Fedora/GnuTLS:
script:
+ - dnf -y install swtpm swtpm-tools
- ./autogen.sh
- ./configure --with-java --disable-dsa-tests --without-gnutls-version-check --enable-ppp-tests CFLAGS=-g
- make tmp-distdir
Fedora/GnuTLS/ibmtss:
script:
+ - dnf -y install swtpm swtpm-tools
- ./autogen.sh
- ./configure --with-java --disable-dsa-tests --without-gnutls-version-check --enable-ppp-tests CFLAGS=-g
- make tmp-distdir
AM_CONDITIONAL(OPENCONNECT_TSS2_ESYS, [ test "$tss2lib" = "tss2-esys" ])
AM_CONDITIONAL(OPENCONNECT_TSS2_IBM, [ test "$tss2lib" = "ibmtss" -o "$tss2lib" = "tss" ])
+AC_PATH_PROG(SWTPM, swtpm)
+SWTPM_IOCTL=""
+if test "$SWTPM" != ""; then
+ AC_PATH_PROG(SWTPM_IOCTL, swtpm_ioctl)
+fi
+
+# The Intel/TCG TSS can only *create* keys
+AC_PATH_PROG(TPM2TSS_GENKEY, tpm2tss-genkey)
+# James's one can import them too.
+AC_PATH_PROG(CREATE_TPM2_KEY, create_tpm2_key)
+
+AC_ARG_ENABLE([hwtpm-test],
+ AS_HELP_STRING([--enable-hwtpm-test], [Test TPM support using real TPMv2 [default=no]]),
+ [test_hwtpm=$enableval], [test_hwtpm=no])
+
+if test "$test_hwtpm" = "yes" -a "$TPM2TSS_GENKEY$CREATE_TPM2_KEY" = ""; then
+ AC_MSG_ERROR([Hardware TPM test requires tpm2tss-genkey and/or create_tpm2_key tools])
+fi
+
+AM_CONDITIONAL(TEST_HWTPM, [ test "$test_hwtpm" = "yes" ])
+AM_CONDITIONAL(TEST_SWTPM, [ test "$SWTPM_IOCTL" != "" ])
+AM_CONDITIONAL(TEST_TPM2_IMPORT, [ test "$TPM2TSS_GENKEY" != "" ])
+AM_CONDITIONAL(TEST_TPM2_CREATE, [ test "$CREATE_TPM2_KEY" != "" ])
+
test_pkcs11=
if test "$pkcs11_support" != ""; then
AC_CHECK_PROG(test_pkcs11, softhsm2-util, yes)
%endif
%if %{use_tss2_esys}
# https://bugzilla.redhat.com/show_bug.cgi?id=1638961
-BuildRequires: pkgconfig(tss2-esys) libgcrypt-devel
+BuildRequires: pkgconfig(tss2-esys) pkgconfig(tss2-tctildr) pkgconfig(tss2-mu) libgcrypt-devel swtpm
%endif
%description
$(certsdir)/ec-key-pkcs8-pbes2-sha1.pem $(certsdir)/ec-key-pkcs8-pbes2-sha1.der \
$(certsdir)/ec-key-aes256-cbc-sha256.p12
+SWTPM_KEYS = $(certsdir)/ec-key-swtpm.pem $(certsdir)/swtpm-ec-key-tpm.pem $(certsdir)/swtpm-rsa-key-tpm.pem
+SWTPM_CERTS = $(certsdir)/swtpm-ec-cert.pem $(certsdir)/swtpm-rsa-cert.pem
+
+HWTPM_KEYS =
+HWTPM_CERTS =
+
+# Importing the existing EC key (not DSA since it's ancient and not RSA because
+# the TPM probably can't cope with 2432-bit keys).
+if TEST_TPM2_IMPORT
+HWTPM_KEYS += ec-key-hwtpm.pem
+endif
+
+# Creating new keys in TPM.
