[tests] add own test CA and test gnutls and openssl basic functionality

9 years ago · 3bf3bb1238
parent 7d22354772
commit 3bf3bb1238
23 changed files with 589 additions and 8 deletions
--- a/tests/base.py
+++ b/tests/base.py
@ -69,7 +69,7 @@ def fix_test_name(name):
 	return name

 def load_test_file(name):
-	path = os.path.join(Env.sourcedir, name)
+	path = os.path.join(Env.sourcedir, 'tests', name)
 	file = open(path)
 	(modname, ext) = os.path.splitext(name)
 	module = imp.load_module(modname, file, path, (ext, 'r', imp.PY_SOURCE))
@ -318,7 +318,7 @@ class Tests(object):
 		self.vhosts_config += config

 	def LoadTests(self):
-		files = os.listdir(Env.sourcedir)
+		files = os.listdir(os.path.join(Env.sourcedir, "tests"))
 		files = filter(lambda x: x[-3:] == '.py', files)
 		files = filter(lambda x: x[:2] == 't-', files)
 		files.sort()
@ -343,6 +343,7 @@ class Tests(object):
 		accesslog = self.PrepareFile("log/access.log", "")
 		self.config = """
 global var.docdir = "{Env.docdir}";
+global var.ssldir = "{Env.sourcedir}/tests/ca";
 global var.default_docroot = "{Env.defaultwww}";

 setup {{
@ -353,11 +354,24 @@ setup {{
 		"mod_cache_disk_etag",
 		"mod_deflate",
 		"mod_dirlist",
+		"mod_gnutls",
 		"mod_lua",
+		"mod_openssl",
 		"mod_vhost"
 	];

 	listen "127.0.0.2:{Env.port}";
+	gnutls [
+		"listen" => "127.0.0.2:" + cast(string)({Env.port} + 1),
+		"pemfile" => var.ssldir + "/server_test1.ssl.pem",
+		"pemfile" => var.ssldir + "/server_test2.ssl.pem",
+	];
+	openssl [
+		"listen" => "127.0.0.2:" + cast(string)({Env.port} + 2),
+		"pemfile" => var.ssldir + "/server_test1.ssl.pem",
+		"ca-file" => var.ssldir + "/intermediate.crt",
+	];
+
 	log [ default => "stderr" ];

 	lua.plugin var.docdir + "/core.lua";
@ -451,7 +465,9 @@ instance {{
 }}

 allow-listen {{ ip "127.0.0.2:{Env.port}"; }}
-""".format(Env = Env, valgrindconfig = valgrindconfig))
+allow-listen {{ ip "127.0.0.2:{gnutlsport}"; }}
+allow-listen {{ ip "127.0.0.2:{opensslport}"; }}
+""".format(Env = Env, gnutlsport = Env.port+1, opensslport = Env.port + 2, valgrindconfig = valgrindconfig))

 		print >> Env.log, "[Done] Preparing tests"

--- a/tests/ca/ca.conf
+++ b/tests/ca/ca.conf
@ -0,0 +1,22 @@
+
+oid_section = new_oids
+[ new_oids ]
+
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_key = no
+string_mask = nombstr
+prompt = no
+req_extensions = v3_ca
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+OU = lighttpd2 test suite CA
+CN = lighttpd2 test suite Authority
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage=critical,keyCertSign,cRLSign
+nsCertType=sslCA, emailCA, objCA
--- a/tests/ca/ca.crt
+++ b/tests/ca/ca.crt
@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3zCCA8egAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgQXV0aG9yaXR5MCAXDTEzMDkxMDExMTkwMVoYDzIxMTMwODE3MTExOTAxWjBL
+MSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGln
+aHR0cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAqITgBrA3z7ghn4M5XjQ109VcVVve35Ul9IM7MSRPnksl0+WM
+qc/qbXK3Y1VmcxGY50mg3aIzRd4g9kOMDzhfbkm02klQmeVLikC4aHRPf4372sgc
+G43grqrL1pT1zpC5fc96htj03sO7xRd0Vi6/oTKuAzqeW9k839XVdzg7t3a2E28w
+GGWWh20mKEFsG/Ycfz1RLzTjaSceW0eFpW7yLB548+W1k29vMlJ3JH3MEuzqRIfT
+diQR+BeU5IRyk8Q24EUbYgDezpJWWHezs3dMUNgwq4rlNCAtWyDO005OZoWSh3jR
+yENNf/S/wSwxsV0BsVQntZBmI+b5WiG0aiyJ1EGi/LQLvw/oVddWtJ0qzGXFcPSz
+8neOgNhvE63RlYsOJfRHnTq1uByKlEgm3R2GONvuBHcr7DHAxP5slBtMpEugeAub
+wdEgSpbKTMfv7eyd2y5y4k/7qLdGGis8ugy86sz3VKf+N5hOwObyF0VXG0QcvcAw
+LMhfnSjw4NKJREz+C0raolnjiCcEdBKVZAUIlHLlDNkG5W1vYT/GWN0iMRZY1AUh
+9y4WO5Odbh6mqdCehjb1v7DUAqsh5xqa0Cq62QFU5NOL/7Cu5NPZwZR3zMad6Gz5
+O0O7dCGz3TYe9r8Wy43t3AwhlHzWTMv3Yd9Qhvlrca8kyedyLm7KQXI/J4sCAwEA
+AaOByzCByDAdBgNVHQ4EFgQUGzbS4ZddDK56EqPd3mvzt70wdhswcwYDVR0jBGww
+aoAUGzbS4ZddDK56EqPd3mvzt70wdhuhT6RNMEsxIDAeBgNVBAsTF2xpZ2h0dHBk
+MiB0ZXN0IHN1aXRlIENBMScwJQYDVQQDEx5saWdodHRwZDIgdGVzdCBzdWl0ZSBB
+dXRob3JpdHmCAQEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMA0GCSqGSIb3DQEBBQUAA4ICAQBN85CU1P8OUUKYHAj+
+FKqUjCV128KkTm6KxTuHGk2D+YuSkIb0HYKzXUCJ3Srgh+dn6YOdSEjsKozor5xj
+1cXshQjJ6P9xgVs5759bwj1IGEoksUVHegJsvvV6w+UGmz43j+QtbB7pVXYwMUfK
