krb5 commit: Make test PKINIT certs work with OpenSSL 3.0

Greg Hudson ghudson at mit.edu
Mon Oct 18 11:51:09 EDT 2021


https://github.com/krb5/krb5/commit/ce4e370f1717972fef92ae6d749107ebd11b65bc
commit ce4e370f1717972fef92ae6d749107ebd11b65bc
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Oct 8 17:44:15 2021 -0400

    Make test PKINIT certs work with OpenSSL 3.0
    
    Add shell functions to reduce repetition in make-certs.sh.  Create
    PKCS12 files with the -descert flag so that they can be read by
    OpenSSL 3.0 without enabling the legacy provider.

 src/tests/pkinit-certs/ca.pem          |   32 ++++++------
 src/tests/pkinit-certs/generic.p12     |  Bin 2477 -> 2469 bytes
 src/tests/pkinit-certs/generic.pem     |   38 +++++++-------
 src/tests/pkinit-certs/kdc.pem         |   32 ++++++------
 src/tests/pkinit-certs/make-certs.sh   |   87 +++++++++++++++-----------------
 src/tests/pkinit-certs/privkey-enc.pem |   52 ++++++++++----------
 src/tests/pkinit-certs/privkey.pem     |   50 +++++++++---------
 src/tests/pkinit-certs/user-enc.p12    |  Bin 2837 -> 2829 bytes
 src/tests/pkinit-certs/user-upn.p12    |  Bin 2829 -> 2821 bytes
 src/tests/pkinit-certs/user-upn.pem    |   30 ++++++------
 src/tests/pkinit-certs/user-upn2.p12   |  Bin 2813 -> 2805 bytes
 src/tests/pkinit-certs/user-upn2.pem   |   32 ++++++------
 src/tests/pkinit-certs/user-upn3.p12   |  Bin 2829 -> 2821 bytes
 src/tests/pkinit-certs/user-upn3.pem   |   30 ++++++------
 src/tests/pkinit-certs/user.p12        |  Bin 2837 -> 2829 bytes
 src/tests/pkinit-certs/user.pem        |   30 ++++++------
 16 files changed, 204 insertions(+), 209 deletions(-)

diff --git a/src/tests/pkinit-certs/ca.pem b/src/tests/pkinit-certs/ca.pem
index 2d7ab9d..63d31c1 100644
--- a/src/tests/pkinit-certs/ca.pem
+++ b/src/tests/pkinit-certs/ca.pem
@@ -3,27 +3,27 @@ MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
 A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
 dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
-b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowgacxCzAJ
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowgacxCzAJ
 BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i
 cmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtl
 cmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBk
 byBub3QgdXNlIG90aGVyd2lzZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAL6unmewooH+XR9tvj5VtwD+uUyd+YIBseWjQZfl447qdmNah3tqP6VCBGr4
-N3fYZrrPKL7CRLlsbF8qP52r6UnEjVGwVuYoNo4Eps0DgNS7+XcxviYBe9RCPJH3
-t/2PtY7NrnaW7A/h471N0IGTjwzudeIBixLfFKcn8prwQc+6IQ6Tz3Rg/4XCTFxI
-kjby4VWyKBDWOpea3gPM9dvR7PiVsnCfCJlFB+9m7enD9+PFrie0UM7ezawZ514j
-xo1luZfXsFJDpB6Zi3iAA8gNzVAF2CONMISZDlD4bTFtj58zPQmChaQlYeEise9Y
-gfSjuWOLCx7PZ3l0J3Joba+pcxECAwEAAaOCARgwggEUMB0GA1UdDgQWBBRsTf69
-b/J43+2sVy3nOfj8nmyOFjCB1AYDVR0jBIHMMIHJgBRsTf69b/J43+2sVy3nOfj8
-nmyOFqGBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
+ggEBAM+lV5iaVats0yBFN4FBe6bovloNe3d0F9qMuhKqlECv6cFra75gSGmHJz6t
+GTK8zITU7sni429azTZC9IQnUt/2lW8dWzpZD1T5Vt1DYvYFqVzjhNfzeEDK88ig
+ENfzaX/cY2P76arJr0cewGaauzaux8heYW1CjBxWmk6kWq4aD+5jggchvBeOGEE2
+NkV3MPbXut8fu+3NzuuIG7Z0ilwQv+KUvQ8QQb9VCwdsDh/ERsQ4loC9P4jtuWCJ
+ikIE78GxDcOMoC1ftJtW/mBCS2iCHipXrp2BDDJMyHxZjHpl0VoDR7koWGtD3sos
+EwUkXVvWIuKs432h2dXQ+u8HaBsCAwEAAaOCARgwggEUMB0GA1UdDgQWBBT0F6X7
+1QRftDiSeNSY3bks3nK0IzCB1AYDVR0jBIHMMIHJgBT0F6X71QRftDiSeNSY3bks
+3nK0I6GBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
 dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoGA1UECgwDTUlUMSkwJwYDVQQLDCBJ
 bnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVzdCBDQTEzMDEGA1UEAwwqcGtpbml0
 IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQE
-AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAGdouyTbxO
-bnyMr6hEDnMLRrSqwozfLGnfJIrUxvwtn/9UAlFuCpnfNi1xQkwimW8zXOHlCoAF
-fpeE7zpotmN6xbg2u98J9QOo7vGfoADvVgiZaDMq+Tv52ZG0OtbzTe/LyCXnjanM
-G+Rgjhbmy2HW1orghyDUa5Qy9ISv4d72yOKGVjK8xxItnf9i7tRARVqqJk5p81QD
