summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2018-10-14 22:51:08 +0200
committerBernhard Schmidt <berni@debian.org>2018-10-14 22:51:08 +0200
commit87c2fd4310e5b345102d7a4915dc5e3a65052305 (patch)
treeb7dc3d6d209bdb926c9e1ece7f9639aa1724b39e
parent3804bc2606a92e2f2f4b3a2b043af0d77d92b386 (diff)
Revert "Merge branch 'stretch' of ssh://git.debian.org/git/collab-maint/openvpn into stretch"
This reverts commit 3804bc2606a92e2f2f4b3a2b043af0d77d92b386, reversing changes made to 678cfd249add7ca758e4c41933c7b730132c99f4.
Diffstat
-rw-r--r--sample/sample-config-files/client.conf2
-rw-r--r--sample/sample-config-files/server.conf2
-rw-r--r--sample/sample-config-files/static-home.conf2
-rw-r--r--sample/sample-config-files/static-office.conf2
-rw-r--r--sample/sample-config-files/tls-home.conf2
-rw-r--r--sample/sample-config-files/tls-office.conf2
-rw-r--r--sample/sample-keys/sample-ca/01.pem113
-rw-r--r--sample/sample-keys/sample-ca/02.pem103
-rw-r--r--sample/sample-keys/sample-ca/03.pem103
-rw-r--r--sample/sample-keys/sample-ca/ca.crl21
-rw-r--r--sample/sample-keys/sample-ca/ca.crt35
-rw-r--r--sample/sample-keys/sample-ca/ca.key52
-rw-r--r--sample/sample-keys/sample-ca/client-pass.key30
-rw-r--r--sample/sample-keys/sample-ca/client-revoked.crt103
-rw-r--r--sample/sample-keys/sample-ca/client-revoked.csr17
-rw-r--r--sample/sample-keys/sample-ca/client-revoked.key28
-rw-r--r--sample/sample-keys/sample-ca/client.crt103
-rw-r--r--sample/sample-keys/sample-ca/client.csr17
-rw-r--r--sample/sample-keys/sample-ca/client.key28
-rw-r--r--sample/sample-keys/sample-ca/client.p12bin0 -> 4533 bytes
-rw-r--r--sample/sample-keys/sample-ca/index.txt3
-rw-r--r--sample/sample-keys/sample-ca/index.txt.attr1
-rw-r--r--sample/sample-keys/sample-ca/index.txt.attr.old1
-rw-r--r--sample/sample-keys/sample-ca/index.txt.old3
-rw-r--r--sample/sample-keys/sample-ca/secp256k1.pem0
-rw-r--r--sample/sample-keys/sample-ca/serial1
-rw-r--r--sample/sample-keys/sample-ca/serial.old1
-rw-r--r--sample/sample-keys/sample-ca/server.crt113
-rw-r--r--sample/sample-keys/sample-ca/server.csr17
-rw-r--r--sample/sample-keys/sample-ca/server.key28
-rw-r--r--src/openvpn/crypto.c31
-rw-r--r--src/openvpn/forward.c7
-rw-r--r--src/openvpn/init.c2
-rw-r--r--src/openvpn/lladdr.c2
-rw-r--r--src/openvpn/openvpn.h3
-rw-r--r--src/openvpn/options.c16
-rw-r--r--src/openvpn/packet_id.c34
-rw-r--r--src/openvpn/packet_id.h36
-rw-r--r--src/openvpn/route.c15
-rw-r--r--src/openvpn/ssl.c18
-rw-r--r--src/openvpn/ssl.h8
-rw-r--r--src/openvpn/ssl_verify.c51
-rw-r--r--src/openvpn/syshead.h2
-rw-r--r--src/openvpn/tls_crypt.c6
-rw-r--r--src/openvpn/tun.c6
-rw-r--r--src/plugins/auth-pam/auth-pam.c2
-rw-r--r--tests/unit_tests/openvpn/Makefile.am13
-rw-r--r--tests/unit_tests/openvpn/mock_msg.c15
-rw-r--r--tests/unit_tests/openvpn/test_packet_id.c175
49 files changed, 1025 insertions, 350 deletions
diff --git a/sample/sample-config-files/client.conf b/sample/sample-config-files/client.conf
index 4cc23fc..f5c69e3 100644
--- a/sample/sample-config-files/client.conf
+++ b/sample/sample-config-files/client.conf
@@ -59,7 +59,7 @@ nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
-;group nogroup
+;group nobody
# Try to preserve some state across restarts.
persist-key
diff --git a/sample/sample-config-files/server.conf b/sample/sample-config-files/server.conf
index 936e96c..aa7d5b3 100644
--- a/sample/sample-config-files/server.conf
+++ b/sample/sample-config-files/server.conf
@@ -272,7 +272,7 @@ cipher AES-256-CBC
# You can uncomment this out on
# non-Windows systems.
;user nobody
-;group nogroup
+;group nobody
# The persist options will try to avoid
# accessing certain resources on restart
diff --git a/sample/sample-config-files/static-home.conf b/sample/sample-config-files/static-home.conf
index 41656f0..ed0c672 100644
--- a/sample/sample-config-files/static-home.conf
+++ b/sample/sample-config-files/static-home.conf
@@ -43,7 +43,7 @@ cipher AES-256-CBC
# "nobody" after initialization
# for extra security.
; user nobody
-; group nogroup
+; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
diff --git a/sample/sample-config-files/static-office.conf b/sample/sample-config-files/static-office.conf
index 37ed0f2..609ddd0 100644
--- a/sample/sample-config-files/static-office.conf
+++ b/sample/sample-config-files/static-office.conf
@@ -40,7 +40,7 @@ cipher AES-256-CBC
# "nobody" after initialization
# for extra security.
; user nobody
-; group nogroup
+; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
diff --git a/sample/sample-config-files/tls-home.conf b/sample/sample-config-files/tls-home.conf
index d657180..daa4ea1 100644
--- a/sample/sample-config-files/tls-home.conf
+++ b/sample/sample-config-files/tls-home.conf
@@ -51,7 +51,7 @@ key home.key
# "nobody" after initialization
# for extra security.
; user nobody
-; group nogroup
+; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
diff --git a/sample/sample-config-files/tls-office.conf b/sample/sample-config-files/tls-office.conf
index a4c7124..d196144 100644
--- a/sample/sample-config-files/tls-office.conf
+++ b/sample/sample-config-files/tls-office.conf
@@ -51,7 +51,7 @@ key office.key
# "nobody" after initialization
# for extra security.
; user nobody
-; group nogroup
+; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
diff --git a/sample/sample-keys/sample-ca/01.pem b/sample/sample-keys/sample-ca/01.pem
new file mode 100644
index 0000000..6613831
--- /dev/null
+++ b/sample/sample-keys/sample-ca/01.pem
@@ -0,0 +1,113 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ Validity
+ Not Before: Oct 28 12:54:32 2016 GMT
+ Not After : Oct 26 12:54:32 2026 GMT
+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a6:74:d1:c9:77:5d:ff:d6:22:e3:69:38:8f:e1:
+ 15:0c:e3:46:2c:19:61:31:af:ef:f9:34:5b:0c:bd:
+ 20:d1:76:6a:64:62:f6:89:aa:5b:c9:42:10:44:6f:
+ 07:0f:fe:62:59:96:0b:16:ec:62:3e:18:08:ad:67:
+ 37:b6:53:2d:3d:d9:81:b7:6b:11:d6:fa:23:6a:23:
+ 6c:3c:be:54:91:e3:04:c6:f5:8c:a6:6a:80:9f:ef:
+ e8:5b:63:1e:68:37:09:ef:4d:5c:44:82:e6:2e:0d:
+ e5:d7:94:3f:31:74:50:d1:10:5c:99:4d:b5:9f:80:
+ 2b:46:25:37:8b:a2:3d:ce:02:b2:0a:21:63:82:9c:
+ a1:35:b9:3d:9e:ad:a4:19:3c:f5:b2:3a:d7:aa:d4:
+ b7:6d:c2:95:4d:94:4b:38:6f:b0:60:cf:22:d7:37:
+ 66:62:1d:1a:86:c2:a8:6a:2a:56:e5:d6:c3:e2:31:
+ 34:a6:42:5d:79:da:12:e0:a1:95:d1:17:07:f6:cc:
+ f8:63:fa:01:8a:26:7b:bf:b8:a4:87:8c:b5:a3:59:
+ 23:60:67:07:4a:4c:c1:55:be:60:a1:56:92:6c:97:
+ 53:fb:fe:eb:d3:25:fd:28:23:3e:38:4d:e9:92:90:
+ 8b:a6:5e:22:2f:02:1f:69:c6:fa:88:a5:52:88:cc:
+ 61:a1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Server
+ Netscape Comment:
+ OpenSSL Generated Server Certificate
+ X509v3 Subject Key Identifier:
+ 7D:4C:17:FE:59:B2:58:FF:08:BC:F4:88:FC:A3:8F:9F:CA:3B:3B:5E
+ X509v3 Authority Key Identifier:
+ keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10
+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ serial:A4:CC:46:13:89:24:40:73
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ Signature Algorithm: sha256WithRSAEncryption
+ 82:2e:11:99:f4:56:98:ad:23:97:74:5c:69:00:7b:fc:9a:93:
+ 15:20:93:db:d6:83:04:9a:6c:cb:55:cd:5c:07:d6:31:5a:00:
+ 1d:35:eb:8e:74:cd:7a:08:db:cd:1f:89:8c:04:70:f7:35:e0:
+ a7:cc:cf:76:2b:8a:a5:80:7b:c1:72:4e:9a:c6:b7:a2:f5:9c:
+ 23:dc:d7:0d:93:a3:0f:f4:10:7d:8b:1d:85:5e:bb:2f:09:c8:
+ 67:41:38:12:72:14:29:f6:6d:68:b5:8a:97:1c:a1:8f:3d:74:
+ 14:95:c6:88:4f:4c:cd:8b:2e:db:95:b0:98:55:d7:5b:22:1f:
+ f3:de:5c:b4:7b:a0:d9:f2:56:2c:ff:85:b0:16:52:63:11:2b:
+ 14:8e:d0:f8:03:d2:cc:89:35:c0:d5:a3:b9:ec:11:55:e0:17:
+ 43:95:b2:6e:f2:db:80:73:f2:b3:3f:9d:fa:4d:24:6a:60:25:
+ 24:1a:53:10:38:08:d4:fe:fa:06:1a:1e:d3:cc:15:64:c7:9e:
+ 8b:51:ee:b3:50:25:60:88:70:46:39:bd:79:f1:5a:74:67:3d:
+ f0:7e:22:a9:b4:2e:f5:06:45:c3:46:fe:e6:32:40:e6:e1:00:
+ dc:e8:a8:43:fe:f4:66:64:4f:41:45:d5:d2:7b:ab:a0:62:f7:
+ dc:f0:28:d3:c6:9c:21:3e:bd:44:95:4c:20:b4:8f:c3:ae:ee:
+ eb:d7:7a:11:88:2d:3d:18:49:5d:e6:09:b8:5f:c7:24:32:83:
+ dd:5f:ae:03:02:c1:b6:51:0d:62:a2:41:f4:13:12:b2:f2:9a:
+ c1:50:04:63:42:de:41:b3:b3:ab:45:57:9e:8b:01:e0:c5:70:
+ d9:70:0e:ea:84:39:07:08:03:e9:99:b1:60:ce:a9:c6:ce:a4:
+ 61:29:36:3c:58:52:a2:c3:01:4f:4e:c1:e8:af:3b:ca:7c:34:
+ 9c:2a:21:c9:40:17:ce:8c:10:b2:fc:c2:39:43:55:50:19:2d:
+ c9:f0:ab:48:b2:86:e6:cf:1e:13:6c:6a:ed:85:e9:f6:dd:b9:
+ ba:6e:70:6a:e9:78:43:40:a3:c8:64:50:1f:5b:88:0d:88:55:
+ 0f:94:9c:92:44:83:79:0c:38:79:09:c4:93:6a:a8:dc:f3:8b:
+ c4:af:bf:0c:20:7b:76:7b:31:52:01:70:4f:09:be:38:d0:14:
+ ce:62:c6:00:35:cd:fc:eb:68:f1:45:d5:de:6a:3f:8b:3f:dc:
+ 1c:c9:e3:8a:7c:f1:17:53:71:f8:af:c9:43:9f:91:5a:16:0b:
+ 3a:c0:d7:b0:e7:74:54:12:f0:9a:71:5f:f3:dd:6b:c0:69:ec:
+ 9d:4d:14:61:bd:10:21:80
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy
+ODEyNTQzMloXDTI2MTAyNjEyNTQzMlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy
+MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCmdNHJd13/1iLjaTiP4RUM40YsGWExr+/5NFsM
+vSDRdmpkYvaJqlvJQhBEbwcP/mJZlgsW7GI+GAitZze2Uy092YG3axHW+iNqI2w8
+vlSR4wTG9YymaoCf7+hbYx5oNwnvTVxEguYuDeXXlD8xdFDREFyZTbWfgCtGJTeL
+oj3OArIKIWOCnKE1uT2eraQZPPWyOteq1LdtwpVNlEs4b7BgzyLXN2ZiHRqGwqhq