+mgfkAr0AwbeinAioJn/f3QIMLCqVab8RHf4FKcZwXgO1Y8xT7aamBcU2fFUa2xte
+0hUEf3vidjGvpdyLQ+NWL7Vmjzsw78NxmyHzWQgoMlxmGK+tily70wCG4nuA/7fU
+aiJZ3tlgRROanGfqrhJ2Xbd1aCe03pMBTJ5qS8H5XMnT8dtwHBAUKEoSJHMIJUn6
+5W91ZkBCJZ6R4X58JUPiSLnAlSfUd32+KyHT//kdVczhkd2uXxCpJFUwkpj5lAI2
+DKQDloLamGx88Eq041ABN98nIL3JnsBdQZAEP5ab99Pdgu2LxMQeqngx5f1cD4Tc
+SywOKgr5+fDdX0e2zPLWPhS+bJ5K7eOiCesTQUeKBKOMwokJeqY34ZCY0hp8uisc
+MZvCjwUK6LucXUzsPo7SztV7tNVZkBIqaw8oGTiZoAzfyLu2Hsa2QDPo6ynuaq8g
+HxI1DwYJpLzPkjAtY/dGNyGV5CYi4xXMIvrFKSwXEYeoIhJ7jp4NVtUtQXBSrVWS
+aJvTDs3VgDjq3RAymnGgw9kdaQ==
+-----END CERTIFICATE-----
--- a/tests/ca/ca.key
+++ b/tests/ca/ca.key
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAqITgBrA3z7ghn4M5XjQ109VcVVve35Ul9IM7MSRPnksl0+WM
+qc/qbXK3Y1VmcxGY50mg3aIzRd4g9kOMDzhfbkm02klQmeVLikC4aHRPf4372sgc
+G43grqrL1pT1zpC5fc96htj03sO7xRd0Vi6/oTKuAzqeW9k839XVdzg7t3a2E28w
+GGWWh20mKEFsG/Ycfz1RLzTjaSceW0eFpW7yLB548+W1k29vMlJ3JH3MEuzqRIfT
+diQR+BeU5IRyk8Q24EUbYgDezpJWWHezs3dMUNgwq4rlNCAtWyDO005OZoWSh3jR
+yENNf/S/wSwxsV0BsVQntZBmI+b5WiG0aiyJ1EGi/LQLvw/oVddWtJ0qzGXFcPSz
+8neOgNhvE63RlYsOJfRHnTq1uByKlEgm3R2GONvuBHcr7DHAxP5slBtMpEugeAub
+wdEgSpbKTMfv7eyd2y5y4k/7qLdGGis8ugy86sz3VKf+N5hOwObyF0VXG0QcvcAw
+LMhfnSjw4NKJREz+C0raolnjiCcEdBKVZAUIlHLlDNkG5W1vYT/GWN0iMRZY1AUh
+9y4WO5Odbh6mqdCehjb1v7DUAqsh5xqa0Cq62QFU5NOL/7Cu5NPZwZR3zMad6Gz5
+O0O7dCGz3TYe9r8Wy43t3AwhlHzWTMv3Yd9Qhvlrca8kyedyLm7KQXI/J4sCAwEA
+AQKCAgBIkkhjuPmgA5y/M+S9s+BGZIjJ3bGCOZnJzcXs6MU81wHoWd+UtYwwLAnb
+xkhDX52oZOXY7GQGP52UUAx99XnrZeRzaMVEMSGx3SNNIGGn/b4rPqgUGapbrgPw
+Wd/tYBfxnSsX7VCuqj4vp2UbRDCUO94CV/kgdtInVtAB8n6NCJtqjSR6LS2BDrky
+9tGWzQsCpKZUnQMeIpGJH6jnUHsMEudlqVPjtUZ+tlLGrUH4GHzenFutceUnIQim
+zH8HMaWsOTaMovFQpmZ23L3PmJ2N5zw2c683HnBJ4TwQdZV/wyASJS66fnlelEkL
+6HtR9UqoUiRzpUbHSU2yyfcHDj0gL1Vh9VFIsNhUNeLEhCj4lkiOVSHuSY7lZxXy
+t1RAn7Vb/sPYJoxVRkDIBpNHcqgQRNUSq08k18ftlaw+x3UZLUCKNOD5J8ozMDvW
+M4RhjgZAKgTi95fgNnch4lBbIfii73GOaSGwivfVMurVV1MFTMFPQSbyau1AFt4g
+WfY1s/iFKmr6exfPUVhWYqS/VuNFhtjM8gSTKr/ZiDUI89DepjXpHyAvWV6Dn4NX
+ZY6ZLCCWaWL3HxzgrnnK1d1irjmtDtRFd6nSL0aAF7UONWyW9o96PWP88GnzexE5
+fmPEuLc5jfkdNHJsZK7b3q1X8Ib/45Ip8/uyrBIxKw8QdJ23aQKCAQEA1iyUhJBG
+GP7XLEo74VLH73LucjAY57nmbpZq+2JbZ9+3OOD80i8x+gY0ChhuHxBKSW2fgqhM
+Us9JFM8IOgyOzDp4PReO4fl5ajIw856JzGw21zG9nsc1Y3d4bhzJNJJfOgvqVQQv
+i/P01t3zUiabKHEXjNLebzsGst03e7Db231TPNDyzGPPmKaYhYHeXAyEMeX+boaX
+M4ymvtSHf4olx6NsaF3Yuf/+CX5BQtVZEg/x2cET6/CURdEy5SwS5jPtevYcbEET
+X22E2Bv6SuJelJ/qF4i30+mJIK/pZgG+Q2ozG41FjAMpFV9yBh5Nbn0pHkS2vHGq
+pFm1hIRh3mmcvwKCAQEAyW3QgBKSHbvxEJguw3fA1qRSOH8VfvwUL8g5jV9KWyWw
+7/UeH5yKOrwxqVvnzl0WkxsuDBcjd9JQZ4kGSmE/3QJ/3vW1VeQqmPOXS55T0nqI
+HqTwOTFnj0exsvIDILcPGNxlTUU2LzyixD0sbfdN9WxauEiQwV4IJGcsM0GYCQaC
+YnKbQthYn7Z4jfbHCQvFIUX9i9uzDVlJumuB/XAccO1Nzl7ZrM6CkRH4H35ZU+Eu
+Rkfnt1Ga1Fp6r5ydEg4NLm15ewu9E6aN5/BWvnOMVehl7jIYdE1HgYWDEZVed2lX
+700DCx7NTWbwkI5gstVEhpXgeMs1LcWVNpKmxWdMNQKCAQB42NC4d/vFkM3yxLRC
+8IW1+4DF15PF9OQr1B3rWFVBKD9nDbQ6GL03WZa1d5FzX6q7Aer2O2ZNd37CCguX
+TYypefhsaEWMBktW+5kZbYRNX2YWSI+47qiWRkwivYVeb5Th2OVRMTpu2ql1L+li
+mjwENsPWBwnRc1nVRPNQjLuRfoagEzpcz5jMhnwbIOtJvxo8WY0V6kWYpa1UkfEe
+quGkYvcBcKqgUOyTiLTkNCO9CFgryUEnaSkQt/jizNqhH/3I2uOwxYtb1h0WH7s7
+070QWacpvlATd3uTgQ7OKv+jZGIQEseCOCpPT/qzrxd7142C8by2WeCyOZgtfNEI
+QUlbAoIBAQDFJo+pmwOayMYU+O7kcMS1EVZMZ86RYIcdkXsLLRZpCgYZhy+5vwzo
+miR9YDANor0itLqoKMmVUKtT+yDGElNgrT6c6p9W9yDeXaVa5Rej7jxmygc542o6
+KfD6dbesAKBtM+KO88wqBc5GBp4C78hFC43ry1KrgK61eqofbPcy9kUNuKDQl1J+
+2Ck8wipjZzrF62xTxHCHAzqPlQRBG8cqnInIELw7UFEpTo4tvQwPdlpFfcGFgwDp
+Ebn9QmvWLRynsYzyazXgEufX+Tvd4tibiQCjWDLpOm5fjl8QCcPRWrEvzo/JBZfq
+R3Pz+PcacnVEyVNQx4xARaBbLsS+d/F1AoIBAQCQwBkIoFWfpSndHFCyEib5jjKo
+LdLrJrZ3ZMU0xjb27ZG1tAs0+1N0I+/mAaEX0B5t9+r7Z64YnA8s3Hn98ekSXPHK
+t1kO4WFIqVdDNE7VJwwS6SbSwkXLZcBHVM9jfcjumbNYQjgn2dJzs230uLKprnDF
+bGtBP3F1jEvLJff20u6OY9SdwMPoLWKbvwExdgrJeX/EitAy3Qag/0ww99HgGrkv
+YzVEu8Hz8RDUNIVCnyK22VVEGZ9/ZG1I3neYqtW6xhJPs14Fx8ZjIYWyIe1BZ3PP
+wpDAZE7lITAH1icX9NTMpq0uKP3/Uho/K5UP5GLqCUOiqRS/oSc0G1tKQw+Z
+-----END RSA PRIVATE KEY-----
--- a/tests/ca/ca.srl
+++ b/tests/ca/ca.srl
@ -0,0 +1 @@
+0000000000000001
--- a/tests/ca/createca.sh
+++ b/tests/ca/createca.sh
