diff --git a/certs/test/cn-ip-literal.der b/certs/test/cn-ip-literal.der new file mode 100644 index 00000000000..3da73c84682 Binary files /dev/null and b/certs/test/cn-ip-literal.der differ diff --git a/certs/test/cn-ip-wildcard.der b/certs/test/cn-ip-wildcard.der new file mode 100644 index 00000000000..8be0d3be757 Binary files /dev/null and b/certs/test/cn-ip-wildcard.der differ diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index 453f8022b37..8219d27c970 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -229,6 +229,30 @@ generate_expired_certs expired/expired-cert ../server-key.pem generate_test_trusted_cert ossl-trusted-cert localhost "" 1 +# Generate CN-IP test certs (no SAN, CN contains IP literal or wildcard) +# These are simple self-signed V1 certs with only a CN field, no extensions. +# Used to test peer cert verification with IP address matching in CN. +generate_cn_ip_cert() { + rm -f "$1".der "$1".pem + + echo "step 1 create self-signed cert with CN=$2" + openssl req -new -x509 -days 3652 -sha256 \ + -key ../server-key.pem \ + -out "$1".pem \ + -subj "/CN=$2" + check_result $? + + echo "step 2 make binary der version" + openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der + check_result $? + + rm -f "$1".pem +} + +generate_cn_ip_cert cn-ip-literal 127.0.0.1 +generate_cn_ip_cert cn-ip-wildcard "*.0.0.1" + + # Note on certs/empty-issuer-cert.pem: # OpenSSL did not like to generate this certificate with an empty CN in the # conf file. diff --git a/gencertbuf.pl b/gencertbuf.pl index e8fbd3f46c2..6699c9f2adb 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -164,6 +164,13 @@ ["certs/sphincs/bench_sphincs_small_level5_key.der", "bench_sphincs_small_level5_key" ], ); +# CN-IP test certs (no SAN, CN contains IP literal or wildcard) +# Used with OPENSSL_EXTRA && !NO_RSA +my @fileList_cn_ip = ( + [ "./certs/test/cn-ip-literal.der", "cn_ip_literal_der" ], + [ "./certs/test/cn-ip-wildcard.der", "cn_ip_wildcard_der" ], + ); + # ---------------------------------------------------------------------------- @@ -178,6 +185,7 @@ my $num_sm2_der = @fileList_sm2_der; my $num_falcon = @fileList_falcon; my $num_sphincs = @fileList_sphincs; +my $num_cn_ip = @fileList_cn_ip; # open our output file, "+>" creates and/or truncates open OUT_FILE, "+>", $outputFile or die $!; @@ -2236,6 +2244,23 @@ print OUT_FILE "#endif /* USE_CERT_BUFFERS_25519 */\n\n"; +# convert and print CN-IP test certs +print OUT_FILE "#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)\n\n"; +for (my $i = 0; $i < $num_cn_ip; $i++) { + + my $fname = $fileList_cn_ip[$i][0]; + my $sname = $fileList_cn_ip[$i][1]; + + print OUT_FILE "/* $fname */\n"; + print OUT_FILE "static const unsigned char $sname\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fname); + print OUT_FILE "};\n"; + print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n" +} +print OUT_FILE "#endif /* OPENSSL_EXTRA && !NO_RSA */\n\n"; + + print OUT_FILE "#endif /* WOLFSSL_CERTS_TEST_H */\n\n"; # close certs_test.h file diff --git a/src/internal.c b/src/internal.c index ad1587e0f63..36203b8eab6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13488,7 +13488,10 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, } #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY - if (checkCN == 1) { + /* RFC 6125: IP address identities must appear in an iPAddress SAN and + * must never be matched against the Subject Common Name. Skip the CN + * fallback when verifying an IP address. */ + if (checkCN == 1 && !isIP) { if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, domainName, (word32)domainNameLen, flags) == 1) { ret = 0; diff --git a/tests/api/test_ossl_x509.c b/tests/api/test_ossl_x509.c index b918a1f1438..ce8546dc247 100644 --- a/tests/api/test_ossl_x509.c +++ b/tests/api/test_ossl_x509.c @@ -1060,6 +1060,36 @@ int test_wolfSSL_X509_check_ip_asc(void) ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0); ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0); + /* Regression test: a certificate with CN= and no SAN extension + * must NOT be accepted for IP verification. RFC 6125 requires that IP + * identities appear in an iPAddress SAN; the Subject CN must never be + * matched against an IP address. Likewise a CN of "*.0.0.1" must not + * wildcard-match "127.0.0.1" -- RFC 6125 Section 7.2 prohibits wildcard + * matching for IP addresses. */ + { + WOLFSSL_X509 *cn_lit = NULL; + WOLFSSL_X509 *cn_wild = NULL; + + ExpectNotNull(cn_lit = wolfSSL_X509_load_certificate_buffer( + cn_ip_literal_der, (int)sizeof(cn_ip_literal_der), + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull(cn_wild = wolfSSL_X509_load_certificate_buffer( + cn_ip_wildcard_der, (int)sizeof(cn_ip_wildcard_der), + WOLFSSL_FILETYPE_ASN1)); + + /* CN=127.0.0.1 with no SAN must NOT match the IP "127.0.0.1". */ + ExpectIntEQ(wolfSSL_X509_check_ip_asc(cn_lit, "127.0.0.1", 0), 0); + /* CN=*.0.0.1 with no SAN must NOT wildcard-match "127.0.0.1". */ + ExpectIntEQ(wolfSSL_X509_check_ip_asc(cn_wild, "127.0.0.1", 0), 0); + /* CN-based hostname matching must still work for hostname checks + * (sanity check that the fix didn't over-correct). */ + ExpectIntEQ(wolfSSL_X509_check_host(cn_wild, "1.0.0.1", + XSTRLEN("1.0.0.1"), 0, NULL), 1); + + wolfSSL_X509_free(cn_wild); + wolfSSL_X509_free(cn_lit); + } + wolfSSL_X509_free(empty); wolfSSL_X509_free(x509); #endif diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index b4aeff3f688..efd4c1bd288 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -7069,5 +7069,160 @@ static const unsigned char x25519_pub_statickey_der[] = #endif /* USE_CERT_BUFFERS_25519 */ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + +/* ./certs/test/cn-ip-literal.der */ +static const unsigned char cn_ip_literal_der[] = +{ + 0x30, 0x82, 0x02, 0xAF, 0x30, 0x82, 0x01, 0x97, 0x02, 0x14, + 0x03, 0xE8, 0x5C, 0xB5, 0x56, 0x65, 0x58, 0xD4, 0xD9, 0x86, + 0x9C, 0xE7, 0x5B, 0x71, 0xE9, 0xD3, 0x33, 0xE1, 0xA2, 0xDC, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, + 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x31, 0x32, + 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x30, 0x1E, 0x17, + 0x0D, 0x32, 0x36, 0x30, 0x34, 0x30, 0x38, 0x32, 0x30, 0x32, + 0x35, 0x33, 0x33, 0x5A, 0x17, 0x0D, 0x33, 0x36, 0x30, 0x34, + 0x30, 0x35, 0x32, 0x30, 0x32, 0x35, 0x33, 0x33, 0x5A, 0x30, + 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, + 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xB9, 0xCC, 0x99, 0xF7, 0xBF, 0x7C, + 0x4F, 0xEC, 0x7F, 0xE6, 0x17, 0x4E, 0xE3, 0xD9, 0xE5, 0x25, + 0x7D, 0xAB, 0xA8, 0x66, 0xB0, 0x4D, 0x41, 0x5C, 0x20, 0xD8, + 0x67, 0xF5, 0xA3, 0xCD, 0x9E, 0x12, 0x7F, 0x09, 0x00, 0xEB, + 0x6B, 0xFC, 0x7E, 0x14, 0x10, 0xA0, 0x10, 0x2E, 0x1F, 0xE8, + 0xAD, 0xEC, 0xE8, 0x86, 0x54, 0xA2, 0xC4, 0x58, 0x65, 0x26, + 0x95, 0x76, 0xA1, 0xE1, 0x02, 0x52, 0x81, 0xCB, 0x7E, 0x8E, + 0xB2, 0x31, 0xC9, 0x58, 0x9A, 0xDC, 0x69, 0xAB, 0x8D, 0x23, + 0xCD, 0x96, 0x19, 0x1C, 0x68, 0x69, 0xB5, 0x7D, 0x23, 