diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index bd14debf..90f36c8a 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -16,7 +16,7 @@ jobs: # Fedora latest stable version - {distro: fedora, image: 'fedora:latest'} # Fedora development version - - {distro: fedora, image: 'fedora:rawhide'} + - {distro: fedora, image: 'fedora:rawhide', ssl_cert_host: 'localhost'} # On the fail-fast: true, it cancels all in-progress jobs # if any matrix job fails unlike Travis fast_finish. fail-fast: false @@ -27,4 +27,10 @@ jobs: # as a temporary workaround to avoid the following issue # in the Fedora >= 34 containers. # https://bugzilla.redhat.com/show_bug.cgi?id=1900021 - - run: docker run --add-host=mysql2gem.example.com:127.0.0.1 -t --cap-add=SYS_PTRACE --security-opt seccomp=unconfined mysql2 + - run: | + docker run \ + --add-host=mysql2gem.example.com:127.0.0.1 \ + -t \ + -e TEST_RUBY_MYSQL2_SSL_CERT_HOST="${{ matrix.ssl_cert_host || '' }}" \ + --cap-add=SYS_PTRACE --security-opt seccomp=unconfined \ + mysql2 diff --git a/ci/ssl.sh b/ci/ssl.sh index e98f27a4..93b8d942 100644 --- a/ci/ssl.sh +++ b/ci/ssl.sh @@ -2,11 +2,14 @@ set -eux +# TEST_RUBY_MYSQL2_SSL_CERT_HOST: custom host for the SSL certificates. +SSL_CERT_HOST=${TEST_RUBY_MYSQL2_SSL_CERT_HOST:-mysql2gem.example.com} + # Make sure there is an /etc/mysql mkdir -p /etc/mysql # Copy the local certs to /etc/mysql -cp spec/ssl/*pem /etc/mysql/ +cp spec/ssl/${SSL_CERT_HOST}/*pem /etc/mysql/ # Wherever MySQL configs live, go there (this is for cross-platform) cd $(my_print_defaults --help | grep my.cnf | xargs find 2>/dev/null | xargs dirname) diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb index ede316b7..7b57cf7f 100644 --- a/spec/mysql2/client_spec.rb +++ b/spec/mysql2/client_spec.rb @@ -153,7 +153,7 @@ def connect(*args) let(:option_overrides) do { - 'host' => 'mysql2gem.example.com', # must match the certificates + 'host' => ssl_cert_host, # must match the certificates :sslkey => '/etc/mysql/client-key.pem', :sslcert => '/etc/mysql/client-cert.pem', :sslca => '/etc/mysql/ca-cert.pem', diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index edfac4d6..5a4760ac 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -60,6 +60,18 @@ def clock_time end end + def ssl_cert_host + return @ssl_cert_host if @ssl_cert_host + + host = ENV['TEST_RUBY_MYSQL2_SSL_CERT_HOST'] + @ssl_cert_host = if host && !host.empty? + host + else + 'mysql2gem.example.com' + end + @ssl_cert_host + end + config.before(:suite) do begin new_client diff --git a/spec/ssl/gen_certs.sh b/spec/ssl/gen_certs.sh index 3d48da01..162702f6 100644 --- a/spec/ssl/gen_certs.sh +++ b/spec/ssl/gen_certs.sh @@ -2,7 +2,13 @@ set -eux -echo " +# Note that we generate a set of certificates for localhost to assist the +# testing environment where the domain "mysql2gem.example.com" can not be set. +for HOST in mysql2gem.example.com localhost; do + mkdir -p "${HOST}" + pushd "${HOST}" + + echo " [ ca ] # January 1, 2015 