support full certificate chain PEM for cert_pem: parameter to ssl_bind

examples/puma/chain_cert/ca.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKDCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFjYS5w
+dW1hLmxvY2FsaG9zdDAeFw0yMzA2MDEwMDAwMDBaFw0yNzA2MDEwMDAwMDBaMBwx
+GjAYBgNVBAMMEWNhLnB1bWEubG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAtHILxmP3PDm0UxL6CRTqrUWf1PYmBXgoLy7tZNj3KGMQVsw0
+jeeyAUI9UimtNtgAbKVCrtC46phxwAn0c0wcPiXpckfAaF1pViXRe9WrMLmFeo47
+Uyy2uWuApuFPpHBw+baflr+h1haEYVSFwsJaIPyuuf8vh5PuvOtfdqrG+V7gve86
+Utk2NTZUIpB0oaI/DqXyBor9Ra3IucuaAKHh+Mjc61WIJhjMIgbtfl+FWuDXiYz6
+hNbXkr4LtU2hKQCD1NKZjI4I/UIPnB5Wf+cdAIiNz2UvTvEfrCTew0mtckDFsC2x
+gMpHnkuUi/ZxM5n8UwikHqtLVVmFpYCzN3idrwIDAQABo3UwczAdBgNVHQ4EFgQU
+gMSutCsZtiRRpYv73dV9KoWPd9YwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUgMSutCsZtiRRpYv7
+3dV9KoWPd9YwDQYJKoZIhvcNAQENBQADggEBAANVPJJZttOrWM4PfftJ7e2MHrM4
+f3EUtNgAsbRNw1MAvhAxaR7JjyXYYKXNkfz5H1o8V15iZvupG4jOQRRrQfgAu+JR
+ExOCoidD/uyk63kFre6OmeyjblKkuTnbrt/zBHVej+5eLqFMIQhAsHZCZn3Yrc36
+rKtoYgWgmkL1AMG830QR1uNT4NuReP/XPkdUgoJyw0YPypMjmVNczAHFcVS4jW1p
+OJx2Sp1Q4HCUY5gzXEy5wEIuuQcmQZEsxA5J2BLV6ciHuwKvI8WDqvTb0/fipcBQ
+AtK32KFAGMgaYZ7ivAiC8WcZCp5fXToEhu7F8uRd4ZJlMf2UCyQvEroTD0Y=
+-----END CERTIFICATE-----

examples/puma/chain_cert/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtHILxmP3PDm0UxL6CRTqrUWf1PYmBXgoLy7tZNj3KGMQVsw0
+jeeyAUI9UimtNtgAbKVCrtC46phxwAn0c0wcPiXpckfAaF1pViXRe9WrMLmFeo47
+Uyy2uWuApuFPpHBw+baflr+h1haEYVSFwsJaIPyuuf8vh5PuvOtfdqrG+V7gve86
+Utk2NTZUIpB0oaI/DqXyBor9Ra3IucuaAKHh+Mjc61WIJhjMIgbtfl+FWuDXiYz6
+hNbXkr4LtU2hKQCD1NKZjI4I/UIPnB5Wf+cdAIiNz2UvTvEfrCTew0mtckDFsC2x
+gMpHnkuUi/ZxM5n8UwikHqtLVVmFpYCzN3idrwIDAQABAoIBAQCwU5VwCvVoc5bj
+avLL9xWPti6GYvYqeA0Edl3iIyX54DvyJV/hnxxRoJHdfP5XTmGzyRXNUAayr77Q
+AqpOFHywuklRtA2vrkAlv5Th5px/Y3qslNoh39q6e/Nen2M88+diDPQL0jzpwF0h
+4v9GnraF74UqGdQvLv6mu3Ywtpbyy/9zkF88NnHK9687q7y1l9sbGPEtaLEQNhtN
+Y/MGrVMkdde/+w83MrPDMp2Kk1TcT3YJkY22KLc9nEDv1Qi1Gk8JYFHyiYRCPzW5
+TGdZ9B+Dn/M5TijZCqKYCqfbl3TvKDbFLNvxykbNEhVTYlN8x+y1MOqzCQ1u1Lhm
+/dXYZE/RAoGBAOkC4GlHTOXk6vEtgvSMmxPAKyz8uWxBgSgOb7sS+EetP4cI2vxK
+2L3Hycpy1s5TyrTGjPPXQ1/Mbr6W/IVTz0Xacuz/VfccrvBmaHZTCphFBEQ0mAZN
+09k3FwerWlz++N+SIhc+A2VJmiOicrBTSgLC3nOxe0vt9oSsOGcL5B+nAoGBAMY/
+hpWsPQpdZGXRZ1hh20U/AmCxd7373/2bm6Lkb11f/MfbO2sAHnIc7LGHbVvV5Y2z
+esxeWFgaBKaf7xTUJyfv+ZcS7304rzM2AXj/+ev5sOlac/4ghCy9L9W3prf6P/LC
