summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorDongHun Kwak <dh0128.kwak@samsung.com>2021-03-05 10:08:20 +0900
committerDongHun Kwak <dh0128.kwak@samsung.com>2021-03-05 10:08:20 +0900
commitafd456999b076e5e6505dd5ca6942a5e7471c70c (patch)
tree9ee11bda8c1d6ada1938b0324ed01a2d99e99178 /tests
parent429760a22c7e2ff8a2de69744b04aa4b2f202119 (diff)
downloadwget-afd456999b076e5e6505dd5ca6942a5e7471c70c.tar.gz
wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.tar.bz2
wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.zip
Imported Upstream version 1.19.2upstream/1.19.2
Diffstat (limited to 'tests')
-rw-r--r--tests/FTPServer.pm2
-rw-r--r--tests/FTPTest.pm2
-rw-r--r--tests/HTTPServer.pm2
-rw-r--r--tests/HTTPTest.pm2
-rw-r--r--tests/Makefile.am13
-rw-r--r--tests/Makefile.in29
-rw-r--r--tests/SSLServer.pm236
-rw-r--r--tests/SSLTest.pm73
-rw-r--r--tests/Test-https-badcerts.px139
-rwxr-xr-xtests/Test-https-clientcert.px133
-rwxr-xr-xtests/Test-https-crl.px136
-rwxr-xr-xtests/Test-https-pfs.px78
-rwxr-xr-xtests/Test-https-selfsigned.px114
-rwxr-xr-xtests/Test-https-tlsv1.px78
-rwxr-xr-xtests/Test-https-tlsv1x.px79
-rwxr-xr-xtests/Test-https-weboftrust.px125
-rwxr-xr-xtests/Test-idn-meta.px2
-rwxr-xr-xtests/Test-proxied-https-auth-keepalive.px2
-rwxr-xr-xtests/Test-proxied-https-auth.px2
-rw-r--r--tests/WgetFeature.cfg6
-rw-r--r--tests/WgetFeature.pm31
-rw-r--r--tests/WgetTests.pm4
-rw-r--r--tests/certs/client.crt148
-rw-r--r--tests/certs/client.key51
-rw-r--r--tests/certs/expired.crt149
-rw-r--r--tests/certs/expired.key51
-rw-r--r--tests/certs/interca.conf64
-rw-r--r--tests/certs/interca.conf.in64
-rw-r--r--tests/certs/interca.crt41
-rw-r--r--tests/certs/interca.key51
-rw-r--r--tests/certs/invalid.crt149
-rw-r--r--tests/certs/invalid.key51
-rw-r--r--tests/certs/revoked.crt41
-rw-r--r--tests/certs/revoked.key51
-rw-r--r--tests/certs/revokedcrl.pem19
-rw-r--r--tests/certs/rootca.conf64
-rw-r--r--tests/certs/rootca.conf.in64
-rw-r--r--tests/certs/selfsigned.crt33
-rw-r--r--tests/certs/selfsigned.key52
-rw-r--r--tests/certs/server.crt28
-rw-r--r--tests/certs/server.key27
-rw-r--r--tests/certs/test-ca-cert.pem35
-rw-r--r--tests/certs/test-ca-key.pem58
-rw-r--r--tests/certs/user.crt148
-rw-r--r--tests/certs/user.key51
-rw-r--r--tests/certs/wgethosts1
-rw-r--r--tests/certs/wotca.pem78
47 files changed, 2815 insertions, 42 deletions
diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
index a5185d6..cac8094 100644
--- a/tests/FTPServer.pm
+++ b/tests/FTPServer.pm
@@ -589,7 +589,7 @@ sub new
foreach my $file (keys %{$self->{_input}})
{
my $ref = \$self->{_input}{$file}{content};
- $$ref =~ s/{{port}}/$self->sockport/eg;
+ $$ref =~ s/\Q{{port}}/$self->sockport/eg;
}
return $self;
diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm
index 50385ad..0a1c768 100644
--- a/tests/FTPTest.pm
+++ b/tests/FTPTest.pm
@@ -53,7 +53,7 @@ sub _substitute_port
{
my $self = shift;
my $ret = shift;
- $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
+ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
return $ret;
}
diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm
index dd8ec04..78609f6 100644
--- a/tests/HTTPServer.pm
+++ b/tests/HTTPServer.pm
@@ -310,7 +310,7 @@ sub _substitute_port
{
my $self = shift;
my $ret = shift;
- $ret =~ s/{{port}}/$self->sockport/eg;
+ $ret =~ s/\Q{{port}}/$self->sockport/eg;
return $ret;
}
diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm
index 00f079f..6225c7f 100644
--- a/tests/HTTPTest.pm
+++ b/tests/HTTPTest.pm
@@ -47,7 +47,7 @@ sub _substitute_port
{
my $self = shift;
my $ret = shift;
- $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
+ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
return $ret;
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c27c4ce..29c113a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -128,10 +128,19 @@ PX_TESTS = \
Test--start-pos--continue.px \
Test--httpsonly-r.px \
Test-204.px \
- Test-ftp-pasv-not-supported.px
+ Test-ftp-pasv-not-supported.px \
+ Test-https-pfs.px \
+ Test-https-tlsv1.px \
+ Test-https-tlsv1x.px \
+ Test-https-selfsigned.px \
+ Test-https-weboftrust.px \
+ Test-https-clientcert.px \
+ Test-https-crl.px \
+ Test-https-badcerts.px
EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \
- WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \
+ SSLTest.pm SSLServer.pm \
+ WgetTests.pm WgetFeature.pm $(PX_TESTS) \
certs valgrind-suppressions valgrind-suppressions-ssl
check_PROGRAMS = unit-tests
diff --git a/tests/Makefile.in b/tests/Makefile.in
index d7ef010..3a3cd17 100644
--- a/tests/Makefile.in
+++ b/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -146,13 +146,14 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/00gnulib.m4 \
$(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \
$(top_srcdir)/m4/futimens.m4 $(top_srcdir)/m4/getaddrinfo.m4 \
$(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \
- $(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/getopt.m4 \
- $(top_srcdir)/m4/getpass.m4 $(top_srcdir)/m4/getprogname.m4 \
- $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gettime.m4 \
- $(top_srcdir)/m4/gettimeofday.m4 \
+ $(top_srcdir)/m4/getgroups.m4 $(top_srcdir)/m4/getline.m4 \
+ $(top_srcdir)/m4/getopt.m4 $(top_srcdir)/m4/getpass.m4 \
+ $(top_srcdir)/m4/getprogname.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/gettime.m4 $(top_srcdir)/m4/gettimeofday.m4 \
$(top_srcdir)/m4/gl-openssl.m4 $(top_srcdir)/m4/glibc21.m4 \
$(top_srcdir)/m4/gnulib-common.m4 \
$(top_srcdir)/m4/gnulib-comp.m4 \
+ $(top_srcdir)/m4/group-member.m4 \
$(top_srcdir)/m4/hard-locale.m4 $(top_srcdir)/m4/hostent.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/iconv_h.m4 \
$(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \
@@ -849,6 +850,9 @@ GNULIB_WRITE = @GNULIB_WRITE@
GNULIB__EXIT = @GNULIB__EXIT@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_LIBS = @GNUTLS_LIBS@
+GPGME_CFLAGS = @GPGME_CFLAGS@
+GPGME_CONFIG = @GPGME_CONFIG@
+GPGME_LIBS = @GPGME_LIBS@
GREP = @GREP@
HAVE_ACCEPT4 = @HAVE_ACCEPT4@
HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@
@@ -1611,10 +1615,19 @@ PX_TESTS = \
Test--start-pos--continue.px \
Test--httpsonly-r.px \
Test-204.px \
- Test-ftp-pasv-not-supported.px
+ Test-ftp-pasv-not-supported.px \
+ Test-https-pfs.px \
+ Test-https-tlsv1.px \
+ Test-https-tlsv1x.px \
+ Test-https-selfsigned.px \
+ Test-https-weboftrust.px \
+ Test-https-clientcert.px \
+ Test-https-crl.px \
+ Test-https-badcerts.px
EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \
- WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \
+ SSLTest.pm SSLServer.pm \
+ WgetTests.pm WgetFeature.pm $(PX_TESTS) \
certs valgrind-suppressions valgrind-suppressions-ssl
unit_tests_SOURCES =
diff --git a/tests/SSLServer.pm b/tests/SSLServer.pm
new file mode 100644
index 0000000..37a8bfa
--- /dev/null
+++ b/tests/SSLServer.pm
@@ -0,0 +1,236 @@
+package SSLServer;
+
+# This is only HTTPS server for now.
+# But it is named SSLServer to easily distinguish from HTTPServer
+
+use strict;
+use warnings;
+use lib '.';
+
+use HTTP::Daemon;
+use HTTP::Status;
+use HTTP::Headers;
+use HTTP::Response;
+
+# Skip this test rather than fail it when the module isn't installed
+if (!eval {require IO::Socket::SSL;1;}) {
+ print STDERR "This test needs the perl module \"IO::Socket::SSL\".\n";
+ print STDERR "Install e.g. on Debian with 'apt-get install libio-socket-ssl-perl'\n";
+ print STDERR " or if using cpanminus 'cpanm IO::Socket::SSL' could be used to install it.\n";
+ exit 77; # skip
+}
+
+#use IO::Socket::SSLX; # 'debug4';
+use HTTPServer;
+
+our @ISA = qw(IO::Socket::SSL HTTP::Daemon::ClientConn HTTP::Daemon HTTPServer);
+
+my $VERSION = 0.01;
+
+my $CRLF = "\015\012"; # "\r\n" is not portable
+
+# Config options for server
+my $log = undef;
+my $DEBUG = undef;
+
+my %ssl_params;
+
+my $sslsock;
+my $plaincon;
+my %args;
+
+#$HTTP::Daemon::DEBUG=5;
+#*DEBUG = \$HTTP::Daemon::DEBUG;
+
+$args{SSL_error_trap} ||= \&ssl_error;
+
+my $class = 'SSLServer';
+my $self = {};
+$self = bless $self, $class;
+
+sub init
+{
+ my $self = shift;
+ my %sargs = @_;
+
+ %ssl_params = %sargs;
+ unless (exists($ssl_params{'lhostname'}) &&
+ exists($ssl_params{'sslport'}) &&
+ exists($ssl_params{'ciphers'}) &&
+ exists($ssl_params{'cafile'}) &&
+ exists($ssl_params{'certfile'}) &&
+ exists($ssl_params{'keyfile'})) {
+ die "Required parameters for SSL tests are missing";
+ }
+}
+
+sub ssl_setup_conn
+{
+ $sslsock = IO::Socket::SSL->new(LocalAddr => $ssl_params{'lhostname'},
+ LocalPort => $ssl_params{'sslport'},
+ Listen => 10,
+ Timeout => 30,
+ ReuseAddr => 1,
+ SSL_cipher_list => $ssl_params{'ciphers'},
+ SSL_verify_mode => 0x00,
+ SSL_ca_file => $ssl_params{'cafile'},
+ SSL_cert_file => $ssl_params{'certfile'},
+ SSL_key_file => $ssl_params{'keyfile'});
+
+ $sslsock || warn $IO::Socket::SSL::ERROR;
+ return $sslsock;
+}
+
+sub fileno
+{
+ my $self = shift;
+ my $fn = ${*$self}{'_SSL_fileno'};
+ return defined($fn) ? $fn : $self->SUPER::fileno();
+}
+
+sub accept
+{
+ my $self = shift;
+ my $pkg = shift || "SSLServer";
+ my ($sock, $peer) = $sslsock->accept($pkg);
+ if ($sock) {
+ ${*$sock}{'httpd_daemon'} = $self;
+ ${*$self}{'httpd_daemon'} = $sock;
+ my $fileno = ${*$self}{'_SSL_fileno'} = &fileno($self);
+ my $f = $sock->fileno;
+ return wantarray ? ($sock, $peer) : $sock;
+ }
+ else {
+ print STDERR "Failed to get socket from SSL\n" if $DEBUG;
+ return;
+ }
+
+}
+
+sub _default_port { 443; }
+sub _default_scheme { "https"; }
+
+sub url
+{
+ my $self = shift;
+ my $url = $self->SUPER::url;
+ return $url if ($self->can("HTTP::Daemon::_default_port"));
+
+ # Workaround for old versions of HTTP::Daemon
+ $url =~ s!^http:!https:!;
+ $url =~ s!/$!:80/! unless ($url =~ m!:(?:\d+)/$!);
+ $url =~ s!:443/$!/!;
+ return $url;
+}
+
+sub _need_more
+{
+ my $self = shift;
+ if ($_[1]) {
+ my($timeout, $fdset) = @_[1,2];
+ print STDERR "select(,,,$timeout)\n" if $DEBUG;
+ my $n = select($fdset,undef,undef,$timeout);
+ unless ($n) {
+ $self->reason(defined($n) ? "Timeout" : "select: $!");
+ return;
+ }
+ }
+ my $total = 0;
+ while (1){
+ print STDERR sprintf("sysread() already %d\n",$total) if $DEBUG;
+ my $n = sysread(${*$self}{'httpd_daemon'}, $_[0], 2048, length($_[0]));
+ print STDERR sprintf("sysread() just \$n=%s\n",(defined $n?$n:'undef')) if $DEBUG;
+ $total += $n if defined $n;
+ last if $! =~ 'Resource temporarily unavailable';
+ #SSL_Error because of aggressive reading
+
+ $self->reason(defined($n) ? "Client closed" : "sysread: $!") unless $n;
+ last unless $n;
+ last unless $n == 2048;
+ }
+ $total;
+}
+
+sub daemon
+{
+ my $self = shift;
+ ${*$self}{'httpd_daemon'};
+}
+
+sub conn
+{
+ my $self = shift;
+ ${*$self}{'sslcon'};
+}
+
+sub run
+{
