From: Filippo Valsorda Date: Thu, 29 Nov 2018 06:38:07 +0000 (-0500) Subject: crypto/tls: fix client certificates support for legacy servers X-Git-Tag: go1.12beta1~208 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=d8ce141dde36c7781a5c43356feb403550cc47ec;p=gostls13.git crypto/tls: fix client certificates support for legacy servers signatureSchemesForCertificate was written to be used with TLS 1.3, but ended up used for TLS 1.2 client certificates in a refactor. Since it only supported TLS 1.3 signature algorithms, it would lead to no RSA client certificates being sent to servers that didn't support RSA-PSS. TestHandshakeClientCertRSAPKCS1v15 was testing *specifically* for this, but alas the OpenSSL flag -verify accepts an empty certificates list as valid, as opposed to -Verify... Fixes #28925 Change-Id: I61afc02ca501d3d64ab4ad77bbb4cf10931e6f93 Reviewed-on: https://go-review.googlesource.com/c/151660 Run-TryBot: Filippo Valsorda TryBot-Result: Gobot Gobot Reviewed-by: Adam Langley --- diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go index 859387ee14..b277e74b53 100644 --- a/src/crypto/tls/auth.go +++ b/src/crypto/tls/auth.go @@ -134,8 +134,10 @@ func writeSignedMessage(sigHash io.Writer, context string, transcript hash.Hash) } // signatureSchemesForCertificate returns the list of supported SignatureSchemes -// for a given certificate, based on the public key. -func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme { +// for a given certificate, based on the public key and the protocol version. It +// does not support the crypto.Decrypter interface, so shouldn't be used on the +// server side in TLS 1.2 and earlier. +func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme { priv, ok := cert.PrivateKey.(crypto.Signer) if !ok { return nil @@ -143,6 +145,16 @@ func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme { switch priv := priv.Public().(type) { case *ecdsa.PublicKey: + if version != VersionTLS13 { + // In TLS 1.2 and earlier, ECDSA algorithms are not + // constrained to a single curve. + return []SignatureScheme{ + ECDSAWithP256AndSHA256, + ECDSAWithP384AndSHA384, + ECDSAWithP521AndSHA512, + ECDSAWithSHA1, + } + } switch priv.Curve { case elliptic.P256(): return []SignatureScheme{ECDSAWithP256AndSHA256} @@ -154,6 +166,17 @@ func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme { return nil } case *rsa.PublicKey: + if version != VersionTLS13 { + return []SignatureScheme{ + PSSWithSHA256, + PSSWithSHA384, + PSSWithSHA512, + PKCS1WithSHA256, + PKCS1WithSHA384, + PKCS1WithSHA512, + PKCS1WithSHA1, + } + } // RSA keys with RSA-PSS OID are not supported by crypto/x509. return []SignatureScheme{ PSSWithSHA256, diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index 3ba3aac86b..b5e4ab734c 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -291,7 +291,7 @@ type ClientSessionCache interface { type SignatureScheme uint16 const ( - PKCS1WithSHA1 SignatureScheme = 0x0201 + // RSASSA-PKCS1-v1_5 algorithms. PKCS1WithSHA256 SignatureScheme = 0x0401 PKCS1WithSHA384 SignatureScheme = 0x0501 PKCS1WithSHA512 SignatureScheme = 0x0601 @@ -301,11 +301,13 @@ const ( PSSWithSHA384 SignatureScheme = 0x0805 PSSWithSHA512 SignatureScheme = 0x0806 + // ECDSA algorithms. Only constrained to a specific curve in TLS 1.3. ECDSAWithP256AndSHA256 SignatureScheme = 0x0403 ECDSAWithP384AndSHA384 SignatureScheme = 0x0503 ECDSAWithP521AndSHA512 SignatureScheme = 0x0603 // Legacy signature and hash algorithms for TLS 1.2. + PKCS1WithSHA1 SignatureScheme = 0x0201 ECDSAWithSHA1 SignatureScheme = 0x0203 ) @@ -917,11 +919,10 @@ var writerMutex sync.Mutex // A Certificate is a chain of one or more certificates, leaf first. type Certificate struct { Certificate [][]byte - // PrivateKey contains the private key corresponding to the public key - // in Leaf. For a server, this must implement crypto.Signer and/or - // crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client - // (performing client authentication), this must be a crypto.Signer - // with an RSA or ECDSA PublicKey. + // PrivateKey contains the private key corresponding to the public key in + // Leaf. This must implement crypto.Signer with an RSA or ECDSA PublicKey. + // For a server up to TLS 1.2, it can also implement crypto.Decrypter with + // an RSA PublicKey. PrivateKey crypto.PrivateKey // OCSPStaple contains an optional OCSP response which will be served // to clients that request it. diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index d556e651a6..ca74989f6e 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -934,7 +934,7 @@ func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate, // Issuer is in AcceptableCAs. for i, chain := range c.config.Certificates { sigOK := false - for _, alg := range signatureSchemesForCertificate(&chain) { + for _, alg := range signatureSchemesForCertificate(c.vers, &chain) { if isSupportedSignatureAlgorithm(alg, cri.SignatureSchemes) { sigOK = true break diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go index 2703cc72f9..ececd7b04d 100644 --- a/src/crypto/tls/handshake_client_test.go +++ b/src/crypto/tls/handshake_client_test.go @@ -124,9 +124,8 @@ func (o *opensslOutputSink) Write(data []byte) (n int, err error) { return len(data), nil } -func (o *opensslOutputSink) WriteTo(w io.Writer) (int64, error) { - n, err := w.Write(o.all) - return int64(n), err +func (o *opensslOutputSink) String() string { + return string(o.all) } // clientTest represents a test of the TLS client handshake against a reference @@ -275,9 +274,9 @@ func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, } if err != nil { close(stdin) - out.WriteTo(os.Stdout) cmd.Process.Kill() - return nil, nil, nil, nil, cmd.Wait() + err = fmt.Errorf("error connecting to the OpenSSL server: %v (%v)\n\n%s", err, cmd.Wait(), out) + return nil, nil, nil, nil, err } record := &recordingConn{ @@ -316,11 +315,20 @@ func (test *clientTest) run(t *testing.T, write bool) { t.Fatalf("Failed to start subcommand: %s", err) } clientConn = recordingConn + defer func() { + if t.Failed() { + t.Logf("OpenSSL output:\n\n%s", stdout.all) + } + }() } else { clientConn, serverConn = localPipe(t) } doneChan := make(chan bool) + defer func() { + clientConn.Close() + <-doneChan + }() go func() { defer close(doneChan) @@ -488,11 +496,10 @@ func (test *clientTest) run(t *testing.T, write bool) { childProcess.Process.Kill() childProcess.Wait() if len(recordingConn.flows) < 3 { - os.Stdout.Write(stdout.all) t.Fatalf("Client connection didn't work") } recordingConn.WriteTo(out) - fmt.Printf("Wrote %s\n", path) + t.Logf("Wrote %s\n", path) } } @@ -745,7 +752,7 @@ func TestHandshakeClientCertRSA(t *testing.T) { test := &clientTest{ name: "ClientCert-RSA-RSA", - args: []string{"-cipher", "AES128", "-verify", "1"}, + args: []string{"-cipher", "AES128", "-Verify", "1"}, config: config, } @@ -754,7 +761,7 @@ func TestHandshakeClientCertRSA(t *testing.T) { test = &clientTest{ name: "ClientCert-RSA-ECDSA", - args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"}, + args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"}, config: config, cert: testECDSACertificate, key: testECDSAPrivateKey, @@ -766,7 +773,7 @@ func TestHandshakeClientCertRSA(t *testing.T) { test = &clientTest{ name: "ClientCert-RSA-AES256-GCM-SHA384", - args: []string{"-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-verify", "1"}, + args: []string{"-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-Verify", "1"}, config: config, cert: testRSACertificate, key: testRSAPrivateKey, @@ -782,7 +789,7 @@ func TestHandshakeClientCertECDSA(t *testing.T) { test := &clientTest{ name: "ClientCert-ECDSA-RSA", - args: []string{"-cipher", "AES128", "-verify", "1"}, + args: []string{"-cipher", "AES128", "-Verify", "1"}, config: config, } @@ -792,7 +799,7 @@ func TestHandshakeClientCertECDSA(t *testing.T) { test = &clientTest{ name: "ClientCert-ECDSA-ECDSA", - args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"}, + args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"}, config: config, cert: testECDSACertificate, key: testECDSAPrivateKey, @@ -822,7 +829,7 @@ func TestHandshakeClientCertRSAPSS(t *testing.T) { test := &clientTest{ name: "ClientCert-RSA-RSAPSS", - args: []string{"-cipher", "AES128", "-verify", "1", "-client_sigalgs", + args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", "rsa_pss_rsae_sha256", "-sigalgs", "rsa_pss_rsae_sha256"}, config: config, cert: testRSAPSSCertificate, @@ -840,7 +847,7 @@ func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) { test := &clientTest{ name: "ClientCert-RSA-RSAPKCS1v15", - args: []string{"-cipher", "AES128", "-verify", "1", "-client_sigalgs", + args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", "rsa_pkcs1_sha256", "-sigalgs", "rsa_pkcs1_sha256"}, config: config, } diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go index 1a819cc32f..f8e90f9457 100644 --- a/src/crypto/tls/handshake_client_tls13.go +++ b/src/crypto/tls/handshake_client_tls13.go @@ -548,7 +548,7 @@ func (hs *clientHandshakeStateTLS13) sendClientCertificate() error { return err } - // If the client is sending an empty certificate message, skip the CertificateVerify. + // If we sent an empty certificate message, skip the CertificateVerify. if len(cert.Certificate) == 0 { return nil } @@ -556,7 +556,7 @@ func (hs *clientHandshakeStateTLS13) sendClientCertificate() error { certVerifyMsg := new(certificateVerifyMsg) certVerifyMsg.hasSignatureAlgorithm = true - supportedAlgs := signatureSchemesForCertificate(cert) + supportedAlgs := signatureSchemesForCertificate(c.vers, cert) if supportedAlgs == nil { c.sendAlert(alertInternalError) return fmt.Errorf("tls: unsupported certificate key (%T)", cert.PrivateKey) @@ -569,14 +569,17 @@ func (hs *clientHandshakeStateTLS13) sendClientCertificate() error { break } } + if certVerifyMsg.signatureAlgorithm == 0 { + // getClientCertificate returned a certificate incompatible with the + // CertificateRequestInfo supported signature algorithms. + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: server doesn't support selected certificate") + } sigType := signatureFromSignatureScheme(certVerifyMsg.signatureAlgorithm) sigHash, err := hashFromSignatureScheme(certVerifyMsg.signatureAlgorithm) if sigType == 0 || err != nil { - // getClientCertificate returned a certificate incompatible with the - // CertificateRequestInfo supported signature algorithms. - c.sendAlert(alertInternalError) - return err + return c.sendAlert(alertInternalError) } h := sigHash.New() writeSignedMessage(h, clientSignatureContext, hs.transcript) diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go index 0bd0ae0b2c..a6240f2235 100644 --- a/src/crypto/tls/handshake_server_test.go +++ b/src/crypto/tls/handshake_server_test.go @@ -608,7 +608,6 @@ func (test *serverTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, } tcpConn = connOrError.(net.Conn) case <-time.After(2 * time.Second): - output.WriteTo(os.Stdout) return nil, nil, errors.New("timed out waiting for connection from child process") } @@ -646,6 +645,11 @@ func (test *serverTest) run(t *testing.T, write bool) { t.Fatalf("Failed to start subcommand: %s", err) } serverConn = recordingConn + defer func() { + if t.Failed() { + t.Logf("OpenSSL output:\n\n%s", childProcess.Stdout) + } + }() } else { clientConn, serverConn = localPipe(t) } @@ -725,13 +729,12 @@ func (test *serverTest) run(t *testing.T, write bool) { defer out.Close() recordingConn.Close() if len(recordingConn.flows) < 3 { - childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout) if len(test.expectHandshakeErrorIncluding) == 0 { t.Fatalf("Handshake failed") } } recordingConn.WriteTo(out) - fmt.Printf("Wrote %s\n", path) + t.Logf("Wrote %s\n", path) childProcess.Wait() } } diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go index becb4be3b0..6f20d61aa4 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -369,7 +369,7 @@ func (hs *serverHandshakeStateTLS13) pickCertificate() error { c.sendAlert(alertInternalError) return err } - supportedAlgs := signatureSchemesForCertificate(certificate) + supportedAlgs := signatureSchemesForCertificate(c.vers, certificate) if supportedAlgs == nil { c.sendAlert(alertInternalError) return fmt.Errorf("tls: unsupported certificate key (%T)", certificate.PrivateKey) @@ -383,6 +383,8 @@ func (hs *serverHandshakeStateTLS13) pickCertificate() error { } } if hs.sigAlg == 0 { + // getCertificate returned a certificate incompatible with the + // ClientHello supported signature algorithms. c.sendAlert(alertHandshakeFailure) return errors.New("tls: client doesn't support selected certificate") } @@ -623,10 +625,7 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error { sigType := signatureFromSignatureScheme(hs.sigAlg) sigHash, err := hashFromSignatureScheme(hs.sigAlg) if sigType == 0 || err != nil { - // getCertificate returned a certificate incompatible with the - // ClientHello supported signature algorithms. - c.sendAlert(alertInternalError) - return err + return c.sendAlert(alertInternalError) } h := sigHash.New() writeSignedMessage(h, serverSignatureContext, hs.transcript) diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA index ebfe99c2cf..14ed93ca09 100644 --- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA +++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA @@ -16,11 +16,11 @@ 000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..| 000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 24 74 3f be 60 |....Y...U..$t?.`| -00000010 1a db 62 d6 00 1d f6 32 81 97 cf 92 4a 24 e1 3a |..b....2....J$.:| -00000020 1b 9d 3c 3e e7 c3 fc ea 1c 44 a1 20 39 e7 5e 49 |..<>.....D. 9.^I| -00000030 7e 82 32 fa 18 2e e0 99 ad 9a 47 cd d1 13 b3 82 |~.2.......G.....| -00000040 c3 08 7f 50 8e fc 22 2b ca 0b 36 58 c0 09 00 00 |...P.."+..6X....| +00000000 16 03 01 00 59 02 00 00 55 03 01 04 4a 64 8e 4f |....Y...U...Jd.O| +00000010 f1 4e 06 19 e2 cb b8 92 93 7b f5 ec 1b 0e 30 8e |.N.......{....0.| +00000020 1f 89 6c a1 28 e7 87 7f 9e 9e 19 20 cf aa b7 1f |..l.(...... ....| +00000030 77 43 26 3e 15 5e 67 68 0d a6 a3 b1 25 e5 63 27 |wC&>.^gh....%.c'| +00000040 00 f9 59 23 e0 a3 1c d7 49 e9 dc b3 c0 09 00 00 |..Y#....I.......| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| 00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| @@ -55,39 +55,79 @@ 00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| 00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| 00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| -00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 f2 e9 |*............ ..| -00000280 14 47 0b c1 59 82 1c 18 99 70 51 34 32 b7 56 10 |.G..Y....pQ42.V.| -00000290 60 10 e4 6d ba 4a 2d 71 34 54 72 ee c3 14 00 8b |`..m.J-q4Tr.....| -000002a0 30 81 88 02 42 01 98 89 43 ea 15 40 bc d1 d0 29 |0...B...C..@...)| -000002b0 55 0d 1f 44 ba ac 9f 3a 20 4e 79 ec fa 51 fb 09 |U..D...: Ny..Q..| -000002c0 91 64 bc c8 0c 7a c0 99 be 98 b4 4c 73 10 1d e6 |.d...z.....Ls...| -000002d0 62 c8 35 cf 31 b3 f8 0a 5a 2f ca ea 9b df a0 6b |b.5.1...Z/.....k| -000002e0 c0 2c eb cd 0d 06 f1 02 42 01 f7 9a 9e d5 e9 78 |.,......B......x| -000002f0 1a c3 7f 5f da d3 7d 6f d9 ff 3d 15 46 1e 2f e2 |..._..}o..=.F./.| -00000300 11 fd c7 91 fd 08 3f 53 5f 1b 35 1a 6f 01 95 2a |......?S_.5.o..*| -00000310 91 3d 67 7a 72 52 d0 7b 83 00 f4 41 06 29 f3 cb |.=gzrR.{...A.)..| -00000320 29 22 3c 27 84 cf 90 28 bf fe b6 16 03 01 00 0a |)"<'...(........| -00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| -00000340 00 00 00 |...| +00000270 2a 16 03 01 00 b4 0c 00 00 b0 03 00 1d 20 6c 3b |*............ l;| +00000280 3f 6b 18 21 57 c4 df bf 3d ac 92 ee bc 99 0b 2f |?k.!W...=....../| +00000290 d5 b3 f5 ff 5f 6c 6b 33 db a9 7c 02 f8 4c 00 8a |...._lk3..|..L..| +000002a0 30 81 87 02 42 00 8e 15 e5 bb dc f5 3d c6 10 d7 |0...B.......=...| +000002b0 67 54 3d 80 b5 6a 4d 69 f1 2c fe 99 bc 32 e1 ab |gT=..jMi.,...2..| +000002c0 42 c0 7d f2 5d e0 d6 22 95 58 25 5e 63 ba f0 9c |B.}.]..".X%^c...| +000002d0 9f 29 91 c9 a9 42 99 ab b0 4f ed a9 42 8e 1f 3a |.)...B...O..B..:| +000002e0 44 34 48 d9 5a dd 9b 02 41 44 21 e1 54 b5 a3 e7 |D4H.Z...AD!.T...| +000002f0 0a 57 45 52 ae 9d b5 fe 45 8a 3f 8b e7 50 e8 01 |.WER....E.?..P..| +00000300 8c 26 27 85 f4 ef 80 30 7e d6 d8 27 4f d5 5e 9d |.&'....0~..'O.^.| +00000310 7b 65 1a c6 5a ab 57 17 3f 6e 5c 66 aa cd 46 bc |{e..Z.W.?n\f..F.| +00000320 5d 32 db a5 48 f8 f8 35 11 8b 16 03 01 00 0a 0d |]2..H..5........| +00000330 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e 00 |......@.........| +00000340 00 00 |..| >>> Flow 3 (client to server) -00000000 16 03 01 00 07 0b 00 00 03 00 00 00 16 03 01 00 |................| -00000010 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 43 15 28 |%...! /.}.G.bC.(| -00000020 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........| -00000030 99 5f 58 cb 3b 74 14 03 01 00 01 01 16 03 01 00 |._X.;t..........| -00000040 30 50 c4 b8 10 a3 18 68 5a 9e f4 9b 18 0a dc 5c |0P.....hZ......\| -00000050 c7 a6 de 40 d9 1a 9d 6a 7e 11 92 62 61 bc 16 8c |...@...j~..ba...| -00000060 6f 62 9c f9 96 e9 6b d7 35 a1 2b bb 4c cf b7 17 |ob....k.5.+.L...| -00000070 e4 |.| +00000000 16 03 01 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....| +00000230 86 0f 00 00 82 00 80 9a 02 82 fb dd 68 e7 91 9f |............h...| +00000240 83 12 57 35 23 7c de 88 97 07 a3 b2 67 77 0f c1 |..W5#|......gw..| +00000250 bd 33 36 b3 ce fb f7 96 26 91 ab dc 96 26 64 fa |.36.....&....&d.| +00000260 34 66 31 2b fa 6d 52 60 3e fb a3 87 27 a7 7c ac |4f1+.mR`>...'.|.| +00000270 8c 87 ff c5 5e 6f 6f e1 db bf bc 58 3d b3 f6 89 |....^oo....X=...| +00000280 a0 8e 0b 9d 26 74 68 57 ca e9 c2 ab 79 7b 6a dd |....&thW....y{j.| +00000290 c7 89 ef 0d 62 aa 47 7b 67 18 f2 ad 00 98 56 45 |....b.G{g.....VE| +000002a0 12 ca de 6a d1 1a b5 a9 d2 53 ba 3b 90 a6 cf 69 |...j.....S.;...i| +000002b0 12 65 32 c2 95 46 01 14 03 01 00 01 01 16 03 01 |.e2..F..........| +000002c0 00 30 f7 2d b9 19 66 b2 2c 1b 96 08 bc 70 5b f5 |.0.-..f.,....p[.| +000002d0 6d 58 9e 51 fb b5 3c a6 4f 4a fc 52 1f 10 20 c4 |mX.Q..<.OJ.R.. .| +000002e0 3f d6 3c 0e 99 e3 1c b5 21 7f 0d fa 08 ec 17 27 |?.<.....!......'| +000002f0 75 9f |u.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 61 7e fa 1d 0b |..........0a~...| -00000010 62 c3 05 92 7c 80 f4 d2 b5 66 04 d7 f5 70 4c e8 |b...|....f...pL.| -00000020 8c 6b 26 cf 82 1d 9e cd b7 f0 d3 fa 64 12 13 90 |.k&.........d...| -00000030 6f 9d e9 cf 14 9f fc 6a fb a5 e7 |o......j...| +00000000 14 03 01 00 01 01 16 03 01 00 30 db ac b4 71 dc |..........0...q.| +00000010 92 06 9c fe 87 11 69 eb a6 4e e9 50 29 6d 06 37 |......i..N.P)m.7| +00000020 02 73 b8 6d 7e ca 89 02 cf fa ad 0c 7c d0 90 cb |.s.m~.......|...| +00000030 af e5 50 68 fc 76 c5 09 a1 a1 d3 |..Ph.v.....| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 7d 85 95 00 0d e4 b4 e5 51 d8 62 |.... }.......Q.b| -00000010 6f 4c 4b 40 70 d0 38 d4 26 1d 66 68 48 e7 2c fb |oLK@p.8.&.fhH.,.| -00000020 5d c4 73 ec 56 17 03 01 00 20 b7 2a 4d 8f fd 23 |].s.V.... .*M..#| -00000030 ad 22 16 61 5f 87 56 4a 61 75 4d bc 8c e7 47 1d |.".a_.VJauM...G.| -00000040 a8 6c 7f 20 48 be ea 5d 14 65 15 03 01 00 20 da |.l. H..].e.... .| -00000050 4d e2 92 83 ea 81 8a c8 d1 50 8b 81 c5 d8 8c 72 |M........P.....r| -00000060 b1 27 00 5c 0f 35 69 1d 88 78 fa 1d ba 8a 5b |.'.\.5i..x....[| +00000000 17 03 01 00 20 cd b3 a4 99 da 5d 59 36 6f f8 26 |.... .....]Y6o.&| +00000010 2d b2 4a 47 a1 54 7f b0 b3 df 0d 52 cc 13 7a 8b |-.JG.T.....R..z.