+fEclwjNjt0mo0Ue/1/MllB4kdYX0QYEb2/vL/BK5AoGAL00eMUEAI0stRnhutSY1
+9PR1z1QecBN8HJ2RoPBg5mwNEWSCz+SBy0TbefWGFax84eXMh1OTocbmVFpiOM6i
+rRODcQkEcn2oJbUkT6Db7b1U+GOU2PLDprzAOBZY6bf43anUsdMs7Urbt5AqqBDA
+XX8hmWrWFLvh51zutjx7utECgYEAt1jbHKOt1F8pUi1Hmeruwu0SQuD+sFs4/jCi
+0RTZlg8HFsNAAaabgcgUc9+fGVcKNXIveMEsjVaKxJuXnrjS+dGsELd3fGUnS4J/
+/CspNb+4iSiZrAbglwvlKI/wBajQ6bBLBfX61FI9mkciPmxDyWEQyovHkTqkNkbQ
+veAa4ikCgYEA4+Cn2murnFcQpIx1uaF7SkBXBIUchyZW5wW2BMv433VdWH+Y6+PL
++Hjcs/Ix7MDnuHm4WTEJGmyNKw5lGdbSMdjWhnKdlfN8U3EGRcTb6QedBdFF0Bbg
+kIQduC2aFiv2CiZ+t2GHyiyV5kCW0+WGczw9fFwCUJlByhlWuXyYBAc=
+-----END RSA PRIVATE KEY-----

examples/puma/chain_cert/ca_chain.pem

@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFjYS5w
+dW1hLmxvY2FsaG9zdDAeFw0yMzA2MDEwMDAwMDBaFw0yNzA2MDEwMDAwMDBaMCYx
+JDAiBgNVBAMMG2ludGVybWVkaWF0ZS5wdW1hLmxvY2FsaG9zdDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOHKwUnnX7QXvewBtH5XAtRbhhgAIQQ14pxs
+9w3WBWY6B7zKZdkRnu/bULwP4QGHPc/YAtWSMN+1aWWm/6od3xn0AfFrzWxzMXVT
+ZTnI6aQ3emxIec3gc5Xa4+oF0SUmVZiY3U9l4Apk1d4xNnV81UzE7KpdSUqYXdS/
+Ja7T9QXFbE0/5L7Ci9luVQLyUYNiW2CmaiiC1YE9292kfZTujsKKf4Og/65U4qgF
+mfSTnIBSAHTkiF5Qo8QTx+qz55A0ue2NX3QXVZOYJMtjt8OQEWkGKP2iPFnGnd3i
+TW57THaNNzVan0A96IZv3hGVNqqlUto6L0tni+QD+3d14FDRLKMCAwEAAaN1MHMw
+HQYDVR0OBBYEFPsAsa4SCE1WrZvYs/3TKSllpTUbMA4GA1UdDwEB/wQEAwICBDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMEBTADAQH/MB8GA1UdIwQYMBaAFIDE
+rrQrGbYkUaWL+93VfSqFj3fWMA0GCSqGSIb3DQEBDQUAA4IBAQCCEJymTKz93kmQ
+Bfgj1UkVo1MC4GQAwVDJJTdEk80a3AFPuwmuwcl50rq2w4UBN9vkleKWz9ysWSrQ
+Qs5RoM08ggca1dqgzIKHH95ft0BFZixEfkAhfAcrEiBNT6H5lgJ+EcFNq1n1T435
+ow3r9P3u4FlBP4BmfpffnOFlY1cTYsEOFtDSGmBe8mNJkx2z37OAiLtSKPtkfpeq
+84haUFAvfJX/93JLsuHbrhZXTjXVGDsbITxheiqmxaN5HiFacG0Ju2USPtHAge8H
+Rz3fbPlN2Txn83ejbaHetj2zrbsd+QobPusfDRZKUcDG/CSXV7lc65+Lp0iPbCd/
+KG6q1Yf+
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKDCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFjYS5w
+dW1hLmxvY2FsaG9zdDAeFw0yMzA2MDEwMDAwMDBaFw0yNzA2MDEwMDAwMDBaMBwx
+GjAYBgNVBAMMEWNhLnB1bWEubG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAtHILxmP3PDm0UxL6CRTqrUWf1PYmBXgoLy7tZNj3KGMQVsw0
+jeeyAUI9UimtNtgAbKVCrtC46phxwAn0c0wcPiXpckfAaF1pViXRe9WrMLmFeo47
+Uyy2uWuApuFPpHBw+baflr+h1haEYVSFwsJaIPyuuf8vh5PuvOtfdqrG+V7gve86
+Utk2NTZUIpB0oaI/DqXyBor9Ra3IucuaAKHh+Mjc61WIJhjMIgbtfl+FWuDXiYz6
+hNbXkr4LtU2hKQCD1NKZjI4I/UIPnB5Wf+cdAIiNz2UvTvEfrCTew0mtckDFsC2x
