aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2009-08-11 21:48:58 +0000
committerDaniel Stenberg <daniel@haxx.se>2009-08-11 21:48:58 +0000
commite73fe837a8877c0197721b91e0d5ec40cb7a2cd0 (patch)
tree241c5ac517e86455b87876c56afafbeb26b3d1f8
parenta9caeb1064bf942a6c066a8c048f077409d1b937 (diff)
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the verification of cert names etc. This made an error show up in the OpenSSL- specific code where it would attempt to match the CN field even if a subjectAltName exists that doesn't match. This is now fixed and verified in test 311.
-rw-r--r--CHANGES7
-rw-r--r--RELEASE-NOTES2
-rw-r--r--lib/ssluse.c6
-rw-r--r--tests/Makefile.am2
-rw-r--r--tests/certs/EdelCurlRoot-ca.cacert85
-rw-r--r--tests/certs/EdelCurlRoot-ca.crt85
-rw-r--r--tests/certs/EdelCurlRoot-ca.csr17
-rw-r--r--tests/certs/EdelCurlRoot-ca.derbin0 -> 916 bytes
-rw-r--r--tests/certs/EdelCurlRoot-ca.key30
-rw-r--r--tests/certs/EdelCurlRoot-ca.prm18
-rw-r--r--tests/certs/Server-localhost-sv.crt81
-rw-r--r--tests/certs/Server-localhost-sv.csr11
-rw-r--r--tests/certs/Server-localhost-sv.derbin0 -> 837 bytes
-rw-r--r--tests/certs/Server-localhost-sv.dhp0
-rw-r--r--tests/certs/Server-localhost-sv.key15
-rw-r--r--tests/certs/Server-localhost-sv.p12bin0 -> 2958 bytes
-rw-r--r--tests/certs/Server-localhost-sv.pem121
-rw-r--r--tests/certs/Server-localhost-sv.prm25
-rw-r--r--tests/certs/Server-localhost.nn-sv.crt81
-rw-r--r--tests/certs/Server-localhost.nn-sv.csr11
-rw-r--r--tests/certs/Server-localhost.nn-sv.derbin0 -> 843 bytes
-rw-r--r--tests/certs/Server-localhost.nn-sv.dhp0
-rw-r--r--tests/certs/Server-localhost.nn-sv.key15
-rw-r--r--tests/certs/Server-localhost.nn-sv.pem121
-rw-r--r--tests/certs/Server-localhost.nn-sv.prm25
-rw-r--r--tests/certs/Server-localhost0h-sv.crt81
-rw-r--r--tests/certs/Server-localhost0h-sv.csr11
-rw-r--r--tests/certs/Server-localhost0h-sv.derbin0 -> 839 bytes
-rw-r--r--tests/certs/Server-localhost0h-sv.dhp0
-rw-r--r--tests/certs/Server-localhost0h-sv.key15
-rw-r--r--tests/certs/Server-localhost0h-sv.p12bin0 -> 2970 bytes
-rw-r--r--tests/certs/Server-localhost0h-sv.pem122
-rw-r--r--tests/certs/Server-localhost0h-sv.prm26
-rwxr-xr-xtests/certs/scripts/genroot.sh63
-rwxr-xr-xtests/certs/scripts/genserv.sh106
-rw-r--r--tests/data/test31052
-rw-r--r--tests/data/test31138
-rw-r--r--tests/data/test31238
-rw-r--r--tests/httpsserver.pl23
-rwxr-xr-xtests/runtests.pl12
40 files changed, 1339 insertions, 6 deletions
diff --git a/CHANGES b/CHANGES
index 080f0dbe3..ec9096028 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,13 @@
Changelog
Daniel Stenberg (11 Aug 2009)
+- Peter Sylvester made the HTTPS test server use specific certificates for
+ each test, so that the test suite can now be used to actually test the
+ verification of cert names etc. This made an error show up in the OpenSSL-
+ specific code where it would attempt to match the CN field even if a
+ subjectAltName exists that doesn't match. This is now fixed and verified
+ in test 311.
+
- Benbuck Nason posted the bug report #2835196
(http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler
warnings when mixing ints and bools.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ceb84d9c7..0ecd1fe45 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -42,6 +42,8 @@ This release includes the following bugfixes:
o rand seeding on libcurl on windows built with OpenSSL was not thread-safe
o fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
o don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
+ o libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but
+ subjectAltName didn't
This release includes the following known bugs:
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 07824b411..bc1934cfc 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1137,6 +1137,12 @@ static CURLcode verifyhost(struct connectdata *conn,
if(matched)
/* an alternative name matched the server hostname */
infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
+ else if(altnames) {
+ /* an alternative name field existed, but didn't match and then
+ we MUST fail */
+ infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+ res = CURLE_PEER_FAILED_VERIFICATION;
+ }
else {
/* we have to look to the last occurence of a commonName in the
distinguished one to get the most significant one. */
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 96a93ea1f..32f27b520 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,7 +27,7 @@ PDFPAGES = testcurl.pdf runtests.pdf
EXTRA_DIST = ftpserver.pl httpserver.pl httpsserver.pl runtests.pl getpart.pm \
FILEFORMAT README stunnel.pem memanalyze.pl testcurl.pl valgrind.pm ftp.pm \
sshserver.pl sshhelp.pm testcurl.1 runtests.1 $(HTMLPAGES) $(PDFPAGES) \
- CMakeLists.txt
+ CMakeLists.txt certs/scripts/*.sh certs/Server* certs/EdelCurlRoot*
SUBDIRS = data server libtest
diff --git a/tests/certs/EdelCurlRoot-ca.cacert b/tests/certs/EdelCurlRoot-ca.cacert
new file mode 100644
index 000000000..c5154a4de
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.cacert
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5c:fb:79:f2:09
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 15:06:44 2009 GMT
+ Not After : Jan 7 15:06:44 2026 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:bd:b7:e7:70:4c:17:0d:0f:e6:a4:ed:81:0b:26:
+ a9:d2:16:f6:2a:9c:87:6d:8e:7e:e2:71:98:89:41:
+ 97:d7:62:0b:c7:92:35:e5:09:0a:b4:67:06:59:c5:
+ 3b:2f:ae:6c:ff:68:6c:af:46:a3:1f:7e:32:5a:08:
+ c4:6e:65:5c:c2:9f:99:11:4e:28:dc:37:98:d0:ab:
+ 66:13:35:c6:bd:3c:6f:65:e2:5d:c2:59:21:80:68:
+ c0:85:eb:7e:a2:58:99:04:45:c3:f7:4c:39:83:fa:
+ 5c:6e:6a:a0:ff:45:b7:2f:7a:bb:bb:7f:3d:2b:cb:
+ 57:5f:09:24:c5:77:96:5d:1b:56:56:9a:48:51:0a:
+ f5:67:0f:67:8d:0d:82:c7:84:bf:b5:c5:f8:cd:71:
+ 2f:92:cb:e8:94:96:28:04:3a:c2:2c:38:e4:9e:3c:
+ 1b:89:9f:70:b6:02:b6:97:5e:2e:c1:5a:a7:af:86:
+ c2:b7:65:dc:83:8d:e7:85:72:a7:d1:f0:ba:ea:11:
+ dc:bd:7c:b5:68:89:82:15:2b:b5:91:f0:70:f5:fa:
+ e4:8c:21:fe:e7:8f:a3:16:5d:ee:a8:ff:a8:0e:22:
+ 1f:3e:27:25:f5:f1:a0:55:16:f7:c2:02:79:fb:c9:
+ ac:fd:d1:ca:6e:65:3e:97:cf:f0:df:c9:b9:c4:0a:
+ 87:c1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+ Signature Algorithm: sha1WithRSAEncryption
+ 66:1e:56:86:7d:87:99:f9:9a:d9:fb:fe:9c:bf:9e:d9:90:07:
+ da:9a:33:0f:72:6b:44:00:df:85:f0:ff:ed:c5:06:1c:1c:ff:
+ 4e:94:7d:6f:6c:7e:82:1a:82:bc:fe:ac:02:c5:1d:d0:1f:a8:
+ e3:2d:a2:8d:43:8e:73:8a:b0:a4:da:0b:1d:7e:1c:e9:35:93:
+ 29:6d:05:9f:6d:6c:0e:09:ee:9c:1a:15:fe:8a:5e:19:d8:da:
+ a0:6b:2a:d5:1d:fa:0c:af:63:55:41:42:ec:dd:3c:b0:6e:1f:
+ 66:67:c5:28:fd:23:1b:a6:42:98:49:f5:33:58:7b:5a:91:c7:
+ 9c:66:1f:53:cc:8b:79:11:a9:fa:a3:b8:5e:e1:d1:12:97:ec:
+ 5e:4d:c9:77:4c:03:0c:e8:80:33:57:da:d4:ce:af:c5:1b:f5:
+ 96:47:d4:68:da:83:3c:45:ee:84:b4:82:94:cd:65:2c:41:f1:
+ 45:3d:19:9b:da:7a:54:04:e4:39:b1:b5:2a:15:29:b8:99:6d:
+ 30:73:12:bc:7d:e3:79:f2:12:aa:e1:d7:d1:83:c4:bb:0c:bb:
+ a1:36:37:84:38:de:7c:3a:d7:c8:4f:6b:d9:cb:80:2b:29:27:
+ bd:c3:de:a5:2a:11:6d:b6:09:59:e6:d7:49:ae:52:89:28:3b:
+ af:f0:bd:86
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIGC1z7efIJMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDE1MDY0NFoXDTI2MDEwNzE1MDY0NFowZzELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7i
+cZiJQZfXYgvHkjXlCQq0ZwZZxTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQ
+q2YTNca9PG9l4l3CWSGAaMCF636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1df
+CSTFd5ZdG1ZWmkhRCvVnD2eNDYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2
+AraXXi7BWqevhsK3ZdyDjeeFcqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MW
+Xe6o/6gOIh8+JyX18aBVFvfCAnn7yaz90cpuZT6Xz/DfybnECofBAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQSayTS
+Smi3obAczb/WTMxAW3/gQDANBgkqhkiG9w0BAQUFAAOCAQEAZh5Whn2Hmfma2fv+
+nL+e2ZAH2pozD3JrRADfhfD/7cUGHBz/TpR9b2x+ghqCvP6sAsUd0B+o4y2ijUOO
+c4qwpNoLHX4c6TWTKW0Fn21sDgnunBoV/opeGdjaoGsq1R36DK9jVUFC7N08sG4f
+ZmfFKP0jG6ZCmEn1M1h7WpHHnGYfU8yLeRGp+qO4XuHREpfsXk3Jd0wDDOiAM1fa
+1M6vxRv1lkfUaNqDPEXuhLSClM1lLEHxRT0Zm9p6VATkObG1KhUpuJltMHMSvH3j
+efISquHX0YPEuwy7oTY3hDjefDrXyE9r2cuAKyknvcPepSoRbbYJWebXSa5SiSg7
+r/C9hg==
+-----END CERTIFICATE-----
diff --git a/tests/certs/EdelCurlRoot-ca.crt b/tests/certs/EdelCurlRoot-ca.crt
new file mode 100644
index 000000000..c5154a4de
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.crt
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5c:fb:79:f2:09
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 15:06:44 2009 GMT
+ Not After : Jan 7 15:06:44 2026 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:bd:b7:e7:70:4c:17:0d:0f:e6:a4:ed:81:0b:26:
+ a9:d2:16:f6:2a:9c:87:6d:8e:7e:e2:71:98:89:41:
+ 97:d7:62:0b:c7:92:35:e5:09:0a:b4:67:06:59:c5:
+ 3b:2f:ae:6c:ff:68:6c:af:46:a3:1f:7e:32:5a:08:
+ c4:6e:65:5c:c2:9f:99:11:4e:28:dc:37:98:d0:ab:
+ 66:13:35:c6:bd:3c:6f:65:e2:5d:c2:59:21:80:68:
+ c0:85:eb:7e:a2:58:99:04:45:c3:f7:4c:39:83:fa:
+ 5c:6e:6a:a0:ff:45:b7:2f:7a:bb:bb:7f:3d:2b:cb:
+ 57:5f:09:24:c5:77:96:5d:1b:56:56:9a:48:51:0a:
+ f5:67:0f:67:8d:0d:82:c7:84:bf:b5:c5:f8:cd:71:
+ 2f:92:cb:e8:94:96:28:04:3a:c2:2c:38:e4:9e:3c:
+ 1b:89:9f:70:b6:02:b6:97:5e:2e:c1:5a:a7:af:86:
+ c2:b7:65:dc:83:8d:e7:85:72:a7:d1:f0:ba:ea:11:
+ dc:bd:7c:b5:68:89:82:15:2b:b5:91:f0:70:f5:fa:
+ e4:8c:21:fe:e7:8f:a3:16:5d:ee:a8:ff:a8:0e:22:
+ 1f:3e:27:25:f5:f1:a0:55:16:f7:c2:02:79:fb:c9:
+ ac:fd:d1:ca:6e:65:3e:97:cf:f0:df:c9:b9:c4:0a:
+ 87:c1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+ Signature Algorithm: sha1WithRSAEncryption
+ 66:1e:56:86:7d:87:99:f9:9a:d9:fb:fe:9c:bf:9e:d9:90:07:
+ da:9a:33:0f:72:6b:44:00:df:85:f0:ff:ed:c5:06:1c:1c:ff:
+ 4e:94:7d:6f:6c:7e:82:1a:82:bc:fe:ac:02:c5:1d:d0:1f:a8:
+ e3:2d:a2:8d:43:8e:73:8a:b0:a4:da:0b:1d:7e:1c:e9:35:93:
+ 29:6d:05:9f:6d:6c:0e:09:ee:9c:1a:15:fe:8a:5e:19:d8:da:
+ a0:6b:2a:d5:1d:fa:0c:af:63:55:41:42:ec:dd:3c:b0:6e:1f:
+ 66:67:c5:28:fd:23:1b:a6:42:98:49:f5:33:58:7b:5a:91:c7:
+ 9c:66:1f:53:cc:8b:79:11:a9:fa:a3:b8:5e:e1:d1:12:97:ec:
+ 5e:4d:c9:77:4c:03:0c:e8:80:33:57:da:d4:ce:af:c5:1b:f5:
+ 96:47:d4:68:da:83:3c:45:ee:84:b4:82:94:cd:65:2c:41:f1:
+ 45:3d:19:9b:da:7a:54:04:e4:39:b1:b5:2a:15:29:b8:99:6d:
+ 30:73:12:bc:7d:e3:79:f2:12:aa:e1:d7:d1:83:c4:bb:0c:bb:
+ a1:36:37:84:38:de:7c:3a:d7:c8:4f:6b:d9:cb:80:2b:29:27:
+ bd:c3:de:a5:2a:11:6d:b6:09:59:e6:d7:49:ae:52:89:28:3b:
+ af:f0:bd:86
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIGC1z7efIJMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDE1MDY0NFoXDTI2MDEwNzE1MDY0NFowZzELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7i
+cZiJQZfXYgvHkjXlCQq0ZwZZxTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQ
+q2YTNca9PG9l4l3CWSGAaMCF636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1df
+CSTFd5ZdG1ZWmkhRCvVnD2eNDYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2
+AraXXi7BWqevhsK3ZdyDjeeFcqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MW
+Xe6o/6gOIh8+JyX18aBVFvfCAnn7yaz90cpuZT6Xz/DfybnECofBAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQSayTS
+Smi3obAczb/WTMxAW3/gQDANBgkqhkiG9w0BAQUFAAOCAQEAZh5Whn2Hmfma2fv+
+nL+e2ZAH2pozD3JrRADfhfD/7cUGHBz/TpR9b2x+ghqCvP6sAsUd0B+o4y2ijUOO
+c4qwpNoLHX4c6TWTKW0Fn21sDgnunBoV/opeGdjaoGsq1R36DK9jVUFC7N08sG4f
+ZmfFKP0jG6ZCmEn1M1h7WpHHnGYfU8yLeRGp+qO4XuHREpfsXk3Jd0wDDOiAM1fa
+1M6vxRv1lkfUaNqDPEXuhLSClM1lLEHxRT0Zm9p6VATkObG1KhUpuJltMHMSvH3j
+efISquHX0YPEuwy7oTY3hDjefDrXyE9r2cuAKyknvcPepSoRbbYJWebXSa5SiSg7
+r/C9hg==
+-----END CERTIFICATE-----
diff --git a/tests/certs/EdelCurlRoot-ca.csr b/tests/certs/EdelCurlRoot-ca.csr
new file mode 100644
index 000000000..3a25911a3
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
+cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJTAjBgNVBAMMHE5vdGhlcm4g
+Tm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC9t+dwTBcND+ak7YELJqnSFvYqnIdtjn7icZiJQZfXYgvHkjXlCQq0ZwZZ
+xTsvrmz/aGyvRqMffjJaCMRuZVzCn5kRTijcN5jQq2YTNca9PG9l4l3CWSGAaMCF
+636iWJkERcP3TDmD+lxuaqD/Rbcveru7fz0ry1dfCSTFd5ZdG1ZWmkhRCvVnD2eN
+DYLHhL+1xfjNcS+Sy+iUligEOsIsOOSePBuJn3C2AraXXi7BWqevhsK3ZdyDjeeF
+cqfR8LrqEdy9fLVoiYIVK7WR8HD1+uSMIf7nj6MWXe6o/6gOIh8+JyX18aBVFvfC
+Ann7yaz90cpuZT6Xz/DfybnECofBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
+IFe5QoGVnUvCDOvZPMFmnclBgPVpTYB/twQEK3VoKnTbWj78LL6IGJLoqS7l+wnW
+5PLYGjNwR7atIw1pnq6i+GglV5USXRMCNfB0NYLEZdfIUKwIQia2sidmv1gHDXbW
+oCh33kwizd8K0pCivtS60p7PfrjyKuj0qcdwFLuW6sa9ks4mswsykPJFFWseln6U
+YlFNOX2OWSNnoadLVgTxhIuSr7rXHVza01sNvH/tXKO0J4gfK7TctZpNsl4tnWx8
+6wjXe55aQqokjdfe92mPKClMuiXJTLPkM4tPN1Wau3qYw+BAb038z+j8FL8n7CEU
+n3WlmMJ7tmkd3NShPejqZQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/EdelCurlRoot-ca.der b/tests/certs/EdelCurlRoot-ca.der
new file mode 100644
index 000000000..5d0e2d5d8
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.der
Binary files differ
diff --git a/tests/certs/EdelCurlRoot-ca.key b/tests/certs/EdelCurlRoot-ca.key
new file mode 100644
index 000000000..244aea1c6