+ my ($self, $urls, $synch_callback) = @_;
+ my $initialized = 0;
+ my $sslsock;
+
+ while (1)
+ {
+ if (!$initialized)
+ {
+ $sslsock = $self->ssl_setup_conn();
+ $sslsock || warn "Failed to get ssl sock";
+
+ $initialized = 1;
+ open (LOGFILE, '>', "/tmp/wgetserver.log");
+ LOGFILE->autoflush(1);
+ print LOGFILE "Starting logging";
+ $synch_callback->() if $synch_callback;
+ }
+
+ my $con = $self->accept();
+ ${*$self}{'sslcon'} = $con;
+
+ while (my $req = $self->get_request)
+ {
+ #my $url_path = $req->url->path;
+ my $url_path = $req->url->as_string;
+ if ($url_path =~ m{/$})
+ { # append 'index.html'
+ $url_path .= 'index.html';
+ }
+
+ #if ($url_path =~ m{^/}) { # remove trailing '/'
+ # $url_path = substr ($url_path, 1);
+ #}
+ if ($log)
+ {
+ print LOGFILE "Method: ", $req->method, "\n";
+ print LOGFILE "Path: ", $url_path, "\n";
+ print LOGFILE "Available URLs: ", "\n";
+ foreach my $key (keys %$urls)
+ {
+ print LOGFILE $key, "\n";
+ }
+ }
+ if (exists($urls->{$url_path}))
+ {
+ print LOGFILE "Serving requested URL: ", $url_path, "\n" if $log;
+ next unless ($req->method eq "HEAD" || $req->method eq "GET");
+
+ my $url_rec = $urls->{$url_path};
+ HTTPServer::send_response($self, $req, $url_rec, $con);
+ last;
+ }
+ else
+ {
+ print LOGFILE "Requested wrong URL: ", $url_path, "\n" if $log;
+ $con->send_error($HTTP::Status::RC_FORBIDDEN);
+ last;
+ }
+ last;
+ }
+ print LOGFILE "Closing connection\n" if $log;
+ close(LOGFILE);
+ $con->close();
+ }
+}
+
+1;
+
+# vim: et ts=4 sw=4
diff --git a/tests/SSLTest.pm b/tests/SSLTest.pm
new file mode 100644
index 0000000..28ff9dc
--- /dev/null
+++ b/tests/SSLTest.pm
@@ -0,0 +1,73 @@
+package SSLTest;
+
+use strict;
+use warnings;
+
+use SSLServer;
+use WgetTests;
+use HTTPTest;
+
+our @ISA = qw(WgetTest HTTPTest);
+my $VERSION = 0.01;
+
+my $srcdir;
+if (defined $ENV{srcdir}) {
+ $srcdir = Cwd::abs_path($ENV{srcdir});
+} else {
+ $srcdir = ".";
+}
+
+my %ssl_defaults = (
+ _certfile => "$srcdir/certs/server.crt",
+ _keyfile => "$srcdir/certs/server.key",
+ _cafile => "$srcdir/certs/test-ca-cert.pem",
+ _ciphers => 'ALL',
+ _lhostname => 'wgettestingserver',
+ _sslport => 55443,
+);
+
+{
+ my %_attr_data = %ssl_defaults;
+
+ sub _default_for
+ {
+ my ($self, $attr) = @_;
+ return $_attr_data{$attr} if exists $_attr_data{$attr};
+ return $self->SUPER::_default_for($attr);
+ }
+
+ sub _standard_keys
+ {
+ my ($self) = @_;
+ ($self->SUPER::_standard_keys(), keys %_attr_data);
+ }
+}
+
+sub _setup_server
+{
+ my $self = shift;
+ my %ssl_config = %ssl_defaults;
+
+ $self->{_server} = SSLServer->new()
+ or die "Cannot create SSL server!!!";
+
+ for my $attrname ($self->_standard_keys())
+ {
+ my ($argname) = ($attrname =~ m/^_(.*)/msx);
+ $ssl_config{$argname} = $self->{$attrname};
+ }
+# for my $attrname (keys %ssl_config)
+# {
+# if ($attrname =~ m/file$/ && !$attrname =~ m/^\//)
+# {
+# my $cwd = $self->SUPER::_default_for('_workdir');
+# my $cfile = $ssl_config{$attrname};
+# $ssl_config{$attrname} = "$cwd/$cfile";
+# }
+# }
+ $self->{_server}->init(%ssl_config);
+}
+
+1;
+
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-badcerts.px b/tests/Test-https-badcerts.px
new file mode 100644
index 0000000..68cd142
--- /dev/null
+++ b/tests/Test-https-badcerts.px
@@ -0,0 +1,139 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use POSIX;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+my $caconf = "$srcdir/certs/rootca.conf";
+my $cacrt = "$srcdir/certs/test-ca-cert.pem";
+my $cakey = "$srcdir/certs/test-ca-key.pem";
+
+# Use expired server certificate
+my $servercrt = "$srcdir/certs/expired.crt";
+my $serverkey = "$srcdir/certs/expired.key";
+
+my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
+ openssl rsa -noout -modulus -in $serverkey | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $servercrt && -e $serverkey && $servercheck == 1)
+{
+ exit 77; # skip
+}
+
+# Try Wget using SSL with expired cert. Expect Failure.
+my $port = 30443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() == 0)
+{
+ exit -1;
+}
+print "Test successful.\n";
+
+# Use certificate that is not yet valid
+$servercrt = "$srcdir/certs/invalid.crt";
+$serverkey = "$srcdir/certs/invalid.key";
+
+$servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
+ openssl rsa -noout -modulus -in $serverkey | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $servercrt && -e $serverkey && $servercheck == 1)
+{
+ exit 77; # skip
+}
+
+
+# Retry the test with --no-check-certificate. expect success
+$port = 20443;
+$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 5;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($retryssl->run() == 0)
+{
+ exit 0;
+}
+else
+{
+ exit -1;
+}
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-clientcert.px b/tests/Test-https-clientcert.px
new file mode 100755
index 0000000..36365a5
--- /dev/null
+++ b/tests/Test-https-clientcert.px
@@ -0,0 +1,133 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+my $cacrt = "$srcdir/certs/test-ca-cert.pem";
+my $cakey = "$srcdir/certs/test-ca-key.pem";
+
+# Prepare server certificate
+my $servercrt = "$srcdir/certs/server.crt";
+my $serverkey = "$srcdir/certs/server.key";
+
+my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
+ openssl rsa -noout -modulus -in $serverkey | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $servercrt && -e $serverkey && $servercheck == 1)
+{
+ exit 77; # skip
+}
+
+# Use client certificate
+my $clientcert = "$srcdir/certs/client.crt";
+my $clientkey = "$srcdir/certs/client.key";
+
+my $clientcheck=`(openssl x509 -noout -modulus -in $clientcert | openssl md5 ;
+ openssl rsa -noout -modulus -in $clientkey | openssl md5) |
+ uniq | wc -l`;
+
+# Check if client certificate and key are made correctly.
+unless(-e $clientcert && -e $clientkey && $clientcheck == 1)
+{
+ exit 77; # skip
+}
+
+# Try Wget using SSL with mismatched client cert & key . Expect error
+my $port = 21443;
+my $cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert ".
+ " --private-key=$serverkey ".
+ " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() == 0)
+{
+ exit 0;
+}
+
+# Retry wget using SSL with client certificate. Expect success
+$port = 22443;
+$cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert".
+ " --private-key=$clientkey ".
+ " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 0;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-crl.px b/tests/Test-https-crl.px
new file mode 100755
index 0000000..f5b2f3c
--- /dev/null
+++ b/tests/Test-https-crl.px
@@ -0,0 +1,136 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+my $cacrt = "$srcdir/certs/test-ca-cert.pem";
+my $cakey = "$srcdir/certs/test-ca-key.pem";
+
+# Use a revoked certificate
+my $servercrt = "$srcdir/certs/revoked.crt";
+my $serverkey = "$srcdir/certs/revoked.key";
+
+my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
+ openssl rsa -noout -modulus -in $serverkey | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are correct.
+unless(-e $servercrt && -e $serverkey && $servercheck == 1)
+{
+ exit 77; # skip
+}
+
+# Try Wget using SSL first without --no-check-certificate. Expect Success.
+my $port = 32443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 0;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() != 0)
+{
+ exit -1;
+}
+
+# Revoke the certificate
+my $crlfile = "$srcdir/certs/revokedcrl.pem";
+
+# Check if CRL file is generated.
+unless(-e $crlfile)
+{
+ exit 77; # skip
+}
+
+# To read a CRL file use the following command:
+# openssl crl -text -in $srcdir/certs/root.crl.pem
+
+# Retry the test with CRL. Expect Failure.
+$port = 23443;
+$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
+ " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 5;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($retryssl->run() == 0)
+{
+ exit -1;
+}
+else
+{
+ print "Test successful.\n";
+ exit 0;
+}
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-pfs.px b/tests/Test-https-pfs.px
new file mode 100755
index 0000000..1fb1c0a
--- /dev/null
+++ b/tests/Test-https-pfs.px
@@ -0,0 +1,78 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+my $port = 24443;
+my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=PFS".
+ " --ca-certificate=$srcdir/certs/test-ca-cert.pem".
+ " https://$testhostname:$port/somefile.txt";
+
+my $expected_error_code = 0;
+
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ sslport => $port);
+exit $sslsock->run();
+
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-selfsigned.px b/tests/Test-https-selfsigned.px
new file mode 100755
index 0000000..8d17539
--- /dev/null
+++ b/tests/Test-https-selfsigned.px
@@ -0,0 +1,114 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+# Prepare self-signed certificates
+my $certfile="$srcdir/certs/selfsigned.crt";
+my $keyfile="$srcdir/certs/selfsigned.key";
+
+my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ;
+ openssl rsa -noout -modulus -in $keyfile | openssl md5) |
+ uniq|wc -l`;
+
+# Check if Self signed certificate and key are made correctly.
+unless(-e $certfile && -e $keyfile && $sscheck == 1)
+{
+ exit 77; # skip
+}
+
+# Try Wget using SSL first without --no-check-certificate. expect error
+my $port = 26443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/test-ca-cert.pem".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $certfile,
+ keyfile => $keyfile,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() == 0)
+{
+ exit 0;
+}
+
+# Retry the test with --no-check-certificate. expect success
+$port = 27443;
+$cmdline = $WgetTest::WGETPATH . " --no-check-certificate ".
+ " --ca-certificate=$srcdir/certs/test-ca-cert.pem".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 0;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $certfile,
+ keyfile => $keyfile,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-tlsv1.px b/tests/Test-https-tlsv1.px
new file mode 100755
index 0000000..32ff63a
--- /dev/null
+++ b/tests/Test-https-tlsv1.px
@@ -0,0 +1,78 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+my $port = 28443;
+my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1".
+ " --ca-certificate=$srcdir/certs/test-ca-cert.pem".
+ " https://$testhostname:$port/somefile.txt";
+
+my $expected_error_code = 0;
+
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ sslport => $port);
+exit $sslsock->run();
+
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-tlsv1x.px b/tests/Test-https-tlsv1x.px
new file mode 100755
index 0000000..080a9de
--- /dev/null
+++ b/tests/Test-https-tlsv1x.px
@@ -0,0 +1,79 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use Cwd;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+my $port = 29443;
+my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1_1".
+ " --ca-certificate=$srcdir/certs/test-ca-cert.pem".