+gMpHnkuUi/ZxM5n8UwikHqtLVVmFpYCzN3idrwIDAQABo3UwczAdBgNVHQ4EFgQU
+gMSutCsZtiRRpYv73dV9KoWPd9YwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUgMSutCsZtiRRpYv7
+3dV9KoWPd9YwDQYJKoZIhvcNAQENBQADggEBAANVPJJZttOrWM4PfftJ7e2MHrM4
+f3EUtNgAsbRNw1MAvhAxaR7JjyXYYKXNkfz5H1o8V15iZvupG4jOQRRrQfgAu+JR
+ExOCoidD/uyk63kFre6OmeyjblKkuTnbrt/zBHVej+5eLqFMIQhAsHZCZn3Yrc36
+rKtoYgWgmkL1AMG830QR1uNT4NuReP/XPkdUgoJyw0YPypMjmVNczAHFcVS4jW1p
+OJx2Sp1Q4HCUY5gzXEy5wEIuuQcmQZEsxA5J2BLV6ciHuwKvI8WDqvTb0/fipcBQ
+AtK32KFAGMgaYZ7ivAiC8WcZCp5fXToEhu7F8uRd4ZJlMf2UCyQvEroTD0Y=
+-----END CERTIFICATE-----

examples/puma/chain_cert/cert.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLjCCAhagAwIBAgIBbzANBgkqhkiG9w0BAQ0FADAmMSQwIgYDVQQDDBtpbnRl
+cm1lZGlhdGUucHVtYS5sb2NhbGhvc3QwHhcNMjMwNjA1MDAwMDAwWhcNMjQwNjA1
+MDAwMDAwWjAeMRwwGgYDVQQDDBN0ZXN0LnB1bWEubG9jYWxob3N0MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iY3+/B0oIXUChZFnXVQvZ2PfYJ8UVeW
+3Oq9a6zQTP95aSwtv/rAt1jYA1H18p6npa254ODZcdWp+EtvUIiTFIII9X0B6WH/
+rDm8D6mDkMGi/L3DlJ1vJaOVbXe9NL33zJJznAZ0T2lcg9qXN6wbUIhcChRSMsFw
+xR0pPnvZv34NBvefxNWnJpFKqyXEi64ONHwjil4/Sk7lunmguwLAPano3wp81qsp
+rv8KTiqJUfF78CrtwY1LMWvC3AcbPBLlyBrr7mPfAoVuxu+s6tXqpcOsp/FoKa9Y
+lIxS82po1aKLnXkAMc75rlT5WVXrPVeRWgDucxUDOXFpl955pNSQRQIDAQABo28w
+bTAdBgNVHQ4EFgQU3FVgqa85bI7/5jVEfOh/w1RfvH4wCwYDVR0PBAQDAgbAMBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAU+wCxrhII
+TVatm9iz/dMpKWWlNRswDQYJKoZIhvcNAQENBQADggEBAG0gjxN6U8EaUhaJJj8C
+Av/5A+F5SPDotbpj4T/1ciSn8wQf3aotBaNCzv7mC2mWtl4PIrOZ8bH42dZ0sWEU
+Ft1h4HVLQADv5QU0RKNuKXoDRvVXB6IDNAIWB+8NQwYwj+WvYH+BLoc53yBfHQGK
+B+y8SVeEcQVjzmcZ2TUT2/b5XEsiV+ugLce294lUPIlSmWK043Oe3UfMRuurPwyj
+Qjn/pwl7S22BRDCorQ5NThb+/lsO54J/8zpCxHmhgm152mXcCYBNjYLwd5SYvawN
+Q5EDcE/31xqtZkGtBDb/ZqwUSbmwLb3qFRjgM/t+H2eUMyZUxbvmxzlZdAO7xAOC
+fho=
+-----END CERTIFICATE-----

examples/puma/chain_cert/cert.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1iY3+/B0oIXUChZFnXVQvZ2PfYJ8UVeW3Oq9a6zQTP95aSwt
+v/rAt1jYA1H18p6npa254ODZcdWp+EtvUIiTFIII9X0B6WH/rDm8D6mDkMGi/L3D
+lJ1vJaOVbXe9NL33zJJznAZ0T2lcg9qXN6wbUIhcChRSMsFwxR0pPnvZv34NBvef
+xNWnJpFKqyXEi64ONHwjil4/Sk7lunmguwLAPano3wp81qsprv8KTiqJUfF78Crt
+wY1LMWvC3AcbPBLlyBrr7mPfAoVuxu+s6tXqpcOsp/FoKa9YlIxS82po1aKLnXkA
+Mc75rlT5WVXrPVeRWgDucxUDOXFpl955pNSQRQIDAQABAoIBAHYIVq8cV4vqd3af
+0/r3oGsCnwYUl6TV3Ccjkwf4Fk96OFcJrKW19eaYp2cdE6yIWertmBgklnUxyR87
+pL0EqdyR15JHNniGNT+eCtOvIP72W3lmtpgBNjPOuBu/9Z9OXXh5+BK1VAI5Fm7u