default_startdate = 2015010360000Z @@ -22,27 +28,30 @@ organizationalUnitName_default = Mysql2Gem emailAddress_default = mysql2gem@example.com " | tee ca.cnf cert.cnf -# The client and server certs must have a different common name than the CA -# to avoid "SSL connection error: error:00000001:lib(0):func(0):reason(1)" + # The client and server certs must have a different common name than the CA + # to avoid "SSL connection error: error:00000001:lib(0):func(0):reason(1)" -echo " + echo " commonName_default = ca_mysql2gem " >> ca.cnf -echo " -commonName_default = mysql2gem.example.com + echo " +commonName_default = ${HOST} " >> cert.cnf -# Generate a set of certificates -openssl genrsa -out ca-key.pem 2048 -openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -batch -config ca.cnf -openssl req -newkey rsa:2048 -days 3600 -nodes -keyout pkcs8-server-key.pem -out server-req.pem -batch -config cert.cnf -openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem -openssl req -newkey rsa:2048 -days 3600 -nodes -keyout pkcs8-client-key.pem -out client-req.pem -batch -config cert.cnf -openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem - -# Convert format from PKCS#8 to PKCS#1 -openssl rsa -in pkcs8-server-key.pem -out server-key.pem -openssl rsa -in pkcs8-client-key.pem -out client-key.pem + # Generate a set of certificates + openssl genrsa -out ca-key.pem 2048 + openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -batch -config ca.cnf + openssl req -newkey rsa:2048 -days 3600 -nodes -keyout pkcs8-server-key.pem -out server-req.pem -batch -config cert.cnf + openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem + openssl req -newkey rsa:2048 -days 3600 -nodes -keyout pkcs8-client-key.pem -out client-req.pem -batch -config cert.cnf + openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem + + # Convert format from PKCS#8 to PKCS#1 + openssl rsa -in pkcs8-server-key.pem -out server-key.pem + openssl rsa -in pkcs8-client-key.pem -out client-key.pem + + popd +done echo "done" diff --git a/spec/ssl/localhost/ca-cert.pem b/spec/ssl/localhost/ca-cert.pem new file mode 100644 index 00000000..28a93a39 --- /dev/null +++ b/spec/ssl/localhost/ca-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtTCCAZ0CFAwnppExyVZKvNYuoDiG+1VfU8qoMA0GCSqGSIb3DQEBCwUAMBcx +FTATBgNVBAMMDGNhX215c3FsMmdlbTAeFw0yMjEyMjMxNTMwNThaFw0zMjEwMzEx +NTMwNThaMBcxFTATBgNVBAMMDGNhX215c3FsMmdlbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALjIBExDu99Q4uvMi4ikmhQkhKyK4X/+NALos8iFXFbq +a6B8Yeho2rRzfdxnAXg3RW/3t7a/sU/V/KfPHgUcBmDNp6ZGS0bGK6uFWU963aI7 +vn/B4yiXLM3CeHzRgLisvIySJ2PYGNW9I4Sunwwl9V+juAJ1iZemfKGNcQ10VWw0 +zRD0TV3/6wQrdasEkf7t1Zv+HOg9zrPKM0uRX4F7sXdcoatFpOmvNZGiTfJCeCfP +tMkjyhncO48z3+es0yr1/574CDxB7Stc30ce528k8wZwQFPe4vlLVDzdxVD02Bcj +jhQQkadRWiuRtUXBFFIx5QOvzNrZmD6mWeL1TSSdNlECAwEAATANBgkqhkiG9w0B +AQsFAAOCAQEANHFob2ypSKhMF9vQVWbs7c8oqRSNkMVcRqoc8wbRREKKLkmqoXRm +FcaPVXd2Y3O6Milw4lFLzQbTr7wf7Fhab69LNDaEj42KMxCPqMJyvHyD1AGeBcIc +dCagd3ZA+DrBjBvmHDAwkBBlM/P7FukhL1NoVNP9eqz2/9yOOPwlTLo1YCQwV/gN +WdWWtD4r9sbm2nGNXZ85yZAQHfIdUQZhHU/SFdLy1oSsPQMgPe8N58QvP/UcpdHe +RT4DqAu2MlfHWXFarjSakCLYsbvyeFvb+qg69snO0FVUT5IZQQ/3xbFh3o0bqeyo +LUbvUMmXgVacmlOWmwrcxvJvvFEBzEBkNA== +-----END CERTIFICATE----- diff --git a/spec/ssl/localhost/ca-key.pem b/spec/ssl/localhost/ca-key.pem new file mode 100644 index 00000000..626509b4 --- /dev/null +++ b/spec/ssl/localhost/ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4yARMQ7vfUOLr +zIuIpJoUJISsiuF//jQC6LPIhVxW6mugfGHoaNq0c33cZwF4N0Vv97e2v7FP1fyn +zx4FHAZgzaemRktGxiurhVlPet2iO75/weMolyzNwnh80YC4rLyMkidj2BjVvSOE +rp8MJfVfo7gCdYmXpnyhjXENdFVsNM0Q9E1d/+sEK3WrBJH+7dWb/hzoPc6zyjNL +kV+Be7F3XKGrRaTprzWRok3yQngnz7TJI8oZ3DuPM9/nrNMq9f+e+Ag8Qe0rXN9H +HudvJPMGcEBT3uL5S1Q83cVQ9NgXI44UEJGnUVorkbVFwRRSMeUDr8za2Zg+plni +9U0knTZRAgMBAAECggEABEWxnb7KKvdgi8Gir0HZAyK2A5RBcvdiZffR4k69DBBm +9SKzE8/K0LXD4PLrvIcQnq5cS8giVh11Nj8Ka2VSu2291NEWv/fofhJ69mS5l5zo +gmUt9pwKL+axaPdiEcMCqABgE0Wli1mQZuqvqDT/d5reMAZeLEiv5H9T8BLyv6nt +y5N/EiSsPx67cGDGFBlNATDl1xUApxkQe0EVsBfpku3r/2UiVGtra7k0kOA4a8UL +tx8O4mED2b46DWed2+zNbKcXOvXLjlkjZTudfVi6p6B8dsSopP+gJxVnpiY8QxN9 +xctPw/IlFzIlriMm2U2/JLHxdJP4Gyz393oavPLDAQKBgQDP9IDemtQjKlN8PmOO +4MZtl9+Y6nx3ZyEK1Jky7ncyFMlfCAqGY8+RbT2FvxV2FR+qhinzY/UYmV/eQF6S +AgMHKM8wkolF4G2xoUDnwZRG53+pzlJTemXu/sayzu0chQ05Ru+KdKkuL9Qv42zt +KwMme6mPGKXCSi5EQypI0l6NwQKBgQDjeOa3LPn1li7jfA1GCwp00LuiBnuRUQRK +6zH25yMiMbUay+zmbDxWMLSlYffzP9hLcp2XcySNkNNoT2Gjm6Ng9s/IqP+8beqI +haNrmcLZl6wbJVqmnXjyaAWhmTzso9OJl4QFrRNdIdcjQtkeP58wVA7VDIK0LtQN +m7nqrKHskQKBgHj5ZuKYtWIDpG95p9cdYbGtkTDW8DNR9kHjrX+YhBTJTOAQwHav +p7eVEh41LBn2beZ4h/0EIDgAOWoEjj9oFjTbA7Tg+iSBS67y/NwVm9mnoHe7A992 +K8hdxF+Oyxc1O50fbAhil2y7/DcjmWFbDUkc1WXeU8dz+fhSDk4wuzrBAoGBAKAh +QREb6U54DcP4VQPEy/SV6DBULfKLPOFclkzAQ5xTr7EQc1F2SjdGjDSMNdcYT7Q1 +GDlARjAeDqS0lQBulOGyfW09guHr4pl+sh8SG/e/bNmjPyBhZH4IukYbMKdJYKXQ +cpDoWORL6T4aVeuUUATed56E8xHSkVaPFJ7eLhLxAoGBAMtB/grTYP7YHzPDH8T+ +SfJ05OoFB1MR1JzqdDLwzI60c041RdVZ/StpXjK7th2MAK4zymuzXRgTklvsRRTc +RV+2REWqGpSNO4eTPLM6j8TvAwAaI+WzSRCW/4XDAkQHnVN7M4Bg6gWiEX+Xi6pr +FMC+/PNymu450sLrLA+9kByf +-----END PRIVATE KEY----- diff --git a/spec/ssl/ca.cnf b/spec/ssl/localhost/ca.cnf similarity index 100% rename from spec/ssl/ca.cnf rename to spec/ssl/localhost/ca.cnf diff --git a/spec/ssl/localhost/cert.cnf b/spec/ssl/localhost/cert.cnf new file mode 100644 index 00000000..3fc82501 --- /dev/null +++ b/spec/ssl/localhost/cert.cnf @@ -0,0 +1,22 @@ + +[ ca ] +# January 1, 2015 +default_startdate = 2015010360000Z + +[ req ] +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +# If this isn't set, the error is error, no objects specified in config file +commonName = Common Name (hostname, IP, or your name) + +countryName_default = US +stateOrProvinceName_default = CA +localityName_default = San Francisco +0.organizationName_default = mysql2_gem +organizationalUnitName_default = Mysql2Gem +emailAddress_default = mysql2gem@example.com + + +commonName_default = localhost + diff --git