+ " https://$testhostname:$port/somefile.txt";
+
+my $expected_error_code = 0;
+
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ sslport => $port);
+exit $sslsock->run();
+
+# vim: et ts=4 sw=4
diff --git a/tests/Test-https-weboftrust.px b/tests/Test-https-weboftrust.px
new file mode 100755
index 0000000..55f936f
--- /dev/null
+++ b/tests/Test-https-weboftrust.px
@@ -0,0 +1,125 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+
+# Use Intermediate CA
+my $caconf = "$srcdir/certs/rootca.conf";
+my $icrtfile = "$srcdir/certs/interca.crt";
+my $ikeyfile = "$srcdir/certs/interca.key";
+
+my $icacheck=`(openssl x509 -noout -modulus -in $icrtfile | openssl md5 ;
+ openssl rsa -noout -modulus -in $ikeyfile | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are correct.
+unless(-e $icrtfile && -e $ikeyfile && $icacheck == 1)
+{
+ exit 77; # skip
+}
+
+# User certificate using intermediate CA
+my $usrcrt = "$srcdir/certs/user.crt";
+my $usrkey = "$srcdir/certs/user.key";
+
+my $usrcheck=`(openssl x509 -noout -modulus -in $usrcrt | openssl md5 ;
+ openssl rsa -noout -modulus -in $usrkey | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $usrcrt && -e $ikeyfile && $usrcheck == 1)
+{
+ exit 77; # skip
+}
+
+# Try Wget using SSL using certificate signed by intermediate CA. Expect error.
+my $port = 30443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/".
+ "test-ca-cert.pem https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $usrcrt,
+ keyfile => $usrkey,
+ lhostname => $testhostname);
+if ($sslsock->run() == 0)
+{
+ exit 0;
+}
+
+# Retry the test with --no-check-certificate. expect success
+$port = 31443;
+$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/wotca.pem".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 0;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $usrcrt,
+ keyfile => $usrkey,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4
diff --git a/tests/Test-idn-meta.px b/tests/Test-idn-meta.px
index fd7dcfa..da9045e 100755
--- a/tests/Test-idn-meta.px
+++ b/tests/Test-idn-meta.px
@@ -27,7 +27,7 @@ my %urls = (
code => "200",
msg => "You want fries with that?",
headers => {
- # HTTP header preceeds http-equiv, simply just omit it here
+ # HTTP header preceds http-equiv, simply just omit it here
#'Content-Type' => 'text/html; charset=UTF-8',
},
content => $starter_file,
diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px
index 049bebe..2a18ccf 100755
--- a/tests/Test-proxied-https-auth-keepalive.px
+++ b/tests/Test-proxied-https-auth-keepalive.px
@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
. " --password=Dodgson -e https_proxy=localhost:{{port}}"
. " --no-check-certificate"
. " https://no.such.domain/needs-auth.txt";
-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
+$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
if (defined $srcdir) {
$VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
index ce4e736..878114e 100755
--- a/tests/Test-proxied-https-auth.px
+++ b/tests/Test-proxied-https-auth.px
@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
. " --password=Dodgson -e https_proxy=localhost:{{port}}"
. " --no-check-certificate"
. " https://no.such.domain/needs-auth.txt";
-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
+$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
if (defined $srcdir) {
$VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
diff --git a/tests/WgetFeature.cfg b/tests/WgetFeature.cfg
deleted file mode 100644
index a1176e0..0000000
--- a/tests/WgetFeature.cfg
+++ /dev/null
@@ -1,6 +0,0 @@
-%skip_messages = (
- https => "Not running test: Wget under test doesn't support HTTPS.",
- iri => "Not running test: Wget under test doesn't support IDN/IRI.",
-);
-
-1;
diff --git a/tests/WgetFeature.pm b/tests/WgetFeature.pm
index 28e0c11..0d59573 100644
--- a/tests/WgetFeature.pm
+++ b/tests/WgetFeature.pm
@@ -5,26 +5,14 @@ use warnings;
our $VERSION = 0.01;
-use Carp;
use English qw(-no_match_vars);
-use FindBin;
use WgetTests;
-our %SKIP_MESSAGES;
-{
- my $cfgfile = "$FindBin::Bin/WgetFeature.cfg";
- open my $fh, '<', $cfgfile
- or croak "Cannot open '$cfgfile': $ERRNO";
- my @lines = <$fh>;
- close $fh or carp "Cannot close '$cfgfile': $ERRNO";
- my $evalstr = join q{}, @lines;
- eval { $evalstr } or carp "Cannot eval '$cfgfile': $ERRNO";
-}
-
sub import
{
- my ($class, $feature) = @_;
+ my ($class, @required_feature) = @_;
+ # create a list of available features from 'wget --version' output
my $output = `$WgetTest::WGETPATH --version`;
my ($list) = $output =~ m/^([+-]\S+(?:\s+[+-]\S+)+)/msx;
my %have_features;
@@ -34,10 +22,19 @@ sub import
$feat =~ s/^.//msx;
$have_features{$feat} = $f =~ m/^[+]/msx ? 1 : 0;
}
- if (!$have_features{$feature})
+
+ foreach (@required_feature)
{
- print "$SKIP_MESSAGES{$feature}\n";
- exit 77; # skip
+ if (!$have_features{$_})
+ {
+ print "Skipped test: Wget misses feature '$_'\n";
+ print "Features available from 'wget --version' output:\n";
+ foreach (keys %have_features)
+ {
+ print " $_=$have_features{$_}\n";
+ }
+ exit 77; # skip
+ }
}
}
diff --git a/tests/WgetTests.pm b/tests/WgetTests.pm
index 8b8f7f0..9207b4a 100644
--- a/tests/WgetTests.pm
+++ b/tests/WgetTests.pm
@@ -13,7 +13,7 @@ use IO::Handle;
use POSIX qw(locale_h);
use locale;
-our $WGETPATH = '../src/wget --no-config';
+our $WGETPATH = '../src/wget -d --no-config';
our $VALGRIND_SUPP_FILE = Cwd::getcwd();
if (defined $ENV{'srcdir'}) {
$VALGRIND_SUPP_FILE = $VALGRIND_SUPP_FILE
@@ -152,7 +152,7 @@ sub run
$errcode >>= 8; # XXX: should handle abnormal error codes.
# Shutdown server
- # if we didn't explicitely kill the server, we would have to call
+ # if we didn't explicitly kill the server, we would have to call
# waitpid ($pid, 0) here in order to wait for the child process to
# terminate
kill 'TERM', $pid;
diff --git a/tests/certs/client.crt b/tests/certs/client.crt
new file mode 100644
index 0000000..a2b58a9
--- /dev/null
+++ b/tests/certs/client.crt
@@ -0,0 +1,148 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4386 (0x1122)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, L=San Jose, O=Wget Testing Department, OU=Testing, CN=WgetTesting/emailAddress=bugs-wget@gnu.org
+ Validity
+ Not Before: May 9 21:08:52 2017 GMT
+ Not After : May 9 21:08:52 2019 GMT
+ Subject: CN=., ST=CA, C=US, O=Client
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:c8:e0:0f:fd:d5:96:99:1d:f5:8e:4a:d7:84:85:
+ fc:48:8b:e4:cf:78:27:22:ea:1b:b4:4e:f0:a2:05:
+ 29:78:37:43:42:17:fe:8d:98:4b:4b:8a:f6:b2:92:
+ 23:2c:f2:af:c8:9d:36:57:03:90:82:00:02:0c:f8:
+ 33:14:f2:5c:5f:cc:8f:f8:14:b5:df:a8:e3:0d:d1:
+ bf:5a:f2:8d:24:37:66:1a:31:99:7e:f7:8d:8e:86:
+ fd:ea:a6:73:60:84:dc:1c:d9:28:87:92:9f:cf:c4:
+ 8e:9f:2b:ce:c3:8a:20:ce:8d:5b:66:fe:78:f1:bd:
+ 7b:57:b1:ad:bc:db:8c:0a:a8:92:c1:92:5d:6f:b9:
+ 5f:7f:c7:62:4d:59:60:48:8e:1f:a3:02:2f:79:26:
+ 68:6f:ed:0a:95:07:c8:e5:9a:93:ba:cb:af:c7:a9:
+ 06:a7:99:b4:ce:1f:26:b7:d5:f6:bd:b4:b2:ad:14:
+ fe:df:8c:41:94:d4:d2:41:18:43:fe:19:0e:43:67:
+ 10:8a:ac:f1:47:1c:5a:71:ed:d7:76:aa:67:81:67:
+ 1d:6f:77:db:c1:93:ee:36:ec:34:6f:c8:97:73:57:
+ 09:dc:9a:b8:54:35:ae:a3:91:2a:5d:f3:e4:70:77:
+ 7c:bc:0d:d8:f5:a2:f0:2d:b2:ba:3e:b6:ce:8a:30:
+ 16:ea:6d:20:b8:ac:dd:eb:3c:a5:62:c5:7d:3a:ef:
+ df:64:83:a7:ab:a1:c3:65:7a:54:fc:a4:26:0f:64:
+ a5:83:ed:29:8f:05:ef:aa:2f:98:af:87:98:87:34:
+ a7:31:55:09:75:37:7d:70:c3:44:14:c4:05:b2:f8:
+ 6b:6b:25:b4:55:d5:fe:29:3f:ab:f0:d1:e6:3f:dc:
+ e9:c6:83:5d:f5:4a:ca:34:e0:3d:52:a4:dd:86:09:
+ e5:3e:b3:9e:f3:79:99:af:b1:6b:7e:6e:c8:0d:04:
+ 28:fa:38:59:94:71:3c:d2:39:84:a5:56:41:ae:8c:
+ 63:2d:5c:9b:79:ce:f0:a6:69:6c:74:b7:36:e9:87:
+ 67:ad:5b:61:6f:d2:53:d4:7a:94:e1:26:29:d0:56:
+ 02:f5:6e:15:dc:a9:0b:e6:37:2a:32:9c:35:f3:72:
+ 2d:3d:e2:d4:25:48:a9:d0:c9:7b:cb:1a:4d:c1:44:
+ 5c:57:ab:75:65:ae:06:b2:40:b6:55:a8:2e:fb:fa:
+ 6e:0b:75:eb:86:02:ea:63:fe:9a:74:9d:02:4b:60:
+ 95:ef:53:04:13:87:07:6a:52:64:ba:e6:40:09:ab:
+ a9:50:a3:12:ce:75:51:35:af:37:34:60:6a:e9:d7:
+ 3c:00:2b:4a:92:75:48:f3:4a:26:13:08:04:d0:47:
+ 05:a1:07
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 41:CD:E0:FB:C1:87:D6:77:38:B5:A3:94:8A:D0:5B:5C:87:70:32:E9
+ X509v3 Authority Key Identifier:
+ keyid:17:ED:93:43:8F:A7:A6:00:75:D4:E8:B6:82:0D:88:37:7E:C0:6D:08
+
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://test.wgettest.org/Bogus.crl
+
+ Full Name:
+ URI:http://test.wgettest.org/Bogus.crl
+
+ X509v3 Subject Alternative Name:
+ DNS:WgetTestingServer
+ Authority Information Access:
+ CA Issuers - URI:http://test.wgettest.com/Bogus.crt
+ CA Issuers - URI:http://test.wgettest.com/Bogus.crt
+ OCSP - URI:http://test.wgettest.com/ocsp/
+ OCSP - URI:http://test.wgettest.com/ocsp/
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 46:a4:f3:c2:63:cf:c3:76:84:aa:a3:ba:27:32:25:15:54:e6:
+ 69:d2:2f:7c:c9:68:88:01:10:8c:0d:4e:f7:3c:cc:e5:7f:e6:
+ 87:55:e9:80:69:e0:05:cb:40:84:65:cc:4d:35:f3:a0:6a:95:
+ 28:08:cb:95:16:9c:2b:d2:15:5b:d7:43:81:e1:ff:7e:e0:0f:
+ d7:25:01:f5:3d:d5:0f:88:15:1b:59:5f:6f:31:75:03:19:2b:
+ 24:5a:d4:b4:e8:1a:19:81:c9:c6:b9:e2:b2:cb:dc:fd:b3:fc:
+ 18:ec:76:68:2d:9e:78:41:31:0b:c0:f2:ca:70:93:66:6b:97:
+ cf:b8:8e:69:3e:86:63:7b:12:40:8f:1b:de:25:2a:a7:97:83:
+ 4f:a1:7e:0b:07:15:bb:42:e9:a0:a8:80:17:c2:75:a9:35:e6:
+ 57:bf:09:83:71:b5:51:3b:95:37:79:d6:8b:4e:96:86:22:d3:
+ 54:53:ac:af:ea:ec:0c:58:4c:18:11:4d:77:35:ae:40:7c:6d:
+ 5d:c5:36:46:19:fa:d9:83:76:cf:e6:70:69:3a:32:a3:0c:4f:
+ 6f:28:18:0d:6a:d3:47:b4:e8:e3:77:a8:90:0d:74:08:f1:4e:
+ 68:45:27:fc:22:57:ad:63:92:7c:fd:bf:44:ad:ec:be:12:42:
+ 49:b9:e0:23:2c:95:98:f2:d3:07:a3:00:6a:4f:eb:3d:8b:6d:
+ c6:0a:ef:1e:c8:71:1b:d2:3b:2e:81:86:5b:36:05:6a:f4:3f:
+ 25:cc:4a:d1:a4:d9:f6:8e:6d:a2:db:54:1e:c5:1b:dd:44:e3:
+ fc:0b:8b:8c:84:7d:e0:bf:1b:d4:53:3e:ab:31:fd:f4:25:1f:
+ 29:b9:55:f0:92:0e:fe:ab:46:cc:a1:50:96:10:6a:d9:c0:cd:
+ 6d:c1:e9:86:77:7e:ef:93:bf:be:03:21:87:d9:dc:36:53:41:
+ f6:a6:6c:f2:23:ee:be:34:4a:2e:95:29:09:7d:8f:1a:10:d2:
+ ff:a5:6b:26:93:e1:83:da:be:22:fd:7f:14:f2:1c:03:f5:64:
+ f8:75:00:f0:da:5e:78:e3:07:90:a0:4a:16:1c:31:70:09:b5:
+ 46:4d:71:42:64:19:b0:53:ce:27:f7:9a:34:5d:c4:df:7d:06:
+ bf:af:8e:c2:9a:19:c1:f9:90:36:eb:41:0c:2c:3d:51:22:bb:
+ 18:eb:ed:0b:5c:92:15:60:79:42:be:c1:f6:f1:46:29:c9:6c:
+ 0a:ba:f9:4c:46:44:1e:32:7d:83:df:55:b1:31:1f:c2:db:22:
+ a4:bd:2d:79:d1:ca:a1:80:12:ce:5a:26:68:54:8b:d3:f4:8b:
+ cf:45:d3:57:92:70:b6:7c
+-----BEGIN CERTIFICATE-----
+MIIHDjCCBPagAwIBAgICESIwDQYJKoZIhvcNAQEFBQAwgZkxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dnZXQg
+VGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtX
+Z2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcwHhcN
+MTcwNTA5MjEwODUyWhcNMTkwNTA5MjEwODUyWjA3MQowCAYDVQQDDAEuMQswCQYD
+VQQIDAJDQTELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkNsaWVudDCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAMjgD/3Vlpkd9Y5K14SF/EiL5M94JyLqG7RO
+8KIFKXg3Q0IX/o2YS0uK9rKSIyzyr8idNlcDkIIAAgz4MxTyXF/Mj/gUtd+o4w3R
+v1ryjSQ3ZhoxmX73jY6G/eqmc2CE3BzZKIeSn8/Ejp8rzsOKIM6NW2b+ePG9e1ex
+rbzbjAqoksGSXW+5X3/HYk1ZYEiOH6MCL3kmaG/tCpUHyOWak7rLr8epBqeZtM4f
+JrfV9r20sq0U/t+MQZTU0kEYQ/4ZDkNnEIqs8UccWnHt13aqZ4FnHW9328GT7jbs
+NG/Il3NXCdyauFQ1rqORKl3z5HB3fLwN2PWi8C2yuj62zoowFuptILis3es8pWLF
+fTrv32SDp6uhw2V6VPykJg9kpYPtKY8F76ovmK+HmIc0pzFVCXU3fXDDRBTEBbL4
+a2sltFXV/ik/q/DR5j/c6caDXfVKyjTgPVKk3YYJ5T6znvN5ma+xa35uyA0EKPo4
+WZRxPNI5hKVWQa6MYy1cm3nO8KZpbHS3NumHZ61bYW/SU9R6lOEmKdBWAvVuFdyp
+C+Y3KjKcNfNyLT3i1CVIqdDJe8saTcFEXFerdWWuBrJAtlWoLvv6bgt164YC6mP+
+mnSdAktgle9TBBOHB2pSZLrmQAmrqVCjEs51UTWvNzRgaunXPAArSpJ1SPNKJhMI
+BNBHBaEHAgMBAAGjggG/MIIBuzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRB
+zeD7wYfWdzi1o5SK0Ftch3Ay6TAfBgNVHSMEGDAWgBQX7ZNDj6emAHXU6LaCDYg3
+fsBtCDALBgNVHQ8EBAMCAaYwEwYDVR0lBAwwCgYIKwYBBQUHAwEwXQYDVR0fBFYw
+VDAooCagJIYiaHR0cDovL3Rlc3Qud2dldHRlc3Qub3JnL0JvZ3VzLmNybDAooCag
+JIYiaHR0cDovL3Rlc3Qud2dldHRlc3Qub3JnL0JvZ3VzLmNybDAcBgNVHREEFTAT
+ghFXZ2V0VGVzdGluZ1NlcnZlcjCByAYIKwYBBQUHAQEEgbswgbgwLgYIKwYBBQUH
+MAKGImh0dHA6Ly90ZXN0LndnZXR0ZXN0LmNvbS9Cb2d1cy5jcnQwLgYIKwYBBQUH
+MAKGImh0dHA6Ly90ZXN0LndnZXR0ZXN0LmNvbS9Cb2d1cy5jcnQwKgYIKwYBBQUH
+MAGGHmh0dHA6Ly90ZXN0LndnZXR0ZXN0LmNvbS9vY3NwLzAqBggrBgEFBQcwAYYe
+aHR0cDovL3Rlc3Qud2dldHRlc3QuY29tL29jc3AvMA0GCSqGSIb3DQEBBQUAA4IC
+AQBGpPPCY8/DdoSqo7onMiUVVOZp0i98yWiIARCMDU73PMzlf+aHVemAaeAFy0CE
+ZcxNNfOgapUoCMuVFpwr0hVb10OB4f9+4A/XJQH1PdUPiBUbWV9vMXUDGSskWtS0
+6BoZgcnGueKyy9z9s/wY7HZoLZ54QTELwPLKcJNma5fPuI5pPoZjexJAjxveJSqn
+l4NPoX4LBxW7QumgqIAXwnWpNeZXvwmDcbVRO5U3edaLTpaGItNUU6yv6uwMWEwY
+EU13Na5AfG1dxTZGGfrZg3bP5nBpOjKjDE9vKBgNatNHtOjjd6iQDXQI8U5oRSf8
+IletY5J8/b9Erey+EkJJueAjLJWY8tMHowBqT+s9i23GCu8eyHEb0jsugYZbNgVq
+9D8lzErRpNn2jm2i21QexRvdROP8C4uMhH3gvxvUUz6rMf30JR8puVXwkg7+q0bM
+oVCWEGrZwM1twemGd37vk7++AyGH2dw2U0H2pmzyI+6+NEoulSkJfY8aENL/pWsm
+k+GD2r4i/X8U8hwD9WT4dQDw2l544weQoEoWHDFwCbVGTXFCZBmwU84n95o0XcTf
+fQa/r47CmhnB+ZA260EMLD1RIrsY6+0LXJIVYHlCvsH28UYpyWwKuvlMRkQeMn2D
+31WxMR/C2yKkvS150cqhgBLOWiZoVIvT9IvPRdNXknC2fA==
+-----END CERTIFICATE-----
diff --git a/tests/certs/client.key b/tests/certs/client.key
new file mode 100644
index 0000000..31d556b
--- /dev/null
+++ b/tests/certs/client.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAyOAP/dWWmR31jkrXhIX8SIvkz3gnIuobtE7wogUpeDdDQhf+
+jZhLS4r2spIjLPKvyJ02VwOQggACDPgzFPJcX8yP+BS136jjDdG/WvKNJDdmGjGZ
+fveNjob96qZzYITcHNkoh5Kfz8SOnyvOw4ogzo1bZv548b17V7GtvNuMCqiSwZJd
+b7lff8diTVlgSI4fowIveSZob+0KlQfI5ZqTusuvx6kGp5m0zh8mt9X2vbSyrRT+
+34xBlNTSQRhD/hkOQ2cQiqzxRxxace3XdqpngWcdb3fbwZPuNuw0b8iXc1cJ3Jq4
+VDWuo5EqXfPkcHd8vA3Y9aLwLbK6PrbOijAW6m0guKzd6zylYsV9Ou/fZIOnq6HD
+ZXpU/KQmD2Slg+0pjwXvqi+Yr4eYhzSnMVUJdTd9cMNEFMQFsvhrayW0VdX+KT+r
+8NHmP9zpxoNd9UrKNOA9UqTdhgnlPrOe83mZr7Frfm7IDQQo+jhZlHE80jmEpVZB
+roxjLVybec7wpmlsdLc26YdnrVthb9JT1HqU4SYp0FYC9W4V3KkL5jcqMpw183It
+PeLUJUip0Ml7yxpNwURcV6t1Za4GskC2Vagu+/puC3XrhgLqY/6adJ0CS2CV71ME
+E4cHalJkuuZACaupUKMSznVRNa83NGBq6dc8ACtKknVI80omEwgE0EcFoQcCAwEA
+AQKCAgADk7HVNEt1OIpZ2U1TJ8uhQxR0+U/BGGgb4tf4Gp1tbZZ+A81dmhulIblY
+3q9PqpakvN/t1rtpBTUEJBtMwTAR6KObqErAy9IXOeftZ6pJvc7Mopt4HlJf+lll
+J0egrVz6CoflOiAsY/SiMvaAluIUq4G4KMngjB45JonQdhxdSDksxz1wst1XeiZu