@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+# gen keys
+echo Generate ca.key
+openssl genrsa -out ca.key 4096
+echo Generate intermediate.key
+openssl genrsa -out intermediate.key 2048
+echo Generate server.key
+openssl genrsa -out server.key 2048
+
+echo Generate self-signed ca.crt
+openssl req -new -x509 -out ca.crt -key ca.key -config ca.conf -days 36500 -set_serial 01
+
+echo Generate intermediate.csr
+openssl req -new -out intermediate.csr -key intermediate.key -config intermediate.conf -days 36500
+echo Generate intermediate.crt
+openssl x509 -req \
+	-in intermediate.csr \
+	-out intermediate.crt \
+	-extfile intermediate.conf -extensions v3_ca \
+	-CA ca.crt -CAkey ca.key -CAserial ca.srl \
+	-days 36500 
+rm intermediate.csr
+
+echo "0000000000000001" > ca.srl
+echo "0000000000000001" > intermediate.srl
+
+for name in test1.ssl test2.ssl; do
+	echo Generate server_${name}.csr
+	openssl req -new -out server_${name}.csr -key server.key -config server_${name}.conf -days 36500
+	echo Generate server_${name}.crt
+	openssl x509 -req \
+		-in server_${name}.csr \
+		-out server_${name}.crt \
+		-extfile server_${name}.conf -extensions v3 \
+		-CA intermediate.crt -CAkey intermediate.key -CAserial intermediate.srl \
+		-days 36500
+	rm server_${name}.csr
+
+	echo Generate server_${name}.pem
+	cat server.key server_${name}.crt intermediate.crt > server_${name}.pem
+done
--- a/tests/ca/intermediate.conf
+++ b/tests/ca/intermediate.conf
@ -0,0 +1,21 @@
+
+oid_section = new_oids
+[ new_oids ]
+
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_key = no
+string_mask = nombstr
+prompt = no
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+OU = lighttpd2 test suite CA
+CN = lighttpd2 test suite Intermediate 1
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true,pathlen:0
+keyUsage=critical,keyCertSign,cRLSign
+nsCertType=sslCA, emailCA, objCA
--- a/tests/ca/intermediate.crt
+++ b/tests/ca/intermediate.crt
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5zCCAs+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgQXV0aG9yaXR5MCAXDTEzMDkxMDExMTkwMVoYDzIxMTMwODE3MTExOTAxWjBQ
+MSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGln
+aHR0cGQyIHRlc3Qgc3VpdGUgSW50ZXJtZWRpYXRlIDEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDH9rrOVtK/W+e7o09Q5V/MrALNX/H7PY2noA7xxlIv
+nVzpsJVnktfJ4WCJKLJQYvDf2xgVHdFTMdUYZCHa4k1BXGYm1WesUvjhZ79Pyl/k
+D7rdyv5hC32sGBeAKSKzETNUCdTzWyfvN+C1gxTBKh1obnG3RMjN9u2BxUajigVd
+3bR9vWS6/5893RBlI61MuQ+N47UCCehIJBLpBuV32kYRTfvY2SCPZl/tbzOIPJfN
+xpu7l8HmcSjwiwmrUkNJB8+UfQN2bYgU9cNlIdXsUAIfOOv9sfl4SNvfQYYCdMf8
+Va3ZA2fe/l3r4AGCq9ElqrPnALJryUazuPkHHz7rt9OJAgMBAAGjgc4wgcswHQYD
+VR0OBBYEFDKGq3SrQfS8CHoIqsp9eAose89rMHMGA1UdIwRsMGqAFBs20uGXXQyu
+ehKj3d5r87e9MHYboU+kTTBLMSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0
+ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggEB
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB
+AQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAgEAWOmhX5wxmNwzqizBsvpTe+KcPy64
+F4AYkf8I9QagOZqf1HIZDxMo2etBNf2a0SePtl0+rjbLozCqpHw5sia7MQIM3bmd
+t2DQtEu1VJxvArfMFijz1AWIPdTMvrlVidfz1ytlxLGODL5bmZgFuAU4fhiCKY8c
+fU4nSvfcb+YkQnbyERHb7dDhsgsLnY41+juK57JyohLmZrzZC+eRqmbz/qWWYH4z
+Y5DUN9l1UiSD9KrTV3s99VzaKxHjJ+8tORbA9HeuTYrmYgL/64rkcaQXDV9wrCdH
+o2JXMRHet4DhFBmwCXLI7WyalsFkysAKdnp1cY54SycuKtuCyR624WOuR+1uBnBV
+mpLR2KEJgrTNMIID18kwQqt+psKeHZTQxoUNfXeAIKMuAbcpUv1CQA6B6gm0Cxa3
+OrsnEL/uODPIvkHhXwns2PkHR4+1nrMVjIl4rBahXu4KXTh0DICPKHduWRU2Pu0k
+u5Vdf0DVEC3cx28vRCaZrpVIzKIXJOtFKe2UQwyUg6YAjMBcr+TModmHwL9XZVhq
+KoZhP3l6OJWAiVWtUhO9MvsgnlhOTlc94FO70zgTZjR4LF51T3pC2MoQXTn1iKtE
+OO2SRhmQUylhZLfcnf8t9df+hHgFHeARwtTlI9GKpI02RL6w1BjLv4b/pxUyNBbR
+niBXXpShNYdMRO8=
+-----END CERTIFICATE-----
--- a/tests/ca/intermediate.key
+++ b/tests/ca/intermediate.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAx/a6zlbSv1vnu6NPUOVfzKwCzV/x+z2Np6AO8cZSL51c6bCV
+Z5LXyeFgiSiyUGLw39sYFR3RUzHVGGQh2uJNQVxmJtVnrFL44We/T8pf5A+63cr+
+YQt9rBgXgCkisxEzVAnU81sn7zfgtYMUwSodaG5xt0TIzfbtgcVGo4oFXd20fb1k
+uv+fPd0QZSOtTLkPjeO1AgnoSCQS6Qbld9pGEU372Nkgj2Zf7W8ziDyXzcabu5fB