a/spec/ssl/localhost/client-cert.pem b/spec/ssl/localhost/client-cert.pem new file mode 100644 index 00000000..05bcb5d2 --- /dev/null +++ b/spec/ssl/localhost/client-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCAQEwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAwwMY2FfbXlzcWwy +Z2VtMB4XDTIyMTIyMzE1MzA1OVoXDTMyMTAzMTE1MzA1OVowFDESMBAGA1UEAwwJ +bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sStOpst ++FCGz9V7hQmD+rQlzpcg10cfPDOVKQokEu9ZRue8/dflNGDLSy8zmCYfCYDsXZvi +VEiDPgXR3AxhpbF6VBj4fG83wAFtEeO18EPyAsxBpYyCJIVuTxPWSJv7Qvv01TEA +z6W1wo2G5S35B7JcY65WS5JG7Jyhg4cln4PcLEFG76ECBzvUc9kVcRdROiv5OVCN +i1N6glnMjMUsc6mC7labUnQSV/1RWHt5GRvFd0G9nszL8Yxj1GHmXdcUUHGXvb71 +l3rj0vWCNkG+K1e17tNLP86ACWhtLMps8CFzU32+uSUaE4ol/Vs+3FH+74lpdJL8 +oRvdu4b2msKt9wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQChXIphVRRhl/RxLS3C +gifApYt+Ou7B+lPR5+Ex929QxCgRp2Ux6GDEVF/Iyvj2RIWN0pj504JN23pEBOEK +e/YNdX7A/fFr7mSrjQ38MUt18I4n1xzWAVS+l9y4QbCdMWvaYRBkm3vtBL7+3fFU +6Rz++EOzkHfGFVIIEOvC7tqkt4lMELMYEhU4dMe7ZVU0cu1TfX7snlZTWTJoJQhl +EIEp3Q0EuphPJlkkn3aOKhJkuPVAkIeMxXluYEc+KFj7HkSaOn0onVy2CAZIixxE +T+G5SI6LVK1dzRTbvHa35vsnyLYK52BPomRC7QMDkNiUgQugqzOI1vnDjek0+2/+ +v5D7 +-----END CERTIFICATE----- diff --git a/spec/ssl/localhost/client-key.pem b/spec/ssl/localhost/client-key.pem new file mode 100644 index 00000000..e52fc98f --- /dev/null +++ b/spec/ssl/localhost/client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWxK06my34UIbP +1XuFCYP6tCXOlyDXRx88M5UpCiQS71lG57z91+U0YMtLLzOYJh8JgOxdm+JUSIM+ +BdHcDGGlsXpUGPh8bzfAAW0R47XwQ/ICzEGljIIkhW5PE9ZIm/tC+/TVMQDPpbXC +jYblLfkHslxjrlZLkkbsnKGDhyWfg9wsQUbvoQIHO9Rz2RVxF1E6K/k5UI2LU3qC +WcyMxSxzqYLuVptSdBJX/VFYe3kZG8V3Qb2ezMvxjGPUYeZd1xRQcZe9vvWXeuPS +9YI2Qb4rV7Xu00s/zoAJaG0symzwIXNTfb65JRoTiiX9Wz7cUf7viWl0kvyhG927 +hvaawq33AgMBAAECggEAQNkVB0+o40QJWML4r3RuleoESmtmnqoae9aFcOVffBoq +RlcdwTYJvrWFXNfNR+Em2PtFI4S4o8NbYYRnV/6jE2FR8wexK/13A3JKyS6NFpWl +gwPCxKZ2+2kQpC70smrqxNCIHkFUId7C0ZJjS1sEyTapX+3Zn6r04Gfw+uJ5UT71 +QRGnTQQfL8n7YMfL3M2Zi+RUs9sMkw+So2YJySBhYualdRWTD7msN7wOcnbTqWlG +dlfV7ErR4+mbLL0Q9BWWnLTyncgkaGP8zgxENRX8KZK7r1X4re8cUDaToWpYFBcI +lG+TICTvkhlQKLkqVmJWmEh23C3glMRx6UI0/22O0QKBgQDmDZ0fOpR/aR0ea5la +nQU7d7yj82IOSVDbAFNhJHu2dDmPOEFfLukPxtAVyIR6UmU2aL0etOpuE4M7ZJ7X +4ywqgktxJpVpdKVRPdGrRHiNSzFLiqB8WiTGE5Ra0TjxPd8qsFaz2kLDZKr3AFH5 +u4tzb2fN91ycRcyvkRsXlm7P5wKBgQDu/bzXGIVepeSO1jatvC1GDX7vBKssw89O +gSShjwfRxJMNJ6yWUuvI2CGr2Nw1Owqs8hePXk5PHCHq+c63c4n18VEkXMTHuPru +eo3O5Kpdot0AmYqXN+Rdoe9EU4JNSvhSYrZXubJNLJE8Z0aJt+UEkWupiwhF0KBb +QsKsfzavcQKBgQCbQ17iv7+PShr79/S1IjpwyzwGjvGD4NlwJQUhD+Vq24Apd/cu +zVNAcZbozL8Ua12h3gidm86IYiT0xdEqtUiOnAdco4S9eptEfGtworKV8cSgTjxI +EPK2uGos7P34WyCuB/tMQSdEBkIYmB+7Y2cXjn3JlYPseHNPnqhhQAcjywKBgGdr +VfSen9g9YZKOEEtOSyktXeiA1LIiaetG51siUffsYNYofP7wEyhunuOGjIRccFo2 +yQs5fBmvyt2sDFBGp0TOkJZzrpPe8HeSgRsuyKqMd6Zyyw51GVWLZcbjfFeGQb8l +CFMeAJJ03sSMzHF8Kpa3dyd/Cq1rgnj7gtKymi+BAoGBALeLfy0rVFh4J0RKrVLD +fWIJds55g2QV1F6CsbWKjF4GmMgVGsJqppKboxzkzEvULuxZFbQB2loVWfukz/Er +t/98rN0bO9czuYYordq4v7kk01ki53ZLq6u6ZGZBwzCukpUWqYpCAkwdzbxFh6wt +Umy3b5AI3hqHLx4MT84TsE07 +-----END PRIVATE KEY----- diff --git a/spec/ssl/localhost/client-req.pem b/spec/ssl/localhost/client-req.pem new file mode 100644 index 00000000..32172255 --- /dev/null +++ b/spec/ssl/localhost/client-req.