diff --git a/revoke-test/README.md b/revoke-test/README.md index dedb244c..4b088557 100644 --- a/revoke-test/README.md +++ b/revoke-test/README.md @@ -21,9 +21,9 @@ fuzzy: we actually just require that a majority of sites are detected as revoked of its revoked test website together with details of the certificate chain it presents. -Certificate chains presented by the test websites have varying lifetimes, but these -tests currently don't accept expired certificates. That means the snapshot needs -to be regularly refreshed. +Certificate chains presented by the test websites have varying lifetimes, and as a result +these tests currently accept expired certificates. The tests enforce a 30-day limit on +test data lifetime to avoid expiry becoming a significant factor. Refresh the snapshot with: diff --git a/revoke-test/src/bin/fetch.rs b/revoke-test/src/bin/fetch.rs index cf3b79d7..2bb0fe0e 100644 --- a/revoke-test/src/bin/fetch.rs +++ b/revoke-test/src/bin/fetch.rs @@ -2,6 +2,7 @@ use core::str::FromStr; use std::borrow::Cow; use std::fs::File; use std::sync::Arc; +use std::time::SystemTime; use eyre::{Report, Result}; use http::Uri; @@ -64,6 +65,10 @@ async fn main() -> Result<(), Report> { File::create("test-sites.json")?, &RevocationTestSites { sites: Cow::Borrowed(&sites), + timestamp: SystemTime::now() + .duration_since(SystemTime::UNIX_EPOCH) + .unwrap() + .as_secs(), }, )?; diff --git a/revoke-test/src/lib.rs b/revoke-test/src/lib.rs index 4add1f53..3478c8d9 100644 --- a/revoke-test/src/lib.rs +++ b/revoke-test/src/lib.rs @@ -1,4 +1,6 @@ +use core::time::Duration; use std::borrow::Cow; +use std::time::SystemTime; use aws_lc_rs::digest::{SHA256, digest}; use base64::Engine; @@ -14,6 +16,17 @@ use x509_parser::prelude::FromDer; #[derive(Debug, Deserialize, Serialize)] pub struct RevocationTestSites<'a> { pub sites: Cow<'a, [RevocationTestSite]>, + pub timestamp: u64, +} + +impl RevocationTestSites<'_> { + pub fn expired(&self) -> bool { + let one_month = Duration::from_secs(60 * 60 * 24 * 30); + let deadline = SystemTime::UNIX_EPOCH + .checked_add(Duration::from_secs(self.timestamp) + one_month) + .unwrap(); + SystemTime::now() > deadline + } } #[derive(Clone, Debug, Deserialize, Serialize)] diff --git a/revoke-test/test-sites.json b/revoke-test/test-sites.json index 90f4bd09..95764b5b 100644 --- a/revoke-test/test-sites.json +++ b/revoke-test/test-sites.json @@ -762,7 +762,7 @@ "ca_sha256_fingerprint": "3F034BB5704D44B2D08545A02057DE93EBF3905FCE721ACBC730C06DDAEE904E", "ca_label": "SecureSign Root CA12", "test_website_revoked": "https://ss12-revoked.managedpki.ne.jp", - "error": "invalid peer certificate: certificate expired: verification time 1776250216 (UNIX), but certificate is not valid after 1771685940 (4564276 seconds ago)" + "error": "invalid peer certificate: certificate expired: verification time 1776252844 (UNIX), but certificate is not valid after 1771685940 (4566904 seconds ago)" }, { "ca_sha256_fingerprint": "3F63BB2814BE174EC8B6439CF08D6D56F0B7C405883A5648A334424D6B3EC558", @@ -795,7 +795,7 @@ "ca_sha256_fingerprint": "3F99CC474ACFCE4DFED58794665E478D1547739F2E780F1BB4CA9B133097D401", "ca_label": "HARICA TLS ECC Root CA 2021", "test_website_revoked": "https://tls-ecc-revoked-ev.root2021.harica.gr", - "error": "invalid peer certificate: certificate expired: verification time 1776250218 (UNIX), but certificate is not valid after 1776249636 (582 seconds ago)" + "error": "invalid peer certificate: certificate expired: verification time 1776252845 (UNIX), but certificate is not valid after 1776249636 (3209 seconds ago)" }, { "ca_sha256_fingerprint": "40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367", @@ -1707,24 +1707,24 @@ "ca_label": "Sectigo Public Server Authentication Root