test: add makefile for creating test certificates

certdir/Makefile

@@ -0,0 +1,69 @@
+ROOT_CA_PASSWORD=ssl_ca_pwd
+PK8_PASSWORD=sslpwd
+P12_PASSWORD=sslpwd
+SERVER_CRT_DIR=server/
+
+all : $(SERVER_CRT_DIR)root.key $(SERVER_CRT_DIR)root.crt $(SERVER_CRT_DIR)server.crt goodroot.crt goodclient badclient
+
+goodclient: goodclient.crt goodclient.pk8 goodclient.p12
+
+badclient: badclient.crt badclient.pk8 badclient.p12
+
+.PHONY: clean
+clean:
+	@echo Removing certificate files
+	@rm -f *.crt *.key *.csr *.srl *.p12 *.pk8
+	@rm -rf $(SERVER_CRT_DIR)*.crt $(SERVER_CRT_DIR)*.key $(SERVER_CRT_DIR)*.csr $(SERVER_CRT_DIR)*.srl $(SERVER_CRT_DIR)*.p12 $(SERVER_CRT_DIR)*.pk8
+	@echo
+
+%.pk8 : %.key
+	@echo Exporting key $@
+	openssl pkcs8 -topk8 -in $< -out $@ -outform DER -v1 PBE-MD5-DES -passout pass:$(PK8_PASSWORD)
+
+%.p12 : %.crt
+	@echo Exporting certificate $@
+	openssl pkcs12 -export -in $< -inkey $*.key -out $@ -name user -CAfile $(SERVER_CRT_DIR)root.crt -caname local -passout pass:$(P12_PASSWORD)
+
+%root.key :
+	@echo Generating CA key $@
+	mkdir -p $(*D)
+	openssl genrsa -aes256 -passout pass:$(ROOT_CA_PASSWORD) -out $@ 4096
+	@echo
+
+goodroot.crt : $(SERVER_CRT_DIR)
+	cp $(SERVER_CRT_DIR)root.crt goodroot.crt
+
+%root.crt : %root.key
+	@echo Creating root certificate $@
+	openssl req -x509 -new -nodes -key $< -passin pass:$(ROOT_CA_PASSWORD) -sha256 -days 1024 -out $@ -subj "/C=US/ST=CA/O=PgJdbc test/CN=root certificate"
+	@echo
+
+
+$(SERVER_CRT_DIR)server.crt : $(SERVER_CRT_DIR)root.key $(SERVER_CRT_DIR)root.crt
+	$(eval $@_CERT_FILE := $(SERVER_CRT_DIR)server)
+	@echo Creating good client certificate $@
+	openssl genrsa -out $($@_CERT_FILE).key 2048
+	openssl req -new -sha256 -key $($@_CERT_FILE).key -passin pass:$(ROOT_CA_PASSWORD) -subj "/C=US/ST=CA/O=PgJdbc tests/CN=localhost" -out $($@_CERT_FILE).csr
+	openssl x509 -req -in $($@_CERT_FILE).csr -CA $(SERVER_CRT_DIR)root.crt -CAkey $(SERVER_CRT_DIR)root.key -passin pass:$(ROOT_CA_PASSWORD) -CAcreateserial -out $($@_CERT_FILE).crt -days 500 -sha256
+	@rm $($@_CERT_FILE).csr
+	@echo
+
+goodclient.crt goodclient.key : $(SERVER_CRT_DIR)root.key $(SERVER_CRT_DIR)root.crt
+	$(eval $@_CERT_FILE := goodclient)
+	@echo Creating good client certificate $@
+	openssl genrsa -out $($@_CERT_FILE).key 2048
+	# CN=test has to match user name
+	openssl req -new -sha256 -key $($@_CERT_FILE).key -subj "/C=US/ST=CA/O=PgJdbc tests/CN=test" -out $($@_CERT_FILE).csr
+	openssl x509 -req -in $($@_CERT_FILE).csr -CA $(SERVER_CRT_DIR)root.crt -CAkey $(SERVER_CRT_DIR)root.key -passin pass:$(ROOT_CA_PASSWORD) -CAcreateserial -out $($@_CERT_FILE).crt -days 500 -sha256
+	@rm $($@_CERT_FILE).csr
+	@echo
+
+badclient.crt badclient.key : badroot.key badroot.crt
+	$(eval $@_CERT_FILE := badclient)
+	@echo Creating bad client certificate $@
+	openssl genrsa -out $($@_CERT_FILE).key 2048
+	# CN=test has to match user name
+	openssl req -new -sha256 -key $($@_CERT_FILE).key -subj "/C=US/ST=CA/O=PgJdbc tests/CN=test" -out $($@_CERT_FILE).csr
+	openssl x509 -req -in $($@_CERT_FILE).csr -CA badroot.crt -CAkey badroot.key -passin pass:$(ROOT_CA_PASSWORD) -CAcreateserial -out $($@_CERT_FILE).crt -days 500 -sha256
+	@rm $($@_CERT_FILE).csr
+	@echo