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA1sStOpst+FCGz9V7hQmD+rQlzpcg10cfPDOVKQok +Eu9ZRue8/dflNGDLSy8zmCYfCYDsXZviVEiDPgXR3AxhpbF6VBj4fG83wAFtEeO1 +8EPyAsxBpYyCJIVuTxPWSJv7Qvv01TEAz6W1wo2G5S35B7JcY65WS5JG7Jyhg4cl +n4PcLEFG76ECBzvUc9kVcRdROiv5OVCNi1N6glnMjMUsc6mC7labUnQSV/1RWHt5 +GRvFd0G9nszL8Yxj1GHmXdcUUHGXvb71l3rj0vWCNkG+K1e17tNLP86ACWhtLMps +8CFzU32+uSUaE4ol/Vs+3FH+74lpdJL8oRvdu4b2msKt9wIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBACvvwd+Uw6omStKrZchLkgNXmrg1EgTQjspcohsjyjYAxb68 +LXXcTthDXy0PSGgrN4j5aus6IRqS7E+ra+TKC0Vq2O5lRPuq0QYJBWFXjk55ffjU +cMVpvWpwCBvh+fmn0fuhnsKdYRO98WNDpEGEefAaQju05uX9CdR1ZoE64l3JKKib +E68dA/pFxyUfWEep2VGr75hW0fMe+MSnCC/+StpQwOTnYTSlRLF5sTKWSFa4Hyfb +FXcldBAmPu6VbkGzj9mDpyRDOfIKvrzuTUhnzeLatlczJmQb/P8qBLaBZOFwSiiJ +4vBNCsaVpNWQxN1+1rclVxC7rTD9yWYnF/8cPi0= +-----END CERTIFICATE REQUEST----- diff --git a/spec/ssl/localhost/pkcs8-client-key.pem b/spec/ssl/localhost/pkcs8-client-key.pem new file mode 100644 index 00000000..e52fc98f --- /dev/null +++ b/spec/ssl/localhost/pkcs8-client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWxK06my34UIbP +1XuFCYP6tCXOlyDXRx88M5UpCiQS71lG57z91+U0YMtLLzOYJh8JgOxdm+JUSIM+ +BdHcDGGlsXpUGPh8bzfAAW0R47XwQ/ICzEGljIIkhW5PE9ZIm/tC+/TVMQDPpbXC +jYblLfkHslxjrlZLkkbsnKGDhyWfg9wsQUbvoQIHO9Rz2RVxF1E6K/k5UI2LU3qC +WcyMxSxzqYLuVptSdBJX/VFYe3kZG8V3Qb2ezMvxjGPUYeZd1xRQcZe9vvWXeuPS +9YI2Qb4rV7Xu00s/zoAJaG0symzwIXNTfb65JRoTiiX9Wz7cUf7viWl0kvyhG927 +hvaawq33AgMBAAECggEAQNkVB0+o40QJWML4r3RuleoESmtmnqoae9aFcOVffBoq +RlcdwTYJvrWFXNfNR+Em2PtFI4S4o8NbYYRnV/6jE2FR8wexK/13A3JKyS6NFpWl +gwPCxKZ2+2kQpC70smrqxNCIHkFUId7C0ZJjS1sEyTapX+3Zn6r04Gfw+uJ5UT71 +QRGnTQQfL8n7YMfL3M2Zi+RUs9sMkw+So2YJySBhYualdRWTD7msN7wOcnbTqWlG +dlfV7ErR4+mbLL0Q9BWWnLTyncgkaGP8zgxENRX8KZK7r1X4re8cUDaToWpYFBcI +lG+TICTvkhlQKLkqVmJWmEh23C3glMRx6UI0/22O0QKBgQDmDZ0fOpR/aR0ea5la +nQU7d7yj82IOSVDbAFNhJHu2dDmPOEFfLukPxtAVyIR6UmU2aL0etOpuE4M7ZJ7X +4ywqgktxJpVpdKVRPdGrRHiNSzFLiqB8WiTGE5Ra0TjxPd8qsFaz2kLDZKr3AFH5 +u4tzb2fN91ycRcyvkRsXlm7P5wKBgQDu/bzXGIVepeSO1jatvC1GDX7vBKssw89O +gSShjwfRxJMNJ6yWUuvI2CGr2Nw1Owqs8hePXk5PHCHq+c63c4n18VEkXMTHuPru +eo3O5Kpdot0AmYqXN+Rdoe9EU4JNSvhSYrZXubJNLJE8Z0aJt+UEkWupiwhF0KBb +QsKsfzavcQKBgQCbQ17iv7+PShr79/S1IjpwyzwGjvGD4NlwJQUhD+Vq24Apd/cu +zVNAcZbozL8Ua12h3gidm86IYiT0xdEqtUiOnAdco4S9eptEfGtworKV8cSgTjxI +EPK2uGos7P34WyCuB/tMQSdEBkIYmB+7Y2cXjn3JlYPseHNPnqhhQAcjywKBgGdr +VfSen9g9YZKOEEtOSyktXeiA1LIiaetG51siUffsYNYofP7wEyhunuOGjIRccFo2 +yQs5fBmvyt2sDFBGp0TOkJZzrpPe8HeSgRsuyKqMd6Zyyw51GVWLZcbjfFeGQb8l +CFMeAJJ03sSMzHF8Kpa3dyd/Cq1rgnj7gtKymi+BAoGBALeLfy0rVFh4J0RKrVLD +fWIJds55g2QV1F6CsbWKjF4GmMgVGsJqppKboxzkzEvULuxZFbQB2loVWfukz/Er +t/98rN0bO9czuYYordq4v7kk01ki53ZLq6u6ZGZBwzCukpUWqYpCAkwdzbxFh6wt +Umy3b5AI3hqHLx4MT84TsE07 +-----END