Version in base suite: 2.0.11-1.2+deb12u1 Base version: mosquitto_2.0.11-1.2+deb12u1 Target version: mosquitto_2.0.11-1.2+deb12u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/mosquitto/mosquitto_2.0.11-1.2+deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/m/mosquitto/mosquitto_2.0.11-1.2+deb12u2.dsc changelog | 26 gbp.conf | 5 patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch | 60 patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch | 188 + patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch | 25 patches/0018-Further-fix-for-CVE-2023-28366.patch | 23 patches/0019-Fixed-issue-in-CA-cert.-creation.patch | 31 patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch | 55 patches/0021-Remove-generated-ssl-certs.patch | 1354 ++++++++++ patches/1571.patch | 6 patches/CVE-2024-8376-1of3.patch | 211 + patches/CVE-2024-8376-2of3.patch | 188 + patches/CVE-2024-8376-3of3.patch | 24 patches/Fix-CONNECT-performance-with-many-user-properties.patch | 23 patches/deb-test.patch | 384 +- patches/debian-config.patch | 19 patches/missing-test.patch | 14 patches/series | 10 patches/ssl-sslcontext-wrap_socket.patch | 157 - tests/broker | 1 tests/client | 1 tests/library | 1 22 files changed, 2578 insertions(+), 228 deletions(-) diff -Nru mosquitto-2.0.11/debian/changelog mosquitto-2.0.11/debian/changelog --- mosquitto-2.0.11/debian/changelog 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/changelog 2025-05-11 19:31:01.000000000 +0000 @@ -1,3 +1,29 @@ +mosquitto (2.0.11-1.2+deb12u2) bookworm; urgency=medium + + [ Philippe Coval ] + * debian/gbp.conf: Build on tag + * debian/gbp.conf: Use debian orig import as upstream + * debian/gbp.conf: Adjust path for stable + * Rediff patches + * d/p/series: Add patches for CVE-2024-8376 + + [ Andreas Henriksson ] + * d/p/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch + - cherry-pick upstream commit fixing regression in CVE-2024-8376 fix + * d/p/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch + - cherry-pick upstream fix for CVE-2024-3935 + * debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch + - cherry-pick upstream fix for CVE-2024-10525 + + [ Philippe Coval ] + * d/patches: Further fix for CVE-2023-28366. + * d/patches: Fixed issue in CA cert. creation + * d/patches: t/Makefile: Generate test certs if not present in sources + * debian/tests: Check ssl certs before running tests + * d/patches: Remove generated ssl certs + + -- Philippe Coval Sun, 11 May 2025 21:31:01 +0200 + mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high * Non-maintainer upload. diff -Nru mosquitto-2.0.11/debian/gbp.conf mosquitto-2.0.11/debian/gbp.conf --- mosquitto-2.0.11/debian/gbp.conf 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/gbp.conf 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,5 @@ +[DEFAULT] +debian-branch=debian/stable/master +upstream-branch=master +filter=*/.git +upstream-tag=upstream/%(version)s diff -Nru mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch --- mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,60 @@ +From: "Roger A. Light" +Date: Wed, 9 Oct 2024 00:54:30 +0100 +Subject: Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". + +Closes #3128. + +(cherry picked from commit b979feb92aa5b22d557b3e60cc191ba18755558e +with ChangeLog.txt changes dropped to avoid conflict) +Signed-off-by: Philippe Coval +--- + src/subs.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/src/subs.c b/src/subs.c +index aaa5aa8..7b3337e 100644 +--- a/src/subs.c ++++ b/src/subs.c +@@ -659,6 +659,7 @@ int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason) + int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, int retain, struct mosquitto_msg_store **stored) + { + int rc = MOSQ_ERR_SUCCESS, rc2; ++ int rc_normal = MOSQ_ERR_NO_SUBSCRIBERS, rc_shared = MOSQ_ERR_NO_SUBSCRIBERS; + struct mosquitto__subhier *subhier; + char **split_topics = NULL; + char *local_topic = NULL; +@@ -675,12 +676,24 @@ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, i + + HASH_FIND(hh, db.normal_subs, split_topics[0], strlen(split_topics[0]), subhier); + if(subhier){ +- rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored); ++ rc_normal = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored); ++ if(rc_normal > 0){ ++ rc = rc_normal; ++ goto end; ++ } + } + + HASH_FIND(hh, db.shared_subs, split_topics[0], strlen(split_topics[0]), subhier); + if(subhier){ +- rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored); ++ rc_shared = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored); ++ if(rc_shared > 0){ ++ rc = rc_shared; ++ goto end; ++ } ++ } ++ ++ if(rc_normal == MOSQ_ERR_NO_SUBSCRIBERS && rc_shared == MOSQ_ERR_NO_SUBSCRIBERS){ ++ rc = MOSQ_ERR_NO_SUBSCRIBERS; + } + + if(retain){ +@@ -688,6 +701,7 @@ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, i + if(rc2) rc = rc2; + } + ++end: + mosquitto__free(split_topics); + mosquitto__free(local_topic); + /* Remove our reference and free if needed. */ diff -Nru mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch --- mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,188 @@ +From: "Roger A. Light" +Date: Tue, 16 Jul 2024 16:43:16 +0100 +Subject: Fix crash on bridge using remapped topic being sent a crafted + packet. + +Closes Eclipse #197. + +(cherry picked from commit ae7a804dadac8f2aaedb24336df8496a9680fda9, +dropped ChangeLog.txt changes to avoid conflicts) +Signed-off-by: Philippe Coval + +Fix crash on bridge using remapped topic being sent a crafted packet. + +Closes Eclipse #197. + +Signed-off-by: Philippe Coval +--- + src/bridge_topic.c | 3 + + test/broker/06-bridge-remap-receive-wildcard.py | 106 ++++++++++++++++++++++++ + test/broker/Makefile | 1 + + test/broker/test.py | 1 + + 4 files changed, 111 insertions(+) + create mode 100755 test/broker/06-bridge-remap-receive-wildcard.py + +diff --git a/src/bridge_topic.c b/src/bridge_topic.c +index dc19fda..4059116 100644 +--- a/src/bridge_topic.c ++++ b/src/bridge_topic.c +@@ -205,6 +205,7 @@ int bridge__remap_topic_in(struct mosquitto *context, char **topic) + rc = mosquitto_topic_matches_sub(cur_topic->remote_topic, *topic, &match); + if(rc){ + mosquitto__free(*topic); ++ *topic = NULL; + return rc; + } + if(match){ +@@ -214,6 +215,7 @@ int bridge__remap_topic_in(struct mosquitto *context, char **topic) + topic_temp = mosquitto__strdup((*topic)+strlen(cur_topic->remote_prefix)); + if(!topic_temp){ + mosquitto__free(*topic); ++ *topic = NULL; + return MOSQ_ERR_NOMEM; + } + mosquitto__free(*topic); +@@ -227,6 +229,7 @@ int bridge__remap_topic_in(struct mosquitto *context, char **topic) + topic_temp = mosquitto__malloc(len+1); + if(!topic_temp){ + mosquitto__free(*topic); ++ *topic = NULL; + return MOSQ_ERR_NOMEM; + } + snprintf(topic_temp, len, "%s%s", cur_topic->local_prefix, *topic); +diff --git a/test/broker/06-bridge-remap-receive-wildcard.py b/test/broker/06-bridge-remap-receive-wildcard.py +new file mode 100755 +index 0000000..a836f83 +--- /dev/null ++++ b/test/broker/06-bridge-remap-receive-wildcard.py +@@ -0,0 +1,106 @@ ++#!/usr/bin/env python3 ++ ++# Does a bridge resend a QoS=1 message correctly after a disconnect? ++ ++from mosq_test_helper import * ++ ++def write_config(filename, port1, port2): ++ with open(filename, 'w') as f: ++ f.write(f"listener {port2}\n") ++ f.write("allow_anonymous true\n") ++ f.write("connection bridge1\n") ++ f.write(f"address 127.0.0.1:{port1}\n") ++ f.write("keepalive_interval 60\n") ++ f.write("topic room1/# both 2 sensor/ myhouse/\n") ++ f.write("topic tst/ba both 2\n") ++ f.write("topic # both 2\n") ++ f.write("keepalive_interval 600\n") ++ f.write("remote_clientid mosquitto\n") ++ f.write("bridge_protocol_version mqttv50\n") ++ f.write("notifications false\n") ++ ++def do_test(proto_ver): ++ (port1, port2) = mosq_test.get_port(2) ++ conf_file = os.path.basename(__file__).replace('.py', '.conf') ++ write_config(conf_file, port1, port2) ++ ++ rc = 1 ++ keepalive = 600 ++ client_id = "mosquitto" ++ connect_packet = mosq_test.gen_connect(client_id, keepalive=keepalive, clean_session=False, proto_ver=proto_ver) ++ connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver) ++ ++ if proto_ver == 5: ++ opts = mqtt5_opts.MQTT_SUB_OPT_NO_LOCAL | mqtt5_opts.MQTT_SUB_OPT_RETAIN_AS_PUBLISHED ++ else: ++ opts = 0 ++ ++ mid = 1 ++ subscribe_packet = mosq_test.gen_subscribe(mid, "myhouse/room1/#", 2 | opts, proto_ver=proto_ver) ++ suback_packet = mosq_test.gen_suback(mid, 2, proto_ver=proto_ver) ++ ++ mid = 2 ++ subscribe_packet2 = mosq_test.gen_subscribe(mid, "tst/ba", 2 | opts, proto_ver=proto_ver) ++ suback_packet2= mosq_test.gen_suback(mid, 2, proto_ver=proto_ver) ++ ++ mid = 3 ++ subscribe_packet3 = mosq_test.gen_subscribe(mid, "#", 2 | opts, proto_ver=proto_ver) ++ suback_packet3 = mosq_test.gen_suback(mid, 2, proto_ver=proto_ver) ++ ++ ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ++ ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) ++ ssock.settimeout(40) ++ ssock.bind(('', port1)) ++ ssock.listen(5) ++ ++ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True) ++ ++ try: ++ (bridge, address) = ssock.accept() ++ bridge.settimeout(20) ++ ++ mosq_test.expect_packet(bridge, "connect", connect_packet) ++ bridge.send(connack_packet) ++ ++ mosq_test.expect_packet(bridge, "subscribe1", subscribe_packet) ++ bridge.send(suback_packet) ++ ++ mosq_test.expect_packet(bridge, "subscribe2", subscribe_packet2) ++ bridge.send(suback_packet2) ++ ++ mosq_test.expect_packet(bridge, "subscribe3", subscribe_packet3) ++ bridge.send(suback_packet3) ++ ++ try: ++ bridge.send(bytes.fromhex("320c00062b2b2b2b2b2b00040033")) ++ #bridge.send(bytes.fromhex("320c00062b2b2b2b2b2b00040033")) ++ #bridge.send(bytes.fromhex("320c00062b2b2b2b2b2b00040033")) ++ mosq_test.do_ping(bridge) ++ except ConnectionResetError: ++ #expected behaviour ++ rc = 0 ++ ++ bridge.close() ++ except mosq_test.TestError: ++ pass ++ except Exception as e: ++ print(e) ++ finally: ++ os.remove(conf_file) ++ try: ++ bridge.close() ++ except NameError: ++ pass ++ ++ broker.terminate() ++ broker.wait() ++ (stdo, stde) = broker.communicate() ++ ssock.close() ++ if rc: ++ print(stde.decode('utf-8')) ++ exit(rc) ++ ++ ++do_test(proto_ver=5) ++ ++exit(0) +diff --git a/test/broker/Makefile b/test/broker/Makefile +index 841e148..22bed0e 100644 +--- a/test/broker/Makefile ++++ b/test/broker/Makefile +@@ -137,6 +137,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14 + ./06-bridge-outgoing-retain.py + ./06-bridge-per-listener-settings.py + ./06-bridge-reconnect-local-out.py ++ ./06-bridge-remap-receive-wildcard.py + + 07 : + #./07-will-delay-invalid-573191.py +diff --git a/test/broker/test.py b/test/broker/test.py +index 622083b..a2b806e 100755 +--- a/test/broker/test.py ++++ b/test/broker/test.py +@@ -117,6 +117,7 @@ tests = [ + (2, './06-bridge-outgoing-retain.py'), + (3, './06-bridge-per-listener-settings.py'), + (2, './06-bridge-reconnect-local-out.py'), ++ (2, './06-bridge-remap-receive-wildcard.py'), + + (1, './07-will-delay-invalid-573191.py'), + (1, './07-will-delay-reconnect.py'), diff -Nru mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch --- mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,25 @@ +From: "Roger A. Light" +Date: Wed, 17 Jul 2024 13:38:34 +0100 +Subject: Don't allow SUBACK with missing reason codes. + +Closes Eclipse #190 + +(cherry picked from commit 8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c, +with changes to ChangeLog.txt dropped to avoid conflicts) +Signed-off-by: Philippe Coval +--- + lib/handle_suback.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/handle_suback.c b/lib/handle_suback.c +index 770558b..05c163a 100644 +--- a/lib/handle_suback.c ++++ b/lib/handle_suback.c +@@ -66,6 +66,7 @@ int handle__suback(struct mosquitto *mosq) + } + + qos_count = (int)(mosq->in_packet.remaining_length - mosq->in_packet.pos); ++ if(qos_count == 0) return MOSQ_ERR_PROTOCOL; + granted_qos = mosquitto__malloc((size_t)qos_count*sizeof(int)); + if(!granted_qos){ + #ifdef WITH_BROKER diff -Nru mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch --- mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,23 @@ +From: "Roger A. Light" +Date: Thu, 27 Feb 2025 16:31:00 +0000 +Subject: Further fix for CVE-2023-28366. + +(cherry picked from commit 664ca4eb16c81f37f4a50f15ec33404bf2edd2e6) +Last-Update: 2025-03-10 +Signed-off-by: Philippe Coval +--- + lib/packet_mosq.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/packet_mosq.c b/lib/packet_mosq.c +index beb14e2..c7e6fff 100644 +--- a/lib/packet_mosq.c ++++ b/lib/packet_mosq.c +@@ -155,6 +155,7 @@ int packet__queue(struct mosquitto *mosq, struct mosquitto__packet *packet) + + #ifdef WITH_BROKER + if(db.config->max_queued_messages > 0 && mosq->out_packet_count >= db.config->max_queued_messages){ ++ packet__cleanup(packet); + mosquitto__free(packet); + if(mosq->is_dropping == false){ + mosq->is_dropping = true; diff -Nru mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch --- mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,31 @@ +From: Joachim Zobel +Date: Wed, 15 Jan 2025 06:58:57 +0100 +Subject: Fixed issue in CA cert. creation + +(cherry picked from commit 59c9d132258f0a09bc02416da16958ebd4555ae6) +Signed-off-by: Philippe Coval +--- + test/ssl/openssl.cnf | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/test/ssl/openssl.cnf b/test/ssl/openssl.cnf +index 0612f44..cbbb701 100644 +--- a/test/ssl/openssl.cnf ++++ b/test/ssl/openssl.cnf +@@ -291,14 +291,12 @@ authorityKeyIdentifier=keyid:always,issuer + + # This is what PKIX recommends but some broken software chokes on critical + # extensions. +-#basicConstraints = critical,CA:true +-# So we do this instead. +-basicConstraints = CA:true ++basicConstraints = critical,CA:true + + # Key usage: this is typical for a CA certificate. However since it will + # prevent it being used as an test self-signed certificate it is best + # left out by default. +-# keyUsage = cRLSign, keyCertSign ++keyUsage = cRLSign, keyCertSign + + # Some might want this also + # nsCertType = sslCA, emailCA diff -Nru mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch --- mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,55 @@ +From: Philippe Coval +Date: Tue, 11 Mar 2025 21:05:11 +0100 +Subject: t/Makefile: Generate test certs if not present in sources + +Since generated keys have expiration date, +it means that the tests are not reproductible over time. +Integrator may be tempted to not rely on upstream files +and generate them on the fly at built time. + +If need files are present this rule will be skip. + +This change was motivated for maintenance of 2.0.11 +in Debian 12 (stable). + +I noticed that upstream regerated certs in master branch since, +but still they will expire in future. + +Origin: https://github.com/eclipse-mosquitto/mosquitto/pull/3234 +Relate-to: https://salsa.debian.org/debian-iot-team/mosquitto/-/merge_requests/21 +Signed-off-by: Philippe Coval +--- + test/Makefile | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/test/Makefile b/test/Makefile +index 54b15ee..9ee028c 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -1,17 +1,23 @@ + include ../config.mk + +-.PHONY: all check test ptest clean ++.PHONY: all check test ptest clean ssl + + all : + + check : test + +-test : utest ++ssl: ssl/all-ca.crt ++ ++ssl/all-ca.crt: ssl/gen.sh ++ cd "${ +Date: Tue, 11 Mar 2025 20:59:48 +0100 +Subject: Remove generated ssl certs + +Forwarded: not-needed +Signed-off-by: Philippe Coval +--- + test/ssl/all-ca.crt | 102 ----------------------------------------- + test/ssl/client-encrypted.crt | 82 --------------------------------- + test/ssl/client-encrypted.key | 30 ------------ + test/ssl/client-expired.crt | 82 --------------------------------- + test/ssl/client-expired.key | 27 ----------- + test/ssl/client-revoked.crt | 82 --------------------------------- + test/ssl/client-revoked.key | 27 ----------- + test/ssl/client.crt | 82 --------------------------------- + test/ssl/client.key | 27 ----------- + test/ssl/crl-empty.pem | 12 ----- + test/ssl/crl.pem | 12 ----- + test/ssl/server-expired.crt | 82 --------------------------------- + test/ssl/server-expired.key | 27 ----------- + test/ssl/server.crt | 82 --------------------------------- + test/ssl/server.key | 27 ----------- + test/ssl/test-alt-ca.crt | 79 ------------------------------- + test/ssl/test-alt-ca.key | 27 ----------- + test/ssl/test-bad-root-ca.crt | 23 ---------- + test/ssl/test-bad-root-ca.key | 27 ----------- + test/ssl/test-fake-root-ca.crt | 23 ---------- + test/ssl/test-fake-root-ca.key | 27 ----------- + test/ssl/test-root-ca.crt | 23 ---------- + test/ssl/test-root-ca.key | 27 ----------- + test/ssl/test-signing-ca.crt | 79 ------------------------------- + test/ssl/test-signing-ca.key | 27 ----------- + 25 files changed, 1145 deletions(-) + delete mode 100644 test/ssl/all-ca.crt + delete mode 100644 test/ssl/client-encrypted.crt + delete mode 100644 test/ssl/client-encrypted.key + delete mode 100644 test/ssl/client-expired.crt + delete mode 100644 test/ssl/client-expired.key + delete mode 100644 test/ssl/client-revoked.crt + delete mode 100644 test/ssl/client-revoked.key + delete mode 100644 test/ssl/client.crt + delete mode 100644 test/ssl/client.key + delete mode 100644 test/ssl/crl-empty.pem + delete mode 100644 test/ssl/crl.pem + delete mode 100644 test/ssl/server-expired.crt + delete mode 100644 test/ssl/server-expired.key + delete mode 100644 test/ssl/server.crt + delete mode 100644 test/ssl/server.key + delete mode 100644 test/ssl/test-alt-ca.crt + delete mode 100644 test/ssl/test-alt-ca.key + delete mode 100644 test/ssl/test-bad-root-ca.crt + delete mode 100644 test/ssl/test-bad-root-ca.key + delete mode 100644 test/ssl/test-fake-root-ca.crt + delete mode 100644 test/ssl/test-fake-root-ca.key + delete mode 100644 test/ssl/test-root-ca.crt + delete mode 100644 test/ssl/test-root-ca.key + delete mode 100644 test/ssl/test-signing-ca.crt + delete mode 100644 test/ssl/test-signing-ca.key + +diff --git a/test/ssl/all-ca.crt b/test/ssl/all-ca.crt +deleted file mode 100644 +index 8744727..0000000 +--- a/test/ssl/all-ca.crt ++++ /dev/null +@@ -1,102 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 1 (0x1) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, L=Derby, O=Mosquitto Project, OU=Testing, CN=Root CA +- Validity +- Not Before: Feb 25 14:54:18 2020 GMT +- Not After : Feb 23 14:54:18 2025 GMT +- Subject: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:c1:a1:1a:6e:76:1f:98:b7:1c:7e:d6:67:d5:dc: +- 92:34:ef:48:22:62:94:56:cb:21:29:c1:88:7c:7a: +- 62:eb:6d:b9:af:8b:80:75:f4:8e:32:e2:20:e2:fa: +- 3a:49:c8:20:74:53:83:0f:c1:48:e2:13:3e:48:27: +- f2:e5:7d:55:c5:87:8c:41:9e:e2:90:58:8c:09:97: +- 1e:bc:5a:ce:10:71:b2:66:02:02:9b:0c:d0:24:47: +- 7a:3a:4d:3a:2e:c0:f0:65:6b:6a:cf:13:13:8a:f0: +- 6d:a0:a5:80:5f:6b:58:77:ae:91:6e:ba:ab:c5:c0: +- 24:f7:22:27:a4:bf:47:52:2d:a0:fc:56:b0:19:16: +- 84:e9:53:ac:1d:7f:29:af:c2:86:44:f5:9b:04:e4: +- bf:8f:e1:b8:61:a0:63:55:0a:7a:93:2a:d8:4a:20: +- b8:6b:b6:e9:20:c6:2c:c2:93:c2:dc:7a:69:90:8e: +- ea:00:5b:0c:66:8a:90:74:b4:d9:01:98:9d:fe:5b: +- 66:e0:39:19:22:50:0d:76:3d:1c:04:fb:93:4d:6e: +- 45:da:e8:cc:27:35:2a:a6:35:a8:87:e1:99:32:42: +- e8:71:eb:7c:f9:69:70:c7:cf:c5:cc:61:c5:ae:47: +- dc:20:86:2b:2b:fe:1c:dd:2c:e9:b0:38:b6:72:8e: +- 09:e9 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- X509v3 Authority Key Identifier: +- keyid:7A:89:5D:1E:C9:B1:72:2F:38:DB:DE:E7:D3:49:80:2C:01:FA:3B:74 +- +- X509v3 Basic Constraints: +- CA:TRUE +- Signature Algorithm: sha256WithRSAEncryption +- d3:8d:e3:33:87:f3:1e:4f:ff:da:1d:f8:61:3f:4a:ae:21:49: +- cd:ee:b1:e0:62:ab:44:70:a8:29:92:83:8d:33:45:4c:ac:b0: +- 66:a0:e8:32:23:76:ef:aa:89:7d:bc:e1:04:17:a5:d7:39:59: +- 99:ab:d9:bf:0c:fd:c5:b6:ad:6f:45:39:c9:27:f1:3e:c0:af: +- c3:8e:b1:1f:8f:fc:34:66:31:f4:f1:11:a0:27:99:a2:65:e2: +- aa:20:a7:98:b6:0e:ff:71:5e:10:e7:ab:1e:33:e7:fb:c8:59: +- d7:89:7a:3b:d9:a9:9f:48:2f:2e:ff:02:61:cd:86:47:60:61: +- 8e:81:71:68:f0:cd:63:72:b8:d2:7d:22:9d:6b:07:49:3a:0a: +- f7:8b:94:b3:98:90:3c:9f:e5:78:1b:84:a9:2e:fb:85:64:59: +- ce:6f:33:05:18:bc:21:df:f5:7c:10:79:d6:58:34:61:0e:1f: +- d5:af:b6:a0:8f:86:ce:56:d1:67:4f:b8:7e:50:2d:ba:77:37: +- 50:0f:91:06:dc:a8:7f:3c:8b:2b:8b:47:df:e3:7e:2f:79:81: +- 22:70:eb:f9:14:f3:66:73:17:33:e4:26:7e:47:df:80:89:de: +- a5:e8:5a:a9:c0:4b:3e:1b:9b:11:4b:3b:b4:8b:6a:9d:6c:ce: +- 39:f5:04:c9 +------BEGIN CERTIFICATE----- +-MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1v +-c3F1aXR0byBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdSb290 +-IENBMB4XDTIwMDIyNTE0NTQxOFoXDTI1MDIyMzE0NTQxOFowZTELMAkGA1UEBhMC +-R0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9q +-ZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMIIBIjAN +-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaEabnYfmLccftZn1dySNO9IImKU +-VsshKcGIfHpi6225r4uAdfSOMuIg4vo6ScggdFODD8FI4hM+SCfy5X1VxYeMQZ7i +-kFiMCZcevFrOEHGyZgICmwzQJEd6Ok06LsDwZWtqzxMTivBtoKWAX2tYd66Rbrqr +-xcAk9yInpL9HUi2g/FawGRaE6VOsHX8pr8KGRPWbBOS/j+G4YaBjVQp6kyrYSiC4 +-a7bpIMYswpPC3HppkI7qAFsMZoqQdLTZAZid/ltm4DkZIlANdj0cBPuTTW5F2ujM +-JzUqpjWoh+GZMkLocet8+Wlwx8/FzGHFrkfcIIYrK/4c3SzpsDi2co4J6QIDAQAB +-o1AwTjAdBgNVHQ4EFgQUqlpbHJEymz+bw0Js0mj2p+DPvuAwHwYDVR0jBBgwFoAU +-eoldHsmxci84297n00mALAH6O3QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF +-AAOCAQEA043jM4fzHk//2h34YT9KriFJze6x4GKrRHCoKZKDjTNFTKywZqDoMiN2 +-76qJfbzhBBel1zlZmavZvwz9xbatb0U5ySfxPsCvw46xH4/8NGYx9PERoCeZomXi +-qiCnmLYO/3FeEOerHjPn+8hZ14l6O9mpn0gvLv8CYc2GR2BhjoFxaPDNY3K40n0i +-nWsHSToK94uUs5iQPJ/leBuEqS77hWRZzm8zBRi8Id/1fBB51lg0YQ4f1a+2oI+G +-zlbRZ0+4flAtunc3UA+RBtyofzyLK4tH3+N+L3mBInDr+RTzZnMXM+QmfkffgIne +-pehaqcBLPhubEUs7tItqnWzOOfUEyQ== +------END CERTIFICATE----- +------BEGIN CERTIFICATE----- +-MIIDwjCCAqqgAwIBAgIURMxcSM9J+pY3g2SE3qoM34dHwPkwDQYJKoZIhvcNAQEL +-BQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM +-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz +-dGluZzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMDAyMjUxNDU0MThaFw0zMDAyMjIx +-NDU0MThaMHIxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYD +-VQQHDAVEZXJieTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNVBAsM +-B1Rlc3RpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +-DwAwggEKAoIBAQDdpftss7fN4lzDhppzwj2WfRehR95WYmiWnXoEsKyEfuh1hINs +-vvI3tz1FWEb/usORr6XGZhgYwjIpSORMoBxuOZh8RDNPmO9KpLYXN1i4g+CfkGAK +-QoBUr7FGGlKDaK4fRg6xx8BKQ1Lxqrx+iAOpIT7tU9YYPYrwiYbdhaYwfMTKXyCl +-V+JypRRKWgzUkua4YRb2TnEH33NaXS0Tw+A0tRxSN26vwRheCrVfo+6CUB0kEaON +-+syuiHP1mGrHj3bMh/MTd3H5u2lu+1GW/Re3HdGFLuHhEq6EkF0fnPCaPS+iJKwU +-1LgQZwGc+UHglTmmqUS6xhpm++/950fYoaiHAgMBAAGjUDBOMB0GA1UdDgQWBBR6 +-iV0eybFyLzjb3ufTSYAsAfo7dDAfBgNVHSMEGDAWgBR6iV0eybFyLzjb3ufTSYAs +-Afo7dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB7/Zn0VBciDCXo +-JA4ZX5boZyQMx7Lm62O+ixChT2hW0VNlouacgfSq455sNxFJKam0ZQKzusMzssNQ +-ticyZUwIosGx36f8qBaGksx0EbgAh9QdOulsYDLW5UsB4Rh94C36NoTd9+BJF6D4 +-89IpuxQehDKKuRG0NUChEkLvJ2AAPi/+iDHZQMB/sAzaT4gJ4eMeY4p4XBb/a9P2 +-w05RCpVNyLg32S7ynLNUrz+/lZUfZ8sYhpdECbFDpb0e1iVc1vst8Pur+cSGFO3f +-HabwuWTdF9Xx8MaH/n32Pv8BxZ/hBdjsXa/CiMyT4POs6XGTpZ2iLcmHo8WS4Uls +-5gKvsjuj +------END CERTIFICATE----- +diff --git a/test/ssl/client-encrypted.crt b/test/ssl/client-encrypted.crt +deleted file mode 100644 +index e0d0eb0..0000000 +--- a/test/ssl/client-encrypted.crt ++++ /dev/null +@@ -1,82 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 6 (0x6) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Validity +- Not Before: Feb 25 14:54:19 2020 GMT +- Not After : Feb 23 14:54:19 2025 GMT +- Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client encrypted +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:b3:5c:d2:08:93:da:a7:4e:a7:39:74:b0:a2:cd: +- ce:f7:02:03:74:5d:f1:de:db:ff:51:68:d8:02:51: +- 1e:80:ac:aa:7c:90:c1:32:c9:7a:e5:ac:c4:bb:c5: +- 6a:c4:2b:96:3f:14:db:a2:b3:89:b6:24:ec:2f:80: +- 8a:a3:3b:89:89:29:c1:6a:de:ec:70:b0:9b:cb:92: +- cf:a1:25:0f:d1:9e:cf:be:71:63:b6:82:85:42:83: +- e9:bf:38:56:8c:f1:75:a7:7f:76:14:50:4c:67:bb: +- 53:a2:97:cf:5e:35:bd:fc:bb:c6:fd:aa:6e:fb:d7: +- fc:9e:64:74:61:6f:ea:48:c0:c1:01:2c:69:f9:20: +- 0e:6a:d1:d3:a1:a3:3f:f7:0d:88:71:93:27:47:5f: +- 94:d4:27:c5:9f:4b:be:86:0b:7f:73:dd:97:28:91: +- f0:aa:f0:09:de:a7:b6:1b:d7:ca:91:34:b0:b9:95: +- 2c:0f:14:1a:ce:da:84:bd:60:5e:f4:f0:f0:87:71: +- 93:44:70:88:3e:1c:2f:4e:16:a5:3c:9c:40:09:a0: +- 22:bd:b4:96:61:cb:e7:58:40:98:6e:61:d3:7f:ae: +- bf:6d:9a:d1:6b:04:c3:55:bd:93:da:95:0d:06:65: +- 65:19:3e:bc:d8:80:12:8f:d8:74:9a:20:5e:db:b6: +- b1:29 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- A4:B3:5E:21:A5:51:C7:37:ED:86:36:79:88:D7:36:88:FE:D0:3F:5D +- X509v3 Authority Key Identifier: +- keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- +- Signature Algorithm: sha256WithRSAEncryption +- 79:90:68:9b:1f:92:48:63:e4:bd:4d:1c:65:a5:b2:25:71:92: +- b4:13:41:b9:9b:fc:50:0b:38:65:34:17:da:22:9c:9f:8e:2b: +- a9:25:06:02:00:49:89:c4:cb:cc:6e:3d:b5:09:15:9f:f9:25: +- e7:a1:61:51:20:9f:68:f3:42:e3:41:70:a8:4a:7a:11:31:3d: +- 55:f5:20:49:d2:12:f5:1d:f6:c5:11:48:e5:c2:e8:47:bc:e1: +- d6:e1:a9:d9:f8:d7:78:18:b5:f5:9b:dd:cf:05:88:9e:06:59: +- 54:a5:b8:1e:db:3e:51:12:28:f4:c3:ff:cb:a3:77:19:b2:86: +- 05:6e:e0:82:77:7f:5f:cd:79:48:c1:bb:39:3b:67:a9:7d:0a: +- 65:24:de:ba:3e:01:a0:be:af:10:88:88:ec:24:b7:8f:ad:49: +- b0:b6:cf:ee:65:bd:78:39:c7:53:0e:a1:32:58:62:af:4c:54: +- 7d:3d:4a:20:ea:c7:b7:15:08:1a:29:f7:40:ab:a2:46:10:b5: +- e5:39:31:88:97:6d:54:fd:d5:9c:24:d1:88:e7:3f:97:b8:75: +- 54:f6:83:c3:de:13:c5:55:5a:df:da:af:d2:f8:d9:3a:c1:83: +- 75:a7:1c:c3:17:13:b8:94:54:73:65:11:87:11:e3:d8:5e:48: +- df:32:95:95 +------BEGIN CERTIFICATE----- +-MIID3jCCAsagAwIBAgIBBjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx +-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1 +-MTQ1NDE5WhcNMjUwMjIzMTQ1NDE5WjCBgjELMAkGA1UEBhMCR0IxGDAWBgNVBAgM +-D05vdHRpbmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwG +-U2VydmVyMRMwEQYDVQQLDApQcm9kdWN0aW9uMR4wHAYDVQQDDBV0ZXN0IGNsaWVu +-dCBlbmNyeXB0ZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzXNII +-k9qnTqc5dLCizc73AgN0XfHe2/9RaNgCUR6ArKp8kMEyyXrlrMS7xWrEK5Y/FNui +-s4m2JOwvgIqjO4mJKcFq3uxwsJvLks+hJQ/Rns++cWO2goVCg+m/OFaM8XWnf3YU +-UExnu1Oil89eNb38u8b9qm771/yeZHRhb+pIwMEBLGn5IA5q0dOhoz/3DYhxkydH +-X5TUJ8WfS76GC39z3ZcokfCq8Anep7Yb18qRNLC5lSwPFBrO2oS9YF708PCHcZNE +-cIg+HC9OFqU8nEAJoCK9tJZhy+dYQJhuYdN/rr9tmtFrBMNVvZPalQ0GZWUZPrzY +-gBKP2HSaIF7btrEpAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W +-HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSks14hpVHH +-N+2GNnmI1zaI/tA/XTAfBgNVHSMEGDAWgBSqWlsckTKbP5vDQmzSaPan4M++4DAN +-BgkqhkiG9w0BAQsFAAOCAQEAeZBomx+SSGPkvU0cZaWyJXGStBNBuZv8UAs4ZTQX +-2iKcn44rqSUGAgBJicTLzG49tQkVn/kl56FhUSCfaPNC40FwqEp6ETE9VfUgSdIS +-9R32xRFI5cLoR7zh1uGp2fjXeBi19ZvdzwWIngZZVKW4Hts+URIo9MP/y6N3GbKG +-BW7ggnd/X815SMG7OTtnqX0KZSTeuj4BoL6vEIiI7CS3j61JsLbP7mW9eDnHUw6h +-Mlhir0xUfT1KIOrHtxUIGin3QKuiRhC15TkxiJdtVP3VnCTRiOc/l7h1VPaDw94T +-xVVa39qv0vjZOsGDdaccwxcTuJRUc2URhxHj2F5I3zKVlQ== +------END CERTIFICATE----- +diff --git a/test/ssl/client-encrypted.key b/test/ssl/client-encrypted.key +deleted file mode 100644 +index 926e731..0000000 +--- a/test/ssl/client-encrypted.key ++++ /dev/null +@@ -1,30 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-Proc-Type: 4,ENCRYPTED +-DEK-Info: DES-EDE3-CBC,D72CFBC7CD65D7FB +- +-vNK1aAAQQ+mBvJuQh9hM34Vn+yqj+ISIP5bkrtwfGIjTnnN3KNbCqUPhVTaO1uz9 +-YA1qpCpr+64oLjpcPBZ1tIVhVwcIoq8/nCJKiWEA7/zICDq1f2x7t3JP5NoP9TlD +-GaAm77JmriUZY0/DEyVBLhRyRIasO3tQSKnmHY1IHI1xalmxK46FTF8YsNpUr5bu +-UdhUyfslVVFxgSArrrQfPi6GS/ik/4Kr9RZUb3U3Zx1xxACGIDudQIYlkSzy0Ye5 +-7ff6JS3Y3UzPi//RKBUVWxqSwPlv6KqfNLQ+vNB4mnILSMmxHrOVY2bB+6c5OdP9 +-LSqDF/Rt+Xga9FraibHtvkrZsr3zQ6IlFt6sjvnN5K2v8d70wep2+lS8o7ljaQkp +-dgvP5YcWhdpMA5ye7JlVQOq7ApmIP1/MhlpLeH7gSZpazKvjQHzPLhjMTjJgDZLj +-lHn3z0+iLIY7Jt9O0NCKHcGvc96A0y+CPt5OaXYLzbnAZXr3HXwB0t85L9FXtZfp +-DL0uFgzQavqQagR6fQvN+F2D/jK3aMA1BmOAlTXl19OgEeXRulltKQfKrE+66W99 +-HVfRxapJMdtIvbZ4unzC4AHmLoDhTF2ryA0U97JeIta3NAk0D1gR9Q3uTWL3FKaO +-4zyTnkUmhEe1xOkXu69n6FannSE0HlyuceX/9VvnPobEXAfs1C5Z3GQ+6WlXtQPh +-+Aaa0mkEG9zukXf1txDoOokXuKHFqQj731MxMj6ah99FBTvr+FNHIj0TpmmQKUBU +-8oufr1E2tUiRwcGD9jGOd7RUJ9Yg4haSeEF5fJfyfIiEa2Vfd+FwuZ31xkC1pf0r +-un456DMT+TwcoCjgGabD5WrRlrIWwcBanwpktiGuDb0B42SZjo6Hb0UxIuialtis +-l/bF1HdTQU8uNwA85M2zKWW8nELQxtp8+sebkOJW+hocNuGNMa8R+2rLXrrKnaIY +-JcWSXHEKbNSVFHohEDHJlC8OTHqhOWf1dqBg23po9PJGcNGmRXnsW1s5I3LMVIuV +-+wy8boQZHY/3OYeHmVfvHpnR1XIz1uOGEyX3jl/pvrlmNnkfF8ZWewcpSarORwSa +-PGulUbsVbG6gXtn4A0cgf2XsbnlB5id1IGzbmeVO/7NMSbqrvucOeHTJWWMNItEk +-6DNnU4k8i0LI/qXSld9d67nqEaYPQlesENASnhAAekMNC6qwrn0CeK/Hw6kKv/y7 +-TsMMsC8bSVCUgHDu1s3GeJ/ziAbmAebw3mdsO6r9HDszlhpqU4htJWmZG8PT9XKy +-f5RoIM039FZFF34T4dZQTJ6AdgIRjtTE/ViOBoQxRd6sHlsBQjX2i2NqHwIifGpS +-y9l4F/AzkpCCxxdey2ueupU9EEGWTifIFH3L0nwKbtDU/PUbSUx0wQTfD4PoB3ll +-1EI+jJGvFqkvlPmKBroMbo6ckd7j7PZba7koiDV4QA2ALDHUruSM8rbVGbF4fplg +-a29WU16BNWPIjrjVYwKBh0571jl8tleun63tvRQ3Cma+QOFJtyYaX01LqYed48od +-19o/XiAarErs077YcrBsiNASBLILTr0QR87oLDNQWLbJghRUCUGV5TVifUnAr2tO +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/client-expired.crt b/test/ssl/client-expired.crt +deleted file mode 100644 +index 3c3891d..0000000 +--- a/test/ssl/client-expired.crt ++++ /dev/null +@@ -1,82 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 4 (0x4) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Validity +- Not Before: Aug 20 00:00:00 2012 GMT +- Not After : Aug 21 00:00:00 2012 GMT +- Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client expired +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:d0:5a:fb:75:01:67:ef:ce:6a:66:1b:44:11:68: +- 0d:49:d1:8e:68:39:f3:a8:71:38:c3:1f:7b:ff:77: +- b7:0f:2e:e8:87:db:be:48:5c:12:6f:ba:fd:3c:22: +- ec:7b:dd:2f:47:42:c5:db:9a:1b:8e:c3:9e:3e:c1: +- 59:53:19:69:7d:37:f8:70:75:b4:eb:28:09:4e:88: +- dd:b1:0f:21:fc:4b:33:98:2a:9a:e6:ed:8d:2a:7b: +- b4:b7:c9:53:28:c8:76:69:35:f2:2e:3d:31:2c:4b: +- 51:f9:2c:73:b9:ab:26:01:7e:8c:ef:7f:33:ee:99: +- ca:ad:61:9f:60:3d:ac:11:c8:09:7b:fd:31:dd:7e: +- 7e:d8:68:69:49:a8:2e:29:f0:9f:61:24:b7:63:5d: +- 98:93:73:96:7e:6f:a6:c2:3b:05:05:9c:82:eb:87: +- dd:f4:56:02:c2:ef:1e:34:02:0a:9c:9d:9a:7e:0c: +- 67:9b:91:74:a0:6e:5e:f6:52:5b:f7:f3:b7:0e:fe: +- 4e:0e:10:e4:fa:dc:4b:91:62:b4:49:42:6d:ea:84: +- 87:4a:89:8e:0d:8a:42:f2:6c:82:a1:93:bd:4d:a2: +- f0:ad:0f:ba:f7:6f:60:b7:7a:1b:9a:b5:e6:41:92: +- d7:3b:37:c6:79:b1:70:9a:6b:35:6a:42:3a:f1:20: +- 90:b7 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- 74:67:BC:4D:15:27:BF:FF:E6:FF:20:B2:FE:9E:D5:B4:A2:57:D1:78 +- X509v3 Authority Key Identifier: +- keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- +- Signature Algorithm: sha256WithRSAEncryption +- 62:fd:1a:03:bc:1a:45:d0:ac:c1:4c:61:08:d0:df:d4:3f:8e: +- 85:f5:6c:ca:f0:ac:75:f9:56:54:f2:e2:17:95:e2:40:be:b3: +- cf:6e:c9:ff:db:12:cb:cd:c9:21:9a:79:35:45:2b:98:e7:38: +- 4d:a8:f1:39:db:5f:e4:fd:7e:f3:da:24:77:86:3a:1c:ab:f1: +- 60:af:33:ed:5b:7a:e8:cb:18:0c:7c:d7:32:af:50:8b:9d:74: +- 53:38:2f:31:9b:16:fc:99:c5:36:b7:4a:bd:96:38:27:96:b2: +- ba:9b:87:8e:48:2a:d7:3d:40:00:8f:54:8e:00:c7:8d:b8:97: +- 0c:3d:d5:67:5c:31:8d:ac:40:7a:27:86:a7:88:ac:90:ac:eb: +- ae:e3:35:dd:b2:03:ae:8b:c0:9d:a3:32:ac:d7:39:f2:b7:d2: +- f8:d2:f8:76:4d:77:cf:df:fd:e6:d6:7c:df:67:3d:21:01:e2: +- 45:d2:59:47:e6:f6:08:99:13:7b:ac:f9:ec:51:0d:8e:68:83: +- 7c:82:84:3d:03:24:dd:db:4c:8d:5a:44:8f:93:de:ea:14:b5: +- 8e:e4:65:02:a4:98:4a:20:eb:07:01:b0:80:9e:2c:52:00:c8: +- f2:9e:60:8e:72:67:57:97:44:7f:65:f7:2b:19:95:e6:c3:38: +- 80:39:66:cd +------BEGIN CERTIFICATE----- +-MIID3DCCAsSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx +-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMTIwODIw +-MDAwMDAwWhcNMTIwODIxMDAwMDAwWjCBgDELMAkGA1UEBhMCR0IxGDAWBgNVBAgM +-D05vdHRpbmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwG +-U2VydmVyMRMwEQYDVQQLDApQcm9kdWN0aW9uMRwwGgYDVQQDDBN0ZXN0IGNsaWVu +-dCBleHBpcmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fr7dQFn +-785qZhtEEWgNSdGOaDnzqHE4wx97/3e3Dy7oh9u+SFwSb7r9PCLse90vR0LF25ob +-jsOePsFZUxlpfTf4cHW06ygJTojdsQ8h/EszmCqa5u2NKnu0t8lTKMh2aTXyLj0x +-LEtR+SxzuasmAX6M738z7pnKrWGfYD2sEcgJe/0x3X5+2GhpSaguKfCfYSS3Y12Y +-k3OWfm+mwjsFBZyC64fd9FYCwu8eNAIKnJ2afgxnm5F0oG5e9lJb9/O3Dv5ODhDk +-+txLkWK0SUJt6oSHSomODYpC8myCoZO9TaLwrQ+6929gt3obmrXmQZLXOzfGebFw +-mms1akI68SCQtwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdGe8TRUnv//m +-/yCy/p7VtKJX0XgwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJ +-KoZIhvcNAQELBQADggEBAGL9GgO8GkXQrMFMYQjQ39Q/joX1bMrwrHX5VlTy4heV +-4kC+s89uyf/bEsvNySGaeTVFK5jnOE2o8TnbX+T9fvPaJHeGOhyr8WCvM+1beujL +-GAx81zKvUIuddFM4LzGbFvyZxTa3Sr2WOCeWsrqbh45IKtc9QACPVI4Ax424lww9 +-1WdcMY2sQHonhqeIrJCs667jNd2yA66LwJ2jMqzXOfK30vjS+HZNd8/f/ebWfN9n +-PSEB4kXSWUfm9giZE3us+exRDY5og3yChD0DJN3bTI1aRI+T3uoUtY7kZQKkmEog +-6wcBsICeLFIAyPKeYI5yZ1eXRH9l9ysZlebDOIA5Zs0= +------END CERTIFICATE----- +diff --git a/test/ssl/client-expired.key b/test/ssl/client-expired.key +deleted file mode 100644 +index 8b85aaf..0000000 +--- a/test/ssl/client-expired.