| +00000020 a3 6a 8b 1f ee 17 03 01 00 20 d6 ab 8a 3e b3 41 |.j....... ...>.A| +00000030 0a be 61 50 79 19 1a 45 03 c6 b9 b4 84 b2 18 46 |..aPy..E.......F| +00000040 86 1f c3 b7 78 77 fc 7f 4f 30 15 03 01 00 20 2d |....xw..O0.... -| +00000050 c0 f2 71 06 dc 19 9d 88 82 b9 3a 6b be a4 77 98 |..q.......:k..w.| +00000060 87 32 46 54 27 e4 17 47 8a 83 9c 5a 45 6e 6b |.2FT'..G...ZEnk| diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA index 1029adfff8..c5b33c01fe 100644 --- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA +++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA @@ -16,11 +16,11 @@ 000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..| 000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t| >>> Flow 2 (server to client) -00000000 16 03 01 00 59 02 00 00 55 03 01 8b f2 24 20 ca |....Y...U....$ .| -00000010 0c dc 78 2d 89 f0 26 c9 f9 4d ed a7 f6 dc 52 53 |..x-..&..M....RS| -00000020 3d fd 7e bb 2a 9a 8e e3 af ed 75 20 7a 55 cc 63 |=.~.*.....u zU.c| -00000030 00 7b b0 1a 6a 29 3a 1d 69 b7 ef 29 7f 54 8f b4 |.{..j):.i..).T..| -00000040 2c 61 6b 7a 4a da 8e 73 02 04 ed be c0 13 00 00 |,akzJ..s........| +00000000 16 03 01 00 59 02 00 00 55 03 01 6b 8a f7 68 78 |....Y...U..k..hx| +00000010 f1 ea ad 9b 20 40 42 52 eb fa 55 fb 37 a7 21 22 |.... @BR..U.7.!"| +00000020 71 0d f7 4d 46 bf 38 df 6e 00 e0 20 17 73 28 32 |q..MF.8.n.. .s(2| +00000030 30 3f f4 01 df 70 98 ce 33 d0 c3 8c 0a fd 0a ba |0?...p..3.......| +00000040 6b 56 d7 f9 16 a2 24 0d 07 b1 32 47 c0 13 00 00 |kV....$...2G....| 00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| 00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| 00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| @@ -60,38 +60,78 @@ 00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| 000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| -000002c0 aa 0c 00 00 a6 03 00 1d 20 45 66 28 0d 9f 51 f3 |........ Ef(..Q.| -000002d0 a6 00 d5 86 ac c6 aa 32 2e 16 e6 ca ed d2 5b 73 |.......2......[s| -000002e0 c0 25 e9 e3 6f 30 20 0d 19 00 80 69 90 55 6d 9a |.%..o0 ....i.Um.| -000002f0 3f 74 8e c5 1b bd 78 c2 d0 b5 a2 45 27 42 15 c6 |?t....x....E'B..| -00000300 05 bc 84 f8 79 65 ee b2 e7 74 db 6a 4d d2 c4 72 |....ye...t.jM..r| -00000310 ee 6a c3 97 74 e5 51 d6 dc 6a 19 b8 19 f2 a1 0d |.j..t.Q..j......| -00000320 a6 78 59 a4 47 d5 46 8c f8 f8 cd dc 86 01 a5 24 |.xY.G.F........$| -00000330 2a cc ab d6 9d f4 58 15 52 1b 50 80 76 be 05 bc |*.....X.R.P.v...| -00000340 12 b9 a2 e3 c7 65 c6 af f0 ff a8 73 6c 29 4a aa |.....e.....sl)J.| -00000350 d6 ca ed e4 bb 50 73 82 a9 ea a8 db 4a 85 8e bf |.....Ps.....J...| -00000360 0e 51 04 9f 26 c1 18 52 58 0c 69 16 03 01 00 0a |.Q..&..RX.i.....| +000002c0 aa 0c 00 00 a6 03 00 1d 20 b1 de e2 91 3f 1f be |........ ....?..| +000002d0 0e 21 49 44 db d1 d3 a7 89 db 61 56 97 bf 4c 73 |.!ID......aV..Ls| +000002e0 7b d3 da 81 a5 cc 0a e3 13 00 80 66 fd 15 8d 8a |{..........f....| +000002f0 a2 f9 8d b9 d9 cb a5 6b 45 7c 11 05 24 6d de e5 |.......kE|..$m..| +00000300 8f 3e 42 ba 3e bd 5a b8 f7 51 c0 b9 55 06 db d7 |.>B.>.Z..Q..U...| +00000310 2d 78 d2 5d 47 2d 52 c9 7b 59 20 73 1a 1d 26 c4 |-x.]G-R.{Y s..&.| +00000320 84 3d 5b 57 5f 1a fd 52 8c 40 87 be 58 58 73 d2 |.=[W_..R.@..XXs.| +00000330 4b 84 9a 6c 96 c0 36 82 95 13 f9 12 74 c3 3b dd |K..l..6.....t.;.| +00000340 27 11 c3 66 fa de 28 b4 c0 d9 6e 65 e0 8a 5e b6 |'..f..(...ne..^.| +00000350 3a a8 52 db 62 89 2b 1d d0 be fb b7 6e 03 bd f7 |:.R.b.+.....n...| +00000360 e3 a5 df c2 b3 5a 16 09 d8 1e df 16 03 01 00 0a |.....Z..........| 00000370 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| 00000380 00 00 00 |...| >>> Flow 3 (client to server) -00000000 16 03 01 00 07 0b 00 00 03 00 00 00 16 03 01 00 |................| -00000010 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 43 15 28 |%...! /.}.G.bC.(| -00000020 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........