Apply post_install script to lua-resty-openssl

src/deps/src/lua-resty-openssl/t/fips.t

@@ -1,132 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-my $fips = $ENV{'TEST_NGINX_FIPS'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-
-        _G.myassert = require("helper").myassert
-        _G.fips = "$fips" ~= ""
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: FIPS mode can be turned on and off
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not _G.fips then
-                ngx.say("false\ntrue\nfalse")
-                ngx.exit(200)
-            end
-            local openssl = require("resty.openssl")
-            if require("resty.openssl.version").BORINGSSL then
-                if openssl.get_fips_mode() then
-                    ngx.say("false\ntrue\nfalse")
-                else
-                    ngx.say("BORINGSSL should have fips turned on but actually not")
-                end
-                ngx.exit(200)
-            end
-            ngx.say(openssl.get_fips_mode())
-            myassert(openssl.set_fips_mode(true))
-            ngx.say(openssl.get_fips_mode())
-            myassert(openssl.set_fips_mode(false))
-            ngx.say(openssl.get_fips_mode())
-        }
-    }
---- request
-    GET /t
---- response_body
-false
-true
-false
---- no_error_log
-[error]
-
-=== TEST 2: CIPHER, MD and PKEY provider is directed to fips
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not _G.fips or not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("fips\nfips\nfips")
-                ngx.exit(200)
-            end
-            local openssl = require("resty.openssl")
-            myassert(openssl.set_fips_mode(true))
-
-            ngx.say(myassert(require("resty.openssl.cipher").new("aes256")):get_provider_name())
-            ngx.say(myassert(require("resty.openssl.digest").new("sha256")):get_provider_name())
-            ngx.say(myassert(require("resty.openssl.pkey").new({ type = "EC" })):get_provider_name())
-        }
-    }
---- request
-    GET /t
---- response_body
-fips
-fips
-fips
---- no_error_log
-[error]
-
-=== TEST 3: Non-FIPS compliant algorithms are not allowed
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            -- BORINGSSL doesn't seem to remove non-fips compliant algorithms?
-            if not _G.fips or require("resty.openssl.version").BORINGSSL then
-                ngx.say("true\ntrue")
-                ngx.say("invalid cipher type \"chacha20\": unsupported")
-                ngx.say("invalid digest type \"md5\": unsupported")
-                ngx.exit(200)
-            end
-
-            local ok, err
-            if require("resty.openssl.version").OPENSSL_3X then
-                ok, err = require("resty.openssl.cipher").new("chacha20")
-            else
-                ok, err = require("resty.openssl.cipher").new("seed")
-            end
-            ngx.say(not not ok)
-            local ok, err = require("resty.openssl.digest").new("md5")
-            ngx.say(not not ok)
-
-            local openssl = require("resty.openssl")
-            myassert(openssl.set_fips_mode(true))
-
-            if require("resty.openssl.version").OPENSSL_3X then
-                ok, err = require("resty.openssl.cipher").new("chacha20")
-            else
-                ok, err = require("resty.openssl.cipher").new("seed")
-            end
-            ngx.say(err)
-            local ok, err = require("resty.openssl.digest").new("md5")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like
-true
-true
-.*invalid cipher type.+(?:unsupported|disabled for fips).*
-.*invalid digest type "md5".+(?:unsupported|disabled for fips).*
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/fixtures/Github.pem

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFBjCCBK2gAwIBAgIQDovzdw2S0Zbwu2H5PEFmvjAKBggqhkjOPQQDAjBnMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xPzA9BgNVBAMTNkRp
-Z2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIFRMUyBIeWJyaWQgRUNDIFNIQTI1NiAyMDIw
-IENBMTAeFw0yMTAzMjUwMDAwMDBaFw0yMjAzMzAyMzU5NTlaMGYxCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
-MRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdpdGh1Yi5jb20wWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAASt9vd1sdNJVApdEHG93CUGSyIcoiNOn6H+
-udCMvTm8DCPHz5GmkFrYRasDE77BI3q5xMidR/aW4Ll2a1A2ZvcNo4IDOjCCAzYw
-HwYDVR0jBBgwFoAUUGGmoNI1xBEqII0fD6xC8M0pz0swHQYDVR0OBBYEFCexfp+7
-JplQ2PPDU1v+MRawux5yMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRo
-dWIuY29tMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwgbEGA1UdHwSBqTCBpjBRoE+gTYZLaHR0cDovL2NybDMuZGlnaWNlcnQu
-Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZVRMU0h5YnJpZEVDQ1NIQTI1NjIwMjBD
-QTEuY3JsMFGgT6BNhktodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRI
-aWdoQXNzdXJhbmNlVExTSHlicmlkRUNDU0hBMjU2MjAyMENBMS5jcmwwPgYDVR0g
-BDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2Vy
-dC5jb20vQ1BTMIGSBggrBgEFBQcBAQSBhTCBgjAkBggrBgEFBQcwAYYYaHR0cDov
-L29jc3AuZGlnaWNlcnQuY29tMFoGCCsGAQUFBzAChk5odHRwOi8vY2FjZXJ0cy5k
-aWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlVExTSHlicmlkRUNDU0hB
-MjU2MjAyMENBMS5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYE
-gfMA8QB2ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABeGq/vRoA
-AAQDAEcwRQIhAJ7miER//DRFnDJNn6uUhgau3WMt4vVfY5dGigulOdjXAiBIVCfR
-xjK1v4F31+sVaKzyyO7JAa0fzDQM7skQckSYWQB3ACJFRQdZVSRWlj+hL/H3bYbg
-IyZjrcBLf13Gg1xu4g8CAAABeGq/vTkAAAQDAEgwRgIhAJgAEkoJQRivBlwo7x67
-3oVsf1ip096WshZqmRCuL/JpAiEA3cX4rb3waLDLq4C48NSoUmcw56PwO/m2uwnQ
-prb+yh0wCgYIKoZIzj0EAwIDRwAwRAIgK+Kv7G+/KkWkNZg3PcQFp866Z7G6soxo
-a4etSZ+SRlYCIBSiXS20Wc+yjD111nPzvQUCfsP4+DKZ3K+2GKsERD6d
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/GlobalSign.pem

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
-MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
-aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
-jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
-xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
-1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
-snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
-U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
-9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
-AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
-yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
-38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
-AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
-DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
-HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/GlobalSign_sub.pem

@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEWjCCA0KgAwIBAgIOR8MQAMBL+oomVLdB7CswDQYJKoZIhvcNAQEFBQAwVzEL
-MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
-B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjAzMTYw
-MDAwMDBaFw0yNDAzMTYwMDAwMDBaMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
-bG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2ln
-biAzIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm4HxK
-0o9gvqhlIWVajpj75hIkZariW6PUj+njWoA5YRqmopnzUc99nUzj9Lj7Go8eqe9F
-9tT76IeS2MdOAn1bata0FTGQXUZYO72E4YL18SE5ERRLlOjt1TenE4JbRFodris3
-+NUh9qNOFhyii7zf/nNQMTWDQ3hH5z4qcAemahgS26Ep8VihD70pPleC9Jcy/RVM
-k+RjqBEzur3dWHPD21wRk3gS29Gs2499Tj59DlLH+RoXSsRjHcJk+fDHzC2zyY4M
-jNJHgw/RWfhmJqxPDrNvF3jiDchMDrkY/o7oywpJCfVaTZ3ScEd4GnhIsBJi26ci
-OYfjXmq+vPGumJBTAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0T
-AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU4ir34VYTni+RxwhiCZ7AIV++blMwHwYD
-VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswPQYIKwYBBQUHAQEEMTAvMC0G
-CCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEwMwYD
-VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LmNy
-bDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cu
-Z2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQEFBQADggEBAAMt
-Z5FskwVr28wgh70YcB0TepVojuiDQwDHilW0dfFnM+tkzwyHKcU7Q36EojXCrMz1
-SXw2TD8n+BC3dkJdmYf7zPKen5HguBaraPUzcxgZuJCfZmA1fW1+hrJ9sVLp9nBX
-J3H2g4XDIl1yj/MozwfWfKE04fJZyk7yuAknoFgwK+EGOXnXnjMWldAoPLS0AyFE
-aM1HU57OUMWPRwJ5Ts/CKf50Nz9ntgGTGVHvyfDvexHEEMGF1Vc9KAs+Z0jPXFom
-H6wJlHvDM0nVtIbvdkGxVzxEQASkXUdh7qPxR4WpGJn5vMpIi74NglkCp5pPuDJ6
-i7GsIy4xEeMwq4nuOh8=
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/boringssl_fips.patch

@@ -1,18 +0,0 @@
-# Fix FIPS build (from BoringSSL commit 4ca15d5dcbe6e8051a4654df7c971ea8307abfe0).
-#
-# The modulewrapper is not a part of the FIPS module, so it can be patched without
-# concern about breaking the FIPS validation.
---- boringssl/util/fipstools/acvp/modulewrapper/modulewrapper.cc
-+++ boringssl/util/fipstools/acvp/modulewrapper/modulewrapper.cc
-@@ -12,9 +12,11 @@
-  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
- 
-+#include <string>
- #include <vector>
- 
- #include <assert.h>
-+#include <errno.h>
- #include <string.h>
- #include <sys/uio.h>
- #include <unistd.h>

src/deps/src/lua-resty-openssl/t/fixtures/crl/crl.pem

@@ -1,18 +0,0 @@
------BEGIN X509 CRL-----
-MIIC2jCBwwIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQIDAJDQTENMAsGA1UE
-CgwES29uZzENMAsGA1UECwwES29uZzEbMBkGA1UEAwwSd3d3LnN1YmNhLmtvbmcu
-Y29tFw0yMzA2MDYwNzI3MDBaFw0zMzA2MDMwNzI3MDBaMBUwEwICIAEXDTIzMDYw
-NjA3MjcwMFqgMDAuMB8GA1UdIwQYMBaAFC8MH19JRurEt8xm/9IGkZIvDBurMAsG
-A1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAgEAGX+Tvt+BDU6YUSVc7/bi7OBA
-KPEQvl/SXu06n3JmjyCRIWUPkB/QruqNHPpxImpvDzoqp/ScfKjB7jNaVqppdkcr
-yrCN11U26WPgtW6auHsWPOqVm94625+vecL9U+8R5WvjN2Hn8Kkn7EXefwskYleo
-tGDHeQMRuR3EHzaHu6Bbqn/UfYuTEEC2ZMg/LwGYaG8MBCg79ayAzsBeR4VPSszK
-CnKHa1CVgfggWQnNcIvkbBFpUAd6OWm6w+YUSA9hxAaEFqYlrOA4UHf/APE7Rnw3
-xokDissm9yqfVVi0fiVe/HXt6RE5FOayOgjKOfAAj10TogTC9bK0Q05t8Ud1OpEY
-7YtFHtlBYuHWrmqm0FZBYwhxaFzDRcCRe45HuS6wCmMwb1Btr354kEOj/nSuq2Wq
-e248ZrTPNf/IXOGthB7FsL+bTOtrHl4l+tniZb+0i3FeeYUHoX+IRhPzWGHXYK9D
-PDn1QsggNvkXIMpdut8ifDwPXYFoXf5ZW8IAuC7G3zYrwsPFoQALheK4yyqHVaYb
-WMzuHmeVpxLxVv7zoJtpGPr8X2c2Yn25QtcGpqxcXxesL5g2+pJ2Uu3D7niVp3tM
-bqP3Nj88eJk1mFVOdRWwSICmp6ReJwTtAYacU5vTUjPdQNOOtht29YmbwyoemMvJ
-w9wdUeL9yrb5a98bNtI=
------END X509 CRL-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/gen_certs.sh

@@ -1,66 +0,0 @@
-#!/bin/bash
-#
-# run this script in t/fixtures/crl
-#
-# root ca
-mkdir -p rootca/newcerts
-touch rootca/index.txt
-echo 1000 > rootca/serial
-
-# root ca key
-openssl genrsa -out rootca.key.pem 4096
-chmod 400 rootca.key.pem
-
-# root ca cert
-openssl req -config rootca.cnf -key rootca.key.pem \
-    -new -x509 -days 3650 -sha256 -extensions v3_ca \
-    -out rootca.cert.pem \
-    -subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.rootca.kong.com"
-
-
-# sub ca
-mkdir -p subca/newcerts
-touch subca/index.txt
-echo 2000 > subca/serial
-echo 2000 > subca/crlnumber
-
-# sub ca key
-openssl genrsa -out subca.key.pem 4096
-chmod 400 subca.key.pem
-
-# sub ca csr
-openssl req -config subca.cnf -new -sha256 \
-    -key subca.key.pem -out subca.csr.pem \
-    -subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.subca.kong.com"
-
-# sub ca cert
-echo -e "y\ny\n" | openssl ca -config rootca.cnf -extensions v3_sub_ca \
-      -days 3650 -notext -md sha256 \
-      -in subca.csr.pem -out subca.cert.pem
-
-# ca chain
-#cat ca/sub/subca.cert.pem ca/root/root.cert.pem > chain.pem
-
-# leaf certs
-for name in valid revoked
-do
-  openssl genrsa -out $name.key.pem 2048
-  chmod 400 $name.key.pem
-
-  openssl req -config subca.cnf -key subca.key.pem \
-      -new -sha256 -out $name.csr.pem \
-      -subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.$name.kong.com"
-
-  echo -e "y\ny\n" | openssl ca -config subca.cnf -extensions usr_cert \
-      -days 3650 -notext -md sha256 \
-      -in $name.csr.pem -out $name.cert.pem
-done
-
-# revoke cert
-openssl ca -config subca.cnf -revoke revoked.cert.pem
-
-# generate crl file
-openssl ca -config subca.cnf -gencrl -out crl.pem -crldays 3650
-
-# remove unused files
-rm -rf rootca subca *.csr.pem

src/deps/src/lua-resty-openssl/t/fixtures/crl/revoked.cert.pem

@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGUzCCBDugAwIBAgICIAEwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UECAwCQ0Ex
-DTALBgNVBAoMBEtvbmcxDTALBgNVBAsMBEtvbmcxGzAZBgNVBAMMEnd3dy5zdWJj
-YS5rb25nLmNvbTAeFw0yMzA2MDYwNzI3MDBaFw0zMzA2MDMwNzI3MDBaMGQxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtv
-bmcxDTALBgNVBAsMBEtvbmcxHTAbBgNVBAMMFHd3dy5yZXZva2VkLmtvbmcuY29t
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzE3ishAB+ODlQRlnbYTu
-vYkKBMJ+UqCCNIrAUxu6IMJWuK8hxt+KSP0RgB7LNpE/FshUuZP16dZq8A5Hah2u
-/r7yXEv6kmNUfAQAm3NSFT8WBgjcs3m4TTqstLhPL3sRnVECkUGEq5PHfQxR3Du/
-FqwYiGH6oOZXusFZzuHx0R/+GKkfkq9qomwIpZzMSIGblfS00CpWAvBYclTeJmfy
-nDKiDcirvG5su55lwqsqkn2Agm8y7OqQsCcaUFvnMHqxeVzk3bqXjWldfo7dviZH
-NW17XO5ruUJLseRZE3bCMBePQjQpY6il7K8Cq9gJ0dt3TbR9WSVNS+EUuCB3c9rt
-UT+qlBrNWCmMz3ZLfXDYjqiHy6jokT8K4Bo2pjoiZ7IlUZQ637xb7TOH5uIcOYsG
-R6Av843lt0Tv1grgaWbR/kNSOIGREO0SQakw6khpVasTNGqSoBLyFb6+Szw7EAcZ
-PCBh9ZOz+xXdBcGlCsmEnAwG9BSFBG4ygUdO3OyvZeSGD9BwNZFzqAi/dKJJW5Xn
-1GHJQUejrrn1GiDl+NaIkprm2SXTOZ622riDb4zYmNXwkC+9pJzV14IN9XZS8MWd
-ydUeMraa2K5AD5hKHwyPjCLoLvvPk/V50iMOWLIVk+RCk/mBj++gthSgqQexyknE
-cCTBWS2hiyBimMm8wtJOH/ECAwEAAaOCASkwggElMAkGA1UdEwQCMAAwEQYJYIZI
-AYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBD
-bGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFC8MH19JRurEt8xm/9IGkZIvDBur
-MB8GA1UdIwQYMBaAFC8MH19JRurEt8xm/9IGkZIvDBurMA4GA1UdDwEB/wQEAwIF
-4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwMgYIKwYBBQUHAQEEJjAk
-MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcHNlcnZlcjoyNTYwMC0GA1UdHwQmMCQw
-IqAgoB6GHGh0dHA6Ly9vY3Nwc2VydmVyOjgwL2NybC5wZW0wDQYJKoZIhvcNAQEL
-BQADggIBALCjaiw5E2MSjCOWHbaJpIeTmspFLceWcFn+Vsee6IDsGfLc4X4bo2lc
-rTxJKjcaKHCaKBhlGYTGcAOn9aQksFxqPOnCarWhWBu7d/rtwpmS8Az6LLl6kPiq
-hwNR9ZXEUZubZrigbAEKOvulpCdGzS2K5r+jsyduVfUYNLgK0QQibv5gP77WLEAM
-UeJFXzvhYOdyd2gCegllfLdkIlt+D/4ZnMmyVYpkAPbYPTh7E1+iM0nzXrpJ68Tg
-nwQftjsHOGnNWg1EUt6dAGzrXlPaS5LCX5BDFGIZSIWEi0/qtySbroIwSeFiowca
-TwebLnONPe4cQUmga3OJg9tI6y3NRpChUPkpftmXxwQE1UT2GjecQFnSbkFsFhwv
-ezJjZ5iOSdpglptxPO7J8HOt32aEX0Y+qR0/QmMYYR3NdVE2aSKjaMl+8R6aIA5a
-akpIibDNFdOD2FU8eMCQgd+gIdne8YOpUGWIy8X+grw44DSpU7lIPmHHLQEvFiG+
-MrI34iCg9k9pX5D+/PnMMLMuy92VBwHVNlWe+JSVThGEPQOh7N/Bn1S4Mzv1HLUM
-kZrM6tTNieaoEUoArmWpwVcyNUgMO9TunNfDTOsDb144j9cK+AFdUFCKwmZyxPsR
-gSlWtXlcHLLMFjf5q+4jkkvZ4AVzq8NpovDKMIygjYx+BGOdqIuw
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/revoked.key.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA9Ieaw7RFz9+I8WTKFS8QYzIkduMdh0bYWkDn0M51t74U1YtC
-NDXaaFRRe7F/SvvP4vsJXTEJWdz6+RjwAtkZwXLUjjIGsHU+sLdlHGAwpnWz12gU
-p+Y+LBNWbkbvmcUV7BfVTzOzbaZi5fNA3AzUUXBvLPOYj8qFpGeU8ZSGEZiS9wAh
-yulFPnl8AxYKFqiuTWTIYLa2v/KT395QIcTqcQNpllRmvzQcBX14wTAqrukC3bfA
-lS/pGu1XE/utx/PkJAgHaxo3oHbirTp9aPGRce/dgUH4/NopuyEQvcaykLC+V75P
-JyUuPP7DD8UgXs8amBVibL4hbjlIQOLAqonBFQIDAQABAoIBAQDxioF1jzzmeQfs
-aoKzKiol0gHy7aTdWz2a6UITH91oAnrR9R0QNaHoLGHQrSPwDYzryM0XILj76yx9
-ogRyy8CFNciALSouY6HpLT7TKLDlvJ5IyKaesu/22aMmiyth2Swuadxqv8cdKJ3I
-RuBqfMG9MDKhVH3+iy43l5moh+1mskEddAIYEMMcb3HW4CQqb7FDi1EIqJcZNxlY
-V7o6t0VLUTgiauWTvXisv33Ozga/3vh4PzBvVpSCgn8AE3n+j06pp/wYsuYqeWU4
-eHreCN9Qh4NL2A9nN197mK98/JrujB0yuBJ/VCJfUKO5uydkgHzLnGsAYachppMe
-heGQkU6BAoGBAP5u6WXDgnhtA4ZyuvRxF+r8FzFDOKNw6E/QH55g8d/z2zQwrcQb
-o5BDFLxXeXKlIshy3aphxX8Y1LkFjm9d8+JRJG6ffRbXuKsC+K6CMmaW1vOQ180p
-Y/OPp0GLgpxA9fimo+EYhpWbdQlDTZUzfzBp1hu8UkP0VZu4XFSml0fPAoGBAPYJ
-FLYo/Oa1Kv0BSgVH2AZPax7Rl0I/7NWG4e1IaT/hawKzlypM3pMvZSana7gcGccr
-fGjG8GjliFm2R03H/GldfhXRoO3MCPF9FvWpW5ZRhCU2SSlsrj6SxG1KpCqkG2ft
-QSHI3f0H1mZdXXiRh3Z4jkb0c87IrCpMcasSjT3bAoGAY/75MeqV83h8wzGCMqHk
-EZGEF/NgZjPwybV1R8y4Ixl3FFrxYDqwnPkQRDlo3Nr0Aa3LWrRUZ3A94n3Bjhlx
-yYe0dtmt0vVzeZqQXB2Fa3ZrAozxk4tp4gaaaJNJANozEceEbuoxssjHRZ2y9ymn
-GkLuSDZKarSzlKDvgMF8gVcCgYEA3n1NxoEAWp1gd5Uv2+ChQOuWwjLk5xspz9p+
-+nXt/7+YZsQDIlSLPmywuyjRZ5e50/vGMHYet61CBWapynPcFWhfedms/v3w5Hir
-R5JUaXXj20bhGF3YoGtWyEKkfI8U3YGW0bd0z7nDr6Qkv8BS0NaqSw4Kn+emkUW5
-0Osg4NsCgYEAxOhcGIseH8e0K7YSsB8sRSOK01p0wTRpMhQ8GVsf4S4Za292B2Wl
-f2ZIFEj9IrTEwp14s2lOeeSpSMHYndWfHOTua0DSaKP6j0Dl2G3VlbZJsprDqRWX
-qA0vZ1ZucVFBe3GWtCaO7uQprQbk0NcerqmEdexY2vzGvUNuoQszuRo=
------END RSA PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/rootca.cert.pem

@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFtzCCA5+gAwIBAgIUJWxAqd4rg8B4IoNzVf3VFL0LoKYwDQYJKoZIhvcNAQEL
-BQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG
-A1UECgwES29uZzENMAsGA1UECwwES29uZzEcMBoGA1UEAwwTd3d3LnJvb3RjYS5r
-b25nLmNvbTAeFw0yMzA2MDYwNzI2NTlaFw0zMzA2MDMwNzI2NTlaMGMxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtvbmcx
-DTALBgNVBAsMBEtvbmcxHDAaBgNVBAMME3d3dy5yb290Y2Eua29uZy5jb20wggIi
-MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDiCaoWZZdKx0TuKjPCxl91Z5dL
-S2/5YQpB/96SUc+mXClJvDeE9VOlEdIhLM1+yjsWaSbG5GiiY6+jiVql2GNIJ1U1
-hr6fR6dWM1J13/Cb1WO/9IGsULn4vwBYnxNOK54wxvKSMfp2lmhf6iNPNy9lxiAd
-7L7M2nwF0MSl8aYoIg+ULrGJ/kXy/EF6g+1JDrzlgbBsrJso2VQc7h59sFrijpDv
-3iFaJA5UvYd/s2Y4CAzESN06JgOXDaN+eEk53DBcskcK8+9DdNXcKLuKFXfUL25u
-als8z0oBfP8aDVBHTZQ2Eh3iSuU3iigpJH6zK8uxQLEqMf43j5XpiG7J485PXPQo
-jUAgg/YJJDLnBpkSem/f9mWDZ1WsA+cbPUAogwiUOsmdG2joIobXNdY2LgGkA6Xz
-J9ALdz1I5gvl7waw+cHEKPcX1nGnC1loCLyNri4bTxaAKwSJY8jc9fJcowpBiJy4
-xOA+0b/2bBY4vdjiRxyq1qADEvsL2/Z4MN+0ecquEYm5LLsmXenCvU7Ecgy3HcZM
-AHV8m5oI6WJshxmsZ5SJ8EnFrsjWiYqTPtmn3W3c1Hi6la5R0oDieguXcSUNtDCg
-APmnPXlJYcx0osDL3pyioK+4AMUu1yLrX6r7+Gdg9ghXtwpHrUDeVY3/qv1HOJWi
-yiT5bztF2gYy2RksjwIDAQABo2MwYTAdBgNVHQ4EFgQUxVbJgvLbara0rOyfJEDc
-LupTakYwHwYDVR0jBBgwFoAUxVbJgvLbara0rOyfJEDcLupTakYwDwYDVR0TAQH/
-BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAAUNP6BV
-tpHi38vQ7g/eombH4Q0pk6dAAQ3yf1Ve7bfPXNhHqwg2Dpeefv7+gBi86Ut4WgqU
-elnblSR/QjB8gkh+fT5dUfRq8kqwaZcXlrsB8FdAr0c/GOxeqARzVWiK6pxjrNRU
-w+nAUU99Kke54rqrdX0kEQ+CIR69jVGYzqPN00icAj48DrC/Stsih2im7OQtpcmY
-GiuTsK9XmRbJMqf+hcHyjQxWMkQ+3v3bz9rB2DPpoBVncF94ZIdTGQnzArc64gat
-2AYHpPRn500d5QAoGxjWLHYQdcXJ/Q8mYa7o+YliwyfCX5dA34jTyttLzRiggljF
-aqna3MJ1fE4ukj6RInihbxPBxNCH9reKougTYSsTGiqoff4j87K46y7xe/RfmKUw
-+/7P/5d3COUda56Csy+gDHPK4WR//rhNpqde5Tz9TSrXYHU0HUHwfDVRc3NNrROr
-trVC6sC1VqXvk6zBz6RNDuSC+4Io7Hp51vU/Bg0fcdAFNYLpKrZm+pWrCLR1lGxr
-OPQUuvmBX1+XsmRgpMZtYHLTxYf8QuxwqRX6iPgD4Bt90EASo53auDzxh3lL09lB
-eEpQRvwLpq+VoF8uj2xAHHQM25D50nWDxTbE/gGXs/hMaKBQend/vfU1Abj86kij
-NehSHV5LPjYikoZm1oig/DEFjAPWQpgPVowG
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/rootca.cnf

