Enable 8 combined OCSP and URLs instead of 1 of each

Author: padelsbach

.gitignore

@@ -470,3 +470,6 @@ wolfssl/debug-trace-error-codes.h
 wolfssl/debug-untrace-error-codes.h
 
 AGENTS.md
+
+# Code navigation files
+compile_commands.json

certs/aia/multi-aia-cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIUEcNoHSMtIkVhW/MmkmUEsVoJVQEwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWd29sZnNzbC1haWEtbXVsdGktdGVzdDAeFw0yNjAxMjcw
+MTUwNDRaFw0yNzAxMjcwMTUwNDRaMCExHzAdBgNVBAMMFndvbGZzc2wtYWlhLW11
+bHRpLXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVdogPQ2I
+/nErbxSaNGoYhkwoj1qt+Be1/qWnvZzJ0EBOG4EdioMRIkJzP6W3HoAhkGBrueXf
+riN07M3XLocRfE+9C1+jZQxBGRxysns9z7K+i0pBtPN/AXV2RCSz13FFyVyLhLks
+2YAL9By36X9R0wsL+Nd4EAQ4ouf0GglmTmtb5rHf2GIno4xFg9tpWosiUTytwgDC
+K9lQEQnTnPG6E43N2bszqBc4roOPrYDnd7raNTqcv9yTHM8zwffGJuCogE/Fbr2R
+yVubLW28n5/O1Pb47hHuPJv6oHMZgct2SV5OB/mwVgI0eoFMSQZ35o6BpHD0C497
+L2IcoMi8A9rFAgMBAAGjgfAwge0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAoQw
+gbAGCCsGAQUFBwEBBIGjMIGgMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4x
+OjIyMjIxMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMCkGCCsG
+AQUFBzAChh1odHRwOi8vd3d3LndvbGZzc2wuY29tL2NhLnBlbTArBggrBgEFBQcw
+AoYfaHR0cHM6Ly93d3cud29sZnNzbC5jb20vY2EyLnBlbTAdBgNVHQ4EFgQU1GNm
+eP/LXQk0tFaTeWoNHyLhLZkwDQYJKoZIhvcNAQELBQADggEBACwuXdKYI2Q/Vhd7
+TJFvKdp7BuUopQGEQ+4vR+FoesYXc9MHjZJfMqEffv1MArTeY46At/zvcTeszagi
+io+jjGBLOutsAf9WK3PnKMIkGGfro6btZ8QFyKiZ6unMMlqe6cGqrCrNKp8jLP3k
+CKZltR5c+MIPhpjoOhNDMOcPMwZBGQJWubwOb4uOu3wv7UWJk/ovKP9WJCUn6wLH
+soDs+MHMICkxOvDfPf+F4URVqTbzE8IvSMv38z4cAqsyEfWxr32Dg34S/NmeePFV
+7sSDpksvyITGsxjnQulSuUFSmldumQ6GnA4ZUXvCNdJ0zbD/Iib9ud6K05VdWYZP
+uyCRkjY=
+-----END CERTIFICATE-----

