Skip to content

Fix for peer cert verify with IP address #10169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
embhorn wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix for peer cert verify with IP address #10169

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1e1e34c
Fix for peer cert verify with IP address
embhorn Apr 8, 2026
4d79d1e
Improve tests
embhorn Apr 9, 2026
1e40b15
Fix from review
embhorn Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added certs/test/cn-ip-literal.der
View file
Open in desktop
Binary file not shown.
Binary file added certs/test/cn-ip-wildcard.der
View file
Open in desktop
Binary file not shown.
24 changes: 24 additions & 0 deletions certs/test/gen-testcerts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,30 @@ generate_expired_certs expired/expired-cert ../server-key.pem

generate_test_trusted_cert ossl-trusted-cert localhost "" 1

# Generate CN-IP test certs (no SAN, CN contains IP literal or wildcard)
# These are simple self-signed V1 certs with only a CN field, no extensions.
# Used to test peer cert verification with IP address matching in CN.
generate_cn_ip_cert() {
rm -f "$1".der "$1".pem

echo "step 1 create self-signed cert with CN=$2"
openssl req -new -x509 -days 3652 -sha256 \
-key ../server-key.pem \
-out "$1".pem \
-subj "/CN=$2"
check_result $?

echo "step 2 make binary der version"
openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
check_result $?

rm -f "$1".pem
}

generate_cn_ip_cert cn-ip-literal 127.0.0.1
generate_cn_ip_cert cn-ip-wildcard "*.0.0.1"


# Note on certs/empty-issuer-cert.pem:
# OpenSSL did not like to generate this certificate with an empty CN in the
# conf file.
Expand Down
25 changes: 25 additions & 0 deletions gencertbuf.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,13 @@
["certs/sphincs/bench_sphincs_small_level5_key.der", "bench_sphincs_small_level5_key" ],
);

# CN-IP test certs (no SAN, CN contains IP literal or wildcard)
# Used with OPENSSL_EXTRA && !NO_RSA
my @fileList_cn_ip = (
[ "./certs/test/cn-ip-literal.der", "cn_ip_literal_der" ],
[ "./certs/test/cn-ip-wildcard.der", "cn_ip_wildcard_der" ],
);


# ----------------------------------------------------------------------------

Expand All @@ -178,6 +185,7 @@
my $num_sm2_der = @fileList_sm2_der;
my $num_falcon = @fileList_falcon;
my $num_sphincs = @fileList_sphincs;
my $num_cn_ip = @fileList_cn_ip;

# open our output file, "+>" creates and/or truncates
open OUT_FILE, "+>", $outputFile or die $!;
Expand Down Expand Up @@ -2236,6 +2244,23 @@
print OUT_FILE "#endif /* USE_CERT_BUFFERS_25519 */\n\n";


# convert and print CN-IP test certs
print OUT_FILE "#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)\n\n";
for (my $i = 0; $i < $num_cn_ip; $i++) {

my $fname = $fileList_cn_ip[$i][0];
my $sname = $fileList_cn_ip[$i][1];

print OUT_FILE "/* $fname */\n";
print OUT_FILE "static const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fname);
print OUT_FILE "};\n";
print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
}
print OUT_FILE "#endif /* OPENSSL_EXTRA && !NO_RSA */\n\n";


print OUT_FILE "#endif /* WOLFSSL_CERTS_TEST_H */\n\n";

# close certs_test.h file
Expand Down
5 changes: 4 additions & 1 deletion src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13488,7 +13488,10 @@ int CheckHostName(DecodedCert* dCert, const char *domainName,
}

#ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
if (checkCN == 1) {
/* RFC 6125: IP address identities must appear in an iPAddress SAN and
* must never be matched against the Subject Common Name. Skip the CN
* fallback when verifying an IP address. */
if (checkCN == 1 && !isIP) {
if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
domainName, (word32)domainNameLen, flags) == 1) {
ret = 0;
Expand Down
30 changes: 30 additions & 0 deletions tests/api/test_ossl_x509.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1060,6 +1060,36 @@ int test_wolfSSL_X509_check_ip_asc(void)
ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0);
ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0);