@@ -1,91 +0,0 @@
-# OpenSSL root CA configuration file.
-# Copy to `/root/ca/openssl.cnf`.
-
-[ ca ]
-# `man ca`
-default_ca = CA_default
-
-[ CA_default ]
-# Directory and file locations.
-dir               = ./rootca
-new_certs_dir     = $dir/newcerts
-database          = $dir/index.txt
-serial            = $dir/serial
-RANDFILE          = $dir/.rand
-
-# The root key and root certificate.
-private_key       = rootca.key.pem
-certificate       = rootca.cert.pem
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md        = sha256
-
-name_opt          = ca_default
-cert_opt          = ca_default
-default_days      = 365
-preserve          = no
-policy            = policy_strict
-
-[ policy_strict ]
-# The root CA should only sign intermediate certificates that match.
-# See the POLICY FORMAT section of `man subName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-[ policy_loose ]
-# Allow the intermediate CA to sign a more diverse range of certificates.
-# See the POLICY FORMAT section of the `ca` man page.
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-[ req ]
-# Options for the `req` tool (`man req`).
-default_bits        = 2048
-distinguished_name  = req_distinguished_name
-string_mask         = utf8only
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md          = sha256
-
-# Extension to add when the -x509 option is used.
-x509_extensions     = v3_ca
-
-[ req_distinguished_name ]
-# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
-
-# Optionally, specify some defaults.
-countryName_default             = GB
-stateOrProvinceName_default     = England
-localityName_default            =
-0.organizationName_default      = Alice Ltd
-organizationalUnitName_default  =
-emailAddress_default            =
-
-[ v3_ca ]
-# Extensions for a typical CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ v3_sub_ca ]
-# Extensions for a typical intermediate CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign

src/deps/src/lua-resty-openssl/t/fixtures/crl/rootca.key.pem

@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEA4gmqFmWXSsdE7iozwsZfdWeXS0tv+WEKQf/eklHPplwpSbw3
-hPVTpRHSISzNfso7FmkmxuRoomOvo4lapdhjSCdVNYa+n0enVjNSdd/wm9Vjv/SB
-rFC5+L8AWJ8TTiueMMbykjH6dpZoX+ojTzcvZcYgHey+zNp8BdDEpfGmKCIPlC6x
-if5F8vxBeoPtSQ685YGwbKybKNlUHO4efbBa4o6Q794hWiQOVL2Hf7NmOAgMxEjd
-OiYDlw2jfnhJOdwwXLJHCvPvQ3TV3Ci7ihV31C9ubmpbPM9KAXz/Gg1QR02UNhId
-4krlN4ooKSR+syvLsUCxKjH+N4+V6YhuyePOT1z0KI1AIIP2CSQy5waZEnpv3/Zl
-g2dVrAPnGz1AKIMIlDrJnRto6CKG1zXWNi4BpAOl8yfQC3c9SOYL5e8GsPnBxCj3
-F9ZxpwtZaAi8ja4uG08WgCsEiWPI3PXyXKMKQYicuMTgPtG/9mwWOL3Y4kccqtag
-AxL7C9v2eDDftHnKrhGJuSy7Jl3pwr1OxHIMtx3GTAB1fJuaCOlibIcZrGeUifBJ
-xa7I1omKkz7Zp91t3NR4upWuUdKA4noLl3ElDbQwoAD5pz15SWHMdKLAy96coqCv
-uADFLtci61+q+/hnYPYIV7cKR61A3lWN/6r9RziVosok+W87RdoGMtkZLI8CAwEA
-AQKCAgAlZcnxWK+WXK/H482ajS2gBBqhB4MoNGj5EHdnqAd+E8N1AqIA6oIDTpaA
-jKQXNShfhdg3kfTJ4Upe+Uu5IrsSZgeQCpIhUj6aYXVkMT/i2IRfbvnBY73RLPDG
-uNL93POYSGI70+8Hjc0JCXj8EzpRUV1g9hl/VSqt36OZfQirnS8MqkkPdrVmBVxk
-A83Ph5OzOSjSYiBtur9S5ga/bt0qnMHYHd1Qx6RjWtQ/SZRA8vwBwbhwdXekl0oU
-k5wx6X9K5uggJMnSVFNJ0KduqiygO5S+yfP8dKNe6apfShKdKXW7GHY/SXrxHHeW
-jwYzaKyT0As/2vOfh68a60rBNmKcqShOh4hwIfhldLQDoHXOEhtuuq+e5+ZxyyY4
-IlLCCeUFlZu01YLyj3PsSWLoWYnHCe4AUr9JYT/odxyr03qSUZAYoNzKUsq8jJsA
-x3W6vdob1eXQ6AmTjxrGgPZ77Sz+7T9Tw0Nb4LclSf6pxMJY1cJLqNSSc1OxOIj3
-mSEvfAmh9A+NGtHuBjX5NTyUnyhiq5XdMqDzIydlBikmfVhRqrIrJbF7gTpg5Wv6
-OYhNo7zj5zWwW1q7THt3WQUUzskf/1IIU1KNaGYvL0gffsAsJ59Ta1Wl1RTSPGxg
-HbBMtuK39UIDmlgIMqH/rCEMtnDRL7XBZsAcQwtKXqAAl7NYUQKCAQEA/G591fHR
-kfakT4quSUxcWNDxtFd+KFopYUDHhWeytxfcuSfJTy/YtDDnR/1OEmhbqudEdb17
-FmZJ9F7HOVIbKXaTjFCPwRbmjVF5hke3A2u3auJrIpJ+83Cq4jpstLRONXcg2Wrd
-BcJnFu0QWvPKFRaVfYxIwfTfkVvFXibosj9+6jU0jnWIqSwV3Gas6JMetzqknSNa
-SlsMa5laE8eKD0h97weuNBWH5JYbWSJ0HOf9thVv3OsmchceoM9G3NKISXLgq7r3
-TVCKxNUON/8xGd7oBWoCoVhFFl8EO3+YVdkp5eiHL1Ty6cq9nLpbmOUQwUnDm8Ic
-cDQ1PqrMASjcNwKCAQEA5TuoZ/RW9oSpG4vDn8b/RrkwRJiqko1y99VNu2nE8c8P
-yrKCSrqU1wiG8/sxtlt7fgABJYh9zvLcr5bnmehLlOHEn0Lk7TdyhmY+TKlXfc9b
-+2V6cKvAnmw508KWe1u7gXaNBZFnRcTNVBNrNyS1aO/VSreGeNOipDjnbFr04PHp
-BDXqfD/h70sERtWuAgCZgssxU+x/83SrqYe0furvlW0szVNYgdtetCOT+xfzXg7X
-BKm0zJGe8Oj6Zizm1azzkb5kqdFVX1jM1rtpv7xFYIe7iQtFQbWBZG/W8YpcjDXl
-FzU1T70D3GmJYXo2CbNcZPP4YmjuQFGpaS15yRb2aQKCAQEAlmwNJklEVdOAlDmS
-o/ER8ocIESw17DvV/rMIchGaKIrap6byyfI8Exw1Jevm8wcm4M+RNwwjZfSsSyeT
-Vi/8KZgUUn/LOge4eSu82+yuPSaaFOI5b0+WwOA5pDemgYQUOr3zYDvS21S986Zu
-oZQ2rpxXlona7WFLPCZQlUtgTJ+TtGLiH6YgOpcfq8evb6QDoLIcV9syOa7J1vB6
-AeFc/sB28tJD15ug7/EW+OWUBYmk4TUjBKVHsqLeSHtbwcjfF82R3iO6rGK7XpGL
-OIkkLENtRZSnXpfoC22xavccwsN2uR74N5dKbVC37sYKQTD27AdVveJM6fviYqaK
-jIJZvwKCAQAKMGGm5TxsTq85kzfJxU2ZdifIFMUYKINgsrF20Be568s25kJWUf7F
-pBJji9nE0kIl8pgac/urlC3s/BclRyb84iAcOBv2000a3jaMr8Y8yFe9T+BmW6v/
-Hq5fVDneF9C4y20vPyxI9JtvzkEovU/27xoa7RdkDXwgMotOzKgvy3DhCAh5J1nC
-iiIRh/PpEN/B6Ygyw8NYLepnaanDLmwhxy2Dnt3DP93wwdgVBBaEKsKx6V0o7pwS
-9zgSDJLiEoLtCnps9eoGh+rq7H+hzxuCU+YpDEAy0H+E2FfEerLsZITfSDUraypd
-xK8fjxAR1FAaCKIUtbdJUpfmHehY4NVpAoIBAQC7/u73K5AbaI89PYy/CWINPPQg
-HTtnFTR1CEmCYpvRvKFBv5PJ/untuz46y/LlW/rBS3CcNiu9gAGY8O8+pvuZ1YK6
-pXzYSg5uSvfeHVNvnv2Xh8P+K+vP9o8VrwMhrerLGa6kNRFvSVBHL6q1DaewXnWz
-SGrTnDLYmDeb5DWUVsigDor805/C0q+salX2zJED0w9PVA5sOcRAcKDVrfgH+KiI
-/phxW+xwlR0nDXOf1pAcw6huagTfp8eK/P7EdV/gmISiSDTyxztJrc7FNNd3N0Xv
-c7xRxqQzTFDytUYvewnDazbjpDJhLtTH7dYLI2u8a9HhoYPS5ykal4mcXA7Z
------END RSA PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/subca.cert.pem

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFjTCCA3WgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsGA1UECgwES29uZzENMAsGA1UE
-CwwES29uZzEcMBoGA1UEAwwTd3d3LnJvb3RjYS5rb25nLmNvbTAeFw0yMzA2MDYw
-NzI2NTlaFw0zMzA2MDMwNzI2NTlaMEgxCzAJBgNVBAgMAkNBMQ0wCwYDVQQKDARL
-b25nMQ0wCwYDVQQLDARLb25nMRswGQYDVQQDDBJ3d3cuc3ViY2Eua29uZy5jb20w
-ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMTeKyEAH44OVBGWdthO69
-iQoEwn5SoII0isBTG7ogwla4ryHG34pI/RGAHss2kT8WyFS5k/Xp1mrwDkdqHa7+
-vvJcS/qSY1R8BACbc1IVPxYGCNyzebhNOqy0uE8vexGdUQKRQYSrk8d9DFHcO78W
-rBiIYfqg5le6wVnO4fHRH/4YqR+Sr2qibAilnMxIgZuV9LTQKlYC8FhyVN4mZ/Kc
-MqINyKu8bmy7nmXCqyqSfYCCbzLs6pCwJxpQW+cwerF5XOTdupeNaV1+jt2+Jkc1
-bXtc7mu5Qkux5FkTdsIwF49CNCljqKXsrwKr2AnR23dNtH1ZJU1L4RS4IHdz2u1R
-P6qUGs1YKYzPdkt9cNiOqIfLqOiRPwrgGjamOiJnsiVRlDrfvFvtM4fm4hw5iwZH
-oC/zjeW3RO/WCuBpZtH+Q1I4gZEQ7RJBqTDqSGlVqxM0apKgEvIVvr5LPDsQBxk8
-IGH1k7P7Fd0FwaUKyYScDAb0FIUEbjKBR07c7K9l5IYP0HA1kXOoCL90oklblefU
-YclBR6OuufUaIOX41oiSmubZJdM5nrbauINvjNiY1fCQL72knNXXgg31dlLwxZ3J
-1R4ytprYrkAPmEofDI+MIugu+8+T9XnSIw5YshWT5EKT+YGP76C2FKCpB7HKScRw
-JMFZLaGLIGKYybzC0k4f8QIDAQABo2YwZDAdBgNVHQ4EFgQULwwfX0lG6sS3zGb/
-0gaRki8MG6swHwYDVR0jBBgwFoAUxVbJgvLbara0rOyfJEDcLupTakYwEgYDVR0T
-AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIB
-AEvdAabcAEPf/TymeslC/zpvclfoED9hiqx/VEaL5Hq5xQdCKUMebgqOSIXPaLTZ
-VuL+wjcsOdwEH79jSWPtn7zUfEX18qQfcG/WJCaKkKbnr9inbbJp4YEKvyHmV42D
-UKLxXwLu95NDhZN/J6xh0IrbDsu8gzjiWZKP86PUKZbH7AnLyKwFy3zAJNl4QbwY
-WtzHb8x3gm6+63QzkJfY3GD19VUqtDDRM4XoEjgnq5hoPEx1mvOg2AHOqlMLQuGG
-5sMv+sqIf4yOPlm2EeyArFnBf7DJghxqfzxMR5dsp5nzXh6OJHawTt9F3d30MBmC
-6Q1v+zozfuJ/DSpEbAS0Vg7H7WZbEEDCX5c+Qe+ot6j8p/fVjWZMNrTvn5bQo6gf
-vrif3KfXd7Ja1dI89jsQHw9ugRk1vPmJVAOKoV+I2lNP2gEUNmmw0A0Q01rQYrXT
-t5WdMwVgbU/lnF2m3+TRlicWSlORhzJ2BbVklPE1v9D0gogcc7AQNtIYKgdWHlot
-QFEOewr7ijkEhaTvNHdTBQif3ltLW+rgc9Ts/zrp6NVh1rXt5PNsaUks8pvKF0al
-ewgHt6+9otWaYb7iF8hAe2lVS8xDo3DAQ1oGBJucnhJ2pXxTza+qG3TqCKlAwFr9
-AGECqlNMaBDdFjX2cWZuUlYlunKlgpridZPvTp3MffhR
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/subca.cnf

@@ -1,110 +0,0 @@
-# OpenSSL intermediate CA configuration file.
-# Copy to `/root/ca/intermediate/openssl.cnf`.
-
-[ ca ]
-# `man ca`
-default_ca = CA_default
-
-[ CA_default ]
-# Directory and file locations.
-dir               = ./subca
-new_certs_dir     = $dir/newcerts
-database          = $dir/index.txt
-serial            = $dir/serial
-RANDFILE          = $dir/.rand
-
-# The root key and root certificate.
-private_key       = subca.key.pem
-certificate       = subca.cert.pem
-
-# For certificate revocation lists.
-crlnumber         = $dir/crlnumber
-crl               = $dir/intermediate.crl.pem
-crl_extensions    = crl_ext
-default_crl_days  = 30
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md        = sha256
-
-name_opt          = ca_default
-cert_opt          = ca_default
-default_days      = 365
-preserve          = no
-policy            = policy_loose
-
-[ policy_strict ]
-# The root CA should only sign intermediate certificates that match.
-# See the POLICY FORMAT section of `man ca`.
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-[ policy_loose ]
-# Allow the intermediate CA to sign a more diverse range of certificates.
-# See the POLICY FORMAT section of the `ca` man page.
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-[ req ]
-# Options for the `req` tool (`man req`).
-default_bits        = 2048
-distinguished_name  = req_distinguished_name
-string_mask         = utf8only
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md          = sha256
-
-# Extension to add when the -x509 option is used.
-x509_extensions     = v3_ca
-
-[ req_distinguished_name ]
-# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
-
-# Optionally, specify some defaults.
-countryName_default             = GB
-stateOrProvinceName_default     = England
-localityName_default            =
-0.organizationName_default      = Alice Ltd
-organizationalUnitName_default  =
-emailAddress_default            =
-
-[ v3_ca ]
-# Extensions for a typical CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ usr_cert ]
-# Extensions for client certificates (`man x509v3_config`).
-basicConstraints = CA:FALSE
-nsCertType = client, email
-nsComment = "OpenSSL Generated Client Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, emailProtection
-authorityInfoAccess = OCSP;URI:http://ocspserver:2560
-crlDistributionPoints = @crl_info
-
-[ crl_ext ]
-# Extension for CRLs (`man x509v3_config`).
-authorityKeyIdentifier=keyid:always
-
-[ crl_info ]
-URI.0 = http://ocspserver:80/crl.pem

src/deps/src/lua-resty-openssl/t/fixtures/crl/subca.key.pem

@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAzE3ishAB+ODlQRlnbYTuvYkKBMJ+UqCCNIrAUxu6IMJWuK8h
-xt+KSP0RgB7LNpE/FshUuZP16dZq8A5Hah2u/r7yXEv6kmNUfAQAm3NSFT8WBgjc
-s3m4TTqstLhPL3sRnVECkUGEq5PHfQxR3Du/FqwYiGH6oOZXusFZzuHx0R/+GKkf
-kq9qomwIpZzMSIGblfS00CpWAvBYclTeJmfynDKiDcirvG5su55lwqsqkn2Agm8y
-7OqQsCcaUFvnMHqxeVzk3bqXjWldfo7dviZHNW17XO5ruUJLseRZE3bCMBePQjQp
-Y6il7K8Cq9gJ0dt3TbR9WSVNS+EUuCB3c9rtUT+qlBrNWCmMz3ZLfXDYjqiHy6jo
-kT8K4Bo2pjoiZ7IlUZQ637xb7TOH5uIcOYsGR6Av843lt0Tv1grgaWbR/kNSOIGR
-EO0SQakw6khpVasTNGqSoBLyFb6+Szw7EAcZPCBh9ZOz+xXdBcGlCsmEnAwG9BSF
-BG4ygUdO3OyvZeSGD9BwNZFzqAi/dKJJW5Xn1GHJQUejrrn1GiDl+NaIkprm2SXT
-OZ622riDb4zYmNXwkC+9pJzV14IN9XZS8MWdydUeMraa2K5AD5hKHwyPjCLoLvvP
-k/V50iMOWLIVk+RCk/mBj++gthSgqQexyknEcCTBWS2hiyBimMm8wtJOH/ECAwEA
-AQKCAgASEk2cHIhgIFyG/p1Edb68azPEqgOMgYAi76cFcu1q2mXbXjppofpUbHYw
-1Ah7oitnc37zD2BwN7Qr2cd9XnTNOcysV1gpvLmLYrs/BNtc38Ct9fi3s2uXATqn
-nan7dDJhrPnCKX53wtGhgQZ4qZxEgCKHZctKkjVuYo30G85NBjxup/8P9Y5EIbQ+
-GfmD7Fr7z7Jyu1vyVJouOs2PriAqqtvkxjxSpZ3elqs/pe5VGN7WKsnhZPo5aqwM
-MaToh+HM72ebKVcgfhJ0EGUS3cXstutzk+9ZasDRUnaCnz2cDWlxnLWQiCltHyno
-U2rC8lvCNtXjncYRkS5I/y4xxEq7faLfbIh2QnQq7NAxzadljEGZCQ/0PsASE14N
-sXCg+UAfebfE5rK2hJQt9WJmQfOq54pgyofbU4KGaPO34SiCOhKTd965x5ARKRly
-aicErNS1giwXnKRAdPRW6Nn8lwnkF9QDVimIL6zVhQ8J8aOnRnQptbwDmuoF75vV
-p/UzjxBoagLDJeuNkW84yEQgGTa198Ivg7SEnrUKKGtIiLXoGNGG1iEfW5rf4tQv
-L2ceMmquPw5ihtGw2YpCNRa9XMGn9BRlaz5iPGkeNEznKYBbDS8VcWzmIHnhTtz4
-ILFuUSRieJj1DF/1WRWPKMT5LyQjjcB1xfGD54lXASOCcnNdMQKCAQEA6ixCbx/k
-X9x7oso3o2PiWZuffmcTOgq+4EQDSk9FD4T1h6L85yuwvTKNbNe2t/FcmaCeu/4T
-hzssFsJlFc7++eh3H1weqEoW/aVGFjSAAu9L6Wa6vdf3UhPEWmvTsmL0UuCwzAo2
-exTiZExBVEF1tAQMlDnc6hpR7kyP0jThx6lE+AkkE9zG9NSJVRIan8HLoS+5N+TI
-ZXfLCzDmnL3581G5M+UzxYu8F9CMpnNvCNEv2/pJOnCNfa7ZTFxxiBM/RtyGEnPv
-wNLoCEcTut95lb5WPvBIt5Y8Tbm6veuSL7+QHhg9nA/f3ljSSmkJm+ExvU/uKKkv
-hc2zBS+4nHf2jQKCAQEA31jphYcV8y5YdsMW0nszMMxodeOD/ooB5aOhU0K2F+nE
-Ud7p1W0f1UrcD4yvf+4muMfBD+DBwRGJm1kzIeABP5Lu+2RYqi6LJ28L8o01OjUH
-Ea7i3wWrBfUIOHUg0U//kXEN7Kz58RIv6Tk2PYFJqu0JmQkpxXgFPAy2IH2g8CEL
-Npb5yk9RM9rsYlQpt81Oo1vIXUpjpfssT1yehljCIjvNgxaKeaNvobYcBKHFALUv
-O2cUUhc6PdHlH87ot/Q7E/W9cC74WUBZLkeEY9vxoLiAnVOLeqdnV+bVb0J4piDo
-K0eClFltX1qvShAYr8W2s+3LtrRbYXiRC9kPEdqX9QKCAQEAraXAZdMKcKN48xBt
-DbZF5Rjnvr4EnefV/0uv/OynU4jO4ZPVYj8dwk64XNvhXKmYdzuKOfGA3ajdWssw
-Vmm23e6qVxDikvzN660hOdoYixSUADHzjE+X0L9jvYFz7DZA4yxHLibsm3yzHJkH
-YMlh1Omjwk7eKKL32nPfuosIWhyFTkDJBgmTZ34rkG/qWklFDPPsryvyBnw8jsHm
-YJjnvqz9XyQ5reWexzIY+l1jGvC0QrVok/NemLKN5HgwoC1VoOBqc0iRozVCZtD+
-KncJHCeWoPlhkvHPKfvuJGOJderhnc9v8Eg9RA4tcoxNWdA2KCIbgv9ihCAy/keS
-6ER1CQKCAQATKNdvgvUZFWK1XWr5x2POzdowMsJB9ajQAEd4kwJ37q/Oria1DlVq
-wK88Dj+H4/AibdBcAlXcsBpz3yUJxOOWho5Ftof8oV2Cln4Z4o8sXRwsIiqIIz5W
-lnyMC1AzZH9yBJbDNNuEGKFPin7iq9Kb/RWTsTuKGw+n5RdClkRWFR+XIUBwYHmA
-z0jz7nBduhkC3n7Dsfv2YyOb80AOGlMdCLBKjIZ4hNKwtqSUqSPzOZfBqsgNerye
-TQEwx1kjXqoqvivwEbdwQJrl43Cx+E40EV/HH0GZ1f6BheXNU5Bx/+Sqwcmr3DgL
-tAXRfqv/eCCCMuYE2Ff2dpdKwuYODAh5AoIBAApRNA2CMbnnNSMaCeE26rdxRs+g
-p6qOW7P0jzJTFJQ6qxnfX70PmBetdlt+zdhvLV8xXe+TXsxeODlcimhARe6ekbwF
-AnCQ5KjFOb9MCYwg1K9U4+mRNNIlkbqXQRpbGllTDDznha6T32ntXG9+f92O50uS
-+nBU25CU85nkQAK357bjlzF898V7uveGDHNyYeHyE3IwhiqNPLFMpQt1czyd5TsP
-L2ZkotyELRVa8yU5iAhq2E2r9iaJc67A1C3MiV/HVr8UJtb+gJ70jneamavXB3OK
-ZVRUhtfIgtF32Japb2xgo1zfuKQrgHgyQmBn+8fj/siG1xl+ECaE6c/GJY4=
------END RSA PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/valid.cert.pem

@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGUTCCBDmgAwIBAgICIAAwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UECAwCQ0Ex
-DTALBgNVBAoMBEtvbmcxDTALBgNVBAsMBEtvbmcxGzAZBgNVBAMMEnd3dy5zdWJj
-YS5rb25nLmNvbTAeFw0yMzA2MDYwNzI2NTlaFw0zMzA2MDMwNzI2NTlaMGIxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtv
-bmcxDTALBgNVBAsMBEtvbmcxGzAZBgNVBAMMEnd3dy52YWxpZC5rb25nLmNvbTCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxN4rIQAfjg5UEZZ22E7r2J
-CgTCflKggjSKwFMbuiDCVrivIcbfikj9EYAeyzaRPxbIVLmT9enWavAOR2odrv6+
-8lxL+pJjVHwEAJtzUhU/FgYI3LN5uE06rLS4Ty97EZ1RApFBhKuTx30MUdw7vxas
-GIhh+qDmV7rBWc7h8dEf/hipH5KvaqJsCKWczEiBm5X0tNAqVgLwWHJU3iZn8pwy
-og3Iq7xubLueZcKrKpJ9gIJvMuzqkLAnGlBb5zB6sXlc5N26l41pXX6O3b4mRzVt
-e1zua7lCS7HkWRN2wjAXj0I0KWOopeyvAqvYCdHbd020fVklTUvhFLggd3Pa7VE/
-qpQazVgpjM92S31w2I6oh8uo6JE/CuAaNqY6ImeyJVGUOt+8W+0zh+biHDmLBkeg
-L/ON5bdE79YK4Glm0f5DUjiBkRDtEkGpMOpIaVWrEzRqkqAS8hW+vks8OxAHGTwg
-YfWTs/sV3QXBpQrJhJwMBvQUhQRuMoFHTtzsr2Xkhg/QcDWRc6gIv3SiSVuV59Rh
-yUFHo6659Rog5fjWiJKa5tkl0zmettq4g2+M2JjV8JAvvaSc1deCDfV2UvDFncnV
-HjK2mtiuQA+YSh8Mj4wi6C77z5P1edIjDliyFZPkQpP5gY/voLYUoKkHscpJxHAk
-wVktoYsgYpjJvMLSTh/xAgMBAAGjggEpMIIBJTAJBgNVHRMEAjAAMBEGCWCGSAGG
-+EIBAQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xp
-ZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBQvDB9fSUbqxLfMZv/SBpGSLwwbqzAf
-BgNVHSMEGDAWgBQvDB9fSUbqxLfMZv/SBpGSLwwbqzAOBgNVHQ8BAf8EBAMCBeAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDIGCCsGAQUFBwEBBCYwJDAi
-BggrBgEFBQcwAYYWaHR0cDovL29jc3BzZXJ2ZXI6MjU2MDAtBgNVHR8EJjAkMCKg
-IKAehhxodHRwOi8vb2NzcHNlcnZlcjo4MC9jcmwucGVtMA0GCSqGSIb3DQEBCwUA
-A4ICAQCXCJfKCUSHBKdROZKd6udawKcs0kaVN7+yrGQ928YTLlF1KaE/RIlzNdUR
-66WJx/U4TT7mUGX1otpEkDk3VI2Pdq6jgU+/dVScgnW2VZ41UD4HSdzr82aVPzHP
-gre1bT31K/dDVLpP/ZANecixmLNFts1rgz6nKN04wFDlBYfiIG0Hr8zGU2KhW4/q
-d1gnvkg0fZsDquQA9wciSQ1NyCSapKdCj8/AZ5BkQAs4mh/o92yC31N/IocUTv1v
-KPtP6iglZ3WnIfdpuAd5KXQ3T+ZT7m7sKnX78RcJnXdj3VzePhVgYWsXR5vxpfiF
-D+COjdS+ANtV9hdAhT0wewFfi3r1lsDdgGlazW4zgh/zKUBR2GBfgf48e6TuQ+YV
-ZtUwBk02X5veqCNhbVgwDO/xlVq5EfFPh0NjUGPPa4+EKb4YIgg3OZXU4R7/f9tB
-BqqiiGCQUELxpLOAq2EtPsInca9+tp/MSCUQI/5RM6afs/OyMoPwNe8y1cYVK0SC
-tLoPvXWB19GMRyPiLqXoHZOZbxTb4op1/h3LqWuFRss7lni3booDheDRmxQgpgXJ
-tlqsyNRwvWjUqlNgkrwHvrbRDOhXIzUMUbHYBldSQfH3unwyk3JHB26IGYzexTrA
-H5c03yEn4blZKKShhJ6SzI7AUpiyKSIb0TwKJxkMsiBhr+K0Rg==
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/crl/valid.key.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAro5s2capnXcBZHv7EFje783FXbTQ4GoXL41ZnUO1toGArZd+
-aQGExXAOUVllhVfH62XkW8ebuXar1v7pw9L8RIv13Cl05bsWYaX0LhY3C9Ll2yp/
-0BTNf/QyBvoIRnsunj3UcdU3n3/9uJWUml30RcZ5iwNHnLlvOQWIV/AsibmseAtu
-inJGHak1jD7TB561w/s/GhDc2e8HCuRxxt0KuHrXmi06qmJWf0yrOxWRoaiBai5m
-4Xg7BA+h/zOa42gXZSBsxqwGYesysPjy6FafEuYEnzyZsM7gifr4+cnHw7SbaHAA
-G748tMkoJ+154T/eZvKmOLpHHZCtoxTRdkwV5QIDAQABAoIBAEqAt6zrwhFXbdy5
-nhsIE38+0HKCbnSaU3MUXZ9l+vT+qTFua6Hd6BFtFm9aPJ6BLO8n+iPCOpEaOZX2
-D0hpkQqgwjtJ5n73L0JWVrYk/TGqvjihFxR1DJEEZSXdKhMLGIap1TcQzkDhnCVg
-kqCgYVY2tEHFEJev/ezUk7EU7a2KQW1kOJPEGDJR7UU0Kwx3RUY0BhBstuDCWPwp
-cZxw3JFvfxuNThxyqLWX8IbmvTlptLSUpcDyg4BQJ+wM28w4uwQkyc9DnLfoEbO9
-l4aIjIx7pkZ64JSBppGt203Q7rG/7TQUR/FPU0lFDmuQ470kLn09MYJV0GCmdVAO
-3O/tCrECgYEA4Khz8wi157a8LkA7gXdjv+dsdWZe5IYodH0swSt2GIHLBlWGwheO
-23FiovifnNbbSZmRfTHXBuKOdWjxr3gULtO5KD2wdv9cYJnl9uL1FbrwJQI3v9xD
-1ezHLuGCFjxFmYu+t6SVHYHl21MfT1W6bx+ZrcliDJPJqh368nXF98MCgYEAxuid
-1ZALHOy+1TmfYFjk88LrljoYL6DlyH2pNqX+7viZVcxHfpkK26kgVtTA0YmKDzt1
-nG2yOOaRm+j8CUgRw8TW54N6evZM/BTPmITsN1UHrSXixwT0hIZkP92rHcEj+GrK
-lDrDmjJDLe2rI39nmj5YSU5wsdI8QFbmbX3aCTcCgYBowUOnvJUNoeCndF4K5X/G
-uQOSzpRK3N+6Sa/3tutPTB4+Kt02XcPIQVusAGB0wp7n98qmZPoOBNBGoROpLUXD
-/AenYvSI2FPb24cmkveTFWLq7tjOBsg+1TSfgJmnAp21ljrs6Lp7Utm6Zk0AMkpH
-jKWdKn0kvjjXsTkVm6Me/wKBgGqVCMX/2kSUgykkKEdrOrt3bd9gn8cdsyL8Wqii
-x/jrEtbLkF/Ax/WuKVr9w5hD18uTs9CvYvlkaw+dBzg9+u7o0bLaW835noTQ7fAv
-AZggou1fyKWV/SPqE1u5ftCBxrF9H7HPzzIXzrGUkciCo1QeJhaZxn8yRQDAz9ZJ
-woR/AoGAeO6Eu1wroUchYHQ7VglAJQDVyXukdfgBJWRGG3I9R+wMiHs8iF2MSvBa
-941DZr6mNXOSrcR3FdO+EHP8FtMpYe6EJPSC8bk2Nl75OVptx+Wcd+VJ6DZQysYZ
-MgMGpHdHTZAfLDBje9yF0K7XluxaBaY6gqn+xPgqT/AOOE3xZqQ=
------END RSA PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/ec_key_encrypted.pem