+Wo6q49s9bU146d1j1V4vtn3kEZ6DP1M80oWHYMzB4e2sYveWxvckq98zEtQjAlj0
+vpoiOB5Kfm5k5Mh6EP02ZrqnfqnBpdqwXjGIPREEMN4qsIwcdHBY5qMzWsw7wQvU
+MVUAyNb+D1W6tx1FIq0WhEhedLjPaB5OyYPfskFv4QzUHeu4j97yZDCOuniIV1fn
+lNhurLkCgYEA7d2O9FLtLcpAFADuikjsJOYi2gJ/I/8MqOVO/efngyJl1f6GN6iw
+RIQ9vJUaA/aA+t3JMJar4iTG9G/YLa7oOKURybbmm7IOZUQiqZHLySLJnpBzcnN/
+Tgkx+fQNXs+koioyQwhiSWsgWm0AafxJPDqofqEzzHSvvfLshnNVLU8CgYEA5nnK
+JbWBaUWemYhzWZX9d6TQW32IJdS8Pt+/NocR+y3CRozAhDA2q+iNQaOWzD9i9Ngc
+MbG3bBLiu/N6pDHAEX+j7EiDN1NsaV+5oPTQJToSkvZLtNKFJLVUEqxPx0+KcUFV
+kP2IXqr5TGHCRbWioDFCgFN3w86WcKntiVclzCsCgYA0IGuli07CzCHCwHmGAHkP
+lQdqM0Xdg5UopifraJjJmg4rGT4ckHEgcsJ8w0gSOkEFuPjQFxTP2DNpeeEsEbp+
+P15okBZ1ZE3XT1kxQ+wexerdPtat7DWnykgTeLI9Zs+zYf/lxL6VTE6owl5m24zJ
+ECnApl8NnTyuKcA/rqKp7QKBgFOhm/XFABmYFq31so2ufJQ+rRCV46J+qHRUMolx
+x9eSSi3Zgz40VJJax28rElw5IApipRBvQXSpAbdb6YPNPbnbzDrAMUURM4SlJLHA
+RAtOIFFNqDkMLx4b4k8IUcasGTtxjsAXD7XyapYJ3zn2Z/WjClOQdiQKQdLOBpDQ
+m7mTAoGBAKmCzouXa6kGV2TxyuYdZVp71zjtAWEradWZUtHkNpySbx6u1HX102N+
+1zU0nhwDm75uZskage1+4WyXoQymmgUBK3L7lPjkl5O/7ILqAt05Gqn2fFG3GCdZ
+CAYURtiFsmjisNRMC+DO/s4li5HNBrvoK/t+CQE0RmjMulhPZajH
+-----END RSA PRIVATE KEY-----

examples/puma/chain_cert/cert_chain.pem

@@ -0,0 +1,59 @@
+-----BEGIN CERTIFICATE-----
+MIIDLjCCAhagAwIBAgIBbzANBgkqhkiG9w0BAQ0FADAmMSQwIgYDVQQDDBtpbnRl
+cm1lZGlhdGUucHVtYS5sb2NhbGhvc3QwHhcNMjMwNjA1MDAwMDAwWhcNMjQwNjA1
+MDAwMDAwWjAeMRwwGgYDVQQDDBN0ZXN0LnB1bWEubG9jYWxob3N0MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iY3+/B0oIXUChZFnXVQvZ2PfYJ8UVeW
+3Oq9a6zQTP95aSwtv/rAt1jYA1H18p6npa254ODZcdWp+EtvUIiTFIII9X0B6WH/
+rDm8D6mDkMGi/L3DlJ1vJaOVbXe9NL33zJJznAZ0T2lcg9qXN6wbUIhcChRSMsFw
+xR0pPnvZv34NBvefxNWnJpFKqyXEi64ONHwjil4/Sk7lunmguwLAPano3wp81qsp
+rv8KTiqJUfF78CrtwY1LMWvC3AcbPBLlyBrr7mPfAoVuxu+s6tXqpcOsp/FoKa9Y
+lIxS82po1aKLnXkAMc75rlT5WVXrPVeRWgDucxUDOXFpl955pNSQRQIDAQABo28w
+bTAdBgNVHQ4EFgQU3FVgqa85bI7/5jVEfOh/w1RfvH4wCwYDVR0PBAQDAgbAMBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAU+wCxrhII
+TVatm9iz/dMpKWWlNRswDQYJKoZIhvcNAQENBQADggEBAG0gjxN6U8EaUhaJJj8C
+Av/5A+F5SPDotbpj4T/1ciSn8wQf3aotBaNCzv7mC2mWtl4PIrOZ8bH42dZ0sWEU
+Ft1h4HVLQADv5QU0RKNuKXoDRvVXB6IDNAIWB+8NQwYwj+WvYH+BLoc53yBfHQGK
+B+y8SVeEcQVjzmcZ2TUT2/b5XEsiV+ugLce294lUPIlSmWK043Oe3UfMRuurPwyj
+Qjn/pwl7S22BRDCorQ5NThb+/lsO54J/8zpCxHmhgm152mXcCYBNjYLwd5SYvawN
+Q5EDcE/31xqtZkGtBDb/ZqwUSbmwLb3qFRjgM/t+H2eUMyZUxbvmxzlZdAO7xAOC
