From f20358d93acc6a1597d1354a4d2e2bb15d3c688a Mon Sep 17 00:00:00 2001 From: Thomas Letan Date: Fri, 4 Aug 2023 15:47:05 +0200 Subject: [PATCH 1/4] Mempool: Project [syntactic_check] in Lwt.t --- src/lib_shell/prevalidation.ml | 4 ++- src/lib_shell/test/test_prevalidation.ml | 2 +- src/lib_validation/block_validation.ml | 6 ++-- src/lib_validation/shell_plugin.ml | 4 +-- src/lib_validation/shell_plugin.mli | 2 +- src/proto_016_PtMumbai/lib_plugin/mempool.ml | 2 +- src/proto_017_PtNairob/lib_plugin/mempool.ml | 38 ++++++++++++-------- src/proto_alpha/lib_plugin/mempool.ml | 2 +- 8 files changed, 36 insertions(+), 24 deletions(-) diff --git a/src/lib_shell/prevalidation.ml b/src/lib_shell/prevalidation.ml index 2067a3bed8e1..57d7f0b40521 100644 --- a/src/lib_shell/prevalidation.ml +++ b/src/lib_shell/prevalidation.ml @@ -166,7 +166,9 @@ module MakeAbstract (Chain_store : CHAIN_STORE) (Filter : Shell_plugin.FILTER) : return {validation_info; mempool; filter_state} let pre_filter state filter_config op = - match Filter.Mempool.syntactic_check op.protocol with + let open Lwt_syntax in + let* status = Filter.Mempool.syntactic_check op.protocol in + match status with | `Ill_formed -> Lwt.return (`Refused diff --git a/src/lib_shell/test/test_prevalidation.ml b/src/lib_shell/test/test_prevalidation.ml index 946d8fdf34e5..ed69632ac74a 100644 --- a/src/lib_shell/test/test_prevalidation.ml +++ b/src/lib_shell/test/test_prevalidation.ml @@ -496,7 +496,7 @@ module Toy_filter = struct let conflict_handler _ ~existing_operation:_ ~new_operation:_ = assert false - let syntactic_check _ = `Well_formed + let syntactic_check _ = Lwt.return `Well_formed end end diff --git a/src/lib_validation/block_validation.ml b/src/lib_validation/block_validation.ml index 212456eae3d9..b11b7a616ebb 100644 --- a/src/lib_validation/block_validation.ml +++ b/src/lib_validation/block_validation.ml @@ -871,8 +871,9 @@ module Make (Filter : Shell_plugin.FILTER) = struct {shell = op.raw.shell; protocol_data = op.protocol_data} in let open Lwt_result_syntax in + let*! status = Filter.Mempool.syntactic_check operation in let* validation_state = - match Filter.Mempool.syntactic_check operation with + match status with | `Ill_formed -> failwith "Ill-formed operation filtered" | `Well_formed -> Proto.validate_operation pv.validation_state op.hash operation @@ -1252,7 +1253,8 @@ module Make (Filter : Shell_plugin.FILTER) = struct (fun state ops -> List.fold_left_es (fun state (oph, op) -> - match Filter.Mempool.syntactic_check op with + let*! status = Filter.Mempool.syntactic_check op in + match status with | `Ill_formed -> failwith "Ill-formed operation filtered" | `Well_formed -> let* state = Proto.validate_operation state oph op in diff --git a/src/lib_validation/shell_plugin.ml b/src/lib_validation/shell_plugin.ml index fd15fcc83189..95abe943422f 