certdir/README.md

@@ -22,35 +22,8 @@ In order to configure PostgreSQL for SSL tests, the following changes should be
 * Uncomment enable_ssl_tests=true in ssltests.properties
 * The username for connecting to postgres as specified in build.local.properties tests has to be "test".
 
-This directory contains example certificates generated by the following
-commands:
+The certificates are generated with Makefile.
 
-openssl req -x509 -newkey rsa:1024 -days 3650 -keyout goodclient.key -out goodclient.crt
-#Common name is test, password is sslpwd
-
-openssl req -x509 -newkey rsa:1024 -days 3650 -keyout badclient.key -out badclient.crt
-#Common name is test, password is sslpwd
-
-openssl req -x509 -newkey rsa:1024 -days 3650 -nodes -keyout badroot.key -out badroot.crt
-#Common name is localhost
-rm badroot.key
-
-openssl pkcs8 -topk8 -in goodclient.key -out goodclient.pk8 -outform DER -v1 PBE-MD5-DES
-
-openssl pkcs8 -topk8 -in badclient.key -out badclient.pk8 -outform DER -v1 PBE-MD5-DES
-
-cp goodclient.crt server/root.crt
-
-cd server
-
-openssl req -x509 -newkey rsa:1024 -nodes -days 3650 -keyout server.key -out server.crt
-
-cp server.crt ../goodroot.crt
-
-#Common name is localhost, no password
-
-#PKCS12
-
-Create the goodclient.p12 file with
-
-openssl pkcs12 -export -in goodclient.crt -inkey goodclient.key -out goodclient.p12 -name local -CAfile client_ca.crt -caname local
+* To remove all certificates: `make clean`
+* To generate certificatess: `make all`
+* To update a single certificate: remove the file, and execute `make all`