/* Regression test: a certificate with CN=<ip> and no SAN extension
Copy link
Copy Markdown
Contributor

@dgarske dgarske Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 [Medium] No IPv6 regression test for IP-in-CN bypass
💡 SUGGEST test

The regression tests cover IPv4 addresses (CN=127.0.0.1, CN=*.0.0.1) but do not include an IPv6 test case. The fix in CheckHostName applies to all IP verification equally (the isIP flag is set by CheckIPAddr regardless of address family), so functionally the fix covers IPv6. However, adding a cert with CN=::1 (or similar IPv6 literal) and verifying it is rejected by wolfSSL_X509_check_ip_asc would strengthen the regression coverage and ensure the isIP path works for both address families. Since the underlying code fix is address-family-agnostic, this is a coverage improvement rather than a blocker.

Suggestion:

Suggested change
/* Regression test: a certificate with CN=<ip> and no SAN extension
Consider adding a test certificate with CN="::1" (no SAN) and verifying:
ExpectIntEQ(wolfSSL_X509_check_ip_asc(cn_ipv6, "::1", 0), 0);

— Skoll automated review via openclaw

* must NOT be accepted for IP verification. RFC 6125 requires that IP
* identities appear in an iPAddress SAN; the Subject CN must never be
* matched against an IP address. Likewise a CN of "*.0.0.1" must not
* wildcard-match "127.0.0.1" -- RFC 6125 Section 7.2 prohibits wildcard
* matching for IP addresses. */
{
WOLFSSL_X509 *cn_lit = NULL;
WOLFSSL_X509 *cn_wild = NULL;

ExpectNotNull(cn_lit = wolfSSL_X509_load_certificate_buffer(
cn_ip_literal_der, (int)sizeof(cn_ip_literal_der),
WOLFSSL_FILETYPE_ASN1));
ExpectNotNull(cn_wild = wolfSSL_X509_load_certificate_buffer(
cn_ip_wildcard_der, (int)sizeof(cn_ip_wildcard_der),
WOLFSSL_FILETYPE_ASN1));

/* CN=127.0.0.1 with no SAN must NOT match the IP "127.0.0.1". */
ExpectIntEQ(wolfSSL_X509_check_ip_asc(cn_lit, "127.0.0.1", 0), 0);
/* CN=*.0.0.1 with no SAN must NOT wildcard-match "127.0.0.1". */
ExpectIntEQ(wolfSSL_X509_check_ip_asc(cn_wild, "127.0.0.1", 0), 0);
/* CN-based hostname matching must still work for hostname checks
* (sanity check that the fix didn't over-correct). */
ExpectIntEQ(wolfSSL_X509_check_host(cn_wild, "1.0.0.1",
XSTRLEN("1.0.0.1"), 0, NULL), 1);

wolfSSL_X509_free(cn_wild);
wolfSSL_X509_free(cn_lit);
}

wolfSSL_X509_free(empty);
wolfSSL_X509_free(x509);
#endif
Expand Down
155 changes: 155 additions & 0 deletions wolfssl/certs_test.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7069,5 +7069,160 @@ static const unsigned char x25519_pub_statickey_der[] =

#endif /* USE_CERT_BUFFERS_25519 */

#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)