100644 --- a/src/lib_validation/shell_plugin.ml +++ b/src/lib_validation/shell_plugin.ml @@ -46,7 +46,7 @@ module type FILTER = sig val remove : filter_state:state -> Operation_hash.t -> state - val syntactic_check : Proto.operation -> [`Well_formed | `Ill_formed] + val syntactic_check : Proto.operation -> [`Well_formed | `Ill_formed] Lwt.t val pre_filter : config -> @@ -109,7 +109,7 @@ module No_filter (Proto : Registered_protocol.T) : let flush _ ~head:_ = Lwt_result_syntax.return_unit - let syntactic_check _ = `Well_formed + let syntactic_check _ = Lwt.return `Well_formed let pre_filter _ ~filter_state:_ _ = Lwt.return @@ `Passed_prefilter (`Low []) diff --git a/src/lib_validation/shell_plugin.mli b/src/lib_validation/shell_plugin.mli index 6ae50306d179..a6d310e5ddce 100644 --- a/src/lib_validation/shell_plugin.mli +++ b/src/lib_validation/shell_plugin.mli @@ -64,7 +64,7 @@ module type FILTER = sig ill-formed operations to block block application. Should be called before the {!pre_filter}, does not need a context. *) - val syntactic_check : Proto.operation -> [`Well_formed | `Ill_formed] + val syntactic_check : Proto.operation -> [`Well_formed | `Ill_formed] Lwt.t (** [pre_filter config ~filter_state operation_data] is called on arrival of an operation and after a flush of diff --git a/src/proto_016_PtMumbai/lib_plugin/mempool.ml b/src/proto_016_PtMumbai/lib_plugin/mempool.ml index a641e48b1052..fb5fd462b96f 100644 --- a/src/proto_016_PtMumbai/lib_plugin/mempool.ml +++ b/src/proto_016_PtMumbai/lib_plugin/mempool.ml @@ -774,7 +774,7 @@ let pre_filter_far_future_consensus_ops config ~filter_state in match res with Ok b -> Lwt.return b | Error _ -> Lwt.return_false -let syntactic_check _ = `Well_formed +let syntactic_check _ = Lwt.return `Well_formed (** A quasi infinite amount of "valid" (pre)endorsements could be sent by a committee member, one for each possible round number. diff --git a/src/proto_017_PtNairob/lib_plugin/mempool.ml b/src/proto_017_PtNairob/lib_plugin/mempool.ml index 41e1c01924d5..783e6b37bf86 100644 --- a/src/proto_017_PtNairob/lib_plugin/mempool.ml +++ b/src/proto_017_PtNairob/lib_plugin/mempool.ml @@ -548,30 +548,36 @@ let kinded_hash_to_state_hash = function | `Value hash | `Node hash -> Sc_rollup.State_hash.context_hash_to_state_hash hash -let is_invalid_op : type t. t manager_operation -> bool = function +let is_invalid_op : type t. t manager_operation -> bool Lwt.t = + let open Lwt_syntax in + function | Sc_rollup_execute_outbox_message {rollup = _; cemented_commitment = _; output_proof} -> ( match Data_encoding.Binary.of_string_opt output_proof_encoding output_proof with - | None -> true + | None -> return_true | Some (output_proof, output_proof_state, _) -> - not - (Sc_rollup.State_hash.equal - output_proof_state - (kinded_hash_to_state_hash - output_proof.Environment.Context.Proof.before))) - | _ -> false - -let rec contains_invalid_op : type t. t Kind.manager contents_list -> bool = - function + Lwt.return + @@ not + (Sc_rollup.State_hash.equal + output_proof_state + (kinded_hash_to_state_hash + output_proof.Environment.Context.Proof.before))) + | _ -> return_false + +let rec contains_invalid_op : type t. t Kind.manager contents_list -> bool Lwt.t + = function | Single (Manager_operation {operation; _}) -> is_invalid_op operation | Cons (Manager_operation {operation; _}, rest) -> - is_invalid_op operation || contains_invalid_op rest + let open Lwt_syntax in + let* is_invalid = is_invalid_op operation in + if not is_invalid then contains_invalid_op rest else return_true let syntactic_check ({shell = _; protocol_data = Operation_data {contents; _}} : Main.operation) = + let open Lwt_syntax in match contents with | Single (Failing_noop _) | Single (Preendorsement _) @@ -586,11 +592,13 @@ let syntactic_check | Single (Vdf_revelation _) | Single (Drain_delegate _) | Single (Ballot _) -> - `Well_formed + Lwt.return `Well_formed | Single (Manager_operation _) as op -> - if contains_invalid_op op then `Ill_formed else `Well_formed + let* is_invalid = contains_invalid_op op in + if is_invalid then return `Ill_formed else return `Well_formed | Cons (Manager_operation _, _) as op -> - if contains_invalid_op op then `Ill_formed else `Well_formed + let* is_invalid = contains_invalid_op op in + if is_invalid then return `Ill_formed else return `Well_formed let pre_filter_manager : type t. diff --git a/src/proto_alpha/lib_plugin/mempool.ml b/src/proto_alpha/lib_plugin/mempool.ml index 1199fb416113..6dc2fc64931f 100644 --- a/src/proto_alpha/lib_plugin/mempool.ml +++ b/src/proto_alpha/lib_plugin/mempool.ml @@ -1029,4 +1029,4 @@ let conflict_handler config : Mempool.conflict_handler = else if Operation.compare existing_operation new_operation < 0 then `Replace else `Keep -let syntactic_check _ = `Well_formed +let syntactic_check _ = Lwt.return `Well_formed -- GitLab From abf6bab50475ce24141002fab5b12e7cb19ce3d0 Mon Sep 17 00:00:00 2001 From: Thomas Letan Date: Wed, 9 Aug 2023 18:22:23 +0200 Subject: [PATCH 2/4] Nairobi: Discard operations containing invalid proof earlier --- src/proto_017_PtNairob/lib_plugin/mempool.ml | 68 +++++++++++++++++--- 1 file changed, 59 insertions(+), 9 deletions(-) diff --git a/src/proto_017_PtNairob/lib_plugin/mempool.ml b/src/proto_017_PtNairob/lib_plugin/mempool.ml index 783e6b37bf86..c6d8f36ce983 100644 --- a/src/proto_017_PtNairob/lib_plugin/mempool.ml +++ b/src/proto_017_PtNairob/lib_plugin/mempool.ml @@ -535,14 +535,52 @@ let check_minimal_weight config state ~fee ~gas_limit op = (`Branch_delayed [Environment.wrap_tzerror (Fees_too_low_for_mempool required_fee)]) +let output_encoding = + let open Data_encoding in + obj3 + (req "outbox_level" Environment.Bounded.Non_negative_int32.encoding) + (req "message_index" n) + (req "message" Variable.string) + let output_proof_encoding = let open Data_encoding in obj3 (req "output_proof" - Sc_rollup_wasm.V2_0_0.Protocol_implementation.proof_encoding) + Tezos_context_helpers.Context.Proof_encoding.Merkle_proof_encoding.V2 + .Tree2 + .tree_proof_encoding) (req "output_proof_state" Sc_rollup.State_hash.encoding) - (req "output_proof_output" Variable.bytes) + (req "output_proof_output" output_encoding) + +module Tree = struct + open Environment + include Context.Tree + + type tree = Context.tree + + type t = Context.t + + type key = string list + + type value = bytes +end + +module Wasm_machine = Environment.Wasm_2_0_0.Make (Tree) + +let discard_wasm_output_proof_early output_proof outbox_level message_index + output = + let open Lwt_syntax in + let+ result = + Environment.Context.verify_tree_proof output_proof (fun tree -> + let* output = + Wasm_machine.get_output {outbox_level; message_index} tree + in + return (tree, output)) + in + match result with + | Ok (_, Some expected_output) -> not (expected_output = output) + | _ -> false let kinded_hash_to_state_hash = function | `Value hash | `Node hash -> @@ -557,13 +595,25 @@ let is_invalid_op : type t. t manager_operation -> bool Lwt.t = Data_encoding.Binary.of_string_opt output_proof_encoding output_proof with | None -> return_true - | Some (output_proof, output_proof_state, _) -> - Lwt.return - @@ not - (Sc_rollup.State_hash.equal - output_proof_state - (kinded_hash_to_state_hash - output_proof.Environment.Context.Proof.before))) + | Some + ( output_proof, + output_proof_state, + (outbox_level, message_index, output) ) -> + let* discard_wasm_proof = + discard_wasm_output_proof_early + output_proof + outbox_level + message_index + output + in + let state_is_correct = + Sc_rollup.State_hash.equal + output_proof_state + (kinded_hash_to_state_hash + output_proof.Environment.Context.Proof.before) + in + let is_invalid = (not state_is_correct) || discard_wasm_proof in + return is_invalid) | _ -> return_false let rec contains_invalid_op : type t. t Kind.manager contents_list -> bool Lwt.t -- GitLab From 5bc443f7b2b8eba665faaf04512e7a119ee0b81f Mon Sep 17 00:00:00 2001 From: Arvid Jakobsson Date: Tue, 18 Jul 2023 16:22:11 +0200 Subject: [PATCH 3/4] Tezt: script for regenerating TLS certificates --- tezt/tests/tls/regenerate-certificate.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 tezt/tests/tls/regenerate-certificate.sh diff --git a/tezt/tests/tls/regenerate-certificate.sh b/tezt/tests/tls/regenerate-certificate.sh new file mode 100755 index 000000000000..0b68688049d1 --- /dev/null +++ b/tezt/tests/tls/regenerate-certificate.