-WOBc7FUZNj5jYw38YPHqmZtwlr1DhCNeXwVi5GpwPrYwFAaqGuTnspfkpcDA8wEm
-iVvs7Gy69C0zy4Yz2I9ZzsDjmTV8PyZdMaZIhhpBHjQmBm+Pol/q5BubjFeAsPSU
-/YaKjpqk1jNg
+AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBT2FJVPS+U
+0MXa1HUOETuUPrVff7VeIvyAPm9IgX1zNbCvktCc4d7ErNB3P5ng8aZz4MKqwzuX
+HVhUxbF7JKfyUI41lcixPG+k+U9mzBJaozWT+K1OhdUF//mGPxaxe5jyUhDiQArD
+/6vulX0/B+1iuIa1sCfoeelzqQcYHqhZdWn6bBdcDWNARHIXWs5zPeKA975+d5TW
+rofE7T8nNQJvcZoVjCSfcYXhP82D/0sA+wPCt3fgbBZdvJ89xwvIlzBtiwC++Zbe
+37Rt5av0+ykpR7nmh2jyG+ItzE73nYKdBrUI5J6JLSbUcQTw4jeXHwDULUHZ6fXg
+TBEM2v1VW4Df
 -----END CERTIFICATE-----
diff --git a/src/tests/pkinit-certs/generic.p12 b/src/tests/pkinit-certs/generic.p12
index 90de08f..35c2741 100644
Binary files a/src/tests/pkinit-certs/generic.p12 and b/src/tests/pkinit-certs/generic.p12 differ
diff --git a/src/tests/pkinit-certs/generic.pem b/src/tests/pkinit-certs/generic.pem
index c16d0e7..55ebb3d 100644
--- a/src/tests/pkinit-certs/generic.pem
+++ b/src/tests/pkinit-certs/generic.pem
@@ -1,21 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDZjCCAk4CAQcwDQYJKoZIhvcNAQELBQAwgacxCzAJBgNVBAYTAlVTMRYwFAYD
-VQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoM
-A01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0Ex
-MzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVy
-d2lzZTAeFw0xOTAyMTgwMDI1NTZaFw0zMDAxMzEwMDI1NTZaMEoxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNP
-TTENMAsGA1UEAwwEdXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AL6unmewooH+XR9tvj5VtwD+uUyd+YIBseWjQZfl447qdmNah3tqP6VCBGr4N3fY
-ZrrPKL7CRLlsbF8qP52r6UnEjVGwVuYoNo4Eps0DgNS7+XcxviYBe9RCPJH3t/2P
-tY7NrnaW7A/h471N0IGTjwzudeIBixLfFKcn8prwQc+6IQ6Tz3Rg/4XCTFxIkjby
-4VWyKBDWOpea3gPM9dvR7PiVsnCfCJlFB+9m7enD9+PFrie0UM7ezawZ514jxo1l
-uZfXsFJDpB6Zi3iAA8gNzVAF2CONMISZDlD4bTFtj58zPQmChaQlYeEise9YgfSj
-uWOLCx7PZ3l0J3Joba+pcxECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAevA9z6cL
-a+qiNfp4ssOo3ub87vrQZnayulbrU9rcRoVuqFZGbIvH7+dbQwZE34RP/R1N/ZCR
-ElaU6VNqnMYv/1pqzGnk59b7Z00hiOSblfifPt7IM+uHZRUGrgQ37dC7SyHvjSi7
-kZsSCJRc6Fjv6O/qBBp2jui1B9ZBWXQ+FBmX6YMdD/VYiD1ivpacd9YueLrHnzCm
-iIM5V/uBAiUZHLoFhkhtWDMvRBJLNHqP2zWGffg4K7jKsCriAfCcp+VUfXRAZelo
-Hp1C5HFLID0UIXvSStOnhtM1HuQAROJS9eqqz6E4irl2ujxT8vEfbZFHDpD+Cdy1
-MgVZAqL7rPjILA==
+MIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCS
+OTfZununxFDxuThhIFDWEZ9p2qSqTrxKtKx4CDvdckz4kaKybiNZTW7Dlh6IwWta
+60eq98WrMHXYlSaN87r95lU0ug2RFJh4uLdq3a5NM/daIIjO0Bo86oC+8EBM961Q
+mCMe7dn9ngFK92msdqO+wfpAfvhSpBPtAjQovigirheiEoER/ov9t9/3mRi5OTkY
+8YfKT/z6XJrnOUIB3AgCdGyzSRvWLqLrbh7iAFVrm6Pq6D2nNr+mE9r5u7uFl3r8
+QeDgp0Unwd1ISWTHZlrP4bq29w7y2O+/2KV04Og8z+4zoGD4nRinuJBUdNqwAXVz
+dz6pXFWgLRD+9ddI5jB0
 -----END CERTIFICATE-----
diff --git a/src/tests/pkinit-certs/kdc.pem b/src/tests/pkinit-certs/kdc.pem
index 14ac000..e46afc1 100644
--- a/src/tests/pkinit-certs/kdc.pem
+++ b/src/tests/pkinit-certs/kdc.pem
@@ -3,27 +3,27 @@ MIIE4TCCA8mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
 A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
 dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
-b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSTELMAkG
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowSTELMAkG
 A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
 U1QuQ09NMQwwCgYDVQQDDANLREMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC+rp5nsKKB/l0fbb4+VbcA/rlMnfmCAbHlo0GX5eOO6nZjWod7aj+lQgRq
-+Dd32Ga6zyi+wkS5bGxfKj+dq+lJxI1RsFbmKDaOBKbNA4DUu/l3Mb4mAXvUQjyR
-97f9j7WOza52luwP4eO9TdCBk48M7nXiAYsS3xSnJ/Ka8EHPuiEOk890YP+Fwkxc
-SJI28uFVsigQ1jqXmt4DzPXb0ez4lbJwnwiZRQfvZu3pw/fjxa4ntFDO3s2sGede
-I8aNZbmX17BSQ6QemYt4gAPIDc1QBdgjjTCEmQ5Q+G0xbY+fMz0JgoWkJWHhIrHv
-WIH0o7ljiwsez2d5dCdyaG2vqXMRAgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQUbE3+
-vW/yeN/trFct5zn4/J5sjhYwgdQGA1UdIwSBzDCByYAUbE3+vW/yeN/trFct5zn4
-/J5sjhahga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl
+AoIBAQDPpVeYmlWrbNMgRTeBQXum6L5aDXt3dBfajLoSqpRAr+nBa2u+YEhphyc+
+rRkyvMyE1O7J4uNvWs02QvSEJ1Lf9pVvHVs6WQ9U+VbdQ2L2Balc44TX83hAyvPI