+Klbl1sPiMTSmQl152hLgoZXRFwf2zPhj+gGKJnu/uKSHjLWjWSNgZwdKTMFVvmCh
+VpJsl1P7/uvTJf0oIz44TemSkIumXiIvAh9pxvqIpVKIzGGhAgMBAAGjggEzMIIB
+LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk
+T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBR9
+TBf+WbJY/wi89Ij8o4+fyjs7XjCBmAYDVR0jBIGQMIGNgBQIxJTtIwojDdD60hPi
+PLZl51MlEKFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH
+EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW
+Em1lQG15aG9zdC5teWRvbWFpboIJAKTMRhOJJEBzMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEAgi4RmfRWmK0jl3Rc
+aQB7/JqTFSCT29aDBJpsy1XNXAfWMVoAHTXrjnTNegjbzR+JjARw9zXgp8zPdiuK
+pYB7wXJOmsa3ovWcI9zXDZOjD/QQfYsdhV67LwnIZ0E4EnIUKfZtaLWKlxyhjz10
+FJXGiE9MzYsu25WwmFXXWyIf895ctHug2fJWLP+FsBZSYxErFI7Q+APSzIk1wNWj
+uewRVeAXQ5WybvLbgHPysz+d+k0kamAlJBpTEDgI1P76Bhoe08wVZMeei1Hus1Al
+YIhwRjm9efFadGc98H4iqbQu9QZFw0b+5jJA5uEA3OioQ/70ZmRPQUXV0nuroGL3
+3PAo08acIT69RJVMILSPw67u69d6EYgtPRhJXeYJuF/HJDKD3V+uAwLBtlENYqJB
+9BMSsvKawVAEY0LeQbOzq0VXnosB4MVw2XAO6oQ5BwgD6ZmxYM6pxs6kYSk2PFhS
+osMBT07B6K87ynw0nCohyUAXzowQsvzCOUNVUBktyfCrSLKG5s8eE2xq7YXp9t25
+um5waul4Q0CjyGRQH1uIDYhVD5SckkSDeQw4eQnEk2qo3POLxK+/DCB7dnsxUgFw
+Twm+ONAUzmLGADXN/Oto8UXV3mo/iz/cHMnjinzxF1Nx+K/JQ5+RWhYLOsDXsOd0
+VBLwmnFf891rwGnsnU0UYb0QIYA=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/02.pem b/sample/sample-keys/sample-ca/02.pem
new file mode 100644
index 0000000..295f720
--- /dev/null
+++ b/sample/sample-keys/sample-ca/02.pem
@@ -0,0 +1,103 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ Validity
+ Not Before: Oct 28 12:54:33 2016 GMT
+ Not After : Oct 26 12:54:33 2026 GMT
+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:4f:5f:c9:2c:3f:8e:1a:3e:0b:f8:7f:82:d5:
+ ca:c5:6e:94:a4:fd:98:85:c0:1d:eb:94:b5:93:5b:
+ df:c2:c0:3f:9b:8e:5e:a3:d0:91:ca:3e:f4:74:93:
+ 63:86:df:a7:ae:0d:15:28:6d:38:6e:3b:ac:c9:5c:
+ 1f:c7:f7:d5:66:64:b9:07:00:41:6d:b6:a6:1a:ee:
+ f1:bb:ce:bd:39:cc:70:1f:9b:65:d7:3c:3c:97:2e:
+ 8e:1e:31:90:7f:cc:a7:b8:d9:2f:4e:b3:4a:98:6d:
+ a0:15:04:9d:cb:e1:7a:e1:63:f4:96:7a:bb:9e:a8:
+ d8:f0:33:97:67:6d:bf:39:82:0e:a3:b7:2a:15:2d:
+ 99:2b:f8:53:b1:e8:14:0f:d9:b3:a2:4f:2a:f1:63:
+ fd:d5:72:a6:22:b9:d6:be:e4:7b:9e:c8:85:1e:06:
+ 1a:31:24:3d:f3:82:ac:d7:28:7d:a4:4f:4b:c3:fd:
+ 72:27:07:ef:9d:51:71:56:d4:a4:b6:66:d2:74:4f:
+ 97:7f:3f:90:a8:56:8b:5b:14:4a:4f:c0:3d:2d:5a:
+ 90:74:db:da:59:83:4d:dd:2b:0a:81:24:ce:19:ce:
+ 8e:56:10:0f:cd:0d:83:01:d8:75:8b:66:16:40:1b:
+ 47:af:77:1f:d7:c5:cf:0a:d7:7c:f2:7e:a0:a0:5d:
+ fa:67
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B8:DE:77:EB:43:83:FF:95:59:BB:28:78:E4:4D:F2:E5:C7:2E:06:EF
+ X509v3 Authority Key Identifier:
+ keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10
+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ serial:A4:CC:46:13:89:24:40:73
+
+ Signature Algorithm: sha256WithRSAEncryption
+ a7:24:5d:b2:2f:49:63:55:90:e0:95:0e:fa:fc:d7:d8:0c:89:
+ 01:15:90:73:39:e9:32:3a:f9:8d:4b:cd:e7:3a:32:c0:fd:bb:
+ ed:3c:d9:cf:ea:0f:f3:6e:18:18:1d:1c:9c:e2:39:e6:c0:1d:
+ 2e:54:14:ec:1b:b2:5a:fd:1a:ac:65:45:9b:d4:0d:4a:3a:53:
+ 95:8d:bd:d3:44:20:17:70:d0:79:b5:f7:2c:dd:2a:0d:bf:b3:
+ d0:a8:1f:5c:db:33:5b:5d:56:24:84:2b:c8:43:32:fc:f3:dc:
+ b5:da:dc:7f:0a:1c:2a:2f:9b:60:ca:2d:6e:fe:98:55:26:d5:
+ 62:a7:3e:f4:49:5c:a9:76:54:87:19:0b:dd:74:ff:02:f0:75:
+ 8a:36:01:cf:29:67:9b:ae:c0:e5:da:da:2b:d9:57:61:92:69:
+ 1d:e3:b2:f4:66:8e:f8:dd:11:13:4c:1d:a5:7f:37:df:4e:fd:
+ 7d:96:ba:ac:6c:39:83:89:8f:05:47:1a:4b:4f:68:38:1a:99:
+ c8:68:1a:31:b9:78:9a:f5:12:ea:23:c2:c6:83:6b:e4:e0:9a:
+ fc:70:aa:bb:ef:00:1f:c9:18:ef:48:c2:fc:ec:e8:4c:e8:92:
+ d6:64:ab:5c:b3:ac:03:da:5f:a9:92:f2:ff:ef:a7:39:6f:d6:
+ 95:fb:44:89:c7:2b:c4:c4:45:b3:49:1a:c1:23:96:0d:f4:0b:
+ 0f:75:3b:6e:2c:4c:60:be:e7:0f:63:f2:3c:f0:9c:58:af:dd:
+ 5e:41:9e:f7:3f:e0:fb:28:be:f0:02:03:01:8c:9e:c5:52:e0:
+ a4:90:e0:b2:04:1b:58:3e:13:49:87:7b:20:27:73:f4:a8:cd:
+ c2:be:c7:c0:e9:8e:2d:d0:58:4b:9e:2f:fa:94:63:b2:99:16:
+ 08:5d:a1:49:1a:3d:29:9a:34:a3:63:ef:fd:79:da:0a:3e:79:
+ b1:cd:6f:f6:11:b7:c0:e8:67:41:36:36:94:a1:09:7a:cc:b9:
+ 4b:63:47:ce:49:c8:02:f9:d9:df:49:c1:04:82:09:f8:5b:92:
+ 4b:98:af:86:5e:fe:2e:48:fe:d6:69:7b:76:a8:c5:32:f6:b0:
+ ed:7e:bf:14:65:ca:fe:fa:bb:43:33:7e:c8:f4:98:a3:f8:0b:
+ 65:85:3d:5a:ed:33:45:12:76:90:9a:ca:34:fe:5a:ae:f6:ac:
+ 4d:9d:b6:28:7f:ac:e3:43:60:9a:dd:ec:a9:21:49:44:4a:74:
+ 48:12:6b:93:3b:08:70:ac:2e:58:f7:68:eb:8e:ba:9f:41:5a:
+ f9:a9:43:46:73:7a:1f:40:74:ce:87:c9:5e:51:67:8e:a3:cc:
+ b8:ea:ac:fe:7b:d8:2b:78
+-----BEGIN CERTIFICATE-----
+MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy
+ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50
+MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDlT1/JLD+OGj4L+H+C1crFbpSk/ZiFwB3rlLWT
+W9/CwD+bjl6j0JHKPvR0k2OG36euDRUobThuO6zJXB/H99VmZLkHAEFttqYa7vG7
+zr05zHAfm2XXPDyXLo4eMZB/zKe42S9Os0qYbaAVBJ3L4XrhY/SWerueqNjwM5dn
+bb85gg6jtyoVLZkr+FOx6BQP2bOiTyrxY/3VcqYiuda+5HueyIUeBhoxJD3zgqzX
+KH2kT0vD/XInB++dUXFW1KS2ZtJ0T5d/P5CoVotbFEpPwD0tWpB029pZg03dKwqB
+JM4Zzo5WEA/NDYMB2HWLZhZAG0evdx/Xxc8K13zyfqCgXfpnAgMBAAGjgcgwgcUw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUuN5360OD/5VZuyh45E3y5ccuBu8wgZgGA1Ud
+IwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYTAktH
+MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ
+Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCkzEYT
+iSRAczANBgkqhkiG9w0BAQsFAAOCAgEApyRdsi9JY1WQ4JUO+vzX2AyJARWQcznp
+Mjr5jUvN5zoywP277TzZz+oP824YGB0cnOI55sAdLlQU7BuyWv0arGVFm9QNSjpT
+lY2900QgF3DQebX3LN0qDb+z0KgfXNszW11WJIQryEMy/PPctdrcfwocKi+bYMot
+bv6YVSbVYqc+9ElcqXZUhxkL3XT/AvB1ijYBzylnm67A5draK9lXYZJpHeOy9GaO
++N0RE0wdpX833079fZa6rGw5g4mPBUcaS09oOBqZyGgaMbl4mvUS6iPCxoNr5OCa
+/HCqu+8AH8kY70jC/OzoTOiS1mSrXLOsA9pfqZLy/++nOW/WlftEiccrxMRFs0ka
+wSOWDfQLD3U7bixMYL7nD2PyPPCcWK/dXkGe9z/g+yi+8AIDAYyexVLgpJDgsgQb
+WD4TSYd7ICdz9KjNwr7HwOmOLdBYS54v+pRjspkWCF2hSRo9KZo0o2Pv/XnaCj55
+sc1v9hG3wOhnQTY2lKEJesy5S2NHzknIAvnZ30nBBIIJ+FuSS5ivhl7+Lkj+1ml7
+dqjFMvaw7X6/FGXK/vq7QzN+yPSYo/gLZYU9Wu0zRRJ2kJrKNP5arvasTZ22KH+s
+40Ngmt3sqSFJREp0SBJrkzsIcKwuWPdo6466n0Fa+alDRnN6H0B0zofJXlFnjqPM
+uOqs/nvYK3g=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/03.pem b/sample/sample-keys/sample-ca/03.pem
new file mode 100644
index 0000000..e4f5a82
--- /dev/null
+++ b/sample/sample-keys/sample-ca/03.pem
@@ -0,0 +1,103 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ Validity
+ Not Before: Oct 28 12:54:33 2016 GMT
+ Not After : Oct 26 12:54:33 2026 GMT
+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=client-revoked/emailAddress=me@myhost.mydomain
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c1:a8:94:78:8a:48:84:7a:54:ab:34:a5:bc:8a:
+ 81:ca:30:8b:9f:df:8f:fd:25:ca:d3:9c:6c:06:b0:
+ d4:b2:64:5a:7b:09:6e:74:23:41:0e:e5:3d:13:73:
+ d5:34:7d:f7:42:e3:65:61:e9:3f:d8:e4:be:85:79:
+ f3:d0:27:bd:8b:de:ce:34:2d:b2:b0:dc:a9:58:1a:
+ 28:95:62:33:4f:4e:05:1a:16:fe:dd:19:2c:d4:ff:
+ e9:c2:77:3d:43:77:6d:65:04:d9:fd:a1:f1:fc:a8:
+ 5b:da:44:43:90:f3:16:a4:b7:48:ee:a7:84:67:ec:
+ 01:85:22:a7:69:a7:1b:bb:4b:8f:8f:ca:61:1c:50:
+ 8b:1a:ed:2d:fb:bd:ac:25:7e:4f:16:a7:63:8b:c7:
+ 34:8d:53:c8:5e:c8:8c:e4:36:70:02:34:f7:f7:0a:
+ 58:58:57:f1:02:65:5a:00:32:e5:62:94:b3:97:b8:
+ e7:f3:75:5c:fc:a5:33:41:4c:c2:5b:fc:e6:f2:7f:
+ f7:a8:4b:db:b2:01:0c:bd:7c:28:dc:c6:83:4c:4f:
+ 43:34:db:2a:e5:38:24:52:96:43:7d:fc:b7:a2:db:
+ 9d:6a:18:89:03:cc:8c:60:22:7f:e8:95:79:14:3e:
+ ad:62:6d:00:6e:d9:b2:be:62:29:65:56:e3:41:3b:
+ 6b:37
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:DD:AB:FE:FA:1E:B1:21:9E:93:E4:21:3E:36:9A:1B:A2:85:0D:1F
+ X509v3 Authority Key Identifier:
+ keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10
+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ serial:A4:CC:46:13:89:24:40:73
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 6c:e6:8b:2e:58:5e:60:77:bf:b8:9a:88:8c:c9:bd:40:66:cb:
+ c0:d4:5b:21:00:bc:d8:24:39:04:57:ee:9c:65:d1:03:1f:70:
+ e6:5d:e2:ef:08:5c:31:d1:8b:c0:44:30:96:e0:a1:e8:0f:d1:
+ 0e:95:9a:2f:02:6b:06:d6:8c:4d:0a:1f:b8:7b:d9:98:ca:79:
+ f9:30:4d:88:8f:c8:36:6a:4d:b0:f6:df:cf:ac:a3:67:40:e9:
+ 54:4f:61:73:b6:16:9b:e1:35:fe:f3:a4:9b:17:df:e5:bb:a8:
+ f6:63:91:10:c5:b0:5a:00:6e:00:d8:77:f3:35:6b:f4:db:0e:
+ ef:b6:93:6e:41:65:7d:66:82:2d:04:83:d9:d1:fc:ed:26:1c:
+ 04:61:9c:1d:30:dd:8a:e4:9f:0d:81:0d:57:eb:d2:64:f5:42:
+ 69:a1:e4:20:af:0a:20:6b:87:22:85:82:f3:53:19:bd:8f:24:
+ dd:48:bd:98:71:e9:9a:97:15:c4:f5:e5:56:f5:61:f4:3b:1b:
+ 06:e9:8e:cb:00:2f:c4:4e:43:82:f8:a9:c4:9c:ba:96:0a:c7:
+ bf:89:f1:3a:0c:43:aa:3f:96:2e:a3:a7:1d:ef:3c:a1:52:10:
+ dc:d0:c7:19:94:77:75:25:fa:d7:d4:35:ee:54:d3:32:7d:b5:
+ 80:cf:5e:ed:b0:f6:1f:e5:8b:b4:8b:3d:f2:31:74:1f:ef:e5:
+ bb:50:de:5f:24:6e:c7:e0:f2:31:88:9f:25:11:8e:a9:f4:58:
+ 8b:88:e2:5a:34:75:ba:f4:91:b8:80:4c:e3:59:e6:47:e6:3b:
+ 00:c1:30:cd:c1:65:dc:18:e7:f9:d3:af:6f:46:e0:e3:3e:5d:
+ 79:b8:08:19:a4:ac:dc:2b:ad:d3:32:a3:7d:e8:c7:64:4f:92:
+ 83:a4:b8:a3:f2:01:f3:3a:5c:64:0f:13:27:e4:b6:b2:e7:4b:
+ a4:d6:8d:b3:18:ec:3e:2d:17:6a:cc:70:4e:a5:69:f8:f1:5c:
+ 09:b4:18:25:e7:fe:e3:33:dd:a6:82:6d:ed:6a:01:33:45:24:
+ f5:7e:5f:96:59:6d:ea:79:e4:b2:d4:5c:11:68:91:76:1d:19:
+ c9:13:15:44:32:f6:5e:75:72:4e:5f:30:59:e8:05:81:be:3c:
+ 19:41:36:c0:e9:f5:9b:4d:19:8e:b2:72:dc:63:bf:37:05:ac:
+ 88:0a:1f:8c:19:71:2e:24:b7:ad:7a:14:a4:1b:82:26:6d:ed:
+ bd:ba:80:55:b4:09:b3:75:68:38:8b:db:f8:55:27:72:76:85:
+ 2d:9e:db:18:be:ba:c8:d3:93:0d:f5:c9:8f:34:a8:8e:a8:92:
+ 53:ec:5a:a2:cd:16:48:9d
+-----BEGIN CERTIFICATE-----
+MIIFFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy
+ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDmNsaWVudC1yZXZv
+a2VkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqJR4ikiEelSrNKW8ioHKMIuf34/9JcrT
+nGwGsNSyZFp7CW50I0EO5T0Tc9U0ffdC42Vh6T/Y5L6FefPQJ72L3s40LbKw3KlY
+GiiVYjNPTgUaFv7dGSzU/+nCdz1Dd21lBNn9ofH8qFvaREOQ8xakt0jup4Rn7AGF
+Iqdppxu7S4+PymEcUIsa7S37vawlfk8Wp2OLxzSNU8heyIzkNnACNPf3ClhYV/EC
+ZVoAMuVilLOXuOfzdVz8pTNBTMJb/Obyf/eoS9uyAQy9fCjcxoNMT0M02yrlOCRS
+lkN9/Lei251qGIkDzIxgIn/olXkUPq1ibQBu2bK+YillVuNBO2s3AgMBAAGjgcgw
+gcUwCQYDVR0TBAIwADAdBgNVHQ4EFgQUyd2r/voesSGek+QhPjaaG6KFDR8wgZgG
+A1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYT
+AktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3Bl
+blZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCk
+zEYTiSRAczANBgkqhkiG9w0BAQsFAAOCAgEAbOaLLlheYHe/uJqIjMm9QGbLwNRb
+IQC82CQ5BFfunGXRAx9w5l3i7whcMdGLwEQwluCh6A/RDpWaLwJrBtaMTQofuHvZ
+mMp5+TBNiI/INmpNsPbfz6yjZ0DpVE9hc7YWm+E1/vOkmxff5buo9mOREMWwWgBu
+ANh38zVr9NsO77aTbkFlfWaCLQSD2dH87SYcBGGcHTDdiuSfDYENV+vSZPVCaaHk
+IK8KIGuHIoWC81MZvY8k3Ui9mHHpmpcVxPXlVvVh9DsbBumOywAvxE5DgvipxJy6
+lgrHv4nxOgxDqj+WLqOnHe88oVIQ3NDHGZR3dSX619Q17lTTMn21gM9e7bD2H+WL
+tIs98jF0H+/lu1DeXyRux+DyMYifJRGOqfRYi4jiWjR1uvSRuIBM41nmR+Y7AMEw
+zcFl3Bjn+dOvb0bg4z5debgIGaSs3Cut0zKjfejHZE+Sg6S4o/IB8zpcZA8TJ+S2
+sudLpNaNsxjsPi0XasxwTqVp+PFcCbQYJef+4zPdpoJt7WoBM0Uk9X5flllt6nnk
+stRcEWiRdh0ZyRMVRDL2XnVyTl8wWegFgb48GUE2wOn1m00ZjrJy3GO/NwWsiAof
+jBlxLiS3rXoUpBuCJm3tvbqAVbQJs3VoOIvb+FUncnaFLZ7bGL66yNOTDfXJjzSo
+jqiSU+xaos0WSJ0=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/ca.crl b/sample/sample-keys/sample-ca/ca.crl
new file mode 100644
index 0000000..7ad9d35
--- /dev/null
+++ b/sample/sample-keys/sample-ca/ca.crl
@@ -0,0 +1,21 @@
+-----BEGIN X509 CRL-----
+MIIDZzCCAU8CAQEwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCS0cxCzAJBgNV
+BAgTAk5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1Qx
+ITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbhcNMTYxMDI4MTI1NDMz
+WhcNMTYxMTI3MTI1NDMzWjAUMBICAQMXDTE2MTAyODEyNTQzM1qggZ4wgZswgZgG
+A1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYT
+AktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3Bl
+blZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCk
+zEYTiSRAczANBgkqhkiG9w0BAQsFAAOCAgEA8GGYfeiPmEidbPxLFQDIIvnz4QEa
+9mKuB5VFa0l2yNlyMYoN2uXV2bqIzuQ94mnzc5xsMLVRkiSX4lq7HZY3VyTo57Ps
+dpRGKsVOM5rsWgDFycAT4+9OuZMnpntKzmbAlYvaKwnvpQj0xuXP5l1QJSANrtAK
+c/EQ2EmEwrHtcE4HEwOeMzC5ON5EceneLqMg+JTkZURoBW7e9Hk0MJh8HDewRcN0
+0D/+e7/ZuRFt68XDfDhjbXPQVv4vbPKR9OXaXClwJgw+LYvhGe+0s4Lumhb4sP6Z
+oOTjGCXxQOtZJEC1vCb0cahFkuYJu6fCOh0crspGNt0wTgDKp7LXbEJhwv+6wQ6k
+zu+4a6ES8wj2DwXqQaV5txG55S1Q5PMLCw7L7VDrKJr2DXi4PKdToj5b35aS1DU/
+q6JjcxiuzjN7sHfC7elQIudaVEuE2XkpxaQPNdKC4xKLvck7zZMqGUWOwuI1mqya
+WGBfgrkeAllq4cWEF5SWR8iFREo2FBs3CxETgrkWGWWRgu3UsrLC9AXVHntud21e
+dXwTCIbiYZ2Vv7iYI06W+pOwdeQNc6X/sg2QFpWMLLblYlhPy6yu/3zg7TKilDfS
+tu0hmTrsgRKciB5lKWZAuylGUGIGLrmG+LzOq2b9j5yhS9WA5qL83fMVrCoyB3W+
+ISfJElodA9n+UM8=
+-----END X509 CRL-----
diff --git a/sample/sample-keys/sample-ca/ca.crt b/sample/sample-keys/sample-ca/ca.crt
new file mode 100644
index 0000000..2775ca2
--- /dev/null
+++ b/sample/sample-keys/sample-ca/ca.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGKDCCBBCgAwIBAgIJAKTMRhOJJEBzMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
+BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM
+T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w
+HhcNMTYxMDI4MTI1NDMyWhcNMjYxMDI2MTI1NDMyWjBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9EOM8PfRM8VrxwyesCSodTSlBcuyUJ43
+hVW9XBfOJP/PPVv3vgJKCyu/2B5XlP3L2NqJ/TesFGAN9ZBX+fzYJIzNxa6yUjaZ
+HuAXRA7IxlKvO+l92Pl4RazpYELuKiS54RBhhChmxfRo2xEx2cPghFtJWNK2IAcH
+4mKLUYIWGEKhpT/bMqazqlHDGmPkD4HfeLNwTNFDrNi4N5iF1bbfUjwNJF1PGCOz
+o1Ka54TF9KTrTf1Ii8bM5ttUtjsTh0zyxOc/N5yw4Is9VEDIuvndrBDgq+yxLZjO
+13KY+oO5M4uTf4QmM6yPFn4ZyZ23oW3CNF4ytVnfhR5W4rFeHtibbOjOwXBQ+NRw
+jatZqVRpE1gwFR0Z7767cc2OosupM3YR/pTflXAyThVtU5uM1rMxuyedpNWPN5QN
+5qhwyu1qVq1Y2mIWHS8rkN+6Zek4TZ9W05paR8zpjJ1Z8pbtjIFu1RM77cnLoOAT
+KpoyO6avqo3vIDRHoYdoj044ff/0JAOyj049vcdd06KWLPsmNj4FzCyVUQOHR+LA
+6plBJgGf3vyaZfs1ZwwcA/WQHtf1ztrkDPVUWaXixeipsg8CWZb4eIuYbzloc6Ot
+b22wQ7C0cDO5pUjNGJZLYYDX0zIO9rwZSPGQ/gthlwQXg8zrM4MASLLw0hqZ45c0
+ems4nt0QDi8CAwEAAaOB2DCB1TAdBgNVHQ4EFgQUCMSU7SMKIw3Q+tIT4jy2ZedT
+JRAwgZgGA1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJ
+BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE
+ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h
+aW6CCQCkzEYTiSRAczAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
+9w0BAQsFAAOCAgEAmavYB0InmvVooI0Ukm9x8qF3ql0LDKwfm1T79aUybOUxscId
+MT26djkAln0abo4mYXPaMYISVTrNNrBMX80Y+aa4DfXW392mKqrPf1L3fVD6jsoi
+5kofqdiojSJs0uHfy+A32XVPrIzTeV3lvE/yDfKDBNb9f+3U8UIyIARXryYm4H6z
+mCqUgocMAB1hFu8Lpf8eeGxrCfsD6yR6PMO8YNGdBfinbhXjfzCFD1ZJ+JxPePww
+ydtL+Z0/dZvVzVehxdHCe8+vdpAjoI/YJk5UPSlAVGooaR+kH6BPbL/7QoVFUBxO
+mDMnTpNFt5GLM5pMExZo2Ef89D9dsXDa9lgv4KTxfbF/Xn5ODQ5rW5i0i+p6REZs
+FND1M0H/0DC14fhTdb8llpJzK0ZAwSf59SaUgrooVMCWzN2Xl4+zVCUik4gvjs6A
+AHXdqL6dHEIG41+BAJHHoS0kkbvw03td1SbktKtbgaDWW7CkGcNhBmkMB7HZiVoW
+yMV8X0WQoEntZfEq+kNePx68D51VR3htiOhBrO88rOXZAAJBoeke8K/CbLRm3av7
+LHM5Q2Ki821yjFpGFGgvMJBt3xvFajG5DwWLsGNXrlGA781UXdZBwmsvg8Z+iIMu
+9+sidZJU68slPre6hQcFPAO4c21csr6yV7LVyOS1We6akeseYAR90fGNrI4=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/ca.key b/sample/sample-keys/sample-ca/ca.key
new file mode 100644
index 0000000..29e7d2d
--- /dev/null
+++ b/sample/sample-keys/sample-ca/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQD0Q4zw99EzxWvH
+DJ6wJKh1NKUFy7JQnjeFVb1cF84k/889W/e+AkoLK7/YHleU/cvY2on9N6wUYA31
+kFf5/NgkjM3FrrJSNpke4BdEDsjGUq876X3Y+XhFrOlgQu4qJLnhEGGEKGbF9Gjb
+ETHZw+CEW0lY0rYgBwfiYotRghYYQqGlP9syprOqUcMaY+QPgd94s3BM0UOs2Lg3
+mIXVtt9SPA0kXU8YI7OjUprnhMX0pOtN/UiLxszm21S2OxOHTPLE5z83nLDgiz1U
+QMi6+d2sEOCr7LEtmM7Xcpj6g7kzi5N/hCYzrI8WfhnJnbehbcI0XjK1Wd+FHlbi
+sV4e2Jts6M7BcFD41HCNq1mpVGkTWDAVHRnvvrtxzY6iy6kzdhH+lN+VcDJOFW1T
+m4zWszG7J52k1Y83lA3mqHDK7WpWrVjaYhYdLyuQ37pl6ThNn1bTmlpHzOmMnVny
+lu2MgW7VEzvtycug4BMqmjI7pq+qje8gNEehh2iPTjh9//QkA7KPTj29x13TopYs
++yY2PgXMLJVRA4dH4sDqmUEmAZ/e/Jpl+zVnDBwD9ZAe1/XO2uQM9VRZpeLF6Kmy
+DwJZlvh4i5hvOWhzo61vbbBDsLRwM7mlSM0YlkthgNfTMg72vBlI8ZD+C2GXBBeD
+zOszgwBIsvDSGpnjlzR6azie3RAOLwIDAQABAoICAQCUZC1Nft/i+b6eMDZ/f+Wv
+Poo6WSM9AsFsCUh+mB+uLpIyDpsVHcLpwmxL2TMP2pdqaGmIIbgysKAKXOR1hHuy
+yK+Btr2yYGTpcu3vdKPYiAbY+OJxXC0K9x7YUhDqHWGnLxJu/TRicjb5Txrf1rWg
+8uw+P9RQ5LSPfZpxq/vMRT56a664uLlRcVZ7w8+a9CVU6H4CzOa2LPrNG6XCzdQh
+20WIn/8bBSVuxRJCMFEqbL5epM7by6xTW0+9XWphugeKQ4oOOOzjnPNnKexIWt+m
+VqKHD8Ybk0elb4MsPbXXcKXsw9WJcv2Chp0X9O7H7SwcMFXSAoVeE65pDaPGTYUt
+luwtsw+82zYtorqtiRc6YV7DutokHaCHME3C7x9o1kyGFnuCFY6JlDlLS7fgEPhZ
+19p5eIcieJ4GQfmASVxGWB0C1AKQHWqeSlr7DF5OEPy5+9a9JjO6pfh/kcfC5WWI
+6vllb+ISrd+XcXTPL/sSKDEb5EFZ4MsBhVXYWMmqKDuyaCuyWy3BiQuz2vEI0tXY
+YZF9Y+/HM61Jy2363ittxC455fYdpB9tVqOKDIYiXDctoaQDkbIfZMzCiozj9zi8
+H4o87i1EmBlyKNWzd3aiuxs581vboG8aCE5HmvYr+pFDfwvf8O4OYJZGehErwZz0
+K74E1IW79Mlec4UBl/HxEQKCAQEA/aj5MBoiXVF3aPxJDpCn67ZsjIDsFlyHyMrf
+qDJIMHhplTI+LAcaJYu4Dj6fsj3ATHUIWjvP/T86Lf2E6qy0ZEmr3KaIskeGgh6e
+YyJXGXH88BKOWgqaE/EEYPXKs1fdZTVfmpFGjoZ0ifJzJ50qJhSeM3jJGeOJdebL
+O0XxsG5blpicwZcyLLQTAETH4a00TXgdqbL1BeALL/Pay5ErZKLw+txOFpDnKsu0
+D2XCHhRMk2ZqpjS6IUnWqUIA4/cn/H+vKTkxEMCNFkB3yLcPE/Hd/SAL9viDO2DY
+jn+b0CObtapEA/eqEXkaBGvCrNNtcg6l1D3yzS8dl2K9qxsq3QKCAQEA9oRjRInp
+nszUijKTs14Ml3vgSe8XcAPV9v+kcwnrbZXMe3fXKbma3/SKU4GNdGfXacWRxqRJ
+TkzziqRvT5MOmdlEdBeHN3gIbjCBvOKzdrbYfNQ5Zcy4ODFhD1QSvLaer8xZbOTR
+lKZ8kszZ3Wj7m3byXQE3ZYCVjRFS/07mP1Jh2/KUhg059a0JQhReydE12FZ40r4Y
+OcL21ldzfLHDod5kjW7LZnIQpuiTD1eDLI2j59qIgg3yh3KIn5Xkmaq1SbqGAuzF
+Gt2x73qfXYB/I/xeR1s3UKSM+bs9S85f/yAqQUSSNbjP4WU0u/zMmV6Ze+VYe7yN
+nGyoS8GuwL3uewKCAQB5aM8cfuXD1KJa1aYCGqrE32PFPE/DxDYZnUC/uJFk4b1n
+c8zeNegF4IIQD1lQbs4DymBdEBPVGtY1/QoJaPBOsBRaYDs9WY6/6PfWazFVNIHk
+Rn1sC3cD5HA8GGkUvhFxx8IisTYcMa7F+A22ADuUTnoKGN3oTkgU7oqHrEqqL6gW
+xKUC4+NYEjimAEXLdqN6EOvhtY4hacLxCL7IgItMd9DvwVJ+6ow6p5VfaU0oKH8e
+bf7N3p7YIAdmq/jRJBM3f8XO7VjWs9LTu7eZkkTdPv8JkLUpWHk3insceWeSj/iP
+UxeK7pewFU6mnw1muyu/U9N7assz+kEnnFM7+pzhAoIBAQCL3hF0kcs7jnwI7Slg
+W7xJNr/LMxzZMVP1EJb9rmMlihi69QPfaK+24ciaGKdppIFUQgSz8AKnqoGD6Eg/
+nfBq2hs8wxy1HCWsX1k9EmNAt/2c1cy7NaxQNbQcPldjOzpOBGO4pRtEfDGyGQiD
+10zqqFJa8pW7wXkY0PuGX/3Db7qWUMx0QozgF41pMKWXXFxwop9q8vBL1ZK3ima8
+GSAmd0gV9wbw2UcZbFwEGGMUpEibBCLvp3oz34glA6bwiSrS6kGe5zfuRlruxWQm
+aQG6KTZUxixcVQCnsNTWbgGJf3Z6Ea3jTTilagbBom1zl3j+EuJhUloGpp/WW84L
+DbiBAoIBAQDo0UOrrWHBmqOg5A9Z7Vub/Oi1Wdfhla4huaTn534Ml63NXpXkYts6
+sYGyyuSdWh0f1bLusWCs5COT5fZFVNvH59/6a7TVlKr/5B9jGNh9+LdP6Qpttd0B
+Xfs7X2u/HiCUgDPj1cVOc9kQuOc+vw9t0WHdsVm+kCutjDd63LItIMbn4Vj9kxJq
+wJiC+x/5Jpw8VjLQ0aPUosU9ZLV2L0g7XgdUPAJbkrb2HGaoxS9uh0bSnOFw9DQh
+eFWCG9EAmyDBh975q8e9kmAOPCVUP2sdOSKgGC5FzSOwRdwkjHI8wa1F3NnxH4rC
+Kt9XP5gPhxALZWWSk4h9gCJDmsl5dMJc