/* ./certs/test/cn-ip-literal.der */
static const unsigned char cn_ip_literal_der[] =
{
0x30, 0x82, 0x02, 0xAF, 0x30, 0x82, 0x01, 0x97, 0x02, 0x14,
0x03, 0xE8, 0x5C, 0xB5, 0x56, 0x65, 0x58, 0xD4, 0xD9, 0x86,
0x9C, 0xE7, 0x5B, 0x71, 0xE9, 0xD3, 0x33, 0xE1, 0xA2, 0xDC,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30,
0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x31, 0x32,
0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x30, 0x1E, 0x17,
0x0D, 0x32, 0x36, 0x30, 0x34, 0x30, 0x38, 0x32, 0x30, 0x32,
0x35, 0x33, 0x33, 0x5A, 0x17, 0x0D, 0x33, 0x36, 0x30, 0x34,
0x30, 0x35, 0x32, 0x30, 0x32, 0x35, 0x33, 0x33, 0x5A, 0x30,
0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03,
0x0C, 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E,
0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A,
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00,
0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02,
0x82, 0x01, 0x01, 0x00, 0xB9, 0xCC, 0x99, 0xF7, 0xBF, 0x7C,
0x4F, 0xEC, 0x7F, 0xE6, 0x17, 0x4E, 0xE3, 0xD9, 0xE5, 0x25,
0x7D, 0xAB, 0xA8, 0x66, 0xB0, 0x4D, 0x41, 0x5C, 0x20, 0xD8,
0x67, 0xF5, 0xA3, 0xCD, 0x9E, 0x12, 0x7F, 0x09, 0x00, 0xEB,
0x6B, 0xFC, 0x7E, 0x14, 0x10, 0xA0, 0x10, 0x2E, 0x1F, 0xE8,
0xAD, 0xEC, 0xE8, 0x86, 0x54, 0xA2, 0xC4, 0x58, 0x65, 0x26,
0x95, 0x76, 0xA1, 0xE1, 0x02, 0x52, 0x81, 0xCB, 0x7E, 0x8E,
0xB2, 0x31, 0xC9, 0x58, 0x9A, 0xDC, 0x69, 0xAB, 0x8D, 0x23,
0xCD, 0x96, 0x19, 0x1C, 0x68, 0x69, 0xB5, 0x7D, 0x23, 0xE3,
0x58, 0xE6, 0x26, 0xCC, 0x05, 0x40, 0xD2, 0xA9, 0xB1, 0x09,
0x9C, 0xC8, 0x4A, 0xFC, 0x0A, 0x20, 0xBA, 0xC0, 0x12, 0x3B,
0x97, 0x44, 0x2B, 0x30, 0x50, 0x86, 0x0B, 0x27, 0x13, 0x76,
0xB5, 0xF7, 0x80, 0xF0, 0xF2, 0xF0, 0x93, 0x3B, 0x8D, 0xA8,
0x4F, 0xA3, 0xA9, 0xD2, 0xEA, 0xD3, 0xC3, 0xCB, 0xCC, 0x70,
0xA0, 0x0B, 0xC7, 0xC6, 0x3E, 0xC9, 0x27, 0x4C, 0xB5, 0x23,
0x35, 0x6C, 0xB0, 0x30, 0xA2, 0xC1, 0x6D, 0x07, 0xD0, 0x9B,
0x55, 0x6A, 0xF9, 0x18, 0xF0, 0x30, 0x74, 0x3F, 0xF6, 0x17,
0x85, 0xB7, 0xCF, 0xA5, 0xD4, 0x91, 0xAA, 0x54, 0x85, 0xEC,
0xAE, 0xC5, 0x32, 0xF2, 0xB0, 0x21, 0x5A, 0x90, 0x22, 0x66,
0x8B, 0x4B, 0x0D, 0xC3, 0x57, 0x81, 0x86, 0xF2, 0xBB, 0xD2,