+oBDX82l/3GNj++mqya9HHsBmmrs2rsfIXmFtQowcVppOpFquGg/uY4IHIbwXjhhB
+NjZFdzD217rfH7vtzc7riBu2dIpcEL/ilL0PEEG/VQsHbA4fxEbEOJaAvT+I7blg
+iYpCBO/BsQ3DjKAtX7SbVv5gQktogh4qV66dgQwyTMh8WYx6ZdFaA0e5KFhrQ97K
+LBMFJF1b1iLirON9odnV0PrvB2gbAgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQU9Bel
++9UEX7Q4knjUmN25LN5ytCMwgdQGA1UdIwSBzDCByYAU9Bel+9UEX7Q4knjUmN25
+LN5ytCOhga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl
 dHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwg
 SW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5p
 dCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZYIBATALBgNVHQ8E
 BAMCA+gwDAYDVR0TAQH/BAIwADBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgDRsL
 S1JCVEVTVC5DT02hIDAeoAMCAQKhFzAVGwZrcmJ0Z3QbC0tSQlRFU1QuQ09NMBIG
-A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBACoRg0+LnZehgdfM
-xy/zTXj3kH30W++NTErQAOEEOm8KscaWIF/GXNDX9G+C4tvT/LN3vHCd+hnGgvTr
-kkJlyYtLZZgkv7sa1PQW3yozhjOPRzdjiXitV6RsE4ujzwbcr3Zd0twZnf7nDbIt
-HmgjQJF5EMUprgPc1M3xdRVvi5FP/rvoUV03eI5/EmyvJ2046XfTD45pQgJdCWnO
-+KsFpaUIH6u4neWU4UdBxAsgo0/20pDYNM8GgPXY76wRi9yZ1Fgg2gJTS7QMpgyp
-ux0vuwbq3iuo4VFMhNyGmR2NeCF7OGUPSmjD/pCck9Vzk7Q7ainv58PHAyXIhM0E
-C+aVsEk=
+A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBAJZd7v5ZOMs8Y3ht
+Kmtql8rKs0Jee73gVHYw3LXxJfHjIiNGdexxuWJ6Hy9gFnfwSco+15HP3MxMBkau
+TKo3i1+Kwf+lc7gIZ0g/CEnYOx2smHGd9yGudWypunYLjGWfH/2M8/Wu1gZDTxQ1
+pNMQZ2pPLL/C6c6vYpVQJ5cA0RSh/SC5IbOESUpZaFFMYxF5TNz+28/lDr/rN41O
+miklos6cH5EkJyI0WUqJMk04HHjREl/9RTak8mo/eaqjUMTAOyweSwpaYRCddBOo
+y1ix9yH0fSBib1+WQ3MAHZHgbgVnu7V2GnB6qMNqRLHoGa03x+5Q1X0QuKxP6iYo
+9tiGt3k=
 -----END CERTIFICATE-----
diff --git a/src/tests/pkinit-certs/make-certs.sh b/src/tests/pkinit-certs/make-certs.sh
index 8aa71a9..5284f42 100755
--- a/src/tests/pkinit-certs/make-certs.sh
+++ b/src/tests/pkinit-certs/make-certs.sh
@@ -112,6 +112,8 @@ keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
 basicConstraints = critical,CA:FALSE
 subjectAltName = otherName:$KRB5_UPN_SAN;UTF8:user@$REALM
 extendedKeyUsage = $CLIENT_EKU_LIST
+
+[exts_none]
 EOF
 
 # Generate a private key.
@@ -122,56 +124,49 @@ openssl rsa -in privkey.pem -out privkey-enc.pem -des3 -passout pass:encrypted
 SUBJECT=ca openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
     -set_serial 1 -days $DAYS -key privkey.pem -out ca.pem
 
+serial=2
+gen_cert() {
+    SUBJECT=$1 openssl req -config openssl.cnf -new -key privkey.pem -out csr
+    SUBJECT=$1 openssl x509 -extfile openssl.cnf -extensions $2 \
+           -set_serial $serial -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
+           -in csr -out $3
+    serial=$((serial + 1))
+    rm -f csr
+}
+
+gen_pkcs12() {
+    # Use -descert to make OpenSSL 1.1 generate files OpenSSL 3.0 can
+    # read (the default uses RC2, which is only available in the
+    # legacy provider in OpenSSL 3).  This option causes an algorithm
+    # downgrade with OpenSSL 3.0 (AES to DES3), but that isn't
+    # important for test certs.
+    openssl pkcs12 -export -descert -in "$1" -inkey privkey.pem -out "$2" \
+            -passout pass:"$3"
+}
+
 # Generate a KDC certificate.
-SUBJECT=kdc openssl req -config openssl.cnf -new -key privkey.pem -out kdc.csr
-SUBJECT=kdc openssl x509 -extfile openssl.cnf -extensions exts_kdc \
-    -set_serial 2 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
-    -out kdc.pem -in kdc.csr
+gen_cert kdc exts_kdc kdc.pem
 
 # Generate a client certificate and PKCS#12 bundles.
-SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
-    -out user.csr
-SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_client \
-    -set_serial 3 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
-    -out user.pem -in user.csr
-openssl pkcs12 -export -in user.pem -inkey privkey.pem -out user.p12 \
-    -passout pass:
-openssl pkcs12 -export -in user.pem -inkey privkey.pem -out user-enc.p12 \
-    -passout pass:encrypted
-
-# Generate a client certificate and PKCS#12 bundles with a UPN SAN.
-SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
-    -out user-upn.csr
-SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn_client \
-    -set_serial 4 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
-    -out user-upn.pem -in user-upn.csr
-openssl pkcs12 -export -in user-upn.pem -inkey privkey.pem -out user-upn.p12 \
-    -passout pass:
-
-SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
-    -out user-upn2.csr
-SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn2_client \
-    -set_serial 5 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
-    -out user-upn2.pem -in user-upn2.csr
-openssl pkcs12 -export -in user-upn2.pem -inkey privkey.pem \
-     -out user-upn2.p12 -passout pass:
-
-SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
-    -out user-upn3.csr
-SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn3_client \
-    -set_serial 6 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
-    -out user-upn3.pem -in user-upn3.csr
-openssl pkcs12 -export -in user-upn3.pem -inkey privkey.pem \
-     -out user-upn3.p12 -passout pass:
+gen_cert user exts_client user.pem
+gen_pkcs12 user.pem user.p12
+gen_pkcs12 user.pem user-enc.p12 encrypted
+
+# Generate a client certificate and PKCS#12 bundle with a UPN SAN.
+gen_cert user exts_upn_client user-upn.pem
+gen_pkcs12 user-upn.pem user-upn.p12
+
+# Same, but with no realm in the UPN SAN.
+gen_cert user exts_upn2_client user-upn2.pem
+gen_pkcs12 user-upn2.pem user-upn2.p12
+
+# Same, but with an uppercase realm in the UPN SAN.
+gen_cert user exts_upn3_client user-upn3.pem
+gen_pkcs12 user-upn3.pem user-upn3.p12
 
 # Generate a client certificate and PKCS#12 bundle with no PKINIT extensions.
-SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
-    -out generic.csr
-SUBJECT=user openssl x509 -set_serial 7 -days $DAYS -req -CA ca.pem \
-    -CAkey privkey.pem -out generic.pem -in generic.csr
-openssl pkcs12 -export -in generic.pem -inkey privkey.pem -out generic.p12 \
-    -passout pass:
+gen_cert user exts_none generic.pem
+gen_pkcs12 generic.pem generic.p12
 
 # Clean up.
-rm -f openssl.cnf kdc.csr user.csr user-upn.csr user-upn2.csr user-upn3.csr
-rm -f generic.csr
+rm -f openssl.cnf
diff --git a/src/tests/pkinit-certs/privkey-enc.pem b/src/tests/pkinit-certs/privkey-enc.pem
index 81e05d3..29d2f3d 100644
--- a/src/tests/pkinit-certs/privkey-enc.pem
+++ b/src/tests/pkinit-certs/privkey-enc.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,9F0F79BAC91A7D02
+DEK-Info: DES-EDE3-CBC,5FFF1E71BFFB65E3
 
-LiK+0vY3CKK7z7q/0576K/zcR/OzmiDMLdjQEN/en8Wk9fq9LkjbZ7xbnS5eNlZA
-6McUX32M5MvfJE5tVPcijdlenKg3LEVQh91Omb63DT9TJaM2I+zIwKmFS8l1qqbB
-tO5T3qChaHJ+vnmH24Ukn9wMZ/AgV7X0aSeIJ89B+kgYyBkfoh//h64dlWgqcd+L
-4+wo6azx6k9feFV2/WwdmEG+etMS4iw3kw7jdRVG6G1himsXc9AL35TD1CKX/OAj
-InMgrMaWmf7w8rO5LBNUj4i/lBjNjqElBRGZnfCmSpyoERDWv5JEBuSYjZaP6iPq
-XAisHkJmfubN9omah/y5aNsJ8jbMjZDhBxdzA1mGuteKfnkckOgZ1YXvAZGXGxd4
-cGFzVmRwgnktsycVGpAy2P1wnOdTgo+FUkMpRIwPc1EfiPiOscUTNyZKnkNbTBk0
-l51QXXvLaZaL/Q/9mF+QfdiBDXLtxu2ZU+miA7/srJSdSxqp1UQH9kO8t0UFv4tT
-Mc4JilR4W0+IxjTFvBqirpf64MJ6rL2f0ZdJ6k9l7nBnaIeT4G7KXhR3t0YbGqyK
-kOTeUibfdgMlj66R+KHg0mlDI6E5rM/1L5GchsKIsbJs4TgD1+fcEvJMTB1XCtWM
-usY3Y/JChquKbWngFrzqidcab0xO+RsFaxboMd/RoW3bsDOIiOmf+PQfPjXFpP23
-I3Plrm9DczQTbClt5YacW6g/aboMCHhjbCh8nBSEc5u0CssqmtHe2PST9XZZ/1ny
-t480up13b3rMX3QWr74gRQ4vGsBxmCbN1DdkglJYZzYtIoTH5qAeUk7oRrRCW8wj
-YkODoLLsb/1lJKHHlq8lj0h/ygn3aaYlmdXrXoPdnld0RwaS/35KjNZy6A6UEDGt
-z91615joi/m+V4GQr/OrJ+gWKp19Rs7qUViNPY/RkvdmWAlH7uz+kmo8hK5IeshD
-iWhZ179XIkX0YeeB8r2sRkO2qecVzRxhRtBFVt0MpuDUW3pZ+A6pB7utrKn2//TD
-ZqWbwpdVdolWjru5iDt88nLxXHEGSs7GprH2iL3/aNsOJ6BrUwNVx52YBEGeNhFW
-mH+E8nLQDaGgB68UnQUMzktrkmv2baAsPK1oQLDJSzN9nbhyE4ETiN2Ok1Kso30b