| -00000030 99 5f 58 cb 3b 74 14 03 01 00 01 01 16 03 01 00 |._X.;t..........| -00000040 30 70 37 c6 ea aa d1 67 0e ab 47 3a 9a 1a 8b fa |0p7....g..G:....| -00000050 53 27 c5 7a 01 2d ce 28 06 2e e0 c8 3b 1e 1f 93 |S'.z.-.(....;...| -00000060 19 a9 c4 cb fb 3d e8 62 21 28 3b 08 62 df 33 e5 |.....=.b!(;.b.3.| -00000070 5e |^| +00000000 16 03 01 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....| +00000230 86 0f 00 00 82 00 80 9c f0 ab 90 83 2a 47 ba 5c |............*G.\| +00000240 37 a4 19 b8 62 b1 01 74 35 4d 1a 62 5e 3f 0b 54 |7...b..t5M.b^?.T| +00000250 5a 6f b7 b5 99 4b b4 84 68 90 46 2b 95 e6 10 77 |Zo...K..h.F+...w| +00000260 bf 68 81 b1 96 11 5c e9 93 a4 d5 78 42 c0 c4 92 |.h....\....xB...| +00000270 cf 4e ce 25 e7 da 7d d9 2c 4d ab 71 2d b5 a7 1c |.N.%..}.,M.q-...| +00000280 5f b5 a3 32 f6 3e 38 79 17 36 45 94 8a e3 f8 1e |_..2.>8y.6E.....| +00000290 9e 95 23 48 0f f6 aa 1b 00 d2 45 85 c7 95 b2 d1 |..#H......E.....| +000002a0 c1 81 e8 31 34 45 bd 28 32 26 a8 d1 23 90 cb 40 |...14E.(2&..#..@| +000002b0 1c ed db eb c3 ec b6 14 03 01 00 01 01 16 03 01 |................| +000002c0 00 30 16 97 3e a2 2a 11 d5 3f 29 f6 5b b8 7a d5 |.0..>.*..?).[.z.| +000002d0 83 24 51 f0 0c c3 79 18 9c 58 b6 f4 2f 70 9f c0 |.$Q...y..X../p..| +000002e0 52 be a0 f0 eb d7 0e de 42 36 14 39 84 fc 84 ed |R.......B6.9....| +000002f0 77 0c |w.| >>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 30 5d 50 b8 35 7f |..........0]P.5.| -00000010 cc f0 89 20 ba 27 c1 42 74 b2 a9 42 c7 6f af c4 |... .'.Bt..B.o..| -00000020 4d 53 70 71 0c e0 d6 11 62 64 c9 a7 35 a3 58 40 |MSpq....bd..5.X@| -00000030 cd 3e b9 e3 b7 d9 0b 5a 00 a0 d9 |.>.....Z...| +00000000 14 03 01 00 01 01 16 03 01 00 30 8a 97 aa 38 29 |..........0...8)| +00000010 a4 7a 25 ae d5 5f 66 17 cb 8e de d3 ac 0f b3 9d |.z%.._f.........| +00000020 ba 61 54 31 cb c8 fc 1f 4c f5 76 b0 7e 7e 74 04 |.aT1....L.v.~~t.| +00000030 8a 2e 45 a8 5f c7 43 d7 d5 f4 7d |..E._.C...}| >>> Flow 5 (client to server) -00000000 17 03 01 00 20 8c 7a e5 0e 07 a8 ac fb 0b c9 8c |.... .z.........| -00000010 f7 d4 44 6c 8e fb 87 28 b9 80 8a 58 aa 46 b2 b8 |..Dl...(...X.F..| -00000020 50 e0 58 80 88 17 03 01 00 20 28 81 ca 46 ab 8b |P.X...... (..F..| -00000030 17 05 fa 66 52 a1 6d 12 44 8c 5a 4d bb c7 95 3b |...fR.m.D.ZM...;| -00000040 b3 03 56 a4 5d 84 ea 7a c6 24 15 03 01 00 20 8e |..V.]..z.$.... .| -00000050 1f dd 2c 71 6b ba 22 f8 5e c4 eb c8 02 a9 f1 21 |..,qk.".^......!| -00000060 a8 e7 79 af da 1f 6b dc 69 d0 6c d7 c4 cb 6e |..y...k.i.l...n| +00000000 17 03 01 00 20 22 4d 00 3f 2a 41 f0 53 06 93 fe |.... "M.?*A.S...| +00000010 aa 79 9b 69 bb d5 9b e5 e4 3b 48 ff e5 ce 7d db |.y.i.....;H...}.| +00000020 d8 e8 e6 e1 04 17 03 01 00 20 e8 01 13 cb f1 1f |......... ......| +00000030 17 68 33 6a ad 74 ae a7 c5 d9 00 ea 0b dc bb 9c |.h3j.t..........| +00000040 5c 5f 49 01 1e 53 74 30 58 e6 15 03 01 00 20 bb |\_I..St0X..... .| +00000050 30 7d c2 43 c3 0d b9 b5 3a 70 14 2c 4a 64 c9 fe |0}.C....:p.,Jd..| +00000060 20 25 a7 0a 01 11 3c 62 ca d6 28 80 ed cd 73 | %....>> Flow 2 (server to client) -00000000 16 03 03 00 59 02 00 00 55 03 03 9e c5 76 4f 86 |....Y...U....vO.| -00000010 2f ea 67 f1 bb 97 d9 ae 3c 44 fb ce 23 2d 6a 5e |/.g........B..| 000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| -000002c0 ac 0c 00 00 a8 03 00 1d 20 ed b8 44 39 60 30 90 |........ ..D9`0.| -000002d0 59 2e bd 1c 2d 47 65 3d 9e 0d af c0 c3 c1 cf f6 |Y...-Ge=........| -000002e0 11 6e ca d5 3d ae a4 3a 1c 04 01 00 80 44 29 dd |.n..=..:.....D).| -000002f0 e8 ee 81 ba b0 f4 1b 4f 93 77 49 83 82 37 d7 30 |.......O.wI..7.0| -00000300 95 a4 6c c1 f0 ce 70 9d 26 9b c6 ce 67 9b ea 80 |..l...p.&...g...| -00000310 82 ea c0 a4 af 45 f7 22 a0 7f ed 32 3c 11 2a 68 |.....E."...2<.*h| -00000320 21 25 a5 41 42 bb 45 81 7c f4 a7 2c 67 3a 07 51 |!%.AB.E.|..,g:.Q| -00000330 db 2f ac 2e 61 b1 a3 e9 5e 27 8e 51 a7 78 04 ef |./..a...^'.Q.x..| -00000340 d1 b5 de 6d 83 db a8 e7 1b 5b 13 95 4d 4d 39 24 |...m.....