PRIVATE KEY----- diff --git a/spec/ssl/localhost/pkcs8-server-key.pem b/spec/ssl/localhost/pkcs8-server-key.pem new file mode 100644 index 00000000..63cbd366 --- /dev/null +++ b/spec/ssl/localhost/pkcs8-server-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQCeFTHDcBmop2bo +vUgS6s+4i7DIY0L8PMvUaoSu9InyGYsEPZLDQxcEppzHrCxKNus+kdXQWxvvflDp +dYTza0PQujvN0MoDx+2Mt2GhGySiRGI+oXlSKT3kJ1a/V+9hkjEzh08JY80Pm00+ +2FDE9KU6c1QKUeSRLQ59o9qpPyKn+s7g5TWCg3ib2uyRKlcoe2g1bCQ8K54wX/dP +KNS9nrfsbUaQhQB2tjDdCOW/9Dd26QQZoigEtiNVrcf8bdt7xNHg1o0DRmVGBDW4 +xdBL0LMIUL1BraPfIOeBGu9ulw31ORxnmx+qazXKtdSpAiDMrNmuE2T0JXLRtYCs +qBfNrywhAgMBAAECgf8szrUcQFoFg+2Xao9TTVszY+Tn57rE5DaiLs8NCCNRjAvr +V8iRsCKGHvOxZQvovUhQo+WG+UwhxhwJEFZu6KiAMUliPRwFllWu3Qu/LoJjvB5c +wkgxEZ+JW90qvzIK5fUsNd4hOziUg+CRP58lNHLg7m+TvUKcI7lHw3nnHw4jrnDz +VDJ9G3dQMVGgGr6iaybg6LRrYRU5Yr7cc6W2k4iBtydgnpKK47VqJCuhDpInfCjn +x8o1w1jWH2JBAyZEzagVRbtl+5bDcP9bZoCMV0PPexNG9nR+HthWVvrfg4aOFY0o +sGFXc7ymU33wnZVZnSjMxEDB2TnFYkRP/4CwIVECgYEAtbdPY5fI1LeoAbfRBDnu +GAN0RaSidUXTCTt3NS/d2SyDScFKSU1ctxW1YykvuWTe88m+ysgW0ERUk38qVHGf +ZOcfasC/tywDKV7VW3xbIjHjx52BtDj0vcMwwQlG38Y43XrC+0Y0G2HW+g5wHJ+A +o2PAvSIareQ1veaOTyUZZ7ECgYEA3rSmRvv0yonlRscY9JjdAYf4BD23dNgjo1aw +7pJ6GjZTs7eNzNxPG6eppVsXk5iROX2+EoVrvzPahdkjO/XOXwsqObEe3p/1/BWA +8Hix+waCh83usytO6bm8FIIADjBgq29p+YGxNBHFcAu/k9fOBoaPU7neus3NPjjt +rKj/l3ECgYAtisCp3DuoHFNOAuyum3oxqIP2hFl2/MX0VWP9/34hVMeer4PXtTzc +YeNw87yTQVWjUdewaM9W6RktUjygp01kc4xrK92gobY1IyBj6lnIyyokODRun6uu +94F7j8CkisBrub2uThz3E+FWEFJGyi7qRDDk9ewr0rspWeQmr8ybMQKBgGroBTnm +ESh48Zr8UDp6dv0ZLDG8/qgUaWcrYlvj7MFQevW2k1dYGpGH9qPuCm9LucsDVY7G +hWaPmcLO7V8HLD3ruiVfpRXxa7/LAs5s4eNCyL4wWPmhPIxuIJ8nmKc3CfDB1vlz +DIGWVlTnDtwFqFzxkzP58bVyvae05EMSDT/BAoGABU2b0zwwDEgkm7gcU+MvCgIe +SgoO4OlgGFsft6l5fR+PtGFqICPxymJMhfQm6re2wXEdgtlY1Damxjmnj07AFSgZ +O70Fpb6Lp+0Ot8LGagWI/ofsFs17Nm/BkYG3PQcA9xI+2VRUA7iikoeON43z/npD +FuJ5VDYav3yy4d7k/yU= +-----END PRIVATE KEY----- diff --git a/spec/ssl/localhost/server-cert.pem b/spec/ssl/localhost/server-cert.pem new file mode 100644 index 00000000..9c7671d4 --- /dev/null +++ b/spec/ssl/localhost/server-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCAQEwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAwwMY2FfbXlzcWwy +Z2VtMB4XDTIyMTIyMzE1MzA1OFoXDTMyMTAzMTE1MzA1OFowFDESMBAGA1UEAwwJ +bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhUxw3AZ +qKdm6L1IEurPuIuwyGNC/DzL1GqErvSJ8hmLBD2Sw0MXBKacx6wsSjbrPpHV0Fsb +735Q6XWE82tD0Lo7zdDKA8ftjLdhoRskokRiPqF5Uik95CdWv1fvYZIxM4dPCWPN +D5tNPthQxPSlOnNUClHkkS0OfaPaqT8ip/rO4OU1goN4m9rskSpXKHtoNWwkPCue +MF/3TyjUvZ637G1GkIUAdrYw3Qjlv/Q3dukEGaIoBLYjVa3H/G3be8TR4NaNA0Zl +RgQ1uMXQS9CzCFC9Qa2j3yDngRrvbpcN9TkcZ5sfqms1yrXUqQIgzKzZrhNk9CVy +0bWArKgXza8sIQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAAgF5hCbbz1A3KSJEq +CPObbBymCFZfbg8QyP4h1ArFl535Gvbzauo166kViG9O/DQhXUir9NUXkOZSRhe4 +Hjpu2IqwEjXFxmWcKZVREXvIDkp3S2JI7rewvwuuqvo0NcT0nCsChT0iHwfrrpAq +1o38i3qR0vlfxXyDd6pr9CMbmGlxAdAD4cXQ0hIecuXndVOT4BVm1p5kSLGWaywu +VyuQyERqP92O20zC9/BEWGZ5ToMQ3pmkRl+KBXbCl74RqJd3wnEzgj2bZonTxyuH +Yd4qACsIOgDZ2kBr0kP9Bsvc9uVC6QVwVdHN/H7zFE9UyooO/RQYCev/8fMU86qU +AZ1Y +-----END CERTIFICATE----- diff --git a/spec/ssl/localhost/server-key.pem b/spec/ssl/localhost/server-key.pem new file mode 100644 index 00000000..63cbd366 --- /dev/null +++ b/spec/ssl/localhost/server-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQCeFTHDcBmop2bo +vUgS6s+4i7DIY0L8PMvUaoSu9InyGYsEPZLDQxcEppzHrCxKNus+kdXQWxvvflDp +dYTza0PQujvN0MoDx+2Mt2GhGySiRGI+oXlSKT3kJ1a/V+9hkjEzh08JY80Pm00+ +2FDE9KU6c1QKUeSRLQ59o9qpPyKn+s7g5TWCg3ib2uyRKlcoe2g1bCQ8K54wX/dP +KNS9nrfsbUaQhQB2tjDdCOW/9Dd26QQZoigEtiNVrcf8bdt7xNHg1o0DRmVGBDW4 +xdBL0LMIUL1BraPfIOeBGu9ulw31ORxnmx+qazXKtdSpAiDMrNmuE2T0JXLRtYCs +qBfNrywhAgMBAAECgf8szrUcQFoFg+2Xao9TTVszY+Tn57rE5DaiLs8NCCNRjAvr +V8iRsCKGHvOxZQvovUhQo+WG+UwhxhwJEFZu6KiAMUliPRwFllWu3Qu/LoJjvB5c +wkgxEZ+JW90qvzIK5fUsNd4hOziUg+CRP58lNHLg7m+TvUKcI7lHw3nnHw4jrnDz +VDJ9G3dQMVGgGr6iaybg6LRrYRU5Yr7cc6W2k4iBtydgnpKK47VqJCuhDpInfCjn +x8o1w1jWH2JBAyZEzagVRbtl+5bDcP9bZoCMV0PPexNG9nR+HthWVvrfg4aOFY0o +sGFXc7ymU33wnZVZnSjMxEDB2TnFYkRP/4CwIVECgYEAtbdPY5fI1LeoAbfRBDnu +GAN0RaSidUXTCTt3NS/d2SyDScFKSU1ctxW1YykvuWTe88m+ysgW0ERUk38qVHGf +ZOcfasC/tywDKV7VW3xbIjHjx52BtDj0vcMwwQlG38Y43XrC+0Y0G2HW+g5wHJ+A +o2PAvSIareQ1veaOTyUZZ7ECgYEA3rSmRvv0yonlRscY9JjdAYf4BD23dNgjo1aw +7pJ6GjZTs7eNzNxPG6eppVsXk5iROX2+EoVrvzPahdkjO/XOXwsqObEe3p/1/BWA +8Hix+waCh83usytO6bm8FIIADjBgq29p+YGxNBHFcAu/k9fOBoaPU7neus3NPjjt +rKj/l3ECgYAtisCp3DuoHFNOAuyum3oxqIP2hFl2/MX0VWP9/34hVMeer4PXtTzc +YeNw87yTQVWjUdewaM9W6RktUjygp01kc4xrK92gobY1IyBj6lnIyyokODRun6uu +94F7j8CkisBrub2uThz3E+FWEFJGyi7qRDDk9ewr0rspWeQmr8ybMQKBgGroBTnm +ESh48Zr8UDp6dv0ZLDG8/qgUaWcrYlvj7MFQevW2k1dYGpGH9qPuCm9LucsDVY7G +hWaPmcLO7V8HLD3ruiVfpRXxa7/LAs5s4eNCyL4wWPmhPIxuIJ8nmKc3CfDB1vlz +DIGWVlTnDtwFqFzxkzP58bVyvae05EMSDT/BAoGABU2b0zwwDEgkm7gcU+MvCgIe +SgoO4OlgGFsft6l5fR+PtGFqICPxymJMhfQm6re2wXEdgtlY1Damxjmnj07AFSgZ +O70Fpb6Lp+0Ot8LGagWI/ofsFs17Nm/BkYG3PQcA9xI+2VRUA7iikoeON43z/npD +FuJ5VDYav3yy4d7k/yU= +-----END PRIVATE KEY----- diff --git a/spec/ssl/localhost/server-req.pem b/spec/ssl/localhost/server-req.pem new file mode 100644 index 00000000..56c405d2 --- /dev/null +++ b/spec/ssl/localhost/server-req.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAnhUxw3AZqKdm6L1IEurPuIuwyGNC/DzL1GqErvSJ +8hmLBD2Sw0MXBKacx6wsSjbrPpHV0Fsb735Q6XWE82tD0Lo7zdDKA8ftjLdhoRsk +okRiPqF5Uik95CdWv1fvYZIxM4dPCWPND5tNPthQxPSlOnNUClHkkS0OfaPaqT8i +p/rO4OU1goN4m9rskSpXKHtoNWwkPCueMF/3TyjUvZ637G1GkIUAdrYw3Qjlv/Q3 +dukEGaIoBLYjVa3H/G3be8TR4NaNA0ZlRgQ1uMXQS9CzCFC9Qa2j3yDngRrvbpcN +9TkcZ5sfqms1yrXUqQIgzKzZrhNk9CVy0bWArKgXza8sIQIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBAIspzxKoEyaiEMpvrtmmzP8j/q2ycCEOTsDKLCWkwDoN+nCp +1t2FjUgoUsFvxelNvJfQBivIS886k8SXeFOv7d/SdoO+duN12qvMYKzZ+qbLz06x +YJQOVC9+At+627Fk8Rhk9ksTqJuliDruR+yqWX/INLqUMrcLq14wa1F1e2dGiJkx +N+Uthpc+9L9o6s5kKzhU3P2jnPPZICr8XcQt1rEy7K1PxHT/TMVFvgH3OVDVMV8F +580erfB8t2iwmzN/NZwMXu5GkcVAOkRAtTB0jdvmzW92hufAyq42ujPcH7CJ/c4n +uJi2METMnqfnIxpUtr6ghNXwAiDEmjKqJwK/jdU= +-----END