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUbvkhX/UejoCAggA
+MBQGCCqGSIb3DQMHBAhyTjz68mGb9gSCBMjeTO0EBH03MKmIHaDTPzJyJO4jyqQS
+WJw6j+nYXHLQ3/PDh431GIQatN6Hpp14e+y/PZEl68jB8cxVCpiGO+JLT7ov4zlU
+nLsCwSn7lmFeylrlZYOnP//3JVfEwcO3E22y6Ay3RKm5UYKTYoCXwkIC7xockF4+
+E3xq2bRYD4OGrb77srqU2puPie0otfm3dpkZk5FKY/9knygufqO0HoC6y1swPT0q
+ykOst064UGFG36IiISVImoYeOQ2kY0fo3bBtC7QGhCiid0cOXZOUZD7I+Vz7UPJo
+XUtM0s9V1uer/DrDREFrCG/GfwNDhrhqXM4AsJQwPi8FV4KK+rHOFCg0FOPAlGff
+UMArHp81ZmM9T6SWmWFGdmJPNz0jp7HPmzYt3rXQc88qk0iig+A42SMqj6otMPuJ
+st/0Sm+GzRHjbgV0Jh2zPpTwzznLj8NjHCtmSWijFZZbylEvr3klzLdnva5c75pw
+Qhqbe3ZkNaRkJvxWlIvd8qrE4rix34M5ZN1gm4+y5kE8gYjMF8KdBwxfsSkobL48
+i2NpaROvFhewE9IaoJ8bAVJA9KpHZBftWaZFJ7S7h0Vdhw0KRVFZYQiz6xqma4Xp
+yp4EopNdffuEXxQOQiAsHyhnBsPGoMTUpCQAfL1v90+SIs0FG6faClk3L6EyATXW
+pLQURbocUJYr6hyxY62Y1pc3TVlspIv/kukKtwq7iuvD5mFgmGumSI/pq2jfKo02
+aFSPTNVEidFvJJVr0HVIwPVmuMRs0Lr0t8Txih4NIzTITR4tPwaIwhi0Qi3VanNG
+TY9oevkclxiNbP9OQfIP6CMHNnAzLhOm+vbwlkCAqcFo0KjzGJb4NhyAxYpUZ7U3
+NGoNVQ7haF/Frz5PxAGl5l57qLI4pHsknrZsKxiTKpSy5l3melj3Zk0R2jXN9uJX
+Z3FYG6R7Zbnt8gbXw1dqteLo07ObS7OwULqAJlboqporOtvWKhqPTPeNFP7HCdHJ
+uFBVQJwWGD8QBcZ1k591JcFY7vPWHdQF7ku+EEs7dEeNBUS28Baw5qoiXRBWsD7B
+Y3D4QaAZF64rqvtIlhDZBzmrUZ1KqJDX1B9I2pf7D6bbxL0wYiVTRQeoDV7eGZXF
+0+tMbHgZ/CmAsOx0sdcR0BkigQMGh9HHtDs4gRJsf/RjzkKJQD28FfJxqvRYDYFd
+8PSL7/DPipTUxvALuKWX/cRR/kVDEvt3AXJqAJsb3Xf/NloicieQ5QCy2LXwU4rQ
+pBur7YFHw2VfT/HU8Jdd3yoXJPRBy9bAGFXojtBT6cuCcyBrUwrFo/nfiirK1WAd
+krIL1/kUNKy34b/Yp2/BNuo+QrDP7tJNWVO7pVs1eNFs45en0GNR1tsaIxN95MwX
+vw4g4vMNMkpEPdLCPkjCYuW6mqkxT7ED3LAEsOBljcjkaId4QVS2TZv9V+izeHx8
+OGYmyJB5d2N/v1gwBSq7h+xx7bG/hByJ+7hGR3J9+3HEN/TYFPqjIofA8sBZ6Emt
+oICblaS4xlmWwb8iSdo38yDWVaemmuW3zpCLfCR3RFT8aV9u1eahYWuU0/kgn2QB
+GvaavsdlahZl+f0uqf67TDWxTDkeQuiiRwy3UCnooxDLclq3YM9yWP4wbq9xNn4d
+G+0=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/certs/EdelCurlRoot-ca.prm b/tests/certs/EdelCurlRoot-ca.prm
new file mode 100644
index 000000000..4c53ef515
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.prm
@@ -0,0 +1,18 @@
+extensions = x509v3
+[ req ]
+default_bits = 2048
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = Nothern Nowhere Trust Anchor
+[ x509v3 ]
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
+
diff --git a/tests/certs/Server-localhost-sv.crt b/tests/certs/Server-localhost-sv.crt
new file mode 100644
index 000000000..f78e3c038
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.crt
@@ -0,0 +1,81 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5d:0a:89:a5:41
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 22:07:52 2009 GMT
+ Not After : Oct 21 22:07:52 2017 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:d3:6f:53:ed:32:a1:69:20:22:6e:5c:69:34:3d:
+ 8f:14:65:61:c8:f7:99:15:ec:a9:51:43:87:7a:b0:
+ 4b:65:c5:c2:7c:e4:4a:f0:c7:25:42:19:ec:ec:84:
+ 5a:62:a0:4e:de:f9:2d:86:aa:e5:b2:b9:f7:e8:1f:
+ 5d:c6:8d:07:b1:83:54:92:a8:65:5d:2c:e6:3b:e0:
+ f3:0e:ae:b2:72:05:4c:dd:85:90:16:bc:1f:03:59:
+ 23:76:be:e0:38:ee:21:05:37:d0:01:31:7d:1f:3c:
+ f5:fd:78:56:cd:cb:86:bb:d1:e8:07:73:a6:90:f9:
+ 3b:7e:9d:85:bc:3c:2a:78:49
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+ Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 53:59:CB:8D:67:CD:E7:63:E2:E5:DD:F0:F8:E1:82:ED:A8:10:38:A3
+ X509v3 Authority Key Identifier:
+ keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 06:3f:b8:df:8e:20:9d:cd:cd:bc:a9:88:eb:2d:f8:e6:f0:15:
+ fa:14:9c:5f:55:bc:8f:68:40:aa:d2:51:03:ab:09:ee:ee:a6:
+ d7:8f:32:9a:75:0b:41:35:71:bf:d9:35:03:dd:fd:e5:7d:45:
+ db:e5:9a:16:14:14:c7:98:a5:c5:b9:4d:81:3a:0c:f9:e0:97:
+ 71:d0:f3:a0:5d:84:ba:83:a8:d8:a0:98:bf:12:48:42:f0:1b:
+ 8a:58:80:16:62:69:bb:96:5a:ce:ac:02:fa:cb:cd:20:30:d0:
+ fb:23:3a:d3:7b:75:03:c8:c1:20:9e:24:90:d2:61:00:85:63:
+ e2:f9:a7:52:50:e2:0d:3b:61:f9:b1:d5:5f:64:dd:cb:38:7b:
+ 05:8d:b7:f9:08:8e:bf:d3:02:13:e7:34:fa:3d:bb:af:d7:aa:
+ de:79:28:f4:ae:87:f5:49:85:42:c7:af:8b:a0:94:ed:21:de:
+ 36:e6:38:a3:0f:75:cf:68:10:48:1d:7d:9b:a2:88:86:bd:b5:
+ fe:95:4a:c8:fe:77:6b:0a:47:79:ab:d6:35:ea:53:4f:8f:3a:
+ ba:e1:4c:00:57:b8:99:f9:21:5d:d2:ad:d9:c7:fa:bf:71:73:
+ 49:5d:0b:2c:fd:02:37:94:3c:3e:d7:ef:72:c5:e3:f3:14:9f:
+ 58:27:2a:aa
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIGC10KiaVBMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDIyMDc1MloXDTE3MTAyMTIyMDc1MlowVDELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+029T7TKhaSAiblxpND2PFGVhyPeZFeypUUOHerBLZcXCfORK8MclQhns7IRaYqBO
+3vkthqrlsrn36B9dxo0HsYNUkqhlXSzmO+DzDq6ycgVM3YWQFrwfA1kjdr7gOO4h
+BTfQATF9Hzz1/XhWzcuGu9HoB3OmkPk7fp2FvDwqeEkCAwEAAaOBiTCBhjAUBgNV
+HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMB0GA1UdDgQWBBRTWcuNZ83nY+Ll3fD44YLtqBA4ozAfBgNVHSMEGDAWgBQS
+ayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA
+A4IBAQAGP7jfjiCdzc28qYjrLfjm8BX6FJxfVbyPaECq0lEDqwnu7qbXjzKadQtB
+NXG/2TUD3f3lfUXb5ZoWFBTHmKXFuU2BOgz54Jdx0POgXYS6g6jYoJi/EkhC8BuK
+WIAWYmm7llrOrAL6y80gMND7IzrTe3UDyMEgniSQ0mEAhWPi+adSUOINO2H5sdVf
+ZN3LOHsFjbf5CI6/0wIT5zT6Pbuv16reeSj0rof1SYVCx6+LoJTtId425jijD3XP
+aBBIHX2booiGvbX+lUrI/ndrCkd5q9Y16lNPjzq64UwAV7iZ+SFd0q3Zx/q/cXNJ
+XQss/QI3lDw+1+9yxePzFJ9YJyqq
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-sv.csr b/tests/certs/Server-localhost-sv.csr
new file mode 100644
index 000000000..4a1ccaf5a
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy
+Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTb1PtMqFpICJuXGk0PY8UZWHI
+95kV7KlRQ4d6sEtlxcJ85ErwxyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SS
+qGVdLOY74PMOrrJyBUzdhZAWvB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egH
+c6aQ+Tt+nYW8PCp4SQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAxfegbegW/e09
+TV4TVuyt7S7wwCJFepfi7hNDoPf/CiuW3KeSySP68iD9QUNhy2wADFP6eHPaooUZ
+h5PIvZ8IKpBzIbtG2mcOV4tKEBIshoBv/VFOTUqGKJf4r9dK0AjbovyPNpt9lCcO
+xcnrH3WuQUVdmXVvlUXHz/mhzs2TFx4=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost-sv.der b/tests/certs/Server-localhost-sv.der
new file mode 100644
index 000000000..aefd60284
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.der
Binary files differ
diff --git a/tests/certs/Server-localhost-sv.dhp b/tests/certs/Server-localhost-sv.dhp
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.dhp
diff --git a/tests/certs/Server-localhost-sv.key b/tests/certs/Server-localhost-sv.key
new file mode 100644
index 000000000..832bbba5c
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDTb1PtMqFpICJuXGk0PY8UZWHI95kV7KlRQ4d6sEtlxcJ85Erw
+xyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SSqGVdLOY74PMOrrJyBUzdhZAW
+vB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egHc6aQ+Tt+nYW8PCp4SQIDAQAB
+AoGBAMhtVySaAzJxONJfHYdc934BIPHt7BtBbbvQBOSDq+V80wGrM3MNhL8lbldC
+m5+0kS+DC+oFpJqI+Xz8BtwJooilPuQO3syo5YZuFRee81M8Z5Ss78TG6FLdjt6Z
+hKQHju+Ghxm08pd2cTaYGDzS3LYsvSXz4TnsdWAVATCwKTSFAkEA8HnPcZdAXiLJ
+eA2cRAuyEUPjs7B6eR5dLraLrIOtcKs/xJH/W+63hhMjqe9CASuSzVJEr8QxijYN
+Cdlq3V3XhwJBAOEVk48TZF+gc87sWsBIy+mn3MdovKbmnYM/rzVXYiu2mBQ+nKhp
+mevRc/UJdkaW8H340wRm1qGMYPCeekRdha8CQCuHcSR3o4Amvd9MX2f10gLMDjCd
+ll3MQEPPaVMN9tw5M27KmrWybWgImOEO3RzHHWirJqHGWs1Q4WVSBMUTUosCQQDf
+sz/6HL3PRHqUltcC79apnEmSbgfAoMa/INYTX4uUAl9XD3tG7d0qP/rM9+By+6R8
+roWahFKgMBJQUlEWDRTFAkAiLYKd8pxw3x3kuk5ItmTiq3JNluMyIA/i3RVW1aVO
+U5tX8sw6r4wVcsvXVboS/Trjeev2qkqC06ARV7vb6Wq5
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost-sv.p12 b/tests/certs/Server-localhost-sv.p12
new file mode 100644
index 000000000..d7b8441a4
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.p12
Binary files differ
diff --git a/tests/certs/Server-localhost-sv.pem b/tests/certs/Server-localhost-sv.pem
new file mode 100644
index 000000000..13eeb3164
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.pem
@@ -0,0 +1,121 @@
+extensions = x509v3
+[ x509v3 ]
+subjectAltName = DNS:localhost
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = critical,CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost
+
+[something]
+# The key
+# the certficate
+# some dhparam
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDTb1PtMqFpICJuXGk0PY8UZWHI95kV7KlRQ4d6sEtlxcJ85Erw
+xyVCGezshFpioE7e+S2GquWyuffoH13GjQexg1SSqGVdLOY74PMOrrJyBUzdhZAW
+vB8DWSN2vuA47iEFN9ABMX0fPPX9eFbNy4a70egHc6aQ+Tt+nYW8PCp4SQIDAQAB
+AoGBAMhtVySaAzJxONJfHYdc934BIPHt7BtBbbvQBOSDq+V80wGrM3MNhL8lbldC
+m5+0kS+DC+oFpJqI+Xz8BtwJooilPuQO3syo5YZuFRee81M8Z5Ss78TG6FLdjt6Z
+hKQHju+Ghxm08pd2cTaYGDzS3LYsvSXz4TnsdWAVATCwKTSFAkEA8HnPcZdAXiLJ
+eA2cRAuyEUPjs7B6eR5dLraLrIOtcKs/xJH/W+63hhMjqe9CASuSzVJEr8QxijYN
+Cdlq3V3XhwJBAOEVk48TZF+gc87sWsBIy+mn3MdovKbmnYM/rzVXYiu2mBQ+nKhp
+mevRc/UJdkaW8H340wRm1qGMYPCeekRdha8CQCuHcSR3o4Amvd9MX2f10gLMDjCd
+ll3MQEPPaVMN9tw5M27KmrWybWgImOEO3RzHHWirJqHGWs1Q4WVSBMUTUosCQQDf
+sz/6HL3PRHqUltcC79apnEmSbgfAoMa/INYTX4uUAl9XD3tG7d0qP/rM9+By+6R8
+roWahFKgMBJQUlEWDRTFAkAiLYKd8pxw3x3kuk5ItmTiq3JNluMyIA/i3RVW1aVO
+U5tX8sw6r4wVcsvXVboS/Trjeev2qkqC06ARV7vb6Wq5
+-----END RSA PRIVATE KEY-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5d:0a:89:a5:41
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 22:07:52 2009 GMT
+ Not After : Oct 21 22:07:52 2017 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:d3:6f:53:ed:32:a1:69:20:22:6e:5c:69:34:3d:
+ 8f:14:65:61:c8:f7:99:15:ec:a9:51:43:87:7a:b0:
+ 4b:65:c5:c2:7c:e4:4a:f0:c7:25:42:19:ec:ec:84:
+ 5a:62:a0:4e:de:f9:2d:86:aa:e5:b2:b9:f7:e8:1f:
+ 5d:c6:8d:07:b1:83:54:92:a8:65:5d:2c:e6:3b:e0:
+ f3:0e:ae:b2:72:05:4c:dd:85:90:16:bc:1f:03:59:
+ 23:76:be:e0:38:ee:21:05:37:d0:01:31:7d:1f:3c:
+ f5:fd:78:56:cd:cb:86:bb:d1:e8:07:73:a6:90:f9:
+ 3b:7e:9d:85:bc:3c:2a:78:49
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+ Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 53:59:CB:8D:67:CD:E7:63:E2:E5:DD:F0:F8:E1:82:ED:A8:10:38:A3
+ X509v3 Authority Key Identifier:
+ keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 06:3f:b8:df:8e:20:9d:cd:cd:bc:a9:88:eb:2d:f8:e6:f0:15:
+ fa:14:9c:5f:55:bc:8f:68:40:aa:d2:51:03:ab:09:ee:ee:a6:
+ d7:8f:32:9a:75:0b:41:35:71:bf:d9:35:03:dd:fd:e5:7d:45:
+ db:e5:9a:16:14:14:c7:98:a5:c5:b9:4d:81:3a:0c:f9:e0:97:
+ 71:d0:f3:a0:5d:84:ba:83:a8:d8:a0:98:bf:12:48:42:f0:1b:
+ 8a:58:80:16:62:69:bb:96:5a:ce:ac:02:fa:cb:cd:20:30:d0:
+ fb:23:3a:d3:7b:75:03:c8:c1:20:9e:24:90:d2:61:00:85:63:
+ e2:f9:a7:52:50:e2:0d:3b:61:f9:b1:d5:5f:64:dd:cb:38:7b:
+ 05:8d:b7:f9:08:8e:bf:d3:02:13:e7:34:fa:3d:bb:af:d7:aa:
+ de:79:28:f4:ae:87:f5:49:85:42:c7:af:8b:a0:94:ed:21:de:
+ 36:e6:38:a3:0f:75:cf:68:10:48:1d:7d:9b:a2:88:86:bd:b5:
+ fe:95:4a:c8:fe:77:6b:0a:47:79:ab:d6:35:ea:53:4f:8f:3a:
+ ba:e1:4c:00:57:b8:99:f9:21:5d:d2:ad:d9:c7:fa:bf:71:73:
+ 49:5d:0b:2c:fd:02:37:94:3c:3e:d7:ef:72:c5:e3:f3:14:9f:
+ 58:27:2a:aa
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIGC10KiaVBMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDIyMDc1MloXDTE3MTAyMTIyMDc1MlowVDELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+029T7TKhaSAiblxpND2PFGVhyPeZFeypUUOHerBLZcXCfORK8MclQhns7IRaYqBO
+3vkthqrlsrn36B9dxo0HsYNUkqhlXSzmO+DzDq6ycgVM3YWQFrwfA1kjdr7gOO4h
+BTfQATF9Hzz1/XhWzcuGu9HoB3OmkPk7fp2FvDwqeEkCAwEAAaOBiTCBhjAUBgNV
+HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMB0GA1UdDgQWBBRTWcuNZ83nY+Ll3fD44YLtqBA4ozAfBgNVHSMEGDAWgBQS
+ayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA
+A4IBAQAGP7jfjiCdzc28qYjrLfjm8BX6FJxfVbyPaECq0lEDqwnu7qbXjzKadQtB
+NXG/2TUD3f3lfUXb5ZoWFBTHmKXFuU2BOgz54Jdx0POgXYS6g6jYoJi/EkhC8BuK
+WIAWYmm7llrOrAL6y80gMND7IzrTe3UDyMEgniSQ0mEAhWPi+adSUOINO2H5sdVf
+ZN3LOHsFjbf5CI6/0wIT5zT6Pbuv16reeSj0rof1SYVCx6+LoJTtId425jijD3XP
+aBBIHX2booiGvbX+lUrI/ndrCkd5q9Y16lNPjzq64UwAV7iZ+SFd0q3Zx/q/cXNJ
+XQss/QI3lDw+1+9yxePzFJ9YJyqq
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-sv.prm b/tests/certs/Server-localhost-sv.prm
new file mode 100644
index 000000000..6351025dd
--- /dev/null
+++ b/tests/certs/Server-localhost-sv.prm
@@ -0,0 +1,25 @@
+extensions = x509v3
+[ x509v3 ]
+subjectAltName = DNS:localhost
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = critical,CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost
+
+[something]
+# The key
+# the certficate
+# some dhparam
diff --git a/tests/certs/Server-localhost.nn-sv.crt b/tests/certs/Server-localhost.nn-sv.crt
new file mode 100644
index 000000000..e64fddc78
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.crt
@@ -0,0 +1,81 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5d:0b:23:cb:9d
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 22:24:45 2009 GMT
+ Not After : Oct 21 22:24:45 2017 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = localhost.nn
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c9:dc:c2:58:a5:8b:69:e1:d0:00:c5:e9:57:b7:
+ 47:80:8d:4b:d5:d5:43:71:0c:cc:e4:f1:01:72:71:
+ 11:48:8f:f5:25:ec:33:cb:9e:f2:78:17:90:5c:f2:
+ af:ec:9f:34:9c:05:ba:f3:1e:01:48:f0:c7:3e:46:
+ 9b:93:97:a8:af:c6:71:c6:c2:06:77:1a:e1:91:a2:
+ da:87:0e:f4:30:4d:4f:54:39:8b:e6:2f:ec:5c:91:
+ 89:66:4e:00:87:57:f1:2a:57:28:84:5c:63:a5:7e:
+ d8:7e:ff:82:52:c9:d4:a4:8a:b2:6e:34:e7:b2:67:
+ 2e:5b:0e:6a:a0:58:f4:1c:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost.nn
+ X509v3 Key Usage:
+ Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 68:20:D3:B2:EC:E8:1A:2A:3E:28:64:28:28:8F:A0:A1:20:9E:DC:D3
+ X509v3 Authority Key Identifier:
+ keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 5f:72:3f:e0:5c:44:b1:3b:c2:d6:10:fe:0a:bc:82:d5:60:c5:
+ 71:91:ef:86:2c:b3:71:5d:93:5a:b9:cb:f6:bf:c4:24:33:cc:
+ d7:24:2e:08:40:b9:1a:4d:cd:7b:12:c2:1e:16:d0:10:fb:72:
+ 42:d4:95:21:38:31:a6:73:5c:4d:b3:db:58:0c:0e:3f:a8:f9:
+ c0:14:a1:a9:ee:20:7e:3f:7a:30:ab:24:0e:ca:36:19:b0:dd:
+ 01:ce:aa:67:69:4a:8d:e3:5d:20:34:74:d6:7f:14:06:96:58:
+ 5e:68:78:6e:00:02:1d:3e:56:eb:5f:2c:35:02:10:05:9d:0b:
+ de:66:bb:ac:26:bd:eb:aa:d1:1d:b6:fe:b5:65:15:f8:06:b6:
+ 1c:17:cd:bf:f2:28:6c:b0:f4:73:0d:e4:6e:59:1d:a8:54:36:
+ be:68:c2:c1:15:87:c4:20:08:5f:68:93:13:8a:c6:50:f2:1a:
+ 9d:91:b4:71:93:e8:c3:c6:c1:f0:89:0f:ea:a0:f3:03:b3:e4:
+ d8:c1:27:ee:f9:41:93:7a:f6:25:2d:07:6f:3f:76:16:02:71:
+ 61:70:de:7a:20:6f:dd:ab:35:a2:03:8a:a5:d4:dc:89:47:0f:
+ cc:7c:88:e1:22:ff:6a:e5:83:2e:7a:b4:75:b7:e1:d4:e5:d6:
+ 75:8b:bd:5c
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIGC10LI8udMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDIyMjQ0NVoXDTE3MTAyMTIyMjQ0NVowVzELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+FTATBgNVBAMMDGxvY2FsaG9zdC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAydzCWKWLaeHQAMXpV7dHgI1L1dVDcQzM5PEBcnERSI/1Jewzy57yeBeQXPKv
+7J80nAW68x4BSPDHPkabk5eor8ZxxsIGdxrhkaLahw70ME1PVDmL5i/sXJGJZk4A
+h1fxKlcohFxjpX7Yfv+CUsnUpIqybjTnsmcuWw5qoFj0HA0CAwEAAaOBjDCBiTAX
+BgNVHREEEDAOggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMB0GA1UdDgQWBBRoINOy7OgaKj4oZCgoj6ChIJ7c0zAfBgNVHSME
+GDAWgBQSayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
+DQEBBQUAA4IBAQBfcj/gXESxO8LWEP4KvILVYMVxke+GLLNxXZNaucv2v8QkM8zX
+JC4IQLkaTc17EsIeFtAQ+3JC1JUhODGmc1xNs9tYDA4/qPnAFKGp7iB+P3owqyQO
+yjYZsN0BzqpnaUqN410gNHTWfxQGllheaHhuAAIdPlbrXyw1AhAFnQveZrusJr3r
+qtEdtv61ZRX4BrYcF82/8ihssPRzDeRuWR2oVDa+aMLBFYfEIAhfaJMTisZQ8hqd
+kbRxk+jDxsHwiQ/qoPMDs+TYwSfu+UGTevYlLQdvP3YWAnFhcN56IG/dqzWiA4ql
+1NyJRw/MfIjhIv9q5YMuerR1t+HU5dZ1i71c
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost.nn-sv.csr b/tests/certs/Server-localhost.nn-sv.csr
new file mode 100644
index 000000000..4084d6979
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
+cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
+dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAydzCWKWLaeHQAMXpV7dH
+gI1L1dVDcQzM5PEBcnERSI/1Jewzy57yeBeQXPKv7J80nAW68x4BSPDHPkabk5eo
+r8ZxxsIGdxrhkaLahw70ME1PVDmL5i/sXJGJZk4Ah1fxKlcohFxjpX7Yfv+CUsnU
+pIqybjTnsmcuWw5qoFj0HA0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAJTKRcBm
+GzP0ySB4Oi8nedAruEXou/74ihSeIaydMyMLvqiAiSRhA16CIweRhMqDKqaSHT5B
+aisl0FSMKFODu6TrZQL+1DYTrXOKQ1e8JjSOCbR4c+p/QsiznfabEQNgtzsiDxTy
+Tc4vgvzEKxQ1AxP7G4iW+sVLc0EaA6fA6l/L
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost.nn-sv.der b/tests/certs/Server-localhost.nn-sv.der
new file mode 100644
index 000000000..cfeb41259
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.der
Binary files differ
diff --git a/tests/certs/Server-localhost.nn-sv.dhp b/tests/certs/Server-localhost.nn-sv.dhp
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.dhp
diff --git a/tests/certs/Server-localhost.nn-sv.key b/tests/certs/Server-localhost.nn-sv.key
new file mode 100644
index 000000000..ce0a00789
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDJ3MJYpYtp4dAAxelXt0eAjUvV1UNxDMzk8QFycRFIj/Ul7DPL
+nvJ4F5Bc8q/snzScBbrzHgFI8Mc+RpuTl6ivxnHGwgZ3GuGRotqHDvQwTU9UOYvm
+L+xckYlmTgCHV/EqVyiEXGOlfth+/4JSydSkirJuNOeyZy5bDmqgWPQcDQIDAQAB
+AoGAFJ8Xv4SR3Gw0GpAdSVew10IX+C1EKX1cRRsVwcIpONdz/L7Hf8qqDHijx8sH
+C84ryrCPK5zqFrB6OjNuW0KH+dZ5PRkr6DZwLAIgf+zjTb+qd8aDYlzsnvajTxxY
+RdPbsR94Oort1Gp0BZ9SOi2mUvRZqXsCMQmFxAXQgQ3jqgUCQQDsnRfGoESAIs+3
+W4jl67nD6K+pAcleLQ+yeNYwldRnH0CRWkt9wyjQFSKufz93pD+3NVC446cPlJap
+1beijhHDAkEA2mbEYRxYrQIJ1UyEb375k+hxNl6QlzTO8gUjuZBlAff/maC4FGmt
+9cDfThLPan0m0T9Ucb4RZQeQe4EH0qDt7wJASWncbKZhWphydmOSMDRZaO2TQw7o
+2a2Fh0xyuJRkWLKbp/2qGpUo3pcQMbANkyOFGWUTbKpFtVHXBU7oMSl/XQJANuqG
+UKDPD1mm3VJrLpnv6agV54TpuIuXybVPIVbUfyU7yQZnowJbsqK3w6rpKq6jdxQE
+iMExIIVBaDyumeDLUwJBAMapDN9JlFNq2AW0ifjrXJLaoR2jhF98cUFpjM/AJrAX
+WIbIGxlsCe9HKtvbKFMLuaSZrU87TnR3K0w3zOSbHXk=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost.nn-sv.pem b/tests/certs/Server-localhost.nn-sv.pem
new file mode 100644
index 000000000..f08547c0d
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.pem
@@ -0,0 +1,121 @@
+extensions = x509v3
+[ x509v3 ]
+subjectAltName = DNS:localhost.nn
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = critical,CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost.nn
+
+[something]
+# The key
+# the certficate
+# some dhparam
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDJ3MJYpYtp4dAAxelXt0eAjUvV1UNxDMzk8QFycRFIj/Ul7DPL
+nvJ4F5Bc8q/snzScBbrzHgFI8Mc+RpuTl6ivxnHGwgZ3GuGRotqHDvQwTU9UOYvm
+L+xckYlmTgCHV/EqVyiEXGOlfth+/4JSydSkirJuNOeyZy5bDmqgWPQcDQIDAQAB
+AoGAFJ8Xv4SR3Gw0GpAdSVew10IX+C1EKX1cRRsVwcIpONdz/L7Hf8qqDHijx8sH
+C84ryrCPK5zqFrB6OjNuW0KH+dZ5PRkr6DZwLAIgf+zjTb+qd8aDYlzsnvajTxxY
+RdPbsR94Oort1Gp0BZ9SOi2mUvRZqXsCMQmFxAXQgQ3jqgUCQQDsnRfGoESAIs+3
+W4jl67nD6K+pAcleLQ+yeNYwldRnH0CRWkt9wyjQFSKufz93pD+3NVC446cPlJap
+1beijhHDAkEA2mbEYRxYrQIJ1UyEb375k+hxNl6QlzTO8gUjuZBlAff/maC4FGmt
+9cDfThLPan0m0T9Ucb4RZQeQe4EH0qDt7wJASWncbKZhWphydmOSMDRZaO2TQw7o
+2a2Fh0xyuJRkWLKbp/2qGpUo3pcQMbANkyOFGWUTbKpFtVHXBU7oMSl/XQJANuqG
+UKDPD1mm3VJrLpnv6agV54TpuIuXybVPIVbUfyU7yQZnowJbsqK3w6rpKq6jdxQE
+iMExIIVBaDyumeDLUwJBAMapDN9JlFNq2AW0ifjrXJLaoR2jhF98cUFpjM/AJrAX
+WIbIGxlsCe9HKtvbKFMLuaSZrU87TnR3K0w3zOSbHXk=
+-----END RSA PRIVATE KEY-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5d:0b:23:cb:9d
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 22:24:45 2009 GMT
+ Not After : Oct 21 22:24:45 2017 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = localhost.nn
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c9:dc:c2:58:a5:8b:69:e1:d0:00:c5:e9:57:b7:
+ 47:80:8d:4b:d5:d5:43:71:0c:cc:e4:f1:01:72:71:
+ 11:48:8f:f5:25:ec:33:cb:9e:f2:78:17:90:5c:f2:
+ af:ec:9f:34:9c:05:ba:f3:1e:01:48:f0:c7:3e:46:
+ 9b:93:97:a8:af:c6:71:c6:c2:06:77:1a:e1:91:a2:
+ da:87:0e:f4:30:4d:4f:54:39:8b:e6:2f:ec:5c:91:
+ 89:66:4e:00:87:57:f1:2a:57:28:84:5c:63:a5:7e:
+ d8:7e:ff:82:52:c9:d4:a4:8a:b2:6e:34:e7:b2:67:
+ 2e:5b:0e:6a:a0:58:f4:1c:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost.nn