-fDRDUB3SbXldWUXtVmu+NzO8pJVFpQ1StXpWimrwjWB3Kbi8bs2VYai7+B4mTXYy
-8AVthJNuOnlvSB+FYMOaW9PrmuahgXT0wjsV2hkP+qe6mzj0AQHFpFJRuCtGuRog
-spA2SgQvMO4cceJ3cxh1p5Z2/s+oC3V3ikDSDvmcpU/4FF5H/4Th44RSmXABcr7L
-HFbYYKbJjfwlYh48feS7sJMAFlU41al8vCIJneNF8hSSFM05icZVBzqjDjzXHwb4
-kBvrIOtDf/CVZK9AzykvJRROIFI+2ifa+gPmTZ1Xgv0aqO8ibLSU8v2vx5RX2BCO
-Jq+lmYEr6PZn2X5C3iqE+xvdTz7Sh0+Ilq/lE4DEJqr4NtZaGxXBwFNixLHJlXfI
-u/LmbffnBsu2hf9zPxsmcm5yCqa9+XKtWNhx5PEcQsee6PXyGX/GHtek4pBOv/dd
+p89x5YEL+Mb6IPZXEkkr0KC4Wj+JtgE3VKdTT0wEcRD74QVv+dbbZt62WgmpJtId
+ph0Ial2z5Mws8L/aTkPdW2H/bEroApLu4TfUV+w67KcWgrc8gOg73d6gEObqx8li
+qGbs7FC1cI1WfDfnNOnCbD66e5+bTI8fDuchaieNRqzROd9RHhmlBHgylTmf55us
+laGuwLq2cZk/+Xz0M8PPx07uauGkAK0fyfifn/JR3PsGsE9s334osVQMjbjyT0VE
+rm8HGm3PvZHHDUnkOh7AGKyEtsIa5fJAULUjugp2lQJqOigC4HVn8a33xfLI0F1+
+2nH9MZ+Ap1rtI1cJX8CDn/Ij9oFt01scLxynYekYej11zFiR6qHC0sspxu0Yi8l0
+puBPXCI0GzyF9I53ukjGeibTtssz5yw1r+2oVasR4bvfXczPjqTQCBsPSUayNNhw
+RgT7k4QTY2OlrK/5XdILBzBlsvfndXgGOwEDw4YE7PMzMmz69vPMK7CfedUqtuXq
+bGBks58tzeOa4NSfVDOuFLI+LMkoYWMSjPGD/I0trX41xCU+O6PZOnDyt5ZWl1Tm
+klJpsB7rUcwsP8d4w4QGhyyV6Mo2MTlnTILr4CwwvmDMBch3yzwbfKdeywsFQh0S
+NMrG3aYNO7csRRTD6aGvYcBCbavWq7Ujsb/fV7SOIS26f4VEqewvOFlFEXm66zaz
+GJ0IcjtNHYNIIIW4690djxPqlGgbIZTblBSBlT+iOW5HrhXvrLeMmwAPxInU5dK+
+ypk2MGc4SzemkDi8H9jDW3dwbgcvVD9wn0glhVLQKWvP6F73UUdVEXMCZ+960xnR
+gxeEwDdIpzXNadWdON1kRbqI2KesRY/XQErGHDOvf2gNSM9V2gPz+5humvcu3mXY
+r4537On4+IdzetEVtI7D0slgojs+jN8waigpkLFB5RVl8PnzblMuWOkHNA86rrp+
+h6wNqv9kHLgPjpAyB1l/7w4VqXLXeC4PdaGc2fcpdNWOncUnHROmDmYvdTocqhIF
+bAsEFV7QZoTgDB7J6vLsmbtfawtHMSb81V/wTJWRrtY/gJCrkJXR2pTYAZlPX6vK
+aK7K2NuhJFMnrQD+kxsrloSEyfsZmHtk0mAVXJw4wSxlH3eGQ+Jphb/M2wtsnWV1
+w0fehxL2Vd5SyBBctAGhUirhRngbOO/E8IioymrziQ88vJZs2DxvbuNG4WKTuTwj
+CIggXohCNKdqrwL2HAynm2FVEWhbKrQwe4kjZc64WjccR4cy9vv+dxFfrKl+vZ1o
+Wvb0WXND7fiSBrPo7OfaYM5HjrcvIRP1AtMuArhuQYVARmawUG0l7dFLN97Rh9M+
+Ud9vBIfQYlubnTGVVm/5xrUh2isQbp2vrZLfMrUNXMQm0vSxKgGkAxqNUuklJC06
+LvCtEWMYXiBmB1zP4khwCHmHB+/E1gHBAutCzhpPu86ayEtNHBHIFkqKvZSg/UuZ
++ygDdTJV00I2neIdeQcyG+vPg6huIDIHpG5u6eQn5sLqVkhr+apeNcskMWpdkpFS
+Lo62KUZDR3yB83ne63c3IGex0hWhVojJOAxykpGp6OD9uFn6Xn7x2Q==
 -----END RSA PRIVATE KEY-----
diff --git a/src/tests/pkinit-certs/privkey.pem b/src/tests/pkinit-certs/privkey.pem
index 48f0ae9..007b627 100644
--- a/src/tests/pkinit-certs/privkey.pem
+++ b/src/tests/pkinit-certs/privkey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qH
-e2o/pUIEavg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+
-JgF71EI8kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPP
-dGD/hcJMXEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQ
-zt7NrBnnXiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKF
-pCVh4SKx71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABAoIBAQC0kY2F6ZnqeeLb
-eUQXqXnUYmM877gwacR6DqB15IgadWNI8JitwU6mAx9F4Oo9/lpB+xy9kCAea1Mw
-x0RY3kvbxFqDCfcwmtIWqMcAC5o7WgqB2kQTn4IQ3eyX2bqNTkKDCbl1qbO/0oyk
-XoTdv8tOVp6hOA7n/wKCzGyMVoor15PhlClBqbrAEIqBQUxfxthWibJXexlyX0ie
-MOCmEleQ4zPrQM0cY6yoz3RhM4PVybVSapPMv11czfLPc2o7s5tPgRU+rRSGeoJC
-Vp1EsaVVyZtYpNboKNsNojeJOoO3Gq5VRCjHImCa//05hnqBR1LWB+b1dvTRziwV
-z4985FBBAoGBAPqbs6bVLL2jDNEEmc+U+gEf5nh4GSlRUeioFDMM1Dd2fDTQAgiM
-0XI+a0NgZdjQI6fX3u+j5I9Ss1nfC09MzJsNxyKtjvAkQQsc6VDdZFEfHmC+qeTH
-E4oOsD3dEv8dHuopHUbguw9sztsONbF7Bc9fhBr3wU+bO5zrdM/ry3wZAoGBAMLI
-2zz+8NISHbSGE7mEJdAUdRyJVYXOp1NTzclgL6B3PD+hm8pCGQEVQa/SdWC6gJqJ
-w9sUhC+0chu9i/dl9nnES5hXJqE+fXmAsG+slv0WIATrwMzxWDYPTODe5AvEniIY
-RkQ1BDar0G7rcxxomREaPsteYBvh9DlIICgQu425AoGBAIQokjAb4VFMaBjeJULs
-HH91VDQZmaNJaDmaUbSuQkfRayTqwPfDUzy9IBHTB0K0WOlNlRqpQoI2qbBuSGeU
-Z54pQOfPwT5w0ABNSdlEN3/0Oi/ovG2ScoJuxpCJQlhZAhGYhwD2yI8U4W1x6+zh
-pKm8hE04dLBHe8OABAUWIyQZAoGAOUXh4O99U+drwJbj2dqXW7WIMdnXwb5fyMqN
-abbUijRFDNix/CivPXhIljAlv0lXYxk684H21CgUnT+Alj/u1yL2r1aAz0yWjFFg
-j5WJ1+TXiVrgl+Im885P5pbjKuqnLJNCpe+Iy6J9aP/mGuZOi47SA+4+CDTKIMWq