[..MM9$| -00000350 f5 22 a8 2b 46 ca 49 b5 13 15 d2 4b be 9d d8 57 |.".+F.I....K...W| -00000360 3d 3b 84 f8 5c d1 99 f5 09 2d a1 78 e5 16 03 03 |=;..\....-.x....| +000002c0 ac 0c 00 00 a8 03 00 1d 20 41 51 d5 70 34 15 c0 |........ AQ.p4..| +000002d0 76 3e 2b 5c e2 de 36 69 a9 2e bf b8 60 b4 3a 56 |v>+\..6i....`.:V| +000002e0 00 73 c1 85 4a b2 3e a6 54 04 01 00 80 5d 44 f2 |.s..J.>.T....]D.| +000002f0 28 99 f6 4f 45 bc 83 ce f7 98 ab 29 21 05 a6 c3 |(..OE......)!...| +00000300 8c a9 ef c2 82 b5 b3 bd 31 09 ae 11 15 fa 21 02 |........1.....!.| +00000310 43 59 00 fb 53 9d 0f bb b0 ab ca ba ce e8 41 28 |CY..S.........A(| +00000320 0a 7b ff cb d4 eb 81 8a a2 ce a6 32 f8 d7 f2 a0 |.{.........2....| +00000330 3b 0d c8 fc 8d 45 a8 4c 66 ef 48 ce 4a fc d3 7a |;....E.Lf.H.J..z| +00000340 19 1d 7f bd 71 c6 61 4a 93 b9 01 c9 39 32 48 ec |....q.aJ....92H.| +00000350 fd 01 c9 32 6b 9f d1 0e c1 62 bc 78 32 34 af 7e |...2k....b.x24.~| +00000360 58 16 d0 4c c7 44 a6 3a e5 4c 89 d6 f3 16 03 03 |X..L.D.:.L......| 00000370 00 0c 0d 00 00 08 01 01 00 02 04 01 00 00 16 03 |................| 00000380 03 00 04 0e 00 00 00 |.......| >>> Flow 3 (client to server) -00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................| -00000010 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 43 15 28 |%...! /.}.G.bC.(| -00000020 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........| -00000030 99 5f 58 cb 3b 74 14 03 03 00 01 01 16 03 03 00 |._X.;t..........| -00000040 28 00 00 00 00 00 00 00 00 cd ea 9d d6 a1 2c b6 |(.............,.| -00000050 49 43 70 2d 39 73 88 af 83 66 6e 40 45 56 5b 4d |ICp-9s...fn@EV[M| -00000060 97 23 b9 7a 89 bd 43 be f6 |.#.z..C..| +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 04 01 00 80 02 7e 43 b4 4e a2 07 |..........~C.N..| +00000240 a4 97 70 3f 80 91 5c b5 a0 f9 d7 c4 52 c9 ee 8a |..p?..\.....R...| +00000250 af 59 63 58 bb ac 55 47 cc 25 27 ea ca 48 0e fb |.YcX..UG.%'..H..| +00000260 87 e3 3e 5f 55 67 d8 60 8c 47 45 10 36 aa 66 6c |..>_Ug.`.GE.6.fl| +00000270 6b 16 2b 9e e5 da 50 73 dc 30 ef 2c 01 01 87 2e |k.+...Ps.0.,....| +00000280 68 eb 14 35 f5 ef c4 45 ae 8e 95 29 86 96 6e 04 |h..5...E...)..n.| +00000290 03 d6 3c 29 49 55 7c 7d ea 6c 1a a8 bf f9 5a e1 |..<)IU|}.l....Z.| +000002a0 a9 c4 66 5b 8d b5 78 b8 05 ce 44 ca 98 77 a2 7d |..f[..x...D..w.}| +000002b0 74 26 f4 ed 41 a3 97 2b 29 14 03 03 00 01 01 16 |t&..A..+).......| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 ac ec 0d 5a |...(...........Z| +000002d0 c7 81 fe c3 b3 ff 3a 6e d0 f3 f7 8e 17 6a 53 db |......:n.....jS.| +000002e0 58 5f 44 bb ce 59 0a 99 06 21 62 24 |X_D..Y...!b$| >>> Flow 4 (server to client) -00000000 14 03 03 00 01 01 16 03 03 00 28 b2 bd 08 a3 03 |..........(.....| -00000010 eb 4a e1 c2 85 4f 39 7a c6 d3 6d c4 30 27 6a 12 |.J...O9z..m.0'j.| -00000020 6e 73 5f c5 17 9d 52 a8 cb 4e d4 07 3c 8e fc 57 |ns_...R..N..<..W| -00000030 51 ad e4 |Q..| +00000000 14 03 03 00 01 01 16 03 03 00 28 59 19 13 9f ea |..........(Y....| +00000010 68 14 58 ab 09 0c af 4d b4 a1 05 09 47 08 50 cd |h.X....M....G.P.| +00000020 b0 40 a0 3a 3f 89 68 c9 9c ea 8f 69 0a ea e1 75 |.@.:?.h....i...u| +00000030 11 97 ab |...| >>> Flow 5 (client to server) -00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 e8 79 0e |..............y.| -00000010 bc 26 db 44 68 96 8d fd f4 cf c5 e7 bf 58 d1 31 |.&.Dh........X.1| -00000020 a1 d0 60 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..`.............| -00000030 ae 33 9b 97 76 74 79 21 24 d2 11 a8 66 50 a8 97 |.3..vty!$...fP..| -00000040 22 fe |".| +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 38 f1 0f |.............8..| +00000010 d6 4f 5c 0a 60 1a 9f 97 6d 4a 43 e8 c8 a8 18 7e |.O\.`...mJC....~| +00000020 30 6f 67 15 03 03 00 1a 00 00 00 00 00 00 00 02 |0og.............| +00000030 d9 ac f7 69 ca a2 58 78 10 c2 eb 1a 61 da af 28 |...i..Xx....a..(| +00000040 20 02 | .|