+-----END PRIVATE KEY-----
diff --git a/sample/sample-keys/sample-ca/client-pass.key b/sample/sample-keys/sample-ca/client-pass.key
new file mode 100644
index 0000000..14be4dc
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client-pass.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,78F6C09B62F40C57290E71382D07BF4D
+
+McT4Z3IZnCc//AXZGGPviFDPorHDv91H3zQcoMtbNzjGnJSMmfXxuQpUcDgOZln9
+dgKchPjPX8/X3X0tEnPVwZP8OjT5gVHhlDxiMP35FummwUNqE9srmGnApQky687b
+Y3bGuhdqAPPtn86rxXCZiKBLzlDXL//6yOd80jDBMTJJB0/tpIdCtxSRqu3uAv73
+TbphSe9TTl77nifGZpDlSba8l9T+jSn7QnLDO0HauNeuMW9NJysqI6QwmRPlcELi
+RAAAEt6ncd6H+a2KmzXJ8exRrLkKyAEbzMCUxtUQ7cADDUoKJKNnkza1yGdMacZc
+IM16AzTJZQU7qS4H6058VOW5NmzWU+rmyz/2OftuRwgiuXaZWYc2TtgA/mHdTOHu
+wpDkWefmDZz2yLzvvJDoaGHHS12R60UP/XSiIVayRBYOZBFxchXnfcvvHRfWP3Az
+NILFUBLjVQTwb0N99s+VLJlr7WM9f12uM7SC6i+f1nPiGToSQw/1UP7XCYGi3ORA
+2U3e1VrzaxwccR9tjwE4j7T/mYV/XU9W5Nk2FtFk3DT0iNe0jxdBfD9aEpa+Pnq4
+c5SeAyXEfF0+50VJ6RM/SKmU8tya1P6gLaHdcjLVa9b2j4X4iYrbkkZJ8ew7pmJu
+2Natn8bcvYRIcS8rherrX9DZGM1Z3lwBWG1xrvoumdBlbxNS+ea0UeYtvm9QUpOK
+0kMBiiiAkO9gG6fE55DZuIKHdssKsxpXnoM+JgZf2xI+aqOaXWG0SWyaamzuCHdl
+cchA3YI7QXDZDMvByR2MMjpqGh/tAEpPGAsZA1TC8QyqhmiWc+9uuXpsIOGNwSse
+4jVS2B2rxu9oRKQDjEh+qS/1Fr10WgWAZfnF0jZi2c+yJng1KgJ8UzlFKICvbHxp
+nDlmqDazhIYtYlYzyjac2wHuNRBAPU2MELgnudIW2L9pIcEiyG7L7vxGtBiCPmfb
+1mTw00NYXy1G5ZvDo58jdQeM3L9YekM8LMJY11AMSPJFzcmAUL8X/Zc3YBcljTRR
+ZgnkVXkeHB21lj+BRyCBVowoAW9jDWz5u/pzIbLKpfBr+CuzQ53mjEFgmSrB/jro
+mTvtz5hmm1IeJXGxPbemLCgiMzFp32aFMIF+R2op0wxDaZo8J5e7gIVIX0VowEh9
+ohukxyl3h3sOIYXMme8EN7PYv9BDdzHt2Eah5ICcmJ8VWPBItztgnHYqDN+igMMG
+dW8RtAtcvc+a71v4MqOE98pFtAx/lPeu5+DgVjWwSB9uaN5Ik5NE6aRd2M0QrR+f
+D+5s8LsjA6UKP1qVrmykNpt7JVy49TSLWpiEQZNBHSJkcc39yjU8dLt2cdDPUZGp
+Iycv7WsOyZcJAdtIGiZuoO2qxFgSBXm+mWIvLmkomwVrdS4MFlOgtehlQkZzXw5x
+0UxgG5XYI3zVa0oILR9ooPM+nDXtnE1ePN3NgNanemi6/2cJZc1eJyDCpH2iMHQY
+O3GwCyuJcGvHXqypB1jENVOQ/VLC9M8z6Td//V/xmF/nPtuRL2xg8nUPpzJbfWti
+ehUZ09cewyyN/W86MZdA9TdzzT/i1YvvZEb+2c2joD1MwqPp6TNw2Y/Hj786td0L
+-----END RSA PRIVATE KEY-----
diff --git a/sample/sample-keys/sample-ca/client-revoked.crt b/sample/sample-keys/sample-ca/client-revoked.crt
new file mode 100644
index 0000000..e4f5a82
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client-revoked.crt
@@ -0,0 +1,103 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ Validity
+ Not Before: Oct 28 12:54:33 2016 GMT
+ Not After : Oct 26 12:54:33 2026 GMT
+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=client-revoked/emailAddress=me@myhost.mydomain
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c1:a8:94:78:8a:48:84:7a:54:ab:34:a5:bc:8a:
+ 81:ca:30:8b:9f:df:8f:fd:25:ca:d3:9c:6c:06:b0:
+ d4:b2:64:5a:7b:09:6e:74:23:41:0e:e5:3d:13:73:
+ d5:34:7d:f7:42:e3:65:61:e9:3f:d8:e4:be:85:79:
+ f3:d0:27:bd:8b:de:ce:34:2d:b2:b0:dc:a9:58:1a:
+ 28:95:62:33:4f:4e:05:1a:16:fe:dd:19:2c:d4:ff:
+ e9:c2:77:3d:43:77:6d:65:04:d9:fd:a1:f1:fc:a8:
+ 5b:da:44:43:90:f3:16:a4:b7:48:ee:a7:84:67:ec:
+ 01:85:22:a7:69:a7:1b:bb:4b:8f:8f:ca:61:1c:50:
+ 8b:1a:ed:2d:fb:bd:ac:25:7e:4f:16:a7:63:8b:c7:
+ 34:8d:53:c8:5e:c8:8c:e4:36:70:02:34:f7:f7:0a:
+ 58:58:57:f1:02:65:5a:00:32:e5:62:94:b3:97:b8:
+ e7:f3:75:5c:fc:a5:33:41:4c:c2:5b:fc:e6:f2:7f:
+ f7:a8:4b:db:b2:01:0c:bd:7c:28:dc:c6:83:4c:4f:
+ 43:34:db:2a:e5:38:24:52:96:43:7d:fc:b7:a2:db:
+ 9d:6a:18:89:03:cc:8c:60:22:7f:e8:95:79:14:3e:
+ ad:62:6d:00:6e:d9:b2:be:62:29:65:56:e3:41:3b:
+ 6b:37
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ C9:DD:AB:FE:FA:1E:B1:21:9E:93:E4:21:3E:36:9A:1B:A2:85:0D:1F
+ X509v3 Authority Key Identifier:
+ keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10
+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ serial:A4:CC:46:13:89:24:40:73
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 6c:e6:8b:2e:58:5e:60:77:bf:b8:9a:88:8c:c9:bd:40:66:cb:
+ c0:d4:5b:21:00:bc:d8:24:39:04:57:ee:9c:65:d1:03:1f:70:
+ e6:5d:e2:ef:08:5c:31:d1:8b:c0:44:30:96:e0:a1:e8:0f:d1:
+ 0e:95:9a:2f:02:6b:06:d6:8c:4d:0a:1f:b8:7b:d9:98:ca:79:
+ f9:30:4d:88:8f:c8:36:6a:4d:b0:f6:df:cf:ac:a3:67:40:e9:
+ 54:4f:61:73:b6:16:9b:e1:35:fe:f3:a4:9b:17:df:e5:bb:a8:
+ f6:63:91:10:c5:b0:5a:00:6e:00:d8:77:f3:35:6b:f4:db:0e:
+ ef:b6:93:6e:41:65:7d:66:82:2d:04:83:d9:d1:fc:ed:26:1c:
+ 04:61:9c:1d:30:dd:8a:e4:9f:0d:81:0d:57:eb:d2:64:f5:42:
+ 69:a1:e4:20:af:0a:20:6b:87:22:85:82:f3:53:19:bd:8f:24:
+ dd:48:bd:98:71:e9:9a:97:15:c4:f5:e5:56:f5:61:f4:3b:1b:
+ 06:e9:8e:cb:00:2f:c4:4e:43:82:f8:a9:c4:9c:ba:96:0a:c7:
+ bf:89:f1:3a:0c:43:aa:3f:96:2e:a3:a7:1d:ef:3c:a1:52:10:
+ dc:d0:c7:19:94:77:75:25:fa:d7:d4:35:ee:54:d3:32:7d:b5:
+ 80:cf:5e:ed:b0:f6:1f:e5:8b:b4:8b:3d:f2:31:74:1f:ef:e5:
+ bb:50:de:5f:24:6e:c7:e0:f2:31:88:9f:25:11:8e:a9:f4:58:
+ 8b:88:e2:5a:34:75:ba:f4:91:b8:80:4c:e3:59:e6:47:e6:3b:
+ 00:c1:30:cd:c1:65:dc:18:e7:f9:d3:af:6f:46:e0:e3:3e:5d:
+ 79:b8:08:19:a4:ac:dc:2b:ad:d3:32:a3:7d:e8:c7:64:4f:92:
+ 83:a4:b8:a3:f2:01:f3:3a:5c:64:0f:13:27:e4:b6:b2:e7:4b:
+ a4:d6:8d:b3:18:ec:3e:2d:17:6a:cc:70:4e:a5:69:f8:f1:5c:
+ 09:b4:18:25:e7:fe:e3:33:dd:a6:82:6d:ed:6a:01:33:45:24:
+ f5:7e:5f:96:59:6d:ea:79:e4:b2:d4:5c:11:68:91:76:1d:19:
+ c9:13:15:44:32:f6:5e:75:72:4e:5f:30:59:e8:05:81:be:3c:
+ 19:41:36:c0:e9:f5:9b:4d:19:8e:b2:72:dc:63:bf:37:05:ac:
+ 88:0a:1f:8c:19:71:2e:24:b7:ad:7a:14:a4:1b:82:26:6d:ed:
+ bd:ba:80:55:b4:09:b3:75:68:38:8b:db:f8:55:27:72:76:85:
+ 2d:9e:db:18:be:ba:c8:d3:93:0d:f5:c9:8f:34:a8:8e:a8:92:
+ 53:ec:5a:a2:cd:16:48:9d
+-----BEGIN CERTIFICATE-----
+MIIFFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy
+ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDmNsaWVudC1yZXZv
+a2VkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqJR4ikiEelSrNKW8ioHKMIuf34/9JcrT
+nGwGsNSyZFp7CW50I0EO5T0Tc9U0ffdC42Vh6T/Y5L6FefPQJ72L3s40LbKw3KlY
+GiiVYjNPTgUaFv7dGSzU/+nCdz1Dd21lBNn9ofH8qFvaREOQ8xakt0jup4Rn7AGF
+Iqdppxu7S4+PymEcUIsa7S37vawlfk8Wp2OLxzSNU8heyIzkNnACNPf3ClhYV/EC
+ZVoAMuVilLOXuOfzdVz8pTNBTMJb/Obyf/eoS9uyAQy9fCjcxoNMT0M02yrlOCRS
+lkN9/Lei251qGIkDzIxgIn/olXkUPq1ibQBu2bK+YillVuNBO2s3AgMBAAGjgcgw
+gcUwCQYDVR0TBAIwADAdBgNVHQ4EFgQUyd2r/voesSGek+QhPjaaG6KFDR8wgZgG
+A1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYT
+AktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3Bl
+blZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCk
+zEYTiSRAczANBgkqhkiG9w0BAQsFAAOCAgEAbOaLLlheYHe/uJqIjMm9QGbLwNRb
+IQC82CQ5BFfunGXRAx9w5l3i7whcMdGLwEQwluCh6A/RDpWaLwJrBtaMTQofuHvZ
+mMp5+TBNiI/INmpNsPbfz6yjZ0DpVE9hc7YWm+E1/vOkmxff5buo9mOREMWwWgBu
+ANh38zVr9NsO77aTbkFlfWaCLQSD2dH87SYcBGGcHTDdiuSfDYENV+vSZPVCaaHk
+IK8KIGuHIoWC81MZvY8k3Ui9mHHpmpcVxPXlVvVh9DsbBumOywAvxE5DgvipxJy6
+lgrHv4nxOgxDqj+WLqOnHe88oVIQ3NDHGZR3dSX619Q17lTTMn21gM9e7bD2H+WL
+tIs98jF0H+/lu1DeXyRux+DyMYifJRGOqfRYi4jiWjR1uvSRuIBM41nmR+Y7AMEw
+zcFl3Bjn+dOvb0bg4z5debgIGaSs3Cut0zKjfejHZE+Sg6S4o/IB8zpcZA8TJ+S2
+sudLpNaNsxjsPi0XasxwTqVp+PFcCbQYJef+4zPdpoJt7WoBM0Uk9X5flllt6nnk
+stRcEWiRdh0ZyRMVRDL2XnVyTl8wWegFgb48GUE2wOn1m00ZjrJy3GO/NwWsiAof
+jBlxLiS3rXoUpBuCJm3tvbqAVbQJs3VoOIvb+FUncnaFLZ7bGL66yNOTDfXJjzSo
+jqiSU+xaos0WSJ0=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/client-revoked.csr b/sample/sample-keys/sample-ca/client-revoked.csr
new file mode 100644
index 0000000..83f39c2
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client-revoked.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRUwEwYDVQQK
+EwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDmNsaWVudC1yZXZva2VkMSEwHwYJKoZI
+hvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDBqJR4ikiEelSrNKW8ioHKMIuf34/9JcrTnGwGsNSyZFp7CW50
+I0EO5T0Tc9U0ffdC42Vh6T/Y5L6FefPQJ72L3s40LbKw3KlYGiiVYjNPTgUaFv7d
+GSzU/+nCdz1Dd21lBNn9ofH8qFvaREOQ8xakt0jup4Rn7AGFIqdppxu7S4+PymEc
+UIsa7S37vawlfk8Wp2OLxzSNU8heyIzkNnACNPf3ClhYV/ECZVoAMuVilLOXuOfz
+dVz8pTNBTMJb/Obyf/eoS9uyAQy9fCjcxoNMT0M02yrlOCRSlkN9/Lei251qGIkD
+zIxgIn/olXkUPq1ibQBu2bK+YillVuNBO2s3AgMBAAGgADANBgkqhkiG9w0BAQsF
+AAOCAQEAVdY5lxOQyI2WIkH2xtTaUGzo7fOQsY3YFZdguAtc6mywKQj6v7d08uG2
+qaRxzpccpo2HKpWXG9pbKwtCmv9/akxI0NgACmCUnXVzPCJHVcg/Ogd7jDA7Piyc
+fDltLGWmAmoIk+tUM9bnkpR/FSzhu8kewxzI6ukb2lsRG0D49XFj2w6zfcgB1Wgy
+5jwJ//9QxJSqjWw+HX5tMAameqG/gs6uYCx5LF2f7IcM8ezq4k8cmtwu3A9JfZqF
+Vmgnw2SCQ6YSdIxhsyW8lt51TDOySg26FAodnM5TED5jvt+Eu6VqEpAWpbQ8wLUC
+gPGjtAfFdE/LegfC8mn0ZvQNBwv3/Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/sample/sample-keys/sample-ca/client-revoked.key b/sample/sample-keys/sample-ca/client-revoked.key
new file mode 100644
index 0000000..2a88c90
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client-revoked.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqJR4ikiEelSr
+NKW8ioHKMIuf34/9JcrTnGwGsNSyZFp7CW50I0EO5T0Tc9U0ffdC42Vh6T/Y5L6F
+efPQJ72L3s40LbKw3KlYGiiVYjNPTgUaFv7dGSzU/+nCdz1Dd21lBNn9ofH8qFva
+REOQ8xakt0jup4Rn7AGFIqdppxu7S4+PymEcUIsa7S37vawlfk8Wp2OLxzSNU8he
+yIzkNnACNPf3ClhYV/ECZVoAMuVilLOXuOfzdVz8pTNBTMJb/Obyf/eoS9uyAQy9
+fCjcxoNMT0M02yrlOCRSlkN9/Lei251qGIkDzIxgIn/olXkUPq1ibQBu2bK+Yill
+VuNBO2s3AgMBAAECggEBAIgnu0NIjhW+YFsCp+f4RapfGTutFfI4qPLAjl7h4pkN
+32OTzPmQc8RCPf+4N9UxHzAC6pu9P2uB38W+aUIXPrfhTX74BiM88T8FHTVyFnsS
+cpnWQxg2BAQ5bSORbBxMEjitAYrGWnl18SZzSkHV9zyVtIw+cOQT1TnClIu+tsul
+6P3WeMFrkEjypgwZo1pc37mMJ97IGw6hAERQ1o2EJDEEJ8uK2SlO1WhywfKGbPqY
+A0LxmC1PPuJHpeT85FuFIB9mHf97cgZKGdD4Ue5VdLum6pIVCsiCsnxj8LUPp37u