@@ -1,8 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,74AB7E7042FC695A7F267BB416AC24E1
-
-zNvboWr/ayt4McuSl9h3oirnS7DK5JU5OSGvh3Seyt9E1oVd3SUg4Mcp4BpZP8gv
-Ei4K6+p3CTDrQfE0mrjIph3C1LKTzQeLdGIvgTjjKVpu91aogU3K3rgcuqKN/zla
-+sQOAedKEtLiop4J6rIGmKvo9JZonbMsEZnZnXGbz3k=
------END EC PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/no_revoked.crl

@@ -1,18 +0,0 @@
------BEGIN X509 CRL-----
-MIICyTCBsgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEpMCcGA1UE
-ChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT
-UkcgUm9vdCBYMRcNMjIwNTE4MDAwMDAwWhcNMjMwNDE3MjM1OTU5WqAvMC0wHwYD
-VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wCgYDVR0UBAMCAWYwDQYJKoZI
-hvcNAQELBQADggIBAC2us3ieEcU7NTFjPyXEi/5aOID7IlPBK7ugS7IJrasTyEdH
-fAMcuoEGHaLoyLqpIKc7U/KIfqysn6l4Mu32aWFB/Ck5qiVufHXFjXIuNo4/drlm
-kPUjhgX0YcMkrWdbLFbF/mi5R7fCTbCP1ihqiw2AKB2jFShTAcybJpVRY7velN/D
-EI8ITJsHnGNOx5XZV7HgO1SbXrba7YGMD0YA+NiXc8VaoDlZdoKh8q/gk8y5vnvL
-UmtsHpdF1zFwDxYdpFLCrV9z8OcPWjguX6bYMWtnN5JPHrlUQrupCIN55ur8ttoq
-+9mQ/3Y2OFl1qF6UtHxSDHAI5vA8dBlZxQWSWXKGFPGPssNdB7CUJlZeLWPICWU9
-yANMxG+5ANeXW65GfPexj2DujwDlC46Wdnlvbft+2Bc0SYR72By/1QB3tmgBB//j
-QuJtAIzvRluvdnoIGRHPGVse0Qk4FC2BK04q8HBRw3UbxV1MDYIFCN9hlC625Q1s
-VjrqzGMPAwXYXNa/9hFQkdjKycrdsGvIXZa08sqqx4hY4CpjEeUQoka0XkTUmp7Q
-GDSXFxe4qxQObnU+LAMQ0cEcVb0TNnTC0PCeoSV82n3jRL9QYMe6lvU4pgFMddXz
-jna557uivEENf58Oh0SH5jux5gSlre177jQvvsfn8FeFXsLijw0tCbfupna/
------END X509 CRL-----
-

src/deps/src/lua-resty-openssl/t/fixtures/openssl_fips.cnf

@@ -1,16 +0,0 @@
-config_diagnostics = 1
-openssl_conf = openssl_init
-
-[openssl_init]
-providers = provider_sect
-
-[provider_sect]
-fips = fips_sect
-default = default_sect
-
-[default_sect]
-activate = 1
-
-# need fipsinstall to populate below section
-# [fips_sect]
-

src/deps/src/lua-resty-openssl/t/fixtures/rsa-pkcs1-priv.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxpgb1ESW7DpRvUHd56f1WArwhETylcxu0X02mAnuRgug6pFU
-LobnVTuYdajuvRDdZGUYJHQuGB2Su5FiKGdDBXnuOPa/zQ6BoSz+z9Yqj8Mri0UI
-THXKLNqPO7/V69wbtFFus//gVozDTmv8Ws1J4lc+GYyfuVL6o8aLyGDhhrB8HoLk
-lYLFchkCsjt8rQ2U2fAtwWNoxlIgw707tpwR5zLe58b/aM71OOMPZlERc4VPmZTk
-GgYHWFJCWxnp0TQ5CIjGyigewG55Mp8XqSf5cSel/pc3rmrHVq4vrw5cLcxhJNkI
-UQfN9x6NvkLCBWwOLBx+HAEiLeOqIDIILObrpwIDAQABAoIBABQ0rcAvKlvmoyJq
-bTWAtUm78zTB/xyWrD/MSZ22hPPDgx/aoYIKX8cgRSbThVbfPGdWkdpDp9z0RVWo
-OSB7QSpxeXd6Q5GNhErt1Q84byQpa2jEIVAGPAfMRP6DSjSxNHBoSKcvxZeIwuZb
-vlVOxdGtprfawvWMJ8w6C0bb9JZLeHjdLK/O49Nxj4YrUBk+ZvkKa8EQnq/apLMz
-9RMZiFQ1pvR9Ojfw4O4u0pqW80Iu8alDBxMkvzEUEhuzafrMKToX5GG65Y9/nhDl
-iIsENEvNY1Nk2WXPMe/VR5LVGBLtXlJ+KIj09KjuJyy5PEkwXxHobyRHEMtQ8SBs
-C1SE/sECgYEA+Sf1IyhyPfWg3CuGdwiYuwn9CVnZxqQWLwwk+EdIXpNDbHhfeN1Z
-ZC1/bttz45O4At5KtKAHLeRETuphtgwJ6ZHdNy5K6h4GV0s4ZtBHS8pu95+BAApN
-pGRPzZ4u4GDTkTCbHRd+A2UY1EnpGe6Owq/+Cbu67jnPJOP0pegmGzkCgYEAzAya
-v9pEwcDBIrKE3ida46mBAnxBT81pr8Pa5t5pON3DtjsHv3lfa01u9ga8F0GKgMif
-tet9dFWtFHdrC8HbrpcHwta1dVlDNzr1TSjbyl5TW9/suSbHTQ/iUmXFazbhHVu6
-p4jgV6DPgqxjI56YLcIqZIf2xDeVgGwbwv7d3d8CgYEAtcIpeTFrTbnfVF5IJJPX
-3zJlLiomzVssd7vTSG+v4pZpbDrP4vsO2B68xOFAxHchmK4TL3tCYX8ROcSP7V8Q
-6BwplbSmn+2xUIMmLRKpwCd4Fhp838ukYlVvRh+sMLFSBavArFNT8SQSHeOhMfKu
-oGYE25LgxiLT8yR8d39INTkCgYEAilnxgyvnesfLLE+Gr2pXwg1oH9tIHWfVxQsz
-HV6oUZpr3N9hfX46KHM0TTR7y/jwhCmDwMGPKpX86OefeTVUUqis5nrWRl7jqEsd
-j9eoTyptstm9lDyq3aFrfxrqJKvtLw7HHFk+Y6vxh1SDU99wp3YDcG6P7rMRdyXW
-HPzaSlkCgYBums2fZgP96/wyburnMhP/86ndLyVB2YbLwXMz+oGlm+XssAawulrM
-6mxpV63T+/UmEiszCEf3ZOUr1+zkSTe/CMZk5Vev1pYEzfpQ2AnpOsvPw+WGQbWL
-95dYCSGZKjXQ/UV+zDisZiDzjLRkZ7WfPJsPZ8z1P3nZ2t+8IRNO/Q==
------END RSA PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/rsa-pkcs1-pub.key

@@ -1,8 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxpgb1ESW7DpRvUHd56f1WArwhETylcxu0X02mAnuRgug6pFULobn
-VTuYdajuvRDdZGUYJHQuGB2Su5FiKGdDBXnuOPa/zQ6BoSz+z9Yqj8Mri0UITHXK
-LNqPO7/V69wbtFFus//gVozDTmv8Ws1J4lc+GYyfuVL6o8aLyGDhhrB8HoLklYLF
-chkCsjt8rQ2U2fAtwWNoxlIgw707tpwR5zLe58b/aM71OOMPZlERc4VPmZTkGgYH
-WFJCWxnp0TQ5CIjGyigewG55Mp8XqSf5cSel/pc3rmrHVq4vrw5cLcxhJNkIUQfN
-9x6NvkLCBWwOLBx+HAEiLeOqIDIILObrpwIDAQAB
------END RSA PUBLIC KEY-----

src/deps/src/lua-resty-openssl/t/fixtures/test.crt

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBzCCAe+gAwIBAgIUJ+FXF8zL+pdK8Nl68Eq0aQlZKNMwDQYJKoZIhvcNAQEL
-BQAwEzERMA8GA1UEAwwIdGVzdC5jb20wHhcNMjAxMjE1MTAwNjIyWhcNMzAxMjEz
-MTAwNjIyWjATMREwDwYDVQQDDAh0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMEQQC0nyiHOekSs6sTwLBrdiWYvDWC5OQylQZY2pWsBYtWH
-3rkkt98rRNC3cxLSPwH+AAJrJCnRl4ZIxUrtNF8zPW/NexAaarKMLq8LHnVD+cf5
-uLzK9xZNt5s8aTQOF8TuHH2Zq/jdfJ9MnAJf1noZ4Oz5IZqOtgJ+1oCDZJc4ZlL1
-KO5tfDsWZOsRdow6F7wlK1xtCfcakcncL7Yh4xbZYQXnNSliGZF0/+SIqYIGhv2f
-EBng0yOW6FrXtrxhj/7TplAd2v5ziCsdcqqA+YFu4e6PzFybNErUgNZ8ZsokmP56
-uU13oKYLIsEf11EmKEX1bwvEvvu+T/V/IB38YV8CAwEAAaNTMFEwHQYDVR0OBBYE
-FM8D9Qnrg9JPEN5lkpDpkz44TOh8MB8GA1UdIwQYMBaAFM8D9Qnrg9JPEN5lkpDp
-kz44TOh8MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI/ODar1
-fVkJ50rLToICvp2zZkLSsZlL13Gy4+FUUl0sctSRbXF6yPZGa3u6/HeF5AWnrFNX
-eZUVuJgyYa2gmz0K+HGbSrbNFb4Cpnhe7Y722SpSDEj3ybOI3EBeRT3WcwpSsGKa
-Kfx8NY08J440cn3oNAbZ9XrZOHhyvjkCEr9+ieg1MvMtNg5NbTpHj6Riuvuvvs3s
-CaOJ1dN5a59hHHvt76lb6Ah3cwJ98CRAObp1bElgL//Tl9faAHAFIpGopvq41Jnn
-rBd/GtvM6J/LHznZ9eOvMq+uBMyAhzpmi6Ih4SGnwN/i8StRbNvpIUIq2rO6IvCZ
-61xzxPhcY6bB2KI=
------END CERTIFICATE-----

src/deps/src/lua-resty-openssl/t/fixtures/test.csr

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDFTCCAf0CAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
-FDASBgNVBAcTC0xvcyBBbmdlbGVzMRQwEgYDVQQKEwtTU0wgU3VwcG9ydDEUMBIG
-A1UECxMLU1NMIFN1cHBvcnQxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPOIBIoblSLFv/ifj8GDCNL5NhDX2JVU
-QKcWC19KtWYQg1HPnaGIy+Dj9tYSBw8T8xc9hbJ1TYGbBIMKfBUzKoTt5yLdVIM/
-HJm3m9ImvAbK7TYcx1U9TJEMxN6686whAUMBr4B7ql4VTXqu6TgDcdbcQ5wsPVOi
-FHJTTwgVwt7eVCBMFAkZn+qQz+WigM5HEp8KFrzwAK142H2ucuyfgGS4+XQSsUdw
-NWh9GPRZgRt3R2h5ymYkQB/cbg596alCquoizI6QCfwQx3or9Dg1f3rlwf8H5HIV
-H3hATGIr7GpbKka/JH2PYNGfi5KqsJssVQfu84m+5WXDB+90KHJEcwIDAQABoFYw
-VAYJKoZIhvcNAQkOMUcwRTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUE
-DDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0B
-AQUFAAOCAQEAgBSVMeTB9pfgZCllMPBFffeduMePyDA1SzLYjSFkh660sFFiwGAV
-MTnnYFHH3k6ueRVal3gzxZJ6ehr+ms1/CRO8rlY+B6geMCbGCbCvcAET0n505aYH
-v8vlvqrdSx8Ur/9sisbynCkdk2qgc3rbnDbsAAonZIXf+blacaYTZdGUxso6qtY6
-6mhI+ulqmkDk3Quc02ityvuGEbN8UuUGxc+kg0aIqMWWNKUGpTq/aRWpC7kuCUFZ
-fmvPwnMhzgKBPzOXwyauVxAV0Mm/1uwPu9GNVQDgewy4Rjbm5bNwIjce3W1tVMWT
-FR+x0BtV+D2A62fJWB2Yv9oERJbZQnvLqw==
------END CERTIFICATE REQUEST-----

src/deps/src/lua-resty-openssl/t/fixtures/test.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBEEAtJ8ohznpE
-rOrE8Cwa3YlmLw1guTkMpUGWNqVrAWLVh965JLffK0TQt3MS0j8B/gACayQp0ZeG
-SMVK7TRfMz1vzXsQGmqyjC6vCx51Q/nH+bi8yvcWTbebPGk0DhfE7hx9mav43Xyf
-TJwCX9Z6GeDs+SGajrYCftaAg2SXOGZS9SjubXw7FmTrEXaMOhe8JStcbQn3GpHJ
-3C+2IeMW2WEF5zUpYhmRdP/kiKmCBob9nxAZ4NMjluha17a8YY/+06ZQHdr+c4gr
-HXKqgPmBbuHuj8xcmzRK1IDWfGbKJJj+erlNd6CmCyLBH9dRJihF9W8LxL77vk/1
-fyAd/GFfAgMBAAECggEAG+N4Ec3MoiOMf/0mkLpM9LiJz4v+d7lp50y787IDJTj3
-CPdukfoe4YsDjs7hPZfHaEdDwxWtDKltJQXAEjm/tfzV5B+fpkzamt4rJDgL906R
-d3S4XfVHyh4B5tfMLqvWfSkUToRzVijQhsZvRtyHQ+4XEsROOWBiJGwkGj5guoM3
-4ItEJOXece+4pV0M1KPb3aTqGLw/Iow1IV9k+HCKrxwsBK0xpoEYfvK6N6PsmcRK
-iPS53D6bCS74HidgXvhPN8hdVvJ+s8rvXDdVF3Ajw/LhrdeYrRjZUtRpB43Z8uLn
-raMMOid4Q9EEsZNcWG2UO6BHyDibkOzQmPIv0/JIgQKBgQDo1Cmd3ialMZkn9bSX
-DUNxMZlTk49Abns2rKojRxApU3h3aVuViXPIs3yz0cUPzURGHOOHQwU5cFjMVsxx
-GffZjNq+ViR1Il0UhxBlYlcRZOou4RSi6VnN8HRjNeBNrzGxo/C+9/U00/APT/z5
-OBloEoWy22SqTJtQCKspQ60knwKBgQDURvpcMlJE6UBhIy3Q3/7+HUc/AsCj5dMY
-OafioeuKO+fRcNBaith3bUF3aRplf2jD/pQ/nLvD4+q0tvaEY06jpiVwm5PXGdUy
-acIcs56ch1BiczP5pkSpEpaG0ap4btW86UU3K+at0iAJqfm9aR8DSOugl+D+EC16
-RDRKn4TLQQKBgQDA4vPPW7m8ZYiyuDXyZgSXhDW4LakiAeWF+CnDrB3RfttwYhKD
-oioP/dKzzndpje6f/1LoPjfXzCFkuAwLLy5MRwr5YLg3ak6esP5+X6guOuJgEAxe
-ot/JYwmpH3tCIIAU4PKT4yx7pZFdvjCf7z/tHlsxP9z30RtihKv4NZ79lQKBgBOL
-XW2zrGNv3l+TL5q1pPKcm3yvsjDk7iSi2lRBeEBH97YO3wAXHIsSYh6ubKG/s1Oo
-UtnwglEs4OU2m0fhJNJob7YIfPonBLwZhKfD2eyrgLkvxi9MIbI3ZeiP0VQ5UDCO
-gbLstdZ3LD/3iGjqDtLsmdU1Zp+9uZIySWY9faqBAoGAa3DJYcGpBQWDlNbojcgv
-VUNukUrxDQOLR6AbPcYF8EdrSgtkuDQJfb94HpR55u6o+l9SiD2t9uEl/rLqrp1+
-jOTte0IERqrerKp43G/AHZduw0ks4PPxglZUAQ1/HSTUTUvACoHFB9egElj3zNIX
-fFBB0c+kqU2aLFq342F0ONU=
------END PRIVATE KEY-----

src/deps/src/lua-resty-openssl/t/openssl.t

@@ -1,194 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-my $fips = $ENV{'TEST_NGINX_FIPS'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;$pwd/../lua-resty-hmac/lib/?.lua;$pwd/../lua-resty-string/lib/?.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-
-        _G.fips = "$fips" ~= ""
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Load ffi openssl library
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local openssl = require("resty.openssl")
-            openssl.load_modules()
-            ngx.say(string.format("%x", openssl.version.version_num))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\d{6}[0-9a-f][0f]
---- no_error_log
-[error]
-
-
-=== TEST 2: Luaossl compat pattern
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local openssl = require("resty.openssl")
-            openssl.luaossl_compat()
-            local pkey = require("resty.openssl.pkey")
-            local pok, perr = pcall(pkey.new, "not a key")
-            ngx.say(pok)
-            ngx.say(perr)
-        }
-    }
---- request
-    GET /t
---- response_body_like
-false
-.+pkey.new.+
---- no_error_log
-[error]
-
-
-=== TEST 3: List cipher algorithms
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL then
-                ngx.say("[\"AES\"]")
-                ngx.say("[\"AES-256-GCM @ default\"]")
-                ngx.exit(0)
-            end
-            local openssl = require("resty.openssl")
-            ngx.say(require("cjson").encode(openssl.list_cipher_algorithms()))
-            if not version.OPENSSL_3X then
-                ngx.say("[\"AES-256-GCM @ default\"]")
-                ngx.exit(0)
-            end
-            ngx.say(require("cjson").encode(openssl.list_cipher_algorithms()))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\[.+AES.+\]
-\[.+AES-256-GCM @ default.+\]
---- no_error_log
-[error]
-
-=== TEST 4: List digest algorithms
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL then
-                ngx.say("[\"SHA\"]")
-                ngx.say("[\"SHA2-256 @ default\"]")
-                ngx.exit(0)
-            end
-            local openssl = require("resty.openssl")
-            ngx.say(require("cjson").encode(openssl.list_digest_algorithms()))
-            if not version.OPENSSL_3X then
-                ngx.say("[\"SHA2-256 @ default\"]")
-                ngx.exit(0)
-            end
-            ngx.say(require("cjson").encode(openssl.list_digest_algorithms()))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\[.+SHA.+\]
-\[.+SHA2-256 @ default.+\]
---- no_error_log
-[error]
-
-=== TEST 5: List mac algorithms
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if not version.OPENSSL_3X then
-                ngx.say("[\"HMAC @ default\"]")
-                ngx.exit(0)
-            end
-            local openssl = require("resty.openssl")
-            ngx.say(require("cjson").encode(openssl.list_mac_algorithms()))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\[.+HMAC @ default.+\]
---- no_error_log
-[error]
-
-=== TEST 6: List kdf algorithms
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if not version.OPENSSL_3X then
-                ngx.say("[\"HKDF @ default\"]")
-                ngx.exit(0)
-            end
-            local openssl = require("resty.openssl")
-            ngx.say(require("cjson").encode(openssl.list_kdf_algorithms()))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\[.+HKDF @ default.+\]
---- no_error_log
-[error]
-
-=== TEST 7: List SSL cipher
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.OPENSSL_10 or (version.OPENSSL_11 and not version.OPENSSL_111) then
-                ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
-                ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
-                ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
-                ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
-                ngx.exit(0)
-            end
-            local version = require("resty.openssl.version")
-            local openssl = require("resty.openssl")
-            ngx.say(openssl.list_ssl_ciphers())
-            ngx.say(openssl.list_ssl_ciphers("ECDHE-ECDSA-AES128-SHA"))
-            ngx.say(openssl.list_ssl_ciphers("ECDHE-ECDSA-AES128-SHA", nil, "TLSv1.2"))
-            ngx.say(openssl.list_ssl_ciphers("ECDHE-ECDSA-AES128-SHA", nil, "TLSv1.3"))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.+:.+
-.*ECDHE-ECDSA-AES128-SHA
-.*ECDHE-ECDSA-AES128-SHA
-.*ECDHE-ECDSA-AES128-SHA
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/asn1.t

@@ -1,141 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: asn1_to_unix utctime
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local ffi = require("ffi")
-            local asn1 = require("resty.openssl.asn1")
-            local a = ffi.C.ASN1_STRING_type_new(23) -- V_ASN1_UTCTIME
-            ffi.gc(a, ffi.C.ASN1_STRING_free)
-            local s = "200115123456Z"
-            ffi.C.ASN1_STRING_set(a, s, #s)
-
-            ngx.print(assert(asn1.asn1_to_unix(a)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1579091696"
---- no_error_log
-[error]
-
-=== TEST 2: asn1_to_unix utctime, offset
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local ffi = require("ffi")
-            local asn1 = require("resty.openssl.asn1")
-            local a = ffi.C.ASN1_STRING_type_new(23) -- V_ASN1_UTCTIME
-            ffi.gc(a, ffi.C.ASN1_STRING_free)
-            local s = "200115123456+0102"
-            ffi.C.ASN1_STRING_set(a, s, #s)
-
-            ngx.print(assert(asn1.asn1_to_unix(a)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1579095416"
---- no_error_log
-[error]
-
-=== TEST 3: asn1_to_unix generalized time
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local ffi = require("ffi")
-            local asn1 = require("resty.openssl.asn1")
-            local a = ffi.C.ASN1_STRING_type_new(24) -- V_ASN1_GENERALIZEDTIME
-            ffi.gc(a, ffi.C.ASN1_STRING_free)
-            local s = "22200115123456Z"
-            ffi.C.ASN1_STRING_set(a, s, #s)
-
-            ngx.print(assert(asn1.asn1_to_unix(a)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"7890438896"
---- no_error_log
-[error]
-
-=== TEST 4: asn1_to_unix generalized time, offset
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local ffi = require("ffi")
-            local asn1 = require("resty.openssl.asn1")
-            local a = ffi.C.ASN1_STRING_type_new(24) -- V_ASN1_GENERALIZEDTIME
-            ffi.gc(a, ffi.C.ASN1_STRING_free)
-            local s = "22200115123456-0123"
-            ffi.C.ASN1_STRING_set(a, s, #s)
-
-            ngx.print(assert(asn1.asn1_to_unix(a)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"7890433916"
---- no_error_log
-[error]
-
-=== TEST 5: asn1_to_unix error on bad format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local ffi = require("ffi")
-            local asn1 = require("resty.openssl.asn1")
-            local a = ffi.C.ASN1_STRING_type_new(24) -- V_ASN1_UTCTIME
-            ffi.gc(a, ffi.C.ASN1_STRING_free)
-            for _, s in pairs({
-                "201315123456Z",
-                "200132123456Z",
-                "200115243456Z",
-                "200115123461Z",
-            }) do
-                ffi.C.ASN1_STRING_set(a, s, #s)
-
-                local _, err = asn1.asn1_to_unix(a)
-                if err == nil then
-                    ngx.say(s, " should fail but didn't")
-                end
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-""
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/aux/jwk.t