certdir/badclient.crt

@@ -1,18 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIC3jCCAkegAwIBAgIJAIHg5fMq+z8aMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBHRlc3QwHhcNMTExMTEwMjE0MjI3WhcN
-MjExMTA3MjE0MjI3WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
-ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDEwR0
-ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbMINU6XwQ/0OSQ4xYRp0o
-gYzzsaaGgZjBZEpRMCZkB+TPUD/yxDpyfcknsvsBQPQ0bqLLS9yqf5iS26jHGd4U
-/nInOy5rjIKEbJMUgkbNWiuVl5q1K+GFuTEpjpdLI9NH5X+jL1CxH/h8+j8Mr2iX
-s4C2gIFu6povShJiIwBNBQIDAQABo4G3MIG0MB0GA1UdDgQWBBQ6L/fB+7uwDN9q
-T5Do9X4GIbJnxDCBhAYDVR0jBH0we4AUOi/3wfu7sAzfak+Q6PV+BiGyZ8ShWKRW
-MFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
-bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBHRlc3SCCQCB4OXzKvs/
-GjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKq2Q+aE5eC04gW58pAt
-pobnL/2L0JHCeLPsv0k/1vjulzjBuphbwaibZtiYWZSDKWL8Dvsg+khq7rEIY0W6
-xXGw5y2scRlCukQvseIxbHUoyOCAWJnoqr7d8MyxP2GlpqSDXHk9wEywZ/6f89oN
-yudtXjoYuW8157tmvrX3D1yd
+MIIEEjCCAfoCFBrHU9NbhHp2sM0sVwcQtK0+b/TVMA0GCSqGSIb3DQEBCwUAMEsx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UECgwLUGdKZGJjIHRlc3Qx
+GTAXBgNVBAMMEHJvb3QgY2VydGlmaWNhdGUwHhcNMjAwMjEyMjIxNTM4WhcNMjEw
+NjI2MjIxNTM4WjBAMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAoM
+DFBnSmRiYyB0ZXN0czENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANRuNLHPeanP1kCMqoFR6ovvtD5Z9XCj8ZQHNWI7Xfs9JBd4
+KeF+hYlQ9oECI4I8By1lxx1YhEtpfu8pokekc+TBPnxLlmZDGbLJ0ZTmw+MRZ56f
+Frnzre1yCB8BiZRxdW9iqHuWntGfnKNdOVWP5JYa2y/2HetB3LQFql5CtRffOcVP
+4nrIZVmvNr+xh0o2DIcoAuLm80Bg1aDMbiJWP9C/4kJp7+SFCcGbOa8GftL8jcj5
+nbTGtjCDmViAF3TozfOJahaO2AQtD9mBXIECrd0ce3reO6aviTF08t/m1O2Qwdvd
+xAvNQgr6bWa0uCxHMmhzpxj+0m22aco5dJ/h610CAwEAATANBgkqhkiG9w0BAQsF
+AAOCAgEAIH6tchU76zbdl0C9enJUBa08rMmzdJ73aUm1n8wSE9M4gQSfiN5JNJsa
+9/pdpYzKcJYigSiRcmZR1ltZptu+tPuf8f6XW5ayamCifuKoxi+Z5sLLzD8J604y
+nujotuAq81OoS3ujPB+RyNgrWHfphFJsDTeJPFbyhzUUwrhiiGOx9RGhffYfZmkr
+3XdXJqQBak89aJaSLWJ2fyAMSc/ec4DgwAVr5mZ3F/ISiChgZ5oTGoooNZkI67yA
+Tkh0iN+9Vo6j/gtD2zgL40I/nQP8kRw/9gNRd+ljTts38r3AfDtXsl1H6kN9MYFf
+X761UI/aZgGa9GGgnh0+YK1Dd3BXZDtoV3r8Gl2iL0Mg+3syrYGVHwMFJ9ggEB9s
+QUhcKR07NxMWUmM0vF4Mp2zMZD1lRc5L+5TgeVYjSoADj1UWAeyJCVJWG/iv3i7h
+SRe/Je4c2fTw99zs4HZY6QQVF+D5iVBM+kCm5DPNCVHQb4oHejeCBMmgac+YpQ6s
+IgFCBmW0RaW51eqWHsy+/BnEZAZwgw7mU3Y2oWHFE5JJ2Qto2EXDcYfefLQyzGtS
+Bd1TMQybJ59VkGpsVc2Im/pJmA5w/8dxjwlewHuQGY/mf9xGe4bVQMY8lT2lCEra
++QZ4DjFH8SaeULU7QLxHJZ+xrAs0IvpSr9XC0Kcl+Oo5GY65NWw=
 -----END CERTIFICATE-----