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# This command regenerates the files tezos.key and tezos.crt, used in +# the Tezt test 'Test TLS'. + +openssl req \ + -x509 \ + -newkey rsa:2048 \ + -sha256 \ + -days 36500 \ + -nodes \ + -keyout tezt/tests/tls/tezos.key \ + -out tezt/tests/tls/tezos.crt \ + -subj "/CN=Easy-RSA CA" \ + -addext 'basicConstraints = CA:false' \ + -addext "subjectAltName = DNS:localhost" \ + -text -- GitLab From 4f3d172cc15c7b53efa8f5a2ab8f397077a7d783 Mon Sep 17 00:00:00 2001 From: Killian Delarue Date: Wed, 16 Aug 2023 13:42:50 +0200 Subject: [PATCH 4/4] Tezt: Regenerate TLS certificates --- tezt/tests/tls/tezos.crt | 134 ++++++++++++++++++--------------------- tezt/tests/tls/tezos.key | 52 +++++++-------- 2 files changed, 89 insertions(+), 97 deletions(-) diff --git a/tezt/tests/tls/tezos.crt b/tezt/tests/tls/tezos.crt index 3118e1b78270..ac69fbe8d2b7 100644 --- a/tezt/tests/tls/tezos.crt +++ b/tezt/tests/tls/tezos.crt @@ -2,86 +2,78 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - f0:c1:da:d7:8e:cf:49:44:b7:69:a8:1b:89:d4:36:a5 + 54:db:db:ac:79:4b:f4:77:33:75:28:fe:8f:59:35:b0:b7:7b:27:5c Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=Easy-RSA CA + Issuer: CN = Easy-RSA CA Validity - Not Before: Apr 14 09:21:27 2021 GMT - Not After : Jul 18 09:21:27 2023 GMT - Subject: CN=localhost + Not Before: Aug 16 11:42:41 2023 GMT + Not After : Jul 23 11:42:41 2123 GMT + Subject: CN = Easy-RSA CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) + Public-Key: (2048 bit) Modulus: - 00:bc:08:18:ef:f6:fd:70:f1:88:02:e7:09:a1:54: - ae:68:9f:6a:58:96:84:a8:a0:54:ab:8f:6d:45:7c: - b6:b0:56:1d:3b:a8:fd:28:5d:3b:04:b6:4b:df:c8: - 7a:a4:4c:49:a7:53:16:d9:df:6c:83:49:7b:fd:d2: - 34:70:af:db:d4:66:c7:ae:e0:97:b9:82:c6:c6:b9: - 47:af:f7:39:46:2d:a3:d3:7d:b0:6f:ab:58:d8:c3: - 3b:22:06:c1:6c:c0:ff:0c:74:7b:e6:f8:2d:f9:47: - 21:43:af:14:e3:b5:75:56:fc:7d:d1:98:d0:6d:07: - aa:6e:6c:2e:2e:74:a5:24:05:6b:2f:4a:bc:a8:e8: - 83:2a:ae:e0:f2:12:78:9b:d2:27:02:ad:a1:af:5e: - 7a:cb:66:40:bc:94:7f:f4:cc:ab:54:e5:d9:a2:11: - 08:6a:33:97:aa:5c:46:5d:ad:b5:ae:ca:a6:21:74: - 89:29:01:e6:a1:df:f1:a8:58:be:10:63:67:a9:9f: - fa:8a:f9:dd:a5:2e:bf:00:eb:a6:2b:49:ff:95:d5: - a5:0f:f4:15:19:2f:72:7c:52:3c:53:81:56:cb:c3: - b3:e0:ea:eb:b9:18:72:cc:91:1e:0a:79:0f:b5:7c: - 7a:f3:6f:cb:b0:a5:32:3e:36:41:b1:74:05:28:2f: - a2:d3 + 00:df:f6:1c:10:e2:91:77:a8:2a:ea:31:8c:a9:b4: + 36:13:8e:72:ec:77:69:0c:2d:aa:7b:fe:bd:92:30: + 3b:fc:1f:7d:e4:f2:c7:01:9a:f7:7f:aa:f3:44:bf: + 8f:c4:f1:3e:ba:46:c5:49:a6:17:99:5f:73:01:27: + 4d:2c:99:cf:0e:18:70:40:24:88:f5:29:60:ba:26: + 8f:14:54:e0:fe:86:81:2c:63:c0:47:7c:ca:03:de: + f0:1d:f9:32:23:a1:f5:c3:4c:f3:32:a6:56:00:35: + b7:be:85:5e:cc:03:d4:d4:cd:b4:88:b7:f5:f0:7b: + 00:75:5f:77:9c:c8:4f:cb:c0:13:67:ef:36:46:14: + 5d:d6:02:7a:0b:36:90:bd:af:45:1b:9e:4d:cd:eb: + 1a:92:ca:e1:24:d5:d2:cb:02:d5:8d:e2:9c:37:b0: + 0c:8b:60:4e:51:47:97:18:5c:34:ca:d4:a2:9d:0a: + 33:b9:3d:e4:86:25:97:ee:87:de:e1:50:d0:d5:a2: + 