+rlpqB3Hb66C6t+mOvwAw9OjXL+WNeNeemDvVgD293iECgYEA9BmtCduzs6KHUFM5
+vvUzmiLm7IzEVfw8tm8pRc3Qty5vHA2Nowajiq4MCIccc5yJJMt1phyC9n3HX9UA
+qxgvtq+b3vMnH/N4kBE6NELrAicDyWCa/5FoakMwp28y4NxjMTqe0tiHlH3G3VnF
+8oBgSPahhkBxZzwZagJ25D/HqHECgYEAyxlmg7eNTazXMJ7gqGacWyqLgOWqTazr
+XLvLxpgEwwE6vtbxh1T7kpYbmdZWC7eEN2ooOhs4oEedkhqo5orv0g7MIbMEx0p6
+/yRgNT77kqba7xp5W2e84v7jTl6O68G4F4HW/DDcuEx2gs3jjTp3/CvElXZX5x5Y
+8xCjRP9t4icCgYA/FXejyZS6gvFnb+rHkAUC+6wkTAjdk+940mefM56SCL0MSfBl
+xmxzhaF0fr56nmTPDoncIRgzbbQd7yVaEkkadG3bA4oD9t8clGcvZG/pwX14CLBm
+BgUvGSg0zUcf17UG3vh20yDO3maLhAzlLAo2MQ7zbCoinOSQggyJ1nXZ8QKBgDwX
+vORWKAIGlPk22SQakELNOM+fpJ8s/crHagjNrAMC1x3mPTqco38A2RPQfk8jMoSu
+7U4cBcouxmmXZ8gm7cSKSk3iSRSqbfAWFD1M8GS45+h9PdEUxaeoYRssET+iZtTV
+vwWJc5U4UoxrXNvJo/zB+n16sZGZwhnRH23n4dxbAoGAFjjwQtKjOP5kemsbqDtr
+T3ELIwnjPY0q4mgxNIFc+6UpT+Piv5i2mIq10zmFLijMlLTA058lshHS7RxGTd+/
+NI8gufOuS6iZpGjXwvtfzgXAoaGzXv4MR1ErElK7n2XK3a9GoXVJ0L/+nLdp5Qmj
+nsYL/BDXdn8Fstx4RPcgLMc=
+-----END PRIVATE KEY-----
diff --git a/sample/sample-keys/sample-ca/client.crt b/sample/sample-keys/sample-ca/client.crt
new file mode 100644
index 0000000..295f720
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client.crt
@@ -0,0 +1,103 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ Validity
+ Not Before: Oct 28 12:54:33 2016 GMT
+ Not After : Oct 26 12:54:33 2026 GMT
+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e5:4f:5f:c9:2c:3f:8e:1a:3e:0b:f8:7f:82:d5:
+ ca:c5:6e:94:a4:fd:98:85:c0:1d:eb:94:b5:93:5b:
+ df:c2:c0:3f:9b:8e:5e:a3:d0:91:ca:3e:f4:74:93:
+ 63:86:df:a7:ae:0d:15:28:6d:38:6e:3b:ac:c9:5c:
+ 1f:c7:f7:d5:66:64:b9:07:00:41:6d:b6:a6:1a:ee:
+ f1:bb:ce:bd:39:cc:70:1f:9b:65:d7:3c:3c:97:2e:
+ 8e:1e:31:90:7f:cc:a7:b8:d9:2f:4e:b3:4a:98:6d:
+ a0:15:04:9d:cb:e1:7a:e1:63:f4:96:7a:bb:9e:a8:
+ d8:f0:33:97:67:6d:bf:39:82:0e:a3:b7:2a:15:2d:
+ 99:2b:f8:53:b1:e8:14:0f:d9:b3:a2:4f:2a:f1:63:
+ fd:d5:72:a6:22:b9:d6:be:e4:7b:9e:c8:85:1e:06:
+ 1a:31:24:3d:f3:82:ac:d7:28:7d:a4:4f:4b:c3:fd:
+ 72:27:07:ef:9d:51:71:56:d4:a4:b6:66:d2:74:4f:
+ 97:7f:3f:90:a8:56:8b:5b:14:4a:4f:c0:3d:2d:5a:
+ 90:74:db:da:59:83:4d:dd:2b:0a:81:24:ce:19:ce:
+ 8e:56:10:0f:cd:0d:83:01:d8:75:8b:66:16:40:1b:
+ 47:af:77:1f:d7:c5:cf:0a:d7:7c:f2:7e:a0:a0:5d:
+ fa:67
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ B8:DE:77:EB:43:83:FF:95:59:BB:28:78:E4:4D:F2:E5:C7:2E:06:EF
+ X509v3 Authority Key Identifier:
+ keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10
+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ serial:A4:CC:46:13:89:24:40:73
+
+ Signature Algorithm: sha256WithRSAEncryption
+ a7:24:5d:b2:2f:49:63:55:90:e0:95:0e:fa:fc:d7:d8:0c:89:
+ 01:15:90:73:39:e9:32:3a:f9:8d:4b:cd:e7:3a:32:c0:fd:bb:
+ ed:3c:d9:cf:ea:0f:f3:6e:18:18:1d:1c:9c:e2:39:e6:c0:1d:
+ 2e:54:14:ec:1b:b2:5a:fd:1a:ac:65:45:9b:d4:0d:4a:3a:53:
+ 95:8d:bd:d3:44:20:17:70:d0:79:b5:f7:2c:dd:2a:0d:bf:b3:
+ d0:a8:1f:5c:db:33:5b:5d:56:24:84:2b:c8:43:32:fc:f3:dc:
+ b5:da:dc:7f:0a:1c:2a:2f:9b:60:ca:2d:6e:fe:98:55:26:d5:
+ 62:a7:3e:f4:49:5c:a9:76:54:87:19:0b:dd:74:ff:02:f0:75:
+ 8a:36:01:cf:29:67:9b:ae:c0:e5:da:da:2b:d9:57:61:92:69:
+ 1d:e3:b2:f4:66:8e:f8:dd:11:13:4c:1d:a5:7f:37:df:4e:fd:
+ 7d:96:ba:ac:6c:39:83:89:8f:05:47:1a:4b:4f:68:38:1a:99:
+ c8:68:1a:31:b9:78:9a:f5:12:ea:23:c2:c6:83:6b:e4:e0:9a:
+ fc:70:aa:bb:ef:00:1f:c9:18:ef:48:c2:fc:ec:e8:4c:e8:92:
+ d6:64:ab:5c:b3:ac:03:da:5f:a9:92:f2:ff:ef:a7:39:6f:d6:
+ 95:fb:44:89:c7:2b:c4:c4:45:b3:49:1a:c1:23:96:0d:f4:0b:
+ 0f:75:3b:6e:2c:4c:60:be:e7:0f:63:f2:3c:f0:9c:58:af:dd:
+ 5e:41:9e:f7:3f:e0:fb:28:be:f0:02:03:01:8c:9e:c5:52:e0:
+ a4:90:e0:b2:04:1b:58:3e:13:49:87:7b:20:27:73:f4:a8:cd:
+ c2:be:c7:c0:e9:8e:2d:d0:58:4b:9e:2f:fa:94:63:b2:99:16:
+ 08:5d:a1:49:1a:3d:29:9a:34:a3:63:ef:fd:79:da:0a:3e:79:
+ b1:cd:6f:f6:11:b7:c0:e8:67:41:36:36:94:a1:09:7a:cc:b9:
+ 4b:63:47:ce:49:c8:02:f9:d9:df:49:c1:04:82:09:f8:5b:92:
+ 4b:98:af:86:5e:fe:2e:48:fe:d6:69:7b:76:a8:c5:32:f6:b0:
+ ed:7e:bf:14:65:ca:fe:fa:bb:43:33:7e:c8:f4:98:a3:f8:0b:
+ 65:85:3d:5a:ed:33:45:12:76:90:9a:ca:34:fe:5a:ae:f6:ac:
+ 4d:9d:b6:28:7f:ac:e3:43:60:9a:dd:ec:a9:21:49:44:4a:74:
+ 48:12:6b:93:3b:08:70:ac:2e:58:f7:68:eb:8e:ba:9f:41:5a:
+ f9:a9:43:46:73:7a:1f:40:74:ce:87:c9:5e:51:67:8e:a3:cc:
+ b8:ea:ac:fe:7b:d8:2b:78
+-----BEGIN CERTIFICATE-----
+MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy
+ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50
+MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDlT1/JLD+OGj4L+H+C1crFbpSk/ZiFwB3rlLWT
+W9/CwD+bjl6j0JHKPvR0k2OG36euDRUobThuO6zJXB/H99VmZLkHAEFttqYa7vG7
+zr05zHAfm2XXPDyXLo4eMZB/zKe42S9Os0qYbaAVBJ3L4XrhY/SWerueqNjwM5dn
+bb85gg6jtyoVLZkr+FOx6BQP2bOiTyrxY/3VcqYiuda+5HueyIUeBhoxJD3zgqzX
+KH2kT0vD/XInB++dUXFW1KS2ZtJ0T5d/P5CoVotbFEpPwD0tWpB029pZg03dKwqB
+JM4Zzo5WEA/NDYMB2HWLZhZAG0evdx/Xxc8K13zyfqCgXfpnAgMBAAGjgcgwgcUw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUuN5360OD/5VZuyh45E3y5ccuBu8wgZgGA1Ud
+IwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYTAktH
+MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ
+Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCkzEYT
+iSRAczANBgkqhkiG9w0BAQsFAAOCAgEApyRdsi9JY1WQ4JUO+vzX2AyJARWQcznp
+Mjr5jUvN5zoywP277TzZz+oP824YGB0cnOI55sAdLlQU7BuyWv0arGVFm9QNSjpT
+lY2900QgF3DQebX3LN0qDb+z0KgfXNszW11WJIQryEMy/PPctdrcfwocKi+bYMot
+bv6YVSbVYqc+9ElcqXZUhxkL3XT/AvB1ijYBzylnm67A5draK9lXYZJpHeOy9GaO
++N0RE0wdpX833079fZa6rGw5g4mPBUcaS09oOBqZyGgaMbl4mvUS6iPCxoNr5OCa
+/HCqu+8AH8kY70jC/OzoTOiS1mSrXLOsA9pfqZLy/++nOW/WlftEiccrxMRFs0ka
+wSOWDfQLD3U7bixMYL7nD2PyPPCcWK/dXkGe9z/g+yi+8AIDAYyexVLgpJDgsgQb
+WD4TSYd7ICdz9KjNwr7HwOmOLdBYS54v+pRjspkWCF2hSRo9KZo0o2Pv/XnaCj55
+sc1v9hG3wOhnQTY2lKEJesy5S2NHzknIAvnZ30nBBIIJ+FuSS5ivhl7+Lkj+1ml7
+dqjFMvaw7X6/FGXK/vq7QzN+yPSYo/gLZYU9Wu0zRRJ2kJrKNP5arvasTZ22KH+s
+40Ngmt3sqSFJREp0SBJrkzsIcKwuWPdo6466n0Fa+alDRnN6H0B0zofJXlFnjqPM
+uOqs/nvYK3g=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/client.csr b/sample/sample-keys/sample-ca/client.csr
new file mode 100644
index 0000000..3968434
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrzCCAZcCAQAwajELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRUwEwYDVQQK
+EwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50MSEwHwYJKoZIhvcN
+AQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDlT1/JLD+OGj4L+H+C1crFbpSk/ZiFwB3rlLWTW9/CwD+bjl6j0JHK
+PvR0k2OG36euDRUobThuO6zJXB/H99VmZLkHAEFttqYa7vG7zr05zHAfm2XXPDyX
+Lo4eMZB/zKe42S9Os0qYbaAVBJ3L4XrhY/SWerueqNjwM5dnbb85gg6jtyoVLZkr
++FOx6BQP2bOiTyrxY/3VcqYiuda+5HueyIUeBhoxJD3zgqzXKH2kT0vD/XInB++d
+UXFW1KS2ZtJ0T5d/P5CoVotbFEpPwD0tWpB029pZg03dKwqBJM4Zzo5WEA/NDYMB
+2HWLZhZAG0evdx/Xxc8K13zyfqCgXfpnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOC
+AQEAakLYqsUoaxXNwYnm7QVL8KXe32m1+ot1CUt0XF65YaHLPcDBffpwqCb8jULv
+lRKDbVmqf4SygnIXtTJ2Ii1sB4MPGj94L+y0l9xYn84/sScGety6Trr+Plp5vNMJ
+aafv+NAxZquu/DKtGthdYt1uwgCMa4lm3Kg+E48DddO/XfFIaD/x0Bl7RPIhqiDu
+gKYP4P6uwL9OzD0485wjaYKp85fZ96FCdDTVbNfpwoYXgDihAqf6sUfahtM+o7t+
+BFX60knfbWMPu8O9URq8QzYk6JOG9cW2ngTATXLmz7NslG+5GhtTEzaoromYR3Za
+So7PnagMqjpz1WXvkKCLXvkoMA==
+-----END CERTIFICATE REQUEST-----
diff --git a/sample/sample-keys/sample-ca/client.key b/sample/sample-keys/sample-ca/client.key
new file mode 100644
index 0000000..a497a9c
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDlT1/JLD+OGj4L
++H+C1crFbpSk/ZiFwB3rlLWTW9/CwD+bjl6j0JHKPvR0k2OG36euDRUobThuO6zJ
+XB/H99VmZLkHAEFttqYa7vG7zr05zHAfm2XXPDyXLo4eMZB/zKe42S9Os0qYbaAV
+BJ3L4XrhY/SWerueqNjwM5dnbb85gg6jtyoVLZkr+FOx6BQP2bOiTyrxY/3VcqYi
+uda+5HueyIUeBhoxJD3zgqzXKH2kT0vD/XInB++dUXFW1KS2ZtJ0T5d/P5CoVotb
+FEpPwD0tWpB029pZg03dKwqBJM4Zzo5WEA/NDYMB2HWLZhZAG0evdx/Xxc8K13zy
+fqCgXfpnAgMBAAECggEAFsgW/RaPTd/fkDLlACubVJgS3n1vXMJkdpY0n+o9xcxx
+xVOUpXPAODae9MH73ld0Aj+8fWK0e4ckOHEVmzlNEzoog8CLv4mo4P4iOAVnGUnt
+TcaTjJmob2Cpr+g+seO0OhIhuBDp9VDW2Z+2yZ2iJqhWkWiqIS4nN134ycbGe8D2
+4wThVA2SV0umZRxhBo4m14GLtwoTxuLKz7aSsL862Z3LtT7M7ofWcyZTw3A4vQmP
+77GLBxMyNv0qX+f3LZIi+jtsAk5tYqMVL0ZEgZwi5em+KRCwU/2o2BgJDRrRwSU6
+hrK5ycUuuAMUEQjC4ck3u/vcsXmSyjkjue+C1jfsGQKBgQD8LALHK1RAp3nAdxHK
+0MzPiYkrSeiSK+I81NdWqNJ73ReCWUniqT7Q/jh68mBTpYfbSl2mvLbOLZuMvGWh
+5rlaGUWSDj2NzA+yfZoa2z9o1hdcRYNM9c5LCEm/CKKAAoeshemO1i87m+76xwnI
+IwSrflmuy6VzTzbjZVxq5HC8RQKBgQDoyoSFyo5Fpm0hS6J/tFRG6qNZyZ5Ni9E4
+LRQQhzsaLzTK0TfnlYxzF5+Oz79PfpceVF8CZaEXmX2dUReQdAPKhBJO0dTEqB9g
++GRzeu0XamKduOLvvJEAj5EoqzHxxgHQKYKvf1eshDv3Pl8PiXv9sVjdKKkswX0O
+6a3WW+vkuwKBgQDWUUVPJsklZfD5HXlWqRzYaejVjKwHxxoxXydg9HxnXyGC3AYK
+iJLlppo0C9jIXo/XVR3A/vRSyLpB40BxWBlBtObG2imAYOUaattVZe8/V21lM4MD
+HonkhTfAD0OkjgHnI6y7g9eCzuVN52mt2e03H1xzTYrhNHrOyq+//US/DQKBgHII
+GiiLk2us3ZJMwXn69LmUYJYv/DqSPdddxZFfHOVzsFGVcOQhTp5mOQO04krngNEb
+lTrQW7v6tRylx3w8SEsgrPMtOCNpE43lvxcOZStuMoZ+NbQn04PJz9pzGdEMJIE6
+hEjBgUoBsHopdFlhCHq6MASN0WkaEs+GSmBRwNjXAoGBALQEU7fOApGoakwPyuhU
+RZYFf/EFun7Zvt6lF1SWwJ02lTYmCh91lacWVLLwR/fCphp7orlynaAIofJSPsl6
+fTyKv1rpqMS3wMdD/LFGZPh1oyUmweTxsF/0aNVnSS9O9i46ihxLMRMu7wSguLIw
+ycorZrB2bB1WnfmF6bB5qcKC
+-----END PRIVATE KEY-----
diff --git a/sample/sample-keys/sample-ca/client.p12 b/sample/sample-keys/sample-ca/client.p12
new file mode 100644
index 0000000..f8ac2a9
--- /dev/null
+++ b/sample/sample-keys/sample-ca/client.p12