+if TEST_TPM2_CREATE
+HWTPM_KEYS += hwtpm-ec-key-tpm.pem hwtpm-rsa-key-tpm.pem
+HWTPM_CERTS += hwtpm-ec-cert.pem hwtpm-rsa-cert.pem
+endif
+
USER_CERTS = $(certsdir)/user-cert.pem $(certsdir)/dsa-cert.pem $(certsdir)/ec-cert.pem
EXTRA_DIST = certs/ca.pem certs/ca-key.pem certs/user-cert.pem $(USER_KEYS) $(USER_CERTS) \
$(OSSL_KEYS) $(DSA_KEYS) $(certsdir)/user-key-nonascii-password.p12 \
- pass-UTF-8 pass-ISO8859-2 \
+ pass-UTF-8 pass-ISO8859-2 $(SWTPM_KEYS) $(SWTPM_CERTS) swtpm-perm.state \
certs/server-cert.pem certs/server-key.pem configs/test1.passwd \
common.sh configs/test-user-cert.config configs/test-user-pass.config \
configs/test-obsolete-server-crypto.config \
fake-juniper-sso-server.py fake-tncc.py fake-gp-server.py
dist_check_SCRIPTS = autocompletion
+TESTS = autocompletion
-if HAVE_NETNS
dist_check_SCRIPTS += dtls-psk sigterm
+if HAVE_NETNS
+TESTS += dtls-psk sigterm
endif
-if TEST_PPP
dist_check_SCRIPTS += ppp-over-tls
+if TEST_PPP
+TESTS += ppp-over-tls
endif
+dist_check_SCRIPTS += auth-username-pass auth-certificate auth-nonascii cert-fingerprint \
+ id-test obsolete-server-crypto pfs auth-swtpm auth-hwtpm fortinet-auth-and-config \
+ f5-auth-and-config juniper-auth juniper-sso-auth gp-auth-and-config auth-pkcs11
+
if HAVE_CWRAP
-dist_check_SCRIPTS += auth-username-pass auth-certificate auth-nonascii cert-fingerprint id-test obsolete-server-crypto pfs
+TESTS += auth-username-pass auth-certificate auth-nonascii cert-fingerprint id-test \
+ obsolete-server-crypto pfs
+
+if TEST_SWTPM
+TESTS += auth-swtpm
+# The rules for swtpm-perm.state are not invoked during normal builds since
+# the files are already present in git.
+auth-swtpm: swtpm-perm.state
+endif
+
+if TEST_HWTPM
+# This is only invoked *manually* with 'make TESTS=auth-hwtpm check'.
+TESTS += auth-hwtpm
+# These files are generated locally against the real TPM.
+auth-hwtpm: $(HWTPM_CERTS) $(HWTPM_KEYS)
+endif
if HAVE_PYTHON36_FLASK
-dist_check_SCRIPTS += fortinet-auth-and-config
-dist_check_SCRIPTS += f5-auth-and-config
-dist_check_SCRIPTS += juniper-auth
-dist_check_SCRIPTS += juniper-sso-auth
-dist_check_SCRIPTS += gp-auth-and-config
+TESTS += fortinet-auth-and-config f5-auth-and-config juniper-auth juniper-sso-auth gp-auth-and-config
endif
if TEST_PKCS11
-dist_check_SCRIPTS += auth-pkcs11
+TESTS += auth-pkcs11
PKCS11_TOKENS = openconnect-test openconnect-test1
TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
top_builddir="$(top_builddir)" \
key_list="$(USER_KEYS)" \
+ swtpm_list="$(SWTPM_KEYS)" \
+ hwtpm_list="$(HWTPM_KEYS)" \
+ SWTPM="$(SWTPM)" \
+ SWTPM_IOCTL="$(SWTPM_IOCTL)" \
pkcs11_keys="$(PKCS11_KEYS)" \
pkcs11_tokens="$(PKCS11_TOKENS)" \
EXEEXT=$(EXEEXT) \
endif
endif
-TESTS = $(dist_check_SCRIPTS) $(C_TESTS)
+TESTS += $(C_TESTS)
noinst_PROGRAMS = $(C_TESTS) serverhash
keyfiles: $(USER_KEYS) $(USER_CERTS) $(certsdir)/server-cert.pem
-
OPENSSL = openssl
OSSLARGS = -in $< -out $@ -passout pass:password
OSSLARGSP12 = -inkey $< -out $@ -in $${KEYFILE%-key-pkcs8.pem}-cert.pem -passout pass:$${PASSWORD%-password}
-extfile $(srcdir)/configs/server-cert.prm -extensions req_EXT \
-set_serial $(shell date +%s) -req -out $@ -in $@.csr
+# Like most of the rules to generate keys/certs, the swtpm rules are
+# dormant for most builds; they were used once to generate the state
+# which is committed to git and used thereafter (just like the cert
+# files and the SoftHSM state). The rules here are to ensure that
+# what gets committed was reproducible, and to document how it was
+# created. So for swtpm, we need to:
+#
+# • Start a new swtpm
+# • Import/create the keys
+# • Generate CSRs from the created keys
+# • Extract the swtpm state to 'swtpm-perm.state'
+# • Shut down the swtpm
+#
+# These rules attempt to do that, keeping variants of the existing
+# CSR/cert generation rules for the middle parts.