+fho=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFjYS5w
+dW1hLmxvY2FsaG9zdDAeFw0yMzA2MDEwMDAwMDBaFw0yNzA2MDEwMDAwMDBaMCYx
+JDAiBgNVBAMMG2ludGVybWVkaWF0ZS5wdW1hLmxvY2FsaG9zdDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOHKwUnnX7QXvewBtH5XAtRbhhgAIQQ14pxs
+9w3WBWY6B7zKZdkRnu/bULwP4QGHPc/YAtWSMN+1aWWm/6od3xn0AfFrzWxzMXVT
+ZTnI6aQ3emxIec3gc5Xa4+oF0SUmVZiY3U9l4Apk1d4xNnV81UzE7KpdSUqYXdS/
+Ja7T9QXFbE0/5L7Ci9luVQLyUYNiW2CmaiiC1YE9292kfZTujsKKf4Og/65U4qgF
+mfSTnIBSAHTkiF5Qo8QTx+qz55A0ue2NX3QXVZOYJMtjt8OQEWkGKP2iPFnGnd3i
+TW57THaNNzVan0A96IZv3hGVNqqlUto6L0tni+QD+3d14FDRLKMCAwEAAaN1MHMw
+HQYDVR0OBBYEFPsAsa4SCE1WrZvYs/3TKSllpTUbMA4GA1UdDwEB/wQEAwICBDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMEBTADAQH/MB8GA1UdIwQYMBaAFIDE
+rrQrGbYkUaWL+93VfSqFj3fWMA0GCSqGSIb3DQEBDQUAA4IBAQCCEJymTKz93kmQ
+Bfgj1UkVo1MC4GQAwVDJJTdEk80a3AFPuwmuwcl50rq2w4UBN9vkleKWz9ysWSrQ
+Qs5RoM08ggca1dqgzIKHH95ft0BFZixEfkAhfAcrEiBNT6H5lgJ+EcFNq1n1T435
+ow3r9P3u4FlBP4BmfpffnOFlY1cTYsEOFtDSGmBe8mNJkx2z37OAiLtSKPtkfpeq
+84haUFAvfJX/93JLsuHbrhZXTjXVGDsbITxheiqmxaN5HiFacG0Ju2USPtHAge8H
+Rz3fbPlN2Txn83ejbaHetj2zrbsd+QobPusfDRZKUcDG/CSXV7lc65+Lp0iPbCd/
+KG6q1Yf+
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKDCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFjYS5w
+dW1hLmxvY2FsaG9zdDAeFw0yMzA2MDEwMDAwMDBaFw0yNzA2MDEwMDAwMDBaMBwx
+GjAYBgNVBAMMEWNhLnB1bWEubG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAtHILxmP3PDm0UxL6CRTqrUWf1PYmBXgoLy7tZNj3KGMQVsw0
+jeeyAUI9UimtNtgAbKVCrtC46phxwAn0c0wcPiXpckfAaF1pViXRe9WrMLmFeo47
+Uyy2uWuApuFPpHBw+baflr+h1haEYVSFwsJaIPyuuf8vh5PuvOtfdqrG+V7gve86
+Utk2NTZUIpB0oaI/DqXyBor9Ra3IucuaAKHh+Mjc61WIJhjMIgbtfl+FWuDXiYz6
+hNbXkr4LtU2hKQCD1NKZjI4I/UIPnB5Wf+cdAIiNz2UvTvEfrCTew0mtckDFsC2x
+gMpHnkuUi/ZxM5n8UwikHqtLVVmFpYCzN3idrwIDAQABo3UwczAdBgNVHQ4EFgQU
+gMSutCsZtiRRpYv73dV9KoWPd9YwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUgMSutCsZtiRRpYv7
+3dV9KoWPd9YwDQYJKoZIhvcNAQENBQADggEBAANVPJJZttOrWM4PfftJ7e2MHrM4
+f3EUtNgAsbRNw1MAvhAxaR7JjyXYYKXNkfz5H1o8V15iZvupG4jOQRRrQfgAu+JR
+ExOCoidD/uyk63kFre6OmeyjblKkuTnbrt/zBHVej+5eLqFMIQhAsHZCZn3Yrc36
+rKtoYgWgmkL1AMG830QR1uNT4NuReP/XPkdUgoJyw0YPypMjmVNczAHFcVS4jW1p
+OJx2Sp1Q4HCUY5gzXEy5wEIuuQcmQZEsxA5J2BLV6ciHuwKvI8WDqvTb0/fipcBQ
+AtK32KFAGMgaYZ7ivAiC8WcZCp5fXToEhu7F8uRd4ZJlMf2UCyQvEroTD0Y=
+-----END CERTIFICATE-----

examples/puma/chain_cert/generate_chain_test.rb

@@ -0,0 +1,129 @@