R46", "test_website_revoked": "https://sectigopublicserverauthenticationrootr46-ev.sectigo.com:444/", "detail": { - "end_entity_cert": "MIIH3jCCBkagAwIBAgIRALw7upxYwIIcOAxt1cXDNY0wDQYJKoZIhvcNAQEMBQAwYDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBQdWJsaWMgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBIEVWIFIzNjAeFw0yNTA0MTcwMDAwMDBaFw0yNjA0MTcyMzU5NTlaMIHFMREwDwYDVQQFEwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpNYW5jaGVzdGVyMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxQDA+BgNVBAMTN3NlY3RpZ29wdWJsaWNzZXJ2ZXJhdXRoZW50aWNhdGlvbnJvb3RyNDYtZXYuc2VjdGlnby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvZ213Z9HajybCAKh1BbEqQ388NuLW1VdN0gyEUD+RoEvCxoNPxI82wS3edrZi1ZR0vwJ95vt+hi0sMfS97p3yACChqgZw9eaWky3/Ikn3CYiEX4ZYdMmyz0aVFZp5ZR6QbwvtLsaJ6AUmX7Q7zR3VXkZqRELFdNiDtkey0+/XOqowmCewez+JfnCupFFlmCIsNTuRzOB01F6OH0IjEJSpz+CrN8JN92zBmpsSERCI2WPqCI6ElZew0X1+gYwazfqLuNDezFC4B8ih5NzFtVT04/zTcZTiOGZbq0i+41KCG5hQRMbGEs0gMO1eiAcJeaSU4vTIhy7vYD1BV7+t4eFbAgMBAAGjggOrMIIDpzAfBgNVHSMEGDAWgBSYLV4ej+tU9Ln/VZWtTMd+pJiuezAdBgNVHQ4EFgQUDTzj698FQ2Osxluq0P0y/iv9nb0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNQYMKwYBBAGyMQECAQUBMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAcGBWeBDAEBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uQ0FFVlIzNi5jcmwwgYQGCCsGAQUFBwEBBHgwdjBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljU2VydmVyQXV0aGVudGljYXRpb25DQUVWUjM2LmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wfwYDVR0RBHgwdoI3c2VjdGlnb3B1YmxpY3NlcnZlcmF1dGhlbnRpY2F0aW9ucm9vdHI0Ni1ldi5zZWN0aWdvLmNvbYI7d3d3LnNlY3RpZ29wdWJsaWNzZXJ2ZXJhdXRoZW50aWNhdGlvbnJvb3RyNDYtZXYuc2VjdGlnby5jb20wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AJaXZL9VWJet90OHaDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABlkUDjwIAAAQDAEcwRQIhAMox6QoPtDqoIuJftB2rhpf2eW8jfVR/t9i+tAByjayqAiBBEIh8XQp7Ckek/KQTSvYmoIRrorJUOMKF3Bdo08xuywB1ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAABlkUDjpsAAAQDAEYwRAIgNe54UNQbbNDpWTvaq089J6zHT/tMoHCuhrr4kWqUZ7wCICJO51csdMTrvtl2rxJ3g3t3uNafkf6TgWl7USj9oohaAHYADleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHFTiEAAAGWRQOO6AAABAMARzBFAiBSHbfeWfetnT9zENjlbdDkHcoCM2h+Kb7I4kscdDj86wIhAOIrCE2BaHaX3F8G4R56gCMeep4rHHEKHsEVqUrUJWosMA0GCSqGSIb3DQEBDAUAA4IBgQBzTgiNpC5u+HOdYPyJ1zqs9YaJuuZqEKLLChyCy1wiuH1SAw/VoieuPXFJcQ/pllxtWONz6ii7kXEg08S/lnpLooQLpzmZTVrLRq0ar+0XbekMT9wWMSyhUGAVzfTFXXbwRlvqi5/kBdnFBdRgEic+fI4HjoS13mugIvzv2/ptO993IalKDbYJvI6S3PV5XH0O/+7C22eTTd+KOhbo0N7VNrAw/fd8xbNeH5hLmym2vR8lZckfo3Jg8FC8Lh8guxhgQ5cez0h8qemMm2w9PbQIJtF90h5MWQr7z1FMXDmOCFoJ3IEX+c2Lt4vDbplOdSVhIMIidc+KmApPNTySUx8vDA85hedbxyexm4ME+XgBoO4IODoFxA+5ktnY4R7T8pX7W38+5luTugyk6WYEnrCRarsJe/Imzk7dR/hjXgsxc1h26Rw1v5SYzQGWohNrxZrbm/xvlk3weoGBxV9lBr/OTfSPSgQYYXsx8vIAuZnJFLT/DIzGYn6za3SiTdoeNdI=", + "end_entity_cert": "MIIH3DCCBkSgAwIBAgIQU5ObCeZKSACMK1zLOpx5xDANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRVYgUjM2MB4XDTI2MDQxMzAwMDAwMFoXDTI2MTAyODIzNTk1OVowgcUxETAPBgNVBAUTCDA0MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCR0IxEzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDFAMD4GA1UEAxM3c2VjdGlnb3B1YmxpY3NlcnZlcmF1dGhlbnRpY2F0aW9ucm9vdHI0Ni1ldi5zZWN0aWdvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9nbXdn0dqPJsIAqHUFsSpDfzw24tbVV03SDIRQP5GgS8LGg0/EjzbBLd52tmLVlHS/An3m+36GLSwx9L3unfIAIKGqBnD15paTLf8iSfcJiIRfhlh0ybLPRpUVmnllHpBvC+0uxonoBSZftDvNHdVeRmpEQsV02IO2R7LT79c6qjCYJ7B7P4l+cK6kUWWYIiw1O5HM4HTUXo4fQiMQlKnP4Ks3wk33bMGamxIREIjZY+oIjoSVl7DRfX6BjBrN+ou40N7MULgHyKHk3MW1VPTj/NNxlOI4ZlurSL7jUoIbmFBExsYSzSAw7V6IBwl5pJTi9MiHLu9gPUFXv63h4VsCAwEAAaOCA6owggOmMB8GA1UdIwQYMBaAFJgtXh6P61T0uf9Vla1Mx36kmK57MB0GA1UdDgQWBBQNPOPr3wVDY6zGW6rQ/TL+K/2dvTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATBJBgNVHSAEQjBAMDUGDCsGAQQBsjEBAgEFATAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAHBgVngQwBATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvbkNBRVZSMzYuY3JsMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uQ0FFVlIzNi5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMH8GA1UdEQR4MHaCN3NlY3RpZ29wdWJsaWNzZXJ2ZXJhdXRoZW50aWNhdGlvbnJvb3RyNDYtZXYuc2VjdGlnby5jb22CO3d3dy5zZWN0aWdvcHVibGljc2VydmVyYXV0aGVudGljYXRpb25yb290cjQ2LWV2LnNlY3RpZ28uY29tMIIBhgYKKwYBBAHWeQIEAgSCAXYEggFyAXAAdwDYCVU7lE96/8gWGW+UT4WrsPj8XodVJg8V0S5yu0VLFAAAAZ2G/ZcCAAAEAwBIMEYCIQCtqEvcyt39Xr5Ojsa0E8RVJzH+zGJu3ci7cjYWM+T+lQIhAPvxHKtk7RijCULKc5Bw9x7A4m9XnSKwFNr2HPiEBuWdAHUAyKPEf8ezrbk1awE/anoSbeM6TkOlxkb5l605dZkdz5oAAAGdhv2XvQAABAMARjBEAiAcWqZOz+ndq63DfGeUmhbv/EcZ7HGBq7xixuGoxMMaSQIgFhmApwHpe6YgPFp1UekfcPcoGqykYfmIwKdGgsDR9U8AfgBs/lAZQ6heqRa8UtEz5NzJHvFBHH0lhCDRc4CeGBjrOgAAAZ2G/Zm3AAgAAAUABwXEugQDAEcwRQIgezMd/jKWHFnzAcxLJnWXhyKv8370b4hr1twYV3pFHDQCIQCxwnsbxG45v9tpy2JQIaybZ8xLlJHVG3CTMqMWuwIxVzANBgkqhkiG9w0BAQsFAAOCAYEAhxNb6o5dnzW+JqhjBaQ1ahYcIMLXBVVjbtQsARTWvPrKNLJu7TwsZUasE9NSCfRHGAUXZbahBcnAf17qz6lYhKeL4n7A0oO9cGvfkHgL5hfAgAZd+UN+Y72r/XkChFddTIc/ZcVabdA9iJMO4uyKQfEtVu1nciJ2nrdxBVfRPXulRdcJrBWgO15DmtAWRvZICr32W8Beh/ktq1/9pGcGt7Kaxm5MQVTkgzCLMN7pEFvsGjuA486Cj8rQbo6RoZWUJ2Ll8mA0BCPtV4wXW8RPuIm/U+TPWFbHxPJXwrlb73J2P9kCuM+aBj0Wfuy11CZE/2bxp9Ql4M6v2t73zy7V67vB3UB/eQ7WBsL12HI8/nAq4gfioy6F9E8LVSXljyumxJhXZwxkOUey5N2XO5m1+OPDQkzO6n/McRBtEGKdidQlvbN3MdUAhrnXof5Xk74Y57KXQMjP69o2esM/KNqarzEmmCQiONEfFQiTLQqCJinyEgZGc3dWO99Xkzmvj+lG", "intermediates": [ "MIIGSzCCBDOgAwIBAgIQbU98rTNTd8jG4AHd4uLIjjANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRVYgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApduwxkQH5noeb0k4yRXK47Fd+hVkH8twKWQF3FNmHHShQrOH7S0L3p8Aaf8P7OqojwyZgyqD5o/Sb95N45P/NfmL+lfAOkQ1Bpvz0OcZVmwYhMWFYJe8parkz5w9Bk8mn/AtN65hIQF0NqBI6F+23/jzhlpl3E0zKkkUJSfTdgvwaJvTiPgLQ7CpYyLJvMpgdPHf+nnvA5YJjhae6olh6BRllvRhzKOq0gd60BrOAos9QyOfYhUDG3eQovMA9fyiI2qNclCp6DY8hqt55lERoBS/Whza8Cx1bh6q8rTPnno2uI6FZb2UavIYblyGDamXAW/jv3qsMB42xz/p2mUHg0wQzn/8KAiyu2ZbDs7EOOwYx0V2ViNsCXGR/GCmJsUNPmhEEXBclOj6qF7rFf7nkST2bokSt9VF1NB1JgRldjZin1+v2Vm88UEgFxerQPPrPjAEMqDx44vKl22sGWnl+jOyxf/H59DHKbIezrIYrJpSnA3WEVaiXs1oIRy1ZziNAgMBAAGjggGAMIIBfDAfBgNVHSMEGDAWgBRWc1hklfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUmC1eHo/rVPS5/1WVrUzHfqSYrnswDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBoGA1UdIAQTMBEwBgYEVR0gADAHBgVngQwBATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYuY3JsMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uUm9vdFI0Ni5wN2MwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4ICAQA2LRCehSXiyw56alKt2aqDwDLEDmyu74lUmDG4rI1Jw3+ivLz+OK3NpE466a8yXu7bf326wkrrOCF2SVu3ItNjXqsgwXdIM9tapVEKjsEwbjcPUcxNeqzSpLSgHZIVhjJJ+QtdEL2n1NhDxqewlN+ZKWWBLGB0LA/S7SvCl9s7rsppo97uv6J3h//q4b2SgzHuKUu80Hofpjp2bILGHy4CqzKzyg3wn9sKFcX6Ufkcea/tuiWhIMPkiQCv5tXsRj+Hn3CZql+wRPbjhNqncCkzrwOBrt7Gov46EHhqMUP/Euf8gSw7X+CzWEUJ0Q+Vn8VLZDkiKcMSYMJI+6Trc5tVn9LQLI6tTzwagLhgcVtFpom3PVtEJRPN/d05L0ck7S1bxPaXcQhKUqdzFd09pt6fLx2vMmylBKXjKosSxjB12KRzLvI2CUUVdpl7OTFA32Fk+zQC2gJPGmPPCzRMRYfVOEIZxbG0nI9lpYZidLkQ/EyTtJ3JVj7cb3KRe/e1s+XjrnHqbUwoizicfogtcKm5giwj74f+Rpr0RRy4xum1bC662fNHRJaTt5ErVR6gHjHMZhp+tOeOvohq5XxIMCKuetnwcPeBsOzUBzmUPoxQNRVXEYbwV2rS3t2jJ0Zh/DnnO96biaAsEnxbQyu4fvMx6D4J4Zbkc7Zp75T3GE/UjQ==" ], - "serial": "ALw7upxYwIIcOAxt1cXDNY0=", + "serial": "U5ObCeZKSACMK1zLOpx5xA==", "issuer_spki_sha256": "0RfXDfccNqREsDzRXraedr+pPfaWA8fMplHCU30xYlo=", "scts": [ { - "log_id": "lpdkv1VYl633Q4doNwhCd+nwOtX2pPM2bkakPw/KqcY=", - "timestamp": 1744914583298 + "log_id": "2AlVO5RPev/IFhlvlE+Fq7D4/F6HVSYPFdEucrtFSxQ=", + "timestamp": 1776086259458 }, { - "log_id": "GYbUxyiqb/66A294Kk0BkarOLXIxD67OXXBBLSVMx9Q=", - "timestamp": 1744914583195 + "log_id": "yKPEf8ezrbk1awE/anoSbeM6TkOlxkb5l605dZkdz5o=", + "timestamp": 1776086259645 }, { - "log_id": "DleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHFTiE=", - "timestamp": 1744914583272 + "log_id": "bP5QGUOoXqkWvFLRM+TcyR7xQRx9JYQg0XOAnhgY6zo=", + "timestamp": 1776086260151 } ] } @@ -2334,25 +2334,24 @@ "ca_label": "UCA Global G2 