+5nEo8IsJq1JDSQfPlH0Ddm2IFPXDZSHV7FACHzjr/bH5eEjb30GGAnTH/FWt2QNn
+3v5d6+ABgqvRJaqz5wCya8lGs7j5Bx8+67fTiQIDAQABAoIBACeJczolFJpdc544
+FhCqqZxwTkWJOPEyJHYGQa4wRkO/24UhMwk9kYkLFOlJsKgQSAwa59IVCTRn3/ho
+pAEBScEoodH/0/XQmgEHYF5IZ1lSeuIrpsxNV1XVlZ/zgjbhqcJuBzruxSCZbca1
+2j6vMw1Y+QcBhKqkriVAek0PlywNtoZjZcm/xUK0bm76kifxMmM2NwGwzi0Y0SOu
+sppbkTezTJSWRMIt2xvSLyuQIEkW9mG+GPXN98tQPipbtKyAaV8hy+1cx2NG86An
+jbGFXV5PazxZI+YHXLfp/gfeAU8ib3zXwU8EgHK/BNLsdFgXTG1hEVhv6CaCJgKp
+aP1zYVkCgYEA6MJimLakxyJB1HU8K5Glm6j1yzuztfsubFgbaiQ5gRE7QHglco+S
+Ms4bs58aKBP/e91kI1Q73cOSD8Gp2txVkd2yPWEWGZp+OpI94WpHVQm5G5C82YvY
+oXQvE5OAHmVq+bhX53s5Dv8R0jtuMgE7zdj0zFr6xovtobz24ljEZi8CgYEA2+4M
+6i6F7p7VLReYJMmrNnvu76n4edv5cGymmzE1nuKqdBmQIa6yrxWo3bfCEamXuF8U
+yTTw3cfH6YrzENJhH/hmHXYsEl/KGOc3ShwcYAqeKyZ/7SqvUIUYuwUuP4QdMCGi
+GDhZuhjfQzGQDwfBHQrlPcrsmOvjRnECeeolq8cCgYA1dGcGYXPIU+LAc0glTWa2
+MAB68zQbiBsqQLXTE4ytSpLMBIu9GqHdzx3ni5OLPsR+4uJbhr3U+VQzECv9GnsA
+a+TCWeikaqmws+NIQIsvSXNclEn6wDY5JiClo0taL7p4rVBq1g7NleC24nU1QLlG
+VhwqTn6nWH1zlp0wcGhyewKBgCRSxL9Iv8YRZZP0+aPZyvVMssHSiL9XnXL7/uhS
+0FBVj2Ftd2iYudpA8Yrs9piEMhK5YW152O5IOLRRxqNYm8Hz/KmRAuZl+7LxPSh4
+TBdwqX7m9OnuytW5pcP9rw2+fDOe2m61n9wkj3tBjFFvLm3lhscV5M285+SSdZ49
+FcuxAoGAVt9op45JFVZKwrIN8pgehqDhVbDGWye7TG+wieqh0FcqK+OrIEwgDWgp
+ckisKGLA6UPgDHPx3zeBKIbnYO9EWUTkQRfgo/7iWaNtbC8M6bV+m9Z/OIqmnq0s
+NeX8QG6mkoozGDL1pklyCYroPYcJJWvbUJAoBFpjKx758tdpj+o=
+-----END RSA PRIVATE KEY-----
--- a/tests/ca/intermediate.srl
+++ b/tests/ca/intermediate.srl
@ -0,0 +1 @@
+03
--- a/tests/ca/server.key
+++ b/tests/ca/server.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzUHX0WxupoY0luX+23bAhnxxgG2G/p/RXLdqfb/pD8r910Nf
+n9We+D7F7NtJlLIjSQU+FBv/YxzLpyjcDw+1gkotEpgWenkipF1zALN0OxYFMGKq
+at9QxXFUwXSl538LX/rw0zRngXiPxHAXjCcL8fYkX9areqkhn8JJPlQddbyEQXZb
+OuA0xM8dQciJgFI2IJ7/2vySOxHEz03f+TfU83hkS0XpDCJXeWoo699hu37j/F6D
+XN4q0rhLkxe7bYqgALz0w40L6y5TSo21t8XgvlOa1ClhlMi9toQS6HJ0aswkDi8r
+tUQwkV2bBySd4e+tO7CxjNalsH+ULbYZSOZpfwIDAQABAoIBAQC79nLbjg+aIUYh
+dYc4lHvj7CvIbwRzQglofXJgq5CS7NIeAc2cwfQs4tc/euTb7XGQmeNqaOUrbyAz
+J/kjv8pzCGQaIQVLb8Cg60f1DY5MYYY9BGZgt0log36hoazAs143IUS9Gdg0fXd
+7sQxjURMFJrkxOINlrp64WFPWZoMyKugyBu5XVixl+riyPp/i3tE82Dj18uAhROw
+Z1biEeaTZ28GEzlQU+snctHVnNz2yT+hqJ18rUdB4EJesjd0yBaMLECnxAOkYdUX
+lKU7sVa2SbVGyOaQHpyD3mqPeYG+y8VNU89Ce4xmeNN4uoQe43OQlTxOBaCj1z/7
+TL8TUCgpAoGBAPiZpdNAcRg4yYkoJn0rs1bhQHNQSBG8Y96lzfJQIbC7SfEjqrj0
+9ozJpreb1s5OscAjkvI9fPCR4novvzAK0j9Xh7K9LsDGFfVUPKhzcyyTbPGVScgX
+lc0lu9vYasMTK1OTdDyGDi8bW2aVxtyvaygpRvX6zqw2Z7nvInoUzNyrAoGBANNd
+6x7qHRETt2nifxYKhMe5pO6cfV4ZlzNviD/Ttquaor7Nju5eOOBlnEDbmvBfufKC
+5dIvPYQndPvFcZMJwkFb36GIFi6L79Dz1LTDROcgQ9yw3u/ZrkOX6hp7yqfDxZD9
+Y6ug/PZbhtxqYRUd9ZPegGNFeyFOnl+M9mT/x/59AoGBAKHLdfY4YaKvCtN+UxZy
+A6VOsqCaJl2Mq77zUEcdSd/49NXBLdJ0c6YLc7rZ7QKWiu8O+As6Y386oxh8zMSa
+tl1NPV7h63TBNvdVHKlRgisHxAay77MPToqWvV4Gyu0tI6ygMi1V3hNgjasFXcix
+Tl90Bd//nNTOD9IeReUIdpBDAoGBALL7rMYY6VQ0pfP74DIB5j5abdfAnEi60taz
+c2TZGq5l27pGxuoCz5b1dENXsvQpm4RIY+SALE9kOiOZJnukn+JIsi5O1rnDtefz
+EgOf9xDguZaAD8h7RJ3oXkze1tUJaptEdso3IP5csu6jBmKjY/k7SOzHQWUK9gFj
+lKIiFnDhAoGAOFTVbGpNm5l2AdQziVnA/HvZkDTnVx39huDqDf+W8h3qNUkR/m3D
+hZyK0AZAKOx3yflpA+rzRLwy23rFx3tLyVLGANa7/eLs1rRECWYiqdORUPHtMSfm
+8mxMxqfZPAhnPYTfJS6uXltDSDaHJS4Y7CEY39nAs5doNK6PIzYlfR0=
+-----END RSA PRIVATE KEY-----
--- a/tests/ca/server_test1.ssl.conf
+++ b/tests/ca/server_test1.ssl.conf
@ -0,0 +1,23 @@
+
+oid_section = new_oids
+[ new_oids ]
+
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_key = no
+string_mask = nombstr
+prompt = no
+x509_extensions = v3
+
+[ req_distinguished_name ]
+OU = lighttpd2 test suite CA
+CN = test1.ssl
+
+[ v3 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:false
+keyUsage=digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=serverAuth
+nsCertType=server
+subjectAltName=DNS:test1.ssl
--- a/tests/ca/server_test1.ssl.crt
+++ b/tests/ca/server_test1.ssl.crt
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgSW50ZXJtZWRpYXRlIDEwIBcNMTMwOTEwMTExOTAxWhgPMjExMzA4MTcxMTE5
+MDFaMDYxIDAeBgNVBAsTF2xpZ2h0dHBkMiB0ZXN0IHN1aXRlIENBMRIwEAYDVQQD
+Ewl0ZXN0MS5zc2wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQdfR
+bG6mhjSW5f7bdsCGfHGAbYb+n9Fct2p9v+kPyv3XQ1+f1Z74PsXs20mUsiNJBT4U
+G/9jHMunKNwPD7WCSi0SmBZ6eSKkXXMAs3Q7FgUwYqpq31DFcVTBdKXnfwtf+vDT
+NGeBeI/EcBeMJwvx9iRf1qt6qSGfwkk+VB11vIRBdls64DTEzx1ByImAUjYgnv/a
+/JI7EcTPTd/5N9TzeGRLRekMIld5aijr32G7fuP8XoNc3irSuEuTF7ttiqAAvPTD
+jQvrLlNKjbW3xeC+U5rUKWGUyL22hBLocnRqzCQOLyu1RDCRXZsHJJ3h7607sLGM
+1qWwf5QtthlI5ml/AgMBAAGjge0wgeowHQYDVR0OBBYEFOy5ob+vHAflCwdbOLLT
+vMoZrrmOMHMGA1UdIwRsMGqAFDKGq3SrQfS8CHoIqsp9eAose89roU+kTTBLMSAw
+HgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0
+cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggECMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAUBgNV
+HREEDTALggl0ZXN0MS5zc2wwDQYJKoZIhvcNAQEFBQADggEBAJf/jjXe1lCwzbjo
+G6kUDiFWI0bbWsAPvz6BTkR4Rq4OzrDAOmtaDAJmSEQZoaLP7lKZztlGR9/cAZOY
+l3ibuVXe6l8YWeK7Z3Ngm9BHAl7WFr6C5eG7IaJhGJiZkHl4AhYhtfzygpeaKEOq
+Gw+36w35/gIBh1052ftnBkMmqDdfFkvNngJWXsnk9D8vqBqVbpzJBaSahvQGQksy
+iMbLvvlqxrWob/GqkcySiF+JLWdKToIrHBR/WblZshmTL9zRoqIikgfT+gu9wg5Y
+kmnZ9Vj5fC4lW7sYayurHZa3UEMqcUQTFMyKeplHUt43lFoQN9QmGFj9ZSHlSSGR
+kNd1b8I=
+-----END CERTIFICATE-----
--- a/tests/ca/server_test1.ssl.pem
+++ b/tests/ca/server_test1.ssl.pem
@ -0,0 +1,80 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzUHX0WxupoY0luX+23bAhnxxgG2G/p/RXLdqfb/pD8r910Nf
+n9We+D7F7NtJlLIjSQU+FBv/YxzLpyjcDw+1gkotEpgWenkipF1zALN0OxYFMGKq
+at9QxXFUwXSl538LX/rw0zRngXiPxHAXjCcL8fYkX9areqkhn8JJPlQddbyEQXZb
+OuA0xM8dQciJgFI2IJ7/2vySOxHEz03f+TfU83hkS0XpDCJXeWoo699hu37j/F6D
+XN4q0rhLkxe7bYqgALz0w40L6y5TSo21t8XgvlOa1ClhlMi9toQS6HJ0aswkDi8r
+tUQwkV2bBySd4e+tO7CxjNalsH+ULbYZSOZpfwIDAQABAoIBAQC79nLbjg+aIUYh
+dYc4lHvj7CvIbwRzQglofXJgq5CS7NIeAc2cwfQs4tc/euTb7XGQmeNqaOUrbyAz
+J/kjv8pzCGQaIQVLb8Cg60f1DY5MYYY9BGZgt0log36hoazAs143IUS9Gdg0fXd
+7sQxjURMFJrkxOINlrp64WFPWZoMyKugyBu5XVixl+riyPp/i3tE82Dj18uAhROw
+Z1biEeaTZ28GEzlQU+snctHVnNz2yT+hqJ18rUdB4EJesjd0yBaMLECnxAOkYdUX
+lKU7sVa2SbVGyOaQHpyD3mqPeYG+y8VNU89Ce4xmeNN4uoQe43OQlTxOBaCj1z/7
+TL8TUCgpAoGBAPiZpdNAcRg4yYkoJn0rs1bhQHNQSBG8Y96lzfJQIbC7SfEjqrj0
+9ozJpreb1s5OscAjkvI9fPCR4novvzAK0j9Xh7K9LsDGFfVUPKhzcyyTbPGVScgX
+lc0lu9vYasMTK1OTdDyGDi8bW2aVxtyvaygpRvX6zqw2Z7nvInoUzNyrAoGBANNd
+6x7qHRETt2nifxYKhMe5pO6cfV4ZlzNviD/Ttquaor7Nju5eOOBlnEDbmvBfufKC
+5dIvPYQndPvFcZMJwkFb36GIFi6L79Dz1LTDROcgQ9yw3u/ZrkOX6hp7yqfDxZD9
+Y6ug/PZbhtxqYRUd9ZPegGNFeyFOnl+M9mT/x/59AoGBAKHLdfY4YaKvCtN+UxZy
+A6VOsqCaJl2Mq77zUEcdSd/49NXBLdJ0c6YLc7rZ7QKWiu8O+As6Y386oxh8zMSa
+tl1NPV7h63TBNvdVHKlRgisHxAay77MPToqWvV4Gyu0tI6ygMi1V3hNgjasFXcix
+Tl90Bd//nNTOD9IeReUIdpBDAoGBALL7rMYY6VQ0pfP74DIB5j5abdfAnEi60taz
+c2TZGq5l27pGxuoCz5b1dENXsvQpm4RIY+SALE9kOiOZJnukn+JIsi5O1rnDtefz
+EgOf9xDguZaAD8h7RJ3oXkze1tUJaptEdso3IP5csu6jBmKjY/k7SOzHQWUK9gFj
+lKIiFnDhAoGAOFTVbGpNm5l2AdQziVnA/HvZkDTnVx39huDqDf+W8h3qNUkR/m3D
+hZyK0AZAKOx3yflpA+rzRLwy23rFx3tLyVLGANa7/eLs1rRECWYiqdORUPHtMSfm
+8mxMxqfZPAhnPYTfJS6uXltDSDaHJS4Y7CEY39nAs5doNK6PIzYlfR0=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgSW50ZXJtZWRpYXRlIDEwIBcNMTMwOTEwMTExOTAxWhgPMjExMzA4MTcxMTE5
+MDFaMDYxIDAeBgNVBAsTF2xpZ2h0dHBkMiB0ZXN0IHN1aXRlIENBMRIwEAYDVQQD
+Ewl0ZXN0MS5zc2wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQdfR
+bG6mhjSW5f7bdsCGfHGAbYb+n9Fct2p9v+kPyv3XQ1+f1Z74PsXs20mUsiNJBT4U
+G/9jHMunKNwPD7WCSi0SmBZ6eSKkXXMAs3Q7FgUwYqpq31DFcVTBdKXnfwtf+vDT
+NGeBeI/EcBeMJwvx9iRf1qt6qSGfwkk+VB11vIRBdls64DTEzx1ByImAUjYgnv/a
+/JI7EcTPTd/5N9TzeGRLRekMIld5aijr32G7fuP8XoNc3irSuEuTF7ttiqAAvPTD
+jQvrLlNKjbW3xeC+U5rUKWGUyL22hBLocnRqzCQOLyu1RDCRXZsHJJ3h7607sLGM
+1qWwf5QtthlI5ml/AgMBAAGjge0wgeowHQYDVR0OBBYEFOy5ob+vHAflCwdbOLLT
+vMoZrrmOMHMGA1UdIwRsMGqAFDKGq3SrQfS8CHoIqsp9eAose89roU+kTTBLMSAw
+HgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0
+cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggECMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAUBgNV
+HREEDTALggl0ZXN0MS5zc2wwDQYJKoZIhvcNAQEFBQADggEBAJf/jjXe1lCwzbjo
+G6kUDiFWI0bbWsAPvz6BTkR4Rq4OzrDAOmtaDAJmSEQZoaLP7lKZztlGR9/cAZOY
+l3ibuVXe6l8YWeK7Z3Ngm9BHAl7WFr6C5eG7IaJhGJiZkHl4AhYhtfzygpeaKEOq
+Gw+36w35/gIBh1052ftnBkMmqDdfFkvNngJWXsnk9D8vqBqVbpzJBaSahvQGQksy
+iMbLvvlqxrWob/GqkcySiF+JLWdKToIrHBR/WblZshmTL9zRoqIikgfT+gu9wg5Y
+kmnZ9Vj5fC4lW7sYayurHZa3UEMqcUQTFMyKeplHUt43lFoQN9QmGFj9ZSHlSSGR
