3tPAgMBAAECggEALGPXVBEakA9QgRz5Ui+gKaoslF6Ld7IeH+ofHkNPDRRR +mLELFFHIa5tASGlyIjKjUoYqYQZ0y7ip9sE0gVs4U1dPWI2mKlohlyFrlUNe4XUm +m8N0GfPAChDE/+48FNDMMwxn/eqrUz4ZPCypOYnLMk5lTBvX0J/D7/Yem3nSzwt1 +qkZoijxZH5IvJAJkBWvucRuJ8XxHzOAo2V2Y+wTdilcJhfCvqGC0rkydjaN6TtRW +HWKvAOa7hEegNBbZhHhKfw5ovQwj9Cnr2+8gaTSw5gVaZNnhCO+TlUfQHIBH9rmt +82SHu1QoYSGMvkjlrrKhRYHrx+4P4TXoZ6eB1hl3QQKBgQDmwUOkh6qwL2dtcrF1 +bVdRZjb1bw6L8qZAgUkcA1IaLVUlhjEJZGXAoPbLn6Vq+jfOvaYLmzEaLcpn3pfx +Hwcb1vnNW7dlXC1vpIWXPZP4IPJV4XsL1AgoEj6mgETHxvC+4cLc2gaMY5o5TzUv +VdV/A7SIqxAyPccXt1u/eITfNwKBgQDRhVTTJiBsGGjOetfgNqNGxpkKB6W4cET9 +EyC1c7Lh40lioA2G8lzhFCdK9VZ+cAT51Bmkr5jq29EyMafSy3e4+PG8ZLHVL0ll +qBY4vSzHQNcGvUgh+15g6ISgCbM0eSsAea3LY+fmchz6mBS6DhyMkYPSbV+7YvHJ +PSnfTkTgqQKBgQCO+SQOJzjs3RI6UBv/4/V8K9bVjy/2Kiw0P2arAqu2KGxfSZvM +c/ZPuevwEkSN2ecGI59kBY4Q6FpGrTZ7YXwoFbTFNpSVKt3EFK3pHXA3B0LfT0vL +8l3zZgqHY2Y6WdsEiiEQcc4o4fXGmHsdjxMvFX6gR01Ls9dNrIAeTHAXVQKBgGoL +Q72C5JIRYKpw/mYbAVTHG5o5+KR7Hk/AqKNuJbGyqefi/jW44U2CN8j2l4pzA/G2 +aiwyPAFStHTlMP29waC7Tw59IIy33Dw5cNXS2aEXrj1Y+/NHGKOPy+B8SFlcomkh +LNduf2bhhs1Gv+bTUZvL4p5UgUmEcL/b1x+Qq8fRAoGBAIpNCp4W+TsPUJcQKoWm +L61RVr5GaHv7/qxQvYaXIVCq8/gZAbJi3/A9ieTrF72uuOZ+ajzFHDUiiDs19y67 +mCvCchPgqzLy9iSs6mm8fmS6kJnWn04I+7DOfe7kScUnD5WkyNaTYAeOqvdWzl/i +B1hQJJ9GzZG5Rztlotm5m/JY +-----END PRIVATE KEY----- diff --git a/examples/etc/cacert.pem b/examples/etc/cacert.pem new file mode 120000 index 0000000..126f30f --- /dev/null +++ b/examples/etc/cacert.pem @@ -0,0 +1 @@ +../ca/CA/cacert.pem \ No newline at end of file diff --git a/examples/etc/turn_client_cert.pem b/examples/etc/turn_client_cert.pem deleted file mode 100644 index 2e00e7e..0000000 --- a/examples/etc/turn_client_cert.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDzjCCArYCCQD3YHhln4EqhDANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxKzApBgNVBAoT -IlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3QxFDASBgNVBAsTC2Rl -dmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAy -NjdAZ21haWwuY29tMCAXDTEyMTEyNzAwNDEwNVoYDzIxMTIxMTAzMDA0MTA1WjCB -pzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3Jl -ZWsxKzApBgNVBAoTIlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3Qx -FDASBgNVBAsTC2RldmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcN -AQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEosxFd -dEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40pwcm -BJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PBXinM -gtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKAqDYd -FY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1skOXF -Vm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB -AQAhXgGdXXf0dMPdkfl4jv4dqFNSmax6wmeNc+oJC9qIFVDLsdAaAWXZ+pZHYIMR -UN8mQobsIZdfPQ0gs8CgUwrKziAjA92y2Q/I7vsg83qRLhysGC5etYMD/wlySDDS -AJKraevDPTEdmfNstCblubNG2PIeqV1isWtPMqB2dMsCeyzJXVyfD0QcABzFv4Fs -MMy7JI7MsctNh1tjV/0TsddDMeMLs22rix5fS8MZ6uunFzIuJ0MshFNehXFuvz0B -uNmn0k7djUm3h+2Avs3YGCo/8GtqHapc/lva/9gT+iEW0e7i0Ru5Jhar66VMzJqv -+wEhQafC77d3vWHtXQU8dYmM ------END CERTIFICATE----- diff --git a/examples/etc/turn_client_cert.pem b/examples/etc/turn_client_cert.pem new file mode 120000 index 0000000..d6e90b6 --- /dev/null +++ b/examples/etc/turn_client_cert.pem @@ -0,0 +1 @@ +../ca/turn_client_cert.pem \ No newline at end of file diff --git a/examples/etc/turn_client_pkey.pem b/examples/etc/turn_client_pkey.pem deleted file mode 100644 index 11f9d2a..0000000 --- a/examples/etc/turn_client_pkey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEo -sxFddEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40 -pwcmBJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PB -XinMgtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKA -qDYdFY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1s -kOXFVm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABAoIBAH5ITN8FZEe10gws -qUrkcRD2h3aI/gMyetzGz45UUERmfq17xvY5M1eA884kNmbowoMhfoO9hqBSOYkA -Ndh9p5he5L+GLeyRlDi9WEFQ4iqCnC2uEEW/bMBAcVIhcvkGOT4ROiOPDRlsuaUh -v7cxe2OeYZVra7L1vJzC+eVYyNBN5CgK8w08MPEkupQS9+Jvr0QWCikRz187cG45 -EiDMrBKyJNE9lY6u4P8gJ+/NgaASWP/D3kbsjiQ2OwSGLrwDAvWC7Bx2GK3/0goA -btp7YGaWvp+mE5V91cOW+PfweC5Do4MjOr4ToNkczW0AxKE5o94yo56h+II5bX6N -z65VvtkCgYEA/Sq/3S2yup/Oodzj003KG4skWYFrj7KXeXgm7RZcpNwkd8JaFXJ/ -Cwl7/3bkRv6RHLmXX/2hcNWlxq3u6Efs1EjtycdArU68kO01vLdExJYIzHKmHikV -n+T4hukxGDzObxn3lH1KcOodh/x572Uufn79dewoZCPzH8t/jiMOWGcCgYEA4JfN -66Kq/oDookqenM9Ij5l6zeeNwzMjIlkU2eG0DAH0KdsBN/hTGGGRQVBk03YREQmK -crEhGAZxzfrX5fK11UVG3C2pqAtrVe6FuD32vFUpP1MO0ftSA889NoEwGdNZV4pV -Mk0+6xVCNOatj2inMXlQq5s68WfCzkiWD7uLCv8CgYBcwuYsF4tuYBGpMzNzAAS2 -1OPLu+T6cPiZdFHm+xOVAGiITPkO9LXiCGabsydvb+UhvkrdzCP0IQQt6RsplvkK -y3H9RfnHxprHC3NuI0SaN1Mf/j4pvOoEfTQm0pi/hcAp6zzQ9ptpBg8t/W98LPm9 -NbCPHamrD5UMqFajcOrXrwKBgD8D2M8IcRm/aYY/kYlFz4Ia+g3Trj7alj0I6YTI -gw/rbGph/FGL5ySsG2lL+T4rnlY9aw8LC9IF3OCCRRlLpCEWsu8MENIJgjA2IGa1 -XAkzi8MstrfL4BMZjn9AeBKG7kZVldnrOoATEuRs5L2cC20iMLQ1dbBOAKaITzJS -2IxZAoGBAKqwr/uennxJrnMtpjLBgcphoU3aXJZvzzDqlOaqzJp6Xmbese4sDEe0 -hvVHreigDzOnGnqL/vSjTDWaLqS/O1iE7p+UrGIkZj/Zl6Jk54OX6AHmWE2LhdlU -FYgIQKX7fuocpF1Dpe7xEeVwvdp+UqbDzHQg1CWGe1cBPYDYIkSH ------END RSA PRIVATE KEY----- diff --git a/examples/etc/turn_client_pkey.pem b/examples/etc/turn_client_pkey.pem new file mode 120000 index 0000000..f89f87b --- /dev/null +++ b/examples/etc/turn_client_pkey.pem @@ -0,0 +1 @@ +../ca/turn_client_pkey.pem \ No newline at end of file diff --git a/examples/etc/turn_server_cert.pem b/examples/etc/turn_server_cert.pem deleted file mode 100644 index 99b3f01..0000000 --- a/examples/etc/turn_server_cert.