Binary files differ
diff --git a/sample/sample-keys/sample-ca/index.txt b/sample/sample-keys/sample-ca/index.txt
new file mode 100644
index 0000000..30063b2
--- /dev/null
+++ b/sample/sample-keys/sample-ca/index.txt
@@ -0,0 +1,3 @@
+V 261026125432Z 01 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain
+V 261026125433Z 02 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain
+R 261026125433Z 161028125433Z 03 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain
diff --git a/sample/sample-keys/sample-ca/index.txt.attr b/sample/sample-keys/sample-ca/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/sample/sample-keys/sample-ca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/sample/sample-keys/sample-ca/index.txt.attr.old b/sample/sample-keys/sample-ca/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/sample/sample-keys/sample-ca/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/sample/sample-keys/sample-ca/index.txt.old b/sample/sample-keys/sample-ca/index.txt.old
new file mode 100644
index 0000000..3bfd8f8
--- /dev/null
+++ b/sample/sample-keys/sample-ca/index.txt.old
@@ -0,0 +1,3 @@
+V 261026125432Z 01 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain
+V 261026125433Z 02 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain
+V 261026125433Z 03 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain
diff --git a/sample/sample-keys/sample-ca/secp256k1.pem b/sample/sample-keys/sample-ca/secp256k1.pem
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/sample/sample-keys/sample-ca/secp256k1.pem
diff --git a/sample/sample-keys/sample-ca/serial b/sample/sample-keys/sample-ca/serial
new file mode 100644
index 0000000..6496923
--- /dev/null
+++ b/sample/sample-keys/sample-ca/serial
@@ -0,0 +1 @@
+04
diff --git a/sample/sample-keys/sample-ca/serial.old b/sample/sample-keys/sample-ca/serial.old
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/sample/sample-keys/sample-ca/serial.old
@@ -0,0 +1 @@
+03
diff --git a/sample/sample-keys/sample-ca/server.crt b/sample/sample-keys/sample-ca/server.crt
new file mode 100644
index 0000000..6613831
--- /dev/null
+++ b/sample/sample-keys/sample-ca/server.crt
@@ -0,0 +1,113 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ Validity
+ Not Before: Oct 28 12:54:32 2016 GMT
+ Not After : Oct 26 12:54:32 2026 GMT
+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a6:74:d1:c9:77:5d:ff:d6:22:e3:69:38:8f:e1:
+ 15:0c:e3:46:2c:19:61:31:af:ef:f9:34:5b:0c:bd:
+ 20:d1:76:6a:64:62:f6:89:aa:5b:c9:42:10:44:6f:
+ 07:0f:fe:62:59:96:0b:16:ec:62:3e:18:08:ad:67:
+ 37:b6:53:2d:3d:d9:81:b7:6b:11:d6:fa:23:6a:23:
+ 6c:3c:be:54:91:e3:04:c6:f5:8c:a6:6a:80:9f:ef:
+ e8:5b:63:1e:68:37:09:ef:4d:5c:44:82:e6:2e:0d:
+ e5:d7:94:3f:31:74:50:d1:10:5c:99:4d:b5:9f:80:
+ 2b:46:25:37:8b:a2:3d:ce:02:b2:0a:21:63:82:9c:
+ a1:35:b9:3d:9e:ad:a4:19:3c:f5:b2:3a:d7:aa:d4:
+ b7:6d:c2:95:4d:94:4b:38:6f:b0:60:cf:22:d7:37:
+ 66:62:1d:1a:86:c2:a8:6a:2a:56:e5:d6:c3:e2:31:
+ 34:a6:42:5d:79:da:12:e0:a1:95:d1:17:07:f6:cc:
+ f8:63:fa:01:8a:26:7b:bf:b8:a4:87:8c:b5:a3:59:
+ 23:60:67:07:4a:4c:c1:55:be:60:a1:56:92:6c:97:
+ 53:fb:fe:eb:d3:25:fd:28:23:3e:38:4d:e9:92:90:
+ 8b:a6:5e:22:2f:02:1f:69:c6:fa:88:a5:52:88:cc:
+ 61:a1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Server
+ Netscape Comment:
+ OpenSSL Generated Server Certificate
+ X509v3 Subject Key Identifier:
+ 7D:4C:17:FE:59:B2:58:FF:08:BC:F4:88:FC:A3:8F:9F:CA:3B:3B:5E
+ X509v3 Authority Key Identifier:
+ keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10
+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
+ serial:A4:CC:46:13:89:24:40:73
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ Signature Algorithm: sha256WithRSAEncryption
+ 82:2e:11:99:f4:56:98:ad:23:97:74:5c:69:00:7b:fc:9a:93:
+ 15:20:93:db:d6:83:04:9a:6c:cb:55:cd:5c:07:d6:31:5a:00:
+ 1d:35:eb:8e:74:cd:7a:08:db:cd:1f:89:8c:04:70:f7:35:e0:
+ a7:cc:cf:76:2b:8a:a5:80:7b:c1:72:4e:9a:c6:b7:a2:f5:9c:
+ 23:dc:d7:0d:93:a3:0f:f4:10:7d:8b:1d:85:5e:bb:2f:09:c8:
+ 67:41:38:12:72:14:29:f6:6d:68:b5:8a:97:1c:a1:8f:3d:74:
+ 14:95:c6:88:4f:4c:cd:8b:2e:db:95:b0:98:55:d7:5b:22:1f:
+ f3:de:5c:b4:7b:a0:d9:f2:56:2c:ff:85:b0:16:52:63:11:2b:
+ 14:8e:d0:f8:03:d2:cc:89:35:c0:d5:a3:b9:ec:11:55:e0:17:
+ 43:95:b2:6e:f2:db:80:73:f2:b3:3f:9d:fa:4d:24:6a:60:25:
+ 24:1a:53:10:38:08:d4:fe:fa:06:1a:1e:d3:cc:15:64:c7:9e:
+ 8b:51:ee:b3:50:25:60:88:70:46:39:bd:79:f1:5a:74:67:3d:
+ f0:7e:22:a9:b4:2e:f5:06:45:c3:46:fe:e6:32:40:e6:e1:00:
+ dc:e8:a8:43:fe:f4:66:64:4f:41:45:d5:d2:7b:ab:a0:62:f7:
+ dc:f0:28:d3:c6:9c:21:3e:bd:44:95:4c:20:b4:8f:c3:ae:ee:
+ eb:d7:7a:11:88:2d:3d:18:49:5d:e6:09:b8:5f:c7:24:32:83:
+ dd:5f:ae:03:02:c1:b6:51:0d:62:a2:41:f4:13:12:b2:f2:9a:
+ c1:50:04:63:42:de:41:b3:b3:ab:45:57:9e:8b:01:e0:c5:70:
+ d9:70:0e:ea:84:39:07:08:03:e9:99:b1:60:ce:a9:c6:ce:a4:
+ 61:29:36:3c:58:52:a2:c3:01:4f:4e:c1:e8:af:3b:ca:7c:34:
+ 9c:2a:21:c9:40:17:ce:8c:10:b2:fc:c2:39:43:55:50:19:2d:
+ c9:f0:ab:48:b2:86:e6:cf:1e:13:6c:6a:ed:85:e9:f6:dd:b9:
+ ba:6e:70:6a:e9:78:43:40:a3:c8:64:50:1f:5b:88:0d:88:55:
+ 0f:94:9c:92:44:83:79:0c:38:79:09:c4:93:6a:a8:dc:f3:8b:
+ c4:af:bf:0c:20:7b:76:7b:31:52:01:70:4f:09:be:38:d0:14:
+ ce:62:c6:00:35:cd:fc:eb:68:f1:45:d5:de:6a:3f:8b:3f:dc:
+ 1c:c9:e3:8a:7c:f1:17:53:71:f8:af:c9:43:9f:91:5a:16:0b:
+ 3a:c0:d7:b0:e7:74:54:12:f0:9a:71:5f:f3:dd:6b:c0:69:ec:
+ 9d:4d:14:61:bd:10:21:80
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy
+ODEyNTQzMloXDTI2MTAyNjEyNTQzMlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy
+MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCmdNHJd13/1iLjaTiP4RUM40YsGWExr+/5NFsM
+vSDRdmpkYvaJqlvJQhBEbwcP/mJZlgsW7GI+GAitZze2Uy092YG3axHW+iNqI2w8
+vlSR4wTG9YymaoCf7+hbYx5oNwnvTVxEguYuDeXXlD8xdFDREFyZTbWfgCtGJTeL
+oj3OArIKIWOCnKE1uT2eraQZPPWyOteq1LdtwpVNlEs4b7BgzyLXN2ZiHRqGwqhq
+Klbl1sPiMTSmQl152hLgoZXRFwf2zPhj+gGKJnu/uKSHjLWjWSNgZwdKTMFVvmCh
+VpJsl1P7/uvTJf0oIz44TemSkIumXiIvAh9pxvqIpVKIzGGhAgMBAAGjggEzMIIB
+LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk
+T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBR9
+TBf+WbJY/wi89Ij8o4+fyjs7XjCBmAYDVR0jBIGQMIGNgBQIxJTtIwojDdD60hPi
+PLZl51MlEKFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH
+EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW
+Em1lQG15aG9zdC5teWRvbWFpboIJAKTMRhOJJEBzMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEAgi4RmfRWmK0jl3Rc
+aQB7/JqTFSCT29aDBJpsy1XNXAfWMVoAHTXrjnTNegjbzR+JjARw9zXgp8zPdiuK
+pYB7wXJOmsa3ovWcI9zXDZOjD/QQfYsdhV67LwnIZ0E4EnIUKfZtaLWKlxyhjz10
+FJXGiE9MzYsu25WwmFXXWyIf895ctHug2fJWLP+FsBZSYxErFI7Q+APSzIk1wNWj
+uewRVeAXQ5WybvLbgHPysz+d+k0kamAlJBpTEDgI1P76Bhoe08wVZMeei1Hus1Al
+YIhwRjm9efFadGc98H4iqbQu9QZFw0b+5jJA5uEA3OioQ/70ZmRPQUXV0nuroGL3
+3PAo08acIT69RJVMILSPw67u69d6EYgtPRhJXeYJuF/HJDKD3V+uAwLBtlENYqJB
+9BMSsvKawVAEY0LeQbOzq0VXnosB4MVw2XAO6oQ5BwgD6ZmxYM6pxs6kYSk2PFhS
+osMBT07B6K87ynw0nCohyUAXzowQsvzCOUNVUBktyfCrSLKG5s8eE2xq7YXp9t25
+um5waul4Q0CjyGRQH1uIDYhVD5SckkSDeQw4eQnEk2qo3POLxK+/DCB7dnsxUgFw
+Twm+ONAUzmLGADXN/Oto8UXV3mo/iz/cHMnjinzxF1Nx+K/JQ5+RWhYLOsDXsOd0
+VBLwmnFf891rwGnsnU0UYb0QIYA=
+-----END CERTIFICATE-----
diff --git a/sample/sample-keys/sample-ca/server.csr b/sample/sample-keys/sample-ca/server.csr
new file mode 100644
index 0000000..d54b7c0
--- /dev/null
+++ b/sample/sample-keys/sample-ca/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrzCCAZcCAQAwajELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRUwEwYDVQQK
+EwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVyMSEwHwYJKoZIhvcN
+AQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCmdNHJd13/1iLjaTiP4RUM40YsGWExr+/5NFsMvSDRdmpkYvaJqlvJ
+QhBEbwcP/mJZlgsW7GI+GAitZze2Uy092YG3axHW+iNqI2w8vlSR4wTG9YymaoCf
+7+hbYx5oNwnvTVxEguYuDeXXlD8xdFDREFyZTbWfgCtGJTeLoj3OArIKIWOCnKE1
+uT2eraQZPPWyOteq1LdtwpVNlEs4b7BgzyLXN2ZiHRqGwqhqKlbl1sPiMTSmQl15
+2hLgoZXRFwf2zPhj+gGKJnu/uKSHjLWjWSNgZwdKTMFVvmChVpJsl1P7/uvTJf0o
+Iz44TemSkIumXiIvAh9pxvqIpVKIzGGhAgMBAAGgADANBgkqhkiG9w0BAQsFAAOC
+AQEAd1l8S0ApIlcKg8G/WU65NIN7fcUQ5IDHNjzXv2J/yj4s6W/1yBUenm5TIAcp
+CwIFCRl6bcsXIHZbQDgIiLYS1gW7E+oK8JVTRtyDVRxA6+yTf/rv+gJjgr5bE39b
+rtSUxacdbTeiKo1ulo/wEi9uYAL4HoI8LQUK0lbq9w6PLOl6M2N9nhZS/W6RQqSC
+T/2cGMCizAbkbZ/o44intbMkntzR+ISSirXxHjCsLaZptB67v1xdDHShP2aztmyB
+rIs/KG4oUYlt2rwIr2ejpp7HrigmTbw4yXZIqMdp8/THHS8XgoVWuHv0h9GLuuy+
+fMIqE3HCbBtAtQlmYw4RtWBFQg==
+-----END CERTIFICATE REQUEST-----
diff --git a/sample/sample-keys/sample-ca/server.key b/sample/sample-keys/sample-ca/server.key
new file mode 100644
index 0000000..9a0dd80
--- /dev/null
+++ b/sample/sample-keys/sample-ca/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCmdNHJd13/1iLj
+aTiP4RUM40YsGWExr+/5NFsMvSDRdmpkYvaJqlvJQhBEbwcP/mJZlgsW7GI+GAit
+Zze2Uy092YG3axHW+iNqI2w8vlSR4wTG9YymaoCf7+hbYx5oNwnvTVxEguYuDeXX
+lD8xdFDREFyZTbWfgCtGJTeLoj3OArIKIWOCnKE1uT2eraQZPPWyOteq1LdtwpVN
+lEs4b7BgzyLXN2ZiHRqGwqhqKlbl1sPiMTSmQl152hLgoZXRFwf2zPhj+gGKJnu/
+uKSHjLWjWSNgZwdKTMFVvmChVpJsl1P7/uvTJf0oIz44TemSkIumXiIvAh9pxvqI
+pVKIzGGhAgMBAAECggEAS9AfEIxuYqyMHVl6KoXQiZsmBcXVb8T7HlyLL6UgQmaV
+lH1CXncZ8PNG53ROGim5b6YYDOvC3xchNKEzTbZaf7YGD50Tdf9di+TwUkY5zGxC
+a7/AvLb7OF0TTjQ50CtpOfXZFVctMUKhMWvS0FpyyJWUJzqugyPkEcG3p8BQN/hj