-Xt18qFECgYEAhVIGySQMn7u2MB7mywMQ0EQznxHBrFHDPUv0D6QuMvhUv70XUE8e
-jVad6Wev3+hTYaoELntMQaW0VmbMrhtP6WmviENkT0eV5CZJgLEVrzGAGtYQOut3
-HUO1wgqEEQK9iu4vTPddsUTj/zsXR3SzCBrqGu6p6Xl7YIiecYzACZ8=
+MIIEoAIBAAKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtr
+vmBIaYcnPq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE
+1/N4QMrzyKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOC
+ByG8F44YQTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiW
+gL0/iO25YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNH
+uShYa0PeyiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABAoIBAEpnKYMR0h6xyNjo
+VGIpT6BYB1UHPbVo0N9Ly6TCoIqpPe5DioDVyTye5A4OQlgu1G3ISqPme6478ApA
+ZZMw7/42QgdlknnOzbKaAWkZK02Sa8RP9hrXL8CvuDisOjzXCHd7RdXevzSmPfsS
+5sgdK3YFnKqMPwbCcKf61CHXvHJjWGuTIHIRh8P7gJelA4ahO0kYQ8aRXv3ldquO
+ukSI5gyk9CN+aAHqt25kEmt9oOgk+8kfKpnk+5gkOCY2YOFDDckD7nL1VIIrDxwG
+SmU598qjVwycDairWUY8uSuPCOLgbvDM9N8cERDMsyNQL63GE8ZZyHZsJ3Pbwdfs
+JVHh5ekCgYEA/CwhaT9D0WQ49GQdeI7aqazHEYDmqPdE2/qbmr67tPMZzX8AAk9j
+r4aMT+oIdtIMPdoQNNcBP6NYZLlAoMbLoAzHmWJnF5/YWLnS2Wg9OuXUOBn3jk1l
+SWelJfAKGeBld5fpSLTdHjRAwJrNCX+mc0IZIiEw2IvGUPgKGX08bX8CgYEA0swx
+xCDgvfoaKueInw/rUIcKxrSxK3pDhaR01Dg2pwSo7Vj9W01zf33qe+mjma6+U2SB
+fk+/O2VXDuEOmVDLwvp6PkmUeRE5PyH7urTMEjy5ELNGiZd9zHoG/zJnRgPwTjuW
+yguvjVGJwI1IvmODuA7Xc7iHFlvGNuxXZjPkS2UCgYA0nFxoIdvbTsaXLl/7rAow
+xixOGY+GBvil0HYwZcSxrtpeRjXRRZDtqOuTLKeRaqdFLD6fV5AaH9EsSn4STQdk
+n+XwuVf61M2FTVeRJi9IH3UUM06zsLAGDYqmDJt+5JMmzVnNYnaTe6FazbEjXy9x
+8oNd3IDdXOQGNomc4cT+rwKBgBbABOr25Wp7cJGK1XrdO/c/69DQNYLMujbVLeqt
+enCCFz0uaoGNFVcAHutqpsZyToYvha49KxVc9Y1cirfPOX58i+7nAAgk7Lm8kC9x
+Tcj2Fr8PqiA1YlVMIi8uoGi1Ch1XXwnFQxgMYcKPPPeXQ+L8bxJFKwcltnm8/h3A
+ofXlAn9AW6fYZLSzOfNQTMnuukhuAtZcEW9NlJHbej305zK89J66S8wroQs5iOla
+5GG+S4YaZh5sVGw+mnS+FCw7cQCUk40kXwX3yTrxlX1qGSCFCQnFdJow+5NVg4D+
+dzDKzniH71OZZFxTqiiz76XxiaW/rS1uOfP/WSVR9NBLpV5n
 -----END RSA PRIVATE KEY-----
diff --git a/src/tests/pkinit-certs/user-enc.p12 b/src/tests/pkinit-certs/user-enc.p12
index 39e9d31..1cc3aa3 100644
Binary files a/src/tests/pkinit-certs/user-enc.p12 and b/src/tests/pkinit-certs/user-enc.p12 differ
diff --git a/src/tests/pkinit-certs/user-upn.p12 b/src/tests/pkinit-certs/user-upn.p12
index df931d7..bf47384 100644
Binary files a/src/tests/pkinit-certs/user-upn.p12 and b/src/tests/pkinit-certs/user-upn.p12 differ
diff --git a/src/tests/pkinit-certs/user-upn.pem b/src/tests/pkinit-certs/user-upn.pem
index 37fcab8..14a1183 100644
--- a/src/tests/pkinit-certs/user-upn.pem
+++ b/src/tests/pkinit-certs/user-upn.pem
@@ -3,26 +3,26 @@ MIIExTCCA62gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
 A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
 dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
-b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
 A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
 U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
-avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
-kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
-XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
-XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
-71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFGxN
-/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
-+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
 ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
 IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
 aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
 BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM
 EHVzZXJAa3JidGVzdC5jb20wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B
-AQsFAAOCAQEAeZXuyTRD2XQEcUoOYRXn6V1Glh61eHJ4e5ggp0QmTZoij8Y5YdmV
-jt4N8PE1wdXr0f7+a49Zh+YrKt7NZw4HlevYSMIyHVEeLe05zTFYL0w9R1P+16pf