@@ -1,232 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-    }
-};
-
-no_long_string();
-
-run_tests();
-
-__DATA__
-=== TEST 1: Loads JWK RSA key
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local jwk = require("cjson").encode({
-                kty = "RSA",
-                n   = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
-                e   = "AQAB",
-                d   = "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q",
-                p   = "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0",
-                q   = "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8",
-                dp  = "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE",
-                dq  = "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk",
-                qi  = "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"
-            })
-            local privkey, err = require("resty.openssl.pkey").new(jwk)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local privkey, err = require("resty.openssl.pkey").new(jwk, {
-                format = "JWK",
-            })
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-
-            -- errors
-            local _, err = require("resty.openssl.pkey").new('asdasd', {
-                format = "JWK",
-            })
-            ngx.say(err)
-            local _, err = require("resty.openssl.pkey").new(require("cjson").encode({
-                kty = "RSA",
-                n   = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
-            }), {
-                format = "JWK",
-            })
-            ngx.say(err)
-
-            -- pubkey only
-            jwk = require("cjson").encode({
-                kty = "RSA",
-                n   = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
-                e   = "AQAB",
-            })
-            local pubkey, err = require("resty.openssl.pkey").new(jwk)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-
-            local s, err = pubkey:encrypt("23333")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local s, err = privkey:decrypt(s)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(s)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-'pkey.new:load_key: error decoding JSON from JWK: Expected value but found invalid token at character 1
-pkey.new:load_key: failed to construct RSA key from JWK: at least "n" and "e" parameter is required
-23333
-'
---- no_error_log
-[error]
-
-=== TEST 2: Loads JWK EC key
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local jwk = require("cjson").encode({
-                kty = "EC",
-                crv = "P-256",
-                x   = "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
-                y   = "lf0u0pMj4lGAzZix5u4Cm5CMQIgMNpkwy163wtKYVKI",
-                d   = "0g5vAEKzugrXaRbgKG0Tj2qJ5lMP4Bezds1_sTybkfk"
-            })
-            local privkey, err = require("resty.openssl.pkey").new(jwk)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local privkey, err = require("resty.openssl.pkey").new(jwk, {
-                format = "JWK",
-            })
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-
-            -- errors
-            local _, err = require("resty.openssl.pkey").new(require("cjson").encode({
-                kty = "EC",
-                crv = "P-256",
-                x   = "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
-            }), {
-                format = "JWK",
-            })
-            ngx.say(err)
-
-            -- pubkey only
-            jwk = require("cjson").encode({
-                kty = "EC",
-                crv = "P-256",
-                x   = "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
-                y   = "lf0u0pMj4lGAzZix5u4Cm5CMQIgMNpkwy163wtKYVKI",
-            })
-            local pubkey, err = require("resty.openssl.pkey").new(jwk)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-
-            local d = require("resty.openssl.digest").new("sha256")
-            d:update("23333")
-            local s, err = privkey:sign(d)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local ok, err = pubkey:verify(s, d)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(ok)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-'pkey.new:load_key: failed to construct EC key from JWK: at least "x" and "y" parameter is required
-true
-'
---- no_error_log
-[error]
-
-=== TEST 3: Loads JWK Ed25519 key
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_111_OR_LATER then
-                ngx.say('pkey.new:load_key: failed to construct OKP key from JWK: at least "x" or "d" parameter is required')
-                ngx.exit(0)
-            end
-            local jwk = require("cjson").encode({
-                kty = "OKP",
-                crv = "Ed25519",
-                x   = "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
-                d   = "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
-            })
-            local privkey, err = require("resty.openssl.pkey").new(jwk)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local privkey, err = require("resty.openssl.pkey").new(jwk, {
-                format = "JWK",
-            })
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-
-            -- errors
-            local _, err = require("resty.openssl.pkey").new(require("cjson").encode({
-                kty = "OKP",
-                crv = "Ed25519",
-            }), {
-                format = "JWK",
-            })
-            ngx.say(err)
-
-            -- pubkey only
-            jwk = require("cjson").encode({
-                kty = "OKP",
-                crv = "Ed25519",
-                x   = "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
-            })
-            local pubkey, err = require("resty.openssl.pkey").new(jwk)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-
-        }
-    }
---- request
-    GET /t
---- response_body eval
-'pkey.new:load_key: failed to construct OKP key from JWK: at least "x" or "d" parameter is required
-'
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/bn.t

@@ -1,623 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: New BIGNUM instance correctly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn, err = require("resty.openssl.bn").new()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn:to_binary()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(ngx.encode_base64(b))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-""
---- error_log
-bn:to_binary failed
-
-=== TEST 2: New BIGNUM instance from number
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn, err = require("resty.openssl.bn").new(0x5b25)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn:to_binary()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(ngx.encode_base64(b))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"WyU="
---- no_error_log
-[error]
-
-=== TEST 3: Duplicate the ctx
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            require('ffi').cdef('typedef struct bignum_st BIGNUM; void BN_free(BIGNUM *a);')
-            local bn, err = require("resty.openssl.bn").new(0x5b25)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local bn2, err = require("resty.openssl.bn").dup(bn.ctx)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            bn = nil
-            collectgarbage("collect")
-            local b, err = bn2:to_binary()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(ngx.encode_base64(b))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"WyU="
---- no_error_log
-[error]
-
-=== TEST 4: from_binary, to_binary
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local d = ngx.decode_base64('WyU=')
-            local bn, err = require("resty.openssl.bn").from_binary(d)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn:to_binary()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(ngx.encode_base64(b))
-
-            if not require("resty.openssl.version").OPENSSL_11_OR_LATER then
-                ngx.print("AAAAAAAAAABbJQ=="); ngx.exit(0)
-            end
-
-            local b, err = bn:to_binary(10)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(ngx.encode_base64(b))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"WyU=AAAAAAAAAABbJQ=="
---- no_error_log
-[error]
-
-=== TEST 5: from_hex, to_hex
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn, err = require("resty.openssl.bn").from_hex("5B25")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn:to_hex()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(b)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"5[Bb]25"
---- no_error_log
-[error]
-
-=== TEST 6: from_dec, to_dec
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn, err = require("resty.openssl.bn").from_dec("23333")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn:to_dec()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.print(b)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"23333"
---- no_error_log
-[error]
-
-=== TEST 7: to_number
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local b, err = bn.new(23333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local n, err = b:to_number()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(n),type(n))
-
-            b, err = bn.from_dec('184467440737095516161844674407370955161618446744073709551616')
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local n, err = b:to_number()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(n),type(n))
-
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"23333number
-1.844674407371e+19number
-"
---- no_error_log
-[error]
-
-=== TEST 8: unary minus
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn, err = require("resty.openssl.bn").new(23333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = (-bn):to_dec()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(b)
-            local b, err = (-(-bn)):to_dec()
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(b)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"-23333
-23333
-"
---- no_error_log
-[error]
-
-=== TEST 9: metamethods checks arg
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local a, err = require("resty.openssl.bn").new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = require("resty.openssl.bn").new(2478652)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local pok, perr = pcall(function() return a + "233" end)
-            ngx.say(perr)
-            local pok, perr = pcall(function() return "233" - a end)
-            ngx.say(perr)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-".+cannot add a string to bignum
-.+cannot substract a string to bignum
-"
---- no_error_log
-[error]
-
-=== TEST 10: add, sub, mul, div mod
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn.new(2478652)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(a+b))
-            ngx.say(tostring(a-b))
-            ngx.say(tostring(a*b))
-            ngx.say(tostring(a/b))
-            ngx.say(tostring(a%b))
-            ngx.say(tostring(a*2478652))
-            ngx.say(tostring(23578164761333*b))
-            ngx.say(tostring(bn.mul(23578164761333, b)))
-            ngx.say(tostring(a:mul(b)))
-            ngx.say(tostring(23578164761333*2478652))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"23578167239985
-23578162282681
-58442065242007563116
-9512495
-4593
-58442065242007563116
-58442065242007563116
-58442065242007563116
-58442065242007563116
-5.8442065242008e\+19
-"
---- no_error_log
-[error]
-
-=== TEST 11: sqr, exp
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn.new(97)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(a:sqr()))
-            ngx.say(tostring(a:exp(2)))
-            ngx.say(tostring(a:pow(2)))
-            ngx.say(tostring(b:exp(b)))
-            ngx.say(tostring(bn.sqr(a)))
-            ngx.say(tostring(bn.sqr(23578164761333)))
-            ngx.say(tostring(bn.exp(a, 2)))
-            ngx.say(tostring(bn.exp(23578164761333, 2)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"555929853512565244851936889
-555929853512565244851936889
-555929853512565244851936889
-5210245939718361468048211048414496022534389576033913164940029913016568215580398296261072019231723279851007241838011659882766685337218633992220688288491655299087016195985205218347711578485744737
-555929853512565244851936889
-555929853512565244851936889
-555929853512565244851936889
-555929853512565244851936889
-"
---- no_error_log
-[error]
-
-=== TEST 12: gcd
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn.new(97)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(a:gcd(b)))
-            ngx.say(tostring(bn.gcd(a, b)))
-            ngx.say(tostring(bn.gcd(a, 97)))
-            ngx.say(tostring(bn.gcd(23578164761333, b)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1
-1
-1
-1
-"
---- no_error_log
-[error]
-
-=== TEST 13: lshift, rshift
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(a:lshift(2)))
-            ngx.say(tostring(a:rshift(2)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"94312659045332
-5894541190333
-"
---- no_error_log
-[error]
-
-=== TEST 14: comparasion
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn.new(97)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(a == b))
-            ngx.say(tostring(a ~= b))
-            ngx.say(tostring(a >= b))
-            ngx.say(tostring(a > b))
-            ngx.say(tostring(a < b))
-            ngx.say(tostring(a <= b))
-            ngx.say("")
-            ngx.say(tostring(a == a))
-            ngx.say(tostring(a ~= a))
-            ngx.say(tostring(a >= a))
-            ngx.say(tostring(a > a))
-            ngx.say(tostring(a < a))
-            ngx.say(tostring(a <= a))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"false
-true
-true
-true
-false
-false
-
-true
-false
-true
-false
-false
-true
-"
---- no_error_log
-[error]
-
-=== TEST 15: is_one, is_zero, is_odd, is_word
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            ngx.say(tostring(bn.new(0):is_zero()))
-            ngx.say(tostring(bn.new(1):is_zero()))
-            ngx.say(tostring(bn.new(0):is_one()))
-            ngx.say(tostring(bn.new(1):is_one()))
-            ngx.say(tostring(bn.new(0):is_odd()))
-            ngx.say(tostring(bn.new(1):is_odd()))
-            ngx.say(tostring(bn.new(0):is_word(0)))
-            ngx.say(tostring(bn.new(1):is_word(0)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"true
-false
-false
-true
-false
-true
-true
-false
-"
---- no_error_log
-[error]
-
-=== TEST 16: is_prime
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            ngx.say(tostring(bn.new(2):is_prime()))
-            ngx.say(tostring(bn.new(15):is_prime()))
-            ngx.say(tostring(bn
-            .from_hex('00d3277434ff7e3d410b3453a5cddc13e834fbdc19f38c580bc05b68dfa179afa4b6e6d34fe2bde9d90390046a86306bd022d4ed8187ccaa21808e189e7b803fd918b7782078f3be6bc8683d71d7d46cb134bc2a74dbe410d2bb068e45af95deef546f6970b83f9386e504b6fbefee6ae804fbf544e6b7cf82aacfff9472c6af07')
-            :is_prime()))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"true
-false
-true
-"
---- no_error_log
-[error]
-
-=== TEST 17: mod_add, mod_sub, mod_mul, mul_exp, mul_sqr mod
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.new(23578164761333)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local b, err = bn.new(2478652)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            local m, err = bn.new(65537)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(a:mod_add(b, m)))
-            ngx.say(tostring(a:mod_sub(b, m)))
-            ngx.say(tostring(a:mod_mul(b, m)))
-            ngx.say(tostring(a:mod_exp(b, m)))
-            ngx.say(tostring(a:mod_sqr(b, m)))
-            ngx.say(tostring(a:mod_exp(b, 65537)))
-            ngx.say(tostring(bn.mod_exp(a, 2478652, m)))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"49755
-7726
-27398
-28353
-1266433
-28353
-28353
-"
---- no_error_log
-[error]
-
-=== TEST 18: generate_prime
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local bn = require("resty.openssl.bn")
-            local a, err = bn.generate_prime(10, false)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            if not a:is_prime() then
-                ngx.log(ngx.ERR, "not prime")
-                return
-            end
-            local a, err = bn.generate_prime(10, true)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            if not a:is_prime() then
-                ngx.log(ngx.ERR, "not prime")
-                return
-            end
-            ngx.say("ok")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/cipher.t

@@ -1,517 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Creates cipher correctly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
-                is_encrypt = true,
-            }))
-
-            ngx.print(ngx.encode_base64(myassert(cipher:final('1'))))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"VhGyRCcMvlAgUjTYrqiWpg=="
---- no_error_log
-[error]
-
-
-=== TEST 2: Rejects unknown cipher
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher, err = require("resty.openssl.cipher").new("aes257")
-            ngx.print(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"cipher.new: invalid cipher type \"aes257\".*"
---- no_error_log
-[error]
-
-=== TEST 3: Unintialized ctx throw errors
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local s, err = cipher:update("1")
-            ngx.say(err)
-            local _, err = cipher:final("1")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"cipher:update: cipher not initalized, call cipher:init first
-cipher:update: cipher not initalized, call cipher:init first
-"
---- no_error_log
-[error]
-
-=== TEST 4: Encrypt
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local s = myassert(cipher:encrypt(string.rep("0", 32), string.rep("0", 16), '1'))
-
-            ngx.print(ngx.encode_base64(s))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"VhGyRCcMvlAgUjTYrqiWpg=="
---- no_error_log
-[error]
-
-=== TEST 5: Encrypt no padding
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local s, err = cipher:encrypt(string.rep("0", 32), string.rep("0", 16), '1', true)
-            ngx.say(s)
-            -- 1.x: data not multiple of block length
-            -- 3.0: wrong final block length
-            ngx.say(err)
-            local s = myassert(cipher:encrypt(string.rep("0", 32), string.rep("0", 16),
-                '1' .. string.rep(string.char(15), 15), true))
-            ngx.print(ngx.encode_base64(s))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nil
-.+(?:data not multiple of block length|wrong final block length|DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH)
-VhGyRCcMvlAgUjTYrqiWpg=="
---- no_error_log
-[error]
-
-=== TEST 6: Decrypt
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local s = myassert(cipher:decrypt(string.rep("0", 32), string.rep("0", 16),
-                ngx.decode_base64("VhGyRCcMvlAgUjTYrqiWpg==")))
-
-            ngx.print(s)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1"
---- no_error_log
-[error]
-
-=== TEST 7: Decrypt no padding
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local s = myassert(cipher:decrypt(string.rep("0", 32), string.rep("0", 16),
-                ngx.decode_base64("VhGyRCcMvlAgUjTYrqiWpg=="), true))
-
-            ngx.print(s)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}"
---- no_error_log
-[error]
-
-=== TEST 8: Encrypt streaming
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
-                is_encrypt = true,
-            }))
-
-            local sample = 'abcdefghi'
-            local count = 5
-            for i=1,count,1 do
-                local s = myassert(cipher:update(sample))
-
-                if s ~= "" then
-                    ngx.say(ngx.encode_base64(s))
-                else
-                    ngx.say("nothing")
-                end
-            end
-            local s = myassert(cipher:final(sample))
-
-            ngx.say("final")
-            ngx.say(ngx.encode_base64(s))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"nothing
-SEk81GpcHC9KoZfN14RrNg==
-nothing
-L2dVbLMhEigy917CJBXz7g==
-nothing
-final
-dtpklHxY9IbgmSw84+2XMr0Vy/S1392+rvu0A3GW1Wo=
-"
---- no_error_log
-[error]
-
-=== TEST 9: Decrypt streaming
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
-                is_encrypt = false,
-            }))
-
-            local input = ngx.decode_base64('SEk81GpcHC9KoZfN14RrNg==') ..
-                            ngx.decode_base64('L2dVbLMhEigy917CJBXz7g==') ..
-                            ngx.decode_base64('dtpklHxY9IbgmSw84+2XMr0Vy/S1392+rvu0A3GW1Wo=')
-            local count = 5 + 1
-            local len = (#input - #input % count) / count
-            for i=0,#input-len,len do
-                local s = myassert(cipher:update(string.sub(input, i+1, i+len)))
-
-                if s ~= "" then
-                    ngx.say(s)
-                else
-                    ngx.say("nothing")
-                end
-            end
-            -- this should throw error since we end in the middle
-            local s, err = cipher:final()
-            ngx.say(err)
-            ngx.say(s)
-            -- feed the last chunk of input
-            local s = myassert(cipher:final(string.sub(input, #input -#input % count + 1, #input)))
-            ngx.say("final")
-            ngx.say(s)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nothing
-abcdefghiabcdefg
-nothing
-hiabcdefghiabcde
-fghiabcdefghiabc
-nothing
-.+(wrong final block length|WRONG_FINAL_BLOCK_LENGTH)
-nil
-final
-defghi
-"
---- no_error_log
-[error]
-
-
-=== TEST 10: Derive key and iv
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            function string.tohex(str)
-                return (str:gsub('.', function (c)
-                    return string.format('%02X', string.byte(c))
-                end))
-            end
-
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            -- openssl enc -aes-256-cbc -pass pass:xxx -S 797979 -P -md md5
-            local key, iv = cipher:derive("xxx", "yyy", 1, "md5")
-
-            ngx.say(key:tohex())
-            ngx.say(iv:tohex())
-
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-ecb"))
-
-            -- openssl enc -aes-256-ecb -pass pass:xxx -S 797979 -P -md md5
-            local key, iv = cipher:derive("xxx", "yyy", 1, "md5")
-            ngx.say(key:tohex())
-            ngx.say(iv:tohex() == "" and "no iv")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1F94CD004791ECFD50955451ACDA89D2CF1B4BCC6A378E4FC5C5861BDED17F61
-FE91AF7782EDB48F32775BB2B72DD5ED
-1F94CD004791ECFD50955451ACDA89D2CF1B4BCC6A378E4FC5C5861BDED17F61
-no iv
-"
---- no_error_log
-[error]
-
-=== TEST 11: Derive key and iv: salt, count and md is optional
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            function string.tohex(str)
-                return (str:gsub('.', function (c)
-                    return string.format('%02X', string.byte(c))
-                end))
-            end
-
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            -- openssl enc -aes-256-cbc -pass pass:xxx -nosalt -P -md sha1
-            local key, iv = cipher:derive("xxx")
-
-            ngx.say(key:tohex())
-            ngx.say(iv:tohex())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"B60D121B438A380C343D5EC3C2037564B82FFEF3542808AB5694FA93C3179140
-20578C4FEF1AEE907B1DC95C776F8160
-"
---- no_error_log
-[error]
-
-=== TEST 12: AEAD modes
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local myassert = require("helper").myassert
-            local key = string.rep("0", 32)
-            local iv = string.rep("0", 12)
-            local aad = "an aad"
-            local cipher = require("resty.openssl.cipher")
-
-            local enc = myassert(cipher.new("aes-256-gcm"))
-            local d = myassert(enc:encrypt(key, iv, "secret", false, aad))
-            local tag = myassert(enc:get_aead_tag())
-
-            local dec = myassert(cipher.new("aes-256-gcm"))
-            local s = myassert(dec:decrypt(key, iv, d, false, aad, tag))
-            ngx.say(s)
-
-            local dec = myassert(cipher.new("aes-256-gcm"))
-            local r, err = dec:decrypt(key, iv, d, false, nil, tag)
-            ngx.say(r)
-
-            local dec = myassert(cipher.new("aes-256-gcm"))
-            local r, err = dec:decrypt(key, iv, d, false, aad, nil)
-            ngx.say(r)
-
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"secret
-nil
-nil
-"
---- no_error_log
-[error]
-
-=== TEST 13: Returns provider
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("default")
-                ngx.exit(0)
-            end
-
-            local cipher = require("resty.openssl.cipher")
-            local c = myassert(cipher.new("aes256"))
-            ngx.say(myassert(c:get_provider_name()))
-        }
-    }
---- request
-    GET /t
---- response_body
-default
---- no_error_log
-[error]
-
-=== TEST 14: Returns gettable, settable params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("-ivlen-\n-padding-")
-                ngx.exit(0)
-            end
-
-            local cipher = require("resty.openssl.cipher")
-            local c = myassert(cipher.new("aes256"))
-            ngx.say(require("cjson").encode(myassert(c:gettable_params())))
-            ngx.say(require("cjson").encode(myassert(c:settable_params())))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.+ivlen.+
-.+padding.+
---- no_error_log
-[error]
-
-=== TEST 15: Get params, set params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("secret\nsecret\nnil")
-                ngx.exit(0)
-            end
-
-            local myassert = require("helper").myassert
-            local key = string.rep("0", 32)
-            local iv = string.rep("0", 12)
-            local aad = "an aad"
-            local cipher = require("resty.openssl.cipher")
-
-            local enc = myassert(cipher.new("aes-256-gcm"))
-            local d = myassert(enc:encrypt(key, iv, "secret", false, aad))
-            local tag = myassert(enc:get_param("tag", 16))
-
-            local dec = myassert(cipher.new("aes-256-gcm"))
-            local s = myassert(dec:decrypt(key, iv, d, false, aad, tag))
-            ngx.say(s)
-
-            local dec = myassert(cipher.new("aes-256-gcm"))
-            myassert(dec:init(key, iv))
-            myassert(dec:set_params({tag = tag}))
-            myassert(dec:update_aead_aad(aad))
-            local r, err = dec:final(d)
-            ngx.say(r)
-
-            local dec = myassert(cipher.new("aes-256-gcm"))
-            myassert(dec:init(key, iv))
-            myassert(dec:set_params({tag = "wrong tag"}))
-            myassert(dec:update_aead_aad(aad))
-            local r, err = dec:final(d)
-            ngx.say(r)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"secret
-secret
-nil
-"
---- no_error_log
-[error]
-
-
-=== TEST 16: Update with segements larger than 1024
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-
-            local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-
-            local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
-                is_encrypt = true,
-            }))
-
-            local count = 3
-            for i=1,count,1 do
-                local s = myassert(cipher:update(string.rep(tostring(i), 1024)))
-
-                if s ~= "" then
-                    ngx.say(ngx.encode_base64(string.sub(s, -16)))
-                else
-                    ngx.say("nothing")
-                end
-            end
-            local s = myassert(cipher:final(string.rep("a", 1024)))
-
-            ngx.say("final")
-            ngx.say(ngx.encode_base64(string.sub(s, -16)))
-
-            local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
-                is_encrypt = true,
-            }))
-            local s = myassert(cipher:final(string.rep("1", 1024) ..
-                                            string.rep("2", 1024) ..
-                                            string.rep("3", 1024) ..
-                                            string.rep("a", 1024)))
-
-            ngx.say(ngx.encode_base64(string.sub(s, -16))) -- should be same as above
-
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"XZElJKMyKzuvbYNf4Y0hAw==
-59Cw1+C6hHpfqsOn7PZ2Gw==
-t6oGLYvnjihoi+7tPfyK/A==
-final
-QcpC0TXDxiOln2ENZ0aGDA==
-QcpC0TXDxiOln2ENZ0aGDA==
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/ctx.t

@@ -1,96 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Can create a ctx in ngx.ctx
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.exit(0)
-            end
-            local ctx = require("resty.openssl.ctx")
-            myassert(ctx.new(true))
-        }
-    }
---- request
-    GET /t
---- no_error_log
-[error]
-
-
-=== TEST 2: Can create a ctx in global namespace
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.exit(0)
-            end
-            local ctx = require("resty.openssl.ctx")
-            myassert(ctx.new())
-        }
-    }
---- request
-    GET /t
---- no_error_log
-[error]
-
-
-=== TEST 3: Can free ctx in ngx.ctx
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.exit(0)
-            end
-            local ctx = require("resty.openssl.ctx")
-            myassert(ctx.new(true))
-            myassert(ctx.free(true))
-        }
-    }
---- request
-    GET /t
---- no_error_log
-[error]
-
-
-=== TEST 4: Can free ctx in global namespace
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.exit(0)
-            end
-            local ctx = require("resty.openssl.ctx")
-            myassert(ctx.new())
-            myassert(ctx.free())
-        }
-    }
---- request
-    GET /t
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/digest.t

@@ -1,180 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Calculate digest correctly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local digest = myassert(require("resty.openssl.digest").new("sha256"))
-
-            myassert(digest:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.print(ngx.encode_base64(myassert(digest:final())))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s="
---- no_error_log
-[error]
-
-=== TEST 2: Update accepts vardiac args
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local digest = myassert(require("resty.openssl.digest").new("sha256"))
-
-            myassert(digest:update("🦢", "🦢🦢", "🦢🦢", "🦢"))
-            ngx.print(ngx.encode_base64(myassert(digest:final())))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s="
---- no_error_log
-[error]
-
-=== TEST 3: Final accepts optional arg
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local digest = myassert(require("resty.openssl.digest").new("sha256"))
-
-            myassert(digest:update("🦢", "🦢🦢", "🦢🦢"))
-            ngx.print(ngx.encode_base64(myassert(digest:final("🦢"))))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s="
---- no_error_log
-[error]
-
-=== TEST 4: Rejects unknown hash
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local digest, err = require("resty.openssl.digest").new("sha257")
-            ngx.print(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"digest.new: invalid digest type \"sha257\".*"
---- no_error_log
-[error]
-
-=== TEST 5: Can be reused
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local digest = myassert(require("resty.openssl.digest").new("sha256"))
-
-            myassert(digest:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.say(ngx.encode_base64(myassert(digest:final())))
-
-            myassert(digest:reset())
-            myassert(digest:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.say(ngx.encode_base64(myassert(digest:final())))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s=
-2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s=
-"
---- no_error_log
-[error]
-
-=== TEST 6: Returns provider
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("default")
-                ngx.exit(0)
-            end
-
-            local digest = require("resty.openssl.digest")
-            local d = myassert(digest.new("sha256"))
-            ngx.say(myassert(d:get_provider_name()))
-        }
-    }
---- request
-    GET /t
---- response_body
-default
---- no_error_log
-[error]
-
-=== TEST 7: Returns gettable, settable params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("{}\n-ssl3-ms-")
-                ngx.exit(0)
-            end
-
-            local digest = require("resty.openssl.digest")
-            local d = myassert(digest.new("md5-sha1"))
-            ngx.say(require("cjson").encode(myassert(d:gettable_params())))
-            ngx.say(require("cjson").encode(myassert(d:settable_params())))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-{}
-.+ssl3-ms.+
---- no_error_log
-[error]
-
-=== TEST 8: Get params, set params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            -- no good example to test
-            ngx.say("skipped")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"skipped
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/err.t

@@ -1,39 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Don't cry if there's no error
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local format_error = require("resty.openssl.err").format_error
-
-            ngx.print(format_error("fake function"))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"fake function failed"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/helper.lua