+
+SWTPM_TMPDIR := $(shell echo swtpm.$$$$.tmp)
+SWTPM_PRELOAD := LD_PRELOAD=libsocket_wrapper.so SOCKET_WRAPPER_DIR=$(SWTPM_TMPDIR) \
+ TPM_INTERFACE_TYPE=socsim TPM2TSSENGINE_TCTI=swtpm
+
+SWTPM_IOCTL_RUN = $(SWTPM_PRELOAD) $(SWTPM_IOCTL) --tcp 127.0.0.1:2322
+
+# This isn't safe for parallel builds, as it is invoked in mulltiple
+# places and has an obvious race condition. However, this is only for
+# the one-time setup of the persistent swtpm state, and I can remember
+# not to use 'make -j' that one time. Fixing it to be a proper
+# separate 'tpm-started' phony rule without *always* having that rule
+# executed even when the certs/keys already exist is beyond me today.
+START_SWTPM := \
+ mkdir -p $(SWTPM_TMPDIR); \
+ if ! $(SWTPM_IOCTL_RUN) -g; then \
+ $(SWTPM_PRELOAD) $(SWTPM) socket --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 \
+ --tpmstate dir=`pwd`/$(SWTPM_TMPDIR) --flags not-need-init,startup-clear -d; \
+ fi
+
+swtpm-perm.state: $(SWTPM_KEYS) $(SWTPM_CERTS)
+ $(SWTPM_IOCTL_RUN) --save permanent $@
+ $(SWTPM_IOCTL_RUN) -s
+ rm -rf $(SWTPM_TMPDIR)
+
+# This is an *import* of the normal ec key, hence having same prefix 'ec-'.
+# Separate fileames for swtpm (which is shipped with OpenConnect sources)
+# vs local real TPM. Like many of the key/cert rules here, the swtpm rule
+# is dormant and should never really be invoked for normal users once the
+# files are committed to git. Which is why it doesn't matter that it needs
+# the swtpm to have been started manually.
+
+$(certsdir)/ec-key-swtpm.pem: certs/ec-key-pkcs8.pem
+ $(START_SWTPM)
+ $(SWTPM_PRELOAD) $(CREATE_TPM2_KEY) -w $< $@
+
+ec-key-hwtpm.pem: certs/ec-key-pkcs8.pem
+ TPM_INTERFACE_TYPE=dev $(CREATE_TPM2_KEY) -w $< $@
+
+# These are *different* keys generated inside the TPM, hence a different prefix.
+$(certsdir)/swtpm-ec-key-tpm.pem:
+ $(START_SWTPM)
+ $(SWTPM_PRELOAD) $(TPM2TSS_GENKEY) -t swtpm -a ecdsa $@
+
+hwtpm-ec-key-tpm.pem:
+ $(TPM2TSS_GENKEY) -t device -a ecdsa $@
+
+$(certsdir)/swtpm-rsa-key-tpm.pem:
+ $(START_SWTPM)
+ $(SWTPM_PRELOAD) $(TPM2TSS_GENKEY) -t swtpm -a rsa -s 2048 $@
+
+hwtpm-rsa-key-tpm.pem:
+ $(TPM2TSS_GENKEY) -t device -a rsa -s 2048 $@
+
+$(certsdir)/swtpm-%-cert.csr: $(certsdir)/swtpm-%-key-tpm.pem
+ $(SWTPM_PRELOAD) $(OPENSSL) req -new -config $(srcdir)/configs/user-cert.prm -engine tpm2tss -keyform ENGINE -key $< -out $@
+
+hwtpm-%-cert.csr: hwtpm-%-key-tpm.pem
+ TPM2TSSENGINE_TCTI=device $(OPENSSL) req -new -config $(srcdir)/configs/user-cert.prm -engine tpm2tss -keyform ENGINE -key $< -out $@
+
+%-cert.csr: %-key-hwtpm.pem
+ TPM2TSSENGINE_TCTI=device $(OPENSSL) req -new -config $(srcdir)/configs/user-cert.prm -engine tpm2tss -keyform ENGINE -key $< -out $@
+
%-cert.csr: %-key-pkcs8.pem
$(OPENSSL) req -new -config $(srcdir)/configs/user-cert.prm -key $< -out $@
--- /dev/null
+#!/bin/sh
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of openconnect.