CERTIFICATE REQUEST----- diff --git a/spec/ssl/ca-cert.pem b/spec/ssl/mysql2gem.example.com/ca-cert.pem similarity index 100% rename from spec/ssl/ca-cert.pem rename to spec/ssl/mysql2gem.example.com/ca-cert.pem diff --git a/spec/ssl/ca-key.pem b/spec/ssl/mysql2gem.example.com/ca-key.pem similarity index 100% rename from spec/ssl/ca-key.pem rename to spec/ssl/mysql2gem.example.com/ca-key.pem diff --git a/spec/ssl/mysql2gem.example.com/ca.cnf b/spec/ssl/mysql2gem.example.com/ca.cnf new file mode 100644 index 00000000..07374ad3 --- /dev/null +++ b/spec/ssl/mysql2gem.example.com/ca.cnf @@ -0,0 +1,22 @@ + +[ ca ] +# January 1, 2015 +default_startdate = 2015010360000Z + +[ req ] +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +# If this isn't set, the error is error, no objects specified in config file +commonName = Common Name (hostname, IP, or your name) + +countryName_default = US +stateOrProvinceName_default = CA +localityName_default = San Francisco +0.organizationName_default = mysql2_gem +organizationalUnitName_default = Mysql2Gem +emailAddress_default = mysql2gem@example.com + + +commonName_default = ca_mysql2gem + diff --git a/spec/ssl/cert.cnf b/spec/ssl/mysql2gem.example.com/cert.cnf similarity index 100% rename from spec/ssl/cert.cnf rename to spec/ssl/mysql2gem.example.com/cert.cnf diff --git a/spec/ssl/client-cert.pem b/spec/ssl/mysql2gem.example.com/client-cert.pem similarity index 100% rename from spec/ssl/client-cert.pem rename to spec/ssl/mysql2gem.example.com/client-cert.pem diff --git a/spec/ssl/client-key.pem b/spec/ssl/mysql2gem.example.com/client-key.pem similarity index 100% rename from spec/ssl/client-key.pem rename to spec/ssl/mysql2gem.example.com/client-key.pem diff --git a/spec/ssl/client-req.pem b/spec/ssl/mysql2gem.example.com/client-req.pem similarity index 100% rename from spec/ssl/client-req.pem rename to spec/ssl/mysql2gem.example.com/client-req.pem diff --git a/spec/ssl/pkcs8-client-key.pem b/spec/ssl/mysql2gem.example.com/pkcs8-client-key.pem similarity index 100% rename from spec/ssl/pkcs8-client-key.pem rename to spec/ssl/mysql2gem.example.com/pkcs8-client-key.pem diff --git a/spec/ssl/pkcs8-server-key.pem b/spec/ssl/mysql2gem.example.com/pkcs8-server-key.pem similarity index 100% rename from spec/ssl/pkcs8-server-key.pem rename to spec/ssl/mysql2gem.example.com/pkcs8-server-key.pem diff --git a/spec/ssl/server-cert.pem b/spec/ssl/mysql2gem.example.com/server-cert.pem similarity index 100% rename from spec/ssl/server-cert.pem rename to spec/ssl/mysql2gem.example.com/server-cert.pem diff --git a/spec/ssl/server-key.pem b/spec/ssl/mysql2gem.example.com/server-key.pem similarity index 100% rename from spec/ssl/server-key.pem rename to spec/ssl/mysql2gem.example.com/server-key.pem diff --git a/spec/ssl/server-req.pem b/spec/ssl/mysql2gem.example.com/server-req.pem similarity index 100% rename from spec/ssl/server-req.pem rename to spec/ssl/mysql2gem.example.com/server-req.pem