++Ct1v0oi7fQIdT2g2Ji6pKPYKtN8nQnpRUJAE8WbcgSPe3jkUeZonJoZQvcb/los
+HJGBYdLWMmyh+4hkWsXlh3WxwEENldd5V6oLHWY9hiE86FaCEEe1rO+hWD9e3EPj
+3mbv9cC73IdDgH5EYg1c9oZhAZA23lvH1u8yFpfPAOdvl0X2T6rSmd0zWrrWpKem
+yoghSaW9rpWsM6rwI/B+gZlgwQQHLcRVrNJuXW7kTqRQnD+y9EM8HNddkNjmI6Op
+z135xRR4JNX15b1CCgiVWoHO/o/U/ivMRo4zjaoASxUB50TX9C+HTVY75Sr7tSAb
+v9/+8TWrCWJVXrCg/SddPF1DfBrpSPR77wa/zoD9IY7MHwnrmgdDt5I59Faa0KDF
+F1E0RLsVUUS8byLNcb26KpWUJQRi6ILr8KDQ+iVbk6QE/TqVQ5oxwmaa7dRdAL5s
+ao8gKU8XiGezbXFtN22adTEGIUPBAxGBcuEr8CYqlX1Gz0YvmQKCAQEA6wpdT6OZ
+s4bYuuMJiXxSwSSmXuqslP6JDSWliqznsJJnfn2Dy4+d945DRAE24IDgzJdrPtWv
+MfgRFJOG7Gri+7eVlLR7H+zfKnge/lOsdmVdBCrTiqTNt0XhAKZAEAq9j+4/5GMF
+bj9Mt9LUN12YgmVnWIfLgGDfQA0B5sTUjQwaSImAv4s24MLXW+sE8Jzq+k3C5u44
+oWqmU1LEBGqXVamtlM8xIRKghWVofeAVKjkGdUBrPptIEwYMAWub40Q2I9G7w5cF
+PGSFn51R8ahLOGICE42n3Aus0N6iDsNvDc2EdlR0NIKT0sbkya/sy9jgDLg1UhkG
+LJblXa5OXCDmWwKCAQEA2snBNmRuiczN43VzRgTVS840Ri46Hhx1BGaKRwNmGiTK
+4p/TLSnL1MgjdBLs/M678srxTSCzQX1YuV6G3p708ez+Q1IwHAuWiwBc7bmHHgxj
+v4gimIrPux+cMtOEmyxUL8s9leqZflGqoc3UILNNq9QcrVITcEkwCNqdpDk9vmii
+l54bjwuyad7IyFe7txIzLzNib5bbrK+t/R10RuvHKPaAeLDa1kDvwyOQa5ImRHWt
+yg1Kj63lVBwXJv+K6d+Z/NFMgT7fVJk70j6WcKfEcufyYdKzhkj+ai1wJzeQplu4
++x2YFS9ygonISPge+55LJ3PCLj0g0MIhPK+BI32nxQKCAQEA4HUDa1x3GeT68G6E
+2xEpDl3rq9U8fwUc6Ls8/dPlZtBJmZhP1oQOfS0Uu8rVF0y8YWVw+46hQnz+AsJo
+JTpmDbDiXiKFOpXBARO5tXM+zco7LBGh91MvSYioOTCLGUbIhL0nsvmFZCV7JElo
+dH8jd9NTAE6eXrkkOkyxtineOdyG9SKrG0DdZYNsmtEz5HxWQjckm9h/qFbrA8OU
+ggsw/pONuwCqkETzmrCfOyZVz/6pVivwvtcX22L48BpNwpmPgmF2iHCehXAR074v
+VTI8s1mVVgr/dLqJjOYvqR2l3m6Xw1EfsE3K0Y0zTBB/eKRiQoNgGEjhho+L9wzQ
+tFaO5QKCAQEAmYvCh5PQZ/FOBXYmIlu9/eeHlEFZFEzQavgzz0a5X1u273lPUYDl
+xj13dDzcCUhlay22T3TFmQ6JN/75FD/mk+rJPyHtFaGkU4U7srLj+tijIIZAEWJK
+C39RtfHwPJ7NroUqgY4VjyttXwT+/LwZpJ/GSHUzozgZ9/zFab2qcXkpstKJcMi6
+u8ZYjxHTcdXaCiQ7zyjGntjkeKE1O5i5OyxUWV91FayZGBBbiMMXDDCyePz++PsH
+2RGlxf7N1PjSLzYMRSCEx/CKpTC7j/CN1D6oQrMGvxV3R7j/3uYGJFp25fWNCEE2
+Uhq0b1GDHP+oqtV4z86iux+jB937+ZZ0KQKCAQBetr8pywp3jftYVhGU9+VZxYc/
+2vM5+WEdOqJAoHwXed5AMHReycKUmbDilWbswXyiBDGmIokoMKP09JMXfCbHMTkX
+LZCsxFGUpzAGg7sHI1NLTqWGU+fOmtzg7SJ77tZqJj1zzmgLX54oQ9qx53V6StWV
+Zw7YxkRbnLQ+LZU0HyYb11v5oh1CnWUoGINMkV6Bhv+jPCzUP/vs4/JgOFqhwjlN
+GVX0ewFGykinTK34ia9TI1Updgb3FWt3i9+twwAis1nnnuHt19tdi22BPwAuyFPx
+hsf5t4Kcm8xibjeHzQMLqP4v2arW09zsg5kDTQHoQDcUajJ+cdbpY2PeosfN
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/expired.crt b/tests/certs/expired.crt
new file mode 100644
index 0000000..b624e77
--- /dev/null
+++ b/tests/certs/expired.crt
@@ -0,0 +1,149 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, L=San Jose, O=Wget Testing Department, OU=Testing, CN=WgetTesting/emailAddress=bugs-wget@gnu.org
+ Validity
+ Not Before: May 14 09:05:02 2017 GMT
+ Not After : May 8 16:03:42 2017 GMT
+ Subject: CN=WgetTestingServer, ST=CA, C=US/emailAddress=ExpiredTester, O=Dis
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:d8:ed:cc:9c:e5:35:42:f2:1b:d8:30:36:40:a5:
+ 01:8e:0f:c2:3c:5b:f0:d1:09:a0:aa:63:07:44:b9:
+ 2e:20:20:47:5e:43:f3:bc:3b:df:88:f9:26:e6:07:
+ d9:9c:4c:67:53:46:3a:78:c5:0a:90:0c:f2:e9:a1:
+ e0:d9:f3:52:bc:51:07:32:ac:9b:d3:ac:f9:25:7d:
+ 52:8b:2f:fa:06:6e:2d:c4:d4:2e:c7:38:81:f3:30:
+ 4e:b5:d6:7b:2e:fe:4c:12:84:db:f4:7f:22:91:4d:
+ 45:37:bb:01:96:61:59:62:af:2e:de:21:70:fa:3e:
+ 29:97:9d:3c:bf:41:5c:cd:2a:b4:f7:4f:6f:78:a1:
+ b3:d5:79:53:4e:68:7b:cf:0e:78:87:47:9c:3f:3f:
+ da:50:27:08:7d:12:c7:e2:da:cc:6f:a4:63:12:ca:
+ 28:a0:7d:f8:a8:ac:a3:72:77:ab:18:52:83:b1:2e:
+ 44:49:1a:0c:25:bc:21:bd:40:09:96:6b:60:04:e4:
+ f2:3f:bc:c4:1e:3c:43:55:1d:fa:40:18:cd:70:91:
+ 24:03:1a:b8:95:e0:b2:70:3f:1e:05:a8:21:37:b1:
+ d0:ff:54:36:65:9f:a7:ba:2d:c2:ef:e2:a9:a4:c4:
+ 72:c5:4c:82:8e:46:3e:b6:d9:aa:62:14:07:1d:53:
+ 19:08:9b:88:6d:b9:20:88:7c:bc:89:95:02:d5:54:
+ 96:7b:b0:a8:14:fd:30:ce:5f:41:b7:bf:e2:75:9a:
+ a3:fa:20:43:2f:c8:80:cd:97:f7:57:37:5d:11:9b:
+ fe:bf:aa:56:0e:2f:cd:47:7e:0f:db:2d:f7:71:44:
+ c5:21:7d:c6:b3:50:5d:30:b0:4c:54:8f:7e:05:82:
+ e6:5e:3b:62:d7:1b:5a:f5:de:57:76:2a:90:b0:d4:
+ ec:72:8e:ab:64:f1:6f:12:21:80:7c:64:8a:5c:da:
+ c1:86:12:ff:a9:e9:93:2f:2c:70:59:84:a4:5c:13:
+ e0:02:d4:9a:72:0e:40:c3:db:99:1b:60:85:c0:94:
+ 1d:15:24:5b:8b:f6:6f:2c:d1:b5:95:50:e2:53:76:
+ 4f:cf:57:8e:d5:8b:c1:f5:3f:ad:07:aa:7b:84:32:
+ dd:32:b5:59:a5:1b:d4:a2:b6:3b:6c:07:cc:4b:e8:
+ fc:6a:d8:42:e8:08:dc:f1:f1:91:74:cf:9f:5f:57:
+ 6e:ab:93:5b:5e:af:7d:1c:b7:d3:eb:08:4c:a9:a7:
+ b5:aa:d6:46:a8:a0:63:68:7b:44:cf:5c:21:42:3c:
+ 98:ff:42:31:77:94:4f:85:d2:7a:da:56:b1:c4:3c:
+ b9:2d:e9:d6:88:f3:6c:ff:7b:39:19:83:80:ab:31:
+ ab:19:6b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ E6:C0:06:2E:89:41:44:32:AE:B6:C5:62:B6:7E:B5:DA:3B:75:D4:04
+ X509v3 Authority Key Identifier:
+ keyid:17:ED:93:43:8F:A7:A6:00:75:D4:E8:B6:82:0D:88:37:7E:C0:6D:08
+
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://test.wgettest.org/Bogus.crl
+
+ Full Name:
+ URI:http://test.wgettest.org/Bogus.crl
+
+ X509v3 Subject Alternative Name:
+ DNS:WgetTestingServer
+ Authority Information Access:
+ CA Issuers - URI:http://test.wgettest.com/Bogus.crt
+ CA Issuers - URI:http://test.wgettest.com/Bogus.crt
+ OCSP - URI:http://test.wgettest.com/ocsp/
+ OCSP - URI:http://test.wgettest.com/ocsp/
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 41:03:d8:91:54:f2:5c:e5:15:80:cd:96:a2:89:94:df:8c:d4:
+ ce:99:1a:f6:69:03:1d:aa:a8:3d:7f:8a:65:bd:b2:3a:f0:46:
+ 00:6d:c7:cc:7a:18:44:cb:b4:17:f1:40:83:b1:17:90:64:ba:
+ 22:2e:18:7e:35:29:20:4c:8f:34:14:86:34:1f:42:6e:a6:e7:
+ d7:18:a3:11:77:3d:ec:b1:39:59:7b:12:3f:55:b0:86:4a:9f:
+ 6a:1c:b6:9e:03:3d:39:bf:f6:34:f5:d7:6f:44:bd:9a:54:e5:
+ f9:d9:14:85:01:d9:3d:0e:18:89:d0:bf:27:df:9a:4f:39:7c:
+ ec:46:92:e5:3e:9e:e5:10:4a:ed:03:aa:3b:93:02:e9:f3:18:
+ c1:5f:e8:cb:16:e0:54:9f:8b:0a:c9:65:48:32:93:90:91:2e:
+ 84:26:14:28:b5:5c:61:38:39:28:3e:8e:74:dd:08:07:67:41:
+ 9a:82:67:48:ba:3b:c1:66:76:27:7a:9c:c5:95:45:b5:9c:4d:
+ 94:9b:f5:e2:93:39:2c:d8:15:31:27:82:56:9b:1a:73:e5:f2:
+ 6a:9a:cd:47:0a:2b:ff:6e:5f:b2:f8:53:4f:fc:c3:1c:b7:25:
+ 00:30:77:21:87:9b:88:d4:87:f7:30:79:f7:bd:a2:df:42:c4:
+ 95:c4:e3:3c:94:4a:87:96:94:54:de:fe:80:13:e6:ec:37:dd:
+ 33:a2:e4:f7:15:e7:a8:08:c6:3d:3b:65:34:96:5f:46:c8:41:
+ 7f:ce:c5:ca:3a:44:d2:fb:9c:3c:c7:2c:da:12:b3:1f:62:40:
+ 38:12:cb:36:b7:5c:e7:32:5c:e3:2a:af:b5:36:e8:83:d3:8e:
+ da:4c:b5:52:5f:f4:d6:54:b7:3b:9d:62:86:5a:26:f1:58:a8:
+ 2e:f6:46:9c:6f:98:76:e1:bb:9c:27:73:0f:78:11:60:b9:ac:
+ 13:6e:d9:ec:24:5f:64:e9:59:14:36:02:f1:f0:57:97:ce:31:
+ 0a:80:1e:d0:c0:c0:77:62:24:c5:d9:61:e9:d9:57:76:64:e1:
+ 1c:c7:5a:55:e2:58:ab:2f:58:6f:42:91:03:aa:6f:1c:9b:fc:
+ 0a:c5:ee:14:1d:07:a1:b3:ec:97:6f:ac:2f:85:7f:ea:88:18:
+ 78:84:ac:af:d8:e9:b7:23:5c:a3:14:ab:8e:ee:95:5b:0d:6c:
+ e4:25:be:77:04:59:19:57:1e:f7:e0:5a:f2:fc:33:12:57:28:
+ 11:2e:1f:05:6b:43:62:8f:c0:c3:4a:97:f9:6a:73:1d:dd:c0:
+ 6f:d4:a2:23:0a:d2:86:68:df:bd:ac:75:61:cf:d8:3f:9a:d1:
+ 8e:e9:33:59:bd:13:9a:27
+-----BEGIN CERTIFICATE-----
+MIIHODCCBSCgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMREwDwYDVQQHDAhTYW4gSm9zZTEgMB4GA1UECgwXV2dldCBU