+kNd1b8I=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE5zCCAs+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgQXV0aG9yaXR5MCAXDTEzMDkxMDExMTkwMVoYDzIxMTMwODE3MTExOTAxWjBQ
+MSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGln
+aHR0cGQyIHRlc3Qgc3VpdGUgSW50ZXJtZWRpYXRlIDEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDH9rrOVtK/W+e7o09Q5V/MrALNX/H7PY2noA7xxlIv
+nVzpsJVnktfJ4WCJKLJQYvDf2xgVHdFTMdUYZCHa4k1BXGYm1WesUvjhZ79Pyl/k
+D7rdyv5hC32sGBeAKSKzETNUCdTzWyfvN+C1gxTBKh1obnG3RMjN9u2BxUajigVd
+3bR9vWS6/5893RBlI61MuQ+N47UCCehIJBLpBuV32kYRTfvY2SCPZl/tbzOIPJfN
+xpu7l8HmcSjwiwmrUkNJB8+UfQN2bYgU9cNlIdXsUAIfOOv9sfl4SNvfQYYCdMf8
+Va3ZA2fe/l3r4AGCq9ElqrPnALJryUazuPkHHz7rt9OJAgMBAAGjgc4wgcswHQYD
+VR0OBBYEFDKGq3SrQfS8CHoIqsp9eAose89rMHMGA1UdIwRsMGqAFBs20uGXXQyu
+ehKj3d5r87e9MHYboU+kTTBLMSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0
+ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggEB
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB
+AQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAgEAWOmhX5wxmNwzqizBsvpTe+KcPy64
+F4AYkf8I9QagOZqf1HIZDxMo2etBNf2a0SePtl0+rjbLozCqpHw5sia7MQIM3bmd
+t2DQtEu1VJxvArfMFijz1AWIPdTMvrlVidfz1ytlxLGODL5bmZgFuAU4fhiCKY8c
+fU4nSvfcb+YkQnbyERHb7dDhsgsLnY41+juK57JyohLmZrzZC+eRqmbz/qWWYH4z
+Y5DUN9l1UiSD9KrTV3s99VzaKxHjJ+8tORbA9HeuTYrmYgL/64rkcaQXDV9wrCdH
+o2JXMRHet4DhFBmwCXLI7WyalsFkysAKdnp1cY54SycuKtuCyR624WOuR+1uBnBV
+mpLR2KEJgrTNMIID18kwQqt+psKeHZTQxoUNfXeAIKMuAbcpUv1CQA6B6gm0Cxa3
+OrsnEL/uODPIvkHhXwns2PkHR4+1nrMVjIl4rBahXu4KXTh0DICPKHduWRU2Pu0k
+u5Vdf0DVEC3cx28vRCaZrpVIzKIXJOtFKe2UQwyUg6YAjMBcr+TModmHwL9XZVhq
+KoZhP3l6OJWAiVWtUhO9MvsgnlhOTlc94FO70zgTZjR4LF51T3pC2MoQXTn1iKtE
+OO2SRhmQUylhZLfcnf8t9df+hHgFHeARwtTlI9GKpI02RL6w1BjLv4b/pxUyNBbR
+niBXXpShNYdMRO8=
+-----END CERTIFICATE-----
--- a/tests/ca/server_test2.ssl.conf
+++ b/tests/ca/server_test2.ssl.conf
@ -0,0 +1,23 @@
+
+oid_section = new_oids
+[ new_oids ]
+
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_key = no
+string_mask = nombstr
+prompt = no
+x509_extensions = v3
+
+[ req_distinguished_name ]
+OU = lighttpd2 test suite CA
+CN = test2.ssl
+
+[ v3 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:false
+keyUsage=digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=serverAuth
+nsCertType=server
+subjectAltName=DNS:test2.ssl
--- a/tests/ca/server_test2.ssl.crt
+++ b/tests/ca/server_test2.ssl.crt
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgSW50ZXJtZWRpYXRlIDEwIBcNMTMwOTEwMTExOTAxWhgPMjExMzA4MTcxMTE5
+MDFaMDYxIDAeBgNVBAsTF2xpZ2h0dHBkMiB0ZXN0IHN1aXRlIENBMRIwEAYDVQQD
+Ewl0ZXN0Mi5zc2wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQdfR
+bG6mhjSW5f7bdsCGfHGAbYb+n9Fct2p9v+kPyv3XQ1+f1Z74PsXs20mUsiNJBT4U
+G/9jHMunKNwPD7WCSi0SmBZ6eSKkXXMAs3Q7FgUwYqpq31DFcVTBdKXnfwtf+vDT
+NGeBeI/EcBeMJwvx9iRf1qt6qSGfwkk+VB11vIRBdls64DTEzx1ByImAUjYgnv/a
+/JI7EcTPTd/5N9TzeGRLRekMIld5aijr32G7fuP8XoNc3irSuEuTF7ttiqAAvPTD
+jQvrLlNKjbW3xeC+U5rUKWGUyL22hBLocnRqzCQOLyu1RDCRXZsHJJ3h7607sLGM
+1qWwf5QtthlI5ml/AgMBAAGjge0wgeowHQYDVR0OBBYEFOy5ob+vHAflCwdbOLLT
+vMoZrrmOMHMGA1UdIwRsMGqAFDKGq3SrQfS8CHoIqsp9eAose89roU+kTTBLMSAw
+HgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0
+cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggECMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAUBgNV
+HREEDTALggl0ZXN0Mi5zc2wwDQYJKoZIhvcNAQEFBQADggEBACcAlRk/a/BsIKpn
+KqRZbqWyNtFUW9psPQz/C95LXr+hm7Ib42O2N/NcLcDvnBB9028BYsgYwT3WCOqk
+L3TL+EFHl2gUdubb7LG7NCiGAKalMFhxEDMr93LyQ26fSjN+wn2N2k8PZu2TnlUU
+8Y0F15Azds1xH+Ecl1uEWJbgHL4pWabLGoW0sdo6YkZNIHPFk/UNA7U6mMhO8uZc
+bZLiVrfyqQKmqQxKuN/L3Cc0/KgFPjvRtI60X9w6fyfdprcLWIfBwT7ojhgKldY7
+y+c2/t48hmA3GrL2b25G1axWqtK5b0n3tKXwcoOWYPCC/VOjpYy6E4ARLLGoQGSK
+WLfqTtA=
+-----END CERTIFICATE-----
--- a/tests/ca/server_test2.ssl.pem
+++ b/tests/ca/server_test2.ssl.pem
@ -0,0 +1,80 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzUHX0WxupoY0luX+23bAhnxxgG2G/p/RXLdqfb/pD8r910Nf
+n9We+D7F7NtJlLIjSQU+FBv/YxzLpyjcDw+1gkotEpgWenkipF1zALN0OxYFMGKq
+at9QxXFUwXSl538LX/rw0zRngXiPxHAXjCcL8fYkX9areqkhn8JJPlQddbyEQXZb
+OuA0xM8dQciJgFI2IJ7/2vySOxHEz03f+TfU83hkS0XpDCJXeWoo699hu37j/F6D