certdir/badclient.key

@@ -1,18 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,95718EE22B89E019
-
-78LEg7uq4krPR3C1sQVCiQsPIXroyoDzPHBFmI+ipEJq7obFACK9KROfUAaMlca8
-ZR1UhtQHCPK4TOG1qKjn8lxeKGLZA25Lcilw6QvZCfNyBa6JUp3cdwzUSv7/qE/Y
-d/wlVAq71JbOmYsbEwunZlq+DO1AaL91N/2ANgSSC85uR0dye0iZ1C0OZzawMXkd
-wXRrXb8c8RCH2gQ6V4aMartTZ/DQznA59+NEUYln5IMP4joRM0TTpcuv6oCq1UUw
-o7xEQcwfBB0tKayxkBfgp8Jvrghzw0usSFt4ad9I4DF/V2izojZgYsnT7yGqsop6
-7jmPR9llYhDQIZd0V4NZziiRF2Dt/lyG0iUPZq5vlhLaI59FzMAxVSAJP6DrUHQD
-L76TeGpQm2LRqWliDc+3AMTCKv0TP1IPbIWJrnLxnNf/C29adO+VSeQEQ0+tBU+/
-DE2GVsQ/xul+QyCwXiOce0pfERLuGjSu/kRa1ylAlrdH4+6vBD0ewuXXHv0eTSxB
-Vi0vde5a9PzPUMUBkg6PS7IDYJmKm04fFPxx3y8GMlzbZYOYjTepkYMbayekybGK
-fHVk9Z3lW5yzegaz8iJu/8le6Kn4Ox21FRG45domu1T+8eJuXPoiBUb290SUVuxh
-VTQWhCA8ElmVCYfrbSnYL3naeqVL+Oc6by3VVhvgiqUuXQTZvKN7mkUOhiNbpz2H
-iGLwlRj6wXEaS0qLb9NQc9H9Vv6ftj7UPa4FkiJjWhUW0WkA5sqtOKMjLzpsIZtR
-dFb26NE65tk0lrywQrzMBFM6fk90VrMYyvwukZIJIKRLCBQaG24PLQ==
+MIIEpAIBAAKCAQEA1G40sc95qc/WQIyqgVHqi++0Pln1cKPxlAc1Yjtd+z0kF3gp
+4X6FiVD2gQIjgjwHLWXHHViES2l+7ymiR6Rz5ME+fEuWZkMZssnRlObD4xFnnp8W
+ufOt7XIIHwGJlHF1b2Koe5ae0Z+co105VY/klhrbL/Yd60HctAWqXkK1F985xU/i
+eshlWa82v7GHSjYMhygC4ubzQGDVoMxuIlY/0L/iQmnv5IUJwZs5rwZ+0vyNyPmd
+tMa2MIOZWIAXdOjN84lqFo7YBC0P2YFcgQKt3Rx7et47pq+JMXTy3+bU7ZDB293E
+C81CCvptZrS4LEcyaHOnGP7SbbZpyjl0n+HrXQIDAQABAoIBAQC/Z1UfaVur/9KC
+crwmrVJyJ9b130Rg67b9s8kL64Xwm9RrOSAzRza21TZmYzDvZXrqEqxn6pu4/yMa
+Bx9rAehSkzPj9o9bMNZ025d1XL/fVo1QxPNLNR7ftUFP/qiiEeDILdK1GK+dHP2b
+zKGeUHqcLTKVcmLe2IctxXUOXXiiOiFbiahxBKWv69sCddTCqhCKYpbRwkUaMdRS
+kswd7+cx9MvG9FfU0fAwr4ly/hcL/XSkwKC7QgxOZzYheHPoNDp2crK2RDeS+ouW
+bNQ6Q+V3ddwdC8YGLyjEhSeKsGc2ep+gSSKPA3/b0zviX53h/r0ovXwlH6GRFzkm
+pZtxBahZAoGBAPJig/L3B/dZhg/xNGwOzpATyBq6kIZp0R3e9Ca+5dzHOS+Kp/L7
+FO60CiGLZctS8rv+Iysqk9wJBDoLrfsx+IegY849/xMsD4b7VEfjCapKp9vkBPph
+bZ17OBBfswvYVLceoP8jc9Gan7/Je75Q5fV0COC8Xjw4r1IpNJskrvhTAoGBAOBc
+8r7RSc3MwS/U0sIUH22WWNXIdAOk6M5gic6Iv6Pb/y1xXElvBvGskdtSN4sy4pCb
+ENQ0x+/JGA0FiXztZv+jlEaIE680sOgcQ7vpcyzqmGZ0YijNX1YGEYx68ri58Ts9
+G703VGx/JnTQi84ooeGYPuFeP+o/kVghWXc5G1ePAoGAePBm3ggcVXK5zaKQgYox
+zvnP0mZcTnTl/n2MXPjLQIm3It2QR1C4dRIoK+yd8gGFU//OFG++Lv/guAWz3a5l
+T2bb5cBRUYOei79DokrKO8ncT39KbJPIWddtdd4KPFLIkkYaFrPdyivYoZ0qvR8o
+XnxzIY9bhbjS4a/lq7N2CjkCgYAdJ3bTnNZ+S5D+6iTI21yKHPNGNFn+7zrhNmIx
+2Esuu7OY8BYR5L9+P/JkEXbuO5p9N+kj6gfg/LyHVKTc+uxbY6Is2BnWtn4WazXS
+AS/aMlHDXnQy4Rz2TKuTGZbYsjDKhdJI8BukTZFttHu2Okluyx3Ao0Ki6ce1MAA0
+IdOPuQKBgQChf/xz0xpgoB17WQO/RNBY2OanjA5rtwYby4T+XjKeSTWtslUIZNTu
+J5VZt8dzmNthwoBoyaH/wxA0KoP06qEC5eRN93PtNvW+dDITm5EbanHrCwBUj445
+3sCZFmHgZ1uLQKnyROSwu5UiJfBi9OidiF6rGu14iJOXFQPR0pgDoQ==
 -----END RSA PRIVATE KEY-----