@@ -1,169 +0,0 @@
-local pkey = require "resty.openssl.pkey"
-local x509 = require "resty.openssl.x509"
-local name = require "resty.openssl.x509.name"
-local extension = require "resty.openssl.x509.extension"
-local bn = require "resty.openssl.bn"
-local digest = require "resty.openssl.digest"
-local BORINGSSL = require "resty.openssl.version".BORINGSSL
-local OPENSSL_3X = require "resty.openssl.version".OPENSSL_3X
-
-local function create_self_signed(key_opts, names, is_ca, signing_key, issuing_name)
-  local key = pkey.new(key_opts or {
-    type = 'RSA',
-    bits = 1024,
-  })
-
-  local cert = x509.new()
-  cert:set_pubkey(key)
-  cert:set_version(3)
-
-  local now = os.time()
-  cert:set_not_before(now)
-  cert:set_not_after(now + 86400)
-
-  local nm = name.new()
-  for k, v in pairs(names or {}) do
-    assert(nm:add(k, v))
-  end
-
-  assert(cert:set_subject_name(nm))
-  assert(cert:set_issuer_name(issuing_name or nm))
-
-  assert(cert:set_basic_constraints { CA = is_ca })
-  assert(cert:set_basic_constraints_critical(true))
-
-  if not is_ca then
-    assert(cert:add_extension(extension.new("extendedKeyUsage",
-                                                "serverAuth,clientAuth")))
-
-    assert(cert:add_extension(assert(extension.new("subjectKeyIdentifier", "hash", {
-      subject = cert,
-    }))))
-  end
-
-  local dgst
-  if BORINGSSL then
-    dgst = digest.new("SHA256")
-  end
-  assert(cert:sign(signing_key or key, dgst))
-
-  return cert, key
-end
-
-local function to_hex(bin)
-  local hex, err = bn.from_binary(bin):to_hex()
-  if err then
-    error(err)
-  end
-  return hex:upper()
-end
-
-local function myassert(...)
-  local ret = {...}
-  local err = ret[#ret]
-  if #ret > 1 and err then
-    ngx.log(ngx.ERR, tostring(err))
-    ngx.exit(0)
-  end
-  return ...
-end
-
--- https://github.com/openresty/lua-cjson/blob/461c7ef23a49062d4b1bf0e1afb3be294d007861/tests/sort_json.lua
-
--- NOTE: This will only work for simple tests. It doesn't parse strings so if
--- you put any symbols like {?[], inside of a string literal then it will break
--- The point of this function is to test basic structures, and not test JSON
--- strings
-
-local function sort_callback(str)
-  local inside = str:sub(2, -2)
-
-  local parts = {}
-  local buffer = ""
-  local pos = 1
-
-  while true do
-    if pos > #inside then
-      break
-    end
-
-    local append
-
-    local parens = inside:match("^%b{}", pos)
-    if parens then
-      pos = pos + #parens
-      append = sort_callback(parens)
-    else
-      local array = inside:match("^%b[]", pos)
-      if array then
-        pos = pos + #array
-        append = array
-      else
-        local front = inside:sub(pos, pos)
-        pos = pos + 1
-
-        if front == "," then
-          table.insert(parts, buffer)
-          buffer = ""
-        else
-          append = front
-        end
-      end
-    end
-
-    if append then
-      buffer = buffer .. append
-    end
-  end
-
-  if buffer ~= "" then
-    table.insert(parts, buffer)
-  end
-
-  table.sort(parts)
-
-  return "{" .. table.concat(parts, ",") .. "}"
-end
-
-local function sort_json(str)
-  return (str:gsub("%b{}", sort_callback))
-end
-
-local function encode_sorted_json(tbl)
-  return sort_json(require("cjson").encode(tbl))
-end
-
-local function create_cert_chain(depth, key_opts)
-  local last_key, last_cn
-  local certs, keys = {}, {}
-  for i=1, depth do
-    local cn, issuer
-    if last_key then
-      cn = "lua-resty-openssl Test Cert leaf " .. i - 1
-      issuer = name.new()
-      assert(issuer:add("CN", last_cn))
-    else
-      cn = "lua-resty-openssl Test Cert Root CA"
-    end
-    last_cn = cn
-
-    local crt, key = create_self_signed(key_opts,
-                      { CN = cn }, i < depth, last_key, issuer)
-
-    certs[i] = crt
-    keys[i] = key
-   
-    last_key = key
-  end
-
-  return certs, keys
-end
-
-
-return {
-  create_self_signed = create_self_signed,
-  to_hex = to_hex,
-  myassert = myassert,
-  encode_sorted_json = encode_sorted_json,
-  create_cert_chain = create_cert_chain,
-}

src/deps/src/lua-resty-openssl/t/openssl/hmac.t

@@ -1,118 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Calculate hmac correctly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
-
-            myassert(hmac:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.print(ngx.encode_base64(myassert(hmac:final())))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
---- no_error_log
-[error]
-
-=== TEST 2: Update accepts vardiac args
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
-
-            hmac:update("🦢", "🦢🦢", "🦢🦢", "🦢")
-            ngx.print(ngx.encode_base64(hmac:final()))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
---- no_error_log
-[error]
-
-=== TEST 3: Final accepts optional arg
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
-
-            myassert(hmac:update("🦢", "🦢🦢", "🦢🦢"))
-            ngx.print(ngx.encode_base64(myassert(hmac:final("🦢"))))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
---- no_error_log
-[error]
-
-=== TEST 4: Rejects unknown hash
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local hmac, err = require("resty.openssl.hmac").new("goose", "sha257")
-            ngx.print(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"hmac.new:.+(?:invalid|unsupported).*"
---- no_error_log
-[error]
-
-
-=== TEST 5: Can be reused
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
-            myassert(hmac:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.say(ngx.encode_base64(myassert(hmac:final())))
-
-            myassert(hmac:reset())
-
-            myassert(hmac:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.say(ngx.encode_base64(myassert(hmac:final())))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=
-kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/kdf.t

@@ -1,457 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: kdf: invalid args are checked
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local kdf = require("resty.openssl.kdf")
-            local key, err = kdf.derive({
-            })
-            ngx.say(err)
-            local key, err = kdf.derive({
-                type = "no",
-            })
-            ngx.say(err)
-            local key, err = kdf.derive({
-                type = kdf.PBKDF2,
-            })
-            ngx.say(err)
-            local key, err = kdf.derive({
-                type = kdf.PBKDF2,
-                outlen = 16,
-                pass = 123,
-            })
-            ngx.say(err)
-            local key, err = kdf.derive({
-                type = 19823718236128631,
-                outlen = 16,
-                pass = "123",
-            })
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"kdf.derive: \"type\" must be set
-kdf.derive: expect a number as \"type\"
-kdf.derive: \"outlen\" must be set
-kdf.derive: except a string as \"pass\"
-kdf.derive: unknown type 19823718236128632
-"
---- no_error_log
-[error]
-
-
-=== TEST 2: PBKDF2
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.PBKDF2,
-                outlen = 16,
-                pass = "1234567",
-                pbkdf2_iter = 1000,
-                md = "md5",
-            }))
-
-            ngx.print(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"cDRFLQ7NWt\\+AP4i0TdBzog=="
---- no_error_log
-[error]
-
-
-=== TEST 3: PBKDF2, optional args
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.PBKDF2,
-                outlen = 16,
-            }))
-
-            ngx.print(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"HkN6HHnXW\\+YekRQdriCv/A=="
---- no_error_log
-[error]
-
-
-=== TEST 4: HKDF
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
-                ngx.print("aqRd+gO5Ok3YneDEormTcg==")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.HKDF,
-                outlen = 16,
-                md = "md5",
-                salt = "salt",
-                hkdf_key = "secret",
-                hkdf_info = "some info",
-                hkdf_mode = kdf.HKDEF_MODE_EXTRACT_AND_EXPAND,
-            }))
-
-            ngx.print(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"aqRd+gO5Ok3YneDEormTcg=="
---- no_error_log
-[error]
-
-
-=== TEST 5: HKDF, optional arg
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
-                ngx.say("aggdq4eoqRiP0Z3GbpxCjg==")
-                ngx.say("W/tSxFnNsHIYwXa13eybYhW9W3Y=")
-                ngx.exit(0)
-            end
-            local version_num = version.version_num
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.HKDF,
-                outlen = 16,
-                salt = "salt",
-                hkdf_key = "secret",
-                hkdf_info = "info",
-            }))
-
-            ngx.say(ngx.encode_base64(key))
-
-            if not version.OPENSSL_111_or_LATER then
-                ngx.say("W/tSxFnNsHIYwXa13eybYhW9W3Y=")
-                ngx.exit(0)
-            end
-            local key = myassert(kdf.derive({
-                type = kdf.HKDF,
-                outlen = 16,
-                salt = "salt",
-                hkdf_key = "secret",
-                hkdf_mode = kdf.HKDEF_MODE_EXTRACT_ONLY,
-            }))
-
-            ngx.say(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"aggdq4eoqRiP0Z3GbpxCjg==
-W/tSxFnNsHIYwXa13eybYhW9W3Y=
-"
---- no_error_log
-[error]
-
-
-=== TEST 6: TLS1-PRF
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
-                ngx.print("0xr8qthU+ypv2xRC90la8g==")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.TLS1_PRF,
-                outlen = 16,
-                md = "md5",
-                tls1_prf_secret = "secret",
-                tls1_prf_seed = "seed",
-            }))
-
-            ngx.print(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"0xr8qthU\\+ypv2xRC90la8g=="
---- no_error_log
-[error]
-
-
-=== TEST 7: TLS1-PRF, optional arg
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
-                ngx.print("XVVDK9/puTqBOsyTKt8PKQ==")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.TLS1_PRF,
-                outlen = 16,
-                tls1_prf_secret = "secret",
-                tls1_prf_seed = "seed",
-            }))
-
-            ngx.print(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"XVVDK9/puTqBOsyTKt8PKQ=="
---- no_error_log
-[error]
-
-
-=== TEST 8: scrypt
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
-                ngx.print("9giFtxace5sESmRb8qxuOw==")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local key = myassert(kdf.derive({
-                type = kdf.SCRYPT,
-                outlen = 16,
-                pass = "1234567",
-                scrypt_N = 1024,
-                scrypt_r = 8,
-                scrypt_p = 16,
-            }))
-
-            ngx.print(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"9giFtxace5sESmRb8qxuOw=="
---- no_error_log
-[error]
-
-=== TEST 9: EVP_KDF API: new
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say('mac.new: invalid mac type "UNKNOWNKDF": blah')
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            myassert(kdf.new("PBKDF2"))
-            local ok, err = kdf.new("UNKNOWNKDF")
-
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-".+invalid mac type \"UNKNOWNKDF\".+
-"
---- no_error_log
-[error]
-
-=== TEST 10: EVP_KDF API: Returns provider
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("default")
-                ngx.exit(0)
-            end
-
-            local cipher = require("resty.openssl.kdf")
-            local c = myassert(cipher.new("hkdf"))
-            ngx.say(myassert(c:get_provider_name()))
-        }
-    }
---- request
-    GET /t
---- response_body
-default
---- no_error_log
-[error]
-
-
-=== TEST 11: EVP_KDF API: derive
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("cDRFLQ7NWt+AP4i0TdBzog==")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local k = myassert(kdf.new("PBKDF2"))
-            local key = myassert(k:derive(16, {
-                pass = "1234567",
-                iter = 1000,
-                digest = "md5",
-                salt = "",
-            }))
-            ngx.say(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body
-cDRFLQ7NWt+AP4i0TdBzog==
---- no_error_log
-[error]
-
-=== TEST 12: EVP_KDF API: Returns gettable, settable params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("-size-\n-digest-")
-                ngx.exit(0)
-            end
-
-            local kdf = require("resty.openssl.kdf")
-            local k = myassert(kdf.new("PBKDF2"))
-            ngx.say(require("cjson").encode(myassert(k:gettable_params())))
-            ngx.say(require("cjson").encode(myassert(k:settable_params())))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.+size.+
-.+digest.+
---- no_error_log
-[error]
-
-=== TEST 13: EVP_KDF API: Get params, set params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("cDRFLQ7NWt+AP4i0TdBzog==\n18446744073709551615")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local k = myassert(kdf.new("PBKDF2"))
-            myassert(k:set_params({
-                iter = 1000,
-                digest = "md5",
-                salt = "",
-
-            }))
-            local key = myassert(k:derive(16, {
-                pass = "1234567",
-            }))
-            ngx.say(ngx.encode_base64(key))
-            -- output SIZE_MAX since it's not fixed size, need to find a better test case
-            ngx.say(tostring(k:get_param("size", nil, "bn")))
-        }
-    }
---- request
-    GET /t
---- response_body
-cDRFLQ7NWt+AP4i0TdBzog==
-18446744073709551615
---- no_error_log
-[error]
-
-=== TEST 14: EVP_KDF API: reset
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("-missing salt\ncDRFLQ7NWt+AP4i0TdBzog==")
-                ngx.exit(0)
-            end
-            local kdf = require("resty.openssl.kdf")
-            local k = myassert(kdf.new("PBKDF2"))
-            myassert(k:set_params({
-                iter = 1000,
-                digest = "md5",
-                salt = "",
-            }))
-            myassert(k:reset())
-            local ok, err = k:derive(16, {
-                pass = "1234567",
-            })
-            ngx.say(err)
-
-            myassert(k:set_params({
-                iter = 100,
-                digest = "md5",
-                salt = "",
-            }))
-            local key = myassert(k:derive(16, {
-                iter = 1000,
-                pass = "1234567",
-            }))
-             ngx.say(ngx.encode_base64(key))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.+missing salt
-cDRFLQ7NWt\+AP4i0TdBzog==
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/mac.t

@@ -1,188 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Calculate mac correctly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=")
-                ngx.exit(0)
-            end
-
-            local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
-
-            myassert(mac:update("🦢🦢🦢🦢🦢🦢"))
-            ngx.print(ngx.encode_base64(myassert(mac:final())))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
---- no_error_log
-[error]
-
-=== TEST 2: Update accepts vardiac args
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=")
-                ngx.exit(0)
-            end
-
-            local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
-
-            mac:update("🦢", "🦢🦢", "🦢🦢", "🦢")
-            ngx.print(ngx.encode_base64(mac:final()))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
---- no_error_log
-[error]
-
-=== TEST 3: Final accepts optional arg
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=")
-                ngx.exit(0)
-            end
-
-            local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
-
-            myassert(mac:update("🦢", "🦢🦢", "🦢🦢"))
-            ngx.print(ngx.encode_base64(myassert(mac:final("🦢"))))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
---- no_error_log
-[error]
-
-=== TEST 4: Rejects unknown hash
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("mac.new: invalid cipher or digest type")
-                ngx.exit(0)
-            end
-            local mac, err = require("resty.openssl.mac").new("goose", "HMAC", nil, "sha257")
-            ngx.print(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"mac.new: invalid cipher or digest type.*"
---- no_error_log
-[error]
-
-=== TEST 5: Returns provider
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("default")
-                ngx.exit(0)
-            end
-
-            local mac = require("resty.openssl.mac")
-            local m = myassert(mac.new("goose", "HMAC", nil, "sha256"))
-            ngx.say(myassert(m:get_provider_name()))
-        }
-    }
---- request
-    GET /t
---- response_body
-default
---- no_error_log
-[error]
-
-=== TEST 6: Returns gettable, settable params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("-size-\n-digest-")
-                ngx.exit(0)
-            end
-
-            local mac = require("resty.openssl.mac")
-            local m = myassert(mac.new("goose", "HMAC", nil, "sha256"))
-            ngx.say(require("cjson").encode(myassert(m:gettable_params())))
-            ngx.say(require("cjson").encode(myassert(m:settable_params())))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.+size.+
-.+digest.+
---- no_error_log
-[error]
-
-=== TEST 7: Get params, set params
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("true\n32")
-                ngx.exit(0)
-            end
-
-            local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
-            local s1 = myassert(mac:final("🦢"))
-
-            local mac = myassert(require("resty.openssl.mac").new("notthiskey", "HMAC", nil, "sha256"))
-            myassert(mac:set_params({key = "goose"}))
-            local s2 = myassert(mac:final("🦢"))
-
-            ngx.say(s1 == s2)
-            ngx.say(myassert(mac:get_param("size")))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"true
-32
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/objects.t

@@ -1,81 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Convert nid to table
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local o = require("resty.openssl.objects")
-            ngx.print(encode_sorted_json(o.nid2table(87)))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'{"id":"2.5.29.19","ln":"X509v3 Basic Constraints","nid":87,"sn":"basicConstraints"}'
---- no_error_log
-[error]
-
-
-=== TEST 2: Convert txt to nid
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local o = require("resty.openssl.objects")
-            local t = {
-                ln = "X509v3 Basic Constraints",
-                sn = "basicConstraints",
-                id = "2.5.29.19"
-            }
-            local r = {}
-            for k, v in pairs(t) do
-                r[k] = o.txt2nid(v)
-            end
-            ngx.print(encode_sorted_json(r))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'{"id":87,"ln":87,"sn":87}'
---- no_error_log
-[error]
-
-=== TEST 3: Convert sigid to nid
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local o = require("resty.openssl.objects")
-            ngx.print(o.find_sigid_algs(795)) -- ecdsa-with-SHA384
-        }
-    }
---- request
-    GET /t
---- response_body eval
-673
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/param.t

@@ -1,38 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Construct
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            ngx.say("TODO")
-        }
-    }
---- request
-    GET /t
---- response_body
-TODO
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/pkcs12.t

@@ -1,262 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Loads password protected pkcs12
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_3X then
-                local pro = require "resty.openssl.provider"
-                myassert(pro.load("legacy"))
-            end
-
-            local pkcs12 = require "resty.openssl.pkcs12"
-
-            local pp = io.open("t/fixtures/badssl.com-client.p12"):read("*a")
-
-            local r = myassert(pkcs12.decode(pp, "badssl.com"))
-
-            ngx.say(r.key:get_parameters().d:to_hex():upper())
-            ngx.say(r.cert:get_serial_number():to_hex():upper())
-        }
-    }
---- request
-    GET /t
---- response_body
-55107FB7D6FD8A099E4E5CF24291CF20CBD4BB7B93A66EF8D89996A5C49EEB51405E6843CC89CD74B9C87DB9DBDE9E38923E02A32E4F6F32A59B4D6C6CDC40E0192204F135C9E9F527FD9E53F2C9E90B8D8D18E8F5DAC57D1EF95163D0DF1BBDB89850636AE870B20B5E6BF2EBD1651BE79B4E187C48F6D332D35A4C531BE3B027A64D85AD6F7EAF33ECC1B9253B196CFD20EDEFCBAC46F7C08EC966EF721D0533AB6DC785F86998B37FD25F3D60BB4E692F1636AE10BCA62065AA70FF41B5C16A165B8636FD4A40C59F6B72A4C1592A424820A0C968E23613DB48959F7BFF49D9B71A9C84CB72F08B94F586007CB5C29A3D8811F9EF2ED2FBB612DF28BB9601
-2B936CE32D82CE8B01FD9A0595AC6366AA014C82
---- no_error_log
-[error]
-
-=== TEST 2: Errors on bad password
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_3X then
-                local pro = require "resty.openssl.provider"
-                myassert(pro.load("legacy"))
-            end
-
-            local pkcs12 = require "resty.openssl.pkcs12"
-
-            local pp = io.open("t/fixtures/badssl.com-client.p12"):read("*a")
-
-            local r, err = pkcs12.decode(pp, "wrong password")
-            ngx.say(r == nil)
-            ngx.say(err)
-
-            local r, err = pkcs12.decode(pp)
-            ngx.say(r == nil)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'true
-pkcs12.decode.+(mac verify failure|INCORRECT_PASSWORD)
-true
-pkcs12.decode.+(mac verify failure|INCORRECT_PASSWORD)
-'
---- no_error_log
-[error]
-
-=== TEST 3: Creates pkcs12
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_3X then
-                local pro = require "resty.openssl.provider"
-                myassert(pro.load("legacy"))
-            end
-
-            local pkcs12 = require "resty.openssl.pkcs12"
-            local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
-            local x509 = require("resty.openssl.x509")
-            local ca1 = myassert(x509.new(io.open("t/fixtures/GlobalSign.pem"):read("*a")))
-            local ca2 = myassert(x509.new(io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")))
-            
-            -- full house
-            local r = myassert(pkcs12.encode({
-                friendly_name = "myname",
-                key = key,
-                cert = cert,
-                cacerts = { ca1, ca2 }
-            }, "test-pkcs12"))
-            ngx.say(#r)
-            -- no name
-            local r = myassert(pkcs12.encode({
-                key = key,
-                cert = cert,
-                cacerts = { ca1, ca2 }
-            }, "test-pkcs12"))
-            ngx.say(#r)
-            -- no CA
-            local r = myassert(pkcs12.encode({
-                key = key,
-                cert = cert,
-            }, "test-pkcs12"))
-            ngx.say(#r)
-            -- empty password
-            local r = myassert(pkcs12.encode({
-                key = key,
-                cert = cert,
-            }))
-            ngx.say(#r)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'\d{3,4}
-\d{3,4}
-\d{3,4}
-\d{3,4}
-'
---- no_error_log
-[error]
-
-=== TEST 4: Uses empty string password when omitted
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_3X then
-                local pro = require "resty.openssl.provider"
-                myassert(pro.load("legacy"))
-            end
-    
-            local pkcs12 = require "resty.openssl.pkcs12"
-            local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
-            local x509 = require("resty.openssl.x509")
-            local ca1 = myassert(x509.new(io.open("t/fixtures/GlobalSign.pem"):read("*a")))
-            local ca2 = myassert(x509.new(io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")))
-            
-            local p12 = myassert(pkcs12.encode({
-                friendly_name = "myname",
-                key = key,
-                cert = cert,
-                cacerts = { ca1, ca2 },
-            }))
-
-            local r = myassert(pkcs12.decode(p12, nil))
-            ngx.say(#r.key:get_parameters().x:to_hex():upper())
-            ngx.say(r.cert:get_serial_number():to_hex():upper())
-            ngx.say(#r.cacerts)
-            ngx.say(r.friendly_name)
-            -- same as empty string
-            local r = myassert(pkcs12.decode(p12, ""))
-
-            -- password mismatch
-            local r, err = pkcs12.decode(p12, "extrapassword")
-            ngx.say(r == nil)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'6\d
-0
-2
-myname
-true
-pkcs12.decode.+(mac verify failure|INCORRECT_PASSWORD)
-'
---- no_error_log
-[error]
-
-=== TEST 5: Check cert and key mismatch
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_3X then
-                local pro = require "resty.openssl.provider"
-                myassert(pro.load("legacy"))
-            end
-
-            local pkcs12 = require "resty.openssl.pkcs12"
-            local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
-            local key2 = require("resty.openssl.pkey").new({ type = 'EC', curve = "prime256v1" })
-            
-            local r, err = pkcs12.encode({
-                friendly_name = "myname",
-                key = key2,
-                cert = cert,
-                cacerts = { ca1, ca2 }
-            }, "test-pkcs12")
-            ngx.say(r == nil, err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'true.+(key values mismatch|KEY_VALUES_MISMATCH)
-'
---- no_error_log
-[error]
-
-=== TEST 6: Creates pkcs12 with newer algorithm
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").BORINGSSL then
-                ngx.say("2333")
-                ngx.exit(0)
-            end
-
-            -- don't load the legacy provider for this test
-            -- by default nid_key is RC2 and is moved to legacy provider in 3.0
-
-            local pkcs12 = require "resty.openssl.pkcs12"
-            local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
-            local x509 = require("resty.openssl.x509")
-            local ca1 = myassert(x509.new(io.open("t/fixtures/GlobalSign.pem"):read("*a")))
-            local ca2 = myassert(x509.new(io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")))
-            
-            local r = myassert(pkcs12.encode({
-                friendly_name = "myname",
-                key = key,
-                cert = cert,
-                cacerts = { ca1, ca2 },
-                nid_key = "aes-128-cbc",
-                nid_cert = "aes-128-cbc",
-                mac_iter = 2000,
-            }, "test-pkcs12"))
-            ngx.say(#r)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'\d{3,4}
-'
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/provider.t