+XN4q0rhLkxe7bYqgALz0w40L6y5TSo21t8XgvlOa1ClhlMi9toQS6HJ0aswkDi8r
+tUQwkV2bBySd4e+tO7CxjNalsH+ULbYZSOZpfwIDAQABAoIBAQC79nLbjg+aIUYh
+dYc4lHvj7CvIbwRzQglofXJgq5CS7NIeAc2cwfQs4tc/euTb7XGQmeNqaOUrbyAz
+J/kjv8pzCGQaIQVLb8Cg60f1DY5MYYY9BGZgt0log36hoazAs143IUS9Gdg0fXd
+7sQxjURMFJrkxOINlrp64WFPWZoMyKugyBu5XVixl+riyPp/i3tE82Dj18uAhROw
+Z1biEeaTZ28GEzlQU+snctHVnNz2yT+hqJ18rUdB4EJesjd0yBaMLECnxAOkYdUX
+lKU7sVa2SbVGyOaQHpyD3mqPeYG+y8VNU89Ce4xmeNN4uoQe43OQlTxOBaCj1z/7
+TL8TUCgpAoGBAPiZpdNAcRg4yYkoJn0rs1bhQHNQSBG8Y96lzfJQIbC7SfEjqrj0
+9ozJpreb1s5OscAjkvI9fPCR4novvzAK0j9Xh7K9LsDGFfVUPKhzcyyTbPGVScgX
+lc0lu9vYasMTK1OTdDyGDi8bW2aVxtyvaygpRvX6zqw2Z7nvInoUzNyrAoGBANNd
+6x7qHRETt2nifxYKhMe5pO6cfV4ZlzNviD/Ttquaor7Nju5eOOBlnEDbmvBfufKC
+5dIvPYQndPvFcZMJwkFb36GIFi6L79Dz1LTDROcgQ9yw3u/ZrkOX6hp7yqfDxZD9
+Y6ug/PZbhtxqYRUd9ZPegGNFeyFOnl+M9mT/x/59AoGBAKHLdfY4YaKvCtN+UxZy
+A6VOsqCaJl2Mq77zUEcdSd/49NXBLdJ0c6YLc7rZ7QKWiu8O+As6Y386oxh8zMSa
+tl1NPV7h63TBNvdVHKlRgisHxAay77MPToqWvV4Gyu0tI6ygMi1V3hNgjasFXcix
+Tl90Bd//nNTOD9IeReUIdpBDAoGBALL7rMYY6VQ0pfP74DIB5j5abdfAnEi60taz
+c2TZGq5l27pGxuoCz5b1dENXsvQpm4RIY+SALE9kOiOZJnukn+JIsi5O1rnDtefz
+EgOf9xDguZaAD8h7RJ3oXkze1tUJaptEdso3IP5csu6jBmKjY/k7SOzHQWUK9gFj
+lKIiFnDhAoGAOFTVbGpNm5l2AdQziVnA/HvZkDTnVx39huDqDf+W8h3qNUkR/m3D
+hZyK0AZAKOx3yflpA+rzRLwy23rFx3tLyVLGANa7/eLs1rRECWYiqdORUPHtMSfm
+8mxMxqfZPAhnPYTfJS6uXltDSDaHJS4Y7CEY39nAs5doNK6PIzYlfR0=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgSW50ZXJtZWRpYXRlIDEwIBcNMTMwOTEwMTExOTAxWhgPMjExMzA4MTcxMTE5
+MDFaMDYxIDAeBgNVBAsTF2xpZ2h0dHBkMiB0ZXN0IHN1aXRlIENBMRIwEAYDVQQD
+Ewl0ZXN0Mi5zc2wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQdfR
+bG6mhjSW5f7bdsCGfHGAbYb+n9Fct2p9v+kPyv3XQ1+f1Z74PsXs20mUsiNJBT4U
+G/9jHMunKNwPD7WCSi0SmBZ6eSKkXXMAs3Q7FgUwYqpq31DFcVTBdKXnfwtf+vDT
+NGeBeI/EcBeMJwvx9iRf1qt6qSGfwkk+VB11vIRBdls64DTEzx1ByImAUjYgnv/a
+/JI7EcTPTd/5N9TzeGRLRekMIld5aijr32G7fuP8XoNc3irSuEuTF7ttiqAAvPTD
+jQvrLlNKjbW3xeC+U5rUKWGUyL22hBLocnRqzCQOLyu1RDCRXZsHJJ3h7607sLGM
+1qWwf5QtthlI5ml/AgMBAAGjge0wgeowHQYDVR0OBBYEFOy5ob+vHAflCwdbOLLT
+vMoZrrmOMHMGA1UdIwRsMGqAFDKGq3SrQfS8CHoIqsp9eAose89roU+kTTBLMSAw
+HgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0
+cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggECMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAUBgNV
+HREEDTALggl0ZXN0Mi5zc2wwDQYJKoZIhvcNAQEFBQADggEBACcAlRk/a/BsIKpn
+KqRZbqWyNtFUW9psPQz/C95LXr+hm7Ib42O2N/NcLcDvnBB9028BYsgYwT3WCOqk
+L3TL+EFHl2gUdubb7LG7NCiGAKalMFhxEDMr93LyQ26fSjN+wn2N2k8PZu2TnlUU
+8Y0F15Azds1xH+Ecl1uEWJbgHL4pWabLGoW0sdo6YkZNIHPFk/UNA7U6mMhO8uZc
+bZLiVrfyqQKmqQxKuN/L3Cc0/KgFPjvRtI60X9w6fyfdprcLWIfBwT7ojhgKldY7
+y+c2/t48hmA3GrL2b25G1axWqtK5b0n3tKXwcoOWYPCC/VOjpYy6E4ARLLGoQGSK
+WLfqTtA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE5zCCAs+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMSAwHgYDVQQLExdsaWdo
+dHRwZDIgdGVzdCBzdWl0ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3Vp
+dGUgQXV0aG9yaXR5MCAXDTEzMDkxMDExMTkwMVoYDzIxMTMwODE3MTExOTAxWjBQ
+MSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0ZSBDQTEsMCoGA1UEAxMjbGln
+aHR0cGQyIHRlc3Qgc3VpdGUgSW50ZXJtZWRpYXRlIDEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDH9rrOVtK/W+e7o09Q5V/MrALNX/H7PY2noA7xxlIv
+nVzpsJVnktfJ4WCJKLJQYvDf2xgVHdFTMdUYZCHa4k1BXGYm1WesUvjhZ79Pyl/k
+D7rdyv5hC32sGBeAKSKzETNUCdTzWyfvN+C1gxTBKh1obnG3RMjN9u2BxUajigVd
+3bR9vWS6/5893RBlI61MuQ+N47UCCehIJBLpBuV32kYRTfvY2SCPZl/tbzOIPJfN
+xpu7l8HmcSjwiwmrUkNJB8+UfQN2bYgU9cNlIdXsUAIfOOv9sfl4SNvfQYYCdMf8
+Va3ZA2fe/l3r4AGCq9ElqrPnALJryUazuPkHHz7rt9OJAgMBAAGjgc4wgcswHQYD
+VR0OBBYEFDKGq3SrQfS8CHoIqsp9eAose89rMHMGA1UdIwRsMGqAFBs20uGXXQyu
+ehKj3d5r87e9MHYboU+kTTBLMSAwHgYDVQQLExdsaWdodHRwZDIgdGVzdCBzdWl0
+ZSBDQTEnMCUGA1UEAxMebGlnaHR0cGQyIHRlc3Qgc3VpdGUgQXV0aG9yaXR5ggEB
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB
+AQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAgEAWOmhX5wxmNwzqizBsvpTe+KcPy64
+F4AYkf8I9QagOZqf1HIZDxMo2etBNf2a0SePtl0+rjbLozCqpHw5sia7MQIM3bmd
+t2DQtEu1VJxvArfMFijz1AWIPdTMvrlVidfz1ytlxLGODL5bmZgFuAU4fhiCKY8c
+fU4nSvfcb+YkQnbyERHb7dDhsgsLnY41+juK57JyohLmZrzZC+eRqmbz/qWWYH4z