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDsDCCApgCCQCmgrJCiQlGOTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoT -E1RVUk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYD -VQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMCAX -DTEyMTEyNTA4MjAxNloYDzIxMTIxMTAxMDgyMDE2WjCBmDELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoTE1RV -Uk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYDVQQD -EwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+l -JI/GwlVzdzQ3+F4clMQDR1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJ -d2DUFADkF+7I674XwX8U2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj -9yPkqnO0c3ko1/OzIQCcs09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZE -psCztA+KCCoiJf7NenOvVhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLe -IcopqSbg9CRIKe1HOL8YTvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQAB -MA0GCSqGSIb3DQEBBQUAA4IBAQATbrBOLV4e8Qmsby9+srxXsdbNc60PmDZ4WiZ1 -IElfWmzM7wGXm9sJg1PX/7T24R1tbwZGLIhZnkhecG372GChULZJ9Pdjh0Ab2nK5 -LRKHXTpjp/xOJvx0JMCIIyRnGZT1nABPOk8uEjNW8PaU6yhQ4f5nKaSOgYGRCln6 -dcy5vylCsyD9Q7GXs0KOC38XD+Ycv6VLX4zKJ2Yum50Wt643nLjG9RlGT3FXWJ1K -HUbPC5TO6bcYLdiTjaYr+X8xC/x6h/Ngdo/16w7fRmQQ4uS+TVXrg8ITmI71KX/I -m7C9jbsubwzrhW84oZXYf+o/0ATtEAhiVLnHifKCCYikqfVj ------END CERTIFICATE----- diff --git a/examples/etc/turn_server_cert.pem b/examples/etc/turn_server_cert.pem new file mode 120000 index 0000000..bb93b79 --- /dev/null +++ b/examples/etc/turn_server_cert.pem @@ -0,0 +1 @@ +../ca/turn_server_cert.pem \ No newline at end of file diff --git a/examples/etc/turn_server_pkey.pem b/examples/etc/turn_server_pkey.pem deleted file mode 100644 index ada07d6..0000000 --- a/examples/etc/turn_server_pkey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+lJI/GwlVzdzQ3+F4clMQD -R1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJd2DUFADkF+7I674XwX8U -2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj9yPkqnO0c3ko1/OzIQCc -s09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZEpsCztA+KCCoiJf7NenOv -VhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLeIcopqSbg9CRIKe1HOL8Y -TvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQABAoIBADUPHCXUyKLCwKFH -NEf27sGZxX71H+NfaseioLT/3/8DDyagncfDB7I4OL2YEKC8YScpD3xv1n59BFcZ -oRtDzW+1AkVpm+VRCWYAWSXHFhkuJ6WKaVr9UOeMHStqQCcktP/kLKqU6s9UJDnM -pOHNPVzBjl+jHxHs/gGyxuKxSH2Anwkrzpiv5j0obKFnw3QtAqeZRs1NlvPtYt2S -eihZWr8r8LqylPk9ga9MYmO79Yr+EPVaqd6bmz4MpZJ4/7LEjx03Q6azdMCPhFNY -cYzPIDZFEj81Zj/tqA2MU/uTTUUrcXint4dHRJs34m5N68PV1Y1XhhH6FG0+X711 -ZymudoECgYEA/ChS5zmmOoLoaq2441+PzQbDP45qR6+G4slHwC8RDZhsYw0hQnp9 -n44Qagpt74J4FjxT20BdE714DZP32IqagUwatWRQ+z3UoGafkJSNc5JSEogwZ65C -nC8RI1pPHLEvE8IzBJiqUA1kbMOMfTYW694wdN9JVZang05/AXaJzm8CgYEAwpJ8 -nJRR9JFweHRrRgnrVk0Qi+ABbN9T/nhPXYab2vjBfeBOTA1Mob0M3zMJDCnL2i+D -K1GzE6WaYHElr45j2Wfphd/rRTk74WR4BaPpTCGaAhBQNn0ufqUkKsCPEAlTU+nG -iyXP4OvdMPjEBckjbKm/mlX7m0njSHAY6SWNorsCgYEAi8Yubk3efwChpMC3hBIs -vBHLmSdwclwyAPRh+X4djdO4AQ/+J8OObytond86IVHJD0pRkW+UKKUWLzCeakIq -cxGknHgHC72yZ1d7i8FMx4uMQwmLC23lLn5ImbgtslHlLqavcRTPE6DY0hFzhtS8 -z/JSGfbLx83C/V49uKnkqbECgYA6h1oYt70XdpCAi3ShcuZp5XCuwslq+JsJlyM4 -nP9RFTcPKGQlGHMOzBGNKor0L7Z0gYpRg5f8tvoDPMX7UzfR9CIY9UyOXDMZD+HS -wIWzMwBi0olueqV7zy1b9uSSDFwWh+IDhXJM1GaLDqnYm7KeQ0mxoV+4TLej2KSF -rZg3dQKBgQCVrVxFV8jHBsRsH5PzMx6pUSAollmuyte9mGU1MIE7EZf+LEQIAjGZ -9jvtAILYVJXwVZv1/zNxldUfBNuWc95ft+Gg7FEN0p0uLpdYNXQUcXuJaJ9tJ1td -ZfvRcrUXdFNKYt9/yaGeHVaIQfp4W1faZD7OnII7EOVkUKyv/qNGAA== ------END RSA PRIVATE KEY----- diff --git a/examples/etc/turn_server_pkey.pem b/examples/etc/turn_server_pkey.pem new file mode 120000 index 0000000..e84cd67 --- /dev/null +++ b/examples/etc/turn_server_pkey.pem @@ -0,0 +1 @@ +../ca/turn_server_pkey.pem \ No newline at end of file diff --git a/examples/scripts/longtermsecure/secure_dtls_client_cert.sh b/examples/scripts/longtermsecure/secure_dtls_client_cert.sh index a779ac6..49ea96d 100755 --- a/examples/scripts/longtermsecure/secure_dtls_client_cert.sh +++ b/examples/scripts/longtermsecure/secure_dtls_client_cert.sh @@ -32,5 +32,5 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/ -PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1 +PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1 diff --git a/examples/scripts/longtermsecure/secure_relay_cert.sh b/examples/scripts/longtermsecure/secure_relay_cert.sh index aa6a90b..cf10eec 100755 --- a/examples/scripts/longtermsecure/secure_relay_cert.sh +++ b/examples/scripts/longtermsecure/secure_relay_cert.sh @@ -36,4 +36,4 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=cacert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@ diff --git a/examples/scripts/longtermsecure/secure_tls_client_cert.sh b/examples/scripts/longtermsecure/secure_tls_client_cert.sh index 80d7db5..da8926e 100755 --- a/examples/scripts/longtermsecure/secure_tls_client_cert.sh +++ b/examples/scripts/longtermsecure/secure_tls_client_cert.sh @@ -32,5 +32,5 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/ -PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1 +PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1