certdir/badroot.crt

@@ -1,18 +1,32 @@
 -----BEGIN CERTIFICATE-----
-MIIC7zCCAligAwIBAgIJANwlio9cWdoXMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMTExMTAyMTQy
-NTdaFw0yMTExMDcyMTQyNTdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
-LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
-BAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA055WKnuQ
-i6RPdI3LEtx8ztXV7BuiYihPXCRYUahLyF4TAzNGfmqsdQhqUlqzr1P+nlqxh8sm
-hZGS4NtGPaEjrbPgsBsTVg0XBKpH5yf2RIhBtvAaDG+cCFBjM+LJGzc4we59JkB6
-n1a/22iSFsCAm+BFBwHk6FqF7u2gGSUOrI0CAwEAAaOBvjCBuzAdBgNVHQ4EFgQU
-rw3IpiBN56GCi44/goVmHlZdmJswgYsGA1UdIwSBgzCBgIAUrw3IpiBN56GCi44/
-goVmHlZdmJuhXaRbMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxv
-Y2FsaG9zdIIJANwlio9cWdoXMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAa08IbYDJsgc45mYG/mviionvhBGs9BS2YapZDIREc/vd0W4FIzHXh5oTJAdF
-fkPjvHoczPuzGX8EKMBjANPs7h4Cd5xKSSE2Su+QwmZOxVg6eIeQwVZsY7SZFmkC
-Y2XwdxWvk3VzLdjgj/McmSBp4/aJUGRP6f5ehnR4B1ykVss=
+MIIFdzCCA1+gAwIBAgIUbj8F0il3g59jSOi60A/xzVkFRPcwDQYJKoZIhvcNAQEL
+BQAwSzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQKDAtQZ0pkYmMg
+dGVzdDEZMBcGA1UEAwwQcm9vdCBjZXJ0aWZpY2F0ZTAeFw0yMDAyMTIyMjE1Mzha
+Fw0yMjEyMDIyMjE1MzhaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIG
+A1UECgwLUGdKZGJjIHRlc3QxGTAXBgNVBAMMEHJvb3QgY2VydGlmaWNhdGUwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfvDvQ38M5p8DtAwrhEAU9OFkS
+RfLNOJFs+No8RnytCSoXepyQLC+OwH2HFji7U9dKuiXTu8gszjKGqL/0p6S3e8cc
+WHPzGzoOCifM46kN/W9EUrD0bO47zJuRKlcoc+fa1g5v6XYHqSpFDAmdP1yRTtvo
+OG/n8/wmpOH07uc0ddEOX8oq5PE8hJJlyahaI3Vh7hCjfJ0cplnLsmmPLnD9cFM6
+snErOlWep+88eTywoylp2H7R2dBcwZfNXxuhE0RWXe7mwVCJ4yMra19mmtMgfuEF
+YqR/IuYbVu3R8uPifoR51yXxoHcEGZn/vf9NDqAFDachY2ChXiEBVHieVqPZwmEP
+jZobJEet0TG+wKQfxpLwIY982jh1QJcsvk23Mn78Et6BQQlyXC7b5WAO6RwoQXxv
+jVBViV77dEee1sp9aDrFEQjYvQYdFMhkLzakIEEoAjDPTUIFUWZDvwLjp/9mi4MZ
+/iOkQOojZCvsWOIEDjfJWIHhH23a/Ow3eFZ05J8v+AK6GkbFZz2XJCsNPMEk0Ue2
+h2ReLRNufcfN5ezM3Suwb9TWBm8CviZlYhpJkFidvf/CBRgTOP4i0yaommdGpO2F
+RfHFURwkmyDddz4hZ5qGWs/LXvRb+QHELH0yZdwhlheMBBEpjxr9FuqzNHxmAGsu
+PCmT3UcFuk6mVVduWQIDAQABo1MwUTAdBgNVHQ4EFgQUQ+IJXE1ZvTo6ArM/IHmd
+cMdGhOowHwYDVR0jBBgwFoAUQ+IJXE1ZvTo6ArM/IHmdcMdGhOowDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAnK2wP2RM2dDD3fGC0uLoGXATLZyG
+Y8Z0fuqxQA5PM7NWKhZQrOOq+1GhUU6iFSzm1ahcNQuYeAQK7x7Ulq+eIoAbdHWC
+CIXg2iyRR1sk1HANR5a8UUANfIfyriU56scDllb/bWUx4M/g1j8Z4d5u7+NlSLOb
+JP2vVnhA3fT0LA/au37spejYiKuf9XJXp9vpggJH1tnamSEgJWBsH+MfvX/MgRln
+83UU4BCAtKEAs1A4xvWp9TcKeiaObRRXFZ50y73cjxc4rAyHu+BOQemz/Lv2lsyv
+LVtU33Fo0B05qM7/vOvZweNq/U0DarCz6pgmTeXXtvkodd1NaliMkAcTWfuzGSl0
+FwWCjHtK8si8vTAVnM6Wk0NKh99JM6bJCtRx/WFhHE3PrCLIN9JpVqBPz7nDUOj5
+uOd3CvtZrx5TxZ9W06MzkZXD6YeJUEimjNeh2PE7cBrN80dQO5chCy9E2Z7my6yM
+VQkeIGXOIvKCDpQQU/f+rDmf/+LyLVzqvNZXuXIzNGFby9vG0/EUu1ejmdCNGaJ8
++uMCm99Q+i2WAbpWZiOthAtHlZH8+z6sMNxGG0Pt7ZdxV4Ea2F8tUASA6iQij3fj
+mjOACjE/wfZby5t1+rWE0KKnC94Is2WioHbJ7O6dItGMhI1BDgmYAa+DepN/DIqz
+csW5Kiyql9L0VuM=
 -----END CERTIFICATE-----