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEogIBAAKCAQEA0Fr7dQFn785qZhtEEWgNSdGOaDnzqHE4wx97/3e3Dy7oh9u+ +-SFwSb7r9PCLse90vR0LF25objsOePsFZUxlpfTf4cHW06ygJTojdsQ8h/EszmCqa +-5u2NKnu0t8lTKMh2aTXyLj0xLEtR+SxzuasmAX6M738z7pnKrWGfYD2sEcgJe/0x +-3X5+2GhpSaguKfCfYSS3Y12Yk3OWfm+mwjsFBZyC64fd9FYCwu8eNAIKnJ2afgxn +-m5F0oG5e9lJb9/O3Dv5ODhDk+txLkWK0SUJt6oSHSomODYpC8myCoZO9TaLwrQ+6 +-929gt3obmrXmQZLXOzfGebFwmms1akI68SCQtwIDAQABAoIBAHz1ZAQbcMOA740H +-Yz5xQi74kEjwILLwHJPhqRNhMBfaETmRz8BEAAakhcXwSBZNZFJ/uHxpI4fuyFRo +-z3KoNf0UeVqxLW0vWM2SBitvoPlX/LyRKM/Avr4w7QSgqNA30dRtty6GIpynG6Wu +-REWhYKzawhnNF09NSyHK/7PPqQgL8+3et4naoyTBfHryA1rSlAZmOAH9xWhbfTzH +-mWUazRp0kRQWQ/HCwQF4ZvXpE52K6U3OWhei440tJEPZDmrdKNrgFwxrBCUBWHuV +-ZP9N/SST52uzJS2t5oQ89jb8aH3zBz0bwwWNQgMBo1MV73JCsrO3RMyaWWSXNGCE +-fJ99JKkCgYEA+C/S61CAEd7eLBguQrY6EkyROf+SMVxD5DjXShpk/SsSuXY76Wu2 +-tpY0dNOjIGk1DIPmGdRtMcOg1RYDFcPF67lj6gwBgXk2qREUtdIzQ/X+3nVCaTCU +-/JuXQHTVnWYuYqT8Nd+IytKc4LrFWNpPDar0a6DSvd3QWQ95Tyg/f2UCgYEA1uom +-myPZxQRmXOwvm+u5ogA1NzCGOxMzpV/Ay2ahqC4as5AsnsL5xgIwYmGCpITYelQp +-8FcQLgvHIHKZjHSSH/qxUvJelcthHp3WDoj2yeiH88AI56xN4pbSYHEZzq6/jyhN +-qykopsLpz67Qz2tn/on3DmjSrMcPqV1nblkHs+sCgYBnlM4al8ZbrwBattzXyuYB +-rSMPabLCFxfesDpqGwn6/3cZIFdw3ButqJLMD2gNptsVFhd6wEWyd0swo7c15jc8 +-Ymtoywn113kQpqhWGhx7SLfOcHH/JN+JbgZ6SEi/IF5LnUAF2/1jaPNAd7LVmodT +-1P2dzckmpOTHxsWCW/HkYQKBgGn7uKQjLt5gyBYlB2lt+vJwBc48qMVzN7HjIZFt +-AGWOru5EOCzm3AQQykmJ6sI1HQhefvweA0Wh20YeHajNR85rc40DJy/ZxwAxOAGc +-+48glALZfcq6BwKp+/9BZ0esl50CdCLnPjvWvTUE8caIIhW9dc9uVA6OcCPGgx5A +-23KXAoGAB1+qBe3rZZ7ke5PFNstASj4PqcwmZRxu7P7Xy6ziHsLTKvyx665IWd+F +-fdrFYWWP5tj+7CGzvLtD0nruAdGyECtmSCclH3iCmjjAWHQiqiZT4ShGzprkQj9d +-bsuhZ95e3mK7liSVujXl5neFWetyoj4MqA1OWjiNaEEUQ02NOlo= +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/client-revoked.crt b/test/ssl/client-revoked.crt +deleted file mode 100644 +index 8e336b0..0000000 +--- a/test/ssl/client-revoked.crt ++++ /dev/null +@@ -1,82 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 5 (0x5) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Validity +- Not Before: Feb 25 14:54:19 2020 GMT +- Not After : Feb 23 14:54:19 2025 GMT +- Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client revoked +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:d3:04:65:0d:da:e3:e6:66:d2:cc:40:05:24:fe: +- 17:67:40:bb:6c:35:dd:18:2c:70:7e:20:d1:00:26: +- 56:b7:1b:4e:e6:3e:8c:6c:0d:e4:d2:c0:dd:71:30: +- 02:f7:a0:83:79:0f:15:94:cd:a3:aa:c7:d4:e3:15: +- af:0a:1a:b3:b8:54:b8:eb:f3:6b:72:3b:d3:f4:0b: +- c6:4c:a9:79:58:95:53:a3:4a:31:81:97:31:a1:67: +- f7:4d:9c:8b:02:b2:8d:79:b2:b1:87:3f:35:75:7e: +- d1:04:6b:fb:7f:44:d7:3c:c2:4b:73:99:ee:61:a0: +- 54:2f:47:a4:62:e3:e6:0c:bb:1a:88:8c:a1:94:8f: +- b5:79:d5:bb:be:75:f8:a7:e1:56:8b:dc:0f:90:9b: +- 94:45:50:fd:0b:7c:a9:bf:17:5a:0a:02:b4:15:3c: +- 88:fa:93:5f:1b:20:8a:c3:aa:c8:18:d1:02:27:38: +- 34:38:8c:ed:f7:58:50:20:53:9e:29:5e:3c:e9:f6: +- cc:98:37:1c:e4:24:7f:2f:44:39:42:31:7c:30:13: +- 0f:42:2c:c8:e1:53:ac:05:4b:e3:bd:7b:05:7a:d3: +- c1:14:ee:c3:06:75:64:5d:11:a6:be:4d:53:8d:06: +- 04:1f:1e:14:a7:8b:53:b9:aa:c3:97:c9:3c:8a:45: +- 6b:05 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- 4B:8F:CC:F4:64:26:0C:0A:37:2B:D1:18:76:9D:AF:B7:D6:19:47:92 +- X509v3 Authority Key Identifier: +- keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- +- Signature Algorithm: sha256WithRSAEncryption +- 13:0e:0b:71:b7:f3:53:f9:4e:7b:19:20:89:4e:a2:bf:e3:a2: +- 5d:66:35:ba:02:ca:b5:b7:39:3f:4f:5b:47:b9:7a:14:c6:83: +- 28:02:2a:fe:68:56:d1:08:8d:e1:a0:c0:8b:8a:38:92:41:ba: +- 79:11:d4:df:8b:f5:1a:bd:ae:59:97:41:8c:4c:de:28:87:ce: +- fb:9e:ad:fb:22:48:d4:3d:9c:60:96:e5:35:71:b9:bc:24:ec: +- 11:e5:c8:96:1c:b1:ec:96:26:32:91:ef:a9:d9:d9:b8:3f:92: +- 9e:61:54:d7:b5:2d:f5:ac:89:4a:49:3e:8f:a9:b7:e2:39:7d: +- 98:5f:21:25:0c:71:16:e7:12:d5:e5:9c:01:6b:a8:50:65:ab: +- 48:db:a8:04:c1:ec:3e:ea:2f:54:30:f8:38:0c:90:fc:71:68: +- 56:98:a9:d4:b7:0e:bb:66:a9:fc:24:50:0b:b9:46:cf:45:56: +- 86:0c:7d:b9:e2:9b:ec:36:e4:c9:fd:96:a6:b0:f7:f3:c9:d4: +- 74:8e:6a:68:5a:2e:6d:6f:78:26:af:93:7d:9c:53:73:92:b5: +- 1d:c1:77:52:ea:2d:21:06:b6:3a:71:be:59:c9:51:a8:fe:89: +- fc:6c:e3:7e:5e:46:93:4c:eb:4f:14:1d:e8:05:99:95:7c:49: +- 40:c9:db:81 +------BEGIN CERTIFICATE----- +-MIID3DCCAsSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx +-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1 +-MTQ1NDE5WhcNMjUwMjIzMTQ1NDE5WjCBgDELMAkGA1UEBhMCR0IxGDAWBgNVBAgM +-D05vdHRpbmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwG +-U2VydmVyMRMwEQYDVQQLDApQcm9kdWN0aW9uMRwwGgYDVQQDDBN0ZXN0IGNsaWVu +-dCByZXZva2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wRlDdrj +-5mbSzEAFJP4XZ0C7bDXdGCxwfiDRACZWtxtO5j6MbA3k0sDdcTAC96CDeQ8VlM2j +-qsfU4xWvChqzuFS46/NrcjvT9AvGTKl5WJVTo0oxgZcxoWf3TZyLArKNebKxhz81 +-dX7RBGv7f0TXPMJLc5nuYaBUL0ekYuPmDLsaiIyhlI+1edW7vnX4p+FWi9wPkJuU +-RVD9C3ypvxdaCgK0FTyI+pNfGyCKw6rIGNECJzg0OIzt91hQIFOeKV486fbMmDcc +-5CR/L0Q5QjF8MBMPQizI4VOsBUvjvXsFetPBFO7DBnVkXRGmvk1TjQYEHx4Up4tT +-uarDl8k8ikVrBQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS4/M9GQmDAo3 +-K9EYdp2vt9YZR5IwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJ +-KoZIhvcNAQELBQADggEBABMOC3G381P5TnsZIIlOor/jol1mNboCyrW3OT9PW0e5 +-ehTGgygCKv5oVtEIjeGgwIuKOJJBunkR1N+L9Rq9rlmXQYxM3iiHzvuerfsiSNQ9 +-nGCW5TVxubwk7BHlyJYcseyWJjKR76nZ2bg/kp5hVNe1LfWsiUpJPo+pt+I5fZhf +-ISUMcRbnEtXlnAFrqFBlq0jbqATB7D7qL1Qw+DgMkPxxaFaYqdS3DrtmqfwkUAu5 +-Rs9FVoYMfbnim+w25Mn9lqaw9/PJ1HSOamhaLm1veCavk32cU3OStR3Bd1LqLSEG +-tjpxvlnJUaj+ifxs435eRpNM608UHegFmZV8SUDJ24E= +------END CERTIFICATE----- +diff --git a/test/ssl/client-revoked.key b/test/ssl/client-revoked.key +deleted file mode 100644 +index bf25ba1..0000000 +--- a/test/ssl/client-revoked.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEowIBAAKCAQEA0wRlDdrj5mbSzEAFJP4XZ0C7bDXdGCxwfiDRACZWtxtO5j6M +-bA3k0sDdcTAC96CDeQ8VlM2jqsfU4xWvChqzuFS46/NrcjvT9AvGTKl5WJVTo0ox +-gZcxoWf3TZyLArKNebKxhz81dX7RBGv7f0TXPMJLc5nuYaBUL0ekYuPmDLsaiIyh +-lI+1edW7vnX4p+FWi9wPkJuURVD9C3ypvxdaCgK0FTyI+pNfGyCKw6rIGNECJzg0 +-OIzt91hQIFOeKV486fbMmDcc5CR/L0Q5QjF8MBMPQizI4VOsBUvjvXsFetPBFO7D +-BnVkXRGmvk1TjQYEHx4Up4tTuarDl8k8ikVrBQIDAQABAoIBAC8u5mGothjImQ3u +-qrfQ0O7XfJD/okZLeYPaVqFP8UfUJVo6Vi+7E5VEZr9uWtt/2qXxB4RUTupa8HEu +-YgtCWTk4SHkJ3taWJhiFoXt20ZlLGn6CkntFkWVj19pUzIh34EZ7/FIfghaZmqcA +-diXJAM+nKjPZEYJm1SwVOt6Z0tC5hRW9R3eCf8dxC6YlPJv9sebi6C9AqKVe6IsG +-98CNFJG7hdgdsMFCzjDfasHreXGZ9w/pG9O+szAloqyM6k8R/3gT1Cx8Qwh6KIMt +-xL1KZyBw3dm7rCBxtozZC8nRzGFNoHWYS44wFxYaN11Y96h+ACLJYD7q6oOL4Oz9 +-Kh8hn+kCgYEA/6X8WDbjEv9akZurMa3AOOAsAHb+K/kSyc3pV3C3RMxR2y4z6W4x +-4ZiJePpwsFZR0Ss/wXPnVBo1CEAJxHrBIb5zrzQwYIPFrNL7lPO4oalN0+Xpvo5r +-GIP354Yh1Eb98eLotBpcppI2MiE6z++lvUJ8HGcIuOMNeFEmIRl1E18CgYEA006x +-vMGrzv36ZPPsTkaAU8gLVinqseEggNd90fuOAi9UQ/9k/MjeTYtL/c/3VcIWgHA1 +-4Emvt5UUI0Gr3/it+O2cr5snIglrsnAFADaWrzjSMHLpLdHzUfMHCbAJLYO9vYec +-l2vpIcASvR7C1cQzFuBhNZC13uRWtV8O4BvPoBsCgYA/+Tl8mb+ZMW1oopvkgqZn +-lTFtrFlOh7W76ltKFlrGTJrvTlCPSZQR8Cn2rDUm63Lt9PSvZGGvGh/LQLsw/8b0 +-usQYQ+cXP+JnrSRn0dWSHtvq+s3TcbA7IksXFOnCRUGnFjFFYJNu24fUY5xkDIRd +-KBYGxYHZQnhMc4InJke14QKBgQCXSb6DkH48IydFZEcJ+/whABbtx/EbDj5BQQf6 +-cYrJEa3ZSV+6hO50wojT3jQNmHqX1r8cKGXAoOHcJEa0gs28bhNCv2kTO396MC3E +-a1ETfzEuMve0MJ9vSvr8+qZ3id0td4yr9TzjRyujcAS7HFAfzuKKgWNVhFJ4ZOi3 +-l/HdhQKBgE7V2j71No6xkjj9jOguI3TpCFXqQoSa9KhWOVXJrbpfE0K2QxvfQ6WO +-usWDGw9102OdFqfaFf2LE1cbIQe9M35QRrT9AjsZxtoc60XpZEwYS+FFh7po/t2t +-Apb8jiyBBAI9aYNRlWVo/1emnG6QUR45gX0Bu7glr+P4A+aopBi2 +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/client.crt b/test/ssl/client.crt +deleted file mode 100644 +index 6a325f6..0000000 +--- a/test/ssl/client.crt ++++ /dev/null +@@ -1,82 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 3 (0x3) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Validity +- Not Before: Feb 25 14:54:19 2020 GMT +- Not After : Feb 23 14:54:19 2025 GMT +- Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:bf:6a:a5:cd:66:6a:1d:20:48:3a:f1:ff:61:9d: +- fd:1f:18:26:a0:43:4c:b0:4c:b9:8d:4e:7d:d0:81: +- e0:43:81:9e:70:75:cb:c4:57:49:3c:84:34:51:45: +- a2:9f:00:50:20:d6:5f:34:3c:02:bb:69:2f:64:4a: +- 28:21:e3:95:41:e8:50:04:f3:bf:f2:5a:9e:27:64: +- 5b:b3:bc:49:96:36:10:56:06:47:1a:ca:db:ad:6f: +- e3:f7:83:dc:42:37:28:07:58:a7:6f:26:45:b7:69: +- 6f:af:28:62:f8:7e:98:98:21:0a:a6:da:ae:d5:4b: +- fe:db:09:1a:b4:75:d5:09:3b:13:9e:33:9e:b4:d6: +- 5e:21:e6:fb:37:09:bb:1a:56:e1:5d:64:bc:5a:77: +- 99:ac:81:cc:2b:b7:9b:49:b6:e8:ba:2e:32:d9:9e: +- 8e:4d:2e:fc:17:d0:37:44:0f:35:a9:af:f1:44:bb: +- cb:2c:2a:75:f0:7e:ba:b6:1a:73:32:d6:1f:4c:3b: +- 9b:38:f0:e9:22:06:3c:94:6b:5f:69:e4:be:2f:fa: +- 9c:c4:9e:7c:c0:dd:c2:3c:53:b8:28:ca:77:a0:96: +- 6b:9c:cb:3f:44:b1:c5:51:75:89:a0:16:ba:82:63: +- f7:c4:24:7f:06:89:58:45:10:69:e4:97:f5:35:fe: +- 7e:97 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- 36:51:2B:BB:3E:B7:6B:2B:7F:D4:86:AE:67:75:C2:01:54:5B:72:3C +- X509v3 Authority Key Identifier: +- keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- +- Signature Algorithm: sha256WithRSAEncryption +- 32:70:51:f0:c2:35:6f:83:e3:bc:f3:f2:6f:e9:79:e6:a9:51: +- d0:69:fa:fb:a8:a8:d4:59:c4:c4:ee:9b:59:9a:ce:a8:2e:7e: +- 71:a5:23:4c:27:76:e5:b6:e1:6d:bd:a4:24:f1:38:01:7d:d8: +- d6:f2:c4:d8:58:b5:59:0d:b9:05:45:62:59:34:54:56:49:c4: +- 2c:f4:bd:17:a0:f2:72:e3:63:c3:69:40:55:e8:a4:57:23:38: +- e5:5e:f2:b0:3a:ee:27:b4:0e:ca:5e:a9:55:60:db:4d:30:ad: +- c5:13:d3:a4:ed:49:ff:c3:4a:e5:82:9d:5d:c6:ad:62:d9:49: +- 90:d1:0f:5e:89:1b:d7:f3:c1:3c:45:dc:84:09:b2:77:c2:fe: +- 47:9d:90:d4:f1:6c:54:20:a9:0d:9e:f8:a4:b9:55:c9:22:ef: +- 30:d1:d2:59:ba:ae:c1:d2:60:44:83:7f:0a:eb:36:ed:e2:0e: +- 7c:67:b3:c2:0d:25:bd:75:36:d8:af:ad:62:f8:f4:80:8f:ae: +- ec:e7:1c:a6:1f:f5:ff:8e:8b:c8:28:03:d3:de:08:4e:26:e1: +- 61:ce:3d:24:93:9b:da:d7:f7:8e:15:5d:32:55:5e:c9:7f:6b: +- 0d:a8:f7:b2:73:85:2a:63:25:93:37:14:ce:64:cc:f6:07:a1: +- dc:29:f6:53 +------BEGIN CERTIFICATE----- +-MIID0zCCArugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx +-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1 +-MTQ1NDE5WhcNMjUwMjIzMTQ1NDE5WjB4MQswCQYDVQQGEwJHQjEYMBYGA1UECAwP +-Tm90dGluZ2hhbXNoaXJlMRMwEQYDVQQHDApOb3R0aW5naGFtMQ8wDQYDVQQKDAZT +-ZXJ2ZXIxEzARBgNVBAsMClByb2R1Y3Rpb24xFDASBgNVBAMMC3Rlc3QgY2xpZW50 +-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2qlzWZqHSBIOvH/YZ39 +-HxgmoENMsEy5jU590IHgQ4GecHXLxFdJPIQ0UUWinwBQINZfNDwCu2kvZEooIeOV +-QehQBPO/8lqeJ2Rbs7xJljYQVgZHGsrbrW/j94PcQjcoB1inbyZFt2lvryhi+H6Y +-mCEKptqu1Uv+2wkatHXVCTsTnjOetNZeIeb7Nwm7GlbhXWS8WneZrIHMK7ebSbbo +-ui4y2Z6OTS78F9A3RA81qa/xRLvLLCp18H66thpzMtYfTDubOPDpIgY8lGtfaeS+ +-L/qcxJ58wN3CPFO4KMp3oJZrnMs/RLHFUXWJoBa6gmP3xCR/BolYRRBp5Jf1Nf5+ +-lwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl +-bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNlEruz63ayt/1IauZ3XCAVRb +-cjwwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJKoZIhvcNAQEL +-BQADggEBADJwUfDCNW+D47zz8m/peeapUdBp+vuoqNRZxMTum1mazqgufnGlI0wn +-duW24W29pCTxOAF92NbyxNhYtVkNuQVFYlk0VFZJxCz0vReg8nLjY8NpQFXopFcj +-OOVe8rA67ie0DspeqVVg200wrcUT06TtSf/DSuWCnV3GrWLZSZDRD16JG9fzwTxF +-3IQJsnfC/kedkNTxbFQgqQ2e+KS5Vcki7zDR0lm6rsHSYESDfwrrNu3iDnxns8IN +-Jb11NtivrWL49ICPruznHKYf9f+Oi8goA9PeCE4m4WHOPSSTm9rX944VXTJVXsl/ +-aw2o97JzhSpjJZM3FM5kzPYHodwp9lM= +------END CERTIFICATE----- +diff --git a/test/ssl/client.key b/test/ssl/client.key +deleted file mode 100644 +index d2c60ef..0000000 +--- a/test/ssl/client.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEpQIBAAKCAQEAv2qlzWZqHSBIOvH/YZ39HxgmoENMsEy5jU590IHgQ4GecHXL +-xFdJPIQ0UUWinwBQINZfNDwCu2kvZEooIeOVQehQBPO/8lqeJ2Rbs7xJljYQVgZH +-GsrbrW/j94PcQjcoB1inbyZFt2lvryhi+H6YmCEKptqu1Uv+2wkatHXVCTsTnjOe +-tNZeIeb7Nwm7GlbhXWS8WneZrIHMK7ebSbboui4y2Z6OTS78F9A3RA81qa/xRLvL +-LCp18H66thpzMtYfTDubOPDpIgY8lGtfaeS+L/qcxJ58wN3CPFO4KMp3oJZrnMs/ +-RLHFUXWJoBa6gmP3xCR/BolYRRBp5Jf1Nf5+lwIDAQABAoIBAQCxu6DAG3wkFzl6 +-IgFy7nN9T7tty4+Fk3gm0N7Zn/5QMCahXX8ai8Ggw1CgtfvNj0jXdLVplt8ijQRI +-JuMktGB+lerW7k0oByQah4DuXsIlC4YXmjSjmABqBh6yUGlPwk8Uoyi0d+D78JaX +-GPTsrv+ZIfT2AM+dlbbKQqXdMhvhOLHn+p8+j5iX4UMt5UY3wbVH9gu4nTSG2Sce +-+OKRbOynCleYtlhpkVx2J2f3szxz/FBGjywX/9EMmJvOg3uvJ74lxYEB3e5RQdnZ +-FAxRlh+S54u1AjqFjUjLtWFgYjrQfmwtEA+GYGDwQK8CZJKEN8ARkNl4SzNu+qj0 +-mDfWIzjBAoGBAOhhBCY/k6rwa6RjwArEX4KpTkAISo3esBC8IF7rIDWrvK0c+hqY +-QO8Zdt2vnJNO2e94c7WXLZ90FGan2vD7E9ICEU4fC2Rk3xdMUSpTFToKRvWvD7Z1 +-RhOYkOLz904t391UdQrhT3DnIZ+05XbheR9GJWS2SImbCqjlzI3aFTOfAoGBANLf +-tIwf6k676mOigJ0ueNI3/Hz3UbnJFWeqwclgQbpCQpzLeexyKrkTZqslxnge29hb +-JrQrem97WSVC8EqXU3PI/0chRYUUL2UdGX6nKlBL+MDLbGoUkRNqrBxhUajBT2Yq +-3tONIlHsFFd843dAr90DZxoj8WYA4NnaW4xR0ZIJAoGAeBWiek2CduSVC7eMh0Ph +-g3kQeeCO/m9kltFQ/RwOYg3ki6Uczd9+NtD27yqQBEPMNYcObHm6Vts6q630Y3Gs +-VWtCHBfI4FGMQ9LpYrDamEq1TsLvoL9LvlaqEM44L4tfU1YQwdWbIuIeKxTlO6Da +-4cFzE29rXsjjIlLWeTuIl0sCgYEA0Mak5VqvyzXnUK/RsE0TV+YQN9VQ96SraZC4 +-/dwsFvGFK+GUm9FIlSYtLuNehQzgUmukfRrSxE8WKnsEloUOHYNxooXBY4lhhzVx +-SWDN1uPwq0h71Ob534RsVEjR5UdGifuF02NXCE64sQm31xiXRTUaPdo6JOhXtbin +-jNxwpakCgYEAoGkfZxUd6yZtNLmEKUwFT4/1edMg9XdyZggbfkaM2acn6cCk/XdJ +-zZSDcvnNyui30Amuiiin40QWX0OizeTnUS73knPTitQIb0+YEXp6NTKKsc1Frn6w +-pGjTOoVH4PDwBGs7vSO8uip6gdeGI1bCAK5zKeWR5gHE/UCrP/WQXy8= +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/crl-empty.pem b/test/ssl/crl-empty.pem +deleted file mode 100644 +index b3791b2..0000000 +--- a/test/ssl/crl-empty.pem ++++ /dev/null +@@ -1,12 +0,0 @@ +------BEGIN X509 CRL----- +-MIIBwDCBqQIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjETMBEGA1UE +-CAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNV +-BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EXDTIwMDIyNTE0NTQxOVoY +-DzIxMDIwNDE2MTQ1NDE5WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQAD +-ggEBADXrRSpMfj+Iuz/Uy/ti4k0Qx+H/e93pown8Cgx/w9FwtsTsaTKOff0r3uKb +-KpKJJ4BSkysUOaZ72cLoooNYoEcYgpcqx3PlhmjuBGcOH1YG5ca+nzIayZgQe3Nl +-hGBvYfpX+YMpG7gHy5WPxi0T+uUF7XfTEfpmw8asVSZvZNy0nMB3cZCCA4yiICay +-vaOIrrHshSlDPw6iafhcBNLAdq5Xz+KF4Pv78Wfs+zwnm0BzRGtVB7cWCaGvUi3v +-dAqzzBsdP0naFYVaZ1BJcE06Dn5O6LSA6snOswCTGOYI50zMZzRXkUo3pZ/xqVPc +-Cdo6QspVlxGedSxXD13KbGPAoak= +------END X509 CRL----- +diff --git a/test/ssl/crl.pem b/test/ssl/crl.pem +deleted file mode 100644 +index 06aa07b..0000000 +--- a/test/ssl/crl.pem ++++ /dev/null +@@ -1,12 +0,0 @@ +------BEGIN X509 CRL----- +-MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjETMBEGA1UE +-CAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNV +-BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EXDTIwMDIyNTE0NTQxOVoY +-DzIxMDIwNDE2MTQ1NDE5WjAUMBICAQUXDTIwMDIyNTE0NTQxOVqgDjAMMAoGA1Ud +-FAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQCMM5PyBAY5BuNVk0k2Bqn5FvlIrSnS +-LMZaoUVG/OtgjMD6g47dSXVHgIXmuFu3Bp44mRM85ZVd1URjmjR4ZwfVfcprkqo7 +-L655K+nyPUoq5IZh7y4MKVYwbEfetu0HjWuOqFI9T7zalOF9MfeoOx6u93CTgUvy +-1s5EVnG0d0qon3CEHTJwpzYQDgXVesUX0ZqNwvKnMGQhB8YQ/NOX807xQR5Ckl7s +-6CYkAySe84lMascnwe1nFp3nGIxbOTxXqohWkvscM6933+veisgh6F4p63oF4rKs +-Xr93Bf9FsvwfitI/PfMWkKzFEEaZTjAM26ioLgBBcBxxIJleLysyudd2 +------END X509 CRL----- +diff --git a/test/ssl/server-expired.crt b/test/ssl/server-expired.crt +deleted file mode 100644 +index 9a938e7..0000000 +--- a/test/ssl/server-expired.crt ++++ /dev/null +@@ -1,82 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 2 (0x2) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Validity +- Not Before: Aug 20 00:00:00 2012 GMT +- Not After : Aug 21 00:00:00 2012 GMT +- Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production-expired, CN=localhost +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:95:0d:f4:ee:f2:c8:f8:84:23:78:af:73:53:78: +- 78:95:fd:cd:a6:fd:fd:0f:c7:ee:1c:39:e7:3c:d5: +- 2b:ac:1d:ab:92:e9:8d:df:c1:15:37:40:3d:d1:b6: +- 96:78:ec:4e:63:54:53:14:d4:9d:bc:42:6d:d9:5d: +- 3b:ce:d4:d0:a5:f1:ef:32:5a:c7:63:1b:2c:01:a7: +- f4:9e:9a:39:95:c4:70:02:fa:8f:d2:d1:fc:0c:51: +- 4e:e1:91:54:88:ee:0d:c1:f0:6a:17:7d:05:9e:f2: +- 2e:b8:ed:49:b3:41:70:21:94:b4:02:22:bf:ff:79: +- 0d:fb:38:bb:a1:3d:c0:a9:60:5e:39:18:8e:07:48: +- 15:10:7b:b0:01:2b:2b:35:8c:67:be:85:70:cf:ba: +- 99:bc:a8:1d:50:3f:ac:d9:32:91:ea:59:c4:4a:7a: +- 72:5d:28:1e:43:5b:0b:b5:c0:d0:9d:ac:c5:68:c9: +- e5:ef:3e:cf:58:04:e6:99:4e:21:7c:c0:80:9d:88: +- f4:89:ca:d3:17:e1:77:fa:31:8c:7d:14:3e:af:e0: +- 16:f8:67:28:4b:18:bb:fd:c3:4a:64:1f:c7:26:3b: +- 0c:db:04:e7:11:35:13:99:ca:9c:25:87:48:e6:60: +- f2:a1:ef:7c:c2:5f:c3:02:ee:4c:27:32:da:20:76: +- 70:79 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- 75:36:7F:77:C7:7D:8D:B8:2B:7C:7D:8B:D8:0C:AD:59:3C:B0:85:E6 +- X509v3 Authority Key Identifier: +- keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- +- Signature Algorithm: sha256WithRSAEncryption +- 74:c7:1f:42:e3:00:94:1a:16:ec:c9:17:02:1f:4f:e6:b0:4a: +- 4b:b1:2d:d2:3f:04:54:54:23:d1:b6:da:fa:fc:ac:3e:32:35: +- a9:68:6b:b7:bc:06:ee:58:d5:95:a5:48:56:cb:ea:9d:d3:5e: +- 68:ce:8f:65:60:40:42:a6:8d:c5:e4:33:d3:ef:ed:e4:fd:23: +- fe:28:34:ca:eb:2f:69:45:8e:61:dc:e2:0c:50:96:35:94:90: +- 25:61:55:d5:9c:d8:00:63:e0:6e:a1:67:f2:3f:34:a5:9d:33: +- 2a:7d:de:c0:89:8c:46:b1:fc:d4:19:7e:be:83:e0:f1:34:ff: +- 41:d3:cd:fb:e5:71:9d:05:00:67:af:f3:03:be:f6:e9:db:76: +- 58:89:72:68:7f:32:84:ff:c0:38:95:89:60:1b:99:fc:5e:37: +- 81:fa:ce:e7:78:7f:6c:3e:b9:70:74:62:62:d3:c2:8e:8e:2c: +- 11:fc:e6:fa:9a:cd:1e:79:67:51:01:54:1e:7d:db:32:09:13: +- 14:91:a3:56:2d:8e:fa:f8:3d:49:67:fe:b2:c8:11:8a:09:0e: +- 05:b0:0e:6b:39:4e:c5:7e:13:ea:40:41:26:d1:c0:c3:a2:cb: +- cc:3d:cf:fe:59:0a:e1:b8:0d:50:47:0a:86:b4:72:21:89:b7: +- 5b:e2:37:2d +------BEGIN CERTIFICATE----- +-MIID2TCCAsGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx +-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMTIwODIw +-MDAwMDAwWhcNMTIwODIxMDAwMDAwWjB+MQswCQYDVQQGEwJHQjEYMBYGA1UECAwP +-Tm90dGluZ2hhbXNoaXJlMRMwEQYDVQQHDApOb3R0aW5naGFtMQ8wDQYDVQQKDAZT +-ZXJ2ZXIxGzAZBgNVBAsMElByb2R1Y3Rpb24tZXhwaXJlZDESMBAGA1UEAwwJbG9j +-YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ307vLI+IQj +-eK9zU3h4lf3Npv39D8fuHDnnPNUrrB2rkumN38EVN0A90baWeOxOY1RTFNSdvEJt +-2V07ztTQpfHvMlrHYxssAaf0npo5lcRwAvqP0tH8DFFO4ZFUiO4NwfBqF30FnvIu +-uO1Js0FwIZS0AiK//3kN+zi7oT3AqWBeORiOB0gVEHuwASsrNYxnvoVwz7qZvKgd +-UD+s2TKR6lnESnpyXSgeQ1sLtcDQnazFaMnl7z7PWATmmU4hfMCAnYj0icrTF+F3 +-+jGMfRQ+r+AW+GcoSxi7/cNKZB/HJjsM2wTnETUTmcqcJYdI5mDyoe98wl/DAu5M +-JzLaIHZweQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +-U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdTZ/d8d9jbgrfH2L +-2AytWTywheYwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJKoZI +-hvcNAQELBQADggEBAHTHH0LjAJQaFuzJFwIfT+awSkuxLdI/BFRUI9G22vr8rD4y +-Naloa7e8Bu5Y1ZWlSFbL6p3TXmjOj2VgQEKmjcXkM9Pv7eT9I/4oNMrrL2lFjmHc +-4gxQljWUkCVhVdWc2ABj4G6hZ/I/NKWdMyp93sCJjEax/NQZfr6D4PE0/0HTzfvl +-cZ0FAGev8wO+9unbdliJcmh/MoT/wDiViWAbmfxeN4H6zud4f2w+uXB0YmLTwo6O +-LBH85vqazR55Z1EBVB592zIJExSRo1Ytjvr4PUln/rLIEYoJDgWwDms5TsV+E+pA +-QSbRwMOiy8w9z/5ZCuG4DVBHCoa0ciGJt1viNy0= +------END CERTIFICATE----- +diff --git a/test/ssl/server-expired.key b/test/ssl/server-expired.key +deleted file mode 100644 +index 799477a..0000000 +--- a/test/ssl/server-expired.