JCE: add WolfSSLKeyStore (WKS) KeyStore implementation

.gitignore

@@ -28,3 +28,6 @@ IDE/WIN/DLL Release FIPS
 # Maven output directory
 target/
 
+# Generated system cacerts.wks and jssecacerts.wks
+examples/certs/systemcerts/cacerts.wks
+examples/certs/systemcerts/jssecacerts.wks

README_JCE.md

@@ -75,6 +75,9 @@ The JCE provider currently supports the following algorithms:
     CertPathValidator Class
         PKIX
 
+    KeyStore
+        WKS
+
 ### SecureRandom.getInstanceStrong()
 
 When registered as the highest priority security provider, wolfJCE will provide
@@ -92,6 +95,87 @@ securerandom.strongAlgorithms=HashDRBG:wolfJCE
 Note that the `securerandom.source` property in `java.security` has no affect
 on the wolfJCE provider.
 
+### WolfSSLKeyStore (WKS) Implementation Details and Usage
+
+wolfJCE implements one custom KeyStore class named WolfSSLKeyStore, represented
+as "WKS". If wolfJCE has been installed as a Security provider, this KeyStore
+can be used with:
+
+```
+KeyStore store = KeyStore.getInstance("WKS");
+```
+
+#### Algorithm Use and FIPS 140-2 / 140-3 Compatibility
+
+The WKS KeyStore has been designed to be compatible with wolfCrypt
+FIPS 140-2 and 140-3. It uses PKCS#5 PBKDF2 to derive an encryption key
+from passwords, then encrypts private key entries with AES-GCM. KeyStore
+integrity is protected using PKCS#5 PBKDF2 and HMAC-SHA256.
+
+This KeyStore uses a different format that is not directly compatible with
+existing formats (ex: JKS, PKCS12, etc).
+
+#### Stored Object Compatibility
+
+The WKS KeyStore supports storage of PrivateKey, Certificate, and
+SecretKey objects.
+
+#### Converting Other KeyStore Formats to WKS
+
+The Java `keytool` application can be used to convert between KeyStore formats.
+This can be easily used for example to convert a JKS KeyStore into a WKS
+format KeyStore.
+
+The following example command would convert a KeyStore in JKS format named
+`server.jks` to a KeyStore in WKS format named `server.wks`:
+
+```
+keytool -importkeystore -srckeystore server.jks -destkeystore server.wks \
+    -srcstoretype JKS -deststoretype WKS \
+    -srcstorepass "pass" -deststorepass "pass" \
+    -provider com.wolfssl.provider.jce.WolfCryptProvider \
+    --providerpath /path/to/wolfcrypt-jni.jar
+```
+
+To list entries inside a WKS keystore using the `keytool`, a command
+similar to the following can be used (with the `-list` option):
+
+```
+keytool -list -provider com.wolfssl.provider.jce.WolfCryptProvider \
+    --providerpath /path/to/wolfcrypt-jni.jar \
+    -storetype WKS -storepass "pass" -keystore server.wks
+```
+
+If running the above commands gives an error about the native wolfcryptjni
+shared library not being found, you may need to add the library location
+to `LD_LIBRARY_PATH` (Linux) or `DYLD_LIBRARY_PATH` (Mac OSX), ie:
+
+```
+export LD_LIBRARY_PATH=/path/to/libwolfcryptjni.so:$LD_LIBRARY_PATH
+```
+
+#### Converting System cacerts to WKS Format KeyStore
+
+For FIPS compatibility, users who do not want to use non-wolfSSL KeyStore
+implementations (ex: JKS) may need to convert the system cacerts or
+jssecacerts KeyStore to WKS format. This can be done using the keytool
+command as described above (default password for cacerts is 'changeit'), or
+the helper script located in this package at:
+
+```
+examples/certs/systemcerts/system-cacerts-to-wks.sh
+```
+
+This is a shell script that takes no arguments. It tries to detect the
+location of the active Java installation and converts `cacerts` and/or
+`jssecacerts` to WKS format if they are found. Converted KeyStores are placed
+under the same directory as the script, specifically:
+
+```
+examples/certs/systemcerts/cacerts.wks
+examples/certs/systemcerts/jssecacerts.wks
+```
+
 ### Example / Test Code
 ---------
 

examples/certs/README.md

@@ -26,18 +26,28 @@ the example Java KeyStore files, see the next section.
 
 ## Updating Example Java KeyStore Files
 
-To update the example Java KeyStore files, use the provided `update-jks.sh`
+To update the example Java KeyStore files, use the provided `update-jks-wks.sh`
 bash script. This script requires one argument on the command line which is
 the location of the wolfSSL proper certs directory.
 
+This script will create new KeyStore files from original certificates. It will
+first create JKS KeyStore files, then convert those to WKS (WolfSSLKeyStore)
+format.
+
 ```
 $ cd wolfcryptjni/examples/certs
-$ ./update-jks.sh /path/to/wolfssl/certs
+$ ./update-jks-wks.sh /path/to/wolfssl/certs
 ```
 
-This script only updates the example .jks files and not the individual
+This script only updates the example .jks and .wks files and not the individual
 .pem or .der files in this directory. For that, please see the above section.
 
+## Testing that Java keytool can read/parse WKS files
+
+To confirm that Java keytool can parse WolfSSLKeyStore (WKS) format stores OK,
+the `keytool-print-wks.sh` script can be used. This will call `keytool -list`
+on each WKS KeyStore which is expected to pass successfully.
+
 ## Support
 
 Please contact the wolfSSL support team at [email protected] with any

examples/certs/crl/cliCrl.pem

@@ -2,41 +2,41 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = [email protected]
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 8
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         74:17:9b:40:81:d2:a0:f3:26:68:44:5b:f8:a2:6c:3f:7e:71:
-         75:a2:7f:c6:e6:71:cb:f9:08:57:42:cd:3e:3f:ab:cd:0c:85:
-         36:45:58:8b:59:28:81:d9:b0:6b:10:4a:d0:7d:59:ad:cf:53:
-         05:cb:13:c7:c1:ec:65:64:6b:4d:e6:87:0b:ae:06:60:ab:8a:
-         3c:ae:c1:7d:ed:8f:ee:09:02:7a:3a:f2:21:bf:89:ef:cd:14:
-         b1:03:64:2d:b2:b6:45:15:da:2d:ee:2d:c0:15:3b:a8:01:a8:
-         4f:30:61:ae:99:b9:16:07:b5:8b:71:8f:38:ac:69:82:39:90:
-         92:ff:d6:41:33:3b:92:5b:f2:dd:56:5a:8f:82:d1:1f:76:ee:
-         ca:01:a2:ac:c0:22:41:dd:6e:e1:ce:06:b0:6f:bc:e2:da:91:
-         11:c1:a0:41:16:7d:ba:7e:a1:53:13:14:4b:54:3b:b9:44:cf:
-         4f:1c:ef:ce:a8:bd:e8:ab:ba:de:97:f7:b7:7d:4f:ab:7a:e7:
-         73:65:97:a1:d9:a3:f3:92:f1:95:06:6d:52:7b:6e:fd:26:56:
-         55:83:c7:71:f7:a4:8f:9a:2c:52:04:dd:9f:85:ab:9c:88:e1:
-         30:c6:4a:88:7d:20:1b:c6:47:8b:82:cc:9d:0f:51:69:b1:90:
-         b2:8a:9c:74
+         52:11:97:57:04:d7:e2:14:1f:c4:7f:a2:d8:cf:4c:b7:5b:0c:
+         d3:ac:ca:29:10:74:09:2f:3d:fb:4d:75:3e:32:21:5a:0f:41:
+         5f:cc:e7:98:f8:ea:8e:e2:c9:57:60:b6:a3:b0:70:10:18:b9:
+         86:a3:65:1e:3a:88:13:df:44:18:15:51:00:f6:33:d6:ab:90:
+         18:93:df:ac:7d:15:5c:6a:63:55:d1:4d:41:37:03:89:86:65:
+         fa:fb:d7:b1:73:db:c3:43:08:ff:89:94:89:b1:b4:ad:96:78:
+         52:92:50:8c:0a:5d:ca:29:8b:e0:bc:ca:88:c0:7a:52:48:d3:
+         cf:09:03:08:5f:a1:b9:16:b0:55:5e:11:60:7f:73:9a:98:05:
+         54:97:bf:eb:0e:04:61:4f:b4:40:23:61:9a:07:69:78:fc:16:
+         de:f4:54:04:cf:f0:2b:07:8d:51:9e:6b:b5:77:c4:13:2c:a3:
+         40:99:ed:fa:f4:00:4a:45:36:da:52:9d:dc:88:66:3e:03:f0:
+         20:ce:54:a4:56:58:a8:9e:30:78:e8:42:2d:a8:0f:9b:c4:a9:
+         ab:13:c2:4e:ec:be:2e:99:16:56:2f:22:86:96:27:1d:30:80:
+         7d:a5:f8:45:ef:93:b4:63:13:96:4f:6a:df:a0:11:3b:52:be:
+         93:03:7a:81
 -----BEGIN X509 CRL-----
 MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaMBQwEgIBAhcNMjMxMjEzMjIxOTMzWqAO
-MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAHQXm0CB0qDzJmhEW/ii
-bD9+cXWif8bmccv5CFdCzT4/q80MhTZFWItZKIHZsGsQStB9Wa3PUwXLE8fB7GVk
-a03mhwuuBmCrijyuwX3tj+4JAno68iG/ie/NFLEDZC2ytkUV2i3uLcAVO6gBqE8w
-Ya6ZuRYHtYtxjzisaYI5kJL/1kEzO5Jb8t1WWo+C0R927soBoqzAIkHdbuHOBrBv
-vOLakRHBoEEWfbp+oVMTFEtUO7lEz08c786oveirut6X97d9T6t653Nll6HZo/OS
-8ZUGbVJ7bv0mVlWDx3H3pI+aLFIE3Z+Fq5yI4TDGSoh9IBvGR4uCzJ0PUWmxkLKK
-nHQ=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
+MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQwEgIBAhcNMjQwMTA5MDAzNDMwWqAO
+MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAFIRl1cE1+IUH8R/otjP
+TLdbDNOsyikQdAkvPftNdT4yIVoPQV/M55j46o7iyVdgtqOwcBAYuYajZR46iBPf
+RBgVUQD2M9arkBiT36x9FVxqY1XRTUE3A4mGZfr717Fz28NDCP+JlImxtK2WeFKS
+UIwKXcopi+C8yojAelJI088JAwhfobkWsFVeEWB/c5qYBVSXv+sOBGFPtEAjYZoH
+aXj8Ft70VATP8CsHjVGea7V3xBMso0CZ7fr0AEpFNtpSndyIZj4D8CDOVKRWWKie
+MHjoQi2oD5vEqasTwk7svi6ZFlYvIoaWJx0wgH2l+EXvk7RjE5ZPat+gETtSvpMD
+eoE=
 -----END X509 CRL-----

examples/certs/crl/crl.pem

@@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = [email protected]
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
+         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
+         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
+         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
+         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
+         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
+         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
+         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
+         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
+         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
+         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
+         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
+         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
+         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
+         ab:74:82:8b
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
+jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
+uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
+C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
+dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
+lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
 -----END X509 CRL-----

examples/certs/crl/crl.revoked

@@ -2,43 +2,43 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = [email protected]
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         72:6e:a4:64:36:6b:e8:e0:c5:1d:98:ef:ab:7e:7a:14:f2:8d:
-         99:d0:57:4b:76:ac:f4:89:60:cd:89:23:9d:01:34:f3:83:e5:
-         82:21:b3:48:c4:42:25:7f:ea:9f:74:5f:e8:b8:d6:71:bb:a2:
-         39:d8:ef:46:a8:13:ba:7d:44:ab:d6:13:65:18:de:b5:03:85:
-         a7:c6:4f:0a:a0:6a:78:ba:7b:f7:ce:6e:ba:1c:ef:6f:b1:04:
-         a8:ac:c6:de:3b:76:77:3e:3d:8b:ae:8b:2b:7e:c9:4f:77:31:
-         7f:1f:f5:04:2c:e9:cf:a1:56:c2:59:e9:be:49:9f:e8:67:a3:
-         42:66:05:21:02:64:82:b2:74:a7:4b:89:89:7d:43:1a:41:fd:
-         53:8c:d6:4f:27:04:2a:48:6b:9e:62:fa:4a:42:83:22:53:3f:
-         53:07:4f:bc:cd:8d:8d:cc:15:c6:ff:3c:af:7d:db:ab:dd:fa:
-         8f:65:86:86:2a:89:5e:3f:d5:4b:39:80:78:3f:6e:38:3b:6d:
-         a5:5e:2c:9e:1d:2f:9c:62:12:b1:34:f2:95:64:37:dc:4b:20:
-         dc:27:f3:de:81:67:b2:04:b0:14:b9:47:e3:65:e3:2f:35:27:
-         c2:fc:22:db:24:bd:04:58:88:17:e3:42:3c:a5:ef:53:39:15:
-         54:52:ac:a1
+         35:50:96:da:71:71:90:d5:b7:37:5a:a6:b9:09:07:2f:af:c9:
+         e0:02:32:6a:43:6e:20:ec:20:a4:ac:d0:39:a9:19:35:d0:d2:
+         6f:bb:d1:cd:46:10:a7:cb:8a:be:0a:02:a2:91:f5:29:74:ee:
+         34:83:a3:8c:a0:ca:39:af:94:4a:23:d7:56:57:6b:cc:c6:eb:
+         b0:ce:9f:0a:e1:b0:a8:12:6b:6a:8b:21:73:22:6f:49:41:cd:
+         fd:85:44:d1:fa:52:6b:2f:b2:2b:02:e7:43:0e:f1:92:bc:15:
+         8f:22:28:49:25:69:93:d8:50:10:2f:93:e2:f5:b0:31:5c:eb:
+         1a:35:e2:40:83:25:87:55:4d:c0:85:06:37:9e:23:44:80:a1:
+         f9:e2:eb:9c:90:28:7a:71:d8:55:a2:8b:70:32:31:33:26:70:
+         fe:1d:11:d5:4b:c1:04:47:19:59:44:8f:0b:0a:ec:d6:62:40:
+         8a:6f:67:2e:6a:50:38:54:35:c9:f8:d5:ec:e8:ae:93:88:3d:
+         a0:40:81:2c:e0:fe:f7:c8:68:24:8e:41:04:88:af:94:82:97:
+         75:e5:69:4c:22:1d:f9:67:53:a3:4c:a3:db:bf:55:08:e7:3a:
+         07:67:a2:28:25:63:af:f8:0e:c7:d3:c1:77:ef:20:20:20:63:
+         9e:5c:22:81
 -----BEGIN X509 CRL-----
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEyMTMyMjE5MzNa
-Fw0yNjA5MDgyMjE5MzNaMCgwEgIBARcNMjMxMjEzMjIxOTMzWjASAgECFw0yMzEy
-MTMyMjE5MzNaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAcm6k
-ZDZr6ODFHZjvq356FPKNmdBXS3as9IlgzYkjnQE084PlgiGzSMRCJX/qn3Rf6LjW
-cbuiOdjvRqgTun1Eq9YTZRjetQOFp8ZPCqBqeLp7985uuhzvb7EEqKzG3jt2dz49
-i66LK37JT3cxfx/1BCzpz6FWwlnpvkmf6GejQmYFIQJkgrJ0p0uJiX1DGkH9U4zW
-TycEKkhrnmL6SkKDIlM/UwdPvM2NjcwVxv88r33bq936j2WGhiqJXj/VSzmAeD9u
-ODttpV4snh0vnGISsTTylWQ33Esg3Cfz3oFnsgSwFLlH42XjLzUnwvwi2yS9BFiI
-F+NCPKXvUzkVVFKsoQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAxMDkwMDM0MzBa
+Fw0yNjEwMDUwMDM0MzBaMCgwEgIBARcNMjQwMTA5MDAzNDMwWjASAgECFw0yNDAx
+MDkwMDM0MzBaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEANVCW
+2nFxkNW3N1qmuQkHL6/J4AIyakNuIOwgpKzQOakZNdDSb7vRzUYQp8uKvgoCopH1
+KXTuNIOjjKDKOa+USiPXVldrzMbrsM6fCuGwqBJraoshcyJvSUHN/YVE0fpSay+y
+KwLnQw7xkrwVjyIoSSVpk9hQEC+T4vWwMVzrGjXiQIMlh1VNwIUGN54jRICh+eLr
+nJAoenHYVaKLcDIxMyZw/h0R1UvBBEcZWUSPCwrs1mJAim9nLmpQOFQ1yfjV7Oiu
+k4g9oECBLOD+98hoJI5BBIivlIKXdeVpTCId+WdTo0yj279VCOc6B2eiKCVjr/gO
+x9PBd+8gICBjnlwigQ==
 -----END X509 CRL-----

examples/certs/crl/eccCliCRL.pem

@@ -2,25 +2,25 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = [email protected]
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 9
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:dc:a7:bf:34:1b:68:b6:54:0c:38:8d:46:41:
-         84:bf:fa:f0:96:00:89:a6:81:4a:0f:15:12:ef:15:98:f7:51:
-         95:02:20:08:57:33:0d:c1:a5:c6:83:63:49:96:8c:71:41:7b:
-         40:92:67:80:d6:23:62:2a:c2:f2:43:5a:92:9b:9b:d6:83
+         30:45:02:20:3b:07:f1:6c:fb:19:62:f2:56:2a:5c:21:a3:7d:
+         bf:06:33:3e:b4:53:01:f3:f5:0e:e6:ca:f5:b9:26:7e:4d:ca:
+         02:21:00:dd:04:d6:b1:18:01:b7:d6:ca:d9:7b:29:53:cf:9e:
+         ad:38:ef:fa:70:2c:41:74:ba:ce:e6:77:1f:22:86:f0:e3
 -----BEGIN X509 CRL-----
 MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
 Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
 BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIx
-OTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
-SM49BAMCA0gAMEUCIQDcp780G2i2VAw4jUZBhL/68JYAiaaBSg8VEu8VmPdRlQIg
-CFczDcGlxoNjSZaMcUF7QJJngNYjYirC8kNakpub1oM=
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1MDAz
+NDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
+SM49BAMCA0gAMEUCIDsH8Wz7GWLyVipcIaN9vwYzPrRTAfP1DubK9bkmfk3KAiEA
+3QTWsRgBt9bK2XspU8+erTjv+nAsQXS6zuZ3HyKG8OM=
 -----END X509 CRL-----