Root", "test_website_revoked": "https://rsaovg5.revoked.sheca.com/", "detail": { - "end_entity_cert": "MIIHFDCCBXygAwIBAgIQRp7nCXMKESGHNO3paDJO3zANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJDTjERMA8GA1UEChMIVW5pVHJ1c3QxHzAdBgNVBAMTFlNIRUNBIE9WIFRMUyBSU0EgQ0EgQTEwHhcNMjYwMzIyMDI0NDQzWhcNMjYxMDA2MTU1OTU5WjCBkTELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCeS4iua1t+W4gjESMBAGA1UEBwwJ5LiK5rW35biCMTYwNAYDVQQKDC3kuIrmtbfluILmlbDlrZfor4HkuaborqTor4HkuK3lv4PmnInpmZDlhazlj7gxIjAgBgNVBAMTGXJzYW92ZzUucmV2b2tlZC5zaGVjYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYybQh4ZWtXcEFuaTCdWYS0hNLRfNFrNyJxzhGuYWjZO1t6uXxc0pUeHC3f5X1BJVwYvduL3FdFxJUV/LrH2h3XnHAtWy9HtPvxi/Q3FQTdteZ/H+Wu0vaCd4RPZRnoJTzDovq4+Vtpg6euzgRAFzyv86M8vY2JGBwriVs9hnCL0IjQEz7Z6xwG7x9ctWwXi9tjD09QnHb7FG7rEmTYiupdEgspjbpN5jU30BvmMH0U0oBxPCNwyKgeaS859j0AJmqIHZEE0sGb8KyRUpGjFjgsSEPrD+8BWpo4AHoyismi15Gbb827Ui1Cb6MINkmfTnPM/LGTTB+OsgPO6YR4mDvAgMBAAGjggM1MIIDMTAfBgNVHSMEGDAWgBSmIQOjvLrE8N95IcBg8GnvaqJNVDAdBgNVHQ4EFgQU8I+KAkEZ2HyJrrBl2je8gZzbdekwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMFAGA1UdIARJMEcwOwYJKoEchu86AQECMC4wLAYIKwYBBQUHAgEWIGh0dHBzOi8vd3d3LnNoZWNhLmNvbS9yZXBvc2l0b3J5MAgGBmeBDAECAjAkBgNVHREEHTAbghlyc2Fvdmc1LnJldm9rZWQuc2hlY2EuY29tMAwGA1UdEwEB/wQCMAAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5nbG9iYWwuc2hlY2EuY29tL2dvdnRsc2NhdjJhMS5jcmwwgYEGCCsGAQUFBwEBBHUwczA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuZ2xvYmFsLnNoZWNhLmNvbS9nb3Z0bHNjYXYyYTEwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jZXJ0cy5nbG9iYWwuc2hlY2EuY29tL2dvdnRsc2NhdjJhMS5jZXIwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWwyxTDFFjnAAABnRNuP2YAAAQDAEgwRgIhAKLOHb97M0/wX5m85UFXVkYyafNR56zJpEO+8DtUdcr+AiEA+awzqa/mFbNCMXupl4p/WUA961BnqTbLx8PscWr+S2gAdgDYCVU7lE96/8gWGW+UT4WrsPj8XodVJg8V0S5yu0VLFAAAAZ0TbkBcAAAEAwBHMEUCIGRnhqE0L67nnZS3B5cOdz0PRSLu5Hty+nvolJYDavk+AiEA6ng4WCWGVwXLxvdmTLSoYSwD2DkI87V8/0gUE4R5DMYAdgDXbX0Q0af1d8LH6V/XAL/5gskzWmXh0LMBcxfAyMVpdwAAAZ0TbkKPAAAEAwBHMEUCIFCxYCdF3P9uYve71rsgiG+2gXiiN0HI0iTIks9iy0bwAiEA013YmIxyhex7wOxU1UMfpRT8grRoeDkYva9LngBB/WowDQYJKoZIhvcNAQELBQADggGBAHT6wiI7QaJLANwmqQIU5lHe/nYu6C7OUefe99NaberXYUWdVmXb2BYAZ77/I79NloswkfwNs2GDWhMsd1600hE2JC7pagl/jwuxqQWDrRZC29WRS0Qu/VDWHZBUlx6CwlaMtIeFGj30zg2shxDm/iL69te7WljunxKiKcjtCziKST/kUxfzGrYAIhDapuoMb4Zsm/me+SHESqnD8KsgnhLlIcLN9tO4QBsuPwhqN1waoPXMhbGpfPXZRWIMG2+8hE9afDVGWwSmYO+0jk66eFSRpyz/Yqfw0kpiy5NPVoqX+mIeipEFDg0X7Ug74KwAXfVpwzQzOaoo3okw1hOQRQ7OSEr2m4Ou3YZ59iEXCV6rLhm5cTm90ZmFgBuaCfOFv0aYoXZo5vbWZ/fVlMH5skFxPfzAuXj4qyzfsQI2zjH00U8bqm3tnxgXJzelasmFdq7sac7ykN0SrR0zYwhg6hREIcbeuKl8IWDRziMitZ7X9wTiTz4LaBwAS6JZxiKUEQ==", + "end_entity_cert": "MIIGXDCCBUSgAwIBAgIQPhGt1qzMg8RfoKmWoiTcSjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxHjAcBgNVBAMMFVNIRUNBIE9WIFNlcnZlciBDQSBHNTAeFw0yNjAxMDkxNjEwNDFaFw0yNzAxMTAxNTU5NTlaMIGRMQswCQYDVQQGEwJDTjESMBAGA1UECAwJ5LiK5rW35biCMRIwEAYDVQQHDAnkuIrmtbfluIIxNjA0BgNVBAoMLeS4iua1t+W4guaVsOWtl+ivgeS5puiupOivgeS4reW/g+aciemZkOWFrOWPuDEiMCAGA1UEAxMZcnNhb3ZnNS5yZXZva2VkLnNoZWNhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxbK+oqbxFuqZTmBLZYhti9ghjFHfMHvvzgT02vlH668CefzdjC3OKhgkdAGB1nQhAVDEWmpg2ENyLk/PpOfJEK83wVxXzX5THzzckXFiU8lJy3fbE3/J74FR5UdR8WD/+JLqfshHTki+V6jZYW68JRz14w72mty07aM+h7A9/xoWfka8eMa2IrhOCuTUV/g7LA7kIbj4MAv64h2fCb8vteMZkNQRUGFLvksHqA600jt2L8ToZaeY+RZmzqpaLJ7jAXsJT4Re7ouH/UfHlqzQeOjTqxOH1+acJ3q6knxTOcpIDusCs9n+K9FHIPzxCSM8IRNGrC8wDxG0tGKdNSqmECAwEAAaOCAv4wggL6MB8GA1UdIwQYMBaAFAN5o41SX9TpiJIfQ1hUJQL0h4t+MB0GA1UdDgQWBBSjgLE+NrNbpvhblUFTpMo2wVMtXjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCAGA1UdIAQZMBcwCwYJKoEchu86AQECMAgGBmeBDAECAjAkBgNVHREEHTAbghlyc2Fvdmc1LnJldm9rZWQuc2hlY2EuY29tMAwGA1UdEwEB/wQCMAAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nbG9iYWwuc2hlY2EuY29tL292c2NhZzUuY3JsMHcGCCsGAQUFBwEBBGswaTAwBggrBgEFBQcwAYYkaHR0cDovL29jc3AuZ2xvYmFsLnNoZWNhLmNvbS9vdnNjYWc1MDUGCCsGAQUFBzAChilodHRwOi8vY2VydHMuZ2xvYmFsLnNoZWNhLmNvbS9vdnNjYWc1LmNlcjCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYATGPcmOWcHauI9h6KPd6uj6tEozd7X5uUw/uhnPzBviYAAAGbo4ZCwwAABAMARzBFAiEA4sMZ5xXTnFFGu9TT8lM8AK8/XhKJKq4AvHeD0L1gNyUCIA6MKdXYA6k2uUGw5HMrNQNqy+4VISt40GYlzaVhNN5eAHUAHJ9oLOn68EVpUPgbloqH3dsyENhM5siy44JSSsTPWZ8AAAGbo4ZDGgAABAMARjBEAiAOGNNDhgrt4AksxBGq32FQK1NzEoDXsbetnJX18BGA9wIgEaHabJl7hpj5l6/mCEuNw32fyJHu5qiDxXCcGozOn14AdwBgTJqven93XwHUBvySDciZ6wscffjJUhv6+hd3O5eLyQAAAZujhkSXAAAEAwBIMEYCIQCkoyEHwNbjOdvJ7wif+tv1Sn0uCB3csBqGadjFirIqAwIhAIGn6aPtN0XnLMAsqSEn9P1OddIL8OBUfsJCh2sKYmMfMA0GCSqGSIb3DQEBCwUAA4IBAQBeqVD9b4Wt1qf1zQqxglLOQKygPUNjKZQKiZwCsDYH/CfW/3U0SQHwGhZxNVLguixZEafS4fyyTtZgI965G6xCX4C4V0G9z2zTPAN9Nk4kCvoN1d+OO1T+/GmlEkc3z8DaW04dZZw3yoHG5pqGyRVp4kUGGYMTc1ngLb9sViCou91WAC5eZ7PkE69MMdw53axLAPMqSgeLaj2LFRFxWW+vFgGgrIvF+t6EeS/K5DM384p6NtB6KyCfwapOiCsRNSxLWk0u6t9+XOfIvEA8vCBT9EixmKSyiQPwMs7ma46k9BFZEpiHW3GqU1gZasMIzVmbISESKqrDf5csSQw1FjJh", "intermediates": [ - "MIIGDjCCA/agAwIBAgIQa2GGMsheS8FEyqYFrAHHxzANBgkqhkiG9w0BAQwFADA9MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0yNTA0MjcxNjAwMDBaFw0zNTA0MjcxNTU5NTlaMEExCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDEfMB0GA1UEAxMWU0hFQ0EgT1YgVExTIFJTQSBDQSBBMTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMBYRRXoZ2fzkPS3QQp3xTQe4lt67+s12bnlzFl5867tKSb3WsTuAKa2r11jRlRYgf7AZ+NltRcJ7EO6J9P4nR/iwQ0AWEq6D1FSv/DY1mhyUbBdGcZrZSnGICMt4yff/k7bT97YAI0OikO8H6Xq8QnengdviQqs+PKJ/KEJzuGKEpXMDYE3rcvK6WBHqd3NgdTb1gKgOEk1z+vsiljN3ufbz4WgSFUR1QNhZgdN9Tbf+fb63qyEVouoh47ZDOESqVax2PPLuJc+tKyZAvXq+P9o7yr80TUpm36OfNsuOFZSWE9CXPNG2yITz96UYpaqyTzwR+ZHhOyrlKSU14LF0NgASeCLI+mbRib4dPxwxvuSSRz+3InaS7IoQvzJpo9z1BFc5w/1pM4d0yVrgHyO3/Irn3XNBuFIN5OFSCP1W6ap6ipxYd/i1BURiZC6r6/qGmkBv4BUFK57n/gMCgvKqprMDhCajzfLLwxyRryuTduZvlqAwoXPJZr/2RpyeiI2fwIDAQABo4IBhDCCAYAwHwYDVR0jBBgwFoAUgcSMzPXkMP+lDAhfjBVnIXQB398wHQYDVR0OBBYEFKYhA6O8usTw33khwGDwae9qok1UMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDATBQBgNVHSAESTBHMDsGCSqBHIbvOgEBAjAuMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5zaGVjYS5jb20vcmVwb3NpdG9yeTAIBgZngQwBAgIwEgYDVR0TAQH/BAgwBgEB/wIBADA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdsb2JhbC5zaGVjYS5jb20vcm9vdC9ncmNhZzIuY3JsMHUGCCsGAQUFBwEBBGkwZzAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuZ2xvYmFsLnNoZWNhLmNvbS9ncmNhZzIwNAYIKwYBBQUHMAKGKGh0dHA6Ly9jZXJ0cy5nbG9iYWwuc2hlY2EuY29tL2dyY2FnMi5jZXIwDQYJKoZIhvcNAQEMBQADggIBAKnCpo/e3wobSAVTNRhUzABatqVhXZfjBYT0j57/8YzJWNhB4yxqGoiQiPnvc1h1hB4Q28eGiHHkGxGce+9pGO8VhkF83RunSrl74t+jTjqcF2mMBoi3IUT9pCr57UL0M+xYzYf0EDAJJp7YET/5Ty14Ldw4DuAFIFtAdRjSRJCl+1w+vjVWxXzxXZQlxmxJG/F6dfQnkzJXIUjquJZ60Tc8GcebZLdkPXpwbtGml9xseZRxGlEy5mqoVXOWLsZS8T+JC24jHEa/3Uura/Nr/lGcXiG7cJDkuZMVdCY6dBkqGBU8NQiLk7NSvDh2Hy+DbSWwRId4BCIZ2sbn+O5TjIe3jTZXnuxsR1n4Sb1xR243kYK+g7jgBbVbsp7iQPUEjNclVJsE6mTfxNy5BUBOYZX8dVqRJCyr9CB1URFcLBLXT8Oujf2395wixkDOgsDFMtpOLh9Umsuoa5j7UzIs6daJ8IPU5xfy97jYzi/cnkl+j0idN3N9LAR0QV3tXH0GgVXuegrVSfuKwg8GteywOwWJe+b/2HXoWqs6xDkh2t+kWhbmhLNQSlGocNE3cpf3Ev1w+xWOw4stpZQhYg2xh1bHQU83txJ9s+cvthf2RAjBm8YXd2H4/VF0AKJT9nCO00DwbWzZUupvC5pd2Ei6jnwgu4QivYU3Pw2RHUmoHPkc", - "MIIFtDCCBJygAwIBAgIQHYpvwXoMgbyibENa76UAeDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMB4XDTI0MDEwODExMDcxOVoXDTI5MDEwNjExMDcxOVowPTELMAkGA1UEBhMCQ04xETAPBgNVBAoMCFVuaVRydXN0MRswGQYDVQQDDBJVQ0EgR2xvYmFsIEcyIFJvb3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF5itvfO8mBSejgSTab8sB+ZmaqTLCIodhQZE7y8NoGwbFTKkrwWcXIh0r7fkpiZOieL2Sa6CjDaJ+ypOzptGMNdV1+Rf2z0XF5Xrsd5OgjyOuDhoDf77U0O0ue6tGI1v/LOZUepTAKhXwyY2wejsk4ddo4jE8BjNGtlQRpqUvIlQqWA0BAvH6FVFnbMD617Ybf9FWiC8aOo07u4IR4EcA0FKHq/uGfg8ka0CdNGe8jccthm95Po6pPBdLf7CZ47BxYNwL9WTDzkO8bXG50t4nW4ro2Mau4Vl9zygtNbiVVhrxslhLtxI3yHyz7UuA4Y36MiO2b7dIlQixRE6FjDoCVCAv379XTzs6kCHXwSY1VCDsxz9H7O9av0t6wa07F1BcYtgPS0rcK/puvHOSzezHUOhBltepfm3Y6R2PirW5WJK6SpIrDFb9gOsI8F4pbhscDK+Pk4mt272jniHKiRns37XDGusW/ng2TNZu0D4XHJAXaya6+3ovvxEcGA4tcwOPoOU1oFriTHUdceE5OFN4QMyDk9cKnp1bj4rk5eBI5EiyR81OKnUqe/Ii9sm+CZGWV3qIiKzucKz53CnjDBw7Ek5E1qdOsCbI89kal5Fo6u+NRgbSVkVYmjwMD4O4BSXDOc87pDSJt3kSL0fF56mXafymd2e133vxemUV5GFWZQIDAQABo4IBbTCCAWkwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUgcSMzPXkMP+lDAhfjBVnIXQB398wHwYDVR0jBBgwFoAUCHbNywf/JPbFze27kLzihDdGdfcwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBiBgNVHR8EWzBZMCugKaAnhiVodHRwOi8vY2VydHVtLmNybC5zaGVjYS5jb20vY3RuY2EuY3JsMCqgKKAmhiRodHRwOi8vc3ViY2EuY3JsLmNlcnR1bS5wbC9jdG5jYS5jcmwwawYIKwYBBQUHAQEEXzBdMCgGCCsGAQUFBzABhhxodHRwOi8vc3ViY2Eub2NzcC1jZXJ0dW0uY29tMDEGCCsGAQUFBzAChiVodHRwOi8vcmVwb3NpdG9yeS5jZXJ0dW0ucGwvY3RuY2EuY2VyMBMGA1UdIAQMMAowCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQAavxQRpS9oTtEWLT1yRFlaP0vHdMX4H4XwpCngJxsmRKoRKR1w7Il4j1gSGZBtHtzqPUC4TM0k3V7+bp4neJIz0mjthIhYkYPf8+njtLfJoTiN6z84AUlRBMykj860R1qEeQEUc1DIjRKmQco74BObp8soybGIz8pAt4B1SJOFBv/juNtNTqFjklTjTR9oOR82WabEQzs+lZaSzhZ6bZL0XDhiPo6ySx4CgNzR2sRw9osGkzLjX1WFOECaQD0xqzbiQrtmdWm/Fx9p/cKT2pl2NEC/zIoLtPQebvo7QqLaPKI8e0dWRukWa/KI8vS7oVtXECjfK7jNvvrrZI5jSHoi" + "MIIFnTCCA4WgAwIBAgIQWdOdlSWnHumQf8FyK5iecjANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0yMTAzMTYxNjAwMDBaFw0zNjAzMTYxNTU5NTlaMEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgT1YgU2VydmVyIENBIEc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4r2/S0S/+K96VzxYJsOIfU2mbVnQqBFLSLSlygHarmX8QMQLVujLfFVem2xspYuqx2eIhHgb71GlStlzp5DEVMki4HHJ/pfO0XAmPz+N9YNq4WygyXD5oWUU+o1ulonE5HscfukAd2UqDR6qEm6fYCmXXavMqhmYSmt1E5EQpFSIu2Xu7/2ZGNXiYi4opOLXb2IGgyZqVqE+ytC45vipWo+WCaNcocDS4KWx3IidRg2Bx0kx0GAQ8WOxMFI4yFj60iqO5AhFNw8uVNR3CLQDyGKKE8XtLePhAHUimVCJKlR5z5ew67YvoFluYRv7aaOoZPpnmxuHrmHh81mdN/uVQIDAQABo4IBlDCCAZAwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jcmwuZ2xvYmFsLnNoZWNhLmNvbS9yb290L2dsb2JhbGcyLmNybDB5BggrBgEFBQcBAQRtMGswMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwLmdsb2JhbC5zaGVjYS5jb20vZ2xvYmFsZzIwNgYIKwYBBQUHMAKGKmh0dHA6Ly9jZXJ0cy5nbG9iYWwuc2hlY2EuY29tL2dsb2JhbGcyLmNlcjAfBgNVHSMEGDAWgBSBxIzM9eQw/6UMCF+MFWchdAHf3zAdBgNVHQ4EFgQUA3mjjVJf1OmIkh9DWFQlAvSHi34wUAYDVR0gBEkwRzA7BgkqgRyG7zoBAQIwLjAsBggrBgEFBQcCARYgaHR0cHM6Ly93d3cuc2hlY2EuY29tL3JlcG9zaXRvcnkwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4ICAQA0CRC5/DQp57wiPNcFZHgZsxUbH3v+h1oCBJOfscr37Q/nJCr6H3Pru1S5Qgv5NuNkzF2QLYKIqsdrF9tlqefOgaLIC1OU6sjhqA9QjItqsvOFWZ3s9fPB9nOy747A4SdvkJqLW/Qu0NwX49OmYOXi7oVGkvbP4ek+y8aWPaB4jG22q22/IKhThPXEiSz3BnJ5ntX8Nkua2j4JF/iViFTcxj74Gk3ciWDoswRlZAW2NLgJOOpyxjjTGabsBesBIUPmxkJXHn5wSJ5aANhorgJEtOl3k759YKWJ7elj/dx3C43HhVtrsEDLN7E88sJNwiKyMEYAUFeqdOCqkJR3RCyMapTHLjb/jUsnLokG0mHd5nAuIK2EvlhZHYnGqUYeagQoMHWhTRDfDmuhq5u3RnUMYeT3shZNXjPoczqwDmJc8fnKzbEzgA+RodVpbAZGoQXnz4WM/21tnQ1TthLxE9BeZ7O4vO7jJ0p63Azbnuw8sz9sicx3rf4f4Kg0X6D2lsom5fBcFZSxYNjnocuOsCaoUklC1ra23/SO5XhVIcr/+8iv16ofrjSYmLbWxtrEj1wfjE6xTwI0FCiuyy6GKQzjjf+NpCxmmfbMvo8DqCJf6vhAJ86T6pAY1b04pXJsFVgJbVYkVX6aGeigBW4faynoRfddZQEUGoW0M40P8L6s6A==" ], - "serial": "Rp7nCXMKESGHNO3paDJO3w==", - "issuer_spki_sha256": "WI6nGsclPUABSKW3JyWkcmgz7zhO6+Y87hF/ON9GKbE=", + "serial": "PhGt1qzMg8RfoKmWoiTcSg==", + "issuer_spki_sha256": "Ml9jtIo6CaZwLt7q6tlW9x4oQNlrHC+AQOHP17SXtCk=", "scts": [ { - "log_id": "yzj3FYl8hKFEX1vB3fvJbvKaWc1HCmkFhbDLFMMUWOc=", - "timestamp": 1774147485542 + "log_id": "TGPcmOWcHauI9h6KPd6uj6tEozd7X5uUw/uhnPzBviY=", + "timestamp": 1767975043779 }, { - "log_id": "2AlVO5RPev/IFhlvlE+Fq7D4/F6HVSYPFdEucrtFSxQ=", - "timestamp": 1774147485788 + "log_id": "HJ9oLOn68EVpUPgbloqH3dsyENhM5siy44JSSsTPWZ8=", + "timestamp": 1767975043866 }, { - "log_id": "1219ENGn9XfCx+lf1wC/+YLJM1pl4dCzAXMXwMjFaXc=", - "timestamp": 1774147486351 + "log_id": "YEyar3p/d18B1Ab8kg3ImesLHH34yVIb+voXdzuXi8k=", + "timestamp": 1767975044247 } ] } @@ -2796,24 +2795,24 @@ "ca_label": "Sectigo Public Server Authentication Root E46", "test_website_revoked": "https://sectigopublicserverauthenticationroote46-ev.sectigo.com:444/", "detail": { - "end_entity_cert": "MIIF0jCCBXegAwIBAgIQIAKf8NJIfxjAPWP6z5HkvjAKBggqhkjOPQQDAjBgMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRVYgRTM2MB4XDTI1MDQxNzAwMDAwMFoXDTI2MDQxNzIzNTk1OVowgcUxETAPBgNVBAUTCDA0MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCR0IxEzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDFAMD4GA1UEAxM3c2VjdGlnb3B1YmxpY3NlcnZlcmF1dGhlbnRpY2F0aW9ucm9vdGU0Ni1ldi5zZWN0aWdvLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIreR7lbzpKwdNkk2dhmvRL/jndHOM7rJmGkxgQ+jcQ+2E+Mvaxgt7Nu3R8Pry4h6QOfrtrDKDHGYbVUVUp74NWjggOrMIIDpzAfBgNVHSMEGDAWgBTicWbHOuUGtl2bQQoVai3FseY3dDAdBgNVHQ4EFgQUm+tYOHhsziIDGGBWBDbJsOQ+oV4wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNQYMKwYBBAGyMQECAQUBMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAcGBWeBDAEBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uQ0FFVkUzNi5jcmwwgYQGCCsGAQUFBwEBBHgwdjBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljU2VydmVyQXV0aGVudGljYXRpb25DQUVWRTM2LmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wfwYDVR0RBHgwdoI3c2VjdGlnb3B1YmxpY3NlcnZlcmF1dGhlbnRpY2F0aW9ucm9vdGU0Ni1ldi5zZWN0aWdvLmNvbYI7d3d3LnNlY3RpZ29wdWJsaWNzZXJ2ZXJhdXRoZW50aWNhdGlvbnJvb3RlNDYtZXYuc2VjdGlnby5jb20wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AJaXZL9VWJet90OHaDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABlkUBOQMAAAQDAEcwRQIgS1T3V7AOU6pXOY09kQDr9fs9+3mXRF//y+OTQQ+KXDICIQC0v4gXdtjXlKmatNLRGQFykunQIUp5PkAp9JDMv+vz2AB2ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAABlkUBOL0AAAQDAEcwRQIgWMX5z2rKYk6eC6jmBWZ8bgwvyy3luZHheEy9e6FI87gCIQCOWBRNitTHV+/0bve9cyYjkOuNr0xfr00dMcVdR42sCgB1AA5XlLzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4hAAABlkUBOo0AAAQDAEYwRAIgK+JNOsJpT324JRaZ4121hP5hW6ovC5yegMGeJjQ49wkCIGFvSmPHS67uAhyh+K8KbY8faNy0RulbHE31nwEuCz4+MAoGCCqGSM49BAMCA0kAMEYCIQDYNn43vK3H3I7Eu8YWhZPQzO36a05og+lrrn1lNaQ/PQIhAJHhsNt1MGhEa/n8sWHkJ8ESE0o2POiDXg/l+qwC5PMX", + "end_entity_cert": "MIIF0DCCBXegAwIBAgIQC6fNUTtjynAHcakn4YMOhzAKBggqhkjOPQQDAjBgMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRVYgRTM2MB4XDTI2MDQxMzAwMDAwMFoXDTI2MTAyODIzNTk1OVowgcUxETAPBgNVBAUTCDA0MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCR0IxEzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDFAMD4GA1UEAxM3c2VjdGlnb3B1YmxpY3NlcnZlcmF1dGhlbnRpY2F0aW9ucm9vdGU0Ni1ldi5zZWN0aWdvLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIreR7lbzpKwdNkk2dhmvRL/jndHOM7rJmGkxgQ+jcQ+2E+Mvaxgt7Nu3R8Pry4h6QOfrtrDKDHGYbVUVUp74NWjggOrMIIDpzAfBgNVHSMEGDAWgBTicWbHOuUGtl2bQQoVai3FseY3dDAdBgNVHQ4EFgQUm+tYOHhsziIDGGBWBDbJsOQ+oV4wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwSQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBQEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljU2VydmVyQXV0aGVudGljYXRpb25DQUVWRTM2LmNybDCBhAYIKwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvbkNBRVZFMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTB/BgNVHREEeDB2gjdzZWN0aWdvcHVibGljc2VydmVyYXV0aGVudGljYXRpb25yb290ZTQ2LWV2LnNlY3RpZ28uY29tgjt3d3cuc2VjdGlnb3B1YmxpY3NlcnZlcmF1dGhlbnRpY2F0aW9ucm9vdGU0Ni1ldi5zZWN0aWdvLmNvbTCCAYcGCisGAQQB1nkCBAIEggF3BIIBcwFxAHYA2AlVO5RPev/IFhlvlE+Fq7D4/F6HVSYPFdEucrtFSxQAAAGdhvtt+AAABAMARzBFAiAkiihO6JUTOesTX5gmf+YX3ChpYI6/baIVMP6QreUJ6wIhAO7dBZb9muDva6Sx1HtRN6Iq3eMXMoHrFioXhzL+/9U/AHcAyKPEf8ezrbk1awE/anoSbeM6TkOlxkb5l605dZkdz5oAAAGdhvtusAAABAMASDBGAiEAiwxwiTepzIhk8yQtH/3CfoO3DB/DYWstDBpa8xKvTlsCIQDmmwpC5GcbNW39F/cGp7fg6H3ruqkKlQ0wljycZ0qtuwB+AGz+UBlDqF6pFrxS0TPk3Mke8UEcfSWEINFzgJ4YGOs6AAABnYb7bwcACAAABQAHBbX+BAMARzBFAiEArTACDOcqix3mKXhKuctbmN2EuRhxthlhvgaGMlrvQgACIB1bPKO1yRhMdQsAc03QaZZ5iYTB5YbZTofPGGAV9Fh7MAoGCCqGSM49BAMCA0cAMEQCIHsvo39QgEz3iYgwAEIoDwIqH+4pypBjyKcLgsUwtNCYAiAW2ZnqT2zFNfIFM3McOfqLwpEy8Dlmwun5yIlSLS+/Ew==", "intermediates": [ "MIIDXjCCAuWgAwIBAgIQdfCDfT4iwr52uKvBJaBGbDAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRVYgRTM2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIclecB70mupDsxx5Q+pE94vB8/gMU8oIh9y7pEQ6c0QxbPhINFQ//AaiQBw60d9K1wMMhqy/QRkJy8MiywuslaOCAYAwggF8MB8GA1UdIwQYMBaAFNEi2kxZ8UtfJjiqndbu6w3D+6lhMB0GA1UdDgQWBBTicWbHOuUGtl2bQQoVai3FseY3dDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGgYDVR0gBBMwETAGBgRVHSAAMAcGBWeBDAEBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uUm9vdEU0Ni5jcmwwgYQGCCsGAQUFBwEBBHgwdjBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290RTQ2LnA3YzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wCgYIKoZIzj0EAwMDZwAwZAIwVtVm5z312gdibMeVJaC/LfWrobVfLPCiT0aXGrfMg/jc/9k+i1obrebeCiZtSnGOAjAyI28uokQqX0U3YJym7XbDb13u5EiUEJk2DQnoYyVUTr28vG1V+wPuBVCqOMi/Ov8=" ], - "serial": "IAKf8NJIfxjAPWP6z5Hkvg==", + "serial": "C6fNUTtjynAHcakn4YMOhw==", "issuer_spki_sha256": "lVUzVQgp60SlPl4E5/Nd7GLlg0qdQkgNz39YIr8YwFI=", "scts": [ { - "log_id": "lpdkv1VYl633Q4doNwhCd+nwOtX2pPM2bkakPw/KqcY=", - "timestamp": 1744914430211 + "log_id": "2AlVO5RPev/IFhlvlE+Fq7D4/F6HVSYPFdEucrtFSxQ=", + "timestamp": 1776086117880 }, { - "log_id": "GYbUxyiqb/66A294Kk0BkarOLXIxD67OXXBBLSVMx9Q=", - "timestamp": 1744914430141 + "log_id": "yKPEf8ezrbk1awE/anoSbeM6TkOlxkb5l605dZkdz5o=", + "timestamp": 1776086118064 }, { - "log_id": "DleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHFTiE=", - "timestamp": 1744914430605 + "log_id": "bP5QGUOoXqkWvFLRM+TcyR7xQRx9JYQg0XOAnhgY6zo=", + "timestamp": 1776086118151 } ] } @@ -2981,7 +2980,7 @@ "ca_sha256_fingerprint": "D95D0E8EDA79525BF9BEB11B14D2100D3294985F0C62D9FABD9CD999ECCB7B1D", "ca_label": "HARICA TLS RSA Root CA 2021", "test_website_revoked": "https://tls-rsa-revoked-ev.root2021.harica.gr", - "error": "invalid peer certificate: certificate expired: verification time 1776250258 (UNIX), but certificate is not valid after 1776249444 (814 seconds ago)" + "error": "invalid peer certificate: certificate expired: verification time 1776252882 (UNIX), but certificate is not valid after 1776249444 (3438 seconds ago)" }, { "ca_sha256_fingerprint": "DD6936FE21F8F077C123A1A521C12224F72255B73E03A7260693E8A24B0FA389", @@ -3620,5 +3619,6 @@ ] } } - ] + ], + "timestamp": 1776252892 } \ No newline at end of file diff --git a/revoke-test/tests/system_tests.rs b/revoke-test/tests/system_tests.rs index 63c54ece..413c5ebc 100644 --- a/revoke-test/tests/system_tests.rs +++ b/revoke-test/tests/system_tests.rs @@ -40,6 +40,10 @@ fn real_world_system_tests() { .expect("cannot find ../revoke-test/test-sites.json"), ) .expect("cannot parse test-sites.json"); + assert!( + !tests.expired(), + "test-sites.json is expired, please regenerate" + ); let high_level_cli = test_each_site(tests.sites.iter(), high_level_cli, "cli"); @@ -61,9 +65,9 @@ fn real_world_system_tests() { .zip(high_level_cli.iter()) .zip(rustls_results.iter()) { - assert_eq!( - high, rustls, - "site {site:?} revocation result disagrees between high-level API and rustls verifier" + assert!( + high == rustls || *high == rustls.expired_as_revoked(), + "site {site:?} revocation result disagrees between high-level API ({high:?}) and rustls verifier ({rustls:?})" ); } } @@ -111,6 +115,9 @@ impl TestCase for ServerVerifier { Err(Error::InvalidCertificate(CertificateError::Revoked)) => { TestResult::CorrectlyRevoked } + Err(Error::InvalidCertificate( + CertificateError::Expired | CertificateError::ExpiredContext { .. }, + )) => TestResult::Expired, Err(e) => panic!( "unexpected error verifying certificate: {e} (site: {})", test.test_website_revoked @@ -201,10 +208,15 @@ fn test_each_site<'a>( .iter() .filter(|item| matches!(item, TestResult::DecorationFailed)) .count(); + let expired = results + .iter() + .filter(|item| matches!(item, TestResult::Expired)) + .count(); println!("summary:"); println!(" correctly revoked: {correctly_revoked}"); println!(" incorrectly not revoked: {incorrectly_not_revoked}"); println!(" test case absent: {decorate_failed}"); + println!(" test case expired: {expired}"); assert!(correctly_revoked > 0); assert!(correctly_revoked > incorrectly_not_revoked); @@ -224,11 +236,24 @@ trait TestCase { fn run(&self, detail: &CertificateDetail, test: &RevocationTestSite) -> TestResult; } -#[derive(Debug, PartialEq)] +#[derive(Debug, Clone, Copy, PartialEq)] enum TestResult { CorrectlyRevoked, IncorrectlyNotRevoked, DecorationFailed, + Expired, +} + +impl TestResult { + fn expired_as_revoked(&self) -> Self { + // The high-level CLI doesn't do expiry checks, while the rustls verifier does. + // So we treat expiry as a class of revocation for the purpose of checking + // that the APIs agree. + match self { + Self::Expired => Self::CorrectlyRevoked, + other => *other, + } + } } const TEST_CONFIG_PATH: &str = "tmp/system-test/config.toml";