+Y5DUN9l1UiSD9KrTV3s99VzaKxHjJ+8tORbA9HeuTYrmYgL/64rkcaQXDV9wrCdH
+o2JXMRHet4DhFBmwCXLI7WyalsFkysAKdnp1cY54SycuKtuCyR624WOuR+1uBnBV
+mpLR2KEJgrTNMIID18kwQqt+psKeHZTQxoUNfXeAIKMuAbcpUv1CQA6B6gm0Cxa3
+OrsnEL/uODPIvkHhXwns2PkHR4+1nrMVjIl4rBahXu4KXTh0DICPKHduWRU2Pu0k
+u5Vdf0DVEC3cx28vRCaZrpVIzKIXJOtFKe2UQwyUg6YAjMBcr+TModmHwL9XZVhq
+KoZhP3l6OJWAiVWtUhO9MvsgnlhOTlc94FO70zgTZjR4LF51T3pC2MoQXTn1iKtE
+OO2SRhmQUylhZLfcnf8t9df+hHgFHeARwtTlI9GKpI02RL6w1BjLv4b/pxUyNBbR
+niBXXpShNYdMRO8=
+-----END CERTIFICATE-----
--- a/tests/requests.py
+++ b/tests/requests.py
@ -6,6 +6,7 @@ import StringIO
 import sys
 import zlib
 import bz2
+import os

 from base import *

@ -72,7 +73,13 @@ class CurlRequest(TestBase):
 		if None != self.ACCEPT_ENCODING:
 			reqheaders += ["Accept-Encoding: " + self.ACCEPT_ENCODING]
 		c = pycurl.Curl()
-		c.setopt(pycurl.URL, self.SCHEME + ("://127.0.0.2:%i" % (Env.port + self.PORT)) + self.URL)
+		c.setopt(pycurl.CAINFO, os.path.join(Env.sourcedir, "tests", "ca", "ca.crt"))
+		if hasattr(pycurl, 'RESOLVE'):
+			c.setopt(pycurl.URL, self.SCHEME + ("://%s:%i" % (self.vhost or '127.0.0.2', Env.port + self.PORT)) + self.URL)
+			c.setopt(pycurl.RESOLVE, ['%s:%i:127.0.0.2' % (self.vhost, Env.port + self.PORT)])
+		else:
+			c.setopt(pycurl.URL, self.SCHEME + ("://127.0.0.2:%i" % (Env.port + self.PORT)) + self.URL)
+			c.setopt(pycurl.SSL_VERIFYHOST, 0)
 		c.setopt(pycurl.HTTPHEADER, reqheaders)
 		c.setopt(pycurl.NOSIGNAL, 1)
 		c.setopt(pycurl.TIMEOUT, 2)
--- a/tests/runtests.py
+++ b/tests/runtests.py
@ -71,8 +71,8 @@ Env.no_cleanup = options.no_cleanup
 Env.force_cleanup = options.force_cleanup
 Env.port = find_port(options.port)
 Env.tests = options.tests
-Env.sourcedir = os.path.abspath(os.path.dirname(__file__))
-Env.docdir = os.path.join(os.path.dirname(Env.sourcedir), "doc")
+Env.sourcedir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
+Env.docdir = os.path.join(Env.sourcedir, "doc")
 Env.debugRequests = options.debug_requests
 Env.strace = options.strace
 Env.truss = options.truss
--- a/tests/t-gnutls.py
+++ b/tests/t-gnutls.py
@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+
+from base import *
+from requests import *
+
+class TestSimpleRequest(CurlRequest):
+	PORT = 1
+	SCHEME = "https"
+	URL = "/test.txt"
+	EXPECT_RESPONSE_BODY = TEST_TXT
+	EXPECT_RESPONSE_CODE = 200
+	EXPECT_RESPONSE_HEADERS = [("Content-Type", "text/plain; charset=utf-8")]
+	vhost = "test1.ssl"
+
+class TestSNI(CurlRequest):
+	PORT = 1
+	SCHEME = "https"
+	URL = "/test.txt"
+	EXPECT_RESPONSE_BODY = TEST_TXT
+	EXPECT_RESPONSE_CODE = 200
+	EXPECT_RESPONSE_HEADERS = [("Content-Type", "text/plain; charset=utf-8")]
+	vhost = "test2.ssl"
+
+
+class Test(GroupTest):
+	group = [
+		TestSimpleRequest,
+		TestSNI
+	]
--- a/tests/t-memcached.py
+++ b/tests/t-memcached.py
@ -15,7 +15,7 @@ class Memcached(Service):
 	def __init__(self):
 		super(Memcached, self).__init__()
 		self.sockfile = os.path.join(base.Env.dir, "tmp", "sockets", self.name + ".sock")
-		self.binary = [ os.path.join(base.Env.sourcedir, "run-memcached.py") ]
+		self.binary = [ os.path.join(base.Env.sourcedir, "tests", "run-memcached.py") ]


 	def Prepare(self):
--- a/tests/t-openssl.py
+++ b/tests/t-openssl.py
@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+from base import *
+from requests import *
+
+class TestSimpleRequest(CurlRequest):
+	PORT = 2
+	SCHEME = "https"
+	URL = "/test.txt"
+	EXPECT_RESPONSE_BODY = TEST_TXT
+	EXPECT_RESPONSE_CODE = 200
+	EXPECT_RESPONSE_HEADERS = [("Content-Type", "text/plain; charset=utf-8")]
+	vhost = "test1.ssl"
+
+class Test(GroupTest):
+	group = [
+		TestSimpleRequest
+	]
--- a/tests/t-scgi.py
+++ b/tests/t-scgi.py
@ -14,7 +14,7 @@ class SCGI(Service):
 	def __init__(self):
 		super(SCGI, self).__init__()
 		self.sockfile = os.path.join(base.Env.dir, "tmp", "sockets", self.name + ".sock")
-		self.binary = [ os.path.join(base.Env.sourcedir, "run-scgi-envcheck.py") ]
+		self.binary = [ os.path.join(base.Env.sourcedir, "tests", "run-scgi-envcheck.py") ]

 	def Prepare(self):
 		sockdir = self.tests.PrepareDir(os.path.join("tmp", "sockets"))