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEogIBAAKCAQEAlQ307vLI+IQjeK9zU3h4lf3Npv39D8fuHDnnPNUrrB2rkumN +-38EVN0A90baWeOxOY1RTFNSdvEJt2V07ztTQpfHvMlrHYxssAaf0npo5lcRwAvqP +-0tH8DFFO4ZFUiO4NwfBqF30FnvIuuO1Js0FwIZS0AiK//3kN+zi7oT3AqWBeORiO +-B0gVEHuwASsrNYxnvoVwz7qZvKgdUD+s2TKR6lnESnpyXSgeQ1sLtcDQnazFaMnl +-7z7PWATmmU4hfMCAnYj0icrTF+F3+jGMfRQ+r+AW+GcoSxi7/cNKZB/HJjsM2wTn +-ETUTmcqcJYdI5mDyoe98wl/DAu5MJzLaIHZweQIDAQABAoIBAGp3BJtkaS4xXBDI +-6UwWwbMJDUqZIpeSC763kTZ/YOlYbAPMtNy80oWbakyP6ZzH1RnX0lwPnfcpT8Mx +-eBW9JqdRTrQd6UsdzmoEaJKcwEL8g7Fs/SvtduXpcblmkAYaW1NKgMz0LP6iJ8NJ +-IhpaxFgIGidoYNF+ywDFPifmruWLa9OOQNv3fFrLHfLaZnoO/jdk6uMPMuoTsaV2 +-VgkzTlyQ+6VkBKB0j1VKGJIPsQglrw2kTdlucyWD6J5Lymex38nfuu8hVwIMZYxj +-eC0lxLllNagu6RgRx4PYmOv4041dP39MxAuLfawWz61/gXxzhaiBvUI9SXvLmWY+ +-hhyfFXECgYEAw3v+dBXCUSsQ/TU0AQCukGvzWYdgksZN5mK2Jq1dkdvVbgWYdrcv +-sY05n0ejrojouLShVdXY7hktzG122nZLuZSN8Vb8enV/FjM5s+JZi6DRSZJ/9KQN +-sklutALXyDsfxcvqnAZkznx/BRF2Ny1ZPuWewInFNP5B+OJ4u+GLjK0CgYEAwzJt +-3VvfVNsqagHWM94L+tiDBHQjz0Wiv69wZzcCJcaVfGly8F0Uyt/DHs4cl1l3aKS3 +-04wgVHkowvm//MoApRYNt4LS80BnL42NFinPT+L+/eNETRUheSOEFzdi2aXAmD2G +-ojaVON9BKvr69BfSHNtSQFpX3qZYyczS8c41wH0CgYBYs+jwb/cusaYR35RraA3O +-Bs3zsBRIRaePhPc2cbBlwSUFuZBHPjRsErM07WL+ja1cMsqKknDPCanYe0tVMhyG +-ZzxJaLlEMBCs2C20zF7plt2gztM1BUQZxGxxTmDvwLRYIoGgrt4LPD6+4/+KZg97 +-FOKGZ32O4Fi7QLicOGoEOQKBgCxcU5eQ/4pbXKJG1JVpCzPw7KWgd1rtqnUBu/vZ +-BoXrQaHKnTJ/FPCeNcvUb679yCNh+9z55YcNGfRlqfobNlZOUsO32ZUqt8iY1M2K +-pvCy19x/P9B80uSi66wTDEYGY2S15tkKqpMIOdk4vLuohjnEpka1wW56Q4dpIy+M +-+65JAoGAYV8oukeeucSAIB74AdP6F9NP1HQc2RQT6lVYQRkSwuhRi1rEyelati/Y +-bezK5vsHPaNQcTM0IJup0MSQjslm7NU06xiW+jE5YCbaqTzwto1YB9U9NnOI3Cd7 +-2kwcJzEAvgJNEbGvHVE1c0TQh7/5YePfY+smrlpLdGF5IwsU0Fw= +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/server.crt b/test/ssl/server.crt +deleted file mode 100644 +index d8db1d0..0000000 +--- a/test/ssl/server.crt ++++ /dev/null +@@ -1,82 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 1 (0x1) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Validity +- Not Before: Feb 25 14:54:18 2020 GMT +- Not After : Feb 23 14:54:18 2025 GMT +- Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=localhost +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:f0:01:ba:97:f8:35:4c:d0:d4:1e:22:9a:d8:af: +- f6:a8:1d:75:05:a8:8d:aa:04:a9:3b:b8:fc:c6:bd: +- 2d:23:23:b1:fe:73:c4:24:75:aa:b2:55:9c:c8:27: +- 37:66:15:8d:10:4b:46:52:dd:f7:0c:e3:07:90:35: +- 35:64:f4:c1:34:89:14:9e:7f:5a:da:ba:6a:80:29: +- 19:9e:38:55:85:f1:bb:b0:1e:61:7d:99:03:28:2f: +- 75:4b:eb:06:aa:bc:da:d0:c2:97:cb:63:f8:83:94: +- c0:e6:22:da:37:18:99:68:b0:cf:b7:5e:03:bd:8b: +- 3e:f2:b7:47:cb:fe:c8:e8:45:73:e3:23:6e:93:14: +- 6a:b0:af:86:e1:b4:83:30:b5:da:df:a0:08:ac:d6: +- 9f:d1:4e:bd:bb:f7:7e:b4:28:c0:16:35:cb:c4:18: +- 7a:5b:92:cd:0e:d9:0d:d6:57:ca:6c:59:ef:ad:2e: +- 99:8d:41:07:87:70:0b:27:a9:1b:65:a4:f9:75:15: +- 81:cc:c8:d8:d2:b5:49:c9:77:01:21:ad:a7:44:3d: +- 4a:88:c9:5f:dd:70:6a:f6:14:0a:4c:d2:b4:d2:8c: +- f6:5f:cf:bd:03:0a:dd:ac:08:c2:54:5d:77:e5:96: +- f1:a3:06:31:5f:4f:d8:b7:f9:ce:8f:18:20:74:0e: +- 66:43 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- 21:93:75:73:22:5F:FA:88:1E:8C:4E:00:A8:B1:AD:67:B2:A7:7C:E3 +- X509v3 Authority Key Identifier: +- keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- +- Signature Algorithm: sha256WithRSAEncryption +- 5e:71:9a:51:b5:47:5b:a5:1a:fd:05:26:b6:98:50:47:d1:f3: +- c7:b9:1e:23:09:68:2c:23:74:48:55:2f:69:f7:e0:06:31:c0: +- 0c:14:4a:9a:e4:43:b4:1d:ec:80:3b:14:e7:2e:63:db:d5:99: +- 0a:64:5f:4e:0b:1e:e8:2d:db:7f:71:ad:b7:a6:51:a0:c9:e1: +- f4:52:19:30:c1:8d:ab:36:3c:77:85:da:f7:c0:5f:0b:54:d8: +- 48:c8:2b:98:ae:e0:f6:34:85:a1:17:5e:a5:cb:65:ea:cc:cc: +- 67:40:64:bf:0d:fd:21:de:1f:13:01:13:51:88:de:33:f9:94: +- d9:a3:13:9f:ba:6f:b4:bd:8b:61:1f:b7:43:24:97:30:f6:ab: +- 67:0e:ee:8d:6a:11:ba:4b:b1:1f:61:bd:d9:a0:c7:38:b1:5a: +- 4c:e6:51:36:03:5a:d6:56:85:b3:2f:32:0f:8d:96:da:5a:42: +- 85:10:ba:bb:cf:75:c9:ff:73:95:bc:34:c1:99:76:ca:b1:b5: +- 63:88:2c:98:51:b4:b5:61:ea:0e:20:6a:22:cf:09:65:26:b8: +- dc:72:d3:a1:fa:78:5c:b5:09:d9:b6:e6:d7:05:1b:35:72:e0: +- d8:ee:a3:39:95:5e:24:55:8c:1e:7e:87:17:40:b3:4f:4c:90: +- c9:2b:f2:43 +------BEGIN CERTIFICATE----- +-MIID0TCCArmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx +-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1 +-MTQ1NDE4WhcNMjUwMjIzMTQ1NDE4WjB2MQswCQYDVQQGEwJHQjEYMBYGA1UECAwP +-Tm90dGluZ2hhbXNoaXJlMRMwEQYDVQQHDApOb3R0aW5naGFtMQ8wDQYDVQQKDAZT +-ZXJ2ZXIxEzARBgNVBAsMClByb2R1Y3Rpb24xEjAQBgNVBAMMCWxvY2FsaG9zdDCC +-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPABupf4NUzQ1B4imtiv9qgd +-dQWojaoEqTu4/Ma9LSMjsf5zxCR1qrJVnMgnN2YVjRBLRlLd9wzjB5A1NWT0wTSJ +-FJ5/Wtq6aoApGZ44VYXxu7AeYX2ZAygvdUvrBqq82tDCl8tj+IOUwOYi2jcYmWiw +-z7deA72LPvK3R8v+yOhFc+MjbpMUarCvhuG0gzC12t+gCKzWn9FOvbv3frQowBY1 +-y8QYeluSzQ7ZDdZXymxZ760umY1BB4dwCyepG2Wk+XUVgczI2NK1Scl3ASGtp0Q9 +-SojJX91wavYUCkzStNKM9l/PvQMK3awIwlRdd+WW8aMGMV9P2Lf5zo8YIHQOZkMC +-AwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l +-cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFCGTdXMiX/qIHoxOAKixrWeyp3zj +-MB8GA1UdIwQYMBaAFKpaWxyRMps/m8NCbNJo9qfgz77gMA0GCSqGSIb3DQEBCwUA +-A4IBAQBecZpRtUdbpRr9BSa2mFBH0fPHuR4jCWgsI3RIVS9p9+AGMcAMFEqa5EO0 +-HeyAOxTnLmPb1ZkKZF9OCx7oLdt/ca23plGgyeH0UhkwwY2rNjx3hdr3wF8LVNhI +-yCuYruD2NIWhF16ly2XqzMxnQGS/Df0h3h8TARNRiN4z+ZTZoxOfum+0vYthH7dD +-JJcw9qtnDu6NahG6S7EfYb3ZoMc4sVpM5lE2A1rWVoWzLzIPjZbaWkKFELq7z3XJ +-/3OVvDTBmXbKsbVjiCyYUbS1YeoOIGoizwllJrjcctOh+nhctQnZtubXBRs1cuDY +-7qM5lV4kVYwefocXQLNPTJDJK/JD +------END CERTIFICATE----- +diff --git a/test/ssl/server.key b/test/ssl/server.key +deleted file mode 100644 +index 7404d13..0000000 +--- a/test/ssl/server.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEpQIBAAKCAQEA8AG6l/g1TNDUHiKa2K/2qB11BaiNqgSpO7j8xr0tIyOx/nPE +-JHWqslWcyCc3ZhWNEEtGUt33DOMHkDU1ZPTBNIkUnn9a2rpqgCkZnjhVhfG7sB5h +-fZkDKC91S+sGqrza0MKXy2P4g5TA5iLaNxiZaLDPt14DvYs+8rdHy/7I6EVz4yNu +-kxRqsK+G4bSDMLXa36AIrNaf0U69u/d+tCjAFjXLxBh6W5LNDtkN1lfKbFnvrS6Z +-jUEHh3ALJ6kbZaT5dRWBzMjY0rVJyXcBIa2nRD1KiMlf3XBq9hQKTNK00oz2X8+9 +-AwrdrAjCVF135ZbxowYxX0/Yt/nOjxggdA5mQwIDAQABAoIBAQC26PpluxoT0sr1 +-tHXCUkhu0xROHajpO+glxdOPOrldoGSUgXGoP6y5gJmdyJVlzWLWWifcG6GeRp+K +-/aIVsJpWCWqXaIO7Unq79Za6iEBVdmcNz/mImMZZJ+IC27kXAhrZIpRAw42v6fwg +-58raVnsD2ExVeObs22Q74gZrp19B88KFc8Ce3ZTJMhvIkrAbG38ilnlxZVCdxCzM +-Yl8NAxgHDlKUBDI9omKgksbWYwMWanZxQYwJ1i5rxJuDmGlmwqTe0z2W+2v0GxYj +-EldVDq9mK9dqQZQI0mQIJzGmG+weFlPoj8+GbU3aySULt8q6L/4U1nbmPfPlu5sp +-C1vbbsExAoGBAPtRG11qK1CP6AiYFAVUY4WF/OEzVlB2VEhyeXSm9QixZG1BbdHW +-vHWRxSwPwTtHwbih+hEuOXjAG8sg+JI60Iz8auhf3EVS6DjXpqN7+dua8x3ttJ9s +-c6PHDqRHxRcBKBGdC3Wx5IvxGGCqEb/4Aa5t3JUVPH8PvQaxCTJcJKzXAoGBAPR6 +-qvynjR75CqH/tDtSbR5CrUrXaup6s4xw/nUTbxXTb3PsVKklI+unFFDEs+PhmIyE +-xdCC2xuWbRzVSkF5vgbqraGqjGK04DGFjMdHA1oN9YskAoDaFudWp9vHAXKB0rFe +-HOYNuWEy2dR7qMvA9No2QbEN7Z2FWGcdTgVReth1AoGBAIxwe5lNLh1b/a9nxLBh +-wyeng3QZax+VsG23wtWEQyPzdYp0aLk9hZ0xs3x25WWKKOBTa9nT+fvXZvCxYRbe +-VRKkL93hS8dVmD3DjPSI4ExvH3LXFfuM8GZSY4U8MhAz7j9Bgljn6y6ksRm7kCW1 +-osLl08Ff16mtktU9c0U4JqqLAoGAc2OCWIVsYfYBQrzBgE5DGkk2KWDLIaiQHfUm +-5HMrtw14SSp+OudAsPTG7egpT6EmswvnoaZha//vt/AjgAvJ2NHi6a7pW50rQ7RY +-4aVuu45jGi0A0Xgd30pTJ7Qhxr3nh7d3xE0t9eZeUZ+b569G4cdB8iM0x2gsdV6r +-eG8goBECgYEAg2hxFf/moUr9XGUPvKgEnHHpnKflsqa93YApEP+zgMdr1yLXTKNw +-5YL7tRyExXFmuNOAD3R8l0yUItX+uP01lzNrkdKl2S+yU3cYEaAvRSWH5SKqilrB +-e2/sVivHAthr8uIqjSnaLdpkQ3pyb7X5auSf/VfruQjHhuHCsXToRxU= +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/test-alt-ca.crt b/test/ssl/test-alt-ca.crt +deleted file mode 100644 +index 6a04ff9..0000000 +--- a/test/ssl/test-alt-ca.crt ++++ /dev/null +@@ -1,79 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 2 (0x2) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, L=Derby, O=Mosquitto Project, OU=Testing, CN=Root CA +- Validity +- Not Before: Feb 25 14:54:18 2020 GMT +- Not After : Feb 23 14:54:18 2025 GMT +- Subject: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Alternative Signing CA +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:ce:93:cf:ac:4e:f4:14:e1:4b:aa:b9:e8:dd:c0: +- 7f:eb:ab:55:16:da:8f:01:1b:55:6e:7e:b3:e0:4e: +- 03:68:5f:48:b4:8c:d3:d2:44:ac:3b:3a:78:88:ac: +- 90:f9:22:d3:b9:8a:24:35:e4:c9:2e:a0:25:b1:a6: +- ca:d8:86:97:8b:63:34:73:12:8c:f6:bb:38:ea:40: +- db:d6:ce:06:33:bb:ea:9b:3b:60:c2:af:22:07:08: +- 41:e4:8c:d4:ef:9d:57:b3:73:8c:28:3a:22:15:1b: +- 63:67:a5:cc:00:ca:a3:7c:c8:ef:d9:64:72:c2:ef: +- 31:a1:a6:b4:d9:ad:15:66:42:32:5c:8f:6e:dd:bc: +- 97:7a:5a:07:a4:a1:e2:cd:27:c3:95:5b:1d:7b:d5: +- 27:65:b4:34:da:6c:59:40:3a:c0:78:41:8c:48:64: +- e9:dd:8d:f6:a6:ff:b3:3b:63:f7:9e:f8:f9:d1:a0: +- 0d:0a:34:3c:2f:51:73:05:58:76:cd:ca:62:61:cb: +- bc:9d:76:d6:e6:ca:1b:3b:95:a2:2f:24:6c:20:84: +- d2:fa:28:4f:b1:d5:85:eb:f6:47:49:d5:77:a3:03: +- 05:cb:fa:c9:c6:b0:bf:38:ca:8e:9f:44:98:28:ee: +- a5:fe:d5:bc:85:7a:40:6e:e1:6b:f3:43:a2:22:0f: +- 28:7b +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- 75:A1:3D:93:BD:A7:31:3D:0F:D2:0B:8D:04:43:49:BF:BC:B7:BD:87 +- X509v3 Authority Key Identifier: +- keyid:7A:89:5D:1E:C9:B1:72:2F:38:DB:DE:E7:D3:49:80:2C:01:FA:3B:74 +- +- X509v3 Basic Constraints: +- CA:TRUE +- Signature Algorithm: sha256WithRSAEncryption +- b1:d6:97:e3:46:14:82:1e:c6:8c:50:b8:e8:13:4b:62:70:62: +- 0c:f9:3d:07:19:cf:d0:78:2c:53:1f:10:87:0f:f9:2a:95:2e: +- 6f:c6:d3:87:d7:69:8d:7e:42:ee:c3:50:e6:13:56:65:6d:0f: +- 7c:cb:9c:35:d6:12:ff:e1:57:63:98:e0:80:53:9d:2b:8e:45: +- c4:34:e4:c0:60:79:d6:53:85:bc:5d:26:e4:ce:1b:6b:c4:ef: +- 47:e5:87:a9:9c:ea:a8:dc:35:cd:f0:b2:95:60:e2:67:89:56: +- e0:1e:95:71:2b:6a:77:91:15:ad:a1:50:27:5d:03:1c:13:0f: +- 2f:7d:ea:41:3d:1b:9f:e4:b4:b5:92:99:ca:32:dc:17:d9:54: +- 52:f9:b9:e0:9b:ed:23:b7:78:d3:07:36:34:2f:25:19:5f:49: +- e6:35:c6:d9:99:07:e9:52:dd:01:09:a9:d7:bf:e7:f4:74:6f: +- e2:0b:ce:da:7f:fa:38:95:43:d0:6c:f3:c4:1b:14:1c:47:50: +- 14:a9:48:4d:0c:d0:c6:be:a3:bc:17:9c:e3:92:24:e6:b3:51: +- 91:64:f4:55:1d:d1:5f:1b:69:90:ac:7e:69:e5:92:f7:d6:d2: +- 8a:f5:b2:5d:9b:79:8b:19:1c:6f:5a:9b:17:e5:c1:44:89:13: +- 0f:69:17:7c +------BEGIN CERTIFICATE----- +-MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1v +-c3F1aXR0byBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdSb290 +-IENBMB4XDTIwMDIyNTE0NTQxOFoXDTI1MDIyMzE0NTQxOFowcTELMAkGA1UEBhMC +-R0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9q +-ZWN0MRAwDgYDVQQLDAdUZXN0aW5nMR8wHQYDVQQDDBZBbHRlcm5hdGl2ZSBTaWdu +-aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpPPrE70FOFL +-qrno3cB/66tVFtqPARtVbn6z4E4DaF9ItIzT0kSsOzp4iKyQ+SLTuYokNeTJLqAl +-sabK2IaXi2M0cxKM9rs46kDb1s4GM7vqmztgwq8iBwhB5IzU751Xs3OMKDoiFRtj +-Z6XMAMqjfMjv2WRywu8xoaa02a0VZkIyXI9u3byXeloHpKHizSfDlVsde9UnZbQ0 +-2mxZQDrAeEGMSGTp3Y32pv+zO2P3nvj50aANCjQ8L1FzBVh2zcpiYcu8nXbW5sob +-O5WiLyRsIITS+ihPsdWF6/ZHSdV3owMFy/rJxrC/OMqOn0SYKO6l/tW8hXpAbuFr +-80OiIg8oewIDAQABo1AwTjAdBgNVHQ4EFgQUdaE9k72nMT0P0guNBENJv7y3vYcw +-HwYDVR0jBBgwFoAUeoldHsmxci84297n00mALAH6O3QwDAYDVR0TBAUwAwEB/zAN +-BgkqhkiG9w0BAQsFAAOCAQEAsdaX40YUgh7GjFC46BNLYnBiDPk9BxnP0HgsUx8Q +-hw/5KpUub8bTh9dpjX5C7sNQ5hNWZW0PfMucNdYS/+FXY5jggFOdK45FxDTkwGB5 +-1lOFvF0m5M4ba8TvR+WHqZzqqNw1zfCylWDiZ4lW4B6VcStqd5EVraFQJ10DHBMP +-L33qQT0bn+S0tZKZyjLcF9lUUvm54JvtI7d40wc2NC8lGV9J5jXG2ZkH6VLdAQmp +-17/n9HRv4gvO2n/6OJVD0GzzxBsUHEdQFKlITQzQxr6jvBec45Ik5rNRkWT0VR3R +-XxtpkKx+aeWS99bSivWyXZt5ixkcb1qbF+XBRIkTD2kXfA== +------END CERTIFICATE----- +diff --git a/test/ssl/test-alt-ca.key b/test/ssl/test-alt-ca.key +deleted file mode 100644 +index 33e199b..0000000 +--- a/test/ssl/test-alt-ca.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEogIBAAKCAQEAzpPPrE70FOFLqrno3cB/66tVFtqPARtVbn6z4E4DaF9ItIzT +-0kSsOzp4iKyQ+SLTuYokNeTJLqAlsabK2IaXi2M0cxKM9rs46kDb1s4GM7vqmztg +-wq8iBwhB5IzU751Xs3OMKDoiFRtjZ6XMAMqjfMjv2WRywu8xoaa02a0VZkIyXI9u +-3byXeloHpKHizSfDlVsde9UnZbQ02mxZQDrAeEGMSGTp3Y32pv+zO2P3nvj50aAN +-CjQ8L1FzBVh2zcpiYcu8nXbW5sobO5WiLyRsIITS+ihPsdWF6/ZHSdV3owMFy/rJ +-xrC/OMqOn0SYKO6l/tW8hXpAbuFr80OiIg8oewIDAQABAoIBAEgNoHMeet5JkwXy +-oHmwai3+bchx5U1ihlLrGLyVGXUvPwHS2RNPZq+l/mLVph9v+V+PAoBV06JSs7Ma +-VUhe8b7plGLKxqZMuVZj1wo+hEVJN1R7yo09XuYLCEi6oo8NV4i9NdbWKAsqqWp+ +-lwBzrcCZqacu9SRvH+Wdaxk92Of4cHcbP8nHSw9uGg6xmMONXntdJyFgX84DVC3P +-hRbl8SbhxzcVGGanhMvuag3lK/rJdoZGM9HRuXVUDY4vMNHzeyH783OOp3+U7TOI +-MQzG3gAnVzdUIqP2OxiAL8lqdPgsNPyl6z+fYnVe+8GzbkzSr7GxrEv6KqUQTX9Y +-IOn0cRECgYEA61OMoEeTHSaoIfPMAOYx+gq6s71x0xk5OI7kKDwitFuuxR+kA/Fi +-uzwomYSq8yUMAxxX97WCVQfeF5SiDYZ4ETnLjuNwh4i4mZbhwET6KeEfZz0MFQMM +-tBOB8e+SaNUbf1Of8l3qeFrCitYn1sY2BCGhz7DPUDwN2tqL6+Oot1kCgYEA4Lmz +-w9XLWe5aP2ix30qHnDjGzEouO30JxZMhk0iH/iu0QD7NEO4KPugLMATVdu5yfKnT +-9Xr6gOfj2nUsMSiLBzyvOgo7OaCbznEMTdF7s3hfkh8nhKyOqYVGjzvjJP5tlnmq +-i+j/PAeB/my9eTof6msxJdlmVj34WXmBHQoNN/MCgYA56yxXXoZkzFjhUmHJbt6q +-De35wwy6yiB9PR4GkRZxkYcoWStDFSwZrSrI7hAtG9cjBNzZyMC1MOSGpTxlW809 +-YB4rourVUN8uXiZd7hwsJo5WGH5axY9g2tRGuZItXxYPdoONYXQN/ziWdzMC93Hf +-/m8W8Qt1UfKPBO8fNb8WsQKBgFTwe+ziazkzqTLcXJbcccNvhlyDEVR033OpOACW +-YqiEVl4OHq5uerrqNAhTW2fXmrhZ7H6VnAeLHolcznZKL7ptioGyik4u0ZVHD3J+ +-YnYkYmM1mVdBba7PbCsJZMJ/1GYS2I6HY6mJ4O2MplUizhtppqr6r/6a77rJ/S4/ +-tV1XAoGAV/73Onjr9h5TNdhzyvNYoyh9+DB8lCqMZW4oyb51m1IbhcOaHXvgiEoR +-WLW+iIKllTX0S0N3bwc1hzf5719FuhRN8a7KnokJ61sRwS6gdfKWTHF1j3kSlzRP +-+i7PEoxbRSqeA9lE/fKWprV5Iq4BP0xc1nujii8W4IjcXkp/cE8= +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/test-bad-root-ca.crt b/test/ssl/test-bad-root-ca.crt +deleted file mode 100644 +index cfe40c3..0000000 +--- a/test/ssl/test-bad-root-ca.crt ++++ /dev/null +@@ -1,23 +0,0 @@ +------BEGIN CERTIFICATE----- +-MIIDyjCCArKgAwIBAgIUdyk9NtFrh5WnXWwmIarH9aqo+2cwDQYJKoZIhvcNAQEL +-BQAwdjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM +-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz +-dGluZzEUMBIGA1UEAwwLQmFkIFJvb3QgQ0EwHhcNMjAwMjI1MTQ1NDE4WhcNMzAw +-MjIyMTQ1NDE4WjB2MQswCQYDVQQGEwJHQjETMBEGA1UECAwKRGVyYnlzaGlyZTEO +-MAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9qZWN0MRAwDgYD +-VQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtCYWQgUm9vdCBDQTCCASIwDQYJKoZIhvcN +-AQEBBQADggEPADCCAQoCggEBAMsMhOIsSRKAopYjV/0lG252A4Xd1qUQlcwOPq3Z +-1JYuBsa2We19xT427tSTXoDR2zdUH9nB1709wes7oTM8q1WWHszV/8DLBHotZZzf +-aNFy9ipwqjaJXMG5hWO1p+wg2q2BspoOpRcWhNO4ZrR5dPT1cm/N+A8TxtYd4WtO +-PWxXQj84rppeEUJjyE1QIRTGuQMiQxzsiyiTvyzKjuCELFcPjNwpqjEfxKaoHCD/ +-5GWH1C8r2pOVIpRnP9qDVX4jQvSyAdfWeuPT0h2qHWp751e5w/inXkavzqYqI9xE +-vImUgW5/rVY8DrOf8huFXpfMwMBYuzxjbnObPhD85xRcc58CAwEAAaNQME4wHQYD +-VR0OBBYEFBuIpb/fFNJ54niM+oiZMHEDFPiNMB8GA1UdIwQYMBaAFBuIpb/fFNJ5 +-4niM+oiZMHEDFPiNMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAH71 +-WiPLeVumxVuB40cuaKpNDcMGFg3snkKi9d9eEVTP1gtfWt1dclXYnaPwYr8a3d5D +-iZnIVC5LUtFdWHaO6SHwsNmb59LFfXPtYxO3mOxUbSW3kTuB/N0B6laOcViPVpVt +-nLJ3FKKcRAjTuBfP191hbG6uG1bdAh5VLrDgA0taXcwiRd7zlKp+MdoxbetnLw3R +-GyzdAlWjJUGm5b7cE5sJZ0t3UoJsDeJckYJzUeDRV/90395pay3E9bd3ooa+1K9Q +-AJk8MuGRY7W4qtC1JioqCTJJpkyryNql2pXiN4RqChTElYa1mbOP1qet1xLMEQY6 +-8D9qi22Al8++KQ+gw0o= +------END CERTIFICATE----- +diff --git a/test/ssl/test-bad-root-ca.key b/test/ssl/test-bad-root-ca.key +deleted file mode 100644 +index b0ac5d8..0000000 +--- a/test/ssl/test-bad-root-ca.