+ X509v3 Key Usage:
+ Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 68:20:D3:B2:EC:E8:1A:2A:3E:28:64:28:28:8F:A0:A1:20:9E:DC:D3
+ X509v3 Authority Key Identifier:
+ keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 5f:72:3f:e0:5c:44:b1:3b:c2:d6:10:fe:0a:bc:82:d5:60:c5:
+ 71:91:ef:86:2c:b3:71:5d:93:5a:b9:cb:f6:bf:c4:24:33:cc:
+ d7:24:2e:08:40:b9:1a:4d:cd:7b:12:c2:1e:16:d0:10:fb:72:
+ 42:d4:95:21:38:31:a6:73:5c:4d:b3:db:58:0c:0e:3f:a8:f9:
+ c0:14:a1:a9:ee:20:7e:3f:7a:30:ab:24:0e:ca:36:19:b0:dd:
+ 01:ce:aa:67:69:4a:8d:e3:5d:20:34:74:d6:7f:14:06:96:58:
+ 5e:68:78:6e:00:02:1d:3e:56:eb:5f:2c:35:02:10:05:9d:0b:
+ de:66:bb:ac:26:bd:eb:aa:d1:1d:b6:fe:b5:65:15:f8:06:b6:
+ 1c:17:cd:bf:f2:28:6c:b0:f4:73:0d:e4:6e:59:1d:a8:54:36:
+ be:68:c2:c1:15:87:c4:20:08:5f:68:93:13:8a:c6:50:f2:1a:
+ 9d:91:b4:71:93:e8:c3:c6:c1:f0:89:0f:ea:a0:f3:03:b3:e4:
+ d8:c1:27:ee:f9:41:93:7a:f6:25:2d:07:6f:3f:76:16:02:71:
+ 61:70:de:7a:20:6f:dd:ab:35:a2:03:8a:a5:d4:dc:89:47:0f:
+ cc:7c:88:e1:22:ff:6a:e5:83:2e:7a:b4:75:b7:e1:d4:e5:d6:
+ 75:8b:bd:5c
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIGC10LI8udMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDIyMjQ0NVoXDTE3MTAyMTIyMjQ0NVowVzELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+FTATBgNVBAMMDGxvY2FsaG9zdC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAydzCWKWLaeHQAMXpV7dHgI1L1dVDcQzM5PEBcnERSI/1Jewzy57yeBeQXPKv
+7J80nAW68x4BSPDHPkabk5eor8ZxxsIGdxrhkaLahw70ME1PVDmL5i/sXJGJZk4A
+h1fxKlcohFxjpX7Yfv+CUsnUpIqybjTnsmcuWw5qoFj0HA0CAwEAAaOBjDCBiTAX
+BgNVHREEEDAOggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMB0GA1UdDgQWBBRoINOy7OgaKj4oZCgoj6ChIJ7c0zAfBgNVHSME
+GDAWgBQSayTSSmi3obAczb/WTMxAW3/gQDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
+DQEBBQUAA4IBAQBfcj/gXESxO8LWEP4KvILVYMVxke+GLLNxXZNaucv2v8QkM8zX
+JC4IQLkaTc17EsIeFtAQ+3JC1JUhODGmc1xNs9tYDA4/qPnAFKGp7iB+P3owqyQO
+yjYZsN0BzqpnaUqN410gNHTWfxQGllheaHhuAAIdPlbrXyw1AhAFnQveZrusJr3r
+qtEdtv61ZRX4BrYcF82/8ihssPRzDeRuWR2oVDa+aMLBFYfEIAhfaJMTisZQ8hqd
+kbRxk+jDxsHwiQ/qoPMDs+TYwSfu+UGTevYlLQdvP3YWAnFhcN56IG/dqzWiA4ql
+1NyJRw/MfIjhIv9q5YMuerR1t+HU5dZ1i71c
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost.nn-sv.prm b/tests/certs/Server-localhost.nn-sv.prm
new file mode 100644
index 000000000..e515ea15b
--- /dev/null
+++ b/tests/certs/Server-localhost.nn-sv.prm
@@ -0,0 +1,25 @@
+extensions = x509v3
+[ x509v3 ]
+subjectAltName = DNS:localhost.nn
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = critical,CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost.nn
+
+[something]
+# The key
+# the certficate
+# some dhparam
diff --git a/tests/certs/Server-localhost0h-sv.crt b/tests/certs/Server-localhost0h-sv.crt
new file mode 100644
index 000000000..20759e735
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.crt
@@ -0,0 +1,81 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5d:0a:87:0d:09
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 22:07:33 2009 GMT
+ Not After : Oct 21 22:07:33 2017 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:
+ 36:f5:c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:
+ 16:90:eb:f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:
+ 57:ab:5f:b5:ba:5c:a0:48:8c:82:77:fd:67:d8:53:
+ 44:61:86:a5:06:19:bf:73:51:68:2e:1a:0a:c5:05:
+ 39:ca:3d:ca:83:ed:07:fe:ae:b7:73:1d:60:dd:ab:
+ 9e:0e:7e:02:f3:68:42:93:27:c8:5f:c5:fa:cb:a9:
+ 84:06:2f:f3:66:bd:de:7d:29:82:57:47:e4:a9:df:
+ bf:8b:bc:c0:46:33:5a:7b:87
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+ Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 0C:37:A3:DB:0F:73:B3:38:8A:69:D3:6E:B3:A7:D6:D8:77:4E:DA:67
+ X509v3 Authority Key Identifier:
+ keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31:fa:2f:
+ 7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9:e6:cf:c8:77:
+ bd:85:16:d7:9f:18:52:78:3f:ea:9c:86:62:6e:db:90:b0:cd:
+ f1:c1:6f:2d:87:4a:a0:be:b3:dc:6d:e4:6b:d1:da:b9:10:25:
+ 7e:35:1f:1b:aa:a7:09:2f:84:77:27:b0:48:a8:6d:54:57:38:
+ 35:22:34:03:0f:d4:5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:
+ 7d:0d:18:12:a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:
+ 92:6c:55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18:
+ a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d:7a:39:
+ c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9:5f:c4:3d:cb:
+ 81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2:fb:ab:c6:0e:a2:01:
+ 8b:a1:42:73:de:96:29:3e:bf:d7:d9:51:a7:d4:98:07:7f:f0:
+ f4:cd:00:a1:e1:ac:6c:05:ac:ab:93:1b:b0:5c:2c:13:ad:ff:
+ 27:dc:80:99:34:66:bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:
+ 28:61:5e:bd
+-----BEGIN CERTIFICATE-----
+MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1
+ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC
+kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV
+HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA
+FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
+BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef
+GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX
+ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L
+gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t
+170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt
+/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost0h-sv.csr b/tests/certs/Server-localhost0h-sv.csr
new file mode 100644
index 000000000..a4fe98fa7
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy
+Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Zzu06sCFtMNWwaSWIzb1xneq
+reXB3c7BmpcH3RaQ6/A4tZVrpg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9z
+UWguGgrFBTnKPcqD7Qf+rrdzHWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJX
+R+Sp37+LvMBGM1p7hwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAbQKEjIglh6El
+8gIh/qRbb5Z89LWPGFRrAIItgG33WVJd61pn4YjO/ugJOtYQYHwxRxUQVjfaGb17
+fTLXzgTu5WJowa7m2DPXgPbw4okUhu5m3Zdum6j5QMu2mfAbTnuS7U4UwLR9C8mV
+rKu+oBCYIgWWybVOoqssJAnjj4r/R/c=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost0h-sv.der b/tests/certs/Server-localhost0h-sv.der
new file mode 100644
index 000000000..b8e6f5955
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.der
Binary files differ
diff --git a/tests/certs/Server-localhost0h-sv.dhp b/tests/certs/Server-localhost0h-sv.dhp
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.dhp
diff --git a/tests/certs/Server-localhost0h-sv.key b/tests/certs/Server-localhost0h-sv.key
new file mode 100644