+# frozen_string_literal: true
+
+=begin
+regenerates ca.pem, ca_keypair.pem,
+            subca.pem, subca_keypair.pem,
+            cert.pem, cert_keypair.pem
+            ca_chain.pem,
+            cert_chain.pem
+
+certs before date will be the first of the current month
+
+expires in 4 years
+
+=end
+
+require 'bundler/inline'
+
+
+require 'certificate_authority'
+gemfile do
+  source 'https://rubygems.org'
+  gem 'certificate_authority'
+end
+
+module Generate
+
+  CA               = "ca.crt"
+  CA_KEY           = "ca.key"
+  INTERMEDIATE     = "intermediate.crt"
+  INTERMEDIATE_KEY = "intermediate.key"
+  CERT             = "cert.crt"
+  CERT_KEY         = "cert.key"
+
+  CA_CHAIN         = "ca_chain.pem"
+  CERT_CHAIN       = "cert_chain.pem"
+
+  class << self
+
+    def path
+      File.expand_path(__dir__)
+    end
+
+     def before_after
+      @before_after ||= (
+        now = Time.now.utc
+        mo = now.month
+        yr = now.year
+        zone = '+00:00'
+
+        {
+          not_before: Time.new(yr, mo, 1, 0, 0, 0, zone),
+          not_after:  Time.new(yr+4, mo, 1, 0, 0, 0, zone)
+        }
+      )
+    end
+
+    def root_ca
+      @root_ca ||= generate_ca
+    end
+
+    def intermediate_ca
+      @intermediate_ca ||= generate_ca(common_name: "intermediate.puma.localhost", parent: root_ca)
+    end
+
+    def generate_ca(common_name: "ca.puma.localhost", parent: nil)
+      ca = CertificateAuthority::Certificate.new
+
+      ca.subject.common_name = common_name
+      ca.signing_entity      = true
+      ca.not_before          = before_after[:not_before]
+      ca.not_after           = before_after[:not_after]
+
+      ca.key_material.generate_key
+
+      if parent
+        ca.serial_number.number = parent.serial_number.number + 10
+        ca.parent = parent
+      else
+        ca.serial_number.number = 1
+      end
+
+      signing_profile = {"extensions" => {"keyUsage" => {"usage" => ["critical", "keyCertSign"] }} }
+
+      ca.sign!(signing_profile)
+
+      ca
+    end
+
+    def generate_cert(common_name: "test.puma.localhost",  parent: intermediate_ca)
+
+      cert = CertificateAuthority::Certificate.new
+
+      cert.subject.common_name  = common_name
+      cert.serial_number.number = parent.serial_number.number + 100
+      cert.parent               = parent
+
+      cert.key_material.generate_key
+      cert.sign!