certdir/badroot.key

@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,0FD2DF610C4C6635674474640336EB8B
+
+/sqnRjDweOBzEXeTWtvXmT7MWoCvHUoyTivoFw+5XxGaocN+82fXf521zDkPDhDc
+3nTuIdKbGncor3LreVnUb9GRDnICPpWbREqP+3hGKnOOC2NsHA6CgwWrNw37HBHk
+wy2IkWGDKLikmluymfnEEy+ebVfGMVqYJGL74Yu3AuO/8n0aCI5eb6EGsfeq529Y
+q2TNtTCGsVZc2jFnroI91hsDpX+XzwdCrfSvuMasudPrmqi14PSFO0KvTwQ+uHUx
+rrbczAmc4zlnfz+cYH/95eAGKaRRSxx+iCJHsdhg57YhljkY9GdGQHQ2inXEyfXk
+4Jbnwpansd/WGStul1jUDTGY6oTyNyYCZpTqSxTcJQcMzBg4jubNEOFviO5rE6g4
+iUv8CQKeNff3adjfOdwCkqTJOfrJEfoKqt6hJMJaKvGq2V5KCm/CCSnNX1hWMEzf
+IVTw/k13L5s1MMgqNuGKMTag0TrcNCj/ZQYLEDlnpZYtSKaMQYNKdvdlteg8sy0n
+udcGUbrD0Idzcx3D5HtRGv5DRsSxWbp5+Z3gLIAlKBEG/1YhnVaISsal+xbO9rbO
+40U8l/W35O+N5CmLhXuWxRoC7bhsSP2HGYxnTQp9nIj3TM3pIaMNY5pb87VLVjmW
+Oh2JmPeTd9KKGVKu1smOzWN/vPKmAICHvAGz/tT08nq0dx3+cWRnwC6lpBZFglyn
+9mZEa3yrxjV3bmQO1XoRTIEv3cKlM1T7tJbiAH4fkCKkEbzEmqtDUaMD2gGNX2ff
+nM7ZsdHWR5rxTUf6MfMFwq+ocd+oj4aJc8kYIzxz5EsEOwpJ9AsvpmZhTStb+Sp4
+FvyRdY6VU3JqlWiCWG7k+IFR+XyG0zFLQl2PjlAOlaDpwLfo6zvcoZUM6KPOZ5HK
+HTY5K9Jm6+yvZUMdCObaa4b6ET2csI49BsnY/5EwGXM5O5IsIf2gjlJKKCIslCUB
+Kp4wAd8DsaOsdZQnkGOkvPSlUAVu6Q2reSr52mh4kK5iZrjsVC+i6qnHC2annw17
+ID6HtidE1qZ/FnXTu4imRwxvDe9KNhE7Idn0qht5uq6KCFt+Q8fiR0VxHKcZuKAX
+TfAQ5t0TR7KbeeXxqJJbrS9iDxLZBasY2NG0z13hCbKWRDY+OtNxADO1XSU3Zzny
+k96s+TtcjOIPg2npQEnLwkX2sku/7fn3BiTf6NNTqaHAYnsgZLHqVCH4H5tAD7Yf
+xFDgBB2XbpDoJQYbpndIyqbWcBCcR9m6Br8A7i4CNwrZuhf1BYWvYAV1+vSCn557
+pTivwuTkrfM2shPEkhlZmhOiElWXOlVGE/n1lTg4qeIMl7seO3g8Hdt61p4HKQYy
+MpP714XQJU3CLSYZQpZsAqLZxVXhG/3YwJz4AgXrBaj0abdlhVd5Dr0fW+rG3UMM
+Ob4a44SsgRIlGsZ7g4f0TgKqRhKcpeAGge4oEf2RKhWW3+WkjwyEXJryqv6kRAB5
+LsE7vU3+y1Yt4FOgPqeCk+ZyQfi4dsy0l2xPfHHqct/GeA9Jpq/yI82y/9+9q0Fn