index 000000000..ca5cd3b39
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC+Zzu06sCFtMNWwaSWIzb1xneqreXB3c7BmpcH3RaQ6/A4tZVr
+pg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9zUWguGgrFBTnKPcqD7Qf+rrdz
+HWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJXR+Sp37+LvMBGM1p7hwIDAQAB
+AoGAdpisqvrR4jZ+uaoyD0Zt9FajsQ9SHhg/sX3N9xrx9GDRpzELmhq8jqHQ0QKA
+AwHBmwwY1jeXCJAxv5/V5v1MCdamVSQbjkKBmmBrE/J70sZMqxkFbu0h9Bx8p4UB
+SWpKgZTF9R3ZKKZoGS6hlzvhJeAy1atApzVz9xVTSwAL/2kCQQDhPMREu8AtfxFI
+5BedSk2yIyW0EcO2WW5V5+bmekBgiAFc9iB7ulCuwBK7UQDIvYLfklxWc2CzuP50
+nLo32UNVAkEA2GiFdKJuP+32FfE3jK3CL3vTgZbd0ArbhJdBidHlJYr/EU6etxAr
+aYli1dP/qeiehNuhefqWHRlOUPkE6mv7awJAdpRuZB1QbONz7yMeh5Gh3AIDDI05
+s1vb6eBAQODl2axgw1dU/K63YXj/o5xexFB5gUjl0iHGLHhdhnko1NROTQJAMfQu
+mjXEbU1ouLftsrOJV5ylvgwtN5DKC1k+76lb08a6Ciyzxl4dJ0dnYSSGp5nivZhV
+Ner6K81jnp1c3R//8QJBAKe0fNhTAoOoE/YTeE4K4lpXvow2jMyhdBwyaZtHmcQ2
+z8UpojKrNQ87WISUDRqlIy2ze3RZCgCy0LBnxr66Whg=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost0h-sv.p12 b/tests/certs/Server-localhost0h-sv.p12
new file mode 100644
index 000000000..82e03c785
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.p12
Binary files differ
diff --git a/tests/certs/Server-localhost0h-sv.pem b/tests/certs/Server-localhost0h-sv.pem
new file mode 100644
index 000000000..e74193ccb
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.pem
@@ -0,0 +1,122 @@
+extensions = x509v3
+[ x509v3 ]
+#subjectAltName = DNS:localhost\0h
+subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = critical,CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost
+
+[something]
+# The key
+# the certificate
+# some dhparam
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC+Zzu06sCFtMNWwaSWIzb1xneqreXB3c7BmpcH3RaQ6/A4tZVr
+pg+5c059glerX7W6XKBIjIJ3/WfYU0RhhqUGGb9zUWguGgrFBTnKPcqD7Qf+rrdz
+HWDdq54OfgLzaEKTJ8hfxfrLqYQGL/Nmvd59KYJXR+Sp37+LvMBGM1p7hwIDAQAB
+AoGAdpisqvrR4jZ+uaoyD0Zt9FajsQ9SHhg/sX3N9xrx9GDRpzELmhq8jqHQ0QKA
+AwHBmwwY1jeXCJAxv5/V5v1MCdamVSQbjkKBmmBrE/J70sZMqxkFbu0h9Bx8p4UB
+SWpKgZTF9R3ZKKZoGS6hlzvhJeAy1atApzVz9xVTSwAL/2kCQQDhPMREu8AtfxFI
+5BedSk2yIyW0EcO2WW5V5+bmekBgiAFc9iB7ulCuwBK7UQDIvYLfklxWc2CzuP50
+nLo32UNVAkEA2GiFdKJuP+32FfE3jK3CL3vTgZbd0ArbhJdBidHlJYr/EU6etxAr
+aYli1dP/qeiehNuhefqWHRlOUPkE6mv7awJAdpRuZB1QbONz7yMeh5Gh3AIDDI05
+s1vb6eBAQODl2axgw1dU/K63YXj/o5xexFB5gUjl0iHGLHhdhnko1NROTQJAMfQu
+mjXEbU1ouLftsrOJV5ylvgwtN5DKC1k+76lb08a6Ciyzxl4dJ0dnYSSGp5nivZhV
+Ner6K81jnp1c3R//8QJBAKe0fNhTAoOoE/YTeE4K4lpXvow2jMyhdBwyaZtHmcQ2
+z8UpojKrNQ87WISUDRqlIy2ze3RZCgCy0LBnxr66Whg=
+-----END RSA PRIVATE KEY-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 0b:5d:0a:87:0d:09
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = Nothern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 4 22:07:33 2009 GMT
+ Not After : Oct 21 22:07:33 2017 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+ commonName = localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:
+ 36:f5:c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:
+ 16:90:eb:f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:
+ 57:ab:5f:b5:ba:5c:a0:48:8c:82:77:fd:67:d8:53:
+ 44:61:86:a5:06:19:bf:73:51:68:2e:1a:0a:c5:05:
+ 39:ca:3d:ca:83:ed:07:fe:ae:b7:73:1d:60:dd:ab:
+ 9e:0e:7e:02:f3:68:42:93:27:c8:5f:c5:fa:cb:a9:
+ 84:06:2f:f3:66:bd:de:7d:29:82:57:47:e4:a9:df:
+ bf:8b:bc:c0:46:33:5a:7b:87
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+ Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 0C:37:A3:DB:0F:73:B3:38:8A:69:D3:6E:B3:A7:D6:D8:77:4E:DA:67
+ X509v3 Authority Key Identifier:
+ keyid:12:6B:24:D2:4A:68:B7:A1:B0:1C:CD:BF:D6:4C:CC:40:5B:7F:E0:40
+
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31:fa:2f:
+ 7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9:e6:cf:c8:77:
+ bd:85:16:d7:9f:18:52:78:3f:ea:9c:86:62:6e:db:90:b0:cd:
+ f1:c1:6f:2d:87:4a:a0:be:b3:dc:6d:e4:6b:d1:da:b9:10:25:
+ 7e:35:1f:1b:aa:a7:09:2f:84:77:27:b0:48:a8:6d:54:57:38:
+ 35:22:34:03:0f:d4:5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:
+ 7d:0d:18:12:a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:
+ 92:6c:55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18:
+ a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d:7a:39:
+ c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9:5f:c4:3d:cb:
+ 81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2:fb:ab:c6:0e:a2:01:
+ 8b:a1:42:73:de:96:29:3e:bf:d7:d9:51:a7:d4:98:07:7f:f0:
+ f4:cd:00:a1:e1:ac:6c:05:ac:ab:93:1b:b0:5c:2c:13:ad:ff:
+ 27:dc:80:99:34:66:bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:
+ 28:61:5e:bd
+-----BEGIN CERTIFICATE-----
+MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv
+BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1
+ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC
+kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV
+HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA
+FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
+BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef
+GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX
+ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L
+gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t
+170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt
+/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost0h-sv.prm b/tests/certs/Server-localhost0h-sv.prm
new file mode 100644
index 000000000..5e8944b31
--- /dev/null
+++ b/tests/certs/Server-localhost0h-sv.prm
@@ -0,0 +1,26 @@
+extensions = x509v3
+[ x509v3 ]
+#subjectAltName = DNS:localhost\0h
+subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = critical,CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost
+
+[something]
+# The key
+# the certificate
+# some dhparam
diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh
new file mode 100755
index 000000000..85425a8c5
--- /dev/null
+++ b/tests/certs/scripts/genroot.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009
+# Author: Peter Sylvester
+
+# "libre" for integration with curl
+
+OPENSSL=openssl
+if [ -f /usr/local/ssl/bin/openssl ] ; then
+OPENSSL=/usr/local/ssl/bin/openssl
+fi
+
+USAGE="echo Usage is genroot.sh \<name\>"
+
+HOME=`pwd`
+cd $HOME
+
+KEYSIZE=2048
+DURATION=6000
+
+PREFIX=$1
+if [ ".$PREFIX" = . ] ; then
+ echo No configuration prefix
+ NOTOK=1
+else
+ if [ ! -f $PREFIX-ca.prm ] ; then
+ echo No configuration file $PREFIX-ca.prm
+ NOTOK=1
+ fi
+fi
+
+if [ ".$NOTOK" != . ] ; then
+ echo "Sorry, I can't do that for you."