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEpAIBAAKCAQEAywyE4ixJEoCiliNX/SUbbnYDhd3WpRCVzA4+rdnUli4GxrZZ +-7X3FPjbu1JNegNHbN1Qf2cHXvT3B6zuhMzyrVZYezNX/wMsEei1lnN9o0XL2KnCq +-NolcwbmFY7Wn7CDarYGymg6lFxaE07hmtHl09PVyb834DxPG1h3ha049bFdCPziu +-ml4RQmPITVAhFMa5AyJDHOyLKJO/LMqO4IQsVw+M3CmqMR/EpqgcIP/kZYfULyva +-k5UilGc/2oNVfiNC9LIB19Z649PSHaodanvnV7nD+KdeRq/Opioj3ES8iZSBbn+t +-VjwOs5/yG4Vel8zAwFi7PGNuc5s+EPznFFxznwIDAQABAoIBAAduwuKAmoAp40m5 +-q3vhwtpNSZ253CSYsdMRZmv4wFZrAuZ9QFd4NiMr4Zw4dMokZHDnDG9tMBeGTjXt +-Ld5xRxhP8XqwDreg9t3+EW0npG+eVLKDA0gRySpyPxbCTI5ROZAGYmJPTO3GbkBN +-zLyogYaCAZlkIcNzhuDJoTnLWGZBzrsvwCGqwHdjGras31FSf+HYC8KcjQysQmUV +-F/puNldvV5rXo8rDOIdtrCC9oYvGMJDSk9X0qsHLWWqVnrruy7SmHMJ2kn6wUFfj +-qjm9OTdaHJOrswNmW/xLyQzj5gQOh45y7/e1W2X08HpUBzuraOnDJM2ty0dTetEW +-sb2+eUECgYEA8iGLJcHOWmK3cws/mAfI4GCvI1FcwYKXJzVCs+lozlzd7kioM4dW +-h4Mg30LbBDDsytxMNcaq5Aglwdg5CLg657vreQeZk6HUuFcwf//sJoBRAbwScE6r +-pI5fSSce9K+xzQzjpKiWy+Q3eC3Sax5yeeEKBSolUSKgVmDQ/lgv+D8CgYEA1q3m +-YK2RukYOEdcT2BpZmJI8vmeKRl6rswj6q4eSzRnruCrLxgNsDIQUkhX6zQ+a5Lhy +-g8USSqnpAZdBTXYIFo8fztx5abzXZpXrrUXpZTjNLncHrYE0/ztaBhEjVhoRRZ4P +-4LMNnPKWNX+E5g+IhvzA8D9spSWTD1L1SorZrKECgYEAkkaBcYXry97nRLD+8jGB +-wUungoacqqrh9eXPLjFMB59C07lBJCAWvjcRnM8e0SFdbBA6WiJzCt+BL+IYUpQ5 +-wdVdI/jbZrzVbaf+vNU3LOtIBOxBl2dvejIojmD76oZZu66Vt9vBfduZRxknjV8P +-eWHiU8xqTuHES2qh14YfNLECgYB8GYkMqCmO0cJ+Y6OQECNtBFRjCT2w0jdVRsKJ +-d9TQBcTy8KJddEr4rT2q+VPDSNsUjt979udNDA2rIsHYQnwIdnI/xcnV6xllrxLP +-VpPGNOC/lIV2sjNtu+SdjzirJGSJpwassTUUXlOg13d++snEpsXt2+w1R5RMjntH +-vR56IQKBgQCF+kqRYtwBIXXyQDpxFV7ISKhfIdI2wnmEKHekXsg6APm2Hzqt8xGq +-nIqJIMUJvNp4mgBjw7drVuyuLu/xAsHg9zd2e85wnM5nyxTSlrD4EyN7oSSzEl4n +-qMI+y868gX0ZHjejFTRHiEPjERO9TndYlsXpbl8sUxs6TYzZNjB7FQ== +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/test-fake-root-ca.crt b/test/ssl/test-fake-root-ca.crt +deleted file mode 100644 +index ef4d582..0000000 +--- a/test/ssl/test-fake-root-ca.crt ++++ /dev/null +@@ -1,23 +0,0 @@ +------BEGIN CERTIFICATE----- +-MIIDwjCCAqqgAwIBAgIUJtJNmR2IUunoKAPzp6GCdwpeRGkwDQYJKoZIhvcNAQEL +-BQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM +-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz +-dGluZzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMDAyMjUxNDU0MThaFw0zMDAyMjIx +-NDU0MThaMHIxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYD +-VQQHDAVEZXJieTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNVBAsM +-B1Rlc3RpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +-DwAwggEKAoIBAQDPeAsCyQPsV8X9jdcGSomKHUlqTSotEKCgZQDd6/flheJ386n5 +-Ay6g/37wH+qvP5l6bpTGxPLkiXrPcHKs0iYb65e4vzIUX0MmxWJjlqRnRmSflZHR +-lLDb/2TXGAFOnKX7p7jJ2PNaA3A3HdRby5UUQKW2y4To6RpWgMUwZE2Rv3rSwkaU +-+Yzfg+F2GxZo1lSo0KtEZ8aSnP/QC+BhGH+pD+YeOLgS806aa0U82mIGKY5ovgyU +-1mn9cKGCwSj9vGIidOivP9w0JYwxEXLjXvp2ZS2o3asquITF0VhMIws7UrvynyFF +-OLmjxmVRjoNoEUakx0/zuHe0YCz8kbkg0yuhAgMBAAGjUDBOMB0GA1UdDgQWBBRU +-Cz3bp0AtTrVrLL/JDJwIXvG3WTAfBgNVHSMEGDAWgBRUCz3bp0AtTrVrLL/JDJwI +-XvG3WTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC8iqJSyJOCPJak +-f6DEinKJzQde5aYvkswyJ1gVKVQztF50bPUsXHHrQNP6Vvk8U/EFWWqYqJQ3Mk6/ +-t262FxS1wTllhddNu9+YfXA7yO38GDfcsr4uBTylxOTJY7lI+aRn5oOn6A9OuQcV +-m1HjE5QQiV8JXAl80JX29FYxSVDmDjLG+48GMhIHNhtYH4IS/jZFyfwbn+JeolEB +-NeGUtwryMAJqnptsIXen85mW/6j33/d7n1nabVa6Mo7V/07eE0uC45Ngmi2isOxB +-23WEhOkJRANNbm9fK6qn8YMAzsGvx9O4SeQEUdp2Yd/jTvdgIBB+Ewzem8Pmn53C +-7fgo0LjB +------END CERTIFICATE----- +diff --git a/test/ssl/test-fake-root-ca.key b/test/ssl/test-fake-root-ca.key +deleted file mode 100644 +index 348d7eb..0000000 +--- a/test/ssl/test-fake-root-ca.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEowIBAAKCAQEAz3gLAskD7FfF/Y3XBkqJih1Jak0qLRCgoGUA3ev35YXid/Op +-+QMuoP9+8B/qrz+Zem6UxsTy5Il6z3ByrNImG+uXuL8yFF9DJsViY5akZ0Zkn5WR +-0ZSw2/9k1xgBTpyl+6e4ydjzWgNwNx3UW8uVFECltsuE6OkaVoDFMGRNkb960sJG +-lPmM34PhdhsWaNZUqNCrRGfGkpz/0AvgYRh/qQ/mHji4EvNOmmtFPNpiBimOaL4M +-lNZp/XChgsEo/bxiInTorz/cNCWMMRFy4176dmUtqN2rKriExdFYTCMLO1K78p8h +-RTi5o8ZlUY6DaBFGpMdP87h3tGAs/JG5INMroQIDAQABAoIBAEoBBuRycYzPbldY +-Tff3hIIYmkRpy/6RLMqp3JpMfnuHu1WQO/QP94UEPfJHYD4s0IFEipswS3fLtlvi +-P3V37JIPAmqrAKEVre1ZgRQG+xO/n0rxXjdE86U1v3GeJXE2HVrb4+VUFtHn4hI2 +-+LXZs46q1LGUfQ9bfsKWYkA1txmicBMcWho5ugTe0h/LucwOFE1CUg6bBr1BJhpK +-t2HCOE3vAnYZA9Zv/KowECP0PL5nw37Fpqvqpkr67j12q7z8XGAeqnl6HtLUZOVU +-AwSvgLcGgKsRaDTmLLwnwEvOWe3yZvC80uO8FpI4JYiRH+O0e6v5S5yW+KS+Ogl0 +-cAD3WAECgYEA75AZzAtOG8P19mfcPzYydR2RYw1gEVGYXVeCZFlcSpBHhgQUXFaU +-TJmTHZoIQ5Mmf7csjzc9FSExACLWmuQDzg6+c9Y7lETcBKLf/5/za/q1x1ExXQ+3 +-pAA3SYBsFAFy2npI5NOGx2y118Z+eXYRTeW6oJQhdncdDXH339jiwEECgYEA3bQ2 +-8q9i90LQsnGKC45/d+laS2nXbroU+DNtfIz390m9rAjjmy4625BIXY7oaEua3D9s +-1QK8S6eYEVUsoXzFaLHxPAstKyJhxFYPR4++EUZ7ro7BZMJ2AJSq7aFWpOpjlsAU +-Olt51Ijh1sOpK/X1xbAifi7c3ocpGGILYg3Dk2ECgYEA11tghXiIQBearmdRrJWp +-KHVrNHNasFb8tLStaE6Y1AL9+TEDqLrAWFga05qb4TuQeXGOojSTOcJ7zVaEO/vM +-m9nPRk0JhFGexKAy5BbDeoeIEGUiDjnJ6am0CeRjxFxFBri1fNfXKsHEevRa0A/e +-oHtrmV1w85FC0cppfZb4yMECgYARY1T7662DXwYnOKhvB5oPuYmPaJmw4X9LiB0K +-K7Q2/N2XZIsVXKbZGZPTYqXvqB5ZL9BFVJWYCWjv0xJRCAwjjfExmF7Ohz/LukQw +-hKGPkUuaATBBys6edQqC4Kh+/rMY26+6c/o2JRYxVd8qx3ujKZFK/DnuagNbGjVy +-V0oDgQKBgBKjvOnQhFx5yGKiHUNoAFcq7y5QdpvMHUfAtsz7qHHdCEkUbJ9DqjRk +-j3Pwn/iR7pAXYVN1s+jmLfFTlFjLqFNXe9+TYKgnMWkKZA+9dTsryD77BJj3fhLH +-SbvXQs/GvYAc8xIrB5pSTIRe8r2B8PaEUjiG5rtjIHT5F5G0y92M +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/test-root-ca.crt b/test/ssl/test-root-ca.crt +deleted file mode 100644 +index f450148..0000000 +--- a/test/ssl/test-root-ca.crt ++++ /dev/null +@@ -1,23 +0,0 @@ +------BEGIN CERTIFICATE----- +-MIIDwjCCAqqgAwIBAgIURMxcSM9J+pY3g2SE3qoM34dHwPkwDQYJKoZIhvcNAQEL +-BQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM +-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz +-dGluZzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMDAyMjUxNDU0MThaFw0zMDAyMjIx +-NDU0MThaMHIxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYD +-VQQHDAVEZXJieTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNVBAsM +-B1Rlc3RpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +-DwAwggEKAoIBAQDdpftss7fN4lzDhppzwj2WfRehR95WYmiWnXoEsKyEfuh1hINs +-vvI3tz1FWEb/usORr6XGZhgYwjIpSORMoBxuOZh8RDNPmO9KpLYXN1i4g+CfkGAK +-QoBUr7FGGlKDaK4fRg6xx8BKQ1Lxqrx+iAOpIT7tU9YYPYrwiYbdhaYwfMTKXyCl +-V+JypRRKWgzUkua4YRb2TnEH33NaXS0Tw+A0tRxSN26vwRheCrVfo+6CUB0kEaON +-+syuiHP1mGrHj3bMh/MTd3H5u2lu+1GW/Re3HdGFLuHhEq6EkF0fnPCaPS+iJKwU +-1LgQZwGc+UHglTmmqUS6xhpm++/950fYoaiHAgMBAAGjUDBOMB0GA1UdDgQWBBR6 +-iV0eybFyLzjb3ufTSYAsAfo7dDAfBgNVHSMEGDAWgBR6iV0eybFyLzjb3ufTSYAs +-Afo7dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB7/Zn0VBciDCXo +-JA4ZX5boZyQMx7Lm62O+ixChT2hW0VNlouacgfSq455sNxFJKam0ZQKzusMzssNQ +-ticyZUwIosGx36f8qBaGksx0EbgAh9QdOulsYDLW5UsB4Rh94C36NoTd9+BJF6D4 +-89IpuxQehDKKuRG0NUChEkLvJ2AAPi/+iDHZQMB/sAzaT4gJ4eMeY4p4XBb/a9P2 +-w05RCpVNyLg32S7ynLNUrz+/lZUfZ8sYhpdECbFDpb0e1iVc1vst8Pur+cSGFO3f +-HabwuWTdF9Xx8MaH/n32Pv8BxZ/hBdjsXa/CiMyT4POs6XGTpZ2iLcmHo8WS4Uls +-5gKvsjuj +------END CERTIFICATE----- +diff --git a/test/ssl/test-root-ca.key b/test/ssl/test-root-ca.key +deleted file mode 100644 +index 8c50ba3..0000000 +--- a/test/ssl/test-root-ca.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEpAIBAAKCAQEA3aX7bLO3zeJcw4aac8I9ln0XoUfeVmJolp16BLCshH7odYSD +-bL7yN7c9RVhG/7rDka+lxmYYGMIyKUjkTKAcbjmYfEQzT5jvSqS2FzdYuIPgn5Bg +-CkKAVK+xRhpSg2iuH0YOscfASkNS8aq8fogDqSE+7VPWGD2K8ImG3YWmMHzEyl8g +-pVficqUUSloM1JLmuGEW9k5xB99zWl0tE8PgNLUcUjdur8EYXgq1X6PuglAdJBGj +-jfrMrohz9Zhqx492zIfzE3dx+btpbvtRlv0Xtx3RhS7h4RKuhJBdH5zwmj0voiSs +-FNS4EGcBnPlB4JU5pqlEusYaZvvv/edH2KGohwIDAQABAoIBAQDQTYhPrUqlJAJY +-Ay0uczLcNi259cffWVa/jbm5pKxNTNN8dg/paD5M3FmpzP/UoBnh1bgvD42/3umz +-YPylgqeVc216A8JRIQJqHQfAI9Sue8njS5Tmr37Zl9A7eMtpEjzpyTZQH9D4OfM+ +-iV3icEM4dLUl529Ckrv7uNPVZiA8WZUNa3NQ4lsuLHms12FOAi17wBMJOu0xTse/ +-vK7wucJ+p4wgXT8QZbOvqHmm3THMxKhhFYOoJK5S32jjy3kB4I56YzV6DRArLPNr +-RTjdXHtzNYUT4dYkDubekIDaebMKQi7nUofP6ZduJ7SAC9D118iKqChDTYP35Vmk +-kqqO2kgpAoGBAP47G+KhqT4tMLGs96r65Ve5KeRyLPLEgKfGXiEgrK1+lO9CFoTv +-7hmZ3cF61IccilP/Tw1MG5uRrnXJWVi/u1jvdZEg74dGO2PivYhmdEgw/ZfJCAcn +-r8W+KKfrUQCcL/h++IrcLUVcRF4xjbhyvaCBc0zSpvxA5pn724caTm5NAoGBAN8w +-1IUGpajJg8xHXca5y8UQeZwozjEn5oHdjivYL+lT2sKSKE49xzLmMPqhRtuIeiEe +-wBTo85PJ6SCjJPGc6wvbqPAq6CNC3BjZdh4i/+O87+fUloFAuXJn2TPAbulwFkvq +-5GjeTbrJL+pd+x8VYalWSYusyxTdnlJyPE3KXOQjAoGBAJnrM4DMm2i3d2m67N+p +-szyfMEvNDIWWjsYFBWxNGf6YSpdojbXChYcebvH66b07fExKoJPOZlCTrOpHEz72 +-Jfk8UROiuyJNVRuuZU21qeUjNAW3gpLCZlr0PC0d/Ra/eROb2+JGV2pM6F+W5NSt +-Mz1/4ky6pLrImFTV9R0gwidpAoGAL7ZGmDF1lIGPtUnEWEk7sGL3PFTUz1lSQ4zT +-abgLdfvBFjscdq1qOg1PhySW+zNPuGjUcyPhfkR5m8qEiUocTSqmEMF7Yp5WYtGK +-GKMuxMaNGqgtjHADtNtSaWfHzgtyGMScE3cCct2zaoywtFJj0Elr63oC5/EAeWuG +-TLLn7LUCgYBB/Vy6WRhI8Eg+aI4vScgssdtx8FxGTYl/ZRQvgvK3iUnQdjcibY71 +-oPy7L1yzbOokoGZJWfcsvefTbO62DEi3k9uYlCd6T32RMbR/s1UQFZDWKcpNKzbo +-5N21GE7lQp55F01nDE81RU4mcNhg1mf7792DobM7H+vM4wXW54sG9w== +------END RSA PRIVATE KEY----- +diff --git a/test/ssl/test-signing-ca.crt b/test/ssl/test-signing-ca.crt +deleted file mode 100644 +index 8d66125..0000000 +--- a/test/ssl/test-signing-ca.crt ++++ /dev/null +@@ -1,79 +0,0 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 1 (0x1) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=GB, ST=Derbyshire, L=Derby, O=Mosquitto Project, OU=Testing, CN=Root CA +- Validity +- Not Before: Feb 25 14:54:18 2020 GMT +- Not After : Feb 23 14:54:18 2025 GMT +- Subject: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public-Key: (2048 bit) +- Modulus: +- 00:c1:a1:1a:6e:76:1f:98:b7:1c:7e:d6:67:d5:dc: +- 92:34:ef:48:22:62:94:56:cb:21:29:c1:88:7c:7a: +- 62:eb:6d:b9:af:8b:80:75:f4:8e:32:e2:20:e2:fa: +- 3a:49:c8:20:74:53:83:0f:c1:48:e2:13:3e:48:27: +- f2:e5:7d:55:c5:87:8c:41:9e:e2:90:58:8c:09:97: +- 1e:bc:5a:ce:10:71:b2:66:02:02:9b:0c:d0:24:47: +- 7a:3a:4d:3a:2e:c0:f0:65:6b:6a:cf:13:13:8a:f0: +- 6d:a0:a5:80:5f:6b:58:77:ae:91:6e:ba:ab:c5:c0: +- 24:f7:22:27:a4:bf:47:52:2d:a0:fc:56:b0:19:16: +- 84:e9:53:ac:1d:7f:29:af:c2:86:44:f5:9b:04:e4: +- bf:8f:e1:b8:61:a0:63:55:0a:7a:93:2a:d8:4a:20: +- b8:6b:b6:e9:20:c6:2c:c2:93:c2:dc:7a:69:90:8e: +- ea:00:5b:0c:66:8a:90:74:b4:d9:01:98:9d:fe:5b: +- 66:e0:39:19:22:50:0d:76:3d:1c:04:fb:93:4d:6e: +- 45:da:e8:cc:27:35:2a:a6:35:a8:87:e1:99:32:42: +- e8:71:eb:7c:f9:69:70:c7:cf:c5:cc:61:c5:ae:47: +- dc:20:86:2b:2b:fe:1c:dd:2c:e9:b0:38:b6:72:8e: +- 09:e9 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0 +- X509v3 Authority Key Identifier: +- keyid:7A:89:5D:1E:C9:B1:72:2F:38:DB:DE:E7:D3:49:80:2C:01:FA:3B:74 +- +- X509v3 Basic Constraints: +- CA:TRUE +- Signature Algorithm: sha256WithRSAEncryption +- d3:8d:e3:33:87:f3:1e:4f:ff:da:1d:f8:61:3f:4a:ae:21:49: +- cd:ee:b1:e0:62:ab:44:70:a8:29:92:83:8d:33:45:4c:ac:b0: +- 66:a0:e8:32:23:76:ef:aa:89:7d:bc:e1:04:17:a5:d7:39:59: +- 99:ab:d9:bf:0c:fd:c5:b6:ad:6f:45:39:c9:27:f1:3e:c0:af: +- c3:8e:b1:1f:8f:fc:34:66:31:f4:f1:11:a0:27:99:a2:65:e2: +- aa:20:a7:98:b6:0e:ff:71:5e:10:e7:ab:1e:33:e7:fb:c8:59: +- d7:89:7a:3b:d9:a9:9f:48:2f:2e:ff:02:61:cd:86:47:60:61: +- 8e:81:71:68:f0:cd:63:72:b8:d2:7d:22:9d:6b:07:49:3a:0a: +- f7:8b:94:b3:98:90:3c:9f:e5:78:1b:84:a9:2e:fb:85:64:59: +- ce:6f:33:05:18:bc:21:df:f5:7c:10:79:d6:58:34:61:0e:1f: +- d5:af:b6:a0:8f:86:ce:56:d1:67:4f:b8:7e:50:2d:ba:77:37: +- 50:0f:91:06:dc:a8:7f:3c:8b:2b:8b:47:df:e3:7e:2f:79:81: +- 22:70:eb:f9:14:f3:66:73:17:33:e4:26:7e:47:df:80:89:de: +- a5:e8:5a:a9:c0:4b:3e:1b:9b:11:4b:3b:b4:8b:6a:9d:6c:ce: +- 39:f5:04:c9 +------BEGIN CERTIFICATE----- +-MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJHQjET +-MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1v +-c3F1aXR0byBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdSb290 +-IENBMB4XDTIwMDIyNTE0NTQxOFoXDTI1MDIyMzE0NTQxOFowZTELMAkGA1UEBhMC +-R0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9q +-ZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMIIBIjAN +-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaEabnYfmLccftZn1dySNO9IImKU +-VsshKcGIfHpi6225r4uAdfSOMuIg4vo6ScggdFODD8FI4hM+SCfy5X1VxYeMQZ7i +-kFiMCZcevFrOEHGyZgICmwzQJEd6Ok06LsDwZWtqzxMTivBtoKWAX2tYd66Rbrqr +-xcAk9yInpL9HUi2g/FawGRaE6VOsHX8pr8KGRPWbBOS/j+G4YaBjVQp6kyrYSiC4 +-a7bpIMYswpPC3HppkI7qAFsMZoqQdLTZAZid/ltm4DkZIlANdj0cBPuTTW5F2ujM +-JzUqpjWoh+GZMkLocet8+Wlwx8/FzGHFrkfcIIYrK/4c3SzpsDi2co4J6QIDAQAB +-o1AwTjAdBgNVHQ4EFgQUqlpbHJEymz+bw0Js0mj2p+DPvuAwHwYDVR0jBBgwFoAU +-eoldHsmxci84297n00mALAH6O3QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF +-AAOCAQEA043jM4fzHk//2h34YT9KriFJze6x4GKrRHCoKZKDjTNFTKywZqDoMiN2 +-76qJfbzhBBel1zlZmavZvwz9xbatb0U5ySfxPsCvw46xH4/8NGYx9PERoCeZomXi +-qiCnmLYO/3FeEOerHjPn+8hZ14l6O9mpn0gvLv8CYc2GR2BhjoFxaPDNY3K40n0i +-nWsHSToK94uUs5iQPJ/leBuEqS77hWRZzm8zBRi8Id/1fBB51lg0YQ4f1a+2oI+G +-zlbRZ0+4flAtunc3UA+RBtyofzyLK4tH3+N+L3mBInDr+RTzZnMXM+QmfkffgIne +-pehaqcBLPhubEUs7tItqnWzOOfUEyQ== +------END CERTIFICATE----- +diff --git a/test/ssl/test-signing-ca.key b/test/ssl/test-signing-ca.key +deleted file mode 100644 +index 37c287b..0000000 +--- a/test/ssl/test-signing-ca.key ++++ /dev/null +@@ -1,27 +0,0 @@ +------BEGIN RSA PRIVATE KEY----- +-MIIEowIBAAKCAQEAwaEabnYfmLccftZn1dySNO9IImKUVsshKcGIfHpi6225r4uA +-dfSOMuIg4vo6ScggdFODD8FI4hM+SCfy5X1VxYeMQZ7ikFiMCZcevFrOEHGyZgIC +-mwzQJEd6Ok06LsDwZWtqzxMTivBtoKWAX2tYd66RbrqrxcAk9yInpL9HUi2g/Faw +-GRaE6VOsHX8pr8KGRPWbBOS/j+G4YaBjVQp6kyrYSiC4a7bpIMYswpPC3HppkI7q +-AFsMZoqQdLTZAZid/ltm4DkZIlANdj0cBPuTTW5F2ujMJzUqpjWoh+GZMkLocet8 +-+Wlwx8/FzGHFrkfcIIYrK/4c3SzpsDi2co4J6QIDAQABAoIBAEdv26OTWxbpv86f +-5dFGPn7fJRriid33tXWFXIioUqSPZ+l3K17ZajklqoJzVVvxROAGC52dbvlRpjHS +-4099zU5CMyHmr6oXsRq8sW9GhS4V9H6kETgJIyWvZU3rPiMPteGFHvPlEtm42Ilj +-ZhhOL2aAdlGG92bO/BRdeojStUqAvJn+5jYBpskZqw/4lLNlmpR8TpFOoGGE+eOC +-uXnf7Gz9+drPkoOg1/024Jygr721Klimkd6idf4v0hYt+g9GN+RVyxHKv2zYBGCV +-xCTYg2j7bKDgIUhBOtNGGZbpYLu5nPpZbWg9X0KEFFR7EBikSTYoBpaElCAkk3dp +-rGwLJr0CgYEA6oCtYouVcVabSVfvKpKep/RAYWFrz2VR5kakmRiis0Rpd1OLvwYt +-+Lz3c0j3ghHilcuVbB6pTjhdqa95whcPbsLzm5TcNovz3jz6sBrVJRH0wCfh+YGM +-hsU3SbeRDLaXCsvzmKeYrUG6SojNWsKOST+Iw93n6VlcR5nzXGobXYcCgYEA02E1 +-PQa+030IJt7Ord/ogOC7zK9D2s8vqK5hB5tEVpzw+NtK++HyezRgQ87/O8zm9Yka +-HhT6RcfhBu+UuPKZy3q+kQ5Lf3AXaj5kmfxgC9B83IwLmKINsusuBuzT4eHkVUor +-Lme+tNmztKogyITqDm7Bs8N98Xt8URzFMHf7uQ8CgYBx9hDMyDra9pTGouZG0TQr +-OQcki/yhsIKJnyEUiaVf60o5xC8wqSckL2kt7HLkEh8EXwiBn7D1o2zZLr7ENQK5 +-+CH9JO2T0JW2FfpaJOAagMxpqbgm0e9h+2uv9naWMBHdHFqIgEIxSLTozezGQ7B0 +-Jl0nmqq+ez/eSBG9go9D9wKBgBOCmGhelARvOO5liEwSK6Khm5Pj5W5vyyVVmw0Z +-rrAT4kYF76DaFQh8KBp6I6LAYdzt36RBKWyBa2q5eE+tzLY0SRyYZi2IChE7Wwu/ +-eJn+j1fH8VYQNxV5kZEAEPp7YBjjNKMe3kJRCb42Kbp4UiYs4OIXvCsqy6ms7yJv +-IKPPAoGBANxTT4FCNVISIvbNUSr1irLHbRfDg9m/3L7M/fU4dXO8RRY5L1LYi0hb +-fY3jV2nykLXbcUimJOPp0uwWMcFGM+LxVOwHGgYVBhd7mWeEAt3mLXXrNuP03gzw +-s4EBEKX/zGIt9YPxbhPKY5pJp0kyJ7WDxptPi+arTZA5SwJp9yyu +------END RSA PRIVATE KEY----- diff -Nru mosquitto-2.0.11/debian/patches/1571.patch mosquitto-2.0.11/debian/patches/1571.patch --- mosquitto-2.0.11/debian/patches/1571.patch 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/1571.patch 2025-05-11 19:31:01.000000000 +0000 @@ -1,5 +1,3 @@ -Upstream-Status: Submitted [https://github.com/eclipse/mosquitto/pull/1571] -From 3fe5468f1bdca1bff1d18cf43c9e338f41aa9e32 Mon Sep 17 00:00:00 2001 From: Gianfranco Costamagna Date: Wed, 22 Jan 2020 12:39:49 +0100 Subject: [PATCH] Add dynamic symbols linking with cmake too @@ -9,9 +7,11 @@ lib/CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) +diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt +index 5da221d..0f239a3 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt -@@ -94,6 +94,8 @@ +@@ -94,6 +94,8 @@ set_target_properties(libmosquitto PROPERTIES OUTPUT_NAME mosquitto VERSION ${VERSION} SOVERSION 1 diff -Nru mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch --- mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,211 @@ +From: "Roger A. Light" +Date: Sat, 8 Jun 2024 08:50:35 +0100 +Subject: CVE-2024-8376-1of3 + +Remove superfluous function arguments. + +Origin: https://github.com/eclipse-mosquitto/mosquitto/commit/3bb6c9ad51f712864dea63529e0b55661c2a9e84 +Signed-off-by: Philippe Coval +--- + apps/db_dump/stubs.c | 3 +-- + src/bridge.c | 3 +-- + src/handle_subscribe.c | 2 +- + src/handle_unsubscribe.c | 2 +- + src/mosquitto_broker_internal.h | 4 ++-- + src/persist_read.c | 2 +- + src/plugin_public.c | 2 +- + src/subs.c | 13 +++++-------- + test/unit/persist_read_stubs.c | 3 +-- + test/unit/subs_test.c | 2 +- + 10 files changed, 15 insertions(+), 21 deletions(-) + +diff --git a/apps/db_dump/stubs.c b/apps/db_dump/stubs.c +index 42a1429..845053d 100644 +--- a/apps/db_dump/stubs.c ++++ b/apps/db_dump/stubs.c +@@ -96,14 +96,13 @@ int retain__store(const char *topic, struct mosquitto_msg_store *stored, char ** + return 0; + } + +-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root) ++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options) + { + UNUSED(context); + UNUSED(sub); + UNUSED(qos); + UNUSED(identifier); + UNUSED(options); +- UNUSED(root); + return 0; + } + +diff --git a/src/bridge.c b/src/bridge.c +index 9ca367a..0ec5284 100644 +--- a/src/bridge.c ++++ b/src/bridge.c +@@ -380,8 +380,7 @@ int bridge__connect(struct mosquitto *context) + context->bridge->topics[i].local_topic, + qos, + 0, +- MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED, +- &db.subs) > 0){ ++ MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED) > 0){ + + return 1; + } +diff --git a/src/handle_subscribe.c b/src/handle_subscribe.c +index 2a72c59..5540dc6 100644 +--- a/src/handle_subscribe.c ++++ b/src/handle_subscribe.c +@@ -185,7 +185,7 @@ int handle__subscribe(struct mosquitto *context) + } + + if(allowed){ +- rc2 = sub__add(context, sub, qos, subscription_identifier, subscription_options, &db.subs); ++ rc2 = sub__add(context, sub, qos, subscription_identifier, subscription_options); + if(rc2 > 0){ + mosquitto__free(sub); + return rc2; +diff --git a/src/handle_unsubscribe.c b/src/handle_unsubscribe.c +index 2162b46..ede49e2 100644 +--- a/src/handle_unsubscribe.c ++++ b/src/handle_unsubscribe.c +@@ -126,7 +126,7 @@ int handle__unsubscribe(struct mosquitto *context) + + log__printf(NULL, MOSQ_LOG_DEBUG, "\t%s", sub); + if(allowed){ +- rc = sub__remove(context, sub, db.subs, &reason); ++ rc = sub__remove(context, sub, &reason); + }else{ + rc = MOSQ_ERR_SUCCESS; + } +diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h +index 657c1ce..339304c 100644 +--- a/src/mosquitto_broker_internal.h ++++ b/src/mosquitto_broker_internal.h +@@ -672,9 +672,9 @@ int db__message_write_queued_in(struct mosquitto *context); + /* ============================================================ + * Subscription functions + * ============================================================ */ +-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root); ++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options); + struct mosquitto__subhier *sub__add_hier_entry(struct mosquitto__subhier *parent, struct mosquitto__subhier **sibling, const char *topic, uint16_t len); +-int sub__remove(struct mosquitto *context, const char *sub, struct mosquitto__subhier *root, uint8_t *reason); ++int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason); + void sub__tree_print(struct mosquitto__subhier *root, int level); + int sub__clean_session(struct mosquitto *context); + int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, int retain, struct mosquitto_msg_store **stored); +diff --git a/src/persist_read.c b/src/persist_read.c +index 4fedfea..b58533e 100644 +--- a/src/persist_read.c ++++ b/src/persist_read.c +@@ -556,7 +556,7 @@ static int persist__restore_sub(const char *client_id, const char *sub, uint8_t + + context = persist__find_or_add_context(client_id, 0); + if(!context) return 1; +- return sub__add(context, sub, qos, identifier, options, &db.subs); ++ return sub__add(context, sub, qos, identifier, options); + } + + #endif +diff --git a/src/plugin_public.c b/src/plugin_public.c +index 754793b..95904d9 100644 +--- a/src/plugin_public.c ++++ b/src/plugin_public.c +@@ -283,7 +283,7 @@ static void check_subscription_acls(struct mosquitto *context) + MOSQ_ACL_SUBSCRIBE); + + if(rc != MOSQ_ERR_SUCCESS){ +- sub__remove(context, context->subs[i]->topic_filter, db.subs, &reason); ++ sub__remove(context, context->subs[i]->topic_filter, &reason); + } + } + } +diff --git a/src/subs.c b/src/subs.c +index 2ccafbc..8e1a848 100644 +--- a/src/subs.c ++++ b/src/subs.c +@@ -575,7 +575,7 @@ struct mosquitto__subhier *sub__add_hier_entry(struct mosquitto__subhier *parent + } + + +-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root) ++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options) + { + int rc = 0; + struct mosquitto__subhier *subhier; +@@ -584,8 +584,6 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i + char **topics; + size_t topiclen; + +- assert(root); +- assert(*root); + assert(sub); + + rc = sub__topic_tokenise(sub, &local_sub, &topics, &sharename); +@@ -597,9 +595,9 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i + mosquitto__free(topics); + return MOSQ_ERR_INVAL; + } +- HASH_FIND(hh, *root, topics[0], topiclen, subhier); ++ HASH_FIND(hh, db.subs, topics[0], topiclen, subhier); + if(!subhier){ +- subhier = sub__add_hier_entry(NULL, root, topics[0], (uint16_t)topiclen); ++ subhier = sub__add_hier_entry(NULL, &db.subs, topics[0], (uint16_t)topiclen); + if(!subhier){ + mosquitto__free(local_sub); + mosquitto__free(topics); +@@ -616,7 +614,7 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i + return rc; + } + +-int sub__remove(struct mosquitto *context, const char *sub, struct mosquitto__subhier *root, uint8_t *reason) ++int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason) + { + int rc = 0; + struct mosquitto__subhier *subhier; +@@ -624,13 +622,12 @@ int sub__remove(struct mosquitto *context, const char *sub, struct mosquitto__su + char *local_sub = NULL; + char **topics = NULL; + +- assert(root); + assert(sub); + + rc = sub__topic_tokenise(sub, &local_sub, &topics, &sharename); + if(rc) return rc; + +- HASH_FIND(hh, root, topics[0], strlen(topics[0]), subhier); ++ HASH_FIND(hh, db.subs, topics[0], strlen(topics[0]), subhier); + if(subhier){ + *reason = MQTT_RC_NO_SUBSCRIPTION_EXISTED; + rc = sub__remove_recurse(context, subhier, topics, reason, sharename); +diff --git a/test/unit/persist_read_stubs.c b/test/unit/persist_read_stubs.c +index 62b0356..c0c5d88 100644 +--- a/test/unit/persist_read_stubs.c ++++ b/test/unit/persist_read_stubs.c +@@ -149,11 +149,10 @@ int acl__find_acls(struct mosquitto *context) + } + + +-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root) ++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options) + { + UNUSED(context); + UNUSED(options); +- UNUSED(root); + + last_sub = strdup(sub); + last_qos = qos; +diff --git a/test/unit/subs_test.c b/test/unit/subs_test.c +index a596e8b..6095d62 100644 +--- a/test/unit/subs_test.c ++++ b/test/unit/subs_test.c +@@ -58,7 +58,7 @@ static void TEST_sub_add_single(void) + + db__open(&config); + +- rc = sub__add(&context, "a/b/c/d/e", 0, 0, 0, &db.subs); ++ rc = sub__add(&context, "a/b/c/d/e", 0, 0, 0); + CU_ASSERT_EQUAL(rc, MOSQ_ERR_SUCCESS); + CU_ASSERT_PTR_NOT_NULL(db.subs); + if(db.subs){ diff -Nru mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch --- mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,188 @@ +From: "Roger A. Light" +Date: Sat, 8 Jun 2024 09:41:08 +0100 +Subject: CVE-2024-8376-2of3 + +Fixes Eclipse #217, #218. + +Origin: https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17 +Last-Update: 2024-11-01 +Signed-off-by: Philippe Coval +--- + src/database.c | 13 +++++++++---- + src/loop.c | 3 ++- + src/mosquitto_broker_internal.h | 3 ++- + src/persist_write.c | 8 +++++++- + src/subs.c | 42 +++++++++++++++++++++++++++++++---------- + test/unit/subs_test.c | 9 +++++---- + 6 files changed, 57 insertions(+), 21 deletions(-) + +diff --git a/src/database.c b/src/database.c +index b6ea83b..bf7d108 100644 +--- a/src/database.c ++++ b/src/database.c +@@ -157,12 +157,16 @@ int db__open(struct mosquitto__config *config) + /* Initialize the hashtable */ + db.clientid_index_hash = NULL; + +- db.subs = NULL; ++ db.normal_subs = NULL; ++ db.shared_subs = NULL; + +- subhier = sub__add_hier_entry(NULL, &db.subs, "", 0); ++ subhier = sub__add_hier_entry(NULL, &db.shared_subs, "", 0); + if(!subhier) return MOSQ_ERR_NOMEM; + +- subhier = sub__add_hier_entry(NULL, &db.subs, "$SYS", (uint16_t)strlen("$SYS")); ++ subhier = sub__add_hier_entry(NULL, &db.normal_subs, "", 0); ++ if(!subhier) return MOSQ_ERR_NOMEM; ++ ++ subhier = sub__add_hier_entry(NULL, &db.normal_subs, "$SYS", (uint16_t)strlen("$SYS")); + if(!subhier) return MOSQ_ERR_NOMEM; + + retain__init(); +@@ -198,7 +202,8 @@ static void subhier_clean(struct mosquitto__subhier **subhier) + + int db__close(void) + { +- subhier_clean(&db.subs); ++ subhier_clean(&db.normal_subs); ++ subhier_clean(&db.shared_subs); + retain__clean(&db.retains); + db__msg_store_clean(); + +diff --git a/src/loop.c b/src/loop.c +index 34d0049..381e3b0 100644 +--- a/src/loop.c ++++ b/src/loop.c +@@ -241,7 +241,8 @@ int mosquitto_main_loop(struct mosquitto__listener_sock *listensock, int listens + flag_reload = false; + } + if(flag_tree_print){ +- sub__tree_print(db.subs, 0); ++ sub__tree_print(db.normal_subs, 0); ++ sub__tree_print(db.shared_subs, 0); + flag_tree_print = false; + #ifdef WITH_XTREPORT + xtreport(); +diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h +index 339304c..935fd30 100644 +--- a/src/mosquitto_broker_internal.h ++++ b/src/mosquitto_broker_internal.h +@@ -442,7 +442,8 @@ struct mosquitto_message_v5{ + + struct mosquitto_db{ + dbid_t last_db_id; +- struct mosquitto__subhier *subs; ++ struct mosquitto__subhier *normal_subs; ++ struct mosquitto__subhier *shared_subs; + struct mosquitto__retainhier *retains; + struct mosquitto *contexts_by_id; + struct mosquitto *contexts_by_sock; +diff --git a/src/persist_write.c b/src/persist_write.c +index 3ac4f4a..7c146f6 100644 +--- a/src/persist_write.c ++++ b/src/persist_write.c +@@ -254,7 +254,13 @@ static int persist__subs_save_all(FILE *db_fptr) + { + struct mosquitto__subhier *subhier, *subhier_tmp; + +- HASH_ITER(hh, db.subs, subhier, subhier_tmp){ ++ HASH_ITER(hh, db.normal_subs, subhier, subhier_tmp){ ++ if(subhier->children){ ++ persist__subs_save(db_fptr, subhier->children, "", 0); ++ } ++ } ++ ++ HASH_ITER(hh, db.shared_subs, subhier, subhier_tmp){ + if(subhier->children){ + persist__subs_save(db_fptr, subhier->children, "", 0); + } +diff --git a/src/subs.c b/src/subs.c +index 8e1a848..aaa5aa8 100644 +--- a/src/subs.c ++++ b/src/subs.c +@@ -595,16 +595,29 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i + mosquitto__free(topics); + return MOSQ_ERR_INVAL; + } +- HASH_FIND(hh, db.subs, topics[0], topiclen, subhier); +- if(!subhier){ +- subhier = sub__add_hier_entry(NULL, &db.subs, topics[0], (uint16_t)topiclen); ++ ++ if(sharename){ ++ HASH_FIND(hh, db.shared_subs, topics[0], topiclen, subhier); + if(!subhier){ +- mosquitto__free(local_sub); +- mosquitto__free(topics); +- log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory."); +- return MOSQ_ERR_NOMEM; ++ subhier = sub__add_hier_entry(NULL, &db.shared_subs, topics[0], (uint16_t)topiclen); ++ if(!subhier){ ++ mosquitto__free(local_sub); ++ mosquitto__free(topics); ++ log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory."); ++ return MOSQ_ERR_NOMEM; ++ } ++ } ++ }else{ ++ HASH_FIND(hh, db.normal_subs, topics[0], topiclen, subhier); ++ if(!subhier){ ++ subhier = sub__add_hier_entry(NULL, &db.normal_subs, topics[0], (uint16_t)topiclen); ++ if(!subhier){ ++ mosquitto__free(local_sub); ++ mosquitto__free(topics); ++ log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory."); ++ return MOSQ_ERR_NOMEM; ++ } + } +- + } + rc = sub__add_context(context, sub, qos, identifier, options, subhier, topics, sharename); + +@@ -627,7 +640,11 @@ int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason) + rc = sub__topic_tokenise(sub, &local_sub, &topics, &sharename); + if(rc) return rc; + +- HASH_FIND(hh, db.subs, topics[0], strlen(topics[0]), subhier); ++ if(sharename){ ++ HASH_FIND(hh, db.shared_subs, topics[0], strlen(topics[0]), subhier); ++ }else{ ++ HASH_FIND(hh, db.normal_subs, topics[0], strlen(topics[0]), subhier); ++ } + if(subhier){ + *reason = MQTT_RC_NO_SUBSCRIPTION_EXISTED; + rc = sub__remove_recurse(context, subhier, topics, reason, sharename); +@@ -656,7 +673,12 @@ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, i + */ + db__msg_store_ref_inc(*stored); + +- HASH_FIND(hh, db.subs, split_topics[0], strlen(split_topics[0]), subhier); ++ HASH_FIND(hh, db.normal_subs, split_topics[0], strlen(split_topics[0]), subhier); ++ if(subhier){ ++ rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored); ++ } ++ ++ HASH_FIND(hh, db.shared_subs, split_topics[0], strlen(split_topics[0]), subhier); + if(subhier){ + rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored); + } +diff --git a/test/unit/subs_test.c b/test/unit/subs_test.c +index 6095d62..45c0791 100644 +--- a/test/unit/subs_test.c ++++ b/test/unit/subs_test.c +@@ -60,10 +60,11 @@ static void TEST_sub_add_single(void) + + rc = sub__add(&context, "a/b/c/d/e", 0, 0, 0); + CU_ASSERT_EQUAL(rc, MOSQ_ERR_SUCCESS); +- CU_ASSERT_PTR_NOT_NULL(db.subs); +- if(db.subs){ +- sub = db.subs; +- ++ CU_ASSERT_PTR_NOT_NULL(db.shared_subs); ++ CU_ASSERT_PTR_NOT_NULL(db.normal_subs); ++ if(db.normal_subs){ ++ sub = db.normal_subs; ++ + hier_quick_check(&sub, NULL, ""); + hier_quick_check(&sub, NULL, ""); + hier_quick_check(&sub, NULL, "a"); diff -Nru mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch --- mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch 1970-01-01 00:00:00.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch 2025-05-11 19:31:01.000000000 +0000 @@ -0,0 +1,24 @@ +From: "Roger A. Light" +Date: Wed, 2 Oct 2024 11:08:06 +0100 +Subject: CVE-2024-8376-3of3 + +Origin: https://github.com/eclipse-mosquitto/mosquitto/commit/5eb40ee3d691fb3c2dc222685e7ffcf6e6a69a79 +Signed-off-by: Philippe Coval +--- + src/bridge.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/bridge.c b/src/bridge.c +index 0ec5284..cb39ad3 100644 +--- a/src/bridge.c ++++ b/src/bridge.c +@@ -189,8 +189,7 @@ int bridge__connect_step1(struct mosquitto *context) + context->bridge->topics[i].local_topic, + qos, + 0, +- MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED, +- &db.subs) > 0){ ++ MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED) > 0){ + return 1; + } + retain__queue(context, diff -Nru mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch --- mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch 2025-05-11 19:31:01.000000000 +0000 @@ -1,27 +1,29 @@ From: "Roger A. Light" Date: Tue, 10 Aug 2021 20:48:21 +0100 Subject: Fix CONNECT performance with many user-properties. + Origin: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 +Bug: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/637 Bug-Debian: https://bugs.debian.org/1001028 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-41039 -Bug: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/637 An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed. --- - ChangeLog.txt | 3 ++ - lib/property_mosq.c | 14 ++++----- - test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++ + lib/property_mosq.c | 14 ++++++------ + test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++++++++++ test/broker/Makefile | 1 + test/broker/test.py | 1 + - 5 files changed, 61 insertions(+), 7 deletions(-) - create mode 100755 test/broker/01-connect-575314.py + 4 files changed, 58 insertions(+), 7 deletions(-) + create mode 100644 test/broker/01-connect-575314.py +diff --git a/lib/property_mosq.c b/lib/property_mosq.c +index 0cfc9f9..5f0f24c 100644 --- a/lib/property_mosq.c +++ b/lib/property_mosq.c -@@ -959,14 +959,14 @@ int mosquitto_property_check_all(int com +@@ -959,14 +959,14 @@ int mosquitto_property_check_all(int command, const mosquitto_property *properti if(rc) return rc; /* Check for duplicates */ @@ -43,6 +45,9 @@ } p = p->next; +diff --git a/test/broker/01-connect-575314.py b/test/broker/01-connect-575314.py +new file mode 100644 +index 0000000..4a8f314 --- /dev/null +++ b/test/broker/01-connect-575314.py @@ -0,0 +1,49 @@ @@ -95,6 +100,8 @@ + +do_test() +exit(0) +diff --git a/test/broker/Makefile b/test/broker/Makefile +index e1501b4..1ee2dd2 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile @@ -20,6 +20,7 @@ ptest : test-compile @@ -105,6 +112,8 @@ ./01-connect-allow-anonymous.py ./01-connect-bad-packet.py ./01-connect-connack-2163.py +diff --git a/test/broker/test.py b/test/broker/test.py +index 91a4ca4..3dc0058 100755 --- a/test/broker/test.py +++ b/test/broker/test.py @@ -5,6 +5,7 @@ import ptest diff -Nru mosquitto-2.0.11/debian/patches/deb-test.patch mosquitto-2.0.11/debian/patches/deb-test.patch --- mosquitto-2.0.11/debian/patches/deb-test.patch 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/deb-test.patch 2025-05-11 19:31:01.000000000 +0000 @@ -1,111 +1,37 @@ -Description: Fix test paths for Debian. -Author: Roger Light +From: Roger Light +Date: Mon, 10 Mar 2025 22:52:17 +0100 +Subject: Fix test paths for Debian. + Forwarded: in-progress ---- a/test/mosq_test.py -+++ b/test/mosq_test.py -@@ -26,16 +26,16 @@ - delay = 0.1 - - if use_conf == True: -- cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] -+ cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] - - if port == 0: - port = 1888 - else: - if cmd is None and port != 0: -- cmd = ['../../src/mosquitto', '-v', '-p', str(port)] -+ cmd = ['/usr/sbin/mosquitto', '-v', '-p', str(port)] - elif cmd is None and port == 0: - port = 1888 -- cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] -+ cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] - elif cmd is not None and port == 0: - port = 1888 - ---- a/test/broker/c/Makefile -+++ b/test/broker/c/Makefile -@@ -34,7 +34,7 @@ - - - ${TESTS} : %.test: %.c -- $(CC) ${CFLAGS} $< -o $@ ../../../lib/libmosquitto.so.1 -+ $(CC) ${CFLAGS} $< -o $@ -lmosquitto - - - reallyclean : clean ---- a/test/lib/c/Makefile -+++ b/test/lib/c/Makefile -@@ -1,7 +1,7 @@ - .PHONY: all clean reallyclean - - CFLAGS=-I../../../include -Werror --LIBS=../../../lib/libmosquitto.so.1 -+LIBS=-lmosquitto - - SRC = \ - 01-con-discon-success.c \ ---- a/test/lib/cpp/Makefile -+++ b/test/lib/cpp/Makefile -@@ -1,7 +1,7 @@ - .PHONY: all test 01 02 03 04 08 09 clean reallyclean - - CFLAGS=-I../../../include -I../../../lib/cpp -DDEBUG --LIBS=../../../lib/libmosquitto.so.1 ../../../lib/cpp/libmosquittopp.so.1 -+LIBS=-lmosquitto -lmosquittopp - - all : 01 02 03 04 08 09 - ---- a/test/client/test.sh -+++ b/test/client/test.sh -@@ -11,7 +11,7 @@ - export SUB_TIMEOUT=1 - - # Start broker --../../src/mosquitto -p ${PORT} 2>/dev/null & -+/usr/sbin/mosquitto -p ${PORT} 2>/dev/null & - export MOSQ_PID=$! - sleep 0.5 - -@@ -20,28 +20,28 @@ - - - # Simple subscribe test - single message from $SYS --${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null -+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null - echo "Simple subscribe ok" - - # Simple publish/subscribe test - single message from mosquitto_pub --${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null & -+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null & - export SUB_PID=$! --${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test' -+/usr/bin/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test' - kill ${SUB_PID} 2>/dev/null || true - echo "Simple publish/subscribe ok" - - # Publish a file and subscribe, do we get at least that many