+B91D06Vv7HTUbQJTWiBs+Phma0FSbEdIvjhHl2ljfgz+PiGMEomTreLbf1/ndl4j
+avmu0Y/yK2y6gsb8kRI1pWxFSk8m2NBf9hrcroYx1Q05zRSmLeFmdHtmX0v2Zc51
+fRCK8TWQ4AqW+++r42to3/Sk3aogUND5yPFJqddIyBaXHAkRW8T6gxjWgrb+xOT4
+TQrwiY4SCzo1B+rzPIzM9ulFLiaXuETN7z0vShrf5gNeqv73M4WuNz/NsrXGOJ2c
+Muf6ivr+A3wX0SdYixPkXxDjxqfLfF2RcNIjWl+EIqs4lwzIBn2MHoonR8iCTXcB
+h9Bcsawm5jL6CEqdx4kPN0Y7auoXBKSvlnu4OaOxxmxo5TpJcxLlVp5mHuWVmIvP
+QrWiuTPpn2aksrOH0Vswr3Tb7jVvSc3wosbpAznZj/GFMGKcMoL5/+JxxMie0sdO
+TkMXLyjJuuCEZhN1rsc+ni4WA425og2Q3gaB3pSx4K7gOh74RmBBmE8BHzZhzUaO
+kusRiFXGclJphYWW3w+GGIgk5ywoJMGeDn2ciKWVDL99jXmSkj5+qxqMa2Glhojc
+quiSpl9T6drDnR+5+SsLbYI8PThmpH2h1mUP5atDO4Bo2Yn8HjikNgLBhAvYWP+7
+k+5yDz+Gxtkz0on8Yzmhus4ZvzFkqwlWBe9jn2uSWMV6VSPkII3ozFj7RY6gO+N2
+/Pgwgc45PeQtD8F9SnkDEc1xeN/ADYFdK/x8QH82+VMaeF0qal/f08wrvFiFCzy+
+zw2lxKn4AEeHNM/Q05fFY9E0scHQLrGkqDzvWqTZlRHf2o56qJhGO5aD7dEnq2ws
+Uba8l8qCnNzIPlDVmE5YQwykGCcnV2tdToou12ew1LBkpL3tYJaAsxksJU1jtNL8
+PFNyjz4/xnb9VeD1oFD47FZQAHBjYiO55qZbhQk12s6IO1H8np3FXTIwPDgvN2GJ
+73fiM3rggqV6sd9XTtPexMsLGyohJY3DkMLgBNWMnD/c3LC3LylmXl+MhODJ5rFn
+GcQP19IqO+tLmietVT+ylDopeStm96/3vasdCRTxiaCDqFug/XeYa1elAMseIhdJ
+DajOEMp0VcbM3+wpjaEq2XuxwNLuXx4jrkROEfJkapY5ZamEDjLg1V/HXySAKzJ3
+ndYdSKFScs7YfQuIoMud7Cg52BRtTyYU2VloCMXYCeaH7G4pc2n5FeIHzd4PIFwB
+qYhl9z/iyiXKpFC+lelAvvSO+UCJDD2sMwk+YSyZiRl93WrZ1uVMbYod2yPdnnXs
+Q7GB16l++EXIhSy/ud0PfT8EzTL/CG3oUa5KxFuZU9of8nXY4zJR6qlBUSD04UAf
+urvi0aFIncII8inYzMC/JfGo3Br0NzA5sazC9Sw6yyIL6KDlWiG9/1u2AY6WTnLS
+h4Mawo+6JhZtgZXVlAT/9cVPLC0E4QGy/EjHOzyJyGQAtUaBtnJp5/s7leKiwtOh
+GqLnAI7i04X6T/QKyjf/bxH52afne8gYAwvIpSAVnPayvEmnkNhg27jlwnJEo7pD
+cntq/ASIo+RuFj0c1Ru42NX4jbJFOmdT1Pp7GHJbjUv/02L7vzUpe3tVZElBEOUB
+-----END RSA PRIVATE KEY-----