0xE3, + 0x58, 0xE6, 0x26, 0xCC, 0x05, 0x40, 0xD2, 0xA9, 0xB1, 0x09, + 0x9C, 0xC8, 0x4A, 0xFC, 0x0A, 0x20, 0xBA, 0xC0, 0x12, 0x3B, + 0x97, 0x44, 0x2B, 0x30, 0x50, 0x86, 0x0B, 0x27, 0x13, 0x76, + 0xB5, 0xF7, 0x80, 0xF0, 0xF2, 0xF0, 0x93, 0x3B, 0x8D, 0xA8, + 0x4F, 0xA3, 0xA9, 0xD2, 0xEA, 0xD3, 0xC3, 0xCB, 0xCC, 0x70, + 0xA0, 0x0B, 0xC7, 0xC6, 0x3E, 0xC9, 0x27, 0x4C, 0xB5, 0x23, + 0x35, 0x6C, 0xB0, 0x30, 0xA2, 0xC1, 0x6D, 0x07, 0xD0, 0x9B, + 0x55, 0x6A, 0xF9, 0x18, 0xF0, 0x30, 0x74, 0x3F, 0xF6, 0x17, + 0x85, 0xB7, 0xCF, 0xA5, 0xD4, 0x91, 0xAA, 0x54, 0x85, 0xEC, + 0xAE, 0xC5, 0x32, 0xF2, 0xB0, 0x21, 0x5A, 0x90, 0x22, 0x66, + 0x8B, 0x4B, 0x0D, 0xC3, 0x57, 0x81, 0x86, 0xF2, 0xBB, 0xD2, + 0x3B, 0x8C, 0xFC, 0xEE, 0xBD, 0xED, 0xF0, 0xFB, 0xA5, 0xE1, + 0x91, 0x5A, 0x68, 0x07, 0x60, 0x38, 0x38, 0xE7, 0x48, 0xE3, + 0x83, 0xD6, 0xAF, 0xF0, 0x03, 0x7E, 0x2E, 0x95, 0x0C, 0x33, + 0xCF, 0x13, 0xE9, 0xEC, 0xE7, 0xA4, 0x5E, 0xED, 0x02, 0xAE, + 0xF2, 0x30, 0x6F, 0x3F, 0xC4, 0x1B, 0x3A, 0x0A, 0xE8, 0xD3, + 0x66, 0x32, 0xD6, 0xFD, 0x58, 0x3A, 0x65, 0x93, 0x99, 0xC7, + 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x3C, 0xA7, 0xDF, 0xD1, 0x44, + 0xC5, 0x4D, 0x29, 0x38, 0x51, 0x9D, 0xF6, 0xEE, 0x2F, 0x0C, + 0xA3, 0x8A, 0x2A, 0x7C, 0xA1, 0xB1, 0x26, 0x6D, 0xFB, 0x8B, + 0x5D, 0xED, 0xDC, 0x1F, 0xF2, 0xF1, 0x99, 0x3C, 0xD8, 0x36, + 0xCD, 0x48, 0xF5, 0x91, 0x5B, 0x42, 0x98, 0x89, 0x29, 0xBA, + 0x46, 0xAD, 0x93, 0xEA, 0xEA, 0x53, 0x17, 0xE4, 0x6D, 0xB7, + 0xDC, 0xB5, 0x4A, 0xD8, 0xED, 0x5C, 0x39, 0x0C, 0xF6, 0x1D, + 0x19, 0xFB, 0x22, 0x5D, 0xE4, 0x3F, 0x07, 0x20, 0x6D, 0x2E, + 0xDC, 0x92, 0xA5, 0x56, 0xB3, 0x92, 0x74, 0x05, 0xB2, 0x7C, + 0xED, 0x73, 0x83, 0x70, 0x5F, 0x0E, 0x75, 0xE1, 0x71, 0x4C, + 0xC5, 0xF0, 0x26, 0xC5, 0xA6, 0xD4, 0xB6, 0xB4, 0x79, 0x99, + 0x54, 0xD9, 0x21, 0x48, 0x2F, 0x52, 0x6E, 0x47, 0x1D, 0x1C, + 0x3A, 0x3B, 0x2A, 0x36, 0xA8, 0x88, 0x95, 0x47, 0x67, 0x59, + 0xD5, 0xEE, 0xB6, 0xE9, 0x5B, 0x86, 0x1B, 0x8B, 0x6C, 0xA6, + 0xB2, 0x91, 0x81, 0x0C, 0xCA, 0x91, 0x33, 0x32, 0xE5, 0x0D, + 0x8F, 0xDA, 0xC7, 0x5B, 0xA6, 0x80, 0x3F, 0x71, 0x50, 0x56, + 0xD2, 0x88, 0xFC, 0x53, 0xC5, 0x11, 0x45, 0x1E, 0x8A, 0xB7, + 0x0A, 0x83, 0x9E, 0x89, 0x63, 0x24, 0x3E, 0x8C, 0xBD, 0xED, + 0xEC, 0xF4, 0x19, 0x32, 0x13, 0xCF, 0xE7, 0xDD, 0xE6, 0x84, + 0xED, 0xE7, 0xF7, 0xF9, 0x50, 0x2F, 0x7B, 0xAC, 0x7D, 0xF9, + 