certs/aia/overflow-aia-cert.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEcDCCA1igAwIBAgIUN5kIU1GLRP5bRKctP271p7IGFVowDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZd29sZnNzbC1haWEtb3ZlcmZsb3ctdGVzdDAeFw0yNjAx
+MjcwMTU1NTBaFw0yNzAxMjcwMTU1NTBaMCQxIjAgBgNVBAMMGXdvbGZzc2wtYWlh
+LW92ZXJmbG93LXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS
+eHeAzVuCe44SU8bcyIWLwkA2AABw/ctSBWKAFEd7DYHduRr3diblHERU1Fv5JzYx
+JnZquj1IO/qsnSFJYDc9sQmYea89iW8KNPVXKDzdbzhpiQLZL7Yq71ICxxqVLfRr
+91lyAj0+Syncrp96olSpMJochVnQ6PqLcc/Gq7CMtrKn5KAN7Mn3+LdAQYU8JjRa
+zqEJ8fmkBKbS5watzgnkP2o5jWSpWzpDOxTdw85hju4H9m5Gmun3XVO9dEAN/dqK
+vklkzgQGvAMMQMIcgOzw0HxAuvsSNtjgEpIlOir0M7YiC0pYqtMO+thSCmVCvsDR
+/nG/iqe6YBSXh6oszGwTAgMBAAGjggGYMIIBlDAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIChDCCAVYGCCsGAQUFBwEBBIIBSDCCAUQwIgYIKwYBBQUHMAGGFmh0dHA6
+Ly8xMjcuMC4wLjE6MjIyMjAwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6
+MjIyMjEwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjIwIgYIKwYB
+BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjMwIgYIKwYBBQUHMAGGFmh0dHA6
+Ly8xMjcuMC4wLjE6MjIyMjQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6
+MjIyMjUwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjYwIgYIKwYB
+BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjcwIgYIKwYBBQUHMAGGFmh0dHA6
+Ly8xMjcuMC4wLjE6MjIyMjgwHQYDVR0OBBYEFJt6TNgqMFBebotXaauIYPpUJi1S
+MA0GCSqGSIb3DQEBCwUAA4IBAQA5noHB343sKQqVmmLds0gC/k1UhVA5iftAGmes
+uRdNOOCdo2i739DmRAXggetgtatcjDfjxkrvq0Qi+geozZra6uX9FT/hgfw6kDpU
+HKzJFy4E0G0HTM8mtJi+aGDZL3Lts+h272eahkT1jVKGAPFugqfz7fKRsMce6eCE
+UD5cvtQXX16fGhBxxmUCZPnxMKcj2oNl7RliHphK6ofXuNbKjqjVQfxsTUXSQDyS
+ApH5w6iUnAvC5l19qYrBcCVOB6CNJ2CdmvFI//Ox8Jc56HRYYDIdVp2Q3FFA5Z4s
+gTLvlumVgihAekD+0zVF9q+AJ4TSbE3cqsQgHF/+p84KxWid
+-----END CERTIFICATE-----

certs/crl/crlEccOut.der

@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBdDCCARkCAQEwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAyMDQwMzU0Mjla
+Fw0yNjAzMDYwMzU0MjlaMFAwEgIBAhcNMjYwMjA0MDM1NDI5WjASAgEDFw0yNjAy
+MDQwMzU0MjlaMBICAQQXDTI2MDIwNDAzNTQyOVowEgIBAxcNMjYwMjA0MDM1NDI5
+WjAKBggqhkjOPQQDAgNJADBGAiEA6xz109x9tZwaxxs3iLvW65h9AGL8+e1gTnbr
+GoEsXaQCIQDzxO4LU1d6seHETQDKjUEXivHuvC6f0Nq5uARmWX0DOA==
+-----END X509 CRL-----

certs/crl/crlEccOut.pem

@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICMTCCARkCAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAyMDQwMzU0Mjla
+Fw0yNjAzMDYwMzU0MjlaMFAwEgIBAhcNMjYwMjA0MDM1NDI5WjASAgEDFw0yNjAy
+MDQwMzU0MjlaMBICAQQXDTI2MDIwNDAzNTQyOVowEgIBARcNMjYwMjA0MDM1NDI5
+WjANBgkqhkiG9w0BAQsFAAOCAQEAid2CDa/invAbnAJaeVVkS8mRjI/kR0aPHwt1
+/Sz6w+j163+KZnBwUNgrMmLSMbssm8oxQ8i8zNvBeYd6u1x2N/jw/cwH2rxhZ3zQ
+bOkDQKKe2eRYXMykAl1uj2VwCeu8/ivqbimYReq7iloEHo8PUiizs1Pj6zJ59I1u
+LRZDDlS9wiY+VVkKx28dxyClsqtJNCvz5ezNB8GeH+gekaJ1tJVbd3TujBajPPAx
+R6FobbOOavCZPyGkeZlU/T9S5FwIi07qga5Zuq/9Dy7YwiVya3sAZ/nTYY++HKDQ
+DL0Bs3/05Lf8BLaf2CX2vGvan4JCQv9CMdnlYBifwvQCeUToyQ==
+-----END X509 CRL-----

certs/crl/crlRsaOut.der

@@ -22,7 +22,9 @@ EXTRA_DIST += \
 EXTRA_DIST += \
 		certs/crl/crl.revoked \
 		certs/crl/extra-crls/ca-int-cert-revoked.pem \
-		certs/crl/extra-crls/general-server-crl.pem
+		certs/crl/extra-crls/general-server-crl.pem \
+		certs/crl/extra-crls/large_crlnum.pem \
+		certs/crl/extra-crls/large_crlnum2.pem
 