+#
+# This is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>
+
+# This test uses LD_PRELOAD
+PRELOAD=1
+SERV="${SERV:-../src/ocserv}"
+srcdir=${srcdir:-.}
+top_builddir=${top_builddir:-..}
+
+. `dirname $0`/common.sh
+
+hwtpm_list=${hwtpm_list:-`echo ${certdir}/swtpm*-key-tpm.pem`}
+
+echo "Testing TPMv2 auth with hwtpm... "
+
+launch_simple_sr_server -d 1 -f -c configs/test-user-cert.config
+PID=$!
+wait_server $PID
+
+export TPM_INTERFACE_TYPE=dev
+
+for KEY in ${hwtpm_list}; do
+ echo -n "Connecting to obtain cookie (with key ${KEY##*/})... "
+ if [ "${KEY%%.p12}" != "${KEY}" ]; then
+ CERTARGS="-c ${KEY} --key-password password"
+ else
+ CERT="${KEY%-key-*.pem}-cert.pem"
+ if [ ! -r "$CERT" ]; then CERT="${certdir}/$CERT"; fi
+ CERTARGS="--sslkey ${KEY} -c ${CERT}"
+ fi
+ if ! echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test $CERTARGS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly -vvvvv --passwd-on-stdin; then
+ fail $PID "Could not connect with key ${KEY##*/}!"
+ fi
+done
+
+echo ok
+
+cleanup
+
+exit 0
--- /dev/null
+#!/bin/sh
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of openconnect.
+#
+# This is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>
+
+# This test uses LD_PRELOAD
+PRELOAD=1
+SERV="${SERV:-../src/ocserv}"
+srcdir=${srcdir:-.}
+top_builddir=${top_builddir:-..}
+
+. `dirname $0`/common.sh
+
+swtpm_list=${swtpm_list:-`echo ${certdir}/swtpm*-key-tpm.pem`}
+
+echo "Testing TPMv2 auth with swtpm... "
+
+launch_simple_sr_server -d 1 -f -c configs/test-user-cert.config
+PID=$!
+wait_server $PID
+
+${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -s || :
+# Kill the existing swtpm if it was started to create keys.
+${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -s || :
+
+set -x
+mkdir -p ${SOCKDIR}/swtpm
+LD_PRELOAD=libsocket_wrapper.so ${SWTPM} socket --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --tpmstate dir=`pwd`/${SOCKDIR}/swtpm --log file=swtpm-log -d
+
+sleep 0.5
+LD_PRELOAD=libsocket_wrapper.so ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 --load permanent ${srcdir}/swtpm-perm.state
+LD_PRELOAD=libsocket_wrapper.so ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -i
+
+export TPM_INTERFACE_TYPE=socsim
+
+# We don't actually *require* either of the startup tools
+# to be present; we can fall back to killing swtpm and then
+# restarting it with the startup-clear option. Sadly, there
+# isn't a way for swtpm_ioctl to start it once swtpm is
+# running.
+#
+# We are also inconsistent: the Esys build will automatically
+# start the TPM while the IBM TSS build won't. I'd "fix" that
+# to make the tests work, but I actually think *not* doing so
+# is probably correct.