0x0F, 0x61, 0xD1, 0xF7, 0x59, 0xF0, 0x91, 0x73, 0x26, 0x5A, + 0xBA, 0x24, 0xC8, 0x49, 0x86, 0xC1, 0x1A, 0x42, 0x68, 0x70, + 0xBF, 0x94, 0x69, 0xD0, 0xD5, 0x26, 0x7E, 0x3C, 0xA9, 0x69, + 0x6F, 0xB1, 0xCC, 0xDF, 0x4D, 0xED, 0x91, 0x6D, 0xDF, 0x45, + 0x71, 0xF0, 0x88, 0x69, 0x74, 0x49, 0x2C, 0x5E, 0x77, 0xED, + 0x92, 0x36, 0x7F, 0x1A, 0x83, 0x36, 0x42, 0x17, 0x5A, 0xDA, + 0x91 +}; +#define sizeof_cn_ip_literal_der (sizeof(cn_ip_literal_der)) + +/* ./certs/test/cn-ip-wildcard.der */ +static const unsigned char cn_ip_wildcard_der[] = +{ + 0x30, 0x82, 0x02, 0xAB, 0x30, 0x82, 0x01, 0x93, 0x02, 0x14, + 0x3A, 0x4E, 0xFC, 0xF1, 0x5F, 0xCB, 0xE3, 0x6A, 0xAE, 0x7F, + 0xD6, 0x79, 0xBD, 0x40, 0xC9, 0x64, 0x41, 0xC6, 0xF0, 0x56, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x12, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x07, 0x2A, 0x2E, + 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x30, 0x1E, 0x17, 0x0D, 0x32, + 0x36, 0x30, 0x34, 0x30, 0x38, 0x32, 0x30, 0x32, 0x35, 0x33, + 0x33, 0x5A, 0x17, 0x0D, 0x33, 0x36, 0x30, 0x34, 0x30, 0x35, + 0x32, 0x30, 0x32, 0x35, 0x33, 0x33, 0x5A, 0x30, 0x12, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x07, + 0x2A, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, + 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xB9, 0xCC, 0x99, 0xF7, 0xBF, 0x7C, 0x4F, 0xEC, 0x7F, 0xE6, + 0x17, 0x4E, 0xE3, 0xD9, 0xE5, 0x25, 0x7D, 0xAB, 0xA8, 0x66, + 0xB0, 0x4D, 0x41, 0x5C, 0x20, 0xD8, 0x67, 0xF5, 0xA3, 0xCD, + 0x9E, 0x12, 0x7F, 0x09, 0x00, 0xEB, 0x6B, 0xFC, 0x7E, 0x14, + 0x10, 0xA0, 0x10, 0x2E, 0x1F, 0xE8, 0xAD, 0xEC, 0xE8, 0x86, + 0x54, 0xA2, 0xC4, 0x58, 0x65, 0x26, 0x95, 0x76, 0xA1, 0xE1, + 0x02, 0x52, 0x81, 0xCB, 0x7E, 0x8E, 0xB2, 0x31, 0xC9, 0x58, + 0x9A, 0xDC, 0x69, 0xAB, 0x8D, 0x23, 0xCD, 0x96, 0x19, 0x1C, + 0x68, 0x69, 0xB5, 0x7D, 0x23, 0xE3, 0x58, 0xE6, 0x26, 0xCC, + 0x05, 0x40, 0xD2, 0xA9, 0xB1, 0x09, 0x9C, 0xC8, 0x4A, 0xFC, + 0x0A, 0x20, 0xBA, 0xC0, 0x12, 0x3B, 0x97, 0x44, 0x2B, 0x30, + 0x50, 0x86, 0x0B, 0x27, 0x13, 0x76, 0xB5, 0xF7, 0x80, 0xF0, + 0xF2, 0xF0, 0x93, 0x3B, 0x8D, 0xA8, 0x4F, 0xA3, 0xA9, 0xD2, + 0xEA, 0xD3, 0xC3, 0xCB, 0xCC, 0x70, 0xA0, 0x0B, 0xC7, 0xC6, + 0x3E, 0xC9, 0x27, 0x4C, 0xB5, 0x23, 0x35, 0x6C, 0xB0, 0x30, + 0xA2, 0xC1, 0x6D, 0x07, 0xD0, 0x9B, 0x55, 0x6A, 0xF9, 0x18, + 0xF0, 0x30, 0x74, 0x3F, 0xF6, 0x17, 0x85, 0xB7, 