From b96236d467585e6247818ce1e83588478b9276bd Mon Sep 17 00:00:00 2001 From: Salvatore Mesoraca Date: Wed, 30 Oct 2024 10:40:13 +0100 Subject: [PATCH 1/4] Bump minimum libvalkey version to 4.0.1 Signed-off-by: Salvatore Mesoraca Signed-off-by: Mikhail Koviazin --- .github/workflows/integration.yaml | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index ffc80a4f..bcb88d7f 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -108,7 +108,7 @@ jobs: pip install -r requirements.txt pip install -r dev_requirements.txt if [ "${{matrix.connection-type}}" == "libvalkey" ]; then - pip install "libvalkey>=4.0.0" + pip install "libvalkey>=4.0.1" fi invoke devenv if [[ "${{matrix.test-type}}" == "standalone" ]]; then diff --git a/setup.py b/setup.py index 500272c3..aff5f60f 100644 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ "Programming Language :: Python :: Implementation :: PyPy", ], extras_require={ - "libvalkey": ["libvalkey>=4.0.0"], + "libvalkey": ["libvalkey>=4.0.1"], "ocsp": ["cryptography>=36.0.1", "pyopenssl==23.2.1", "requests>=2.31.0"], }, ) From f783a648a1b43c4a7eb2c624abfa6cb2da210c68 Mon Sep 17 00:00:00 2001 From: Mikhail Koviazin Date: Wed, 6 Nov 2024 11:00:28 +0100 Subject: [PATCH 2/4] Update SSL certificates to include key usage In Python 3.13, `ssl.create_default_context()` added `VERIFY_X509_STRICT` to the flags by default which caused the tests to fail due to missing key usage. This commit adds it to the certificate configuration and replaces the certificates with reconfigured ones. Signed-off-by: Mikhail Koviazin --- dockers/stunnel/create_certs.sh | 32 +++++++++++------ dockers/stunnel/keys/ca-cert.pem | 34 +++++++++--------- dockers/stunnel/keys/ca-key.pem | 52 ++++++++++++++-------------- dockers/stunnel/keys/client-cert.pem | 32 +++++++++-------- dockers/stunnel/keys/client-key.pem | 52 ++++++++++++++-------------- dockers/stunnel/keys/client-req.pem | 27 ++++++++------- dockers/stunnel/keys/server-cert.pem | 32 +++++++++-------- dockers/stunnel/keys/server-key.pem | 52 ++++++++++++++-------------- dockers/stunnel/keys/server-req.pem | 27 ++++++++------- dockers/stunnel/openssl.cnf | 15 ++++++++ 10 files changed, 194 insertions(+), 161 deletions(-) create mode 100644 dockers/stunnel/openssl.cnf diff --git a/dockers/stunnel/create_certs.sh b/dockers/stunnel/create_certs.sh index fa3e22d1..e64bab74 100755 --- a/dockers/stunnel/create_certs.sh +++ b/dockers/stunnel/create_certs.sh @@ -2,14 +2,16 @@ set -e -DESTDIR=`dirname "$0"`/keys +CONFIG_FILE=$(realpath "$(dirname "$0")")/openssl.cnf + +DESTDIR=$(dirname "$0")/keys test -d ${DESTDIR} || mkdir ${DESTDIR} cd ${DESTDIR} which openssl &>/dev/null if [ $? -ne 0 ]; then - echo "No openssl binary present, exiting." - exit 1 + echo "No openssl binary present, exiting." + exit 1 fi openssl genrsa -out ca-key.pem 2048 &>/dev/null @@ -17,29 +19,39 @@ openssl genrsa -out ca-key.pem 2048 &>/dev/null openssl req -new -x509 -nodes -days 365000 \ -key ca-key.pem \ -out ca-cert.pem \ - -subj "/CN=valkey-py-ca" &>/dev/null + -config "$CONFIG_FILE" \ + -extensions v3_ca \ + -subj "/CN=valkey-py-ca" -openssl req -newkey rsa:2048 -nodes -days 365000 \ +openssl req -newkey rsa:2048 -nodes \ -keyout server-key.pem \ -out server-req.pem \ - -subj "/CN=valkey-py-server" &>/dev/null + -config "$CONFIG_FILE" \ + -extensions v3_req \ + -subj "/CN=valkey-py-server" openssl x509 -req -days 365000 -set_serial 01 \ -in server-req.pem \ -out server-cert.pem \ -CA ca-cert.pem \ - -CAkey ca-key.pem &>/dev/null + -CAkey ca-key.pem \ + -extfile "$CONFIG_FILE" \ + -extensions v3_req -openssl req -newkey rsa:2048 -nodes -days 365000 \ +openssl req -newkey rsa:2048 -nodes \ -keyout client-key.pem \ -out client-req.pem \ - -subj "/CN=valkey-py-client" &>/dev/null + -config "$CONFIG_FILE" \ + -extensions v3_req \ + -subj "/CN=valkey-py-client" openssl x509 -req -days 365000 -set_serial 01 \ -in client-req.pem \ -out client-cert.pem \ -CA ca-cert.pem \ - -CAkey ca-key.pem &>/dev/null + -CAkey ca-key.pem \ + -extfile "$CONFIG_FILE" \ + -extensions v3_req echo "Keys generated in ${DESTDIR}:" ls diff --git a/dockers/stunnel/keys/ca-cert.pem b/dockers/stunnel/keys/ca-cert.pem index 291cf8e2..a0371e07 100644 --- a/dockers/stunnel/keys/ca-cert.pem +++ b/dockers/stunnel/keys/ca-cert.pem @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDDzCCAfegAwIBAgIUZWdrJiIH/w7FJkNbLTYldxOFEpswDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAwwLcmVkaXMtcHktY2EwIBcNMjQwNTA5MDcyMDE4WhgPMzAy -MzA5MTAwNzIwMThaMBYxFDASBgNVBAMMC3JlZGlzLXB5LWNhMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0N9BXLRx3Hxb+ZGuKi5hZabcDWDMEeUGunJG -F1ijxO9XbNWXxYiR127Le2dMkS3TefU3CNiiYJa7eRxMPAS/wGUp6Bb7LrCoeC3F -1bfJSYnzC6SwhMq66m51VhqctjAbJxBBAPYqyNBFB2w2BQZOIkKDNPgPJTDNmF/7 -G/5jmAaOPlhm1GITnT+sSTyfr/JcoRRbV9VTVc9VUaTjk6ytHsW+K2sK+uWrjdig -qdzZDng0gtasTn907QkTDDyR4E/UY9N47aD2Jy5F3XHesy9kEfuppq+A1WYOs8/H -bXgEL53ncayqDNAgjnid5kHvKJ9wTAPSMDqmupHG0l5ADisahwIDAQABo1MwUTAd -BgNVHQ4EFgQUWg70hcbq4zibHXAFlZd8mHVEWzowHwYDVR0jBBgwFoAUWg70hcbq -4zibHXAFlZd8mHVEWzowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AQEAe1qupf8GoqCgtzTwFCwmcDygLibX4vI/EfCMOLVZHMgDacDwQbmYPlM+goJT -Pz8WCklopFcMJ6MSdUGy3g4hjKmJpKttTSuhEd3uZWPZYjhRj2SY8531/aAajg9/ -oezyvlgN/DWXAREG31XWyXLzPU7VLbg99mYB+2+lo2cAciAOCBdIOu6WzqnQax82 -aDSqXIHiTGc/5QYZ6ZIzdVRYiVdddKSxTNKZn9x0hu3L8r2e9ryGLLVKJmZfNZDS -tXYwiY3fE0EwYViIPiPlmBEXiBhHlC2kAQMFK8Qd4LgX6rGki4luL15GYxxKPQbF -EtDS9EqM4EdRWZq3SDjOA1zODA== +MIIC/TCCAeWgAwIBAgIUL0/OSD+P0ZISmuNtnbVNjymQn3wwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMdmFsa2V5LXB5LWNhMCAXDTI0MTEwMTExNTEwMFoYDzMw +MjQwMzA0MTE1MTAwWjAXMRUwEwYDVQQDDAx2YWxrZXktcHktY2EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaENi99I937j1QW4QOM7YSPHzymMHJpnRO +ZP9JYDxOO7XjKpRwhyU4hM3QfxeNJi04VKv+FZe8QswCSqyp6OeNFPAuQ2M3Shcl +neUymoSVsQqyqzrJ8G4qW3sAMdvG32rA8sRsOewSVABnsi0wUZS+0+4EMR+L372O +WDd9ZV88uePwsY6MTfqvxoyh0S+5E3xdyep956+LGotr+maDZ/MrEP2Kl1StWv4W +mS0Gd7bzJaGsCazGXfc22JLwztBG/JgZdjI6T3e1ION0VpaQ82uMqvFmajmPxWUU +8lbjAzeHSGOJq+BZmPVh6NFp6Pn1xdH8OOHW1CW8UMaAjQre37bHAgMBAAGjPzA9 +MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQCiVq1mATQ +GX/9xPxG9l0soukgFzANBgkqhkiG9w0BAQsFAAOCAQEALUxF0RNlfpj55H2ku7r6 +aYcKsElzmCdgICxc0jrhvlMT7yv03nt0EOxgx4yWeoCNNKcAhAy9rHh+3pfyXwS7 +RAkwvwTxbqfdXB/mviolrPus0fn8dfC0ZpVSS8DYxS54ziFU0BkZi+odlkBA5PBE +p6p7kWwx6hc1h+F6abrNEivLe7G5V1Z8sIBNkj9Xj36muDXwNJjCOTq2FyeRRV4H +C9ztHK4iVhlw2UYHZ8dQjyI/MSPrAyMVbmbglhIdGGoE+JGAixWkB02kjySQ6lxh +Yt7b7icD4hmHxnXoxoN31wNF4YMePMZmQsuQEjjndSg5Nt+Vbk1Bk/jK88p297vi +gQ== -----END CERTIFICATE----- diff --git a/dockers/stunnel/keys/ca-key.pem b/dockers/stunnel/keys/ca-key.pem index 25989d08..715b86c9 100644 --- a/dockers/stunnel/keys/ca-key.pem +++ b/dockers/stunnel/keys/ca-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQ30FctHHcfFv5 -ka4qLmFlptwNYMwR5Qa6ckYXWKPE71ds1ZfFiJHXbst7Z0yRLdN59TcI2KJglrt5 -HEw8BL/AZSnoFvsusKh4LcXVt8lJifMLpLCEyrrqbnVWGpy2MBsnEEEA9irI0EUH -bDYFBk4iQoM0+A8lMM2YX/sb/mOYBo4+WGbUYhOdP6xJPJ+v8lyhFFtX1VNVz1VR -pOOTrK0exb4rawr65auN2KCp3NkOeDSC1qxOf3TtCRMMPJHgT9Rj03jtoPYnLkXd -cd6zL2QR+6mmr4DVZg6zz8dteAQvnedxrKoM0CCOeJ3mQe8on3BMA9IwOqa6kcbS -XkAOKxqHAgMBAAECggEAB16eh28qcUrF/VPsNDrMtEcjOSmdfv14s6K34bepQkKQ -8BsdLsVhzUXF0jB+iBojfbMZjQCvwf6vgKzEl9LcZ8+/Sca9zWjtmMfsqgdrsmI2 -psYvIDr9m1XoYpsFGnyEs2fPE1dG19eusn4D7et0svVr0bZK5SyypFoGmcyWUP/M -kA990HAP7enGzPfpvcpr++Iu3EwWlTY3rjYgh9a7AiFhtj9zDzb9Sg0+4Xl9+8TZ -dsOvyVsiLu09MZ3vScGg5l+46w+rai+R0IxpgI9QM0sMxAS3AYFY666akrJqn6NU -S0Q5Q9gZ5V9hHxU7IHfo3weygPQuBW07nbwtX6+JCQKBgQDp7+smBlstRD+1/ZHJ -KO4Xhi+yrhtkKzViC+gF2vXpZ1GQ+3plRJFzRMFu+LkBgn1jPfg479Tm7CM4W4vM -cTZo45+hhnpwmLGnltTf3Vw23yXzLdUMenaE2u66PWh3DFPkPHwNqb30QGnx131Q -Mjnp+2EsBdiZ1d8TFF815ucG7QKBgQDkkiz7I4JgGGCbd51AseFryHgUepsrgeaA -DIWKEKBOoxOnfWH7JOxtm0oXcpWHLciQ4M6FaTFNv2vNA9Hrz5yApXFwIkKgXVU9 -+zsok4eWdEYmwxZFwjCNYvzsIDGBBwa1PQeps6C5L+nciOE8IZHYW7egAR96prV3 -E4ZQ6aWkwwKBgQCL/nJXIAiiLyx9SVBb9C1/UGLs57ommKDqmrtv/ZeZ5KVwQL3/ -KihstaGYOinkmGVW5XfNAuECjB+Lk2U2pC1uWYFm1SYiiY4O/3lGup57i9CXFT9g -p0yTtryUITmJvIvbksKeHo05RO7hthYczuHPfwqooJr9fHpxXYiYpiRtBQKBgCp0 -kFBRhyzsOj2GWTokEDfh85PyNhI9vZ+5M7CyZ+RTXBo3KtToRdYSCxAR435JXcCz -UQjswhCr5o0dEYfYdzxZ/pkSdAevbl7l5FYkGQI0NLeMcv2gFT6dzVban/dUY8WU -QXEfAVKEeM7SyetOXPWwC4p3yu4QOxKUGNW8oFzbAoGBAK3WKV51jhmMz3dtCkGW -UZxcDp5q/3uV29/UUF3/CNEhLcVuQLtNOPYRG+S9zMvwo0SNsz4mZJH1nFDSWSNL -xGXg/Ret9Li4JQTWD47kcheBCVLoTtX1bc66D2LlXDKzN5DRBACxKkAJPUjouhMB -mPDd05msnfgzPBMHMwsNjg5W +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDaENi99I937j1Q +W4QOM7YSPHzymMHJpnROZP9JYDxOO7XjKpRwhyU4hM3QfxeNJi04VKv+FZe8QswC +Sqyp6OeNFPAuQ2M3ShclneUymoSVsQqyqzrJ8G4qW3sAMdvG32rA8sRsOewSVABn +si0wUZS+0+4EMR+L372OWDd9ZV88uePwsY6MTfqvxoyh0S+5E3xdyep956+LGotr ++maDZ/MrEP2Kl1StWv4WmS0Gd7bzJaGsCazGXfc22JLwztBG/JgZdjI6T3e1ION0 +VpaQ82uMqvFmajmPxWUU8lbjAzeHSGOJq+BZmPVh6NFp6Pn1xdH8OOHW1CW8UMaA +jQre37bHAgMBAAECggEAUbk4kVADKI4nemMhxXTJymHS7dQj5B+2vN6K8gPX9fXY +v67ofJeZcmoK/BV1TRe+oLrSzmFnQU3DSSSVOwQnKy9qp9vnZgQlUpqvF9zizXrR +KI6VdLLfho5MNZF57Tkzt+YDiQ/YEjJbCIG0/8PDPBUOwZFrYi9SyfLzsNH59DaB +Nf64J6KpMLMEP8BzDf9MkDWjg/uZZ5rJ2VDkl11QZCmyAAPMXps1nH4WJojVEwB7 +ul/VK8wrqiiyZqzDesw/jcET7DrCHtix35An8NJZAtWPILgHHnAlLPmG7a0uyy3Y +XaeqZRppUkuSv/OKf3Q0l/2IzjcNb3tjbktVSCXgGQKBgQDyxozi0V09Bc9w7yI3 +DaREFSs0h134ByzvsoObJMZTc9Qkis8VZB+IhMO4RaP2DNstJVqkl0pQWCr/C5ln +d6tYUtueeQ/9SYusnLIxu+HtsySPzBKthLrWArPQ6U1q70irxNovcSxOWimuSUIA +ftzWV6mCdBUsCImGZaiKl7GqDQKBgQDl8blf5iVRArHA/8vTBwdBNf3tkuctFcE2 +Pqmg5KQmGEvIO0S/DB2zAY+4JF4E4VrdJL47xXTnf+XN2ptQUf5kjwLflEaimupv +knwtNG+fq6hcWMeN+hnf0+A81b03Klo3H2JsuQ3EZ8kXOrpF8t/PanXz9UuV8Bkl +IjDwBLCTIwKBgQC9cIdRGjPaQSVsp30YXnG2mpobJCIEP30mETM2pYyIZBK+7P3I +YFdmzMp4iQb3IXMJmGNRmahoZ1QtrhxnK28tvYIX97mtWG1AJQm7WzNhqu81sfVF +JxQvmO49bz902QDo3/OtH2+GOD7b+9gf0N579u2TmQdIU+UUVVEdzF7bJQKBgFQX +TWKryNPSd20MXt7iwB1yAFYEljRfs1QCIIitdPZVhklIm4B+jtHq7UM7UYLZYyBi +kotLT9BlboYUvx3ljnH59uQK1rYaj0eUO4NQnM24ug5jjT73ysSXOHcm91aYT3u/ +J4B5QHamOd0b5gk0o/K3jUFVYHoJ3zg8Q8dS/7wfAoGBAMTue1Uq2GZOklxHWGUf +AedLR0aeNrV01hvl/R+sVb0h/lPqSeg5jQeLUHvkgG4SIq93dNhCnzMI6Dhch+Yc +o337l8S4ZcmJblp0uDz2gg2BLpt3PUPDWYQy8oFAjGK4JVwNgxPzDchMXGPDHuhQ +8r+9yBZlU1k64S3EIYuK4m7a -----END PRIVATE KEY----- diff --git a/dockers/stunnel/keys/client-cert.pem b/dockers/stunnel/keys/client-cert.pem index 4db466a4..b761d806 100644 --- a/dockers/stunnel/keys/client-cert.pem +++ b/dockers/stunnel/keys/client-cert.pem @@ -1,17 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAY4CAQEwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLcmVkaXMtcHkt -Y2EwIBcNMjQwNTA5MDcyMDE5WhgPMzAyMzA5MTAwNzIwMTlaMBoxGDAWBgNVBAMM -D3JlZGlzLXB5LWNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALOL3znn2vpX8+VHOlETymeFpw8wsCeOfr9fNhK2o5APIG1NhrGjlu+T7ri/DfrM -ZmjF+uDSuuUs044o5SFOECNi7yOwpdC9YVWSPQQ5VrsMENqyjIYyq2BC7fLHztAt -VF1jg0D0zijfFg/4meG2tAOnXLa0O9WUcmwsNlxEgyFzcLvCoTaXpUJbLYJZ2IxW -BoKgJ85acLlIFQIex053CqmgG/odM8Ib8s1YO+IXI4JsJlJFd9we+zYgZ2TRSZ8L -v8A8gXM+WTBZpZXNXYv020dW22X7gu+VH4LHcg/6eF0GtkdrFdlQjCEjwGIoVFTu -fNSp3NvSSYrK/qeJtSNaSw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdA1QqJn/ -d4rcSO8z2L64d3SdO4wLf78Qznh3vTrIlQ/i0sESRQppw1U57PHSyYtAJzc1MV39 -zgn8KvuQToPQl9UoRWD6mVK8L//xplTPxWJB4BqD/kUc+lA9akBNU8Yhx7KbI5zX -z4OgTIeWAtY9R5CH1xbQlVCqAAk+SdDk2raOebNQMpzJrMUdeDTrgoDaBFnHgDbb -XHQCOF9/LrbBlrTlNJh6PHY8YztrJKdDDhSxJ9Tudz7ynUA+NcZ8dF5o/Co+QD5b -gkVdz/nV8LoDeO8QjJXsgsHFD/B+ljWYeEGc5flFe6jWLGOCtgQB5JhImg9lsWFh -X9i921F9Cqox3Q== +MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAx2YWxr +ZXktcHktY2EwIBcNMjQxMTAxMTE1MTAwWhgPMzAyNDAzMDQxMTUxMDBaMBsxGTAX +BgNVBAMMEHZhbGtleS1weS1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCywTxWqxdElzelLCtjgek1JX5H3D2FwtnlNzqHJ8Ork4zjiBkouPoC +PAHWRV2VH6Y9vUkFzoJYCtjNBs7dawXDyl4Jj2PsbMIFpD5gRjztqX0yFVupWrVz +dovQheEzDC5pOie8vhgD3s5ej0pus1C1dQJ3KhAa49Ci88+cAO8kO7/MnjoY97SJ +vsk0Ui2zcBPGzXHZnHcDkyjegDBztuNKuhnrP90zLMWylwVH+h6QpAi7JnnPfpUr +bDgraBets8tco//Lr745M1vcV7jCxFk+9eyBhkAlbq/Z+FsA/i47vLqqwy93yt9S +61XkElyFUbcYbRS2xF58WS//18Dv2js5AgMBAAGjXTBbMAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRKmRR43Y3FSUupi7emhzJIqyn2ZzAfBgNV +HSMEGDAWgBQCiVq1mATQGX/9xPxG9l0soukgFzANBgkqhkiG9w0BAQsFAAOCAQEA +PhwfN23MKSKIOgg+heNiz9HWuNxacjlHp4sbgM/vHvah1x7nctdEsXPm1NO6J3uu +iTGIEV8u4I3Pry2TRsP5UZKX5VMTfB9TeonxYbu51P+lAIu+fB5fwQ3qHaycq6su +yKHIzDHP7+oOSd3lHTUiyIa04h1EevMjoWmihsFOgHQCNRaU3ifdyzcPa4Exd4dL +MyuXq9ccbuqHe+UZyj8ftt8zYtIILcAnLJlhosIl+VsSWyD1e0WRfR36/tLR8ACf ++nz6aEXaCk07BgryllC0+YvoIVzfXddfD/p6e8/CO2Vxw+df6OT3Z6sZrRnFVK+m +6PAcuS8VDO7k2y457d8w0A== -----END CERTIFICATE----- diff --git a/dockers/stunnel/keys/client-key.pem b/dockers/stunnel/keys/client-key.pem index a53cbce0..89a1c670 100644 --- a/dockers/stunnel/keys/client-key.pem +++ b/dockers/stunnel/keys/client-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzi98559r6V/Pl -RzpRE8pnhacPMLAnjn6/XzYStqOQDyBtTYaxo5bvk+64vw36zGZoxfrg0rrlLNOO -KOUhThAjYu8jsKXQvWFVkj0EOVa7DBDasoyGMqtgQu3yx87QLVRdY4NA9M4o3xYP -+JnhtrQDp1y2tDvVlHJsLDZcRIMhc3C7wqE2l6VCWy2CWdiMVgaCoCfOWnC5SBUC -HsdOdwqpoBv6HTPCG/LNWDviFyOCbCZSRXfcHvs2IGdk0UmfC7/APIFzPlkwWaWV -zV2L9NtHVttl+4LvlR+Cx3IP+nhdBrZHaxXZUIwhI8BiKFRU7nzUqdzb0kmKyv6n -ibUjWksNAgMBAAECggEAEelgSZyRwevITxU+AhyhUpaIxgErcabLijfrYw6JXrPD -nmPfjhUt15TAefnFYUHG7ajikE81ietg54u44AuznHQgO0VCJYLfFPRT1foKZvqb -K9YoIrMnWaETr+azAR2kjvSAgZhqgLVQtCMu5s+dQcgOfcOZPINkrtnySl4jXtDE -SOTaj65VjSIkura17rj7nJNUPmDGFwsxwKpeEcXZTfa//ypT/hHVREkRmbSFk5Kw -rf3T3O1pMVF8+SeacK/oyDUf3ISc8wn9Xmwgpv8I74xWtDy3kAs315tfWPMOHe4b -CYk7GD1fu2rVRhtDCvkljiw2NejfeMzKt5+2wLXRmQKBgQD0KeCv8vdw6JBLH6PI -72yE/GRkjAn4KfhmHK+1GZN6m49DV4XAYaA7T6u2Q3gn9gNsVsHC2FCsCHy63BpA -I6ZJfdm2rcJkqgeKKRQpLBRedDMpQLY1WyXjugpV46KmA0ThtgtZeVKilJWvamHs -t/TwSbf/humg0cIcamEnkKVawwKBgQC8QBS1pfMqlSodylbPG0VaJqgdF/yAthp6 -gunVqpgbTMqGLTCpKUfSgPMpzu8znaCNeZN0EK1p7qZ7VE1VHpVoyQHC9Eu8d6PF -HAENaOUcUoCQNtXLoaN4waSjt7i6vYRldT/qrYB1YdpkkVKdj39w2N+uaxtZzDXu -hHu0eixF7wKBgCR3TLN6mjImycYuh4uvFooWF/hcYfDKc+rsReHKXBhnu1HXdIZz -DjdNgtvJ39w4BfLcUjwDiqjm65oM3W7O5Dr9rNJ3yRy3uECOOhCcIL6qpCl5HL2D -S3ljg7+oK9aXjmYXhkJquEjH4EM+pDlykAaDPBPR1nrKWS9dQ/1gwRF5AoGAd+Uo -S3jiIqDWLhsMpuNrjDtKnx0DyMYynwx5+YepUNnbsxFdCKAuCjfupxYQ6wLdmr1v -2GA20l0Y0zuh9TCBYDeFU7Fb+zEHsSZg1TWVljBFiZQjHopYHzTVsx/0G5tQk33V -s5XFVv13ps2XnJokRK8b5254AP067Cqczxlw0SkCgYEA0ito+l4TOa1/DnsbP1Q0 -kgeTb/9wPHpHVJ0Hz6vIXabaDlvvYwgRh151+9xzMmrs/0QCbI2+SHucAzu4RTjM -MAiytSBQtXA+L9deNNU9QqPKsy6/Xq6SsKLRkL9kiUasiUE0v7c/T7L9D81nTFuS -8htCfXw1/Tf8tLb+Rtvvwtw= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCywTxWqxdElzel +LCtjgek1JX5H3D2FwtnlNzqHJ8Ork4zjiBkouPoCPAHWRV2VH6Y9vUkFzoJYCtjN +Bs7dawXDyl4Jj2PsbMIFpD5gRjztqX0yFVupWrVzdovQheEzDC5pOie8vhgD3s5e +j0pus1C1dQJ3KhAa49Ci88+cAO8kO7/MnjoY97SJvsk0Ui2zcBPGzXHZnHcDkyje +gDBztuNKuhnrP90zLMWylwVH+h6QpAi7JnnPfpUrbDgraBets8tco//Lr745M1vc +V7jCxFk+9eyBhkAlbq/Z+FsA/i47vLqqwy93yt9S61XkElyFUbcYbRS2xF58WS// +18Dv2js5AgMBAAECggEAIajCSF2SFY/V4gvFpcieFaxYMYbWrNvKdN9n7XA+541y +n5uOhT0Dkq0i+Wp5Wy2o+4IrgGTo5VQxi7XG+SmAXeQ6vdkayzeVd0N8nVtMeMIL ++YTNDEAw36uIWz0CcT7PdHAHcIJo+j2XpXWc4ehw/6InUzH/81hHfo+jXbBNV4h6 +B9+lx2SjO985i9ubBsHrvf4CbjIElnOD0fHgdTstvDi03U3U2J75ASiYri6ei5Ob +jOUMqhGVAPHlonCk23uWqOvqgG0Y/XqnzCWfoJxRI4IU689/jGNsYOw8ZYhG4A/u +nlbsQ4NTnJ3jCimtdWAsApYoNvXJ82cwKJcyB2LPaQKBgQDgPekDTt1UXEUDTjoW +UGBIhXfFkliV4Bxfj5TKvTfX5xP3dlU+IogaqVL7wIfdlEkLtNB8tnBxIas/8XpH +bF+/w3TqBRfC7NW6qOs0mO7rgiWWDJX5nYW3dgViMOVCZiRTijiOcXVrhHFfXoLT +7F7xMZQYEFdMxXaP9QsRIMEXnQKBgQDMEicpWJb54qPYUYHMYyf4z/hSyrcMVGNl +EhozCqzpZrB0C59ohzadZ3nKQyitlIkPSlhneWjF20mnovF4AS0qsckbDv2Z7nOS +ZKxnfUfJ/i0BenVVv96U/tD5oHFzf2ezbk1bfWVpry7dKQjoh7zmxDCrJEi58Igq +pwqTevtVTQKBgQDIpJyp6RcBNM5LduNis+hy+3l/vsKk2DKLDt4Dyer9tDWZZrg/ +MIa31Gn7+PmYueXiI5eo/1T85TNls5vF7KJ/41PpUUVBlMhojFxoY67j6z/WUsye +3OOYlHGcukNodhxq43JXgg2edpM60kYdeZI6HjJ0laqHdufvR0LvwG8FwQKBgAyn +k4Yc2D/mrgJcC5CBFZl4TA3WREOfeApsdPN1VgOjOo33qorw15IrOIIyZ/NboqQw +GAtSnAyo7IhYsmCesg5TuATViSRihQgu9gH04t7DxEazMVN/8m2K36qbKG3hGK0n +yeRCgmdrVZyhTswcnrowsFPsjBX7tHXwpdc/aRaBAoGAKeYeOxGwx3L25g6/VzqU +8d/Uu2t39crLz/8cElqnjoN2Lis0m6FezUiIYCKHgfQtFtypdrFI6UjWk+G4mS5M +zS2j3B+66bfbBLgZrbav30lLz8YoKAuX1OIPsq19e2YIqb2sA3J4DqjaX73fFndW +ekKsHsxJCHDmI2QXsu5B9ZM= -----END PRIVATE KEY----- diff --git a/dockers/stunnel/keys/client-req.pem b/dockers/stunnel/keys/client-req.pem index 62828e19..85cedd4e 100644 --- a/dockers/stunnel/keys/client-req.pem +++ b/dockers/stunnel/keys/client-req.pem @@ -1,15 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcmVkaXMtcHktY2xpZW50MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4vfOefa+lfz5Uc6URPKZ4WnDzCwJ45+ -v182ErajkA8gbU2GsaOW75PuuL8N+sxmaMX64NK65SzTjijlIU4QI2LvI7Cl0L1h -VZI9BDlWuwwQ2rKMhjKrYELt8sfO0C1UXWODQPTOKN8WD/iZ4ba0A6dctrQ71ZRy -bCw2XESDIXNwu8KhNpelQlstglnYjFYGgqAnzlpwuUgVAh7HTncKqaAb+h0zwhvy -zVg74hcjgmwmUkV33B77NiBnZNFJnwu/wDyBcz5ZMFmllc1di/TbR1bbZfuC75Uf -gsdyD/p4XQa2R2sV2VCMISPAYihUVO581Knc29JJisr+p4m1I1pLDQIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBAD3H8McA7SmTrswSp0lw1C1UFmtazhKbFYY3/+Ld -ntZimzTy4Y5Ai1UW/blgwVLZxWWzazfkfWPMsRXtWcttuW/pxFGkLlyzFm4OsUQA -hpxtUNlmEwzcYZAin3qNnCA9bQfGL/z+zUcuMuf6HGplAUhtPhTUnvGZ2B7rJ+aC -syyt+/T/JJdnnnY0o4s4OzQa9ow6P7mC6egefHgLrtFbbuB4L/L/NdVj5NBzkXso -kmHLTUwkEtKOiG4gFLRDXsgXCy+sfEEqqWapeFhOQdagENYg+LXSN0jpxGWeR1J/ -vZHMSJT4GK4SgyNpZFu5To2lf7ucw6ywCFfg6jH2EWQeCjk= +MIICjDCCAXQCAQAwGzEZMBcGA1UEAwwQdmFsa2V5LXB5LWNsaWVudDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALLBPFarF0SXN6UsK2OB6TUlfkfcPYXC +2eU3Oocnw6uTjOOIGSi4+gI8AdZFXZUfpj29SQXOglgK2M0Gzt1rBcPKXgmPY+xs +wgWkPmBGPO2pfTIVW6latXN2i9CF4TMMLmk6J7y+GAPezl6PSm6zULV1AncqEBrj +0KLzz5wA7yQ7v8yeOhj3tIm+yTRSLbNwE8bNcdmcdwOTKN6AMHO240q6Ges/3TMs +xbKXBUf6HpCkCLsmec9+lStsOCtoF62zy1yj/8uvvjkzW9xXuMLEWT717IGGQCVu +r9n4WwD+Lju8uqrDL3fK31LrVeQSXIVRtxhtFLbEXnxZL//XwO/aOzkCAwEAAaAs +MCoGCSqGSIb3DQEJDjEdMBswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBaAwDQYJ +KoZIhvcNAQELBQADggEBAHtRC+8mMMebz3cbeZa8ORnk7zqhkKvKjKXND01LVwlj +spDPLYks4ySd5pehpsopxtF0DQw4EDnGq4f7MnwJvArSc1uqoul1seHKffesDKmY +zIbumivBfHUaIrqlxIcyXB75aM0rV7XD+DTTVX+39XCavckXpYHhDLI2slR6P+71 +OLhCV3GEmhJchyNjr/tMidtO/5NkcIFjcanZYf0wYWHo+lVBEmkwQBHL132TJge3 +XCTSfoL5m1smokq+zrJDaJjtsYfR2kUzU6MMY8H2omI7DMwEISJEpYK5FumxTWxx +djEFXUcRybmtRcnwHNJXFpSNANfWaSx0oCxi51BN808= -----END CERTIFICATE REQUEST----- diff --git a/dockers/stunnel/keys/server-cert.pem b/dockers/stunnel/keys/server-cert.pem index c17bf9ca..dc41bb48 100644 --- a/dockers/stunnel/keys/server-cert.pem +++ b/dockers/stunnel/keys/server-cert.pem @@ -1,17 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAY4CAQEwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLcmVkaXMtcHkt -Y2EwIBcNMjQwNTA5MDcyMDE5WhgPMzAyMzA5MTAwNzIwMTlaMBoxGDAWBgNVBAMM -D3JlZGlzLXB5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AOg14yTsgmakeSFuqtvy4fV1rcSgLiGdGKzOBsoytmCZzV++5Jljj7utSpJiYMYk -HOTZtyqAVwmF/0yyZ25lbEHR/N3S3Jj/al4EG9u+K7O3eNZrTQkg4+ifwcT+V1Xo -s6f+L6BRld4y78QVZwdEsTy4SIeSAwGygACymEWYZ6NZBgM2xgp8SInHYxHP3gXh -02wioB79B62DExFVUKwUXjbUhPooyvGf9MMpUrmdFmQFfcosW/urCQF9YI6ZcPnr -ybXJ6kiplmNKeVD4dEyQLYNp09alnT6q+pcJa+NwW6O0eyqEsHQxCJyo9ZA3IW5I -SH+oftVxnZJIIPcsXABuH10CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdWY0UeR4 -/9hpK3Mhl8VVz0zQwwEfnxCmI/TxpqNw+5lvpit/WvriIAEP9MToWHwYvG24zRrp -zv/LDHNh8UtnX3GILGs0CY/oFDevAEU1tixbmFJPceuMwKsrMtkp/6NyWF4p62o2 -fiQK68l1HSGgaH7kJ6BKYgV4JQK3Fgk9J4KrejwmYXzCFKcEvNtKMG7i0WN+AmK2 -vnxxZ3xx4HPH3OJ5ss6T2gGlvjFnOS7Z0kHtbkzPzxaC9ZVqMySwPRggf84tUUdk -vCwDHiJcbk5BMLug3yI9xTfSG3lMnwgZAWXMOqm/w6c1IIM8R/nKwNfwbG+4eUK0 -t2F8EBCShzAJGg== +MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAx2YWxr +ZXktcHktY2EwIBcNMjQxMTAxMTE1MTAwWhgPMzAyNDAzMDQxMTUxMDBaMBsxGTAX +BgNVBAMMEHZhbGtleS1weS1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCzjC1+i1/DoFk1wNOQENIC15+kL/FKk5r1JHCB6h3pOgKre1eAwVIC +OQ2EgD76OarvQNK4ECydOacY09uCjR+BIWn65fDpC8jGlfZmgGr3IiLoIyKkoqXv +8ZUxU/lTcFs4TKjCioXiYXwcCnVW7mG95I37IDtul/bUh+aySE7T2b+6tdwUKsQG +HF1PULH3Tfk/jwOOMpPt4J7CGbNxxKFi+/qiCxLNCSFXF2+UMwJ9UbKZA+vIMEw9 +Ecgkpy53KtZ9Xds0o6IGyJjHR6UQV848c/Miawikz0Cc11b+aq3gvWMhuhGXVnIp +zjyzJxgkk9FYdL8KtTYASIOo7nsieUdPAgMBAAGjXTBbMAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgWgMB0GA1UdDgQWBBQX5KXbc5jNpdtKb/6mGOGVa4L6VTAfBgNV +HSMEGDAWgBQCiVq1mATQGX/9xPxG9l0soukgFzANBgkqhkiG9w0BAQsFAAOCAQEA +q47hqIOjO+005XUBiekSuHi0QA0B79p4tKbCSFtXA0kmmW22Cg4HTZWR9oIzB3my +DukHHcpn/53xeTZXVbDiptorGX3jpaBjDlD/ELl7YFYNNlenwkXa1IRlSlbmYhx9 +O2PsRnz73R6ebybqN4fpNUHy0cHqe8KNkhRI5YPhSWfIo5dbVyiD9jsOy5vhT+am +Bt5Adk+gMFm3hok3aO500exAIscteflwDWyb1w6jShyoRX1YahJI5QU+MICIL+5k +3rKO4FK2Vo6wI6dk8ReMGRrZCBzfUxwCBsS+kQ5jwYym4XOw/62oealELP/Gm/Pp +bWhwbV/AcUIgSZC76ZSoJQ== -----END CERTIFICATE----- diff --git a/dockers/stunnel/keys/server-key.pem b/dockers/stunnel/keys/server-key.pem index 8dd9a1e2..2df2718d 100644 --- a/dockers/stunnel/keys/server-key.pem +++ b/dockers/stunnel/keys/server-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDoNeMk7IJmpHkh -bqrb8uH1da3EoC4hnRiszgbKMrZgmc1fvuSZY4+7rUqSYmDGJBzk2bcqgFcJhf9M -smduZWxB0fzd0tyY/2peBBvbviuzt3jWa00JIOPon8HE/ldV6LOn/i+gUZXeMu/E -FWcHRLE8uEiHkgMBsoAAsphFmGejWQYDNsYKfEiJx2MRz94F4dNsIqAe/QetgxMR -VVCsFF421IT6KMrxn/TDKVK5nRZkBX3KLFv7qwkBfWCOmXD568m1yepIqZZjSnlQ -+HRMkC2DadPWpZ0+qvqXCWvjcFujtHsqhLB0MQicqPWQNyFuSEh/qH7VcZ2SSCD3 -LFwAbh9dAgMBAAECggEAI0llDgxeuIhP2/O8RRZAnhNW56VLvVHpGQFp6LoSGtXk -bqNMi76kbemkhmAqwpFkTqaC/hNoporVQ+tsaktBSzNE0NSlLx7JJCZNsXPRokrE -Mxk1KKj12TjFslDQJr7o5iNrS1p6gryM0OhLssAOiuKaKvfWOyDL8M8y8oh5X0ny -1M6IAJMkbpwiWU2OHIH7irkS8fYyCeOz0JMovCwMPwYkovHD7uHKbV4qGKzdOKN1 -QD8qMWAF1lCv/57juuwpzulGY3sSyU7yRZMMxJQ7nbIRj5iuj6+e2m6JhVghIiYG -IObIkGyubCr9QH315byiSS9ma1xzml3EqyM3XQkEhQKBgQDyxGY+60/dkUW9vAAm -g20eVZnflhE8+ooEpX9VPIliL7ADy3HU2poV2oXif8pVauMvRaYla8BHIOPV2qGI -tHTYNvubs6lxEq2Z7gM+8c5qOElXjup8Ch9/XCHXZavW8caWEcA9Z84Z4dCxbaku -EhEL0SduCn7j1tU1+Z9jBs08ewKBgQD03i29kCUeCnW+zEo+aO2Spn6HpdyZkuzG -2az5XurHGUFAgWYLOpShatjD4BY1GONvJTlD/gH2vqEkfY2OGgZ2pbjCFSfhIma/ -cnMuhsO2IlcuETqzlod1HGHcn6gGRM5LvYP343UIdv9nmJaT31nckueWv+yBd8HO -kAx1W2boBwKBgBtM7tqgh8i474jYvYOXQAwrQDSeoa2j1yWSnvEs7541Eqw6ksCH -HNDcVDYWfOCCNq44POj0ZxkYn8aK4aOH96Pg+waVe7aVjSREWeUYOEhFsCnCjqgI -U2Z1K/EXI+32Hoj90gqVw92xQVDSrjXaHkSf7rk3QPHKVQvO2JfAShBFAoGAW5ic -nZNE/ybEgrmicBQKAlh7bjxx95SJM50LYkDKK+3bhcihpkOkg3kXWrYBOJ11vga7 -lB55F5aZaq/4epZroog9Q4RsZX/b1XN3eIj6vq+70sSpI7KEOx+Bz+h9DtNAI/7h -VaHlDmSNB3CBqxDaaXMeZDqouolUmvMxZdjp9pMCgYEA1Y7vhCvMZA62OJwFJ4X8 -9Xg7bPE3jZQ6Tj3FbVCMy+RQdlo8GzYeoNZDjhpSxjJe/1lyk//EBwVNs3E4rRNl -+GcaEOo0X/J7SkPFqM6aFITypIIGeJpFyz/S99i/5tkfsNt9BQtiTS+x1Kj1iREV -bXIoNJRac5m/LLZKtDtHv18= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzjC1+i1/DoFk1 +wNOQENIC15+kL/FKk5r1JHCB6h3pOgKre1eAwVICOQ2EgD76OarvQNK4ECydOacY +09uCjR+BIWn65fDpC8jGlfZmgGr3IiLoIyKkoqXv8ZUxU/lTcFs4TKjCioXiYXwc +CnVW7mG95I37IDtul/bUh+aySE7T2b+6tdwUKsQGHF1PULH3Tfk/jwOOMpPt4J7C +GbNxxKFi+/qiCxLNCSFXF2+UMwJ9UbKZA+vIMEw9Ecgkpy53KtZ9Xds0o6IGyJjH +R6UQV848c/Miawikz0Cc11b+aq3gvWMhuhGXVnIpzjyzJxgkk9FYdL8KtTYASIOo +7nsieUdPAgMBAAECggEAEPLiFoh8lUBtO2xE7FwSHw+Qs9SMv//4CD0U28aoZSxD +NUHS7EYTgj81ffUHPOK1tpkVayentn3LPsY8+fFtcGihkvwixjUFEm30kQ99SW/x +AJ3Udtsds+1HqpzlM9Gu4r0lzxt5cPnH1/PKyNZ+5oiNOI/93D4/ICfmCJ1Xx5ql +W/4QzYzo+D2L5fDHBB9RrHWmb4eKUsDvXFqUlz50dbKtwdIT307j+27HjpaX0UKx +Jf0LDn9KsygzHgsSQwJ2pvZrrpTS4pmSlz397+WINgYQd+XkcasHbdsJrcSXAOg3 +J6eyE5kEEGYMHoZSpYQ2Jhpb7QB/RiR1vhJuSQ2IqQKBgQDr2Qd/VBzkj+ppNgp8 +KTMHLdZDexuTUbfm0lqmbHHbaYXgc1iYAKLvGDHvrxEZsnDUSyf+lAeJuaVY5KdV +T4ogCrI6Zdm4gux/8LsqyKMd3JH6DnaHYDmChQudXdkbNgdgsoo3G59zmbDMvfrL +mxmL49lkQ8jSE/3owO3KaXgd2QKBgQDC46EL2L/eteuZ3ocIzttffPyuO2/PlSz/ +I+ij9pG+9EMqMlhy1mG3FYvunSUex4FoUjIz8SETWiaX/+n8nU3sqMsCXK6U78ga +Nhe8bmshfFICwzT7cOzYJY5gkFtqV3xie9BrrM8SM5VwmJuAdJYdDiC+Qub/2/+g +57SzeaNNZwKBgGy7I8+58ZAWIVXcCj1vqQzYPv3hVbc3Z3dM52nueRdUsNnnk6KQ +OI3OM8dyiIm2UHovJAMkL814/xfaYqLcBqv7AmwV5KhCA9KAI2n4EeuEcvA7lr2W +ySy5Nb+ZMqxu3jvgVARQAdUDuBTMSUFxAfgSVXj6Hy1q9hZGS9qTgUMRAoGBAIqE +J064O4cbXdz7IJbOD3WK7D0Z2Zp8uIKPDyaadXR3P9WZ+uuEG+d41QA/iMabngp7 +gVsRoySSCqQ2LCRz2ZK/VarUHPGWi261y6EOCe6+4bs860dbN7tY1h0j/RVUIQAO +aFBffr29FBX3IW7nblowVG1mN7DauJGwneqCJeM5AoGBAOc6vMhl355zR/5VK2Sb +PtKrrbpHmJSeqW7wLBNWXNPkFInrf5G8m6oMQISVjqJ+dlP/AKZE2dOqt6+XyK7T +QWhln1l4+Gbx+o9ig6/nrisSYPIoZXDUht0+GYbCEBK1p/R+8k4CM1FrVLIaufQj +1wx+hdkof1ICK9gnjBDc/DwL -----END PRIVATE KEY----- diff --git a/dockers/stunnel/keys/server-req.pem b/dockers/stunnel/keys/server-req.pem index 6d853693..3d082431 100644 --- a/dockers/stunnel/keys/server-req.pem +++ b/dockers/stunnel/keys/server-req.pem @@ -1,15 +1,16 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcmVkaXMtcHktc2VydmVyMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DXjJOyCZqR5IW6q2/Lh9XWtxKAuIZ0Y -rM4GyjK2YJnNX77kmWOPu61KkmJgxiQc5Nm3KoBXCYX/TLJnbmVsQdH83dLcmP9q -XgQb274rs7d41mtNCSDj6J/BxP5XVeizp/4voFGV3jLvxBVnB0SxPLhIh5IDAbKA -ALKYRZhno1kGAzbGCnxIicdjEc/eBeHTbCKgHv0HrYMTEVVQrBReNtSE+ijK8Z/0 -wylSuZ0WZAV9yixb+6sJAX1gjplw+evJtcnqSKmWY0p5UPh0TJAtg2nT1qWdPqr6 -lwlr43Bbo7R7KoSwdDEInKj1kDchbkhIf6h+1XGdkkgg9yxcAG4fXQIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBAGMLI6jfG95L1Kqny8+Fl9sVnJ4ynb5905Hk9vXJ -V/BVc3P6JS6c4qYSeFd6wihHC7/j2EC3wt55Sj6JzYKy93AEjBfDfBb2ZuB6VpPy -iGKXzSGO71ziI2uzz92ltJhptNc6TNUUxwaBhOZiq2sxnLpnIcPZ/txDC75fGYEm -9iSbeeHNNZTSqQyQOzKW0OL6ss+GHhlfJPzx6mSH5dvb6bpKB2SCG1aZaDuOQTl3 -8aDIo1Z/ug6BrqoDMCyRAZTDnTohhC96bbKLRMdm0g3wwDeoWuQy1q9s1/AUYfBm -305LUYORBdFy08n41lFWo1JA4errzBhVTpHNKZ6DyQfMOxA= +MIICjDCCAXQCAQAwGzEZMBcGA1UEAwwQdmFsa2V5LXB5LXNlcnZlcjCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALOMLX6LX8OgWTXA05AQ0gLXn6Qv8UqT +mvUkcIHqHek6Aqt7V4DBUgI5DYSAPvo5qu9A0rgQLJ05pxjT24KNH4Ehafrl8OkL +yMaV9maAavciIugjIqSipe/xlTFT+VNwWzhMqMKKheJhfBwKdVbuYb3kjfsgO26X +9tSH5rJITtPZv7q13BQqxAYcXU9QsfdN+T+PA44yk+3gnsIZs3HEoWL7+qILEs0J +IVcXb5QzAn1RspkD68gwTD0RyCSnLncq1n1d2zSjogbImMdHpRBXzjxz8yJrCKTP +QJzXVv5qreC9YyG6EZdWcinOPLMnGCST0Vh0vwq1NgBIg6jueyJ5R08CAwEAAaAs +MCoGCSqGSIb3DQEJDjEdMBswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBaAwDQYJ +KoZIhvcNAQELBQADggEBAEJabnLktbb21WSoTTaC2mpLwSIGLGFXVQEFepdwmoKm +RKqhqEz/Tw9LwC2EDPndjV1pzQf/yf1AYosMG/OHC+TyqsDyNdBXi+qbGLJrUVEc +leE9swf52prrK6fauxZgsDJPRtHqzu40yrNkNz+wPRm7OvDiePdbqW5LhzepdBJV +wqK6AEXfIJDn9zkMhVxYYCff9QaqOBUYiTaptAAH2K6wGzL7CXp7SnDnDLMWAheD +JIoRYZVXCV/3u/p67pUcndKZA2CvuI+fslmMVaoRMzcaXZ2dxXbr9OrJAFJNeqCg +nbOlMZvgLjvAiOqMIoYtGasJnlolb0Fg2yurPIqaisM= -----END CERTIFICATE REQUEST----- diff --git a/dockers/stunnel/openssl.cnf b/dockers/stunnel/openssl.cnf new file mode 100644 index 00000000..1119d485 --- /dev/null +++ b/dockers/stunnel/openssl.cnf @@ -0,0 +1,15 @@ +[ req ] +distinguished_name = req_distinguished_name +x509_extensions = v3_ca + +[ req_distinguished_name ] +commonName = valkey.io +commonName_max = 64 + +[ v3_ca ] +basicConstraints = critical, CA:TRUE +keyUsage = keyCertSign, cRLSign + +[ v3_req ] +basicConstraints = critical, CA:FALSE +keyUsage = digitalSignature, keyEncipherment From a55375ca4d7d88b04a8d8ba4981601d5a862fca6 Mon Sep 17 00:00:00 2001 From: Mikhail Koviazin Date: Mon, 25 Nov 2024 16:45:12 +0100 Subject: [PATCH 3/4] tests: fix TLS tests with Python 3.13 This commit adds support for minimum_ssl_version and maximum_ssl_version to `_ValkeyTCPServer` in tests. Previously it was written with `ssl.wrap_socket` in mind which only supported `ssl_version`. `SSLContext` OTOH supports passing both minimum and maximum supported TLS versions. This commit utilizes that. Additionally, TLS version in test_tcp_ssl_version_mismatch was fixed. It was broken since 7783e0b. This change was added there by mistake and in fact didn't change anything for Python 3.12. Instead, it seems to have hidden a bug that revealed itself with Python 3.13. Signed-off-by: Mikhail Koviazin --- tests/test_asyncio/test_connect.py | 10 +++++----- tests/test_connect.py | 12 +++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/test_asyncio/test_connect.py b/tests/test_asyncio/test_connect.py index ac0465dd..dc92b2f1 100644 --- a/tests/test_asyncio/test_connect.py +++ b/tests/test_asyncio/test_connect.py @@ -125,7 +125,7 @@ async def test_tcp_ssl_version_mismatch(tcp_address): tcp_address, certfile=certfile, keyfile=keyfile, - ssl_version=ssl.TLSVersion.TLSv1_2, + maximum_ssl_version=ssl.TLSVersion.TLSv1_2, ) await conn.disconnect() @@ -135,7 +135,8 @@ async def _assert_connect( server_address, certfile=None, keyfile=None, - ssl_version=None, + minimum_ssl_version=ssl.TLSVersion.TLSv1_2, + maximum_ssl_version=ssl.TLSVersion.TLSv1_3, ): stop_event = asyncio.Event() finished = asyncio.Event() @@ -153,9 +154,8 @@ async def _handler(reader, writer): elif certfile: host, port = server_address context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) - if ssl_version is not None: - context.minimum_version = ssl_version - context.maximum_version = ssl_version + context.minimum_version = minimum_ssl_version + context.maximum_version = maximum_ssl_version context.load_cert_chain(certfile=certfile, keyfile=keyfile) server = await asyncio.start_server(_handler, host=host, port=port, ssl=context) else: diff --git a/tests/test_connect.py b/tests/test_connect.py index ac91f5a0..cc580008 100644 --- a/tests/test_connect.py +++ b/tests/test_connect.py @@ -100,7 +100,6 @@ def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers): tcp_address, certfile=certfile, keyfile=keyfile, - ssl_version=ssl.TLSVersion.TLSv1_2, ) @@ -141,7 +140,7 @@ def test_tcp_ssl_version_mismatch(tcp_address): tcp_address, certfile=certfile, keyfile=keyfile, - ssl_version=ssl.TLSVersion.TLSv1_3, + maximum_ssl_version=ssl.TLSVersion.TLSv1_2, ) @@ -170,14 +169,16 @@ def __init__( *args, certfile=None, keyfile=None, - ssl_version=ssl.TLSVersion.TLSv1, + minimum_ssl_version=ssl.TLSVersion.TLSv1_2, + maximum_ssl_version=ssl.TLSVersion.TLSv1_3, **kw, ) -> None: self._ready_event = threading.Event() self._stop_requested = False self._certfile = certfile self._keyfile = keyfile - self._ssl_version = ssl_version + self._minimum_ssl_version = minimum_ssl_version + self._maximum_ssl_version = maximum_ssl_version super().__init__(*args, **kw) def service_actions(self): @@ -199,7 +200,8 @@ def get_request(self): newsocket, fromaddr = self.socket.accept() sslctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) sslctx.load_cert_chain(self._certfile, self._keyfile) - sslctx.minimum_version = self._ssl_version + sslctx.minimum_version = self._minimum_ssl_version + sslctx.maximum_version = self._maximum_ssl_version connstream = sslctx.wrap_socket( newsocket, server_side=True, From aefed4ab8201f348cae2627c7fc0aa8525458a38 Mon Sep 17 00:00:00 2001 From: Salvatore Mesoraca Date: Wed, 30 Oct 2024 09:58:23 +0100 Subject: [PATCH 4/4] Add support for Python 3.13 Signed-off-by: Salvatore Mesoraca --- .github/workflows/integration.yaml | 4 ++-- setup.py | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index bcb88d7f..1aa9a29c 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -78,7 +78,7 @@ jobs: max-parallel: 15 fail-fast: false matrix: - python-version: ['3.8', '3.9', '3.10', '3.11', '3.11.1', '3.12', 'pypy-3.9', 'pypy-3.10'] + python-version: ['3.8', '3.9', '3.10', '3.11', '3.11.1', '3.12', '3.13', 'pypy-3.9', 'pypy-3.10'] test-type: ['standalone', 'cluster'] connection-type: ['libvalkey', 'plain'] protocol-version: ['2','3'] @@ -168,7 +168,7 @@ jobs: strategy: fail-fast: false matrix: - python-version: ['3.8', '3.9', '3.10', '3.11', '3.11.1', '3.12', 'pypy-3.9', 'pypy-3.10'] + python-version: ['3.8', '3.9', '3.10', '3.11', '3.11.1', '3.12', '3.13', 'pypy-3.9', 'pypy-3.10'] steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 diff --git a/setup.py b/setup.py index aff5f60f..2df4059d 100644 --- a/setup.py +++ b/setup.py @@ -52,6 +52,7 @@ "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", ],