8a:13:10:6b:e5:3a:ab:1a:9f:f4:27:01:a9:e9:f7: + 9a:91:b5:fd:14:c8:a8:28:19:df:8f:98:8d:3f:eb: + 94:2c:54:15:52:09:7e:99:a8:2c:d8:dd:d0:e9:fe: + 12:a4:45:1b:10:8f:59:a5:92:54:12:ca:4c:84:2a: + 45:27 Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Basic Constraints: + X509v3 Subject Key Identifier: + 8B:C7:AF:DD:1B:28:70:F2:B2:A1:35:CB:F8:73:C1:D6:2B:E7:87:C8 + X509v3 Authority Key Identifier: + 8B:C7:AF:DD:1B:28:70:F2:B2:A1:35:CB:F8:73:C1:D6:2B:E7:87:C8 + X509v3 Basic Constraints: CA:FALSE - X509v3 Subject Key Identifier: - CB:AA:52:32:A6:25:9D:15:26:55:85:97:82:D6:EA:8B:AD:73:46:FD - X509v3 Authority Key Identifier: - keyid:E1:2F:3E:C9:77:09:2E:6D:6A:26:F1:7F:45:3B:30:3F:4E:D8:77:9B - DirName:/CN=Easy-RSA CA - serial:4D:04:D1:4A:10:52:34:02:D4:9B:45:C4:C1:BD:FD:F3:2C:EA:77:C9 - - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Key Usage: - Digital Signature, Key Encipherment - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: DNS:localhost Signature Algorithm: sha256WithRSAEncryption - 61:b6:bb:32:4d:44:ee:bb:5f:5b:2d:49:9a:c5:92:ac:11:a0: - e4:4f:d4:f4:ab:65:c0:65:92:96:55:00:7f:c3:06:a3:f6:48: - ad:3d:67:cc:c3:71:15:de:bc:1a:f3:e2:d0:f6:e7:50:be:79: - bc:5b:44:86:5c:06:a1:7e:bb:b1:00:ba:9a:b1:35:5a:ea:6f: - 2d:9d:73:6d:cd:9b:ec:c2:84:ea:30:b7:e7:03:88:b2:9a:2d: - 02:a2:88:6d:53:0e:ed:2d:2f:4b:88:2a:77:05:78:63:78:90: - 1b:1c:c9:10:f4:a0:22:87:cb:45:4c:44:f8:6d:75:3c:f7:11: - a0:2e:4a:8c:01:5f:ee:5e:15:3b:f5:16:f0:de:0a:1a:99:69: - 1d:1b:b1:c6:07:95:ce:50:7f:5f:af:59:8a:aa:a8:fb:00:43: - 00:a2:a8:84:36:09:f0:68:95:d9:9a:1b:fe:22:e5:0d:1b:63: - 7f:aa:cf:80:1c:a7:07:81:b2:69:f8:13:a5:70:4a:ce:08:53: - b7:7b:94:e8:bb:b6:65:28:8a:89:85:74:45:b9:65:1b:11:a9: - 8d:7f:5b:81:66:7d:da:7a:ac:28:ba:db:2f:01:1a:bf:d1:a5: - 01:2c:53:c0:8e:09:40:2f:22:36:a0:95:d9:be:96:b9:52:8c: - 38:17:55:1f + Signature Value: + cf:67:18:15:2b:cb:b7:64:0c:14:33:81:da:c6:f0:b9:70:48: + ae:80:4a:55:8d:6a:b9:57:41:a7:af:0f:cf:df:21:21:b6:52: + 07:34:f0:7a:9f:93:dc:34:bf:11:58:e4:7d:32:b3:ef:19:8d: + 52:b8:ea:4b:a1:1d:f5:44:0f:4a:78:36:b5:d4:3a:07:fc:e7: + 2f:51:98:d0:3b:da:4c:76:00:ba:18:a7:cb:f2:37:f0:1c:90: + 84:7f:29:26:b9:88:76:1d:1e:8a:ec:7a:f9:e3:e4:52:6f:84: + 8d:06:5c:c6:d8:b1:29:b6:91:23:6e:ba:1a:0d:3c:d5:ce:10: + c0:78:69:d2:60:a5:d7:be:a2:f7:dd:e3:62:4e:ef:22:8e:64: + 93:5b:b2:02:6b:86:27:f4:2a:c1:fe:33:3a:26:bd:61:1c:a9: + b4:b0:23:ad:be:a2:93:a3:f9:d3:91:a2:25:27:90:00:b3:8e: + 05:68:93:57:5b:4e:7c:3f:a7:8a:a3:60:03:11:6a:00:34:aa: + 30:3b:dc:9b:39:2b:93:3d:b7:5b:5f:09:1c:4b:8b:3c:eb:58: + 9c:59:2f:16:11:a8:b4:f6:19:2c:fa:9a:5f:b0:f6:48:51:db: + 12:11:1d:f3:76:dc:60:d8:32:c3:e7:fb:7a:32:52:e7:be:6f: + 11:f3:ce:eb -----BEGIN CERTIFICATE----- -MIIDbjCCAlagAwIBAgIRAPDB2teOz0lEt2moG4nUNqUwDQYJKoZIhvcNAQELBQAw -FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwNDE0MDkyMTI3WhcNMjMwNzE4 -MDkyMTI3WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC8CBjv9v1w8YgC5wmhVK5on2pYloSooFSrj21FfLawVh07 -qP0oXTsEtkvfyHqkTEmnUxbZ32yDSXv90jRwr9vUZseu4Je5gsbGuUev9zlGLaPT -fbBvq1jYwzsiBsFswP8MdHvm+C35RyFDrxTjtXVW/H3RmNBtB6pubC4udKUkBWsv -Sryo6IMqruDyEnib0icCraGvXnrLZkC8lH/0zKtU5dmiEQhqM5eqXEZdrbWuyqYh -dIkpAeah3/GoWL4QY2epn/qK+d2lLr8A66YrSf+V1aUP9BUZL3J8UjxTgVbLw7Pg -6uu5GHLMkR4KeQ+1fHrzb8uwpTI+NkGxdAUoL6LTAgMBAAGjgbgwgbUwCQYDVR0T -BAIwADAdBgNVHQ4EFgQUy6pSMqYlnRUmVYWXgtbqi61zRv0wUQYDVR0jBEowSIAU -4S8+yXcJLm1qJvF/RTswP07Yd5uhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB -ghRNBNFKEFI0AtSbRcTBvf3zLOp3yTATBgNVHSUEDDAKBggrBgEFBQcDATALBgNV -HQ8EBAMCBaAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IB -AQBhtrsyTUTuu19bLUmaxZKsEaDkT9T0q2XAZZKWVQB/wwaj9kitPWfMw3EV3rwa -8+LQ9udQvnm8W0SGXAahfruxALqasTVa6m8tnXNtzZvswoTqMLfnA4iymi0Cooht -Uw7tLS9LiCp3BXhjeJAbHMkQ9KAih8tFTET4bXU89xGgLkqMAV/uXhU79Rbw3goa -mWkdG7HGB5XOUH9fr1mKqqj7AEMAoqiENgnwaJXZmhv+IuUNG2N/qs+AHKcHgbJp -+BOlcErOCFO3e5Tou7ZlKIqJhXRFuWUbEamNf1uBZn3aeqwoutsvARq/0aUBLFPA -jglALyI2oJXZvpa5Uow4F1Uf +MIIDHzCCAgegAwIBAgIUVNvbrHlL9HczdSj+j1k1sLd7J1wwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwIBcNMjMwODE2MTE0MjQxWhgPMjEy +MzA3MjMxMTQyNDFaMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/YcEOKRd6gq6jGMqbQ2E45y7HdpDC2qe/69 +kjA7/B995PLHAZr3f6rzRL+PxPE+ukbFSaYXmV9zASdNLJnPDhhwQCSI9SlguiaP +FFTg/oaBLGPAR3zKA97wHfkyI6H1w0zzMqZWADW3voVezAPU1M20iLf18HsAdV93 +nMhPy8ATZ+82RhRd1gJ6CzaQva9FG55NzesaksrhJNXSywLVjeKcN7AMi2BOUUeX +GFw0ytSinQozuT3khiWX7ofe4VDQ1aKKExBr5TqrGp/0JwGp6feakbX9FMioKBnf +j5iNP+uULFQVUgl+mags2N3Q6f4SpEUbEI9ZpZJUEspMhCpFJwIDAQABo2MwYTAd +BgNVHQ4EFgQUi8ev3RsocPKyoTXL+HPB1ivnh8gwHwYDVR0jBBgwFoAUi8ev3Rso +cPKyoTXL+HPB1ivnh8gwCQYDVR0TBAIwADAUBgNVHREEDTALgglsb2NhbGhvc3Qw +DQYJKoZIhvcNAQELBQADggEBAM9nGBUry7dkDBQzgdrG8LlwSK6ASlWNarlXQaev +D8/fISG2Ugc08Hqfk9w0vxFY5H0ys+8ZjVK46kuhHfVED0p4NrXUOgf85y9RmNA7 +2kx2ALoYp8vyN/AckIR/KSa5iHYdHorsevnj5FJvhI0GXMbYsSm2kSNuuhoNPNXO +EMB4adJgpde+ovfd42JO7yKOZJNbsgJrhif0KsH+MzomvWEcqbSwI62+opOj+dOR +oiUnkACzjgVok1dbTnw/p4qjYAMRagA0qjA73Js5K5M9t1tfCRxLizzrWJxZLxYR +qLT2GSz6ml+w9khR2xIRHfN23GDYMsPn+3oyUue+bxHzzus= -----END CERTIFICATE----- diff --git a/tezt/tests/tls/tezos.key b/tezt/tests/tls/tezos.key index 5d7c7bcf43cb..4966b70b0ac8 100644 --- a/tezt/tests/tls/tezos.key +++ b/tezt/tests/tls/tezos.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8CBjv9v1w8YgC -5wmhVK5on2pYloSooFSrj21FfLawVh07qP0oXTsEtkvfyHqkTEmnUxbZ32yDSXv9 -0jRwr9vUZseu4Je5gsbGuUev9zlGLaPTfbBvq1jYwzsiBsFswP8MdHvm+C35RyFD -rxTjtXVW/H3RmNBtB6pubC4udKUkBWsvSryo6IMqruDyEnib0icCraGvXnrLZkC8 -lH/0zKtU5dmiEQhqM5eqXEZdrbWuyqYhdIkpAeah3/GoWL4QY2epn/qK+d2lLr8A -66YrSf+V1aUP9BUZL3J8UjxTgVbLw7Pg6uu5GHLMkR4KeQ+1fHrzb8uwpTI+NkGx -dAUoL6LTAgMBAAECggEAJA5Ncd5j1P+LvDq/Xv9U/lzrUJd0Ur2D3u3+3x8+DOxG -aMVL3iyaf5nRTNUtp0m1qe9F53tvXHF/5DklsyIVvlIDImaQ0ZLhOQQYWgbHJczk -qE5mwdMSk2ZEdY7kEk2j2qiPhce7URyxpT/yeoO2P3rlSYbLGM0qgkgeRuw5KoHH -Vq7w/NmgFuhDeqmYi7C+51CCD2x56la08VW/xRNATzniVZ97CvpwWhjdKock2+bp -FB6FE77jOye0uqdEcsPl6cJfJaL6vQRl9h8DFn2GmAnRP5mcqx03HaehPrwO86mC -xlrPS0CZeti1Y3VVZCFEKmGy8bYWLBSoXAgeWEtQWQKBgQDfeoT3STBdHdBVpkAW -9wXhzmu1ZyXNcDM9j64fuZ7oWitdoQM6znfws2c1jNcXIvxuTRWm7OJGT1ak/gck -2+4g6soQbg4vtGzxpOSmzp4MobDip/cjwWDoYC0OQZHZT/PImaTP4AAXjQAL8S1H -mty9DnLHOCBd7V1xVKM6U8hY3wKBgQDXZQkVNhwRlk3Sbrxgb5/J6zMLbjO4XDm6 -olLT9hnUxhYZ06voaC9fP52WiswUaSOc6LBC2SR5mLxFBNjBuMekYG5z+4KJvdj8 -DyX/ZHtIDSvC2Iol0uO9ppcoHUafXbHXxBLskOxsC45ggK79lpuUghc/mVCz7D0s -BGWDDg9QjQKBgQCFAkjtXVQ5t6rtrztp77BCizc0CqZHNcZpl4CNRU88/53b5h8j -+wsL6ds91guWq64OgDao2Uh7jHEHVmIuH/AFC3kkejxbTEmjMP8eAM+0uO+sl0fS -sh/ZbpSibYg/DQUNmdSsHKgxXCxw7ySB/7vtkhHiXJd3D/WTpEpaRs9xhQKBgB8x -d55FxszZOo32EXvZzoc8c5j9LapOWOHpbhtaMaV5xmuZFvVCWVHu8ZCCq0ltbIXl -wNj9f2XIs8M/D3EGpIrumDBdxSrTfqAKRZN15tCpb6P5HhCaOPcXMB7UFo0v0XiQ -4bi2yDZheg4JtM3uyLs6F8nTFzfnR3ifbmALYjZlAoGBANqsFDHh7v/xSKDnBV8k -sOL4Bzv4U42jueGl/p37bflgn64ApCBaMCO943hUt6XUgnX+9EMFY8+Qi7CdtVRK -UP3J3otOYjHnDCLK/Re6KnxyB0Xj10+jOEqceoSdZnByKtfyFmfdn/0U5F8IhbbI -V7GSZfaUrOrd1H6Tmb23vlSk +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDf9hwQ4pF3qCrq +MYyptDYTjnLsd2kMLap7/r2SMDv8H33k8scBmvd/qvNEv4/E8T66RsVJpheZX3MB +J00smc8OGHBAJIj1KWC6Jo8UVOD+hoEsY8BHfMoD3vAd+TIjofXDTPMyplYANbe+ +hV7MA9TUzbSIt/XwewB1X3ecyE/LwBNn7zZGFF3WAnoLNpC9r0Ubnk3N6xqSyuEk +1dLLAtWN4pw3sAyLYE5RR5cYXDTK1KKdCjO5PeSGJZfuh97hUNDVoooTEGvlOqsa +n/QnAanp95qRtf0UyKgoGd+PmI0/65QsVBVSCX6ZqCzY3dDp/hKkRRsQj1mlklQS +ykyEKkUnAgMBAAECggEASw9UW7Jbl5NUgrYFkzDTON2ylZ71pX++lh0L0u14hSjW +zD8zxE14KqEUNBPRrus9nzet0l+opB4R0K6n1k1cUDiPkmfMQQJTqT/YDzPdTmCs +9UAfRrZDjGWQ6zLEA5453HEzRuPpidt3EBLp8Q1NrN6eZX3mHulSf4P19iVKXRoL +oPtJboA3QpUhp0Y/sIL7cneLCQQJF5nQBNv6E1khMGZfqL+PIMlSWqHZt7txUM4a +n8F4/65gbaYu/iA3oEHL9S10SHneLuz+NQRh95DtPmBcWpNLlv9D6m/YVLAoXfx9 +PVJ0E16I7Jv1tr1igbPW+KCe632Rh0mBEB41XbgVGQKBgQD57SkE55rFcnhQB304 +oupzDM5F+IwnVH2LbtusYj1wc4ZO0o+9WEykIa5K0c7UNNyDC5svgc3rF3eUwT7l +EWjhD5aLno1vZsg/Q0RuUktYQcYFqy/STwcwdbKH5Bwc3XPGATG8FQKIVJ8RODm+ +WTva6VBDGdU1YwWtEU2wGOIaaQKBgQDlZ2p6tLK+TLPhjLPZYvKCYLynYuGe8J8Z +qs/BTvtLOOnyadCbX6oMwRaC3hFOtDKmjFtQ9sydO9smtzo2LLAZmrVHqvr39mTj +V3Jg9dratOWHaovaVjSuEN8jE1VzqfTnSx0cXBNFsq7VuSmIc183dm3D9NVSP0Ml +G4VwoyPRDwKBgQDOHOhXQypA68aNOZ/rtW/ksgrraa8sQGHJPAOuhtZkhuGc38nr +PYb3VU+IJL+OAopZCJlS9Jn957yW0UgtYc48zb46Jug9l2ZNxgwJb5TzlErbIfKu +Xr5vGKHDsDv/EiMIiLObiTgtdpw4d0Yn1S+nugKXVBahkKh9smd/cwYFAQKBgQDc +WwJE693mPfdr6KO5ZPpdkl6kyq6+5ZNuLE1z+lIYZ4sRd+MR3EqUBcWB353wY9dj +c98jXm4deql//vDDqRle/uSy+uIn3V37orwTtxWKj8kK0qWUDMp9iWdNYfzrJY5B +vj0wSKGaiZC3ay0iDPChbfjyCfP/FRWCR3VeRNbasQKBgBNqfiGAnINRRHxYkXy0 +xYObG6V3qe9PSudJS97mvc5CkP5HTHASRgBgRZiDJEUkZaLzcoJuHXyTrOpbVDnW +1972Hix/gp0KNxVF0rRHzf4Q5Slv+A6NwVPUmk0Ic7KnoU5t8IR6VsmkMzsP+HBa +9FFJstrPxbg3LYHjXznyVvh8 -----END PRIVATE KEY----- -- GitLab