+if ! tsstartup && ! tpm2_startup -T swtpm -c; then
+ LD_PRELOAD=libsocket_wrapper.so ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -s
+ LD_PRELOAD=libsocket_wrapper.so ${SWTPM} socket --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --tpmstate dir=`pwd`/${SOCKDIR}/swtpm --log file=swtpm-log --flags not-need-init,startup-clear -d
+fi
+
+for KEY in ${swtpm_list}; do
+ echo -n "Connecting to obtain cookie (with key ${KEY##*/})... "
+ if [ "${KEY%%.p12}" != "${KEY}" ]; then
+ CERTARGS="-c ${KEY} --key-password password"
+ else
+ CERT="${KEY%-key-*.pem}-cert.pem"
+ if [ ! -r "$CERT" ]; then CERT="${certdir}/$CERT"; fi
+ CERTARGS="--sslkey ${KEY} -c ${CERT}"
+ fi
+ if ! echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test $CERTARGS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly -vvvvv --passwd-on-stdin; then
+ LD_PRELOAD=libsocket_wrapper.so ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -s
+ fail $PID "Could not connect with key ${KEY##*/}!"
+ fi
+done
+
+echo ok
+
+LD_PRELOAD=libsocket_wrapper.so ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -s
+cleanup
+
+exit 0
--- /dev/null
+-----BEGIN TSS2 PRIVATE KEY-----
+MIHwBgZngQUKAQOgAwEBAQIEQAAAAQRYAFYAIwALAAYEQAAAABAAEAADABAAIE9y
+KoT7BbaJWUAVNwFMWirti5lwdNXhIB3GfBJjMWJjACAXccQXp5uGkTzg9kHgHE3g
+iqjmg5iCRKUbnSxLhsGlVASBgAB+ACBDbqTReH27klFD/gporN7JWZZi4ykoyGP8
+peloe3h60QAQFLD7X7y6Bl+njwjNYaAMje1tnAsnxe5fyeZaVnbn1nda+l9IjqdH
+vbXnnsc/R2GyKGVt7YDueE+5VbLm2LSrlcCzR2Ufdhg4Z/7YISZxsWOgWH5cEwwc
+n2Dz
+-----END TSS2 PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICDzCByAIEYJztrjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAeFw0y
+MTA1MTMwOTEzMThaFw0zMTA1MTEwOTEzMThaMCcxDzANBgNVBAMMBkEgdXNlcjEU
+MBIGCgmSJomT8ixkAQEMBHRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASP
+6eEgMFsfnhlAnYU1ANhL5at43wNxNipinJAkOJQWGdlNDUSmS3dpT/qqloGyMYZQ
+UFWwpKyl5IsQuPsb04DMMA0GCSqGSIb3DQEBCwUAA4IBMQA2eJkcGHu1VWWX1I9g
+gcHeNEXf23OhRMvVlG7VBz5bFZocPT/82tp8qpQO62k/nJ7j2yAi+nC1s/dk4X7S
+ajqixNrznprf91ymV1XHZgUKE9OkSn4sav7WnERA2UMoFapqhHw6uuPYMRkMLHoa
+Yjz+CWGtqASqn5+xd0k9GDQ0yaxAIM5sFmlhfwu5QdQOhIu1XzW/2WTh2X/GVHhs
+7g5/e7PvXmKc16KQWECS59gN+T+xP3YbCSPIgB5A1KtIaR+LvPXPhZI73CBHBNjY
+cYzU7/P5tCf87gla98CxKgy6uEwNd7f08/ZbKRAxtTY+SQbFKr3s1IS7fmA7rSEy
+VmPq/XDdKncUQf5G5rj/auYYk7BaFyT7uwH6j8YIxkhES9gSkno6BBBe6+0UcbMF
+ir7O
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN TSS2 PRIVATE KEY-----
