Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
This extention is required to obtain the status of a qualified certificate at Russian Federation.
RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11216)
/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#endif
ASN1_ITEM_ref(SXNETID),
ASN1_ITEM_ref(SXNET),
+ ASN1_ITEM_ref(ISSUER_SIGN_TOOL),
ASN1_ITEM_ref(USERNOTICE),
ASN1_ITEM_ref(X509_ALGORS),
ASN1_ITEM_ref(X509_ALGOR),
X509V3_F_DO_EXT_I2D:135:do_ext_i2d
X509V3_F_DO_EXT_NCONF:151:do_ext_nconf
X509V3_F_GNAMES_FROM_SECTNAME:156:gnames_from_sectname
+X509V3_F_I2R_ISSUER_SIGN_TOOL:176:
X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
X509V3_F_V2I_IDP:157:v2i_idp
X509V3_F_V2I_IPADDRBLOCKS:159:v2i_IPAddrBlocks
X509V3_F_V2I_ISSUER_ALT:153:v2i_issuer_alt
+X509V3_F_V2I_ISSUER_SIGN_TOOL:175:
X509V3_F_V2I_NAME_CONSTRAINTS:147:v2i_NAME_CONSTRAINTS
X509V3_F_V2I_POLICY_CONSTRAINTS:146:v2i_POLICY_CONSTRAINTS
X509V3_F_V2I_POLICY_MAPPINGS:145:v2i_POLICY_MAPPINGS
v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c \
v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \
- v3_pcia.c v3_pci.c \
+ v3_pcia.c v3_pci.c v3_ist.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
extern const X509V3_EXT_METHOD v3_tls_feature;
extern const X509V3_EXT_METHOD v3_ext_admission;
extern const X509V3_EXT_METHOD v3_utf8_list[1];
+extern const X509V3_EXT_METHOD v3_issuer_sign_tool;
&v3_ct_scts[2],
#endif
&v3_utf8_list[0],
+ &v3_issuer_sign_tool,
&v3_tls_feature,
&v3_ext_admission
};
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+/*
+ * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
+ * This extention is required to obtain the status of a qualified certificate at Russian Federation.
+ * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
+ * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/
+ */
+
+ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = {
+ ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING),
+ ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING),
+ ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING),
+ ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING)
+} ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL)
+
+IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)
+
+
+static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new();
+ int i;
+
+ if (ist == NULL) {
+ X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) {
+ CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
+
+ if (cnf == NULL) {
+ continue;
+ }
+ if (strcmp(cnf->name, "signTool") == 0) {
+ ist->signTool = ASN1_UTF8STRING_new();
+ if (ist->signTool == NULL) {
+ X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
+ ISSUER_SIGN_TOOL_free(ist);
+ return NULL;
+ }
+ ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value));
+ } else if (strcmp(cnf->name, "cATool") == 0) {
+ ist->cATool = ASN1_UTF8STRING_new();
+ if (ist->cATool == NULL) {
+ X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
+ ISSUER_SIGN_TOOL_free(ist);
+ return NULL;
+ }
+ ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value));
+ } else if (strcmp(cnf->name, "signToolCert") == 0) {
+ ist->signToolCert = ASN1_UTF8STRING_new();
+ if (ist->signToolCert == NULL) {
+ X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
+ ISSUER_SIGN_TOOL_free(ist);
+ return NULL;
+ }
+ ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value));
+ } else if (strcmp(cnf->name, "cAToolCert") == 0) {
+ ist->cAToolCert = ASN1_UTF8STRING_new();
+ if (ist->cAToolCert == NULL) {
+ X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
+ ISSUER_SIGN_TOOL_free(ist);
+ return NULL;
+ }
+ ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value));
+ } else {
+ X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_PASSED_INVALID_ARGUMENT);
+ ISSUER_SIGN_TOOL_free(ist);
+ return NULL;
+ }
+ }
+ return ist;
+}
+
+static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,
+ ISSUER_SIGN_TOOL *ist, BIO *out,
+ int indent)
+{
+ int new_line = 0;
+
+ if (ist == NULL) {
+ X509V3err(X509V3_F_I2R_ISSUER_SIGN_TOOL, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+ if (ist->signTool != NULL) {
+ if (new_line == 1) {
+ BIO_write(out, "\n", 1);
+ }
+ BIO_printf(out, "%*ssignTool : ", indent, "");
+ BIO_write(out, ist->signTool->data, ist->signTool->length);
+ new_line = 1;
+ }
+ if (ist->cATool != NULL) {
+ if (new_line == 1) {
+ BIO_write(out, "\n", 1);
+ }
+ BIO_printf(out, "%*scATool : ", indent, "");
+ BIO_write(out, ist->cATool->data, ist->cATool->length);
+ new_line = 1;
+ }
+ if (ist->signToolCert != NULL) {
+ if (new_line == 1) {
+ BIO_write(out, "\n", 1);
+ }
+ BIO_printf(out, "%*ssignToolCert: ", indent, "");
+ BIO_write(out, ist->signToolCert->data, ist->signToolCert->length);
+ new_line = 1;
+ }
+ if (ist->cAToolCert != NULL) {
+ if (new_line == 1) {
+ BIO_write(out, "\n", 1);
+ }
+ BIO_printf(out, "%*scAToolCert : ", indent, "");
+ BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length);
+ new_line = 1;
+ }
+ return 1;