lines? - export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1) --${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & -+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & - export SUB_PID=$! --${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh -+/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh - kill ${SUB_PID} 2>/dev/null || true - echo "File publish ok" - - # Publish a file from stdin and subscribe, do we get at least that many lines? - export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1) --${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & -+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & - export SUB_PID=$! --${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh -+/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh - kill ${SUB_PID} 2>/dev/null || true - echo "stdin publish ok" +--- + .../04-retain-check-source-persist-diff-port.py | 10 +++--- + test/broker/04-retain-check-source-persist.py | 10 +++--- + test/broker/04-retain-check-source.py | 6 ++-- + test/broker/04-retain-upgrade-outgoing-qos.py | 4 +-- + .../06-bridge-b2br-late-connection-retain.py | 8 ++--- + test/broker/06-bridge-clean-session.py | 8 ++--- + test/broker/06-bridge-reconnect-local-out.py | 4 +-- + test/broker/08-tls-psk-bridge.py | 10 +++--- + test/broker/11-message-expiry.py | 15 ++++---- + test/broker/11-persistent-subscription-no-local.py | 15 ++++---- + test/broker/11-persistent-subscription-v5.py | 15 ++++---- + test/broker/11-persistent-subscription.py | 15 ++++---- + test/broker/11-pub-props.py | 15 ++++---- + test/broker/11-subscription-id.py | 17 +++++---- + test/broker/Makefile | 40 +++++++++++----------- + test/broker/c/Makefile | 2 +- + test/client/test.sh | 16 ++++----- + test/lib/Makefile | 4 +-- + test/lib/c/Makefile | 2 +- + test/lib/cpp/Makefile | 2 +- + test/mosq_test.py | 6 ++-- + 21 files changed, 114 insertions(+), 110 deletions(-) + +diff --git a/test/broker/04-retain-check-source-persist-diff-port.py b/test/broker/04-retain-check-source-persist-diff-port.py +index efe1cfb..dacc617 100755 --- a/test/broker/04-retain-check-source-persist-diff-port.py +++ b/test/broker/04-retain-check-source-persist-diff-port.py -@@ -32,16 +32,16 @@ +@@ -32,16 +32,16 @@ def write_acl_2(filename, username): def do_test(proto_ver, per_listener, username): @@ -125,7 +51,7 @@ write_acl_1(acl_file, username) -@@ -65,7 +65,7 @@ +@@ -65,7 +65,7 @@ def do_test(proto_ver, per_listener, username): subscribe_packet = mosq_test.gen_subscribe(mid, "test/topic", 0, proto_ver=proto_ver) suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=proto_ver) @@ -134,7 +60,7 @@ try: sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port1) -@@ -85,7 +85,7 @@ +@@ -85,7 +85,7 @@ def do_test(proto_ver, per_listener, username): if os.path.isfile(persistence_file) == False: raise FileNotFoundError("Persistence file not written") @@ -143,9 +69,11 @@ sock = mosq_test.do_client_connect(connect2_packet, connack2_packet, port=port2) mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback 2") +diff --git a/test/broker/04-retain-check-source-persist.py b/test/broker/04-retain-check-source-persist.py +index 9e59441..21d6ab9 100755 --- a/test/broker/04-retain-check-source-persist.py +++ b/test/broker/04-retain-check-source-persist.py -@@ -29,16 +29,16 @@ +@@ -29,16 +29,16 @@ def write_acl_2(filename, username): def do_test(proto_ver, per_listener, username): @@ -165,7 +93,7 @@ write_acl_1(acl_file, username) -@@ -52,7 +52,7 @@ +@@ -52,7 +52,7 @@ def do_test(proto_ver, per_listener, username): subscribe_packet = mosq_test.gen_subscribe(mid, "test/topic", 0, proto_ver=proto_ver) suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=proto_ver) @@ -174,7 +102,7 @@ try: sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port) -@@ -70,7 +70,7 @@ +@@ -70,7 +70,7 @@ def do_test(proto_ver, per_listener, username): broker.terminate() broker.wait() @@ -183,9 +111,11 @@ sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port) mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback 2") +diff --git a/test/broker/04-retain-check-source.py b/test/broker/04-retain-check-source.py +index 5a7ed29..70a0cc1 100755 --- a/test/broker/04-retain-check-source.py +++ b/test/broker/04-retain-check-source.py -@@ -23,10 +23,10 @@ +@@ -23,10 +23,10 @@ def write_acl_2(filename): def do_test(proto_ver, per_listener): @@ -198,7 +128,7 @@ write_acl_1(acl_file) -@@ -40,7 +40,7 @@ +@@ -40,7 +40,7 @@ def do_test(proto_ver, per_listener): subscribe_packet = mosq_test.gen_subscribe(mid, "test/topic", 0, proto_ver=proto_ver) suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=proto_ver) @@ -207,9 +137,11 @@ try: sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port) +diff --git a/test/broker/04-retain-upgrade-outgoing-qos.py b/test/broker/04-retain-upgrade-outgoing-qos.py +index e2720bc..942507f 100755 --- a/test/broker/04-retain-upgrade-outgoing-qos.py +++ b/test/broker/04-retain-upgrade-outgoing-qos.py -@@ -14,7 +14,7 @@ +@@ -14,7 +14,7 @@ def write_config(filename, port): def do_test(proto_ver): port = mosq_test.get_port() @@ -218,7 +150,7 @@ write_config(conf_file, port) rc = 1 -@@ -29,7 +29,7 @@ +@@ -29,7 +29,7 @@ def do_test(proto_ver): publish_packet2 = mosq_test.gen_publish("retain/qos0/test", mid=1, qos=1, payload="retained message", retain=True, proto_ver=proto_ver) @@ -227,9 +159,11 @@ try: sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port) +diff --git a/test/broker/06-bridge-b2br-late-connection-retain.py b/test/broker/06-bridge-b2br-late-connection-retain.py +index 4beeb7c..5126abf 100755 --- a/test/broker/06-bridge-b2br-late-connection-retain.py +++ b/test/broker/06-bridge-b2br-late-connection-retain.py -@@ -35,8 +35,8 @@ +@@ -35,8 +35,8 @@ def do_test(proto_ver): proto_ver_connect = 5 (port1, port2) = mosq_test.get_port(2) @@ -240,7 +174,7 @@ rc = 1 keepalive = 60 -@@ -64,7 +64,7 @@ +@@ -64,7 +64,7 @@ def do_test(proto_ver): write_config1(conf_file, persistence_file, port1, port2) try: @@ -249,7 +183,7 @@ client = mosq_test.do_client_connect(c_connect_packet, c_connack_packet, timeout=20, port=port2) mosq_test.do_send_receive(client, publish_packet, puback_packet, "puback") client.close() -@@ -74,7 +74,7 @@ +@@ -74,7 +74,7 @@ def do_test(proto_ver): # Restart, with retained message in place write_config2(conf_file, persistence_file, port1, port2, bridge_protocol) @@ -258,9 +192,11 @@ (bridge, address) = ssock.accept() bridge.settimeout(20) +diff --git a/test/broker/06-bridge-clean-session.py b/test/broker/06-bridge-clean-session.py +index f61d504..be10416 100755 --- a/test/broker/06-bridge-clean-session.py +++ b/test/broker/06-bridge-clean-session.py -@@ -84,12 +84,12 @@ +@@ -84,12 +84,12 @@ def do_test(proto_ver, cs, lcs=None): (port_a_listen, port_b_listen) = mosq_test.get_port(2) @@ -277,9 +213,11 @@ write_config_core(conf_file_b, port_b_listen, persistence_file_b) AckedPair = namedtuple("AckedPair", "p ack") +diff --git a/test/broker/06-bridge-reconnect-local-out.py b/test/broker/06-bridge-reconnect-local-out.py +index 887470b..2a198e8 100755 --- a/test/broker/06-bridge-reconnect-local-out.py +++ b/test/broker/06-bridge-reconnect-local-out.py -@@ -11,7 +11,7 @@ +@@ -11,7 +11,7 @@ def write_config(filename, port1, port2, protocol_version): f.write("allow_anonymous true\n") f.write("\n") f.write("persistence true\n") @@ -288,7 +226,7 @@ f.write("\n") f.write("connection bridge_sample\n") f.write("address 127.0.0.1:%d\n" % (port1)) -@@ -48,7 +48,7 @@ +@@ -48,7 +48,7 @@ def do_test(proto_ver): broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port1, use_conf=False) @@ -297,6 +235,36 @@ local_broker = mosq_test.start_broker(cmd=local_cmd, filename=os.path.basename(__file__)+'_local1', use_conf=False, port=port2) if os.environ.get('MOSQ_USE_VALGRIND') is not None: time.sleep(5) +diff --git a/test/broker/08-tls-psk-bridge.py b/test/broker/08-tls-psk-bridge.py +index 56d3c19..cb23f51 100755 +--- a/test/broker/08-tls-psk-bridge.py ++++ b/test/broker/08-tls-psk-bridge.py +@@ -29,8 +29,8 @@ def write_config2(filename, port2, port3): + f.write("bridge_psk deadbeef\n") + + (port1, port2, port3) = mosq_test.get_port(3) +-conf_file1 = "08-tls-psk-bridge.conf" +-conf_file2 = "08-tls-psk-bridge.conf2" ++conf_file1 = "/tmp/08-tls-psk-bridge.conf" ++conf_file2 = "/tmp/08-tls-psk-bridge.conf2" + write_config1(conf_file1, port1, port2) + write_config2(conf_file2, port2, port3) + +@@ -54,9 +54,9 @@ suback_packet = mosq_test.gen_suback(mid, 0) + + publish_packet = mosq_test.gen_publish(topic="psk/test", payload="message", qos=0) + +-bridge_cmd = ['../../src/mosquitto', '-c', '08-tls-psk-bridge.conf2'] +-broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port1) +-bridge = mosq_test.start_broker(filename=os.path.basename(__file__)+'_bridge', cmd=bridge_cmd, port=port3) ++bridge_cmd = ['/usr/sbin/mosquitto', '-c', '/tmp/08-tls-psk-bridge.conf2'] ++broker = mosq_test.start_broker(filename=conf_file1, use_conf=True, port=port1) ++bridge = mosq_test.start_broker(filename=conf_file2+'_bridge', cmd=bridge_cmd, port=port3) + + pub = None + try: +diff --git a/test/broker/11-message-expiry.py b/test/broker/11-message-expiry.py +index 6523e82..21d7004 100755 --- a/test/broker/11-message-expiry.py +++ b/test/broker/11-message-expiry.py @@ -11,16 +11,17 @@ @@ -320,7 +288,7 @@ rc = 1 -@@ -53,8 +54,8 @@ +@@ -53,8 +54,8 @@ publish3_packet = mosq_test.gen_publish("subpub/qos1", mid=mid, qos=1, payload=" puback3_packet = mosq_test.gen_puback(mid) @@ -331,7 +299,7 @@ port = mosq_test.get_port() broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) -@@ -97,8 +98,8 @@ +@@ -97,8 +98,8 @@ finally: (stdo, stde) = broker.communicate() if rc: print(stde.decode('utf-8')) @@ -342,6 +310,8 @@ exit(rc) +diff --git a/test/broker/11-persistent-subscription-no-local.py b/test/broker/11-persistent-subscription-no-local.py +index 350ba5c..63059ad 100755 --- a/test/broker/11-persistent-subscription-no-local.py +++ b/test/broker/11-persistent-subscription-no-local.py @@ -5,16 +5,17 @@ @@ -365,7 +335,7 @@ rc = 1 keepalive = 60 -@@ -48,8 +49,8 @@ +@@ -48,8 +49,8 @@ mid = 2 publish2b_packet = mosq_test.gen_publish("subpub/local", qos=1, mid=mid, payload="message", proto_ver=5) puback2b_packet = mosq_test.gen_puback(mid, proto_ver=5) @@ -376,7 +346,7 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) -@@ -90,8 +91,8 @@ +@@ -90,8 +91,8 @@ finally: (stdo, stde) = broker.communicate() if rc: print(stde.decode('utf-8')) @@ -387,6 +357,8 @@ exit(rc) +diff --git a/test/broker/11-persistent-subscription-v5.py b/test/broker/11-persistent-subscription-v5.py +index 7cd9ae6..8bc4d8e 100755 --- a/test/broker/11-persistent-subscription-v5.py +++ b/test/broker/11-persistent-subscription-v5.py @@ -4,16 +4,17 @@ @@ -410,7 +382,7 @@ rc = 1 mid = 530 -@@ -35,8 +36,8 @@ +@@ -35,8 +36,8 @@ puback_packet = mosq_test.gen_puback(mid, proto_ver=5) mid = 1 publish_packet2 = mosq_test.gen_publish("subpub/qos1", qos=1, mid=mid, payload="message", proto_ver=5) @@ -421,7 +393,7 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) -@@ -67,8 +68,8 @@ +@@ -67,8 +68,8 @@ finally: (stdo, stde) = broker.communicate() if rc: print(stde.decode('utf-8')) @@ -432,6 +404,8 @@ exit(rc) +diff --git a/test/broker/11-persistent-subscription.py b/test/broker/11-persistent-subscription.py +index 2ec2871..a54b5b9 100755 --- a/test/broker/11-persistent-subscription.py +++ b/test/broker/11-persistent-subscription.py @@ -4,17 +4,18 @@ @@ -456,7 +430,7 @@ rc = 1 mid = 530 -@@ -35,8 +36,8 @@ +@@ -35,8 +36,8 @@ def do_test(proto_ver): mid = 1 publish_packet2 = mosq_test.gen_publish("subpub/qos1", qos=1, mid=mid, payload="message", proto_ver=proto_ver) @@ -467,7 +441,7 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) -@@ -65,8 +66,8 @@ +@@ -65,8 +66,8 @@ def do_test(proto_ver): broker.terminate() broker.wait() (stdo, stde) = broker.communicate() @@ -478,6 +452,8 @@ if rc: print(stde.decode('utf-8')) print("proto_ver=%d" % (proto_ver)) +diff --git a/test/broker/11-pub-props.py b/test/broker/11-pub-props.py +index 1b76fa2..541719f 100755 --- a/test/broker/11-pub-props.py +++ b/test/broker/11-pub-props.py @@ -4,16 +4,17 @@ @@ -501,7 +477,7 @@ rc = 1 keepalive = 60 -@@ -37,8 +38,8 @@ +@@ -37,8 +38,8 @@ mid = 1 subscribe_packet = mosq_test.gen_subscribe(mid, "subpub/qos1", 0, proto_ver=5) suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=5) @@ -512,7 +488,7 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) -@@ -72,8 +73,8 @@ +@@ -72,8 +73,8 @@ finally: (stdo, stde) = broker.communicate() if rc: print(stde.decode('utf-8')) @@ -523,6 +499,8 @@ exit(rc) +diff --git a/test/broker/11-subscription-id.py b/test/broker/11-subscription-id.py +index ed17842..4b9ad16 100755 --- a/test/broker/11-subscription-id.py +++ b/test/broker/11-subscription-id.py @@ -4,16 +4,17 @@ @@ -546,7 +524,7 @@ rc = 1 keepalive = 60 -@@ -42,8 +43,8 @@ +@@ -42,8 +43,8 @@ helper_publish_packet = mosq_test.gen_publish("subpub/qos1", qos=1, mid=mid, pay helper_puback_packet = mosq_test.gen_puback(mid, proto_ver=5) @@ -557,7 +535,7 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) -@@ -77,10 +78,8 @@ +@@ -77,10 +78,8 @@ finally: (stdo, stde) = broker.communicate() if rc: print(stde.decode('utf-8')) @@ -570,9 +548,11 @@ exit(rc) - +diff --git a/test/broker/Makefile b/test/broker/Makefile +index d012c91..c935247 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile -@@ -120,13 +120,13 @@ +@@ -120,13 +120,13 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14 06 : ./06-bridge-b2br-disconnect-qos1.py ./06-bridge-b2br-disconnect-qos2.py @@ -588,7 +568,7 @@ ./06-bridge-fail-persist-resend-qos1.py ./06-bridge-fail-persist-resend-qos2.py ./06-bridge-no-local.py -@@ -156,9 +156,9 @@ +@@ -156,9 +156,9 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14 ifeq ($(WITH_TLS),yes) ./08-ssl-bridge.py ./08-ssl-connect-cert-auth-crl.py @@ -601,7 +581,7 @@ ./08-ssl-connect-cert-auth.py ./08-ssl-connect-identity.py ./08-ssl-connect-no-auth-wrong-ca.py -@@ -229,20 +229,20 @@ +@@ -229,20 +229,20 @@ endif 14 : ifeq ($(WITH_TLS),yes) ifeq ($(WITH_CJSON),yes) @@ -637,9 +617,73 @@ + #./14-dynsec-role-invalid.py endif endif +diff --git a/test/broker/c/Makefile b/test/broker/c/Makefile +index 6a561ba..1e8aa61 100644 +--- a/test/broker/c/Makefile ++++ b/test/broker/c/Makefile +@@ -34,7 +34,7 @@ ${PLUGINS} : %.so: %.c + + + ${TESTS} : %.test: %.c +- $(CC) ${CFLAGS} $< -o $@ ../../../lib/libmosquitto.so.1 ++ $(CC) ${CFLAGS} $< -o $@ -lmosquitto + + + reallyclean : clean +diff --git a/test/client/test.sh b/test/client/test.sh +index 53ee84b..ed97cad 100755 +--- a/test/client/test.sh ++++ b/test/client/test.sh +@@ -11,7 +11,7 @@ export PORT=1888 + export SUB_TIMEOUT=1 + + # Start broker +-../../src/mosquitto -p ${PORT} 2>/dev/null & ++/usr/sbin/mosquitto -p ${PORT} 2>/dev/null & + export MOSQ_PID=$! + sleep 0.5 + +@@ -20,28 +20,28 @@ trap "kill $MOSQ_PID" EXIT + + + # Simple subscribe test - single message from $SYS +-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null ++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null + echo "Simple subscribe ok" + + # Simple publish/subscribe test - single message from mosquitto_pub +-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null & ++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null & + export SUB_PID=$! +-${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test' ++/usr/bin/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test' + kill ${SUB_PID} 2>/dev/null || true + echo "Simple publish/subscribe ok" + + # Publish a file and subscribe, do we get at least that many lines? + export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1) +-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & ++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & + export SUB_PID=$! +-${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh ++/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh + kill ${SUB_PID} 2>/dev/null || true + echo "File publish ok" + + # Publish a file from stdin and subscribe, do we get at least that many lines? + export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1) +-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & ++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null & + export SUB_PID=$! +-${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh ++/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh + kill ${SUB_PID} 2>/dev/null || true + echo "stdin publish ok" +diff --git a/test/lib/Makefile b/test/lib/Makefile +index 93603f5..e742ae3 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile -@@ -33,7 +33,7 @@ +@@ -33,7 +33,7 @@ c : test-compile ./02-subscribe-qos0.py $@/02-subscribe-qos0.test ./02-subscribe-qos1.py $@/02-subscribe-qos1.test ./02-subscribe-qos1.py $@/02-subscribe-qos1-async1.test @@ -648,7 +692,7 @@ ./02-subscribe-qos2.py $@/02-subscribe-qos2.test ./02-unsubscribe-multiple-v5.py $@/02-unsubscribe-multiple-v5.test ./02-unsubscribe-v5.py $@/02-unsubscribe-v5.test -@@ -50,7 +50,7 @@ +@@ -50,7 +50,7 @@ c : test-compile ./03-publish-c2b-qos2-disconnect.py $@/03-publish-c2b-qos2-disconnect.test ./03-publish-c2b-qos2-len.py $@/03-publish-c2b-qos2-len.test ./03-publish-c2b-qos2-maximum-qos-0.py $@/03-publish-c2b-qos2-maximum-qos-0.test @@ -657,29 +701,53 @@ ./03-publish-c2b-qos2-pubrec-error.py $@/03-publish-c2b-qos2-pubrec-error.test ./03-publish-c2b-qos2-receive-maximum-1.py $@/03-publish-c2b-qos2-receive-maximum-1.test ./03-publish-c2b-qos2-receive-maximum-2.py $@/03-publish-c2b-qos2-receive-maximum-2.test ---- a/test/broker/08-tls-psk-bridge.py -+++ b/test/broker/08-tls-psk-bridge.py -@@ -29,8 +29,8 @@ - f.write("bridge_psk deadbeef\n") +diff --git a/test/lib/c/Makefile b/test/lib/c/Makefile +index 6c09e80..5dc3077 100644 +--- a/test/lib/c/Makefile ++++ b/test/lib/c/Makefile +@@ -1,7 +1,7 @@ + .PHONY: all clean reallyclean - (port1, port2, port3) = mosq_test.get_port(3) --conf_file1 = "08-tls-psk-bridge.conf" --conf_file2 = "08-tls-psk-bridge.conf2" -+conf_file1 = "/tmp/08-tls-psk-bridge.conf" -+conf_file2 = "/tmp/08-tls-psk-bridge.conf2" - write_config1(conf_file1, port1, port2) - write_config2(conf_file2, port2, port3) + CFLAGS=-I../../../include -Werror +-LIBS=../../../lib/libmosquitto.so.1 ++LIBS=-lmosquitto -@@ -54,9 +54,9 @@ + SRC = \ + 01-con-discon-success.c \ +diff --git a/test/lib/cpp/Makefile b/test/lib/cpp/Makefile +index c4ae14c..022d103 100644 +--- a/test/lib/cpp/Makefile ++++ b/test/lib/cpp/Makefile +@@ -1,7 +1,7 @@ + .PHONY: all test 01 02 03 04 08 09 clean reallyclean - publish_packet = mosq_test.gen_publish(topic="psk/test", payload="message", qos=0) + CFLAGS=-I../../../include -I../../../lib/cpp -DDEBUG +-LIBS=../../../lib/libmosquitto.so.1 ../../../lib/cpp/libmosquittopp.so.1 ++LIBS=-lmosquitto -lmosquittopp --bridge_cmd = ['../../src/mosquitto', '-c', '08-tls-psk-bridge.conf2'] --broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port1) --bridge = mosq_test.start_broker(filename=os.path.basename(__file__)+'_bridge', cmd=bridge_cmd, port=port3) -+bridge_cmd = ['/usr/sbin/mosquitto', '-c', '/tmp/08-tls-psk-bridge.conf2'] -+broker = mosq_test.start_broker(filename=conf_file1, use_conf=True, port=port1) -+bridge = mosq_test.start_broker(filename=conf_file2+'_bridge', cmd=bridge_cmd, port=port3) + all : 01 02 03 04 08 09 + +diff --git a/test/mosq_test.py b/test/mosq_test.py +index 52dcca0..ed38044 100644 +--- a/test/mosq_test.py ++++ b/test/mosq_test.py +@@ -26,16 +26,16 @@ def start_broker(filename, cmd=None, port=0, use_conf=False, expect_fail=False): + delay = 0.1 + + if use_conf == True: +- cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] ++ cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] + + if port == 0: + port = 1888 + else: + if cmd is None and port != 0: +- cmd = ['../../src/mosquitto', '-v', '-p', str(port)] ++ cmd = ['/usr/sbin/mosquitto', '-v', '-p', str(port)] + elif cmd is None and port == 0: + port = 1888 +- cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] ++ cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')] + elif cmd is not None and port == 0: + port = 1888 - pub = None - try: diff -Nru mosquitto-2.0.11/debian/patches/debian-config.patch mosquitto-2.0.11/debian/patches/debian-config.patch --- mosquitto-2.0.11/debian/patches/debian-config.patch 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/debian-config.patch 2025-05-11 19:31:01.000000000 +0000 @@ -1,9 +1,19 @@ -Description: Set local configuration. -Author: Roger Light +From: Roger Light +Date: Mon, 10 Mar 2025 22:52:16 +0100 +Subject: Set local configuration. + Forwarded: not-needed +--- + Makefile | 1 + + debian.conf | 10 ++++++++++ + 2 files changed, 11 insertions(+) + create mode 100644 debian.conf + +diff --git a/Makefile b/Makefile +index 3b206b3..4cc1d42 100644 --- a/Makefile +++ b/Makefile -@@ -94,6 +94,7 @@ +@@ -94,6 +94,7 @@ ifeq ($(WITH_DOCS),yes) endif $(INSTALL) -d "${DESTDIR}/etc/mosquitto" $(INSTALL) -m 644 mosquitto.conf "${DESTDIR}/etc/mosquitto/mosquitto.conf.example" @@ -11,6 +21,9 @@ $(INSTALL) -m 644 aclfile.example "${DESTDIR}/etc/mosquitto/aclfile.example" $(INSTALL) -m 644 pwfile.example "${DESTDIR}/etc/mosquitto/pwfile.example" $(INSTALL) -m 644 pskfile.example "${DESTDIR}/etc/mosquitto/pskfile.example" +diff --git a/debian.conf b/debian.conf +new file mode 100644 +index 0000000..4795129 --- /dev/null +++ b/debian.conf @@ -0,0 +1,10 @@ diff -Nru mosquitto-2.0.11/debian/patches/missing-test.patch mosquitto-2.0.11/debian/patches/missing-test.patch --- mosquitto-2.0.11/debian/patches/missing-test.patch 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/missing-test.patch 2025-05-11 19:31:01.000000000 +0000 @@ -1,9 +1,17 @@ -Description: Fix missing upstream test. -Author: Roger Light +From: Roger Light +Date: Mon, 10 Mar 2025 22:52:17 +0100 +Subject: Fix missing upstream test. + Forwarded: not-needed +--- + test/broker/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/broker/Makefile b/test/broker/Makefile +index c935247..e1501b4 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile -@@ -135,7 +135,7 @@ +@@ -135,7 +135,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14 ./06-bridge-reconnect-local-out.py 07 : diff -Nru mosquitto-2.0.11/debian/patches/series mosquitto-2.0.11/debian/patches/series --- mosquitto-2.0.11/debian/patches/series 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/series 2025-05-11 19:31:01.000000000 +0000 @@ -9,3 +9,13 @@ CVE-2023-0809.patch CVE-2023-28366.patch CVE-2023-28366-regression.patch +CVE-2024-8376-1of3.patch +CVE-2024-8376-2of3.patch +CVE-2024-8376-3of3.patch +0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch +0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch +0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch +0018-Further-fix-for-CVE-2023-28366.patch +0019-Fixed-issue-in-CA-cert.-creation.patch +0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch +0021-Remove-generated-ssl-certs.patch diff -Nru mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch --- mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch 2025-05-11 19:31:01.000000000 +0000 @@ -1,23 +1,44 @@ -Description: Replace uses of ssl.wrap_socket by ssl.SSLContext.wrap_socket - The function ssl.wrap_socket() is deprecated starting Python 3.7 because it - does not support hostname matching (which is considered insecure). In Python - 3.10, the function now throws warnings at runtime, which makes autopkgtest - fail. - - The function ssl.SSLContext.wrap_socket comes in as the replacement and - has support for SNI and hostname matching. - - Replaced all uses of ssl.wrap_socket() by equivalent using - ssl.SSLContext.wrap_socket(). +From: "Roger A. Light" +Date: Mon, 10 Mar 2025 22:52:17 +0100 +Subject: Replace uses of ssl.wrap_socket by ssl.SSLContext.wrap_socket + +The function ssl.wrap_socket() is deprecated starting Python 3.7 because it +does not support hostname matching (which is considered insecure). In Python +3.10, the function now throws warnings at runtime, which makes autopkgtest +fail. + +The function ssl.SSLContext.wrap_socket comes in as the replacement and +has support for SNI and hostname matching. +Replaced all uses of ssl.wrap_socket() by equivalent using +ssl.SSLContext.wrap_socket(). Author: Olivier Gayot Bug-Ubuntu: https://launchpad.net/bugs/1960214 Forwarded: https://github.com/eclipse/mosquitto/pull/2451 Last-Update: 2022-02-07 +--- + test/broker/08-ssl-bridge.py | 4 +++- + test/broker/08-ssl-connect-cert-auth-crl.py | 4 +++- + test/broker/08-ssl-connect-cert-auth-expired.py | 4 +++- + test/broker/08-ssl-connect-cert-auth-revoked.py | 4 +++- + test/broker/08-ssl-connect-cert-auth-without.py | 3 ++- + test/broker/08-ssl-connect-cert-auth.py | 4 +++- + test/broker/08-ssl-connect-identity.py | 4 +++- + test/broker/08-ssl-connect-no-auth-wrong-ca.py | 3 ++- + test/broker/08-ssl-connect-no-auth.py | 3 ++- + test/broker/08-ssl-connect-no-identity.py | 3 ++- + test/broker/08-ssl-hup-disconnect.py | 4 +++- + test/lib/08-ssl-connect-cert-auth-enc.py | 7 ++++--- + test/lib/08-ssl-connect-cert-auth.py | 7 ++++--- + test/lib/08-ssl-connect-no-auth.py | 4 +++- + test/lib/08-ssl-fake-cacert.py | 7 ++++--- + 15 files changed, 44 insertions(+), 21 deletions(-) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-bridge.py -+++ mosquitto-2.0.11/test/broker/08-ssl-bridge.py -@@ -34,7 +34,9 @@ publish_packet = mosq_test.gen_publish(" +diff --git a/test/broker/08-ssl-bridge.py b/test/broker/08-ssl-bridge.py +index c48e7de..4cbe52e 100755 +--- a/test/broker/08-ssl-bridge.py ++++ b/test/broker/08-ssl-bridge.py +@@ -34,7 +34,9 @@ publish_packet = mosq_test.gen_publish("bridge/ssl/test", qos=0, payload="messag sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) @@ -28,9 +49,11 @@ ssock.settimeout(20) ssock.bind(('', port1)) ssock.listen(5) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-crl.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-crl.py -@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-cert-auth-crl.py b/test/broker/08-ssl-connect-cert-auth-crl.py +index 6c348a3..0cb448e 100755 +--- a/test/broker/08-ssl-connect-cert-auth-crl.py ++++ b/test/broker/08-ssl-connect-cert-auth-crl.py +@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -41,9 +64,11 @@ ssock.settimeout(20) ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-expired.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-expired.py -@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-cert-auth-expired.py b/test/broker/08-ssl-connect-cert-auth-expired.py +index c7be02a..41e6636 100755 +--- a/test/broker/08-ssl-connect-cert-auth-expired.py ++++ b/test/broker/08-ssl-connect-cert-auth-expired.py +@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -54,9 +79,11 @@ ssock.settimeout(20) try: ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-revoked.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-revoked.py -@@ -30,7 +30,9 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-cert-auth-revoked.py b/test/broker/08-ssl-connect-cert-auth-revoked.py +index 76788bc..9273454 100755 +--- a/test/broker/08-ssl-connect-cert-auth-revoked.py ++++ b/test/broker/08-ssl-connect-cert-auth-revoked.py +@@ -30,7 +30,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -67,9 +94,11 @@ ssock.settimeout(20) try: ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-without.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-without.py -@@ -28,7 +28,8 @@ connect_packet = mosq_test.gen_connect(" +diff --git a/test/broker/08-ssl-connect-cert-auth-without.py b/test/broker/08-ssl-connect-cert-auth-without.py +index 932dee2..3e6bf6a 100755 +--- a/test/broker/08-ssl-connect-cert-auth-without.py ++++ b/test/broker/08-ssl-connect-cert-auth-without.py +@@ -28,7 +28,8 @@ connect_packet = mosq_test.gen_connect("connect-cert-test", keepalive=keepalive) broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -79,9 +108,11 @@ ssock.settimeout(20) try: ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth.py -@@ -32,7 +32,9 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-cert-auth.py b/test/broker/08-ssl-connect-cert-auth.py +index bf7c67b..26651c3 100755 +--- a/test/broker/08-ssl-connect-cert-auth.py ++++ b/test/broker/08-ssl-connect-cert-auth.py +@@ -32,7 +32,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -92,9 +123,11 @@ ssock.settimeout(20) ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-identity.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-identity.py -@@ -33,7 +33,9 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-identity.py b/test/broker/08-ssl-connect-identity.py +index f1bc53d..ba2cbb2 100755 +--- a/test/broker/08-ssl-connect-identity.py ++++ b/test/broker/08-ssl-connect-identity.py +@@ -33,7 +33,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -105,9 +138,11 @@ ssock.settimeout(20) ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-no-auth-wrong-ca.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-no-auth-wrong-ca.py -@@ -29,7 +29,8 @@ connack_packet = mosq_test.gen_connack(r +diff --git a/test/broker/08-ssl-connect-no-auth-wrong-ca.py b/test/broker/08-ssl-connect-no-auth-wrong-ca.py +index 30e3e31..7a18ae6 100755 +--- a/test/broker/08-ssl-connect-no-auth-wrong-ca.py ++++ b/test/broker/08-ssl-connect-no-auth-wrong-ca.py +@@ -29,7 +29,8 @@ connack_packet = mosq_test.gen_connack(rc=0) broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -117,9 +152,11 @@ ssock.settimeout(20) try: ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-no-auth.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-no-auth.py -@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-no-auth.py b/test/broker/08-ssl-connect-no-auth.py +index 8990afe..7b70b32 100755 +--- a/test/broker/08-ssl-connect-no-auth.py ++++ b/test/broker/08-ssl-connect-no-auth.py +@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -129,9 +166,11 @@ ssock.settimeout(20) ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-no-identity.py -+++ mosquitto-2.0.11/test/broker/08-ssl-connect-no-identity.py -@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename +diff --git a/test/broker/08-ssl-connect-no-identity.py b/test/broker/08-ssl-connect-no-identity.py +index fcb8f4f..ae34d59 100755 +--- a/test/broker/08-ssl-connect-no-identity.py ++++ b/test/broker/08-ssl-connect-no-identity.py +@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -141,8 +180,10 @@ ssock.settimeout(20) ssock.connect(("localhost", port1)) ---- mosquitto-2.0.11.orig/test/broker/08-ssl-hup-disconnect.py -+++ mosquitto-2.0.11/test/broker/08-ssl-hup-disconnect.py +diff --git a/test/broker/08-ssl-hup-disconnect.py b/test/broker/08-ssl-hup-disconnect.py +index b9bacd4..648556b 100755 +--- a/test/broker/08-ssl-hup-disconnect.py ++++ b/test/broker/08-ssl-hup-disconnect.py @@ -43,7 +43,9 @@ def do_test(option): try: @@ -154,9 +195,11 @@ ssock.settimeout(20) ssock.connect(("localhost", port)) mosq_test.do_send_receive(ssock, connect_packet, connack_packet, "connack") ---- mosquitto-2.0.11.orig/test/lib/08-ssl-connect-cert-auth-enc.py -+++ mosquitto-2.0.11/test/lib/08-ssl-connect-cert-auth-enc.py -@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_discon +diff --git a/test/lib/08-ssl-connect-cert-auth-enc.py b/test/lib/08-ssl-connect-cert-auth-enc.py +index fad6b8b..ad51e12 100755 +--- a/test/lib/08-ssl-connect-cert-auth-enc.py ++++ b/test/lib/08-ssl-connect-cert-auth-enc.py +@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) @@ -170,9 +213,11 @@ ssock.settimeout(10) ssock.bind(('', port)) ssock.listen(5) ---- mosquitto-2.0.11.orig/test/lib/08-ssl-connect-cert-auth.py -+++ mosquitto-2.0.11/test/lib/08-ssl-connect-cert-auth.py -@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_discon +diff --git a/test/lib/08-ssl-connect-cert-auth.py b/test/lib/08-ssl-connect-cert-auth.py +index dba818c..f96942e 100755 +--- a/test/lib/08-ssl-connect-cert-auth.py ++++ b/test/lib/08-ssl-connect-cert-auth.py +@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) @@ -186,9 +231,11 @@ ssock.settimeout(10) ssock.bind(('', port)) ssock.listen(5) ---- mosquitto-2.0.11.orig/test/lib/08-ssl-connect-no-auth.py -+++ mosquitto-2.0.11/test/lib/08-ssl-connect-no-auth.py -@@ -25,7 +25,9 @@ disconnect_packet = mosq_test.gen_discon +diff --git a/test/lib/08-ssl-connect-no-auth.py b/test/lib/08-ssl-connect-no-auth.py +index d994a5b..17a68d1 100755 +--- a/test/lib/08-ssl-connect-no-auth.py ++++ b/test/lib/08-ssl-connect-no-auth.py +@@ -25,7 +25,9 @@ disconnect_packet = mosq_test.gen_disconnect() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) @@ -199,8 +246,10 @@ ssock.settimeout(10) ssock.bind(('', port)) ssock.listen(5) ---- mosquitto-2.0.11.orig/test/lib/08-ssl-fake-cacert.py -+++ mosquitto-2.0.11/test/lib/08-ssl-fake-cacert.py +diff --git a/test/lib/08-ssl-fake-cacert.py b/test/lib/08-ssl-fake-cacert.py +index a130667..9b97870 100755 +--- a/test/lib/08-ssl-fake-cacert.py ++++ b/test/lib/08-ssl-fake-cacert.py @@ -10,9 +10,10 @@ if sys.version < '2.7': sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) diff -Nru mosquitto-2.0.11/debian/tests/broker mosquitto-2.0.11/debian/tests/broker --- mosquitto-2.0.11/debian/tests/broker 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/tests/broker 2025-05-11 19:31:01.000000000 +0000 @@ -3,4 +3,5 @@ # not executable. As workaround until rebaing to new upstream # version, make all py files executable chmod -c 755 -- test/broker/*.py +make -C test ssl 2> /dev/null make -C test/broker test diff -Nru mosquitto-2.0.11/debian/tests/client mosquitto-2.0.11/debian/tests/client --- mosquitto-2.0.11/debian/tests/client 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/tests/client 2025-05-11 19:31:01.000000000 +0000 @@ -1 +1,2 @@ +make -C test ssl 2> /dev/null make -C test/client test diff -Nru mosquitto-2.0.11/debian/tests/library mosquitto-2.0.11/debian/tests/library --- mosquitto-2.0.11/debian/tests/library 2023-09-30 17:28:09.000000000 +0000 +++ mosquitto-2.0.11/debian/tests/library 2025-05-11 19:31:01.000000000 +0000 @@ -1 +1,2 @@ +make -C test ssl 2> /dev/null make -C test/lib test