+/ccVxtUhviB6pkzVT4iULcrq78C1LEu4KYatC0z+5FI3VjTCaMJX+nXDshcPGfdQ
+9ablCQcuYRbtiJ/USZj+ZL5jeo9PtxDHtuEmlpkLJ1us7XLgNr0mF3+1E/W2rUjG
+eEFry5BSq7BhnOGmKQ9gn/XQwCBNTH6nw4Jqlc7XMQKBgQDaFT83JnXnZQrCOsgK
+Up0wApmqVJi4Q189+2mugwVEWSUwOGZuNTCVDQzJyTdiAgqMaFMMUFszFZgR9GIJ
+jwvX42c6XwaQdpKudkHSw/6LefLggHFdyN89CluBhaefBR0+dBx8rSZ3OOw/v8fT
+SMET5MnAx0lswKTmVFUDA3AWjQKBgQDDZbK5K3AB0j2XZykO5upj5vSuJD63VCpE
+5YMbsUpCKlIRN7wHZySw7yr2me1Pxlnbt2E1jXfhygqGg6eZSDL//4cNLk8Culw+
+xi9N9CuLroIbT3SxDDFG4ZRjJW/JuPDyrPYvd9EjsvbmNKN2ErxwcjNHoh5RNSdK
+jV7dOFBsZQKBgQChXelZuIazgmt0jqQoJzsSJEpp45Dhf1CA/4ASVfZWvZOr23/H
+emoJUA+vW8k0JwiBHkydJvRkl0zftDG6mvMLesOOSHQF/wbIOs630riNod2aStAX
+siOk+f39l9UQ8GrUJHxTsJduzlrZTOHiL8pWGwtCLvPgmacqmyoQQcH1nQKBgC1M
+9KSNd4hUj8b8Ob6kto62yt9cs9WZA7u5Yi4XalnwqdooC8XDmfQTXuiRQz2NhOO1
+ninmRHbqeoo5F7An1vsW6N6bb+H4Bs7e77So+TeHG87tGua5JuuB/P8HfOVNpT79
+7o2Ov8QBB9DTP1pueZWwREdFRLYbFqLoJ6guGCcpAoGAb/86lf8HhVZKeJ2S49cl
+HBaynzn4FGiVZl/HekmOyHw1ymJCBS3lQMvw2pIDqPqGUReIjJwJVfRYazCQmdSY
+hdlNcrn6nXAN5CVFolStJNpZIQBvTsAwl3dYjs7ycSh8pwDiPUKqmW0FiW1u7i8i
+eyXzuBIBkRx6w+ky7J70VpU=
+-----END PRIVATE KEY-----
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 0dba7ca..7119abc 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -85,6 +85,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
/* Prepare IV */
{
struct buffer iv_buffer;
+ struct packet_id_net pin;
uint8_t iv[OPENVPN_MAX_IV_LENGTH] = {0};
const int iv_len = cipher_ctx_iv_length(ctx->cipher);
@@ -93,11 +94,8 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
buf_set_write(&iv_buffer, iv, iv_len);
/* IV starts with packet id to make the IV unique for packet */
- if (!packet_id_write(&opt->packet_id.send, &iv_buffer, false, false))
- {
- msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
- goto err;
- }
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, false);
+ ASSERT(packet_id_write(&pin, &iv_buffer, false, false));
/* Remainder of IV consists of implicit part (unique per session) */
ASSERT(buf_write(&iv_buffer, ctx->implicit_iv, ctx->implicit_iv_len));
@@ -198,25 +196,25 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
}
/* Put packet ID in plaintext buffer */
- if (packet_id_initialized(&opt->packet_id)
- && !packet_id_write(&opt->packet_id.send, buf,
- opt->flags & CO_PACKET_ID_LONG_FORM,
- true))
+ if (packet_id_initialized(&opt->packet_id))
{
- msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
- goto err;
+ struct packet_id_net pin;
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM));
+ ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true));
}
}
else if (cipher_kt_mode_ofb_cfb(cipher_kt))
{
+ struct packet_id_net pin;
struct buffer b;
/* IV and packet-ID required for this mode. */
ASSERT(opt->flags & CO_USE_IV);
ASSERT(packet_id_initialized(&opt->packet_id));
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true);
buf_set_write(&b, iv_buf, iv_size);
- ASSERT(packet_id_write(&opt->packet_id.send, &b, true, false));
+ ASSERT(packet_id_write(&pin, &b, true, false));
}
else /* We only support CBC, CFB, or OFB modes right now */
{
@@ -264,12 +262,11 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
}
else /* No Encryption */
{
- if (packet_id_initialized(&opt->packet_id)
- && !packet_id_write(&opt->packet_id.send, buf,
- opt->flags & CO_PACKET_ID_LONG_FORM, true))
+ if (packet_id_initialized(&opt->packet_id))
{
- msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
- goto err;
+ struct packet_id_net pin;
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM));
+ ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true));
}
if (ctx->hmac)
{
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 2f3f3c5..8102e94 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -866,16 +866,9 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo
* will load crypto_options with the correct encryption key
* and return false.
*/
- uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT;
if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co,
floated, &ad_start))
{
- /* Restore pre-NCP frame parameters */
- if (is_hard_reset(opcode, c->options.key_method))
- {
- c->c2.frame = c->c2.frame_initial;
- }
-
interval_action(&c->c2.tmp_int);
/* reset packet received timer if TLS packet */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cf4a64c..9a3e29d 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -4055,8 +4055,6 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f
c->c2.did_open_tun = do_open_tun(c);
}
- c->c2.frame_initial = c->c2.frame;
-
/* print MTU info */
do_print_data_channel_mtu_parms(c);
diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c
index dce05ad..ff71e48 100644
--- a/src/openvpn/lladdr.c
+++ b/src/openvpn/lladdr.c
@@ -50,7 +50,7 @@ set_lladdr(const char *ifname, const char *lladdr,
"%s %s lladdr %s",
IFCONFIG_PATH,
ifname, lladdr);
-#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD)
argv_printf(&argv,
"%s %s ether %s",
IFCONFIG_PATH,
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 7ea0d17..37edec4 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -263,8 +263,7 @@ struct context_2
struct link_socket_actual from; /* address of incoming datagram */
/* MTU frame parameters */
- struct frame frame; /* Active frame parameters */
- struct frame frame_initial; /* Restored on new session */
+ struct frame frame;
#ifdef ENABLE_FRAGMENT
/* Object to handle advanced MTU negotiation and datagram fragmentation */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 2f1b298..bfedb6a 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -198,7 +198,7 @@ static const char usage_message[] =
" is established. Multiple routes can be specified.\n"
" netmask default: 255.255.255.255\n"
" gateway default: taken from --route-gateway or --ifconfig\n"
- " Specify default by leaving blank or setting to \"default\".\n"
+ " Specify default by leaving blank or setting to \"nil\".\n"
"--route-ipv6 network/bits [gateway] [metric] :\n"
" Add IPv6 route to routing table after connection\n"
" is established. Multiple routes can be specified.\n"
@@ -6789,20 +6789,6 @@ add_option(struct options *options,
options->port_share_port = p[2];
options->port_share_journal_dir = p[3];
}
- else if (streq (p[0], "pkcs11-id-type") ||
- streq (p[0], "pkcs11-sign-mode") ||
- streq (p[0], "pkcs11-slot") ||
- streq (p[0], "pkcs11-slot-type") ||
- streq (p[0], "show-pkcs11-objects") ||
- streq (p[0], "show-pkcs11-slots"))
- {
- if (file)
- msg (msglevel, "You are using an obsolete parameter in %s:%d: %s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.",
- file, line, p[0], PACKAGE_VERSION);
- else
- msg (msglevel, "You are using an obsolete parameter: --%s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.",
- p[0], PACKAGE_VERSION);
- }
#endif
else if (streq(p[0], "client-to-client") && !p[1])
{
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 6f70c5d..fe13e1d 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -325,40 +325,12 @@ packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form)
return true;
}
-static bool
-packet_id_send_update(struct packet_id_send *p, bool long_form)
-{
- if (!p->time)
- {
- p->time = now;
- }
- if (p->id == PACKET_ID_MAX)
- {
- /* Packet ID only allowed to roll over if using long form and time has
- * moved forward since last roll over.
- */
- if (!long_form || now <= p->time)
- {
- return false;
- }
- p->time = now;
- p->id = 0;
- }
- p->id++;
- return true;
-}
-
bool
-packet_id_write(struct packet_id_send *p, struct buffer *buf, bool long_form,
- bool prepend)
+packet_id_write(const struct packet_id_net *pin, struct buffer *buf, bool long_form, bool prepend)
{
- if (!packet_id_send_update(p, long_form))
- {
- return false;
- }
+ packet_id_type net_id = htonpid(pin->id);
+ net_time_t net_time = htontime(pin->time);
- const packet_id_type net_id = htonpid(p->id);
- const net_time_t net_time = htontime(p->time);
if (prepend)
{
if (long_form)
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index aceacf8..ecc25a6 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -50,7 +50,6 @@
* to for network transmission.
*/
typedef uint32_t packet_id_type;
-#define PACKET_ID_MAX UINT32_MAX
typedef uint32_t net_time_t;
/*
@@ -255,18 +254,7 @@ const char *packet_id_persist_print(const struct packet_id_persist *p, struct gc
bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form);
-/**
- * Write a packet ID to buf, and update the packet ID state.
- *
- * @param p Packet ID state.
- * @param buf Buffer to write the packet ID too
- * @param long_form If true, also update and write time_t to buf
- * @param prepend If true, prepend to buffer, otherwise apppend.
- *
- * @return true if successful, false otherwise.
- */
-bool packet_id_write(struct packet_id_send *p, struct buffer *buf,
- bool long_form, bool prepend);
+bool packet_id_write(const struct packet_id_net *pin, struct buffer *buf, bool long_form, bool prepend);
/*
* Inline functions.
@@ -316,6 +304,28 @@ packet_id_close_to_wrapping(const struct packet_id_send *p)
return p->id >= PACKET_ID_WRAP_TRIGGER;
}
+/*
+ * Allocate an outgoing packet id.