+MIHwBgZngQUKAQOgAwEBAQIEQAAAAQRYAFYAIwALAAQEcgAAABAAEAADABAAII/p
+4SAwWx+eGUCdhTUA2Evlq3jfA3E2KmKckCQ4lBYZACDZTQ1Epkt3aU/6qpaBsjGG
+UFBVsKSspeSLELj7G9OAzASBgAB+ACBs2ddMRL2ubUQ9AU+7eEDc1NqhRla3cN1T
+HdZ6OuXPWAAQVkmj9i+7SbwNXUEucdN8W7+2jBhFRbMuZbgrPLBWqp9rYaXMkoZx
+FFfvTI27aM6jrs3OILqmpzDJDmi1xLDF5jjIsL+mpY96RWqFQFG32X5CyRTqFno/
+T6LU
+-----END TSS2 PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAZMCBGCc7a4wDQYJKoZIhvcNAQELBQAwDTELMAkGA1UEAxMCQ0EwHhcN
+MjEwNTEzMDkxMzE4WhcNMzEwNTExMDkxMzE4WjAnMQ8wDQYDVQQDDAZBIHVzZXIx
+FDASBgoJkiaJk/IsZAEBDAR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEApUmzK/M0T5YwryIcmAT4ImqdCc4e1Pa8nViGPaT47VakpAqryCYawQrz
+mDXMsHeKP8+4mRCfNaAGdl6xdZcWVZLhTuDtJepk8p8WsHl4BwXqMH9gzLoKmSr+
+JvSvi7gUnOsG2DBPFAfbfNiBrpMbkplz09VSjq/goyLOm/qV9KFPQ7+eJXixkDyA
+0EndVULujOK/a+EaemXNiH+Ya99ezVg4OBRTFy/z1afhJqRU+XL4kTlHJ8CTmSET
+gT+b/IP1PU7kj58+InL8YUEdE9Ec6zIiuAUTfmQtQFKuFUGmalnXJ+/h17oc3QOx
+/5P3lFmzIOCZyG6jCCYuanl/q/XFiwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBMQA+
+ocITQqinZT4txBGfoV88jwyuwC6+w/FaKB15XxiJPLn85HG31ImRiTxAyCHFr6fh
+p8nHHQ/gj3Sj2WNaY1aQGRGYpj662Vpmyu+zvfOVh+4WpwGssRE7dvW9xmlWbZac
+JS9PMUoArD4J3wOTomREzpKmeUBOwhUjuXGbhYGEGnU7Y5L3Q3p0d2aUTDD0ivQF
+JpxQ5WRhthTg0MG7W8alPrSStMEfDqY1Zqc2gFmTmJMwCtT26PeSvrLOQ7LanZyH
+k6Zwrjl2niSXLQLDCxRlKvGnJbeIxQgjt7MWmVS/uFjPdxBqrfd/meHDWLQ034xP
+xYODVB65GR124mnmXSAQ1ZDbtmdiGCAPknxZMEEJOIG4MZMWHv8s+GhjIEL0sdls
+yT6FGwsnS86mEKqWSakQ
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN TSS2 PRIVATE KEY-----
+MIICEgYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA
+AQEApUmzK/M0T5YwryIcmAT4ImqdCc4e1Pa8nViGPaT47VakpAqryCYawQrzmDXM
+sHeKP8+4mRCfNaAGdl6xdZcWVZLhTuDtJepk8p8WsHl4BwXqMH9gzLoKmSr+JvSv
+i7gUnOsG2DBPFAfbfNiBrpMbkplz09VSjq/goyLOm/qV9KFPQ7+eJXixkDyA0End
+VULujOK/a+EaemXNiH+Ya99ezVg4OBRTFy/z1afhJqRU+XL4kTlHJ8CTmSETgT+b
+/IP1PU7kj58+InL8YUEdE9Ec6zIiuAUTfmQtQFKuFUGmalnXJ+/h17oc3QOx/5P3
+lFmzIOCZyG6jCCYuanl/q/XFiwSB4ADeACAO56q5UqHwIYgX3NmlwrBg+fR6rmMX
+Qgtm6sZELotUWAAQGdacZ62VnbNH9ZCruwpqB4103/4mktXfzXRYRrZVScvAIRWa
+g13qIeiYvTvNkWyiV9XFtboICznnq+9GUi7XI+OXYdYdd2q/D2KbwuR1Gh5apWid
+0ZGSaZb7bkur3puCODhYODW44s70BpZBR+RgaxUsEiCFrcap4jhCWnEjBFCr923Q
+QTGWmLG9NkQb7+Uz7o68CIpXcU6EHKhAOmg3EP3rfaf/kMZE1U71/jHj6qwiTfvh
+vsVC8p3d
+-----END TSS2 PRIVATE KEY-----
projects / users / dwmw2 / openconnect.git / commitdiff