+
+      cert
+    end
+
+    def run
+      cert = generate_cert
+
+      Dir.chdir path do
+        File.write CA, root_ca.to_pem, mode: 'wb'
+        File.write CA_KEY, root_ca.key_material.private_key.to_pem, mode: 'wb'
+
+        File.write INTERMEDIATE, intermediate_ca.to_pem, mode: 'wb'
+        File.write INTERMEDIATE_KEY, intermediate_ca.key_material.private_key.to_pem, mode: 'wb'
+
+        File.write CERT, cert.to_pem, mode: 'wb'
+        File.write CERT_KEY, cert.key_material.private_key.to_pem, mode: 'wb'
+
+        ca_chain = intermediate_ca.to_pem + root_ca.to_pem
+        File.write CA_CHAIN, ca_chain, mode: 'wb'
+
+        cert_chain = cert.to_pem + ca_chain
+        File.write CERT_CHAIN, cert_chain, mode: 'wb'
+      end
+
+    rescue => e
+        puts "error: #{e.message}"
+    end
+  end
+end
+
+Generate.run

examples/puma/chain_cert/intermediate.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFjYS5w
+dW1hLmxvY2FsaG9zdDAeFw0yMzA2MDEwMDAwMDBaFw0yNzA2MDEwMDAwMDBaMCYx
+JDAiBgNVBAMMG2ludGVybWVkaWF0ZS5wdW1hLmxvY2FsaG9zdDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOHKwUnnX7QXvewBtH5XAtRbhhgAIQQ14pxs
+9w3WBWY6B7zKZdkRnu/bULwP4QGHPc/YAtWSMN+1aWWm/6od3xn0AfFrzWxzMXVT
+ZTnI6aQ3emxIec3gc5Xa4+oF0SUmVZiY3U9l4Apk1d4xNnV81UzE7KpdSUqYXdS/
+Ja7T9QXFbE0/5L7Ci9luVQLyUYNiW2CmaiiC1YE9292kfZTujsKKf4Og/65U4qgF
+mfSTnIBSAHTkiF5Qo8QTx+qz55A0ue2NX3QXVZOYJMtjt8OQEWkGKP2iPFnGnd3i
+TW57THaNNzVan0A96IZv3hGVNqqlUto6L0tni+QD+3d14FDRLKMCAwEAAaN1MHMw
+HQYDVR0OBBYEFPsAsa4SCE1WrZvYs/3TKSllpTUbMA4GA1UdDwEB/wQEAwICBDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMEBTADAQH/MB8GA1UdIwQYMBaAFIDE
+rrQrGbYkUaWL+93VfSqFj3fWMA0GCSqGSIb3DQEBDQUAA4IBAQCCEJymTKz93kmQ
+Bfgj1UkVo1MC4GQAwVDJJTdEk80a3AFPuwmuwcl50rq2w4UBN9vkleKWz9ysWSrQ
+Qs5RoM08ggca1dqgzIKHH95ft0BFZixEfkAhfAcrEiBNT6H5lgJ+EcFNq1n1T435
+ow3r9P3u4FlBP4BmfpffnOFlY1cTYsEOFtDSGmBe8mNJkx2z37OAiLtSKPtkfpeq
+84haUFAvfJX/93JLsuHbrhZXTjXVGDsbITxheiqmxaN5HiFacG0Ju2USPtHAge8H
+Rz3fbPlN2Txn83ejbaHetj2zrbsd+QobPusfDRZKUcDG/CSXV7lc65+Lp0iPbCd/
+KG6q1Yf+
+-----END CERTIFICATE-----

examples/puma/chain_cert/intermediate.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA4crBSedftBe97AG0flcC1FuGGAAhBDXinGz3DdYFZjoHvMpl
+2RGe79tQvA/hAYc9z9gC1ZIw37VpZab/qh3fGfQB8WvNbHMxdVNlOcjppDd6bEh5
+zeBzldrj6gXRJSZVmJjdT2XgCmTV3jE2dXzVTMTsql1JSphd1L8lrtP1BcVsTT/k
+vsKL2W5VAvJRg2JbYKZqKILVgT3b3aR9lO6Owop/g6D/rlTiqAWZ9JOcgFIAdOSI
+XlCjxBPH6rPnkDS57Y1fdBdVk5gky2O3w5ARaQYo/aI8Wcad3eJNbntMdo03NVqf
+QD3ohm/eEZU2qqVS2jovS2eL5AP7d3XgUNEsowIDAQABAoIBAHZfS5IpIL1TrRfr
+lOqfRzZ5fQVcG/MPJOyJG8Q/Lbl4NtI88cQpPr/UpLDTSkz4z+kFAAdjiwfdHZJT
+SLmwy2PZzqL4t0th4M33mJwAvqx/AUl/fYv3XeF0TgREZG8rd7h2e5/CcwA/+Pdx
+qXFSrqh+nOx7146p7pc4VtMe/9ezunJNWj1QMXlF3tC8ikv6Pc/T/2dRVCx1aWvF
+j/nrHNYDbWs9zEUNCf0ZjQnFKWPOwg/ppRkpBYPf/hSCg8KLarKlpcXO8ZwT1DMk
+4PLo2Wt4jmCaEhoD687T+GNrHbnt+wZnWrqG7/SvY2dm+MLO3Q51lqqTYGYrH0OC
+Afvd18ECgYEA9ys1OxTx75qBm2Nywaoqx9/8/24Vo2XM0nLPlIND7SZR7yCsKyZ6
+ucViMwtM2r3TtkBUiDCles5yhys0GlSQZSr1F3/VwoGoEWISNTScvstUmlu4rwk8
+jG43WkPYH2s/6ns6hZLZgTZ3B+IUE+1NVzshdybSmz4pPE1haHeRlbMCgYEA6dwE
+4HPlgwkmCYXISltlblJguyix/JxkErFANMJ8CtMDacF8LEvvzfAZIEf90XlahreN
+cedgGBGmL4/4+2f3Ypaw9Jyc1pFxWQ5CeSgomDhvbHBYX0/PGFhZEdbY/j6NRDrn
+qIcoCEVScPNyaVEVhXgfjQfKfYEQsiZ6p4VSdVECgYBX+PsDQlsyKs4CnozTvVto
+tKJ5z5bIB421QcP8WhQtLjxvXjOpUBLSWByxik4adQILli4AI0Biy2QcFBaBYKPc
+PkPpz0gn6LoHJd7RLR61Ee3U2tyLAECawwfUit07oZKoRJ/5tuDPirEnDyKSTR3/
+9D3fCORg+Oj4W5pV8mjQ3QKBgAqAbduieLkErSeaUV89cXWdz2g4MJ32a+wG96om
+3akixrF2FdxrYI5v7MDtWrGQcIdCMODfkgoiqMLUBUtM5OgRekrRyZ09FMj6AfQs
+4H3Ncvt8pAtLqzIdrYpGiqIILxHUT1jbEOomKsiVthqSoJPIzCnqIqa2KAjH/5QM
+QaKxAoGAXiCchLWpgbTv4SpaqU0p1KGzN8mYJanBxTGitNEtN/oecAGXY7l8Mst6
+CWNsVBoENGyTa+nkQ2uzkI7rBsJpjmmYveKlIF2MN9AIJcAHnYQHcvvLgEgB/tzx
+vPSUA0etUqyL0QNLm+EYnoS7zsmR6Xwl08OVFJIPunm8F8UAg6c=
+-----END RSA PRIVATE KEY-----