+ $USAGE
+ exit
+fi
+
+GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
+SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
+
+echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
+
+echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
+$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
+
+echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "
+
+$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1
+
+echo "openssl x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline"
+$OPENSSL x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline
+
+echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der "
+$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der
+
+echo "openssl x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline"
+
+$OPENSSL x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline
+
+echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline"
+$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline
+
+#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout
diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh
new file mode 100755
index 000000000..13caf1a6a
--- /dev/null
+++ b/tests/certs/scripts/genserv.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009
+# Author: Peter Sylvester
+
+# "libre" for integration with curl
+
+OPENSSL=openssl
+if [ -f /usr/local/ssl/bin/openssl ] ; then
+ OPENSSL=/usr/local/ssl/bin/openssl
+fi
+
+USAGE="echo Usage is genserv.sh <prefix> <caprefix>"
+
+HOME=`pwd`
+cd $HOME
+
+KEYSIZE=1024
+DURATION=3000
+
+REQ=YES
+P12=NO
+DHP=NO
+
+PREFIX=$1
+if [ ".$PREFIX" = . ] ; then
+ echo No configuration prefix
+ NOTOK=1
+else
+ if [ ! -f $PREFIX-sv.prm ] ; then
+ echo No configuration file $PREFIX-sv.prm
+ NOTOK=1
+ fi
+fi
+
+CAPREFIX=$2
+if [ ".$CAPREFIX" = . ] ; then
+ echo No CA prefix
+ NOTOK=1
+else
+ if [ ! -f $CAPREFIX-ca.cacert ] ; then
+ echo No CA certficate file $PREFIX-ca.caert
+ NOTOK=1
+ fi
+ if [ ! -f $CAPREFIX-ca.key ] ; then
+ echo No $CAPREFIX key
+ NOTOK=1
+ fi
+fi
+
+if [ ".$NOTOK" != . ] ; then
+ echo "Sorry, I can't do that for you."
+ $USAGE
+ exit
+fi
+
+if [ ".$SERIAL" = . ] ; then
+ GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
+ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
+fi
+
+echo SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
+
+if [ "$DHP." = YES. ] ; then
+ echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE"
+ $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE
+fi
+
+if [ "$REQ." = YES. ] ; then
+ echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX"
+ $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret
+fi
+
+echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
+$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
+echo pseudo secrets generated
+read
+
+echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"
+
+$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1
+
+if [ "$P12." = YES. ] ; then
+
+ echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
+
+ $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
+
+ read
+fi
+
+echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
+$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
+
+echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
+$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
+read
+
+# all together now
+touch $PREFIX-sv.dhp
+cat $PREFIX-sv.prm $PREFIX-sv.key $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem
+chmod o-r $PREFIX-sv.prm
+
+echo "$PREFIX-sv.pem done"
+
+
diff --git a/tests/data/test310 b/tests/data/test310
new file mode 100644
index 000000000..005f71310
--- /dev/null
+++ b/tests/data/test310
@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+MooMoo
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+https Server-localhost-sv.pem
+</server>
+ <name>
+simple HTTPS GET
+ </name>
+ <command>
+--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/310
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /310 HTTP/1.1
+Host: localhost:%HTTPSPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test311 b/tests/data/test311
new file mode 100644
index 000000000..cd51fff74
--- /dev/null
+++ b/tests/data/test311
@@ -0,0 +1,38 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+https Server-localhost0h-sv.pem
+</server>
+ <name>
+HTTPS wrong subjectAltName but right CN
+ </name>
+ <command>
+--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/311
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+51
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test312 b/tests/data/test312
new file mode 100644
index 000000000..5adb1e352
--- /dev/null
+++ b/tests/data/test312
@@ -0,0 +1,38 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP GET
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+https Server-localhost.nn-sv.pem
+</server>
+ <name>
+HTTPS GET to localhost and null-prefixed CN cert
+ </name>
+ <command>
+--cacert certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/312
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+51
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/httpsserver.pl b/tests/httpsserver.pl
index fa9fde5db..e20819c69 100644
--- a/tests/httpsserver.pl
+++ b/tests/httpsserver.pl
@@ -28,6 +28,8 @@ my $srcdir=$path;
my $proto='https';
+my $stuncert;
+
while(@ARGV) {
if($ARGV[0] eq "-v") {
$verbose=1;
@@ -51,6 +53,10 @@ while(@ARGV) {
$srcdir=$ARGV[1];
shift @ARGV;
}
+ elsif($ARGV[0] eq "-c") {
+ $stuncert=$ARGV[1];
+ shift @ARGV;
+ }
elsif($ARGV[0] =~ /^(\d+)$/) {
$port = $1;
}
@@ -58,7 +64,9 @@ while(@ARGV) {
};
my $conffile="$path/stunnel.conf"; # stunnel configuration data
-my $certfile="$srcdir/stunnel.pem"; # stunnel server certificate
+my $certfile="$srcdir/"
+ . ($stuncert?"certs/$stuncert":"stunnel.pem"); # stunnel server certificate
+
my $pidfile="$path/.$proto.pid"; # stunnel process pid file
# find out version info for the given stunnel binary
@@ -107,6 +115,19 @@ else {
if($verbose) {
print uc($proto)." server: $cmd\n";
+
+ print "
+ CApath = $path
+ cert = $certfile
+ pid = $pidfile
+ debug = 0
+ output = /dev/null
+ foreground = yes
+
+ [curltest]
+ accept = $port
+ connect = $target_port
+ ";
}
my $rc = system($cmd);
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 2b6dda8fa..be20a63ab 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -878,7 +878,7 @@ sub runhttpserver {
# start the https server (or rather, tunnel)
#
sub runhttpsserver {
- my ($verbose, $ipv6) = @_;
+ my ($verbose, $ipv6, $parm) = @_;
my $STATUS;
my $RUNNING;
my $ip = $HOSTIP;
@@ -906,6 +906,7 @@ sub runhttpsserver {
unlink($pidfile);
my $flag=$debugprotocol?"-v ":"";
+ $flag .= " -c $parm" if ($parm);
my $cmd="$perl $srcdir/httpsserver.pl $flag -p https -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT";
my ($httpspid, $pid2) = startnew($cmd, $pidfile, 15, 0);
@@ -2541,8 +2542,10 @@ sub startservers {
my @what = @_;
my ($pid, $pid2);
for(@what) {
- my $what = lc($_);
+ my (@whatlist) = split(/\s+/,$_);
+ my $what = lc($whatlist[0]);
$what =~ s/[^a-z0-9-]//g;
+
if($what eq "ftp") {
if(!$run{'ftp'}) {
($pid, $pid2) = runftpserver("", $verbose);
@@ -2644,8 +2647,8 @@ sub startservers {
printf ("* pid http => %d %d\n", $pid, $pid2) if($verbose);
$run{'http'}="$pid $pid2";
}
- if(!$run{'https'}) {
- ($pid, $pid2) = runhttpsserver($verbose);
+ if(1 || !$run{'https'}) { # QD to restart always conf file may change
+ ($pid, $pid2) = runhttpsserver($verbose,"",$whatlist[1]);
if($pid <= 0) {
return "failed starting HTTPS server (stunnel)";
}
@@ -2743,6 +2746,7 @@ sub serverfortest {
for (@what) {
my $proto = lc($_);
chomp $proto;
+ $proto =~ s/\s.*//g; # take first word
if (! grep /^$proto$/, @protocols) {
if (substr($proto,0,5) ne "socks") {
return "curl lacks $proto support";