@@ -1,141 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Loads default and legacy provider
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("true\nnil\ntrue\nfalse\nnil\ntrue")
-                ngx.exit(0)
-            end
-
-            local pro = require "resty.openssl.provider"
-            for _, n in ipairs({"default", "legacy"}) do
-                local avail, err = pro.is_available(n)
-                ngx.say(avail)
-                local p, err = pro.load(n)
-                ngx.say(err)
-                -- after load it's available
-                local avail, err = pro.is_available(n)
-                ngx.say(avail)
-
-                myassert(p:unload())
-            end
-        }
-    }
---- request
-    GET /t
---- response_body
-true
-nil
-true
-false
-nil
-true
---- no_error_log
-[error]
-
-=== TEST 2: Self test default and legacy provider
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("nil\ntrue\nnil\ntrue")
-                ngx.exit(0)
-            end
-
-            local pro = require "resty.openssl.provider"
-            for _, n in ipairs({"default", "legacy"}) do
-                local p, err = pro.load(n)
-                ngx.say(err)
-                -- after load it's available
-                local ok, err = p:self_test(n)
-                ngx.say(ok)
-
-                myassert(p:unload())
-            end
-        }
-    }
---- request
-    GET /t
---- response_body
-nil
-true
-nil
-true
---- no_error_log
-[error]
-
-=== TEST 3: Set default search path
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say("true\ncommon libcrypto routines::init fail")
-                ngx.exit(0)
-            end
-
-            local pro = require "resty.openssl.provider"
-            pro.set_default_search_path("/tmp")
-            local ok, err = pro.load("legacy")
-            ngx.say(ok == nil)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like
-true
-.+(?:init fail|common libcrypto routines::reason\(524325\))
---- no_error_log
-[error]
-
-=== TEST 4: Get parameters
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if not require("resty.openssl.version").OPENSSL_3X then
-                ngx.say('{"buildinfo":"3.0.0-alpha7","name":"OpenSSL Default Provider","status":1,"version":"3.0.0"}')
-                ngx.exit(0)
-            end
-
-            local pro = require "resty.openssl.provider"
-            local p = myassert(pro.load("default"))
-            local a = assert(p:get_params("name", "version", "buildinfo", "status"))
-            ngx.say(encode_sorted_json(a))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-{"buildinfo":"3.+","name":"OpenSSL Default Provider","status":1,"version":"3.+"}
---- no_error_log
-[error]
-

src/deps/src/lua-resty-openssl/t/openssl/rand.t

@@ -1,80 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Geneartes random bytes
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local rand = require("resty.openssl.rand")
-            local b, err = rand.bytes(233)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(#b)
-            local b2, err = rand.bytes(233)
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(#b2)
-            ngx.say(b == b2)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"233
-233
-false
-"
---- no_error_log
-[error]
-
-
-=== TEST 2: Rejects invalid arguments
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local rand = require("resty.openssl.rand")
-            local b, err = rand.bytes()
-            ngx.say(err)
-            local b, err = rand.bytes(true)
-            ngx.say(err)
-            local b, err = rand.bytes({})
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"rand.bytes: expect a number at #1
-rand.bytes: expect a number at #1
-rand.bytes: expect a number at #1
-"
---- no_error_log
-[error]
-
-

src/deps/src/lua-resty-openssl/t/openssl/ssl/ssl_client.t

@@ -1,281 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-repeat_each(2);
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-add_block_preprocessor(sub {
-    my ($block) = @_;
-
-    my $name = $block->name;
-
-    my $http_config = $block->http_config;
-
-    if (defined $http_config ) {
-
-        my $new_http_config = <<_EOC_;
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-
-    ssl_certificate $pwd/t/fixtures/test.crt;
-    ssl_certificate_key $pwd/t/fixtures/test.key;
-
-    lua_ssl_trusted_certificate $pwd/t/fixtures/test.crt;
-
-$http_config
-
-_EOC_
-
-        $block->set_value("http_config", $new_http_config);
-    }
-
-});
-
-
-our $ClientContentBy = qq{
-
-};
-
-no_long_string();
-
-env_to_nginx("CI_SKIP_NGINX_C");
-
-run_tests();
-
-__DATA__
-=== TEST 1: SSL (client) get peer certificate
---- http_config
-    server {
-        listen unix:/tmp/nginx-c1.sock ssl;
-        server_name   test.com;
-    }
---- config
-    location /t {
-        content_by_lua_block {
-            local sock = ngx.socket.tcp()
-            myassert(sock:connect("unix:/tmp/nginx-c1.sock"))
-            myassert(sock:sslhandshake(nil, "test.com"))
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_socket(sock))
-
-            local crt = myassert(sess:get_peer_certificate())
-            ngx.say(myassert(crt:get_subject_name():tostring()))
-        }
-    }
---- request
-    GET /t
---- response_body
-CN=test.com
-
---- no_error_log
-[error]
-[emerg]
-
-
-=== TEST 2: SSL (client) get peer cert chain
---- http_config
-    server {
-        listen unix:/tmp/nginx-c2.sock ssl;
-        server_name   test.com;
-    }
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-            local sock = ngx.socket.tcp()
-            myassert(sock:connect("unix:/tmp/nginx-c2.sock"))
-            myassert(sock:sslhandshake(nil, "test.com"))
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_socket(sock))
-
-            local chain = myassert(sess:get_peer_cert_chain())
-            ngx.say(#chain)
-            local crt = chain[1]
-            ngx.say(myassert(crt:get_subject_name():tostring()))
-        }
-    }
---- request
-    GET /t
---- response_body
-1
-CN=test.com
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 3: SSL (client) set cipher suites [skipped]
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-        }
-    }
---- request
-    GET /t
---- skip_nginx
-2: < 9.9.9
---- response_body
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 4: SSL (client) get ciphers
---- http_config
-    server {
-        listen unix:/tmp/nginx-c4.sock ssl;
-        server_name   test.com;
-        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
-    }
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-            local sock = ngx.socket.tcp()
-            myassert(sock:connect("unix:/tmp/nginx-c4.sock"))
-            myassert(sock:sslhandshake(nil, "test.com"))
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_socket(sock))
-
-            ngx.say(myassert(sess:get_ciphers()))
-
-            local cipher = myassert(sess:get_cipher_name())
-            ngx.say(cipher)
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.*ECDHE-RSA-AES256-GCM-SHA384.*
-ECDHE-RSA-AES256-GCM-SHA384
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 5: SSL (client) get/set timeout
---- http_config
-    server {
-        listen unix:/tmp/nginx-c5.sock ssl;
-        server_name   test.com;
-        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
-    }
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-            local sock = ngx.socket.tcp()
-            myassert(sock:connect("unix:/tmp/nginx-c5.sock"))
-            myassert(sock:sslhandshake(nil, "test.com"))
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_socket(sock))
-
-            ngx.say(myassert(sess:get_timeout()))
-            myassert(sess:set_timeout(15))
-            ngx.say(myassert(sess:get_timeout()))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\d+
-15
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 6: SSL (client) set_verify and add_client_ca [skipped]
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-        }
-    }
---- request
-    GET /t
---- skip_nginx
-2: < 9.9.9
---- response_body
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 7: SSL (client) set/get/clear options
---- http_config
-    server {
-        listen unix:/tmp/nginx-c7.sock ssl;
-        server_name   test.com;
-        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
-    }
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-            local sock = ngx.socket.tcp()
-            myassert(sock:connect("unix:/tmp/nginx-c7.sock"))
-            myassert(sock:sslhandshake(nil, "test.com"))
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_socket(sock))
-
-            local orig_options = myassert(sess:get_options())
-            ngx.say(orig_options)
-            ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
-
-            myassert(sess:set_options(ssl.SSL_OP_PRIORITIZE_CHACHA))
-            myassert(sess:set_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
-            ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
-
-            myassert(sess:clear_options(ssl.SSL_OP_PRIORITIZE_CHACHA))
-            myassert(sess:clear_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
-            local new_options = myassert(sess:get_options())
-            if new_options ~= orig_options then
-                ngx.say("options not correct after clear: " ..
-                        require("cjson").encode(myassert(sess:get_options(true))))
-            else
-                ngx.say("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body_like
-\d+
-\[".+"\]
-.+SSL_OP_ALLOW_NO_DHE_KEX.+SSL_OP_NO_QUERY_MTU.+SSL_OP_PRIORITIZE_CHACHA.+
-ok
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 8: SSL (client) set_protocols [skipped]
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-        }
-    }
---- request
-    GET /t
---- skip_nginx
-2: < 9.9.9
---- response_body
---- no_error_log
-[error]
-[emerg]
-

src/deps/src/lua-resty-openssl/t/openssl/ssl/ssl_ctx_server.t

@@ -1,97 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-repeat_each(2);
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-add_block_preprocessor(sub {
-    my ($block) = @_;
-
-    my $name = $block->name;
-
-    my $http_config = $block->http_config;
-
-    if (defined $http_config ) {
-
-        my $new_http_config = <<_EOC_;
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-
-    ssl_certificate $pwd/t/fixtures/test.crt;
-    ssl_certificate_key $pwd/t/fixtures/test.key;
-
-    lua_ssl_trusted_certificate $pwd/t/fixtures/test.crt;
-
-$http_config
-
-_EOC_
-
-        $block->set_value("http_config", $new_http_config);
-    }
-
-});
-
-
-our $ClientContentBy = qq{
-
-};
-
-no_long_string();
-
-env_to_nginx("CI_SKIP_NGINX_C");
-
-run_tests();
-
-__DATA__
-=== TEST 1: SSL (server) get peer certificate
---- http_config
-    server {
-        listen unix:/tmp/nginx-sctx1.sock ssl;
-        server_name   test.com;
-
-        ssl_certificate_by_lua_block {
-            local ssl_ctx = require "resty.openssl.ssl_ctx"
-            local sc = assert(ssl_ctx.from_request())
-            assert(sc:set_alpns({"h4"}))
-        }
-    }
---- config
-    location /t {
-        content_by_lua_block {
-            local ngx_pipe = require "ngx.pipe"
-            local opts = {
-                merge_stderr = true,
-                buffer_size = 256000,
-            }
-            local proc = ngx_pipe.spawn({'bash', '-c', "echo q | openssl s_client -unix /tmp/nginx-sctx1.sock -alpn h4 && sleep 0.1"}, opts)
-            local data, err, partial = proc:stdout_read_all()
-            if ngx.re.match(data, "ALPN protocol: h4") then
-                ngx.say("ok")
-            else
-                ngx.say(data)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body
-ok
-
---- no_error_log
-[error]
-[emerg]
-

src/deps/src/lua-resty-openssl/t/openssl/ssl/ssl_server.t

@@ -1,375 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-repeat_each(2);
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-add_block_preprocessor(sub {
-    my ($block) = @_;
-
-    my $name = $block->name;
-
-    my $http_config = $block->http_config;
-
-    if (defined $http_config ) {
-
-        my $new_http_config = <<_EOC_;
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-
-    ssl_certificate $pwd/t/fixtures/test.crt;
-    ssl_certificate_key $pwd/t/fixtures/test.key;
-
-    lua_ssl_trusted_certificate $pwd/t/fixtures/test.crt;
-
-$http_config
-
-_EOC_
-
-        $block->set_value("http_config", $new_http_config);
-    }
-
-});
-
-
-our $ClientContentBy = qq{
-
-};
-
-no_long_string();
-
-env_to_nginx("CI_SKIP_NGINX_C");
-
-run_tests();
-
-__DATA__
-=== TEST 1: SSL (server) get peer certificate
---- http_config
-    server {
-        listen unix:/tmp/nginx-s1.sock ssl;
-        server_name   test.com;
-
-        ssl_certificate_by_lua_block {
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_request())
-            myassert(sess:set_verify(ssl.SSL_VERIFY_PEER, nil))
-        }
-
-        location /t {
-            content_by_lua_block {
-                local ssl = require "resty.openssl.ssl"
-                local sess = myassert(ssl.from_request())
-
-                local crt = myassert(sess:get_peer_certificate())
-                ngx.say(myassert(crt:get_subject_name():tostring()))
-            }
-        }
-    }
---- config
-    location /t {
-        proxy_pass https://unix:/tmp/nginx-s1.sock:;
-        proxy_ssl_server_name on;
-        proxy_ssl_name test.com;
-        # valgrind be happy
-        proxy_ssl_session_reuse off;
-
-        proxy_ssl_certificate ../../../t/fixtures/test.crt;
-        proxy_ssl_certificate_key ../../../t/fixtures/test.key;
-    }
---- request
-    GET /t
---- response_body
-CN=test.com
-
---- no_error_log
-[error]
-[emerg]
-
-
-=== TEST 2: SSL (server) get peer cert chain
---- http_config
-    server {
-        listen unix:/tmp/nginx-s2.sock ssl;
-        server_name   test.com;
-
-        ssl_certificate_by_lua_block {
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_request())
-            myassert(sess:set_verify(ssl.SSL_VERIFY_PEER, nil))
-        }
-
-        location /t {
-            content_by_lua_block {
-                local ssl = require "resty.openssl.ssl"
-                local sess = myassert(ssl.from_request())
-
-                local ciphers = myassert(sess:get_ciphers())
-
-                local chain = myassert(sess:get_peer_cert_chain())
-                ngx.say(#chain)
-            }
-        }
-    }
---- config
-    location /t {
-        proxy_pass https://unix:/tmp/nginx-s2.sock:;
-        proxy_ssl_server_name on;
-        proxy_ssl_name test.com;
-        # valgrind be happy
-        proxy_ssl_session_reuse off;
-
-        proxy_ssl_certificate ../../../t/fixtures/test.crt;
-        proxy_ssl_certificate_key ../../../t/fixtures/test.key;
-    }
---- request
-    GET /t
---- response_body
-0
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 3: SSL (server) set cipher suites (TLSv1.3 set_ciphersuites not tested)
---- http_config
-    server {
-        listen unix:/tmp/nginx-s3.sock ssl;
-        server_name   test.com;
-        ssl_ciphers ECDHE-RSA-AES128-SHA;
-
-        ssl_certificate_by_lua_block {
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_request())
-
-            myassert(sess:set_cipher_list("ECDHE-RSA-AES256-SHA"))
-        }
-
-        location /t {
-            content_by_lua_block {
-                ngx.say("ok")
-            }
-        }
-    }
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-            local sock = ngx.socket.tcp()
-            myassert(sock:connect("unix:/tmp/nginx-s3.sock"))
-            myassert(sock:sslhandshake(nil, "test.com"))
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_socket(sock))
-
-            ngx.say(myassert(sess:get_ciphers()))
-
-            local cipher = myassert(sess:get_cipher_name())
-            ngx.say(cipher)
-        }
-    }
---- request
-    GET /t
---- response_body_like
-.*ECDHE-RSA-AES256-SHA.*
-ECDHE-RSA-AES256-SHA$
-
---- no_error_log
-[error]
-[emerg]
-
-
-=== TEST 4: SSL (server) get ciphers
---- http_config
-    server {
-        listen unix:/tmp/nginx-s4.sock ssl;
-        server_name   test.com;
-        ssl_ciphers ECDHE-RSA-AES128-SHA;
-
-        location /t {
-            content_by_lua_block {
-                local ssl = require "resty.openssl.ssl"
-                local sess = myassert(ssl.from_request())
-
-                local ciphers = myassert(sess:get_ciphers())
-                ngx.say(ciphers)
-
-                local cipher = myassert(sess:get_cipher_name())
-                ngx.say(cipher)
-            }
-        }
-    }
---- config
-    location /t {
-        proxy_pass https://unix:/tmp/nginx-s4.sock:;
-        proxy_ssl_server_name on;
-        proxy_ssl_name test.com;
-        # valgrind be happy
-        proxy_ssl_session_reuse off;
-    }
---- request
-    GET /t
---- response_body_like
-.*ECDHE-RSA-AES128-SHA.*
-ECDHE-RSA-AES128-SHA$
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 5: SSL (server) get/set timeout
---- http_config
-    server {
-        listen unix:/tmp/nginx-s5.sock ssl;
-        server_name   test.com;
-
-        location /t {
-            content_by_lua_block {
-                local ssl = require "resty.openssl.ssl"
-                local sess = myassert(ssl.from_request())
-
-                ngx.say(myassert(sess:get_timeout()))
-                myassert(sess:set_timeout(15))
-                ngx.say(myassert(sess:get_timeout()))
-            }
-        }
-    }
---- config
-    location /t {
-        proxy_pass https://unix:/tmp/nginx-s5.sock:;
-        proxy_ssl_server_name on;
-        proxy_ssl_name test.com;
-        # valgrind be happy
-        proxy_ssl_session_reuse off;
-    }
---- request
-    GET /t
---- response_body_like
-\d+
-15
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 6: SSL (server) set_verify and add_client_ca [tested in get_peer_cert]
---- config
-    location /t {
-        default_type 'text/plain';
-        content_by_lua_block {
-        }
-    }
---- request
-    GET /t
---- skip_nginx
-2: < 9.9.9
---- response_body
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 7: SSL (server) get/set/clear options
---- http_config
-    server {
-        listen unix:/tmp/nginx-s7.sock ssl;
-        server_name   test.com;
-
-        location /t {
-            content_by_lua_block {
-                local ssl = require "resty.openssl.ssl"
-                local sess = myassert(ssl.from_request())
-
-                local orig_options = myassert(sess:get_options())
-                ngx.say(orig_options)
-                ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
-
-                myassert(sess:set_options(ssl.SSL_OP_CIPHER_SERVER_PREFERENCE))
-                myassert(sess:set_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
-                ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
-
-                myassert(sess:clear_options(ssl.SSL_OP_CIPHER_SERVER_PREFERENCE))
-                myassert(sess:clear_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
-                local new_options = myassert(sess:get_options())
-                if new_options ~= orig_options then
-                    ngx.say("options not correct after clear: " ..
-                            require("cjson").encode(myassert(sess:get_options(true))))
-                else
-                    ngx.say("ok")
-                end
-            }
-        }
-    }
---- config
-    location /t {
-        proxy_pass https://unix:/tmp/nginx-s7.sock:;
-        proxy_ssl_server_name on;
-        proxy_ssl_name test.com;
-        # valgrind be happy
-        proxy_ssl_session_reuse off;
-    }
---- request
-    GET /t
---- response_body_like
-\d+
-\[".+"\]
-.+SSL_OP_ALLOW_NO_DHE_KEX.+SSL_OP_CIPHER_SERVER_PREFERENCE.+SSL_OP_NO_QUERY_MTU.+
-ok
-
---- no_error_log
-[error]
-[emerg]
-
-=== TEST 8: SSL (server) set_protocols [skipped; need clienthello_by]
---- http_config
-    server {
-        listen unix:/tmp/nginx-s8.sock ssl;
-        server_name   test.com;
-        ssl_protocols TLSv1.3;
-
-        ssl_certificate_by_lua_block {
-            local ssl = require "resty.openssl.ssl"
-            local sess = myassert(ssl.from_request())
-
-            myassert(sess:set_protocols("TLSv1.2"))
-        }
-
-        location /t {
-            content_by_lua_block {
-                local ssl = require "resty.openssl.ssl"
-                local sess = myassert(ssl.from_request())
-
-                ngx.say("ok")
-            }
-        }
-    }
---- config
-    location /t {
-        proxy_pass https://unix:/tmp/nginx-s8.sock:;
-        proxy_ssl_server_name on;
-        proxy_ssl_name test.com;
-        proxy_ssl_protocols TLSv1.2;
-        # valgrind be happy
-        proxy_ssl_session_reuse off;
-    }
---- request
-    GET /t
---- response_body_like
-ok
-
---- no_error_log
-[error]
-[emerg]
---- skip_nginx
-2: < 9.9.9

src/deps/src/lua-resty-openssl/t/openssl/version.t

@@ -1,56 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-    }
-};
-
-run_tests();
-
-__DATA__
-=== TEST 1: Prints version text properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            ngx.say(version.version_text)
-        }
-    }
---- request
-    GET /t
---- response_body_like
-(OpenSSL \d.\d.\d.+|BoringSSL)
---- no_error_log
-[error]
-
-=== TEST 2: Prints version text using version()
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local version = require("resty.openssl.version")
-            ngx.say(version.version(version.VERSION))
-            ngx.say(version.version(version.CFLAGS))
-        }
-    }
---- request
-    GET /t
---- response_body_like
-(OpenSSL \d.\d.\d.+|BoringSSL)
-compiler:.+
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509.t

@@ -1,988 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-};
-
-no_long_string();
-
-run_tests();
-
-__DATA__
-=== TEST 1: Loads a cert
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            ngx.say("ok")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok
-"
---- no_error_log
-[error]
-
-=== TEST 2: Converts and loads PEM format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local pem = myassert(c:tostring("PEM"))
-
-            for _, typ in ipairs({"PEM", "*", false}) do
-              local c2 = myassert(require("resty.openssl.x509").new(pem, typ))
-            end
-            local c2, err = require("resty.openssl.x509").new(pem, "DER")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"x509.new.+(nested asn1 error|NESTED_ASN1_ERROR).+"
---- no_error_log
-[error]
-
-=== TEST 3: Converts and loads DER format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local pem = myassert(c:tostring("DER"))
-
-            for _, typ in ipairs({"DER", "*", false}) do
-              local c2 = myassert(require("resty.openssl.x509").new(pem, typ))
-            end
-            local c2, err = require("resty.openssl.x509").new(pem, "PEM")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"x509.new.+(no start line|NO_START_LINE).+"
---- no_error_log
-[error]
-
-=== TEST 4: Rejectes invalid cert
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local x509 = require("resty.openssl.x509")
-            local p, err = x509.new(true)
-            ngx.say(err)
-            p, err = x509.new("222")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"expect nil or a string at #1
-x509.new: .*(not enough data|NOT_ENOUGH_DATA)
-"
---- no_error_log
-[error]
-
-=== TEST 5: Calculates cert digest
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local dd = myassert(c:digest())
-
-            local h = string.upper(myassert(require("helper").to_hex(dd)))
-            ngx.say(h)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"B1BC968BD4F49D622AA89A81F2150152A41D829C
-"
---- no_error_log
-[error]
-
-=== TEST 6: Calculates pubkey digest
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local dd = myassert(c:pubkey_digest())
-
-            local h, err = string.upper(require("helper").to_hex(dd))
-            ngx.say(h)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"607B661A450D97CA89502F7D04CD34A8FFFCFD4B
-"
---- no_error_log
-[error]
-
-=== TEST 7: Gets extension
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c, err = require("resty.openssl.x509").new(f)
-            local ext, pos = c:get_extension("X509v3 Extended Key Usage")
-
-            ngx.say(pos)
-            ngx.say(tostring(ext))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"5
-TLS Web Server Authentication, TLS Web Client Authentication
-"
---- no_error_log
-[error]
-
-=== TEST 8: Adds extension
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local c, err = require("resty.openssl.x509").new()
-            local ext = myassert(require("resty.openssl.x509.extension").new(
-                "extendedKeyUsage", "TLS Web Server Authentication"
-            ))
-
-            local ok = myassert(c:add_extension(ext))
-
-            local ext, _ = c:get_extension("X509v3 Extended Key Usage")
-
-            ngx.say(tostring(ext))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"TLS Web Server Authentication
-"
---- no_error_log
-[error]
-
-=== TEST 9: Set extension
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local ext = myassert(require("resty.openssl.x509.extension").new(
-                "keyUsage", "Digital Signature, Key Encipherment"
-            ))
-            local ok = myassert(c:set_extension(ext))
-
-            local ext, _ = c:get_extension("X509v3 Key Usage")
-
-            ngx.say(tostring(ext))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"Digital Signature, Key Encipherment
-"
---- no_error_log
-[error]
-
-
-=== TEST 10: Reads basic constraints
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            ngx.say(c:get_basic_constraints("ca"))
-            ngx.say(c:get_basic_constraints("pathlen"))
-            collectgarbage("collect")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"true
-0
-"
---- no_error_log
-[error]
-
-=== TEST 11: Set basic constraints
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c, err = require("resty.openssl.x509").new(f)
-            local ok = myassert(c:set_basic_constraints({
-                CA = false,
-                pathLen = 233,
-            }))
-
-            ngx.say(c:get_basic_constraints("ca"))
-            ngx.say(c:get_basic_constraints("pathlen"))
-            collectgarbage("collect")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"false
-233
-"
---- no_error_log
-[error]
-
-=== TEST 12: Get authority info access
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local aia = myassert(c:get_info_access())
-
-            local ffi = require "ffi"
-            for _, v in ipairs(aia) do
-                ngx.say(ffi.string(ffi.C.OBJ_nid2ln(v[1])), " - ", v[2], ":", v[3])
-            end
-            collectgarbage("collect")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"OCSP - URI:http://ocsp.digicert.com
-CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
-"
---- no_error_log
-[error]
-
-=== TEST 13: Set authority info access
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local aia = myassert(c:get_info_access())
-            myassert(aia:add("OCSP", "URI", "http://somedomain.com"))
-        
-            myassert(c:set_info_access(aia))
-
-            local aia = myassert(c:get_info_access())
-            local ffi = require "ffi"
-            for _, v in ipairs(aia) do
-                ngx.say(ffi.string(ffi.C.OBJ_nid2ln(v[1])), " - ", v[2], ":", v[3])
-            end
-            collectgarbage("collect")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"OCSP - URI:http://ocsp.digicert.com
-CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
-OCSP - URI:http://somedomain.com
-"
---- no_error_log
-[error]
-
-=== TEST 14: Get CRL distribution points
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local cdp = myassert(c:get_crl_distribution_points())
-
-            local ffi = require "ffi"
-            for _, altname in pairs(cdp) do
-                for k, v in pairs(altname) do
-                    ngx.say(k, " ", v)
-                end
-            end
-            collectgarbage("collect")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"URI http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
-URI http://crl4.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
-"
---- no_error_log
-[error]
-
-=== TEST 15: Set CRL distribution points
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            -- NYI
-        }
-    }
---- request
-    GET /t
---- no_error_log
-[error]
-
-=== TEST 16: Get OCSP url
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local ocsp = myassert(c:get_ocsp_url())
-            ngx.say(ocsp)
-
-            local ocsp = myassert(c:get_ocsp_url(true))
-            ngx.say(encode_sorted_json(ocsp))
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local ocsp = myassert(c:get_ocsp_url())
-            ngx.say(ocsp)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-'http://ocsp.digicert.com
-["http:\/\/ocsp.digicert.com"]
-nil
-'
---- no_error_log
-[error]
-
-=== TEST 17: Get CRL url
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local crl = myassert(c:get_crl_url())
-            ngx.say(crl)
-
-            local crl = myassert(c:get_crl_url(true))
-            ngx.say(encode_sorted_json(crl))
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local crl = myassert(c:get_crl_url())
-            ngx.say(crl)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-'http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
-["http:\/\/crl3.digicert.com\/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl","http:\/\/crl4.digicert.com\/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl"]
-nil
-'
---- no_error_log
-[error]
-
-=== TEST 18: Get non existend extension, return nil, nil
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_subject_alt_name())
-            ngx.say(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"nil
-"
---- no_error_log
-[error]
-
-=== TEST 19: Check private key match
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed({ type = "EC", curve = "prime256v1" })
-            local ok, err = cert:check_private_key(key)
-            ngx.say(ok)
-            ngx.say(err)
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local ok, err = c:check_private_key(key)
-            ngx.say(ok)
-            ngx.say(err)
-
-            local key2 = require("resty.openssl.pkey").new({
-                type = 'EC',
-                curve = "prime256v1",
-            })
-            local ok, err = cert:check_private_key(key2)
-            ngx.say(ok)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"true
-nil
-false
-.+(key type mismatch|KEY_TYPE_MISMATCH)
-.+(key values mismatch|KEY_VALUES_MISMATCH)
-"
---- no_error_log
-[error]
-
-# START AUTO GENERATED CODE
-
-
-=== TEST 20: x509:get_serial_number (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_serial_number())
-            get = get:to_hex():upper()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"0E8BF3770D92D196F0BB61F93C4166BE"
---- no_error_log
-[error]
-
-=== TEST 21: x509:set_serial_number (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = myassert(require("resty.openssl.bn").new(math.random(1, 2333333)))
-            local ok = myassert(c:set_serial_number(toset))
-
-            local get = myassert(c:get_serial_number())
-            get = get:to_hex():upper()
-            toset = toset:to_hex():upper()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 22: x509:get_not_before (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_not_before())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1616630400"
---- no_error_log
-[error]
-
-=== TEST 23: x509:set_not_before (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_not_before(toset))
-
-            local get = myassert(c:get_not_before())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 24: x509:get_not_after (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_not_after())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1648684799"
---- no_error_log
-[error]
-
-=== TEST 25: x509:set_not_after (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_not_after(toset))
-
-            local get = myassert(c:get_not_after())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 26: x509:get_pubkey (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_pubkey())
-            get = get:to_PEM()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErfb3dbHTSVQKXRBxvdwlBksiHKIj
-Tp+h/rnQjL05vAwjx8+RppBa2EWrAxO+wSN6ucTInUf2luC5dmtQNmb3DQ==
------END PUBLIC KEY-----
-"
---- no_error_log
-[error]
-
-=== TEST 27: x509:set_pubkey (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = myassert(require("resty.openssl.pkey").new())
-            local ok = myassert(c:set_pubkey(toset))
-
-            local get = myassert(c:get_pubkey())
-            get = get:to_PEM()
-            toset = toset:to_PEM()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 28: x509:get_subject_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_subject_name())
-            get = get:tostring()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"C=US/CN=github.com/L=San Francisco/O=GitHub, Inc./ST=California"
---- no_error_log
-[error]
-
-=== TEST 29: x509:set_subject_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
-            local ok = myassert(c:set_subject_name(toset))
-
-            local get = myassert(c:get_subject_name())
-            get = get:tostring()
-            toset = toset:tostring()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 30: x509:get_issuer_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_issuer_name())
-            get = get:tostring()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"C=US/CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1/O=DigiCert, Inc."
---- no_error_log
-[error]
-
-=== TEST 31: x509:set_issuer_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
-            local ok = myassert(c:set_issuer_name(toset))
-
-            local get = myassert(c:get_issuer_name())
-            get = get:tostring()
-            toset = toset:tostring()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 32: x509:get_version (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_version())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"3"
---- no_error_log
-[error]
-
-=== TEST 33: x509:set_version (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_version(toset))
-
-            local get = myassert(c:get_version())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 34: x509:get_subject_alt_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local get = myassert(c:get_subject_alt_name())
-            get = get:tostring()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"DNS=github.com/DNS=www.github.com"
---- no_error_log
-[error]
-
-=== TEST 35: x509:set_subject_alt_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-            local toset = myassert(require("resty.openssl.x509.altname").new():add('DNS', 'earth.galaxy'))
-            local ok = myassert(c:set_subject_alt_name(toset))
-
-            local get = myassert(c:get_subject_alt_name())
-            get = get:tostring()
-            toset = toset:tostring()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 37: x509:get/set_subject_alt_name_critical (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local crit = myassert(c:get_subject_alt_name_critical())
-
-            local ok, err = myassert(c:set_subject_alt_name_critical(not crit))
-
-            ngx.say(c:get_subject_alt_name_critical() == not crit)
-        }
-    }
---- request
-    GET /t
---- response_body
-true
---- no_error_log
-[error]
-
-=== TEST 38: x509:get/set_basic_constraints_critical (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local crit = myassert(c:get_basic_constraints_critical())
-
-            local ok, err = myassert(c:set_basic_constraints_critical(not crit))
-
-            ngx.say(c:get_basic_constraints_critical() == not crit)
-        }
-    }
---- request
-    GET /t
---- response_body
-true
---- no_error_log
-[error]
-
-=== TEST 39: x509:get/set_info_access_critical (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local crit = myassert(c:get_info_access_critical())
-
-            local ok, err = myassert(c:set_info_access_critical(not crit))
-
-            ngx.say(c:get_info_access_critical() == not crit)
-        }
-    }
---- request
-    GET /t
---- response_body
-true
---- no_error_log
-[error]
-
-=== TEST 40: x509:get/set_crl_distribution_points_critical (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local crit = myassert(c:get_crl_distribution_points_critical())
-
-            local ok, err = myassert(c:set_crl_distribution_points_critical(not crit))
-
-            ngx.say(c:get_crl_distribution_points_critical() == not crit)
-        }
-    }
---- request
-    GET /t
---- response_body
-true
---- no_error_log
-[error]
-
-=== TEST 41: x509:get_get_signature_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local nid = myassert(c:get_signature_nid())
-
-            ngx.say(nid)
-
-            local name = myassert(c:get_signature_name())
-
-            ngx.say(name)
-
-            local name = myassert(c:get_signature_digest_name())
-
-            ngx.say(name)
-        }
-    }
---- request
-    GET /t
---- response_body
-794
-ecdsa-with-SHA256
-SHA256
---- no_error_log
-[error]
-# END AUTO GENERATED CODE