-iSLmmwXZXBPX0biQq2wklD71GBFh/FF02uuetA/iPLMXvgfEUnbjVCcLpTc2/ISg
-tkGvWXtE06YXwSn3ANbCQPLifUKW2PZ8jGBOLLvslebvvJruWyfFLolkNsyA+ljr
-GvWZMxKTOD3LECHvLWFfl7xJsUNqL5qptz0baxeCrmaAdQdHvs4DApxebh1BZGn8
-KFV4g+N0Qz28tO0GSEA3cd2JHVz+wWQp7Q==
+AQsFAAOCAQEAYTW8tzURX2s8vuDawXEJt2as5q2MnvhUmG0YPIvK4n2fODkMW/I9
+XENFhK8wwQJNdzvBUwXUXzEGjFcGPs672ZVzykRb7sAfGlNu1f15z0KrjyUj82oz
+/gWoLwdYwZnO8jqtKjGtnLi2MeWjVCoiUW5ypUGwtEdcyZUG0PeRUrdrZu5cm+iZ
+1B1exR4lepR1iSAPYTNhp5VF6T8BSLf2BO2IKTgFnF4Xx1vyZZTsY10mruZ8S1ZR
+XiajBVdHkN1BpWWyFKt1BCt0dpRx9W7CihC3Ln9fBCsY8QA969EjRhszG2i09Xxw
+0M6/UgIQRU6hy7QTlcmehDKY0zvVJ2/RLw==
 -----END CERTIFICATE-----
diff --git a/src/tests/pkinit-certs/user-upn2.p12 b/src/tests/pkinit-certs/user-upn2.p12
index e11860e..69ca648 100644
Binary files a/src/tests/pkinit-certs/user-upn2.p12 and b/src/tests/pkinit-certs/user-upn2.p12 differ
diff --git a/src/tests/pkinit-certs/user-upn2.pem b/src/tests/pkinit-certs/user-upn2.pem
index 66d6b3e..baef41a 100644
--- a/src/tests/pkinit-certs/user-upn2.pem
+++ b/src/tests/pkinit-certs/user-upn2.pem
@@ -3,26 +3,26 @@ MIIEuTCCA6GgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
 A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
 dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
-b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
 A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
 U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
-avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
-kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
-XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
-XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
-71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFGxN
-/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
-+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
 ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
 IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
 aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
 BAQDAgPoMAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFqAUBgorBgEEAYI3FAIDoAYM
-BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAWf0/
-d0284FjoywSaPpXvy4sJ3N+Ts1bXmM9NtJT+pKDpyMEisNFQ/kqO2UURT+9dZP5o
-yzMttuNdi0lJ4W8gXE5CeMDJv1z9HUXl6blDOh7YYdqM9Y6rBIKwZHyFZzSlgGIQ
-KHfDbj2dmOJLVPfLZM+MA42G1nmfQPGUMcc4mLp8Xu8x7LXCxJBuXV/gxSEMbLrm
-YNj/mXQJhQwYIZdeBZIBUcdU2rD2bMbHcWAs183ddEg3+CSN8fdppsFT1ZX4ZlPk
-XGSrv9EYC4GLZpLOtB3FwUQ1TmEDMJqzifY8jcS03UdQ0gKZBm83rVMnXvU01CgA
-MI9PN0lFwPEutERN0g==
+BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAAsGC
+LvikD/nW3eOym4f/uuKBscOGSByP9/HoP8QwvnLYU00i5n+zXSTQctotHIifsRc4
+xHLO8xemJp7rm0h/27C1Wo5AVxJ0cmnDKQf8Ast+QXsz9ZeaeKLa5D8sDOfnZXJB
+aMTb8ChjyZz+KLjXV0VbaVkY95mfqsOoJQcl9wHhNdDOygnSucvA5Svlrbo2rlKt
+75OJZJJWrZxuaBuuSYNpCKyyg61t69hPoDKDQZ8QJZHGugWqQ2swYe9dZpUYy5xV
+CGTLCAk9ZOn8hTCC6xbNaJFjflIjcjpwabw0r986/9GeAF6KqSNbMXKaY4LLuk/8
+5FH9S8/3F56ZCNxbZQ==
 -----END CERTIFICATE-----
diff --git a/src/tests/pkinit-certs/user-upn3.p12 b/src/tests/pkinit-certs/user-upn3.p12
index dae25f8..9aabc3a 100644
Binary files a/src/tests/pkinit-certs/user-upn3.p12 and b/src/tests/pkinit-certs/user-upn3.p12 differ
diff --git a/src/tests/pkinit-certs/user-upn3.pem b/src/tests/pkinit-certs/user-upn3.pem
index d39b879..000d567 100644
--- a/src/tests/pkinit-certs/user-upn3.pem
+++ b/src/tests/pkinit-certs/user-upn3.pem
@@ -3,26 +3,26 @@ MIIExTCCA62gAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
 A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
 dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
-b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
 A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
 U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
-avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
-kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
-XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
-XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
-71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFGxN
-/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
-+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
 ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
 IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
 aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
 BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM
 EHVzZXJAS1JCVEVTVC5DT00wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B
-AQsFAAOCAQEAF/V+Cx49jH70LMI7S7SGDFWr6/rtYwjJax7RgZN6JZlakd1R6GHa
-JHwUMmf67V/R3qVWfThhbKjxumEY+whxiszegDwBZC+fFiYbaQMCIchHkx8vkdmK
-ZJ9VznDiA/kp0Ty8JZKG6TMRkkxUo+csEXU4E6TZFZaz9pfPrhxHU21uPbeDeE3h
-sUiUqH7oZBjmSS+2OmAu0v4+/Ex0QkqJACvZYNA5zFpgV0Ux/26EQt/bKiYkXYZq
-CIWP7cd/MRfNqeqlbUVpKcIkk5WPpuqPVffA+f2B1Al5iJ8o1pzqN+awZBLLZv3F
-p1+AeVD5nvWpyHSXmst32OYPPTBL9Yk3uA==
+AQsFAAOCAQEApwXjFJ86RLM4MzbScqk0JGqm+jzaFZ6h5oyt0rlaxdhOl7kqOmIE
+sLhXtvZm75roA+UULZHumB6xg3Y0p7cc6VBAYYycWoNkhWXZMdQ8Q33vMos5cwLY
+kXjl4oTDK53goh8IlriRMV7Tv/QpJ8wh+7iqQn3lak0Tv51JexYGwp5sJREYm8q5
+rr3ChlgH7SWF8mhbu2EEiipm0whEqA4tlNKGBsTQBslnm8sK0VfVDcmLOGbMNjRs
+r+Hkd8yVvhIJ9M+WAp/OeF2vUzPBJtAfIaJBxcZmKtNI5Jk8cK/vScJZboa0qAAz
+2Y1uC9rP830mpOe0juhV2mMPron0hi1HaA==
 -----END CERTIFICATE-----
diff --git a/src/tests/pkinit-certs/user.p12 b/src/tests/pkinit-certs/user.p12
index 97993c0..e552011 100644
Binary files a/src/tests/pkinit-certs/user.p12 and b/src/tests/pkinit-certs/user.p12 differ
diff --git a/src/tests/pkinit-certs/user.pem b/src/tests/pkinit-certs/user.pem
index ab24e99..182ea59 100644
--- a/src/tests/pkinit-certs/user.pem
+++ b/src/tests/pkinit-certs/user.pem
@@ -3,26 +3,26 @@ MIIE0zCCA7ugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
 A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
 dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
-b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowSjELMAkG
 A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
 U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
-avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
-kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
-XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
-XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
-71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFGxN
-/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
-+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
 ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
 IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
 aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
 BAQDAgPoMAwGA1UdEwEB/wQCMAAwOQYDVR0RBDIwMKAuBgYrBgEFAgKgJDAioA0b
 C0tSQlRFU1QuQ09NoREwD6ADAgEBoQgwBhsEdXNlcjASBgNVHSUECzAJBgcrBgEF
-AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQAOBmEbWERHmV5YfMrOIY36mevch2KJokw9
-LXZqnKI4oezajEMwx0Wv+M/Gb4ZuYrfobiHSvfzCPUXyyRVWPr8sFBvDXnoBSlos
-g+Y2O8+toyJ8u8gn63SrnPOHCdYkClkDeHI3EzuIcLfgn+Uyg9lkQOjBBNj5O42K
-GoTNCuhoB6IAa66JD2u7E7pfBnceSUYP1DTlCK9l+1C+zOAEuG2N8K4n0ZRZbVqd
-2euMypjorJwgebOzlk86TNzOb5IP8G6phs7D4tvhe7J6mfJ3tFmGbH8V7jY51iCT
-EFQgm39U4J+2uQ0LlEsE3v7wXGW3MLUBY6STcGPwkBrxcmsdKNmy
+AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQAOBeCDK6Eg6Cu8TZ7xeAw2AbTpaW04nNSV
+Fmm0aIskMgLl2a5KEmalG7rnArRXv5IZVYFjJ6X0MzjOx+BgaGUCvN8jz1fuO3Hp
+iGhxPDzKjFMWJeY/z5bQRueSI6RCC8DzH8iPdlPUQ8ZhnukhY1Vt47wqraf197uT
+0XP21qQr1uRY+ZcLSBKZuKe9ZP3ijh57MOLvYDdAFxVp77JLznpk+oU18ujAtYgZ
+7naIGYtSQRkIi970jk82hSpc9B/KN8UcDuo+DQHWPQaDf39s30qoxooZBoue5ipp
+LQHuVaX5Hoi83cWbsVluce/JsW8GfbuC8+8CosAmzJly183f8++9
 -----END CERTIFICATE-----


More information about the cvs-krb5 mailing list