+}
+
+const X509V3_EXT_METHOD v3_issuer_sign_tool = {
+ NID_issuerSignTool, /* nid */
+ X509V3_EXT_MULTILINE, /* flags */
+ ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */
+ 0, 0, 0, 0, /* old functions, ignored */
+ 0, /* i2s */
+ 0, /* s2i */
+ 0, /* i2v */
+ (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */
+ (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */
+ 0, /* r2i */
+ NULL /* extension-specific data */
+};
--- /dev/null
+=pod
+
+=head1 NAME
+
+ISSUER_SIGN_TOOL_new, ISSUER_SIGN_TOOL_free,ISSUER_SIGN_TOOL_it,
+d2i_ISSUER_SIGN_TOOL, i2d_ISSUER_SIGN_TOOL
+
+=head1 SYNOPSIS
+
+=for openssl generic
+
+ #include <openssl/x509v3.h>
+
+ extern const ISSUER_SIGN_TOOL_it;
+
+ ISSUER_SIGN_TOOL *ISSUER_SIGN_TOOL_new(void);
+ void ISSUER_SIGN_TOOL_free(ISSUER_SIGN_TOOL *v);
+
+ ISSUER_SIGN_TOOL *d2i_ISSUER_SIGN_TOOL(ISSUER_SIGN_TOOL **a, const unsigned char **pp, long length);
+ int i2d_ISSUER_SIGN_TOOL(const ISSUER_SIGN_TOOL *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+The ISSUER_SIGN_TOOL_new() function returns a new ISSUER_SIGN_TOOL.
+
+ISSUER_SIGN_TOOL_free() frees up a single ISSUER_SIGN_TOOL object.
+
+=head1 RETURN VALUES
+
+ISSUER_SIGN_TOOL_new() returns a newly created ISSUER_SIGN_TOOL or NULL if the call fails.
+
+ISSUER_SIGN_TOOL_free() does not return values.
+
+d2i_ISSUER_SIGN_TOOL() and i2d_ISSUER_SIGN_TOOL() decode and encode an B<ISSUER_SIGN_TOOL>
+structure. They otherwise follow the conventions of other ASN.1 functions such as d2i_X509().
+
+=head1 HISTORY
+
+The ISSUER_SIGN_TOOL_up_ref(), ISSUER_SIGN_TOOL_lock() and ISSUER_SIGN_TOOL_unlock()
+functions were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
STACK_OF(SXNETID) *ids;
} SXNET;
+typedef struct ISSUER_SIGN_TOOL_st {
+ ASN1_UTF8STRING *signTool;
+ ASN1_UTF8STRING *cATool;
+ ASN1_UTF8STRING *signToolCert;
+ ASN1_UTF8STRING *cAToolCert;
+} ISSUER_SIGN_TOOL;
+
typedef struct NOTICEREF_st {
ASN1_STRING *organization;
STACK_OF(ASN1_INTEGER) *noticenos;
DECLARE_ASN1_FUNCTIONS(SXNET)
DECLARE_ASN1_FUNCTIONS(SXNETID)
+DECLARE_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)
+
int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
int userlen);
# define X509V3_F_DO_EXT_I2D 0
# define X509V3_F_DO_EXT_NCONF 0
# define X509V3_F_GNAMES_FROM_SECTNAME 0
+# define X509V3_F_I2R_ISSUER_SIGN_TOOL 0
# define X509V3_F_I2S_ASN1_ENUMERATED 0
# define X509V3_F_I2S_ASN1_IA5STRING 0
# define X509V3_F_I2S_ASN1_INTEGER 0
# define X509V3_F_V2I_IDP 0
# define X509V3_F_V2I_IPADDRBLOCKS 0
# define X509V3_F_V2I_ISSUER_ALT 0
+# define X509V3_F_V2I_ISSUER_SIGN_TOOL 0
# define X509V3_F_V2I_NAME_CONSTRAINTS 0
# define X509V3_F_V2I_POLICY_CONSTRAINTS 0
# define X509V3_F_V2I_POLICY_MAPPINGS 0
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
--- /dev/null
+#! /usr/bin/env perl
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_rusext");
+
+plan tests => 5;
+
+require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
+my $pem = srctop_file("test/certs", "grfc.pem");
+my $out_msb = "grfc.msb";
+my $out_utf8 = "grfc.utf8";
+
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_msb,
+ "-nameopt", "esc_msb", "-certopt", "no_pubkey"])));
+is(cmp_text($out_msb, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.msb')),
+ 0, 'Comparing esc_msb output');
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
+ "-nameopt", "utf8", "-certopt", "no_pubkey"])));
+is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')),
+ 0, 'Comparing utf8 output');
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0c:8c:40:93:bb:e6:93:bd:43:0b:f5:18:26:03:1d:05
+ Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+ Issuer: OGRN=1027739334479, INN=007706228218, street=\U0414\U0435\U0440\U0431\U0435\U043D\U0435\U0432\U0441\U043A\U0430\U044F \U043D\U0430\U0431. \U0434. 7 \U0441\U0442\U0440. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 \U0433. \U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426", CN=\U0423\U0426 \U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426"
+ Validity
+ Not Before: Mar 12 07:38:26 2013 GMT
+ Not After : Mar 12 07:46:00 2028 GMT
+ Subject: OGRN=1027739334479, INN=007706228218, street=\U0414\U0435\U0440\U0431\U0435\U043D\U0435\U0432\U0441\U043A\U0430\U044F \U043D\U0430\U0431. \U0434. 7 \U0441\U0442\U0440. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 \U0433. \U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426", CN=\U0423\U0426 \U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426"
+ X509v3 extensions:
+ Signing Tool of Subject:
+ "КриптоПро CSP" (версия 3.6)
+ Signing Tool of Issuer:
+ signTool : "КриптоПро CSP" (версия 3.6)
+ cATool : "Удостоверяющий центр "КриптоПро УЦ" версии 1.5
+ signToolCert: Сертификат соответствия № СФ/121-1859 от 17.06.2012
+ cAToolCert : Сертификат соответствия № СФ/128-1822 от 01.06.2012
+ X509v3 Key Usage:
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 6B:00:86:83:89:D2:00:CF:56:B8:6B:E4:E3:36:10:1E:1F:72:AE:C3
+ 1.3.6.1.4.1.311.21.1:
+ ...