src/deps/src/lua-resty-openssl/t/openssl/x509/altname.t

@@ -1,238 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-
-run_tests();
-
-__DATA__
-=== TEST 1: Creates stack properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-            ngx.say(#c)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"0
-"
---- no_error_log
-[error]
-
-=== TEST 2: Adds elements to stack properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-
-            for i=0,2,1 do
-                local ok = myassert(c:add("DNS", string.format("%d.com", i)))
-            end
-            ngx.say(#c)
-            ngx.say(c:count())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"3
-3
-"
---- no_error_log
-[error]
-
-=== TEST 3: Element can be indexed properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-
-            for i=0,2,1 do
-                local ok = myassert(c:add("DNS", string.format("%d.com", i)))
-            end
-            for k, v in pairs(c) do
-                ngx.say(k, " ", v)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"DNS 0.com
-DNS 1.com
-DNS 2.com
-"
---- no_error_log
-[error]
-
-=== TEST 4: Element is duplicated when added to stack
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-
-            local ok = myassert(c:add("DNS", "example.com"))
-
-            cert = nil
-            collectgarbage("collect")
-            local k, v = unpack(c[1])
-            ngx.say(k, " ", v)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"DNS example.com
-"
---- no_error_log
-[error]
-
-=== TEST 5: Element is duplicated when returned
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-
-            local ok = myassert(c:add("DNS", "example.com"))
-
-            local cc = c[1]
-            c = nil
-            collectgarbage("collect")
-            if cc ~= nil then
-                local k, v = unpack(cc)
-                ngx.say(k, " ", v)
-            else
-                ngx.say("incorrectly GC'ed")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"DNS example.com
-"
---- no_error_log
-[error]
-
-=== TEST 6: Element is not freed when stack is duplicated
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-
-            local ok = myassert(c:add("DNS", "example.com"))
-
-            local c2 = myassert(altname.dup(c.ctx))
-
-            c = nil
-            collectgarbage("collect")
-            ngx.say(c2:count())
-            local k, v = unpack(c2[1])
-            ngx.say(k, " ", v)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1
-DNS example.com
-"
---- no_error_log
-[error]
-
-=== TEST 7: Unsupported SANs are returned as "unsupported"
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local x509 = require("resty.openssl.x509")
-
-            local extension = require "resty.openssl.x509.extension"
-
-            local ext, err = myassert(extension.new("subjectAltName", "otherName:msUPN;UTF8:sb@sb.local,IP.1:255.255.255.255,IP.2:1111:1111:1111:1111:1111:1111:1111:1111,DNS:example.com,email:test@test.com,RID:1.2.3.4"))
-
-            local c = x509.new()
-
-            myassert(c:add_extension(ext))
-
-            local alts = myassert(c:get_subject_alt_name())
-
-            for k, v in pairs(alts) do
-                ngx.say(k, ":", v)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body
-OtherName:OtherName:<unsupported>
-IP:255.255.255.255
-IP:1111:1111:1111:1111:1111:1111:1111:1111
-DNS:example.com
-email:test@test.com
-RID:RID:<unsupported>
---- no_error_log
-[error]
-
-=== TEST 8: IP addresses are validated and parsed
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname")
-            local c = myassert(altname.new())
-
-            myassert(c:add("IP", "1.2.3.4"))
-            myassert(c:add("IPAddress", "100.100.100.100"))
-            myassert(c:add("IP", "255.255.255.255"))
-            myassert(c:add("IP", "::1"))
-            myassert(c:add("IP", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"))
-            for _, v in ipairs({"1", ":::", "ffff:", "256.1.1.1"}) do
-                local _, err = c:add("IP", v)
-                if err == nil then
-                    ngx.say("should error on " .. v)
-                end
-            end
-
-            ngx.say(c:tostring())
-
-        }
-    }
---- request
-    GET /t
---- response_body
-IP=1.2.3.4/IP=100.100.100.100/IP=255.255.255.255/IP=::1/IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509/chain.t

@@ -1,173 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-
-run_tests();
-
-__DATA__
-=== TEST 1: Creates stack properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local chain = require("resty.openssl.x509.chain")
-            local c = myassert(chain.new())
-
-            ngx.say(#c)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"0
-"
---- no_error_log
-[error]
-
-=== TEST 2: Adds elements to stack properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed()
-            local chain = require("resty.openssl.x509.chain")
-            local c = myassert(chain.new())
-
-            for i=0,2,1 do
-                local ok = myassert(c:add(cert))
-            end
-            ngx.say(#c)
-            ngx.say(#c:all())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"3
-3
-"
---- no_error_log
-[error]
-
-=== TEST 3: Element can be indexed properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed()
-            local chain = require("resty.openssl.x509.chain")
-            local c = myassert(chain.new())
-
-            for i=0,2,1 do
-                local ok = myassert(c:add(cert))
-
-            end
-            for _, cc in ipairs(c) do
-                ngx.say(#cc:digest())
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"20
-20
-20
-"
---- no_error_log
-[error]
-
-=== TEST 4: Element is duplicated when added to stack
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed()
-            local chain = require("resty.openssl.x509.chain")
-            local c = myassert(chain.new())
-
-            local ok = myassert(c:add(cert))
-
-            cert = nil
-            collectgarbage("collect")
-            ngx.say(#c[1]:digest())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"20
-"
---- no_error_log
-[error]
-
-=== TEST 5: Element is duplicated when returned
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed()
-            local chain = require("resty.openssl.x509.chain")
-            local c = myassert(chain.new())
-
-            local ok = myassert(c:add(cert))
-
-            local cc = c[1]
-            c = nil
-            collectgarbage("collect") 
-            ngx.say(#cc:digest())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"20
-"
---- no_error_log
-[error]
-
-=== TEST 6: Element is not freed when stack is duplicated
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed()
-            local chain = require("resty.openssl.x509.chain")
-            local c = myassert(chain.new())
-
-            local ok = myassert(c:add(cert))
-
-            local c2 = myassert(chain.dup(c.ctx))
-
-            c = nil
-            collectgarbage("collect")
-            ngx.say(c2:count())
-            ngx.say(#c2[1]:digest())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1
-20
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509/crl.t

@@ -1,507 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-no_long_string();
-
-run_tests();
-
-__DATA__
-=== TEST 1: Loads a crl
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            ngx.say("ok")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok
-"
---- no_error_log
-[error]
-
-=== TEST 2: Converts and loads PEM format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local pem = myassert(c:tostring("PEM"))
-
-            for _, typ in ipairs({"PEM", "*", false}) do
-              local c2 = myassert(require("resty.openssl.x509.crl").new(pem, typ))
-            end
-            local c2, err = require("resty.openssl.x509.crl").new(pem, "DER")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"x509.crl.new.+(nested asn1 error|NESTED_ASN1_ERROR).+"
---- no_error_log
-[error]
-
-=== TEST 3: Converts and loads DER format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local pem = myassert(c:tostring("DER"))
-
-            for _, typ in ipairs({"DER", "*", false}) do
-              local c2 = myassert(require("resty.openssl.x509.crl").new(pem, typ))
-            end
-            local c2, err = require("resty.openssl.x509.crl").new(pem, "PEM")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"x509.crl.new.+(no start line|NO_START_LINE).+"
---- no_error_log
-[error]
-
-=== TEST 4: x509.crl:add_revoked should add revoked to crl
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local revoked =  myassert(require("resty.openssl.x509.revoked"))
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local toset = ngx.time()
-            local r = myassert(revoked.new(1234, toset, 1))
- 
-            if not revoked.istype(r) then
-             ngx.say("it should be instance of revoked")
-             return
-            end
-
-            local ok = myassert(c:add_revoked(r))
-            if ok ~= true then
-              ngx.say("Could not add revoked")
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 5: x509.crl:add_revoked should fail if revoked is not instance of revoked
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local revoked =  myassert(require("resty.openssl.x509.revoked"))
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local ok, err = c:add_revoked({ctx ={}})
-            if ok ~= false then
-                ngx.say("false")
-            elseif err ~= "x509.crl:add_revoked: expect a revoked instance at #1" then
-                ngx.say("false")
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-
-=== TEST 6: x509.crl:sign should succeed
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local revoked =  myassert(require("resty.openssl.x509.revoked"))
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local toset = ngx.time()
-            local r = myassert(revoked.new(1234, toset, 1))
-            c:add_revoked(r)
-
-            local d = myassert(require("resty.openssl.digest").new("SHA256"))
-            local p = myassert(require("resty.openssl.pkey").new())
-            local ok = myassert(c:sign(p, d))
-            if ok == false then
-                ngx.say("false")
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 7: x509.crl:text
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            ngx.say(myassert(c:text()))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"Certificate Revocation List.+Revoked Certificates.+"
---- no_error_log
-[error]
-
-=== TEST 8: x509.crl metamethods
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_10 then
-                ngx.say("09159859CAC0C90203BB34C5A012C2A3, 1577753344\n09159859CAC0C90203BB34C5A012C2A3, 1577753344\n2, 2")
-                ngx.say("09159859CAC0C90203BB34C5A012C2A3, 1577753344\n04D2, 1511122233")
-                ngx.exit(0)
-            end
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local s = myassert(c:index(1))
-            ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
-            s = c[1]
-            ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
-
-            local revoked =  myassert(require("resty.openssl.x509.revoked"))
-            local r = myassert(revoked.new(0x04D2, 1511122233, 1))
-            myassert(c:add_revoked(r))
-
-            ngx.say(#c, ", ", c:count())
-            for _, rr in ipairs(c) do
-                ngx.say(rr.serial_number:upper(), ", ", rr.revocation_date)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"09159859CAC0C90203BB34C5A012C2A3, 1577753344
-09159859CAC0C90203BB34C5A012C2A3, 1577753344
-2, 2
-09159859CAC0C90203BB34C5A012C2A3, 1577753344
-04D2, 1511122233
-"
---- no_error_log
-[error]
-
-=== TEST 9: x509.crl get_by_serial
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").OPENSSL_10 then
-                ngx.say("09159859CAC0C90203BB34C5A012C2A3, 1577753344\n09159859CAC0C90203BB34C5A012C2A3, 1577753344\ntruetrue")
-                ngx.exit(0)
-            end
-
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local s = myassert(c:get_by_serial("09159859CAC0C90203BB34C5A012C2A3"))
-            ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
-            s = myassert(c:get_by_serial(require("resty.openssl.bn").from_hex("09159859CAC0C90203BB34C5A012C2A3")))
-            ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
-
-            local nos, err = c:get_by_serial("111111")
-            ngx.say(nos == nil, err == nil)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"09159859CAC0C90203BB34C5A012C2A3, 1577753344
-09159859CAC0C90203BB34C5A012C2A3, 1577753344
-truetrue
-"
---- no_error_log
-[error]
-
-=== TEST 10: x509.crl doesn't error if revoked is empty (regression)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/no_revoked.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            for k, v in pairs(c) do
-                ngx.say(tostring(k))
-            end
-            -- above should print nothing
-
-            ngx.say(c:get_last_update())
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"1652832000
-"
---- no_error_log
-[error]
-
-# START AUTO GENERATED CODE
-
-
-=== TEST 11: x509.crl:get_issuer_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local get = myassert(c:get_issuer_name())
-            get = get:tostring()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"C=CN/CN=TrustAsia EV TLS Pro CA G2/O=TrustAsia Technologies, Inc."
---- no_error_log
-[error]
-
-=== TEST 12: x509.crl:set_issuer_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
-            local ok = myassert(c:set_issuer_name(toset))
-
-            local get = myassert(c:get_issuer_name())
-            get = get:tostring()
-            toset = toset:tostring()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 13: x509.crl:get_last_update (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local get = myassert(c:get_last_update())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1580684546"
---- no_error_log
-[error]
-
-=== TEST 14: x509.crl:set_last_update (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_last_update(toset))
-
-            local get = myassert(c:get_last_update())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 15: x509.crl:get_next_update (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local get = myassert(c:get_next_update())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1581289346"
---- no_error_log
-[error]
-
-=== TEST 16: x509.crl:set_next_update (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_next_update(toset))
-
-            local get = myassert(c:get_next_update())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 17: x509.crl:get_version (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local get = myassert(c:get_version())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"2"
---- no_error_log
-[error]
-
-=== TEST 18: x509.crl:set_version (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_version(toset))
-
-            local get = myassert(c:get_version())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 20: x509.crl:get_get_signature_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
-            local c = myassert(require("resty.openssl.x509.crl").new(f))
-
-            local nid = myassert(c:get_signature_nid())
-
-            ngx.say(nid)
-
-            local name = myassert(c:get_signature_name())
-
-            ngx.say(name)
-
-            local name = myassert(c:get_signature_digest_name())
-
-            ngx.say(name)
-        }
-    }
---- request
-    GET /t
---- response_body
-668
-RSA-SHA256
-SHA256
---- no_error_log
-[error]
-# END AUTO GENERATED CODE

src/deps/src/lua-resty-openssl/t/openssl/x509/csr.lua

@@ -1,56 +0,0 @@
-
-local function create_csr(domain_pkey, ...)
-  local domains = {...}
-
-  local subject = require("resty.openssl.x509.name").new()
-  local _, err = subject:add("CN", domains[1])
-  if err then
-    return nil, err
-  end
-
-  local alt, err
-  if #{...} > 1 then
-    alt, err = require("resty.openssl.x509.altname").new()
-    if err then
-      return nil, err
-    end
-
-    for _, domain in pairs(domains) do
-      _, err = alt:add("DNS", domain)
-      if err then
-        return nil, err
-      end
-    end
-  end
-
-  local csr = require("resty.openssl.x509.csr").new()
-  local _
-  _, err = csr:set_subject_name(subject)
-  if err then
-    return nil, err
-  end
-
-  if alt then
-    _, err = csr:set_subject_alt_name(alt)
-    if err then
-      return nil, err
-    end
-  end
-
-  _, err = csr:set_pubkey(domain_pkey)
-  if err then
-    return nil, err
-  end
-
-  local d = require("resty.openssl.digest").new("SHA256")
-  _, err = csr:sign(domain_pkey, d)
-  if err then
-    return nil, err
-  end
-
-  return csr:tostring("DER"), nil
-end
-
-return {
-    create_csr = create_csr,
-}

src/deps/src/lua-resty-openssl/t/openssl/x509/csr.t

@@ -1,623 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-no_long_string();
-
-run_tests();
-
-__DATA__
-=== TEST 1: Loads a csr
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            ngx.say("ok")
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok
-"
---- no_error_log
-[error]
-
-=== TEST 2: Converts and loads PEM format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local pem = myassert(c:tostring("PEM"))
-
-            for _, typ in ipairs({"PEM", "*", false}) do
-              local c2 = myassert(require("resty.openssl.x509.csr").new(pem, typ))
-            end
-            local c2, err = require("resty.openssl.x509.csr").new(pem, "DER")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"x509.csr.new.+(nested asn1 error|NESTED_ASN1_ERROR).+"
---- no_error_log
-[error]
-
-=== TEST 3: Converts and loads DER format
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local pem = myassert(c:tostring("DER"))
-
-            for _, typ in ipairs({"DER", "*", false}) do
-              local c2 = myassert(require("resty.openssl.x509.csr").new(pem, typ))
-            end
-            local c2, err = require("resty.openssl.x509.csr").new(pem, "PEM")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"x509.csr.new.+(no start line|NO_START_LINE).+"
---- no_error_log
-[error]
-
-=== TEST 4: Generates CSR with RSA pkey correctly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local util = require("csr")
-            local pkey = require("resty.openssl.pkey").new()
-            local der = myassert(util.create_csr(pkey, "dns1.com", "dns2.com", "dns3.com"))
-
-            ngx.update_time()
-            local fname = "ci_" .. math.floor(ngx.now() * 1000)
-            local f = io.open(fname, "wb")
-            f:write(der)
-            f:close()
-            ngx.say(io.popen("openssl req -inform der -in " .. fname .. " -noout -text", 'r'):read("*a"))
-            os.remove(fname)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-".+CN\\s*=\\s*dns1.com.+rsaEncryption.+2048 bit.+DNS:dns1.com.+DNS:dns2.com.+DNS:dns3.com"
---- no_error_log
-[error]
-
-=== TEST 5: Rejects invalid arguments
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local csr = require("resty.openssl.x509.csr").new()
-            ok, err = csr:set_subject_name("not a subject")
-            ngx.say(err)
-            ok, err = csr:set_subject_alt_name("not an alt")
-            ngx.say(err)
-            ok, err = csr:set_pubkey("not a pkey")
-            ngx.say(err)
-            ok, err = csr:sign("not a pkey")
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"x509.csr:set_subject_name: expect a x509.name instance at #1
-x509.csr:set_subject_alt_name: expect a x509.altname instance at #1
-x509.csr:set_pubkey: expect a pkey instance at #1
-x509.csr:sign: expect a pkey instance at #1
-"
---- no_error_log
-[error]
-
-
-=== TEST 6: x509.csr:get_extensions of csr
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local exts = c:get_extensions()
-            if #exts == 0 then
-              ngx.print("0")
-            else
-              ngx.print("4")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"4"
---- no_error_log
-[error]
-
-
-=== TEST 7: x509.csr:get_extension by nid
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local ext, pos = c:get_extension(83)
-            if not ext then
-              ngx.say("nil")
-            else
-              ngx.say(pos)
-            end
-
-            local ext = c:get_extension(83, pos)
-            if not ext then
-              ngx.say("nil")
-            else
-              ngx.say(pos)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"2
-nil
-"
---- no_error_log
-[error]
-
-=== TEST 8: x509.csr:get_extension by nid name
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local ext = c:get_extension('basicConstraints')
-            if not ext then
-              ngx.print("nil")
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 9: x509.csr:get_extension should return nil if wrong nid name is given
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local ext, err = c:get_extension('test')
-            if not ext then
-              ngx.print("ok")
-            else
-              ngx.print(err)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 10: Adds extension
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local altname = require("resty.openssl.x509.altname").new()
-            myassert(altname:add("DNS", "test.com"))
-            myassert(altname:add("DNS", "test2.com"))
-            local extension = require("resty.openssl.x509.extension")
-            local ext = myassert(extension.from_data(altname, 85, false))
-
-            local ok = myassert(c:add_extension(ext))
-
-            local ext, _ = c:get_extension("subjectAltName")
-
-            ngx.update_time()
-            local fname = "ci_" .. math.floor(ngx.now() * 1000)
-            local f = io.open(fname, "wb")
-            f:write(c:tostring())
-            f:close()
-            ngx.say(io.popen("openssl req -in " .. fname .. " -noout -text", 'r'):read("*a"))
-            os.remove(fname)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"DNS:example.com.+DNS:test.com, DNS:test2.com
-"
---- no_error_log
-[error]
-
-=== TEST 11: Set extension
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local altname = require("resty.openssl.x509.altname").new()
-            myassert(altname:add("DNS", "test.com"))
-            myassert(altname:add("DNS", "test2.com"))
-            local extension = require("resty.openssl.x509.extension")
-            local ext = myassert(extension.from_data(altname, 85, false))
-
-            local ok = myassert(c:set_extension(ext))
-
-            local ext, _ = c:get_extension("subjectAltName")
-
-            ngx.say(tostring(ext))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"DNS:test.com, DNS:test2.com
-"
---- no_error_log
-[error]
-
-=== TEST 12: x509.csr:sign should succeed
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local d = myassert(require("resty.openssl.digest").new("SHA256"))
-            local p = myassert(require("resty.openssl.pkey").new())
-            local ok = myassert(c:sign(p, d))
-            if ok == false then
-                ngx.say("false")
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 14: Check private key match
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local util = require("csr")
-            local pkey = require("resty.openssl.pkey").new({ type = "EC", curve = "prime256v1" })
-            local der = myassert(util.create_csr(pkey, "dns1.com", "dns2.com", "dns3.com"))
-            local csr = myassert(require("resty.openssl.x509.csr").new(der))
-            local ok, err = csr:check_private_key(pkey)
-            ngx.say(ok)
-            ngx.say(err)
-
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local ok, err = c:check_private_key(pkey)
-            ngx.say(ok)
-            ngx.say(err)
-
-            local key2 = require("resty.openssl.pkey").new({
-                type = 'EC',
-                curve = "prime256v1",
-            })
-            local ok, err = csr:check_private_key(key2)
-            ngx.say(ok)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"true
-nil
-false
-.+(key type mismatch|KEY_TYPE_MISMATCH)
-.+(key values mismatch|KEY_VALUES_MISMATCH)
-"
---- no_error_log
-[error]
-
-# START AUTO GENERATED CODE
-
-
-=== TEST 15: x509.csr:get_subject_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local get = myassert(c:get_subject_name())
-            get = get:tostring()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"C=US/CN=example.com/L=Los Angeles/O=SSL Support/OU=SSL Support/ST=California"
---- no_error_log
-[error]
-
-=== TEST 16: x509.csr:set_subject_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
-            local ok = myassert(c:set_subject_name(toset))
-
-            local get = myassert(c:get_subject_name())
-            get = get:tostring()
-            toset = toset:tostring()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 17: x509.csr:get_pubkey (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local get = myassert(c:get_pubkey())
-            get = get:to_PEM()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPOIBIoblSLFv/ifj8GD
-CNL5NhDX2JVUQKcWC19KtWYQg1HPnaGIy+Dj9tYSBw8T8xc9hbJ1TYGbBIMKfBUz
-KoTt5yLdVIM/HJm3m9ImvAbK7TYcx1U9TJEMxN6686whAUMBr4B7ql4VTXqu6TgD
-cdbcQ5wsPVOiFHJTTwgVwt7eVCBMFAkZn+qQz+WigM5HEp8KFrzwAK142H2ucuyf
-gGS4+XQSsUdwNWh9GPRZgRt3R2h5ymYkQB/cbg596alCquoizI6QCfwQx3or9Dg1
-f3rlwf8H5HIVH3hATGIr7GpbKka/JH2PYNGfi5KqsJssVQfu84m+5WXDB+90KHJE
-cwIDAQAB
------END PUBLIC KEY-----
-"
---- no_error_log
-[error]
-
-=== TEST 18: x509.csr:set_pubkey (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local toset = myassert(require("resty.openssl.pkey").new())
-            local ok = myassert(c:set_pubkey(toset))
-
-            local get = myassert(c:get_pubkey())
-            get = get:to_PEM()
-            toset = toset:to_PEM()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 19: x509.csr:get_version (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local get = myassert(c:get_version())
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1"
---- no_error_log
-[error]
-
-=== TEST 20: x509.csr:set_version (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local toset = ngx.time()
-            local ok = myassert(c:set_version(toset))
-
-            local get = myassert(c:get_version())
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 21: x509.csr:get_subject_alt_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local get = myassert(c:get_subject_alt_name())
-            get = get:tostring()
-            ngx.print(get)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"DNS=example.com"
---- no_error_log
-[error]
-
-=== TEST 22: x509.csr:set_subject_alt_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-            local toset = myassert(require("resty.openssl.x509.altname").new():add('DNS', 'earth.galaxy'))
-            local ok = myassert(c:set_subject_alt_name(toset))
-
-            local get = myassert(c:get_subject_alt_name())
-            get = get:tostring()
-            toset = toset:tostring()
-            if get ~= toset then
-              ngx.say(get)
-              ngx.say(toset)
-            else
-              ngx.print("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok"
---- no_error_log
-[error]
-
-=== TEST 24: x509.csr:get/set_subject_alt_name_critical (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local crit = myassert(c:get_subject_alt_name_critical())
-
-            local ok, err = myassert(c:set_subject_alt_name_critical(not crit))
-
-            ngx.say(c:get_subject_alt_name_critical() == not crit)
-        }
-    }
---- request
-    GET /t
---- response_body
-true
---- no_error_log
-[error]
-
-=== TEST 25: x509.csr:get_get_signature_name (AUTOGEN)
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/test.csr"):read("*a")
-            local c = myassert(require("resty.openssl.x509.csr").new(f))
-
-            local nid = myassert(c:get_signature_nid())
-
-            ngx.say(nid)
-
-            local name = myassert(c:get_signature_name())
-
-            ngx.say(name)
-
-            local name = myassert(c:get_signature_digest_name())
-
-            ngx.say(name)
-        }
-    }
---- request
-    GET /t
---- response_body
-65
-RSA-SHA1
-SHA1
---- no_error_log
-[error]
-# END AUTO GENERATED CODE