0xCF, 0xA5, + 0xD4, 0x91, 0xAA, 0x54, 0x85, 0xEC, 0xAE, 0xC5, 0x32, 0xF2, + 0xB0, 0x21, 0x5A, 0x90, 0x22, 0x66, 0x8B, 0x4B, 0x0D, 0xC3, + 0x57, 0x81, 0x86, 0xF2, 0xBB, 0xD2, 0x3B, 0x8C, 0xFC, 0xEE, + 0xBD, 0xED, 0xF0, 0xFB, 0xA5, 0xE1, 0x91, 0x5A, 0x68, 0x07, + 0x60, 0x38, 0x38, 0xE7, 0x48, 0xE3, 0x83, 0xD6, 0xAF, 0xF0, + 0x03, 0x7E, 0x2E, 0x95, 0x0C, 0x33, 0xCF, 0x13, 0xE9, 0xEC, + 0xE7, 0xA4, 0x5E, 0xED, 0x02, 0xAE, 0xF2, 0x30, 0x6F, 0x3F, + 0xC4, 0x1B, 0x3A, 0x0A, 0xE8, 0xD3, 0x66, 0x32, 0xD6, 0xFD, + 0x58, 0x3A, 0x65, 0x93, 0x99, 0xC7, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x7F, 0x3A, 0xF8, 0x93, 0x41, 0x6F, 0xAA, 0xB7, 0xCA, + 0x17, 0x81, 0xA7, 0x3E, 0x9F, 0x0C, 0x6D, 0x14, 0x7B, 0x6F, + 0x13, 0xF8, 0xBF, 0x63, 0x6E, 0x28, 0x57, 0x0B, 0x9A, 0xC2, + 0x2A, 0x88, 0xC0, 0x35, 0x4B, 0xE3, 0x77, 0x31, 0x61, 0xFF, + 0xB4, 0x03, 0xE6, 0x11, 0x80, 0x1F, 0x35, 0x65, 0xF6, 0x47, + 0x94, 0xE6, 0xB9, 0x60, 0x1E, 0xAE, 0x9C, 0x90, 0xE8, 0x53, + 0x8A, 0x46, 0x61, 0x28, 0xFA, 0x4B, 0xE0, 0x71, 0x98, 0xF4, + 0x9E, 0xC8, 0x31, 0x98, 0x27, 0x71, 0x6E, 0x3C, 0x85, 0x15, + 0x6D, 0x56, 0x20, 0x3B, 0x16, 0xE7, 0x64, 0xB8, 0x51, 0x9A, + 0x72, 0x75, 0xA1, 0xD2, 0x2F, 0xCF, 0x2B, 0x61, 0xA2, 0xA8, + 0x8B, 0x59, 0x27, 0x4C, 0x18, 0x59, 0x33, 0xBF, 0x9E, 0x5C, + 0xEF, 0xBE, 0x71, 0x62, 0x62, 0x20, 0xC8, 0xDC, 0xAF, 0x74, + 0xAA, 0x7B, 0xAA, 0xAF, 0x37, 0x81, 0x65, 0xCA, 0xF1, 0x7D, + 0xD4, 0x58, 0x11, 0xD7, 0x18, 0xF7, 0x50, 0xA2, 0xA8, 0x89, + 0x90, 0x7C, 0x30, 0xDE, 0x2E, 0xF6, 0xBD, 0x3E, 0xBF, 0x14, + 0x1E, 0xD4, 0x85, 0x8C, 0x38, 0x1C, 0xA4, 0x26, 0xB7, 0x86, + 0xE5, 0x17, 0xFC, 0x67, 0x93, 0x86, 0x1C, 0x1F, 0x91, 0x6F, + 0x8C, 0x99, 0xA6, 0x7F, 0x93, 0x92, 0xDB, 0x45, 0x75, 0xBB, + 0xB0, 0x78, 0xA3, 0x8B, 0x67, 0xF7, 0x94, 0x26, 0xAC, 0xB9, + 0x4A, 0xCA, 0x1F, 0x73, 0xFC, 0x52, 0x78, 0xB8, 0x14, 0x02, + 0xBF, 0x69, 0x6F, 0x70, 0x21, 0xAE, 0xD4, 0x12, 0x4F, 0xD1, + 0x9F, 0xE6, 0x56, 0x11, 0x80, 0x39, 0x66, 0xE0, 0xD4, 0x56, + 0x5B, 0x32, 0xC6, 0x6C, 0xB8, 0xD2, 0xF4, 0x23, 0x7F, 0xBB, + 0x62, 0x2F, 0x5D, 0x67, 0x37, 0x38, 0x74, 0xCA, 0xB3, 0x3F, + 0x17, 0x53, 0x97, 0xA4, 0xBD, 0xDA, 0x26, 0x6A, 0xB3, 0xD9, + 0x9F, 0xAC, 0xD2, 0x58, 0x4F, 0x24, 0x8C +}; +#define sizeof_cn_ip_wildcard_der (sizeof(cn_ip_wildcard_der)) + +#endif /* OPENSSL_EXTRA && !NO_RSA */ + #endif /* WOLFSSL_CERTS_TEST_H */