0x3B, 0x8C, 0xFC, 0xEE, 0xBD, 0xED, 0xF0, 0xFB, 0xA5, 0xE1,
0x91, 0x5A, 0x68, 0x07, 0x60, 0x38, 0x38, 0xE7, 0x48, 0xE3,
0x83, 0xD6, 0xAF, 0xF0, 0x03, 0x7E, 0x2E, 0x95, 0x0C, 0x33,
0xCF, 0x13, 0xE9, 0xEC, 0xE7, 0xA4, 0x5E, 0xED, 0x02, 0xAE,
0xF2, 0x30, 0x6F, 0x3F, 0xC4, 0x1B, 0x3A, 0x0A, 0xE8, 0xD3,
0x66, 0x32, 0xD6, 0xFD, 0x58, 0x3A, 0x65, 0x93, 0x99, 0xC7,
0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A,
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
0x03, 0x82, 0x01, 0x01, 0x00, 0x3C, 0xA7, 0xDF, 0xD1, 0x44,
0xC5, 0x4D, 0x29, 0x38, 0x51, 0x9D, 0xF6, 0xEE, 0x2F, 0x0C,
0xA3, 0x8A, 0x2A, 0x7C, 0xA1, 0xB1, 0x26, 0x6D, 0xFB, 0x8B,
0x5D, 0xED, 0xDC, 0x1F, 0xF2, 0xF1, 0x99, 0x3C, 0xD8, 0x36,
0xCD, 0x48, 0xF5, 0x91, 0x5B, 0x42, 0x98, 0x89, 0x29, 0xBA,
0x46, 0xAD, 0x93, 0xEA, 0xEA, 0x53, 0x17, 0xE4, 0x6D, 0xB7,
0xDC, 0xB5, 0x4A, 0xD8, 0xED, 0x5C, 0x39, 0x0C, 0xF6, 0x1D,
0x19, 0xFB, 0x22, 0x5D, 0xE4, 0x3F, 0x07, 0x20, 0x6D, 0x2E,
0xDC, 0x92, 0xA5, 0x56, 0xB3, 0x92, 0x74, 0x05, 0xB2, 0x7C,
0xED, 0x73, 0x83, 0x70, 0x5F, 0x0E, 0x75, 0xE1, 0x71, 0x4C,
0xC5, 0xF0, 0x26, 0xC5, 0xA6, 0xD4, 0xB6, 0xB4, 0x79, 0x99,
0x54, 0xD9, 0x21, 0x48, 0x2F, 0x52, 0x6E, 0x47, 0x1D, 0x1C,
0x3A, 0x3B, 0x2A, 0x36, 0xA8, 0x88, 0x95, 0x47, 0x67, 0x59,
0xD5, 0xEE, 0xB6, 0xE9, 0x5B, 0x86, 0x1B, 0x8B, 0x6C, 0xA6,
0xB2, 0x91, 0x81, 0x0C, 0xCA, 0x91, 0x33, 0x32, 0xE5, 0x0D,
0x8F, 0xDA, 0xC7, 0x5B, 0xA6, 0x80, 0x3F, 0x71, 0x50, 0x56,
0xD2, 0x88, 0xFC, 0x53, 0xC5, 0x11, 0x45, 0x1E, 0x8A, 0xB7,
0x0A, 0x83, 0x9E, 0x89, 0x63, 0x24, 0x3E, 0x8C, 0xBD, 0xED,
0xEC, 0xF4, 0x19, 0x32, 0x13, 0xCF, 0xE7, 0xDD, 0xE6, 0x84,
0xED, 0xE7, 0xF7, 0xF9, 0x50, 0x2F, 0x7B, 0xAC, 0x7D, 0xF9,
0x0F, 0x61, 0xD1, 0xF7, 0x59, 0xF0, 0x91, 0x73, 0x26, 0x5A,
0xBA, 0x24, 0xC8, 0x49, 0x86, 0xC1, 0x1A, 0x42, 0x68, 0x70,
0xBF, 0x94, 0x69, 0xD0, 0xD5, 0x26, 0x7E, 0x3C, 0xA9, 0x69,
0x6F, 0xB1, 0xCC, 0xDF, 0x4D, 0xED, 0x91, 0x6D, 0xDF, 0x45,
0x71, 0xF0, 0x88, 0x69, 0x74, 0x49, 0x2C, 0x5E, 0x77, 0xED,
0x92, 0x36, 0x7F, 0x1A, 0x83, 0x36, 0x42, 0x17, 0x5A, 0xDA,
0x91
};
#define sizeof_cn_ip_literal_der (sizeof(cn_ip_literal_der))