src/deps/src/lua-resty-openssl/t/openssl/x509/extension.t

@@ -1,379 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-        _G.encode_sorted_json = require("helper").encode_sorted_json
-    }
-};
-
-
-run_tests();
-
-__DATA__
-=== TEST 1: Creates extension by nconf
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.new("extendedKeyUsage",
-                                        "serverAuth,clientAuth"))
-        }
-    }
---- request
-    GET /t
---- no_error_log
-[error]
-
-=== TEST 2: Gets extension object
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.new("extendedKeyUsage",
-                                        "serverAuth,clientAuth"))
-
-            ngx.say(encode_sorted_json(myassert(c:get_object())))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'{"id":"2.5.29.37","ln":"X509v3 Extended Key Usage","nid":126,"sn":"extendedKeyUsage"}
-'
---- no_error_log
-[error]
-
-=== TEST 3: Gets extension critical
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local extension, _, err = c:get_extension("X509v3 Key Usage")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(extension:get_critical())
-    
-            local extension, _, err = c:get_extension("X509v3 Extended Key Usage")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(extension:get_critical())
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"true
-false
-"
---- no_error_log
-[error]
-
-=== TEST 4: Set extension critical
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.new("extendedKeyUsage",
-                                        "serverAuth,clientAuth"))
-            myassert(c:set_critical())
-            ngx.say(c:get_critical())
-
-            myassert(c:set_critical(true))
-            ngx.say(c:get_critical())
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"false
-true
-"
---- no_error_log
-[error]
-
-=== TEST 5: Prints human readable txt of extension
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local extension, _, err = c:get_extension("subjectKeyIdentifier")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(extension:text())
-
-            local extension, _, err = c:get_extension("Authority Information Access")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(tostring(extension))
-
-            -- unknown extension
-            local objects = require("resty.openssl.objects")
-            local id_pe_acmeIdentifier = "1.3.6.1.5.5.7.1.31"
-            local nid = objects.txt2nid(id_pe_acmeIdentifier)
-            if not nid or nid == 0 then
-                nid = objects.create(
-                    id_pe_acmeIdentifier, -- nid
-                    "pe-acmeIdentifier",  -- sn
-                    "ACME Identifier"     -- ln
-                )
-            end
-            local ext = myassert(require("resty.openssl.x509.extension").from_der("valuevalue", nid, true))
-            ngx.say("ACME Identifier: ", tostring(ext))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"27:B1:7E:9F:BB:26:99:50:D8:F3:C3:53:5B:FE:31:16:B0:BB:1E:72
-OCSP - URI:http://ocsp.digicert.com
-CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
-.?ACME Identifier: valuevalue
-"
---- no_error_log
-[error]
-
-=== TEST 6: Creates extension by X509V3_CTX
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local x509 = myassert(require("resty.openssl.x509").new(f))
-            f = io.open("t/fixtures/test.crt"):read("*a")
-            local ic = myassert(require("resty.openssl.x509").new(f))
-            f = io.open("t/fixtures/test.key"):read("*a")
-            local ik = myassert(require("resty.openssl.pkey").new(f))
-
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.new("subjectKeyIdentifier", "hash",
-                            {
-                                subject = x509,
-                            }))
-
-            ngx.say(tostring(c))
-
-            if require("resty.openssl.version").OPENSSL_3X then
-                c = myassert(extension.new("authorityKeyIdentifier", "keyid",
-                                {
-                                    subject = x509,
-                                    issuer = x509,
-                                }))
-
-                if tostring(c) ~= "0." then
-                    ngx.log(ngx.ERR, "authorityKeyIdentifier should be empty but got " .. tostring(c))
-                end
-
-                c = myassert(extension.new("authorityKeyIdentifier", "keyid",
-                                {
-                                    subject = x509,
-                                    issuer = x509,
-                                    issuer_pkey = ik,
-                                }))
-                -- when set with issuer_pkey, the X509V3_print doesn't include "keyid:" prefix
-                ngx.print("keyid:")
-            else
-                c = myassert(extension.new("authorityKeyIdentifier", "keyid",
-                                {
-                                    subject = x509,
-                                    issuer = ic,
-                                }))
-            end
-
-            ngx.say(tostring(c))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"27:B1:7E:9F:BB:26:99:50:D8:F3:C3:53:5B:FE:31:16:B0:BB:1E:72
-keyid:CF:03:F5:09:EB:83:D2:4F:10:DE:65:92:90:E9:93:3E:38:4C:E8:7C
-"
---- no_error_log
-[error]
-
-=== TEST 7: Creates extension by data
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname").new()
-            myassert(altname:add("DNS", "test.com"))
-            myassert(altname:add("DNS", "test2.com"))
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.from_data(altname, 85, false))
-
-            ngx.say(encode_sorted_json(c:get_object()))
-            ngx.say(tostring(c))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'{"id":"2.5.29.17","ln":"X509v3 Subject Alternative Name","nid":85,"sn":"subjectAltName"}
-DNS:test.com, DNS:test2.com
-'
---- no_error_log
-[error]
-
-=== TEST 8: Convert extension to data
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local altname = require("resty.openssl.x509.altname").new()
-            myassert(altname:add("DNS", "test.com"))
-            myassert(altname:add("DNS", "test2.com"))
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.from_data(altname, 85, false))
-
-            local alt2 = myassert(extension.to_data(c, 85))
-            ngx.say(alt2:tostring())
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'DNS=test.com/DNS=test2.com
-'
---- no_error_log
-[error]
-
-=== TEST 9: Creates extension by der
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.from_der("\x00\x01\x02\x03", "basicConstraints"))
-
-            ngx.say(encode_sorted_json(c:get_object()))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'{"id":"2.5.29.19","ln":"X509v3 Basic Constraints","nid":87,"sn":"basicConstraints"}
-'
---- no_error_log
-[error]
-
-=== TEST 10: Creates extension by nconf
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            if require("resty.openssl.version").BORINGSSL then
-                ngx.say([[
-{"id":"2.5.29.32","ln":"X509v3 Certificate Policies","nid":89,"sn":"certificatePolicies"}
-Policy: 1.2.3.4
-Policy: 1.5.6.7.8
-Policy: 1.3.5.8
-  CPS: http://my.host.name/
-  CPS: http://my.your.name/
-  User Notice:
-    Organization: Organisation Name
-    Numbers: 1, 2, 3, 4
-    Explicit Text: Explicit Text Here
-            ]])
-                ngx.exit(0)
-            end
-
-            local extension = require("resty.openssl.x509.extension")
-            local c = myassert(extension.new("certificatePolicies", "ia5org,1.2.3.4,1.5.6.7.8,@polsect",
-                [[
-                [polsect]
-                policyIdentifier = 1.3.5.8
-                CPS.1="http://my.host.name/"
-                CPS.2="http://my.your.name/"
-                userNotice.1=@notice
-
-                [notice]
-                explicitText="Explicit Text Here"
-                organization="Organisation Name"
-                noticeNumbers=1,2,3,4
-                ]]
-            ))
-
-            ngx.say(encode_sorted_json(c:get_object()))
-            ngx.say(tostring(c))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-'{"id":"2.5.29.32","ln":"X509v3 Certificate Policies","nid":89,"sn":"certificatePolicies"}
-Policy: 1.2.3.4
-Policy: 1.5.6.7.8
-Policy: 1.3.5.8
-  CPS: http://my.host.name/
-  CPS: http://my.your.name/
-  User Notice:
-    Organization: Organisation Name
-    Numbers: 1, 2, 3, 4
-    Explicit Text: Explicit Text Here
-'
---- no_error_log
-[error]
-
-=== TEST 11: Returns DER encoded data
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local f = io.open("t/fixtures/Github.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local extension, _, err = c:get_extension("subjectKeyIdentifier")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(require("helper").to_hex(extension:to_der()))
-
-            local extension, _, err = c:get_extension("Authority Information Access")
-            if err then
-                ngx.log(ngx.ERR, err)
-                return
-            end
-            ngx.say(require("helper").to_hex(extension:to_der()))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"041427B17E9FBB269950D8F3C3535BFE3116B0BB1E72
-308182302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305A06082B06010505073002864E687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274486967684173737572616E6365544C53487962726964454343534841323536323032304341312E637274
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509/extensions.t

@@ -1,180 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-
-run_tests();
-
-__DATA__
-=== TEST 1: Creates stack properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extensions = require("resty.openssl.x509.extensions")
-            local c = myassert(extensions.new())
-
-            ngx.say(#c)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"0
-"
---- no_error_log
-[error]
-
-=== TEST 2: Adds elements to stack properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension_lib = require("resty.openssl.x509.extension")
-            local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
-            local extensions = require("resty.openssl.x509.extensions")
-            local c = myassert(extensions.new())
-
-            for i=0,2,1 do
-                local ok = myassert(c:add(ext))
-            end
-            ngx.say(#c)
-            ngx.say(#c:all())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"3
-3
-"
---- no_error_log
-[error]
-
-=== TEST 3: Element can be indexed properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension_lib = require("resty.openssl.x509.extension")
-            local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
-            local extensions = require("resty.openssl.x509.extensions")
-            local c = myassert(extensions.new())
-
-            for i=0,2,1 do
-                local ok = myassert(c:add(ext))
-            end
-
-            collectgarbage()
-            
-            for _, cc in ipairs(c) do
-                ngx.say(cc:text())
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"TLS Web Server Authentication, TLS Web Client Authentication
-TLS Web Server Authentication, TLS Web Client Authentication
-TLS Web Server Authentication, TLS Web Client Authentication
-"
---- no_error_log
-[error]
-
-=== TEST 4: Element is duplicated when added to stack
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension_lib = require("resty.openssl.x509.extension")
-            local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
-            local extensions = require("resty.openssl.x509.extensions")
-            local c = myassert(extensions.new())
-
-            local ok = myassert(c:add(ext))
-
-            ext = nil
-            collectgarbage("collect")
-            ngx.say(c[1]:text())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"TLS Web Server Authentication, TLS Web Client Authentication
-"
---- no_error_log
-[error]
-
-=== TEST 5: Element is duplicated when returned
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension_lib = require("resty.openssl.x509.extension")
-            local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
-            local extensions = require("resty.openssl.x509.extensions")
-            local c = myassert(extensions.new())
-
-            local ok = myassert(c:add(ext))
-
-            local cc = c[1]
-            c = nil
-            collectgarbage("collect") 
-            ngx.say(cc:text())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"TLS Web Server Authentication, TLS Web Client Authentication
-"
---- no_error_log
-[error]
-
-=== TEST 6: Element is not freed when stack is duplicated
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local extension_lib = require("resty.openssl.x509.extension")
-            local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
-            local extensions = require("resty.openssl.x509.extensions")
-            local c = myassert(extensions.new())
-
-            local ok = myassert(c:add(ext))
-
-            local c2 = myassert(extensions.dup(c.ctx))
-
-            c = nil
-            collectgarbage("collect") 
-            ngx.say(c2:count())
-            ngx.say(c2[1]:text())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"1
-TLS Web Server Authentication, TLS Web Client Authentication
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509/name.t

@@ -1,139 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-
-run_tests();
-
-__DATA__
-=== TEST 1: Duplicate the ctx
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            require('ffi').cdef('typedef struct X509_name_st X509_NAME; void X509_NAME_free(X509_NAME *name);')
-            local name = myassert(require("resty.openssl.x509.name").new())
-
-            local name2 = myassert(require("resty.openssl.x509.name").dup(name.ctx))
-
-            name = nil
-            collectgarbage("collect")
-            -- if name2.ctx is also freed this following will segfault
-            local _ = myassert(name2:add("CN", "example.com"))
-
-        }
-    }
---- request
-    GET /t
---- response_body eval
-""
---- no_error_log
-[error]
-
-=== TEST 2: Rejects invalid NID
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local name = myassert(require("resty.openssl.x509.name").new())
-
-            name, err = name:add("whatever", "value")
-            ngx.say(name == nil)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"true
-x509.name:add: invalid NID text whatever
-"
---- no_error_log
-[error]
-
-=== TEST 3: Finds by text
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local name = myassert(require("resty.openssl.x509.name").new())
-
-            name = myassert(name:add("CN", "example.com"))
- 
-            name = myassert(name:add("CN", "anotherdomain.com"))
-
-            local a, b, c = name:find("CN")
-            if a then
-                ngx.say("found ", b, " ", a.blob)
-            end
-            local a, b, c = name:find("2.5.4.3")
-            if a then
-                ngx.say("found ", b, " ", a.blob)
-            end
-            local a, b, c = name:find("CM")
-            if not a then
-                ngx.say("not found")
-            end
-            local a, b, c = name:find("CN", 1)
-            if a then
-                ngx.say("found ", b, " ", a.blob)
-            end
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"found 1 example.com
-found 1 example.com
-not found
-found 2 anotherdomain.com
-"
---- no_error_log
-[error]
-
-
-=== TEST 4: Pairs
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local name = myassert(require("resty.openssl.x509.name").new())
-
-            local CNs = 3
-            for i=1,CNs,1 do
-                name = myassert(name:add("CN", string.format("%d.example.com", i)))
-            end
-            local others = { "L", "ST", "O" }
-            for _, k in ipairs(others) do
-                name = myassert(name:add(k, "Mars"))
-            end
-            ngx.say(#name)
-            for k, v in pairs(name) do
-                ngx.print(v.nid .. ",")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"6
-13,13,13,15,16,17,"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509/revoked.t

@@ -1,69 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-no_long_string();
-
-run_tests();
-
-__DATA__
-=== TEST 1:revoked.new should create new revoked instance
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local revoked = myassert(require("resty.openssl.x509.revoked"))
-            local time = ngx.time()
-            local r, err = myassert(revoked.new(1234, time, 1))
-            if not revoked.istype(r) then
-                ngx.say("it should be instance of revoked")
-            else
-                ngx.say("ok")
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"ok
-"
---- no_error_log
-[error]
-
-=== TEST 2:revoked.new should fail when invalid parameters are given
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local revoked = myassert(require("resty.openssl.x509.revoked"))
-            local toset = ngx.time()
-            local r, err = revoked.new("1234", toset, 40)
-            ngx.say(r == nil)
-            ngx.say(err)
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"true
-x509.revoked.new: sn should be number or a bn instance
-"
---- no_error_log
-[error]

src/deps/src/lua-resty-openssl/t/openssl/x509/store.t

@@ -1,529 +0,0 @@
-# vim:set ft= ts=4 sw=4 et fdm=marker:
-
-use Test::Nginx::Socket::Lua 'no_plan';
-use Cwd qw(cwd);
-
-
-my $pwd = cwd();
-
-my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-
-our $HttpConfig = qq{
-    lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
-    init_by_lua_block {
-        if "1" == "$use_luacov" then
-            require 'luacov.tick'
-            jit.off()
-        end
-        _G.myassert = require("helper").myassert
-    }
-};
-
-
-run_tests();
-
-__DATA__
-=== TEST 1: Creates store properly
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local store = require("resty.openssl.x509.store")
-            local c = myassert(store.new())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-""
---- no_error_log
-[error]
-
-
-=== TEST 2: Loads a x509 object
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert, key = require("helper").create_self_signed()
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local ok = myassert(s:add(cert))
-        }
-    }
---- request
-    GET /t
---- response_body eval
-""
---- no_error_log
-[error]
-
-=== TEST 3: Loads default location
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-            myassert(s:use_default())
-        }
-    }
---- request
-    GET /t
---- response_body eval
-""
---- no_error_log
-[error]
-
-=== TEST 4: Loads file
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local ok, err = s:load_file("certnonexistent.pem")
-            ngx.say(ok)
-            ngx.say(err)
-            os.execute("echo > cert4-empty.pem")
-            local ok, err = s:load_file("cert4-empty.pem")
-            ngx.say(ok)
-            -- we only get detailed error for "no certificate found" on >= 1.1.1
-            ngx.say(err)
-            os.remove("cert4-empty.pem")
-            local cert, _ = require("helper").create_self_signed()
-            local f = io.open("cert4.pem", "w")
-            f:write(cert:tostring())
-            f:close()
-            local ok = myassert(s:load_file("cert4.pem"))
-            os.remove("cert4.pem")
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"false
-x509.store:load_file.+system lib.*
-false
-x509.store:load_file.+
-"
---- no_error_log
-[error]
-
-
-=== TEST 5: Verifies a x509 object
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local cert1, key1 = require("helper").create_self_signed()
-            local cert2, key2 = require("helper").create_self_signed()
-            local cert3, key3 = require("helper").create_self_signed()
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local ok = myassert(s:add(cert1))
-
-            local ok = myassert(s:add(cert2))
-
-            local chain = myassert(s:verify(cert1, nil, true))
-
-            ngx.say(#chain)
-            local chain, err = s:verify(cert3, nil, true)
-            ngx.say(err)
-            ngx.say(chain == nil)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"1
-(?:self signed|self-signed) certificate
-true
-"
---- no_error_log
-[error]
-
-
-=== TEST 6: Using default CAs (skip due to hard to setup on custom-built openssl env)
---- SKIP
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local ok = myassert(s:use_default())
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local chain = myassert(s:verify(c, nil, true))
-
-            ngx.say(#chain)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"1
-"
---- no_error_log
-[error]
-
-=== TEST 7: Loads directory
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local ok = myassert(s:load_directory("/etc/ssl/certs"))
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(require("resty.openssl.x509").new(f))
-
-            local chain = myassert(s:verify(c, nil, true))
-            ngx.say(#chain)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"1
-"
---- no_error_log
-[error]
-
-=== TEST 8: Verifies sub cert
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local helper = require("helper")
-            local x509 = require("resty.openssl.x509")
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(x509.new(f))
-            ngx.say(helper.to_hex(c:digest()))
-
-            local chain = myassert(s:add(c))
-
-            local f = io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")
-            local c = myassert(x509.new(f))
-            ngx.say(helper.to_hex(c:digest()))
-
-            local chain = myassert(s:verify(c, nil, true))
-
-            for _, c in ipairs(chain) do
-                ngx.say(helper.to_hex(c:digest()))
-            end
-        }
-    }
---- request
-    GET /t
---- response_body eval
-"B1BC968BD4F49D622AA89A81F2150152A41D829C
-C187B85714202A2941E8EAFB846C39EB1F9C609A
-C187B85714202A2941E8EAFB846C39EB1F9C609A
-B1BC968BD4F49D622AA89A81F2150152A41D829C
-"
---- no_error_log
-[error]
-
-=== TEST 9: Set purpose
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local helper = require("helper")
-            local x509 = require("resty.openssl.x509")
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(x509.new(f))
-
-            local chain = myassert(s:add(c))
-
-            local f = io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")
-            local c = myassert(x509.new(f))
-
-            myassert(s:set_purpose("sslclient"))
-
-            local ok, err = s:verify(c, nil, false)
-            ngx.say(ok, err)
-
-            myassert(s:set_purpose("crlsign"))
-
-            local ok, err = s:verify(c, nil, false)
-            ngx.say(ok, err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nil(?:unsupported|unsuitable) certificate purpose
-truenil
-"
---- no_error_log
-[error]
-
-=== TEST 10: Set depth
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local helper = require "t.openssl.helper"
-            local store = require("resty.openssl.x509.store")
-            local chain = require("resty.openssl.x509.chain")
-
-            local certs, keys = helper.create_cert_chain(5, { type = 'EC', curve = "prime256v1" })
-            local s = myassert(store.new())
-            myassert(s:add(certs[1]))
-            local ch = chain.new()
-            for i=2, #certs-1 do
-                myassert(ch:add(certs[i]))
-            end
-            -- should be ok
-            ngx.say(s:verify(certs[#certs], ch))
-
-            -- in openssl < 1.1.0, depth are counted 1 more than later versions
-            -- we set it to be one less than enough to be prune to that case
-            myassert(s:set_depth(1))
-            -- openssl 1.0.2 will emit "unable to get local issuer certificate"
-            -- instead of "certificate chain too long"
-            ngx.say(s:verify(certs[#certs], ch))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"truenil
-nil(?:certificate chain too long|unable to get local issuer certificate)
-"
---- no_error_log
-[error]
-
-=== TEST 11: Verify with verify_method
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local helper = require("helper")
-            local x509 = require("resty.openssl.x509")
-            local store = require("resty.openssl.x509.store")
-            local s = myassert(store.new())
-
-            local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
-            local c = myassert(x509.new(f))
-
-            local chain = myassert(s:add(c))
-
-            local f = io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")
-            local c = myassert(x509.new(f))
-
-            local ok, err = s:verify(c, nil, false, nil, "ssl_client")
-            ngx.say(ok, err)
-
-            local ok, err = s:verify(c, nil, false, nil, "default")
-            ngx.say(ok, err)
-
-            myassert(s:set_purpose("sslclient"))
-            local ok, err = s:verify(c, nil, false, nil, "default")
-            ngx.say(ok, err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nil(?:unsupported|unsuitable) certificate purpose
-truenil
-nil(?:unsupported|unsuitable) certificate purpose
-"
---- no_error_log
-[error]
-
-=== TEST 12: Set flags
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local helper = require "t.openssl.helper"
-            local store = require("resty.openssl.x509.store")
-            local chain = require("resty.openssl.x509.chain")
-
-            local certs, keys = helper.create_cert_chain(5, { type = 'EC', curve = "prime256v1" })
-            local s = myassert(store.new())
-            myassert(s:add(certs[2]))
-            local ch = chain.new()
-            for i=3, #certs-1 do
-                myassert(ch:add(certs[i]))
-            end
-            -- should not be ok, need root CA
-            ngx.say(s:verify(certs[#certs], ch))
-
-            myassert(s:set_flags(s.verify_flags.X509_V_FLAG_PARTIAL_CHAIN))
-            ngx.say(s:verify(certs[#certs], ch))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nilunable to get issuer certificate
-truenil
-"
---- no_error_log
-[error]
-
-=== TEST 13: Set verify time flags
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local helper = require "t.openssl.helper"
-            local store = require("resty.openssl.x509.store")
-            local chain = require("resty.openssl.x509.chain")
-
-            local certs, keys = helper.create_cert_chain(5, { type = 'EC', curve = "prime256v1" })
-            local s = myassert(store.new())
-            myassert(s:add(certs[2]))
-            local ch = chain.new()
-            for i=3, #certs-1 do
-                myassert(ch:add(certs[i]))
-            end
-            -- should not be ok, need root CA
-            ngx.say(s:verify(certs[#certs], ch))
-
-            ngx.say(s:verify(certs[#certs], ch, false, nil, nil, s.verify_flags.X509_V_FLAG_PARTIAL_CHAIN))
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nilunable to get issuer certificate
-truenil
-"
---- no_error_log
-[error]
-
-=== TEST 14: Check revocation
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local x509 = require("resty.openssl.x509")
-            local crl = require("resty.openssl.x509.crl")
-            local store = require("resty.openssl.x509.store")
-
-            local s1 = myassert(store.new())
-
-            local f = io.open("t/fixtures/crl/rootca.cert.pem"):read("*a")
-            local rootca = myassert(x509.new(f))
-            local f = io.open("t/fixtures/crl/subca.cert.pem"):read("*a")
-            local subca = myassert(x509.new(f))
-
-            local f = io.open("t/fixtures/crl/valid.cert.pem"):read("*a")
-            local valid_cert = myassert(x509.new(f))
-            local f = io.open("t/fixtures/crl/revoked.cert.pem"):read("*a")
-            local revoked_cert = myassert(x509.new(f))
-
-            local f = io.open("t/fixtures/crl/crl.pem"):read("*a")
-            local c = myassert(crl.new(f))
-
-            myassert(s1:add(rootca))
-            myassert(s1:add(subca))
-
-            -- add crl to store, but skip setting the flag
-            myassert(s1:add(c, true))
-
-            -- to get the verified_chain first
-            local chain1 = myassert(s1:verify(valid_cert, nil, true))
-            local chain2 = myassert(s1:verify(revoked_cert, nil, true))
-
-            -- no verified_chain
-            local ok, err = s1:check_revocation()
-            ngx.say(ok, err)
-
-            -- should succeed
-            local ok, err = s1:check_revocation(chain1)
-            ngx.say(ok, err)
-
-            -- revoked
-            local ok, err = s1:check_revocation(chain2)
-            ngx.say(ok, err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nil(?:x509\.store:check_revocation: expect a x509\.chain instance at #1|x509\.store:check_revocation: this API is not supported in BoringSSL)
-(?:truenil|nilx509\.store:check_revocation: this API is not supported in BoringSSL)
-nil(?:certificate revoked|x509\.store:check_revocation: this API is not supported in BoringSSL)
-"
---- no_error_log
-[error]
---- skip_openssl
-3: < 1.1.0
-
-=== TEST 15: Check revocation only supported from OpenSSL 1.1.0
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local x509 = require("resty.openssl.x509")
-            local crl = require("resty.openssl.x509.crl")
-            local store = require("resty.openssl.x509.store")
-
-            local s1 = myassert(store.new())
-
-            local f = io.open("t/fixtures/crl/rootca.cert.pem"):read("*a")
-            local rootca = myassert(x509.new(f))
-            local f = io.open("t/fixtures/crl/subca.cert.pem"):read("*a")
-            local subca = myassert(x509.new(f))
-
-            local f = io.open("t/fixtures/crl/valid.cert.pem"):read("*a")
-            local valid_cert = myassert(x509.new(f))
-            local f = io.open("t/fixtures/crl/revoked.cert.pem"):read("*a")
-            local revoked_cert = myassert(x509.new(f))
-
-            local f = io.open("t/fixtures/crl/crl.pem"):read("*a")
-            local c = myassert(crl.new(f))
-
-            myassert(s1:add(rootca))
-            myassert(s1:add(subca))
-
-            -- add crl to store, but skip setting the flag
-            myassert(s1:add(c, true))
-
-            -- to get the verified_chain first
-            local chain1 = myassert(s1:verify(valid_cert, nil, true))
-            local chain2 = myassert(s1:verify(revoked_cert, nil, true))
-
-            local ok, err = s1:check_revocation()
-            ngx.say(ok, err)
-
-            local ok, err = s1:check_revocation(chain1)
-            ngx.say(ok, err)
-
-            local ok, err = s1:check_revocation(chain2)
-            ngx.say(ok, err)
-        }
-    }
---- request
-    GET /t
---- response_body_like eval
-"nil(?:x509\.store:check_revocation: this API is supported from OpenSSL 1\.1\.0|x509\.store:check_revocation: this API is not supported in BoringSSL)
-nil(?:x509\.store:check_revocation: this API is supported from OpenSSL 1\.1\.0|x509\.store:check_revocation: this API is not supported in BoringSSL)
-nil(?:x509\.store:check_revocation: this API is supported from OpenSSL 1\.1\.0|x509\.store:check_revocation: this API is not supported in BoringSSL)
-"
---- no_error_log
-[error]
---- skip_openssl
-3: >= 1.1.0