+ * Sequence number ranges from 1 to 2^32-1.
+ * In long_form, a time_t is added as well.
+ */
+static inline void
+packet_id_alloc_outgoing(struct packet_id_send *p, struct packet_id_net *pin, bool long_form)
+{
+ if (!p->time)
+ {
+ p->time = now;
+ }
+ pin->id = ++p->id;
+ if (!pin->id)
+ {
+ ASSERT(long_form);
+ p->time = now;
+ pin->id = p->id = 1;
+ }
+ pin->time = p->time;
+}
+
static inline bool
check_timestamp_delta(time_t remote, unsigned int max_delta)
{
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index ea09d71..0c93dcd 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1670,7 +1670,7 @@ add_route(struct route_ipv4 *r,
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
-#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD)
argv_printf(&argv, "%s add",
ROUTE_PATH);
@@ -1856,7 +1856,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
-#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
+#if defined(TARGET_DARWIN) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
@@ -2032,7 +2032,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
argv_printf(&argv, "%s add -inet6 %s/%d",
ROUTE_PATH,
@@ -2216,7 +2216,7 @@ delete_route(struct route_ipv4 *r,
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
-#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD)
argv_printf(&argv, "%s delete -net %s %s %s",
ROUTE_PATH,
@@ -2323,7 +2323,7 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
-#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
+#if defined(TARGET_DARWIN) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
@@ -2458,7 +2458,7 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
argv_printf(&argv, "%s delete -inet6 %s/%d",
ROUTE_PATH,
@@ -3499,8 +3499,7 @@ done:
#elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
- || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \
- || defined(__FreeBSD_kernel__)
+ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
#include <sys/types.h>
#include <sys/socket.h>
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index d94a421..cff4052 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -830,7 +830,14 @@ print_key_id(struct tls_multi *multi, struct gc_arena *gc)
return BSTR(&out);
}
-bool
+/*
+ * Given a key_method, return true if op
+ * represents the required form of hard_reset.
+ *
+ * If key_method = 0, return true if any
+ * form of hard reset is used.
+ */
+static bool
is_hard_reset(int op, int key_method)
{
if (!key_method || key_method == 1)
@@ -2240,7 +2247,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session)
buf_printf(&out, "IV_PLAT=mac\n");
#elif defined(TARGET_NETBSD)
buf_printf(&out, "IV_PLAT=netbsd\n");
-#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD)
buf_printf(&out, "IV_PLAT=freebsd\n");
#elif defined(TARGET_ANDROID)
buf_printf(&out, "IV_PLAT=android\n");
@@ -3701,12 +3708,7 @@ tls_pre_decrypt(struct tls_multi *multi,
/* Save incoming ciphertext packet to reliable buffer */
struct buffer *in = reliable_get_buf(ks->rec_reliable);
ASSERT(in);
- if(!buf_copy(in, buf))
- {
- msg(D_MULTI_DROPPED,
- "Incoming control channel packet too big, dropping.");
- goto error;
- }
+ ASSERT(buf_copy(in, buf));
reliable_mark_active_incoming(ks->rec_reliable, in, id, op);
}
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 03688ca..ed1344e 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -591,14 +591,6 @@ void show_tls_performance_stats(void);
/*#define EXTRACT_X509_FIELD_TEST*/
void extract_x509_field_test(void);
-/**
- * Given a key_method, return true if opcode represents the required form of
- * hard_reset.
- *
- * If key_method == 0, return true if any form of hard reset is used.
- */
-bool is_hard_reset(int op, int key_method);
-
#endif /* ENABLE_CRYPTO */
#endif /* ifndef OPENVPN_SSL_H */
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index c553484..334eb29 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -80,28 +80,6 @@ setenv_untrusted(struct tls_session *session)
setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
}
-
-/**
- * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags
- *
- * @param multi Pointer to a multi object holding the auth_token variables
- */
-static void
-wipe_auth_token(struct tls_multi *multi)
-{
- if(multi)
- {
- if (multi->auth_token)
- {
- secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE);
- free(multi->auth_token);
- }
- multi->auth_token = NULL;
- multi->auth_token_sent = false;
- }
-}
-
-
/*
* Remove authenticated state from all sessions in the given tunnel
*/
@@ -110,14 +88,10 @@ tls_deauthenticate(struct tls_multi *multi)
{
if (multi)
{
- wipe_auth_token(multi);
- for (int i = 0; i < TM_SIZE; ++i)
- {
- for (int j = 0; j < KS_SIZE; ++j)
- {
+ int i, j;
+ for (i = 0; i < TM_SIZE; ++i)
+ for (j = 0; j < KS_SIZE; ++j)
multi->session[i].key[j].authenticated = false;
- }
- }
}
}
@@ -1239,6 +1213,21 @@ verify_user_pass_management(struct tls_session *session, const struct user_pass
}
#endif /* ifdef MANAGEMENT_DEF_AUTH */
+/**
+ * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags
+ *
+ * @param multi Pointer to a multi object holding the auth_token variables
+ */
+static void
+wipe_auth_token(struct tls_multi *multi)
+{
+ secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE);
+ free(multi->auth_token);
+ multi->auth_token = NULL;
+ multi->auth_token_sent = false;
+}
+
+
/*
* Main username/password verification entry point
*/
@@ -1290,7 +1279,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi,
/* Ensure that the username has not changed */
if (!tls_lock_username(multi, up->username))
{
- /* auth-token cleared in tls_lock_username() on failure */
+ wipe_auth_token(multi);
ks->authenticated = false;
goto done;
}
@@ -1311,6 +1300,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi,
if (memcmp_constant_time(multi->auth_token, up->password,
strlen(multi->auth_token)) != 0)
{
+ wipe_auth_token(multi);
ks->authenticated = false;
tls_deauthenticate(multi);
@@ -1482,7 +1472,6 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
if (!cn || !strcmp(cn, CCD_DEFAULT) || !test_file(path))
{
ks->authenticated = false;
- wipe_auth_token(multi);
msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'",
session->common_name,
path ? path : "UNDEF");
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 078ed3a..a1b6047 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -294,7 +294,7 @@
#endif /* TARGET_OPENBSD */
-#if defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
+#ifdef TARGET_FREEBSD
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 4c7170f..c227b09 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -95,10 +95,10 @@ tls_crypt_wrap(const struct buffer *src, struct buffer *dst,
format_hex(BPTR(src), BLEN(src), 80, &gc));
/* Get packet ID */
- if (!packet_id_write(&opt->packet_id.send, dst, true, false))
{
- msg(D_CRYPT_ERRORS, "TLS-CRYPT ERROR: packet ID roll over.");
- goto err;
+ struct packet_id_net pin;
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true);
+ packet_id_write(&pin, dst, true, false);
}
dmsg(D_PACKET_CONTENT, "TLS-CRYPT WRAP AD: %s",
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index a4f7779..f812844 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -840,7 +840,7 @@ delete_route_connected_v6_net(struct tuntap *tt,
#endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
#if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
- || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__)
+ || defined(TARGET_OPENBSD)
/* we can't use true subnet mode on tun on all platforms, as that
* conflicts with IPv6 (wants to use ND then, which we don't do),
* but the OSes want "a remote address that is different from ours"
@@ -1408,7 +1408,7 @@ do_ifconfig(struct tuntap *tt,
add_route_connected_v6_net(tt, es);
}
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
in_addr_t remote_end; /* for "virtual" subnet topology */
@@ -2762,7 +2762,7 @@ read_tun(struct tuntap *tt, uint8_t *buf, int len)
}
}
-#elif defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__)
+#elif defined(TARGET_FREEBSD)
static inline int
freebsd_modify_read_write_return(int len)
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index 1767d1e..d3e2c89 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -698,7 +698,7 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list *
struct user_pass up;
int command;
#ifdef USE_PAM_DLOPEN
- static const char pam_so[] = "libpam.so.0";
+ static const char pam_so[] = "libpam.so";
#endif
/*
diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am
index b0813a0..fafe6b2 100644
--- a/tests/unit_tests/openvpn/Makefile.am
+++ b/tests/unit_tests/openvpn/Makefile.am
@@ -1,6 +1,6 @@
AUTOMAKE_OPTIONS = foreign
-check_PROGRAMS = argv_testdriver buffer_testdriver packet_id_testdriver
+check_PROGRAMS = argv_testdriver buffer_testdriver
if ENABLE_CRYPTO
check_PROGRAMS += tls_crypt_testdriver
@@ -27,17 +27,6 @@ buffer_testdriver_SOURCES = test_buffer.c mock_msg.c \
$(openvpn_srcdir)/buffer.c \
$(openvpn_srcdir)/platform.c
-packet_id_testdriver_CFLAGS = @TEST_CFLAGS@ \
- -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \
- $(OPTIONAL_CRYPTO_CFLAGS)
-packet_id_testdriver_LDFLAGS = @TEST_LDFLAGS@ \
- $(OPTIONAL_CRYPTO_LIBS)
-packet_id_testdriver_SOURCES = test_packet_id.c mock_msg.c \
- $(openvpn_srcdir)/buffer.c \
- $(openvpn_srcdir)/otime.c \
- $(openvpn_srcdir)/packet_id.c \
- $(openvpn_srcdir)/platform.c
-
tls_crypt_testdriver_CFLAGS = @TEST_CFLAGS@ \
-I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \
$(OPTIONAL_CRYPTO_CFLAGS)
diff --git a/tests/unit_tests/openvpn/mock_msg.c b/tests/unit_tests/openvpn/mock_msg.c
index 060588f..eb0d5e9 100644
--- a/tests/unit_tests/openvpn/mock_msg.c
+++ b/tests/unit_tests/openvpn/mock_msg.c
@@ -29,12 +29,9 @@
#endif
#include <stdarg.h>
-#include <stddef.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
-#include <setjmp.h>
-#include <cmocka.h>
-
#include "errlevel.h"
#include "error.h"
@@ -73,8 +70,14 @@ x_msg(const unsigned int flags, const char *format, ...)
void
assert_failed(const char *filename, int line, const char *condition)
{
- mock_assert(false, condition ? condition : "", filename, line);
- /* Keep compiler happy. Should not happen, mock_assert() does not return */
+ if (condition)
+ {
+ printf("Assertion failed at %s:%d (%s)", filename, line, condition);
+ }
+ else
+ {
+ printf("Assertion failed at %s:%d", filename, line);
+ }
exit(1);
}
diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c
deleted file mode 100644
index 0a785ad..0000000
--- a/tests/unit_tests/openvpn/test_packet_id.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2016 Fox Crypto B.V. <openvpn@fox-it.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#elif defined(_MSC_VER)
-#include "config-msvc.h"
-#endif
-
-#include "syshead.h"
-
-#include <stdarg.h>
-#include <stddef.h>
-#include <setjmp.h>
-#include <cmocka.h>
-
-#include "packet_id.h"
-
-#include "mock_msg.h"
-
-struct test_packet_id_write_data {
- struct {
- uint32_t buf_id;
- uint32_t buf_time;
- } test_buf_data;
- struct buffer test_buf;
- struct packet_id_send pis;
-};
-
-static int
-test_packet_id_write_setup(void **state) {
- struct test_packet_id_write_data *data =
- calloc(1, sizeof(struct test_packet_id_write_data));
-
- if (!data)
- {
- return -1;
- }
-
- data->test_buf.data = (void *) &data->test_buf_data;
- data->test_buf.capacity = sizeof(data->test_buf_data);
-
- *state = data;
- return 0;
-}
-
-static int
-test_packet_id_write_teardown(void **state) {
- free(*state);
- return 0;
-}
-
-static void
-test_packet_id_write_short(void **state)
-{
- struct test_packet_id_write_data *data = *state;
-
- now = 5010;
- assert_true(packet_id_write(&data->pis, &data->test_buf, false, false));
- assert_true(data->pis.id == 1);
- assert_true(data->test_buf_data.buf_id == htonl(1));
- assert_true(data->test_buf_data.buf_time == 0);
-}
-
-static void
-test_packet_id_write_long(void **state)
-{
- struct test_packet_id_write_data *data = *state;
-
- now = 5010;
- assert_true(packet_id_write(&data->pis, &data->test_buf, true, false));
- assert(data->pis.id == 1);
- assert(data->pis.time == now);
- assert_true(data->test_buf_data.buf_id == htonl(1));
- assert_true(data->test_buf_data.buf_time == htonl(now));
-}
-
-static void
-test_packet_id_write_short_prepend(void **state)
-{
- struct test_packet_id_write_data *data = *state;
-
- data->test_buf.offset = sizeof(packet_id_type);
- now = 5010;
- assert_true(packet_id_write(&data->pis, &data->test_buf, false, true));
- assert_true(data->pis.id == 1);
- assert_true(data->test_buf_data.buf_id == htonl(1));
- assert_true(data->test_buf_data.buf_time == 0);
-}
-
-static void
-test_packet_id_write_long_prepend(void **state)
-{
- struct test_packet_id_write_data *data = *state;
-
- data->test_buf.offset = sizeof(data->test_buf_data);
- now = 5010;
- assert_true(packet_id_write(&data->pis, &data->test_buf, true, true));
- assert(data->pis.id == 1);
- assert(data->pis.time == now);
- assert_true(data->test_buf_data.buf_id == htonl(1));
- assert_true(data->test_buf_data.buf_time == htonl(now));
-}
-
-static void
-test_packet_id_write_short_wrap(void **state)
-{
- struct test_packet_id_write_data *data = *state;
-
- data->pis.id = ~0;
- assert_false(packet_id_write(&data->pis, &data->test_buf, false, false));
-}
-
-static void
-test_packet_id_write_long_wrap(void **state)
-{
- struct test_packet_id_write_data *data = *state;
-
- data->pis.id = ~0;
- data->pis.time = 5006;
-
- /* Write fails if time did not change */
- now = 5006;
- assert_false(packet_id_write(&data->pis, &data->test_buf, true, false));
-
- /* Write succeeds if time moved forward */
- now = 5010;
- assert_true(packet_id_write(&data->pis, &data->test_buf, true, false));
-
- assert(data->pis.id == 1);
- assert(data->pis.time == now);
- assert_true(data->test_buf_data.buf_id == htonl(1));
- assert_true(data->test_buf_data.buf_time == htonl(now));
-}
-
-int
-main(void) {
- const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_packet_id_write_short,
- test_packet_id_write_setup, test_packet_id_write_teardown),
- cmocka_unit_test_setup_teardown(test_packet_id_write_long,
- test_packet_id_write_setup, test_packet_id_write_teardown),
- cmocka_unit_test_setup_teardown(test_packet_id_write_short_prepend,
- test_packet_id_write_setup, test_packet_id_write_teardown),
- cmocka_unit_test_setup_teardown(test_packet_id_write_long_prepend,
- test_packet_id_write_setup, test_packet_id_write_teardown),
- cmocka_unit_test_setup_teardown(test_packet_id_write_short_wrap,
- test_packet_id_write_setup, test_packet_id_write_teardown),
- cmocka_unit_test_setup_teardown(test_packet_id_write_long_wrap,
- test_packet_id_write_setup, test_packet_id_write_teardown),
- };
-
- return cmocka_run_group_tests_name("packet_id tests", tests, NULL, NULL);
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 06:45:53 +0000