+ X509v3 Certificate Policies:
+ Policy: 1.2.643.100.113.1
+ Policy: 1.2.643.100.113.2
+ Policy: X509v3 Any Policy
+ Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+ Signature Value:
+ bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0:13:1a:
+ 21:f5:4a:d6:2e:b1:3f:f5:50:e9:96:a0:a2:c9:79:09:15:a2:
+ 41:c0:60:e1:1d:3f:25:8d:88:f4:4c:60:f3:0f:4e:e3:29:6e:
+ b8:6e:01:b4:03:2c:07:8f:27:37
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0c:8c:40:93:bb:e6:93:bd:43:0b:f5:18:26:03:1d:05
+ Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+ Issuer: OGRN=1027739334479, INN=007706228218, street=Дербеневская наб. д. 7 стр. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 г. Москва, L=Москва, O=ФГУП "ГРЧЦ", CN=УЦ ФГУП "ГРЧЦ"
+ Validity
+ Not Before: Mar 12 07:38:26 2013 GMT
+ Not After : Mar 12 07:46:00 2028 GMT
+ Subject: OGRN=1027739334479, INN=007706228218, street=Дербеневская наб. д. 7 стр. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 г. Москва, L=Москва, O=ФГУП "ГРЧЦ", CN=УЦ ФГУП "ГРЧЦ"
+ X509v3 extensions:
+ Signing Tool of Subject:
+ "КриптоПро CSP" (версия 3.6)
+ Signing Tool of Issuer:
+ signTool : "КриптоПро CSP" (версия 3.6)
+ cATool : "Удостоверяющий центр "КриптоПро УЦ" версии 1.5
+ signToolCert: Сертификат соответствия № СФ/121-1859 от 17.06.2012
+ cAToolCert : Сертификат соответствия № СФ/128-1822 от 01.06.2012
+ X509v3 Key Usage:
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 6B:00:86:83:89:D2:00:CF:56:B8:6B:E4:E3:36:10:1E:1F:72:AE:C3
+ 1.3.6.1.4.1.311.21.1:
+ ...
+ X509v3 Certificate Policies:
+ Policy: 1.2.643.100.113.1
+ Policy: 1.2.643.100.113.2
+ Policy: X509v3 Any Policy
+ Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+ Signature Value:
+ bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0:13:1a:
+ 21:f5:4a:d6:2e:b1:3f:f5:50:e9:96:a0:a2:c9:79:09:15:a2:
+ 41:c0:60:e1:1d:3f:25:8d:88:f4:4c:60:f3:0f:4e:e3:29:6e:
+ b8:6e:01:b4:03:2c:07:8f:27:37
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
EVP_PKEY_CTX_get0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_CTX_set_rsa_pss_saltlen ? 3_0_0 EXIST::FUNCTION:RSA
EVP_PKEY_CTX_get_rsa_pss_saltlen ? 3_0_0 EXIST::FUNCTION:RSA
+d2i_ISSUER_SIGN_TOOL ? 3_0_0 EXIST::FUNCTION:
+i2d_ISSUER_SIGN_TOOL ? 3_0_0 EXIST::FUNCTION:
+ISSUER_SIGN_TOOL_free ? 3_0_0 EXIST::FUNCTION:
+ISSUER_SIGN_TOOL_new ? 3_0_0 EXIST::FUNCTION:
+ISSUER_SIGN_TOOL_it ? 3_0_0 EXIST::FUNCTION:
OSSL_SELF_TEST_new ? 3_0_0 EXIST::FUNCTION:
OSSL_SELF_TEST_free ? 3_0_0 EXIST::FUNCTION:
OSSL_SELF_TEST_onbegin ? 3_0_0 EXIST::FUNCTION: