* libwget/ssl_gnutls.c (verify_certificate_callback): Check server cert
purpose,
(wget_ssl_open): Call gnutls_session_enable_compatibility_mode only if
cert checks are turned off.
* libwget/ssl_openssl.c (openssl_init): Set purpose.
* libwget/ssl_wolfssl.c (do_handshake): Fix return value on cert errors.
* tests/Makefile: Add test-cert-key-usage.
* tests/test-cert-key-usage.c: New tests.
* tests/libtest.c: Allow setting server cert and server key.
* tests/libtest.h: Add WGET_TEST_HTTPS_CERT_FILE and
WGET_TEST_HTTPS_KEY_FILE.
* tests/certs/generate_certs.sh: Add command to generate bad server certs.
* tests/certs/server-bad-eku-template.txt: New file.
* tests/certs/server-bad-ku-template.txt: New file.
* tests/certs/x509-server-bad-eku-cert.pem: New file.
* tests/certs/x509-server-bad-eku-key.pem: New file.
* tests/certs/x509-server-bad-ku-cert.pem: New file.
* tests/certs/x509-server-bad-ku-key.pem: New file.
Since the OCSP tests use the same certificate chain for both the OCSP server and
the HTTPS server, the 'serverAuth' flags needs to be added, in addition to the OCSP flags.
OpenSSL will refuse to run a TLS handshake for HTTPS if that flag is not present.
* tests/certs/ocsp/demoCA/*, tests/certs/ocsp/*.pem: change testing certificates
* tests/certs/ocsp/ocsp_resp_revoked.der,
tests/certs/ocsp/ocsp_stapled_resp.der
tests/certs/ocsp/ocsp_resp_ok.der: update OCSP responses to contain
the new certificates
* tests/certs/ocsp/interm.cnf: add the serverAuth extension
* tests/certs/ocsp/root-template.txt: likewise
* tests/certs/generate_certs.sh: Script for certificate generation
* tests/certs/x509-ca-cert.pem: CA certificate
* tests/certs/x509-ca-key.pem: CA key
* tests/certs/x509-server-cert.pem: Server certificate
* tests/certs/x509-server-key.pem: Server key
* tests/certs/x509-server-crl.pem: CRL for the server certificate
* tests/certs/ca-template.txt: Template for CA Certificate
* tests/certs/server-template.txt: Template for Server Certificate
* tests/certs/ocsp/demoCA/*: Openssl certificate signing records for root and intermediate
* tests/certs/ocsp/generate_stap.sh: Added script for generating required certificates and response
* tests/certs/ocsp/interm-template.txt: Added template for intermediate certificate
* tests/certs/ocsp/interm.cnf: Added openssl config for intermediate certificate signing
* tests/certs/ocsp/root-template.txt: Added template for root certificate
* tests/certs/ocsp/server-template.txt: Added template for server certificate
* tests/certs/ocsp/demoCA/*: Openssl certificate signing records for root and intermediate
* tests/certs/ocsp/generate_resp.sh: Added script for generating required certificates and responses
* tests/certs/ocsp/interm-template.txt: Added template for intermediate certificate
* tests/certs/ocsp/interm.cnf: Added openssl config for intermediate certificate signing
* tests/certs/ocsp/root-template.txt: Added template for root certificate
* tests/certs/ocsp/server-template.txt: Added template for server certificate