/* ./certs/test/cn-ip-wildcard.der */
static const unsigned char cn_ip_wildcard_der[] =
{
0x30, 0x82, 0x02, 0xAB, 0x30, 0x82, 0x01, 0x93, 0x02, 0x14,
0x3A, 0x4E, 0xFC, 0xF1, 0x5F, 0xCB, 0xE3, 0x6A, 0xAE, 0x7F,
0xD6, 0x79, 0xBD, 0x40, 0xC9, 0x64, 0x41, 0xC6, 0xF0, 0x56,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x12, 0x31, 0x10, 0x30,
0x0E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x07, 0x2A, 0x2E,
0x30, 0x2E, 0x30, 0x2E, 0x31, 0x30, 0x1E, 0x17, 0x0D, 0x32,
0x36, 0x30, 0x34, 0x30, 0x38, 0x32, 0x30, 0x32, 0x35, 0x33,
0x33, 0x5A, 0x17, 0x0D, 0x33, 0x36, 0x30, 0x34, 0x30, 0x35,
0x32, 0x30, 0x32, 0x35, 0x33, 0x33, 0x5A, 0x30, 0x12, 0x31,
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x07,
0x2A, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x30, 0x82, 0x01,
0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F,
0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00,
0xB9, 0xCC, 0x99, 0xF7, 0xBF, 0x7C, 0x4F, 0xEC, 0x7F, 0xE6,
0x17, 0x4E, 0xE3, 0xD9, 0xE5, 0x25, 0x7D, 0xAB, 0xA8, 0x66,
0xB0, 0x4D, 0x41, 0x5C, 0x20, 0xD8, 0x67, 0xF5, 0xA3, 0xCD,
0x9E, 0x12, 0x7F, 0x09, 0x00, 0xEB, 0x6B, 0xFC, 0x7E, 0x14,
0x10, 0xA0, 0x10, 0x2E, 0x1F, 0xE8, 0xAD, 0xEC, 0xE8, 0x86,
0x54, 0xA2, 0xC4, 0x58, 0x65, 0x26, 0x95, 0x76, 0xA1, 0xE1,
0x02, 0x52, 0x81, 0xCB, 0x7E, 0x8E, 0xB2, 0x31, 0xC9, 0x58,
0x9A, 0xDC, 0x69, 0xAB, 0x8D, 0x23, 0xCD, 0x96, 0x19, 0x1C,
0x68, 0x69, 0xB5, 0x7D, 0x23, 0xE3, 0x58, 0xE6, 0x26, 0xCC,
0x05, 0x40, 0xD2, 0xA9, 0xB1, 0x09, 0x9C, 0xC8, 0x4A, 0xFC,
0x0A, 0x20, 0xBA, 0xC0, 0x12, 0x3B, 0x97, 0x44, 0x2B, 0x30,
0x50, 0x86, 0x0B, 0x27, 0x13, 0x76, 0xB5, 0xF7, 0x80, 0xF0,
0xF2, 0xF0, 0x93, 0x3B, 0x8D, 0xA8, 0x4F, 0xA3, 0xA9, 0xD2,
0xEA, 0xD3, 0xC3, 0xCB, 0xCC, 0x70, 0xA0, 0x0B, 0xC7, 0xC6,
0x3E, 0xC9, 0x27, 0x4C, 0xB5, 0x23, 0x35, 0x6C, 0xB0, 0x30,
0xA2, 0xC1, 0x6D, 0x07, 0xD0, 0x9B, 0x55, 0x6A, 0xF9, 0x18,
0xF0, 0x30, 0x74, 0x3F, 0xF6, 0x17, 0x85, 0xB7, 0xCF, 0xA5,
0xD4, 0x91, 0xAA, 0x54, 0x85, 0xEC, 0xAE, 0xC5, 0x32, 0xF2,
0xB0, 0x21, 0x5A, 0x90, 0x22, 0x66, 0x8B, 0x4B, 0x0D, 0xC3,
0x57, 0x81, 0x86, 0xF2, 0xBB, 0xD2, 0x3B, 0x8C, 0xFC, 0xEE,
0xBD, 0xED, 0xF0, 0xFB, 0xA5, 0xE1, 0x91, 0x5A, 0x68, 0x07,
0x60, 0x38, 0x38, 0xE7, 0x48, 0xE3, 0x83, 0xD6, 0xAF, 0xF0,
0x03, 0x7E, 0x2E, 0x95, 0x0C, 0x33, 0xCF, 0x13, 0xE9, 0xEC,
0xE7, 0xA4, 0x5E, 0xED, 0x02, 0xAE, 0xF2, 0x30, 0x6F, 0x3F,
0xC4, 0x1B, 0x3A, 0x0A, 0xE8, 0xD3, 0x66, 0x32, 0xD6, 0xFD,
0x58, 0x3A, 0x65, 0x93, 0x99, 0xC7, 0x02, 0x03, 0x01, 0x00,
0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
0x00, 0x7F, 0x3A, 0xF8, 0x93, 0x41, 0x6F, 0xAA, 0xB7, 0xCA,
0x17, 0x81, 0xA7, 0x3E, 0x9F, 0x0C, 0x6D, 0x14, 0x7B, 0x6F,
0x13, 0xF8, 0xBF, 0x63, 0x6E, 0x28, 0x57, 0x0B, 0x9A, 0xC2,
0x2A, 0x88, 0xC0, 0x35, 0x4B, 0xE3, 0x77, 0x31, 0x61, 0xFF,
0xB4, 0x03, 0xE6, 0x11, 0x80, 0x1F, 0x35, 0x65, 0xF6, 0x47,
0x94, 0xE6, 0xB9, 0x60, 0x1E, 0xAE, 0x9C, 0x90, 0xE8, 0x53,
0x8A, 0x46, 0x61, 0x28, 0xFA, 0x4B, 0xE0, 0x71, 0x98, 0xF4,
0x9E, 0xC8, 0x31, 0x98, 0x27, 0x71, 0x6E, 0x3C, 0x85, 0x15,
0x6D, 0x56, 0x20, 0x3B, 0x16, 0xE7, 0x64, 0xB8, 0x51, 0x9A,
0x72, 0x75, 0xA1, 0xD2, 0x2F, 0xCF, 0x2B, 0x61, 0xA2, 0xA8,
0x8B, 0x59, 0x27, 0x4C, 0x18, 0x59, 0x33, 0xBF, 0x9E, 0x5C,
0xEF, 0xBE, 0x71, 0x62, 0x62, 0x20, 0xC8, 0xDC, 0xAF, 0x74,
0xAA, 0x7B, 0xAA, 0xAF, 0x37, 0x81, 0x65, 0xCA, 0xF1, 0x7D,
0xD4, 0x58, 0x11, 0xD7, 0x18, 0xF7, 0x50, 0xA2, 0xA8, 0x89,
0x90, 0x7C, 0x30, 0xDE, 0x2E, 0xF6, 0xBD, 0x3E, 0xBF, 0x14,
0x1E, 0xD4, 0x85, 0x8C, 0x38, 0x1C, 0xA4, 0x26, 0xB7, 0x86,
0xE5, 0x17, 0xFC, 0x67, 0x93, 0x86, 0x1C, 0x1F, 0x91, 0x6F,
0x8C, 0x99, 0xA6, 0x7F, 0x93, 0x92, 0xDB, 0x45, 0x75, 0xBB,
0xB0, 0x78, 0xA3, 0x8B, 0x67, 0xF7, 0x94, 0x26, 0xAC, 0xB9,
0x4A, 0xCA, 0x1F, 0x73, 0xFC, 0x52, 0x78, 0xB8, 0x14, 0x02,
0xBF, 0x69, 0x6F, 0x70, 0x21, 0xAE, 0xD4, 0x12, 0x4F, 0xD1,
0x9F, 0xE6, 0x56, 0x11, 0x80, 0x39, 0x66, 0xE0, 0xD4, 0x56,
0x5B, 0x32, 0xC6, 0x6C, 0xB8, 0xD2, 0xF4, 0x23, 0x7F, 0xBB,
0x62, 0x2F, 0x5D, 0x67, 0x37, 0x38, 0x74, 0xCA, 0xB3, 0x3F,
0x17, 0x53, 0x97, 0xA4, 0xBD, 0xDA, 0x26, 0x6A, 0xB3, 0xD9,
0x9F, 0xAC, 0xD2, 0x58, 0x4F, 0x24, 0x8C
};
#define sizeof_cn_ip_wildcard_der (sizeof(cn_ip_wildcard_der))

#endif /* OPENSSL_EXTRA && !NO_RSA */

#endif /* WOLFSSL_CERTS_TEST_H */

Loading