+ZXN0aW5nIERlcGFydG1lbnQxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMMC1dn
+ZXRUZXN0aW5nMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZzAeFw0x
+NzA1MTQwOTA1MDJaFw0xNzA1MDgxNjAzNDJaMGIxGjAYBgNVBAMMEVdnZXRUZXN0
+aW5nU2VydmVyMQswCQYDVQQIDAJDQTELMAkGA1UEBhMCVVMxHDAaBgkqhkiG9w0B
+CQEWDUV4cGlyZWRUZXN0ZXIxDDAKBgNVBAoMA0RpczCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBANjtzJzlNULyG9gwNkClAY4Pwjxb8NEJoKpjB0S5LiAg
+R15D87w734j5JuYH2ZxMZ1NGOnjFCpAM8umh4NnzUrxRBzKsm9Os+SV9Uosv+gZu
+LcTULsc4gfMwTrXWey7+TBKE2/R/IpFNRTe7AZZhWWKvLt4hcPo+KZedPL9BXM0q
+tPdPb3ihs9V5U05oe88OeIdHnD8/2lAnCH0Sx+LazG+kYxLKKKB9+Kiso3J3qxhS
+g7EuREkaDCW8Ib1ACZZrYATk8j+8xB48Q1Ud+kAYzXCRJAMauJXgsnA/HgWoITex
+0P9UNmWfp7otwu/iqaTEcsVMgo5GPrbZqmIUBx1TGQibiG25IIh8vImVAtVUlnuw
+qBT9MM5fQbe/4nWao/ogQy/IgM2X91c3XRGb/r+qVg4vzUd+D9st93FExSF9xrNQ
+XTCwTFSPfgWC5l47YtcbWvXeV3YqkLDU7HKOq2TxbxIhgHxkilzawYYS/6npky8s
+cFmEpFwT4ALUmnIOQMPbmRtghcCUHRUkW4v2byzRtZVQ4lN2T89XjtWLwfU/rQeq
+e4Qy3TK1WaUb1KK2O2wHzEvo/GrYQugI3PHxkXTPn19XbquTW16vfRy30+sITKmn
+tarWRqigY2h7RM9cIUI8mP9CMXeUT4XSetpWscQ8uS3p1ojzbP97ORmDgKsxqxlr
+AgMBAAGjggG/MIIBuzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTmwAYuiUFE
+Mq62xWK2frXaO3XUBDAfBgNVHSMEGDAWgBQX7ZNDj6emAHXU6LaCDYg3fsBtCDAL
+BgNVHQ8EBAMCAaYwEwYDVR0lBAwwCgYIKwYBBQUHAwEwXQYDVR0fBFYwVDAooCag
+JIYiaHR0cDovL3Rlc3Qud2dldHRlc3Qub3JnL0JvZ3VzLmNybDAooCagJIYiaHR0
+cDovL3Rlc3Qud2dldHRlc3Qub3JnL0JvZ3VzLmNybDAcBgNVHREEFTATghFXZ2V0
+VGVzdGluZ1NlcnZlcjCByAYIKwYBBQUHAQEEgbswgbgwLgYIKwYBBQUHMAKGImh0
+dHA6Ly90ZXN0LndnZXR0ZXN0LmNvbS9Cb2d1cy5jcnQwLgYIKwYBBQUHMAKGImh0
+dHA6Ly90ZXN0LndnZXR0ZXN0LmNvbS9Cb2d1cy5jcnQwKgYIKwYBBQUHMAGGHmh0
+dHA6Ly90ZXN0LndnZXR0ZXN0LmNvbS9vY3NwLzAqBggrBgEFBQcwAYYeaHR0cDov
+L3Rlc3Qud2dldHRlc3QuY29tL29jc3AvMA0GCSqGSIb3DQEBBQUAA4ICAQBBA9iR
+VPJc5RWAzZaiiZTfjNTOmRr2aQMdqqg9f4plvbI68EYAbcfMehhEy7QX8UCDsReQ
+ZLoiLhh+NSkgTI80FIY0H0JupufXGKMRdz3ssTlZexI/VbCGSp9qHLaeAz05v/Y0
+9ddvRL2aVOX52RSFAdk9DhiJ0L8n35pPOXzsRpLlPp7lEErtA6o7kwLp8xjBX+jL
+FuBUn4sKyWVIMpOQkS6EJhQotVxhODkoPo503QgHZ0GagmdIujvBZnYnepzFlUW1
+nE2Um/Xikzks2BUxJ4JWmxpz5fJqms1HCiv/bl+y+FNP/MMctyUAMHchh5uI1If3
+MHn3vaLfQsSVxOM8lEqHlpRU3v6AE+bsN90zouT3FeeoCMY9O2U0ll9GyEF/zsXK
+OkTS+5w8xyzaErMfYkA4Ess2t1znMlzjKq+1NuiD047aTLVSX/TWVLc7nWKGWibx
+WKgu9kacb5h24bucJ3MPeBFguawTbtnsJF9k6VkUNgLx8FeXzjEKgB7QwMB3YiTF
+2WHp2Vd2ZOEcx1pV4lirL1hvQpEDqm8cm/wKxe4UHQehs+yXb6wvhX/qiBh4hKyv
+2Om3I1yjFKuO7pVbDWzkJb53BFkZVx734Fry/DMSVygRLh8Fa0Nij8DDSpf5anMd
+3cBv1KIjCtKGaN+9rHVhz9g/mtGO6TNZvROaJw==
+-----END CERTIFICATE-----
diff --git a/tests/certs/expired.key b/tests/certs/expired.key
new file mode 100644
index 0000000..72951ce
--- /dev/null
+++ b/tests/certs/expired.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA2O3MnOU1QvIb2DA2QKUBjg/CPFvw0QmgqmMHRLkuICBHXkPz
+vDvfiPkm5gfZnExnU0Y6eMUKkAzy6aHg2fNSvFEHMqyb06z5JX1Siy/6Bm4txNQu
+xziB8zBOtdZ7Lv5MEoTb9H8ikU1FN7sBlmFZYq8u3iFw+j4pl508v0FczSq0909v
+eKGz1XlTTmh7zw54h0ecPz/aUCcIfRLH4trMb6RjEsoooH34qKyjcnerGFKDsS5E
+SRoMJbwhvUAJlmtgBOTyP7zEHjxDVR36QBjNcJEkAxq4leCycD8eBaghN7HQ/1Q2
+ZZ+nui3C7+KppMRyxUyCjkY+ttmqYhQHHVMZCJuIbbkgiHy8iZUC1VSWe7CoFP0w
+zl9Bt7/idZqj+iBDL8iAzZf3VzddEZv+v6pWDi/NR34P2y33cUTFIX3Gs1BdMLBM
+VI9+BYLmXjti1xta9d5XdiqQsNTsco6rZPFvEiGAfGSKXNrBhhL/qemTLyxwWYSk
+XBPgAtSacg5Aw9uZG2CFwJQdFSRbi/ZvLNG1lVDiU3ZPz1eO1YvB9T+tB6p7hDLd
+MrVZpRvUorY7bAfMS+j8athC6Ajc8fGRdM+fX1duq5NbXq99HLfT6whMqae1qtZG
+qKBjaHtEz1whQjyY/0Ixd5RPhdJ62laxxDy5LenWiPNs/3s5GYOAqzGrGWsCAwEA
+AQKCAgBPnog5Fc+EsMQThy6Cb42wjIwoBz7OGpCDuTETwjvxwqcvLBWrgvY6mefz
+CfKO8WQDJoWTig6kbHxD0AxtMmetgrf3m27eNGCFqAfB2mwULCBUW+SHbnATyCk7
+iGtSBjf5nBX3GSqg1hGPsO2WOkjKda3oDbIfxu0RHr8LG3xqOUCOfPNW/VK6CXvQ
+DX1Ts+X9EQWCGXeRb6In9dqzosbiOx256cUbkuDPV/3tp4p+tNptD6Q0iIDo4LIp
+efWK5gIqCbX4OtpolonIFeah2/ibVko3cXlKWVxk4mWsgdcfT/57mHcWuZCgPueL
+kE/fj9LoI3rPqWyfRCjLMrqhwrwuxZArvsN56CALrbBRpmJql+JL68bPu3fXBgak
+X457pXZVGj6GNFdv8JMXRMo/oyn/73jJdWt4g83HiXkXlcxuoLwsbiA8hq72DLMn
+dLTVS31Kn3T9RczKSk44xbGSJQUV/s3ErOA378lHJe5wQHk+A0p59fKen7GiT7dj
+4ZOzFy1sJW+DS9rklq6gGupdoHJVhcCLe9ryanb28MidMeWsUMa11OGXCpoRk8Np
+ZY9ASgfW0+o2XUZukL+NpU7/1ihdybr3E5w0N1IFAAvUa+f7A4iKJW65COdB53wz
+jG7zGal2aDqTbC2xLpaUk54Z3sEgpZNW7PqB+O21Yu/ZzC8wkQKCAQEA8MDWS7LF
+MkAppvl3M7ATU2tzq0PisoiUS595Sp+Y3LxB3GHKEQKKeMz2P2mHcg4tzYCg4bvP
+LE0HXizfFNBKwGMyi40+T2fYz+FC8zAYHKbsZQt0O2uvSGcMriZLCWuAEs45U/b0
+N9UN9BuE4yYizmUGYFjYmUMBUB0Oj/nIU8iikdbV3wBoCzuH1sP5f3kIQzAqNJgt
+zci+etMVCPecT8brbLAxKZOEaIX3IAxQu2t2V3geDvukLNECWsVeDAY9DGuL2x3e
+BnS+HGrOYDyAPVjxyzzNkjjzBdCV2ciipxwL2QzKsgVPx8L21RdK8mYEDB0dkv7B
+kTLw8wH4fxMavwKCAQEA5qq264K+QCRBTYtdayoK2qQksWd3U1QynF3zM0XMb8Ip
+J1HnCbzhQ2/ccXKgT9j9KuK+8A4q4Mw+RggwM5QWIfxzD7AjOYPO4G4mCFwwViM7
+H/HbH1WJMHo2LWDEx4/UrphXg2FF2yApX3nCDzNx2cVz39BDyiIKNXs+O8PFoF9N
+7emitJ7U+GV7wLWacMgTz4qvTuNu/dQfoCVzsfEvxYay6sAW2cX0nrwr5/+T7js8
+KrfklAOD5Rd36cLRTB7vUDgYQ39MN9Ab1X1e5kwn2HSLbcBJyUMDfRgnc82MnLKn
+O8CS2AS4j6tyEvRYrAOwqMmcwWnDBJzrfVicThLIVQKCAQBh7P39YmTFcMXAbh4n
+PwpNVxqAYid2mQlAzUgHq20A8+4SFxCa5J6wTiYnWuRF5zCIMza9OqglC9vgWX4P
+uD1/jZnEm5npsILG44hY5IoaNWdYHlWTydRNLeVBfL/uv/QjMhCtb3icsSNw1DS0
+NBHaQ8tZKypHBLMnA/qlY2MxeR1vFqR9hWvMjdVN7P6x8+gBdDjmlbOjzXB1AyC+
+OgExjea6mdwVXjRwU3VWasv3v9kt8OTBEWgQ9p7vjvIXD/6K67/CS57An4Goi2UQ
+TeuXiHMpSL0RKernxZT+NZa7RDQpgAN+b5yo00uVF1lbyVUCHGGoJclUJxVMstOB
+1KJ/AoIBAFCOvmNxvc/Y2ZWjXnTWsgO537a1U88eUK6bgRwe/E7rmEPLLs0P0fwj
+TPGx/prkRUZ8+gIMcJ0ht33tzie1SCWGbQjFkwe7KLzouw+gYqEynKuDY+uFi+wK
+QnGGojKv4K85NRcFGch1av2VIFj+tnw/oUBBE+u8B6S17f4hWRuxLR4xwkkiT26Q
+wq+CvPU2avTIkoESnOi49HKRod47RVvOtx2VCGX15ICrZwoXECrbNSAWKRYoRB/2
+GkLhbwcOprV1YcPw6UV0wMPGjSYQ4rmNukQSK7LGXKmLjfu7hagUHKOZla8rtuk2
+DxjfjThF8aSBBOXncdxikTutfqklliECggEBANGHBID63eBukoc16NOIRenrRNSJ
+Oa2W0VhQ/iI9Di9fjZuQutPq2UqR+N0tW5V7qiGm7vb7lRlrnB/jt3pNqGj3qSdC
+CEp7IEH0kJ/hp9KwA7MxVzmk5hbDbSrtzxYFYjYNEybKndPmKt+J9AZS3u21WGwU
+MaaX2WS2JHLwnSJ0qgp/rg+uoYIXzPLn/1k7H0s8s6lMhY40nZSaxx9dEEe5RWSz
+HY9ajmcRUqEbdFNmu+J9yR5q5mku++CLRGU921XomoIf/R3dBvMFFRtiymiVV0qt
++fueaAfibaLDFRSutkfLCyOl2EFyvsSk5TJmutAIe8ba5d1CdCkm4w9SsBI=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/interca.conf b/tests/certs/interca.conf
new file mode 100644
index 0000000..2d522e7
--- /dev/null
+++ b/tests/certs/interca.conf
@@ -0,0 +1,64 @@
+[ ca ]
+default_ca = myca
+
+[ crl_ext ]
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+ [ myca ]
+ dir = /usr/oms/src/wget1.x/tests/certs
+ new_certs_dir = ./
+ unique_subject = no
+ certificate = interca.crt
+ database = certindex
+ private_key = interca.key
+ serial = certserial
+ default_days = 730
+ default_md = sha1
+ policy = myca_policy
+ x509_extensions = myca_extensions
+ crlnumber = crlnumber
+ default_crl_days = 730
+
+ [ myca_policy ]
+ commonName = supplied
+ stateOrProvinceName = supplied
+ countryName = optional
+ emailAddress = optional
+ organizationName = supplied
+ organizationalUnitName = optional
+
+ [ myca_extensions ]
+ basicConstraints = critical,CA:TRUE
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [ v3_ca ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [alt_names]
+ DNS.0 = WgetTestingServer
+
+ [crl_section]
+ URI.0 = http://intertest.wgettest.org/Bogus.crl