certdir/badroot.srl

@@ -0,0 +1 @@
+1AC753D35B847A76B0CD2C570710B4AD3E6FF4D5

certdir/goodclient.crt

@@ -1,18 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIC3jCCAkegAwIBAgIJAM9GGWA8iSiIMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBHRlc3QwHhcNMTExMTEwMjE0MTQ3WhcN
-MjExMTA3MjE0MTQ3WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
-ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDEwR0
-ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCns68NbjKQAnHCpmN6amR1
-GdtliqiXDaCjoeBPpVXNQ/ZhqinP9gnDyRPXC5kPqw5/6GqNHcYJqg+IIS8G85Rq
-t3Cs5ZL+JlEDAwd0CkD0Ey5h0oJNfN1bDhV2e/yqc831ElBGK6VItGqKopSUV2y/
-pNijOOdeMZ8GuktT+9mbAQIDAQABo4G3MIG0MB0GA1UdDgQWBBTE93pAIzHiFRFw
-IU38WhnwXm03GzCBhAYDVR0jBH0we4AUxPd6QCMx4hURcCFN/FoZ8F5tNxuhWKRW
-MFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
-bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBHRlc3SCCQDPRhlgPIko
-iDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKUsXLsp3i9Tsj1wp46R
-4IkIjwWT1bN3+JOjmA9aqwEVcxTRSStAa5kfTQwc4QSAgHK1oFPsA8gsv3sftYmZ
-MtvYrvba8cOPonuaCrvtJQMvKgv3d10S6esUGlW+5o3PVPUq5yQ7OaN5JHCDTZGS
-phuxlq7//rNjvypX2hbKUj6z
+MIIEEjCCAfoCFGeKHvYImPIGI/TzylXxoP4/g8A+MA0GCSqGSIb3DQEBCwUAMEsx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UECgwLUGdKZGJjIHRlc3Qx
+GTAXBgNVBAMMEHJvb3QgY2VydGlmaWNhdGUwHhcNMjAwMjEyMjIxNTM3WhcNMjEw
+NjI2MjIxNTM3WjBAMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAoM
+DFBnSmRiYyB0ZXN0czENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAOdbOeXK9oeRv+J7OdTqXbtdo4PdXyAozQK7gg+Vc+UwXQ/p
+IkwWawI2yPTHeER30J78L0MUtiDyXH/aYyMSoAp+LoD2LwWcm6eywzSkLFFcwPts
+OB7qCYkXXz+9E04k6Ydk/6K/Tx7mfRNDYp6UrSD+BUq+4FQ6WZhfLC2Y+pRoDArK
+RoKpxWSNXGHd5RNxEgwXqpWemoMpGuw2q7pFSO4+c1h0dznRwfYRe3d8UYBGS9L6
+b/iNuV+XT9ukhOgB3kh2OCZWSpv3JaLQwKdFTEPBZr9foD6JlTzV7kKCcGFACx3M
+CzwXhwuetNlNvUrSwQQDaAXl0EeDcQJfsxLmQHUCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAgEAQYClYu0RqhkRdG25IX8vq5h2K1/m4hNclyqYfjGKiDgJ05VRvCUVdY4z
+SQ9qb7F/aFOvMjp+0vuYbJKxAvDfmRobe9u8txrPd5Rn1Ia69EgA8D5lhFU11+/e
+lh0Tcm4EEj7bqhsAXhyt94A3YIVFr32hQKUuOWYFwPJoQfQjsRmnfhWDviocErPi
+PDWG42+313WYoYsLmWWfgKoRn4W3Ive9Qy+fG0SL3bIn4M+IDUL178TtGexxVXCD
+olHRESEE73DQ9gFPKBMGCrbZNzVZmgybfd76bdWE3ZviLH0bETc7QAEpjqHyPUXU
+bnma/KfO/8RLAZvEA/UYI0y0lTD7qmpf3J8nj4U0elBt0KOFDOyZ66gvFEopoJ24
+lQNg22q+7Nk0XX7WdcnB1e+iDvt34NVCQ4uS1hHtRyPPfObl9ebuuN8Oma2wR4VO
+HsRc5wUPn5ZMXDiTtR0cCCUDr1EGsx1sKJ9V4qtvHKmyrFnKL32dpuH9P2WVVGZf
+kabAnPDNqimeZcQ5afC3YAxn0ni19047YXrb8BZMWNJxfBz5XOmN9dCSXy40gSVi
+xijOzUF46DTkbgl2vygWaYqO5Qkn+vHOrUxlw7qJpP+Xb5NxUZRPcyaIZLegZjrX
+kQRwsCkEvllKbdFmqNz0LIjg8btPLdaOHlMhqgRcK2t41Gq0+lo=
 -----END CERTIFICATE-----