 # Intermediate cert CRL's
 EXTRA_DIST += \

certs/crl/crlRsaOut.pem

@@ -85,6 +85,11 @@ EXTRA_DIST += \
              certs/dh-pub-2048.pem \
              certs/dsa2048.pem
 
+EXTRA_DIST += \
+             certs/aia/ca-issuers-cert.pem \
+             certs/aia/multi-aia-cert.pem \
+             certs/aia/overflow-aia-cert.pem
+
 EXTRA_DIST += \
              certs/ca-key.der \
              certs/ca-cert.der \
@@ -154,4 +159,3 @@ include certs/sphincs/include.am
 include certs/rpk/include.am
 include certs/acert/include.am
 include certs/mldsa/include.am
-

certs/crl/include.am

@@ -31,6 +31,9 @@
 #                       fpki-cert.der
 #                       fpki-certpol-cert.der
 #                       rid-cert.der
+#                       aia/ca-issuers-cert.pem
+#                       aia/multi-aia-cert.pem
+#                       aia/overflow-aia-cert.pem
 # updates the following crls:
 #                       crl/cliCrl.pem
 #                       crl/crl.pem
@@ -292,6 +295,60 @@ run_renewcerts(){
     echo "End of section"
     echo "---------------------------------------------------------------------"
     ############################################################
+    ########## update AIA test certs ###########################
+    ############################################################
+    echo "Updating AIA test certs"
+    echo ""
+    mkdir -p aia
+
+    echo "Updating aia/ca-issuers-cert.pem"
+    echo ""
+    openssl req -new -newkey rsa:2048 -nodes -keyout aia/ca-issuers-key.pem -subj "/CN=wolfssl-aia-test" -out aia/ca-issuers-cert.csr
+    check_result $? "Step AIA-1"
+
+    openssl x509 -req -in aia/ca-issuers-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_ca_issuers -signkey aia/ca-issuers-key.pem -out aia/ca-issuers-cert.pem
+    check_result $? "Step AIA-2"
+    rm aia/ca-issuers-cert.csr
+
+    openssl x509 -in aia/ca-issuers-cert.pem -text > tmp.pem
+    check_result $? "Step AIA-3"
+    mv tmp.pem aia/ca-issuers-cert.pem
+    rm aia/ca-issuers-key.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+
+    echo "Updating aia/multi-aia-cert.pem"
+    echo ""
+    openssl req -new -newkey rsa:2048 -nodes -keyout aia/multi-aia-key.pem -subj "/CN=wolfssl-aia-multi-test" -out aia/multi-aia-cert.csr
+    check_result $? "Step AIA-4"
+
+    openssl x509 -req -in aia/multi-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_multi -signkey aia/multi-aia-key.pem -out aia/multi-aia-cert.pem
+    check_result $? "Step AIA-5"
+    rm aia/multi-aia-cert.csr
+
+    openssl x509 -in aia/multi-aia-cert.pem -text > tmp.pem
+    check_result $? "Step AIA-6"
+    mv tmp.pem aia/multi-aia-cert.pem
+    rm aia/multi-aia-key.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+
+    echo "Updating aia/overflow-aia-cert.pem"
+    echo ""
+    openssl req -new -newkey rsa:2048 -nodes -keyout aia/overflow-aia-key.pem -subj "/CN=wolfssl-aia-overflow-test" -out aia/overflow-aia-cert.csr
+    check_result $? "Step AIA-7"
+
+    openssl x509 -req -in aia/overflow-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_overflow -signkey aia/overflow-aia-key.pem -out aia/overflow-aia-cert.pem
+    check_result $? "Step AIA-8"
+    rm aia/overflow-aia-cert.csr
+
+    openssl x509 -in aia/overflow-aia-cert.pem -text > tmp.pem
+    check_result $? "Step AIA-9"
+    mv tmp.pem aia/overflow-aia-cert.pem
+    rm aia/overflow-aia-key.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+    ############################################################
     ########## update the self-signed ca-cert-chain.der ########
     ############################################################
     echo "Updating ca-cert-chain.der"