+ URI.1 = http://intertest.wgettest.org/Bogus.crl
+
+ [ocsp_section]
+ caIssuers;URI.0 = http://intertest.wgettest.com/Bogus.crt
+ caIssuers;URI.1 = http://intertest.wgettest.com/Bogus.crt
+ OCSP;URI.0 = http://intertest.wgettest.com/ocsp/
+ OCSP;URI.1 = http://intertest.wgettest.com/ocsp/
diff --git a/tests/certs/interca.conf.in b/tests/certs/interca.conf.in
new file mode 100644
index 0000000..5bf28fd
--- /dev/null
+++ b/tests/certs/interca.conf.in
@@ -0,0 +1,64 @@
+[ ca ]
+default_ca = myca
+
+[ crl_ext ]
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+ [ myca ]
+ dir = @abs_srcdir@
+ new_certs_dir = ./
+ unique_subject = no
+ certificate = interca.crt
+ database = certindex
+ private_key = interca.key
+ serial = certserial
+ default_days = 730
+ default_md = sha1
+ policy = myca_policy
+ x509_extensions = myca_extensions
+ crlnumber = crlnumber
+ default_crl_days = 730
+
+ [ myca_policy ]
+ commonName = supplied
+ stateOrProvinceName = supplied
+ countryName = optional
+ emailAddress = optional
+ organizationName = supplied
+ organizationalUnitName = optional
+
+ [ myca_extensions ]
+ basicConstraints = critical,CA:TRUE
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [ v3_ca ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [alt_names]
+ DNS.0 = WgetTestingServer
+
+ [crl_section]
+ URI.0 = http://intertest.wgettest.org/Bogus.crl
+ URI.1 = http://intertest.wgettest.org/Bogus.crl
+
+ [ocsp_section]
+ caIssuers;URI.0 = http://intertest.wgettest.com/Bogus.crt
+ caIssuers;URI.1 = http://intertest.wgettest.com/Bogus.crt
+ OCSP;URI.0 = http://intertest.wgettest.com/ocsp/
+ OCSP;URI.1 = http://intertest.wgettest.com/ocsp/
diff --git a/tests/certs/interca.crt b/tests/certs/interca.crt
new file mode 100644
index 0000000..6cbf0ce
--- /dev/null
+++ b/tests/certs/interca.crt
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHOTCCBSGgAwIBAgICESMwDQYJKoZIhvcNAQEFBQAwgZkxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dnZXQg
+VGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtX
+Z2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcwHhcN
+MTcwNTA5MjEyNDMwWhcNMTkwNTA5MjEyNDMwWjBiMR4wHAYDVQQDDBVpY2Etd2dl
+dFRlc3RpbmdTZXJ2ZXIxCzAJBgNVBAgMAkNBMQswCQYDVQQGEwJVUzEYMBYGCSqG
+SIb3DQEJARYJaWNhdGVzdGVyMQwwCgYDVQQKDANJbnQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCpFc5lZraIIP8PVVbnwSrE11p2kjVgzDPwIJ/bDYGd
+60VEMc2ehVOMtj3lFbAUu4nb6j7IbAGB4bUqg4BUVfRodvd2f1WsfAfhf3AUnpI0
+c+ytK8HuXSfv3s44+/iQJftLE0kTADZf9iV/GxdEbhwQXBWku0xU/mxRH4zxDGwZ
+6gurQ96Md6DVUgnZsnRgrukQikr9C5e8cbKj7FHLZgq9E+NlGppmKi8qGTUXK17L
+cLBEP04glOnMuRQKB6SCIoX+VCiw33hWYfzIiXDKFqcj0liYANyLbM9TiFITGyTj
+Jr+Ne1Lac0HlNd8vNeP6IPBjViNZ8Iw3GYly1i8li4THzo8VpXBkJlwOLEYSq9Hr
+ZJ0QzUbyzVTLdhlCBhFme17Z9PxQyBr+2A0Lp+r/oKdr+KfMYZN3tzV3YozSw5d6
+4uV2Nz9pVCmLjR8UAV6cJqJILAxCQRVs4Qs7Ko3mGWKWi3T5xxvFy8gQrNHg7+IN
+g+0OhsIkfHTGsfW7WGukGhfmispi6sjrbNABRws8Vlr7JcVNFS4uu4H3cVCZ3Rde
+9IduNYs0gqss4SYMAxKAz0/M7OCY8Z9obh7zIdsG1A2S07cv9OMsjgPhLiO/i4HF
+RriQtYR5sWZKkmZgmS68aJuh/JLijlF/m2HLbI5gSlgwuSAtKUj2C68mTrXZJ3Xl
+IwIDAQABo4IBvzCCAbswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJNB884gq
+c/+HoMtp4GsuFr1O1eYwHwYDVR0jBBgwFoAUF+2TQ4+npgB11Oi2gg2IN37AbQgw
+CwYDVR0PBAQDAgGmMBMGA1UdJQQMMAoGCCsGAQUFBwMBMF0GA1UdHwRWMFQwKKAm
+oCSGImh0dHA6Ly90ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwKKAmoCSGImh0
+dHA6Ly90ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwHAYDVR0RBBUwE4IRV2dl
+dFRlc3RpbmdTZXJ2ZXIwgcgGCCsGAQUFBwEBBIG7MIG4MC4GCCsGAQUFBzAChiJo
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MC4GCCsGAQUFBzAChiJo
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MCoGCCsGAQUFBzABhh5o
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vb2NzcC8wKgYIKwYBBQUHMAGGHmh0dHA6
+Ly90ZXN0LndnZXR0ZXN0LmNvbS9vY3NwLzANBgkqhkiG9w0BAQUFAAOCAgEAqUa7
+cQLhjXCAHiMT9V5+hzB/ngriEKC456htspq9RC/FWnYXZ+au89FehFunjy5qzbSz
+q7N97rCD2drSwn4B6uBymmIxU6iARmtcsPrfhgXHdvhuVop6yuXspoaU7+g1WMXi
+t0RGBx0FahYlggt8a7HnMu3Qz6v8llDeA3U2BCe5ui7mWTauj3bFv/pLW3sigvm0
+Cr3aBHpkIzfHU5D6EC3fKNXQNQruXCCIcBayNiaX+FJcK18sU8tRewiWo/VvffHi
+J89/oHvZnXkteT/mEyeAbjkPkNrmNQTmG69t/x4NdxNDe5ZrEpbEPE/6S5z+YP1T
+bXG7OeES2/+K3Fprwv/oCoeQdv3bBh4IcRhhE7KpEGnJOLfV1a5aRpVCz/0C30xk
+x5GYo0a+AkPAW3zYTaKQXIKDJLpAU6QJ13WaEjVS1EYnUE2o3XEjyZPJVL1y7VSd
+1gdk5MEto6RsVH6EmJBBaSiiAj6d1GbkmNku73FiUvRGk39WbGN9qfjrMPvGhAcL
+0GrIg5oQLOf0f6sdIU3TJkARNSmgSoLV+RatIEgKI+/i6FxlRdBPoGopPJkrh/gS
+stf93A7rFKWmYNKZOMhWXxyv14lwWhBi0bW9QfzavJse047v9X3UvRki06uWXH2t
+H51/0uT9gISqZ1CKDpnez4wrjACuKmfI9D2p6J4=
+-----END CERTIFICATE-----
diff --git a/tests/certs/interca.key b/tests/certs/interca.key
new file mode 100644
index 0000000..7a27172
--- /dev/null
+++ b/tests/certs/interca.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAqRXOZWa2iCD/D1VW58EqxNdadpI1YMwz8CCf2w2BnetFRDHN
+noVTjLY95RWwFLuJ2+o+yGwBgeG1KoOAVFX0aHb3dn9VrHwH4X9wFJ6SNHPsrSvB
+7l0n797OOPv4kCX7SxNJEwA2X/YlfxsXRG4cEFwVpLtMVP5sUR+M8QxsGeoLq0Pe
+jHeg1VIJ2bJ0YK7pEIpK/QuXvHGyo+xRy2YKvRPjZRqaZiovKhk1Fytey3CwRD9O
+IJTpzLkUCgekgiKF/lQosN94VmH8yIlwyhanI9JYmADci2zPU4hSExsk4ya/jXtS
+2nNB5TXfLzXj+iDwY1YjWfCMNxmJctYvJYuEx86PFaVwZCZcDixGEqvR62SdEM1G
+8s1Uy3YZQgYRZnte2fT8UMga/tgNC6fq/6Cna/inzGGTd7c1d2KM0sOXeuLldjc/
+aVQpi40fFAFenCaiSCwMQkEVbOELOyqN5hlilot0+ccbxcvIEKzR4O/iDYPtDobC
+JHx0xrH1u1hrpBoX5orKYurI62zQAUcLPFZa+yXFTRUuLruB93FQmd0XXvSHbjWL
+NIKrLOEmDAMSgM9PzOzgmPGfaG4e8yHbBtQNktO3L/TjLI4D4S4jv4uBxUa4kLWE
+ebFmSpJmYJkuvGibofyS4o5Rf5thy2yOYEpYMLkgLSlI9guvJk612Sd15SMCAwEA
+AQKCAgA4Wi4pmWvoPqcDIzwNjVGFvQhHUD89/ZCpzRW52eyDBzBUpAyVcnYABZTn
+Tq0am848XvuBrI1sDh9lBeK1ONh2IIAlHBcfn065FtHx7U9o7+HHbTf7C00OIsG0
+ODYFRMNVqB3ImV+F5/FjRVIh2li8ExSbjFjKUukiuFMu2ycEE/7Dm6EGS7BsqCTk
+SxeCSYkfnBeV8lEl2vbgrxgro9ycW46D2bPvrMt/SltpV2kGgI4ekMKnFTo+oshM
+93MadAsYUlAlcrUWhR3McBIJKDeYNriUIGVgimkmu94uw/MtSXK54oogiB1EGQpD
+H8DVUjkLwl+R0BvLGVW30i5wYulja2wJuYbY146+jxPkohpGQv7lChLnXN4HsJio
+W5TVqPii5EXKYm1LzuwIQba7EdvVLjA4I+b//qIADtEWA0sQZLiWLSk2/58WMjix
+pTbPhAy3xTTebCwz+mxMjZVQ3V2KHVvGUWq0x4rje/yF0mKIFt1CjUgTiUQ8DGSV
+MZhiqt6hV4ipo2/GUQLBzxiEr7H89vjsXnUBUb0BQCh6Ykg1P3hfoShxs62kEqtu
+b7huQhHL2ch3Cfb2gZ7S9UpO2TjnPpDyhyapJ/MmtTiHIhsts1DYEPLq4+n9FdC2
+FQYkRhR1OCtA+Tw1W4LvTu+57EgMMOdDJK1k+/j6+cV+9vRKEQKCAQEA19kMib0J
+lCTagMtVxPDfhWdAueREKTrEGBSyReWJHUqoR4AV34BxsL6fr+8BDpgs6GMTqSWk
+YTBz7KgyjSBQh2KgNwMAE89uIez4I8nTq5M92ZfqEZ98bn6ls3A4fwZeZ/wwrVd9
+OVeH54qrINV/wFyLRu9CIkyPXLia39cobotTZXu2d/tQaFG7JXkE4zj2dl6e0zyG
+Q5XE+GtAJYWpSPYd5N/J3eFEdoJDWFygM+WSHaYEE+iFbENyiWmDd3O/mHVqovub
+rFM/SMsWqfSK5MZVEpFSXPFIlRKLsZ2FiO6Dorei0NAp1VUriDELH0EVzoxErHhu
+S+2aN5WlYaFfnQKCAQEAyInb8T364UOHzUyz+IsDaxHOkGu8r1ZKDL5YJUg8wGMl
+LEUiyQJGf+RcSiI9tsH47XcptHpAIV745wedFzS2s6NWlAQCkdUKxIrtvA4bB7PV
+TJwy2uDCKtzzrSYul1rjpXoyIEt3Q4Ryd8gpa9eeRgWPkq48d6YOTcDw3C+i8VFo
+MyMzO8U3bj8vNR3/kE8id67XDWV7qfEtszhxVjYhgL7GyrP2ZeFsFNnrdp09tY0W
+aRGkzQw67Yq3tEDNCuNgtF/tNyr0l8DSjiGLqoIkh5wSH/MVz0crM4aPMaNvsTsb
+/+JQlrJF6EUVo1mwcqH87I2gGisQTP0rkxmhTsIbvwKCAQBKWRr2fsTD4IXbAy8B
+7S4w10X2Qegwg2t0F/zoEo5OJp8cMcRW/fkrNh3vDdZBXq1pRmdJRgv+5h+oDq+K
+6OyUFaa2DDSEnliDGwrF2Qkt+kO9pZQcieDkdn9A9ZCgQGNYUge6TX52t+26FYuo
+faHJcpcO0e7nvZNMDtJZ89SbbyZEuH47ibdCl5Rs7eh/E+nhD+qJPDnLIdV89ARe
+aFHNLelSIrt3z9YzM99aml0cQyE3US3qZZc/mWPkbRG5nYcLTrZyeVQ/4VTVEA84
+b2FAOAipoqDKHtovbvnrLiUG65EwBSzx3CHst6+M88eu9k46nRoyhjEHukn6h3M1
+084JAoIBAB7uBFpE8PjlbYCgn/Fpn3FYIb/sngF9EZa9lOLLLXOO1yDo2OCf1TfM
+hN96QIJ7kGUvx+LqKBH9j+4yImx92OAEBUp3A95yOWLu+pPSqSCa//786GsR12C9
+C2hdRzpY7luLaUfJ2+8x8mW/HYRgkSzDls1Myk658eLUK1IKltsZbzTT7Qb+9/mt
+DR7oLY6YZfyHnuuWB2jCpgXKYtClMK2mvwpsj0hPaFge9E4rGmVyCU7TRdPKWxxg
+FM1cYUOYpkWrte6YVXlCaDc7vUrjH7c6vyDmYSrDE0qzKkrBpmxzbXId+cgEXvvg
+C+JR5wEHMvdZMKRYl/8H3Tym61Y2YgkCggEBAI6yQmYwqL9ELqFfWxuqSQfiEoPA
+tENwVIhwhbGKje/FgNotgC+EjToQzBfZDVudOlnRyOTjgxfeZ5mtsdH9sJ278L7I
+mZmZezmAC1GPE4Ev8GZjpFYqcx0GYGy2pvlNea2Rt8Xnw2B+GDGPTf299djeRgS1
+Xnd0j9ltxTsmiOxF1AMYuMeg57jcUAAG0N81SrOASYc7P7DKpn8PGUim9szNccXy
+jcWEJb9WRLuGfrMTwf4gpb7mShod9A4B5TziF9FNxR5u7MMW8NItMRndqI+/2ylP
+e3MAV+ZhxtLs/sWOwcJk/rwhvRsbadzKhEiZPDYDDZ10oWWsCdeawp0VZEk=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/invalid.crt b/tests/certs/invalid.crt
new file mode 100644
index 0000000..0ab8ff1
--- /dev/null
+++ b/tests/certs/invalid.crt
@@ -0,0 +1,149 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, L=San Jose, O=Wget Testing Department, OU=Testing, CN=WgetTesting/emailAddress=bugs-wget@gnu.org
+ Validity
+ Not Before: May 15 15:28:03 2037 GMT
+ Not After : May 15 13:28:04 2019 GMT
+ Subject: CN=WgetTestingServer, ST=CA, C=US/emailAddress=ServerTester, O=Dis
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:b4:d4:0b:fe:35:25:05:a2:ec:28:c3:6a:d8:13:
+ f7:57:7f:f6:f2:4b:87:64:59:29:cb:81:93:c0:3d:
+ f5:2b:30:d4:30:4b:ab:e1:0e:5a:57:e9:ac:d0:ef:
+ 62:f6:a3:f2:d7:24:f6:8b:e3:54:98:68:75:bc:f8:
+ 34:4c:2f:96:6c:dc:1d:af:72:f9:c6:5a:6e:0f:03:
+ 4c:45:ed:0a:17:9b:ba:2e:f3:8d:7d:6e:e9:4b:3d:
+ 36:d9:7a:18:2e:24:72:5b:98:84:5b:09:6f:a5:f2:
+ 87:b3:0d:d7:93:92:2e:6f:68:4f:db:5d:78:77:c6:
+ 63:04:c6:29:67:42:3a:6f:0f:c0:e2:cb:1e:52:f3:
+ 11:0b:c3:80:4a:3f:b5:5e:1f:43:0c:04:c4:b4:f1:
+ 95:98:e4:b7:b0:4b:14:fe:1c:99:70:f4:1c:91:1e:
+ e3:9a:a2:ff:48:54:fa:3d:01:e7:48:6f:0b:3f:4f:
+ a5:45:b1:1b:98:0d:57:6f:15:a6:75:bb:45:0a:52:
+ 66:e6:1b:77:29:ba:c5:13:41:91:8b:0b:a0:6a:44:
+ fa:8e:60:46:8c:c6:43:de:67:46:1d:30:c5:ce:77:
+ f2:4a:53:c2:27:85:1f:48:69:c8:27:df:b1:71:09:
+ 42:10:2e:7f:b8:fe:85:fe:bd:39:2c:84:2a:10:a5:
+ 80:00:79:42:a8:6f:3b:55:08:f2:98:c7:44:e7:a0:
+ b4:dc:c5:c1:3e:75:30:cb:a9:7a:44:a8:a1:03:8a:
+ 44:cb:dd:04:74:54:91:91:11:2d:32:ce:67:2b:af:
+ 23:a9:69:35:39:8c:7e:4a:fe:d9:b4:86:c9:ff:f8:
+ 09:86:2b:ad:eb:12:74:2c:6a:25:29:8c:ab:13:68:
+ 9a:26:8f:12:2d:ac:36:23:99:91:7f:5f:22:3e:f3:
+ 6c:a3:a1:5b:fa:64:da:dd:80:81:8f:8d:36:5b:e7:
+ 8f:0a:0f:84:c7:6a:fb:f4:6d:4d:3f:ce:ff:f4:1e:
+ c2:62:d7:95:e7:af:f4:57:c2:b8:e4:ba:d2:18:1f:
+ 2c:47:ef:6b:b8:7f:e3:92:4d:6d:b2:86:70:fe:fd:
+ 54:42:0e:88:cf:9c:02:7d:a5:11:72:ef:6e:63:05:
+ 81:1a:00:fc:cb:b7:91:af:3c:7c:53:da:7a:54:d8:
+ 3b:98:e7:de:bc:1e:10:7b:fb:60:89:e6:40:13:da:
+ da:d7:d6:7c:f6:61:b9:82:33:1c:c6:62:06:6e:ae:
+ 5c:99:ab:1d:44:a7:10:7e:03:51:dd:59:97:0a:da:
+ ab:c8:85:28:bd:e0:5d:12:5d:aa:02:3c:1d:a6:0e:
+ 6e:43:18:b6:ac:4e:7f:f3:4a:2f:67:84:dc:7c:0c:
+ c0:9f:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ EA:FC:B3:3E:7E:5E:68:61:80:61:59:4C:D5:B7:A0:9D:1D:86:E5:97
+ X509v3 Authority Key Identifier:
+ keyid:17:ED:93:43:8F:A7:A6:00:75:D4:E8:B6:82:0D:88:37:7E:C0:6D:08
+
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://test.wgettest.org/Bogus.crl
+
+ Full Name:
+ URI:http://test.wgettest.org/Bogus.crl
+
+ X509v3 Subject Alternative Name:
+ DNS:WgetTestingServer
+ Authority Information Access:
+ CA Issuers - URI:http://test.wgettest.com/Bogus.crt
+ CA Issuers - URI:http://test.wgettest.com/Bogus.crt
+ OCSP - URI:http://test.wgettest.com/ocsp/
+ OCSP - URI:http://test.wgettest.com/ocsp/
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 3d:8d:a9:7a:8c:32:7e:7a:9c:c5:d6:14:d4:05:3e:49:50:d3:
+ 11:a4:61:df:82:91:c3:87:26:9d:fb:3f:2f:b5:10:86:22:f0:
+ 4e:c5:54:6d:09:33:17:3c:0d:aa:87:43:2a:89:62:c6:28:b5:
+ 4e:41:17:7d:57:ad:76:f5:3e:c6:e7:b5:3b:21:16:79:7b:a0:
+ 42:ee:59:88:16:92:4e:3d:8d:ec:8e:87:07:3b:8a:dd:55:1d:
+ 0a:f2:ea:aa:e7:20:6b:0e:4e:f5:33:46:34:16:8c:be:61:b1:
+ 6c:47:52:03:cc:df:8a:3e:cd:01:92:6d:1a:39:5a:d0:75:38:
+ 71:f2:b2:78:65:26:5c:c9:72:c6:26:dc:09:ee:b6:e8:b5:60:
+ d6:e8:09:d0:db:ea:c5:80:8a:86:c0:f9:97:1d:44:94:33:c7:
+ 73:39:d0:5e:62:e7:90:d8:1f:23:09:98:18:c6:da:28:b4:30:
+ e0:d0:6f:20:a7:a4:06:4e:ee:b4:ef:3e:18:16:0b:f7:46:f0:
+ c7:d0:6d:41:1e:cf:c7:08:78:f7:22:b6:a7:c5:40:be:09:61:
+ 5a:65:71:c5:37:33:f5:c1:8c:b0:c3:1a:d8:9e:a2:98:71:10:
+ a3:39:c5:d2:57:5d:24:62:dc:48:58:2d:1e:f1:29:54:a2:e7:
+ dd:86:09:1b:a6:b4:27:27:e1:7f:04:98:92:2e:e1:68:48:51:
+ 38:44:59:9a:3e:3d:e9:d1:69:db:eb:4d:27:d6:9f:a4:d0:4a:
+ 58:10:ca:b4:60:dc:52:5d:63:a0:73:9c:74:89:aa:92:40:81:
+ 91:0a:b1:ad:ea:d2:f6:bf:9c:49:ab:ce:d9:47:ae:86:8f:da:
+ 41:ad:ec:0f:2a:cb:f6:ce:0e:67:09:0b:75:60:16:99:cd:4a:
+ 2b:d1:b8:be:9b:37:58:4d:78:c5:67:69:5c:c7:48:31:50:83:
+ dd:10:40:b7:80:fe:d7:a4:a9:59:32:c4:3c:80:ad:6b:7c:9c:
+ 47:14:e8:74:18:e8:f9:ad:b4:dc:e9:f6:38:21:90:0b:58:60:
+ 48:a2:95:2b:a1:58:0a:52:5a:ba:5d:8e:4a:96:22:a7:8e:cc:
+ f1:db:5e:15:cd:e2:77:db:25:1f:83:ad:d6:10:98:1b:0a:b0:
+ 43:23:8c:14:65:72:8e:c4:b8:81:f8:a2:27:55:69:37:e6:fa:
+ 4a:74:30:fc:d0:31:e8:9a:67:cf:b0:59:e3:82:92:37:2e:f1:
+ 77:7f:ec:41:2d:9c:6e:46:11:65:b7:5f:b6:8b:90:fa:a7:2c:
+ 4e:3e:fd:18:c7:5c:6c:b6:f3:f4:07:13:66:48:43:b4:30:ec:
+ b6:ca:f1:3d:03:57:c1:38
+-----BEGIN CERTIFICATE-----
+MIIHNzCCBR+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMREwDwYDVQQHDAhTYW4gSm9zZTEgMB4GA1UECgwXV2dldCBU
+ZXN0aW5nIERlcGFydG1lbnQxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMMC1dn
+ZXRUZXN0aW5nMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZzAeFw0z
+NzA1MTUxNTI4MDNaFw0xOTA1MTUxMzI4MDRaMGExGjAYBgNVBAMMEVdnZXRUZXN0
+aW5nU2VydmVyMQswCQYDVQQIDAJDQTELMAkGA1UEBhMCVVMxGzAZBgkqhkiG9w0B
+CQEWDFNlcnZlclRlc3RlcjEMMAoGA1UECgwDRGlzMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEAtNQL/jUlBaLsKMNq2BP3V3/28kuHZFkpy4GTwD31KzDU
+MEur4Q5aV+ms0O9i9qPy1yT2i+NUmGh1vPg0TC+WbNwdr3L5xlpuDwNMRe0KF5u6
+LvONfW7pSz022XoYLiRyW5iEWwlvpfKHsw3Xk5Iub2hP2114d8ZjBMYpZ0I6bw/A
+4sseUvMRC8OASj+1Xh9DDATEtPGVmOS3sEsU/hyZcPQckR7jmqL/SFT6PQHnSG8L
+P0+lRbEbmA1XbxWmdbtFClJm5ht3KbrFE0GRiwugakT6jmBGjMZD3mdGHTDFznfy
+SlPCJ4UfSGnIJ9+xcQlCEC5/uP6F/r05LIQqEKWAAHlCqG87VQjymMdE56C03MXB
+PnUwy6l6RKihA4pEy90EdFSRkREtMs5nK68jqWk1OYx+Sv7ZtIbJ//gJhiut6xJ0
+LGolKYyrE2iaJo8SLaw2I5mRf18iPvNso6Fb+mTa3YCBj402W+ePCg+Ex2r79G1N
+P87/9B7CYteV56/0V8K45LrSGB8sR+9ruH/jkk1tsoZw/v1UQg6Iz5wCfaURcu9u
+YwWBGgD8y7eRrzx8U9p6VNg7mOfevB4Qe/tgieZAE9ra19Z89mG5gjMcxmIGbq5c
+masdRKcQfgNR3VmXCtqryIUoveBdEl2qAjwdpg5uQxi2rE5/80ovZ4TcfAzAn78C
+AwEAAaOCAb8wggG7MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOr8sz5+Xmhh
+gGFZTNW3oJ0dhuWXMB8GA1UdIwQYMBaAFBftk0OPp6YAddTotoINiDd+wG0IMAsG
+A1UdDwQEAwIBpjATBgNVHSUEDDAKBggrBgEFBQcDATBdBgNVHR8EVjBUMCigJqAk
+hiJodHRwOi8vdGVzdC53Z2V0dGVzdC5vcmcvQm9ndXMuY3JsMCigJqAkhiJodHRw
+Oi8vdGVzdC53Z2V0dGVzdC5vcmcvQm9ndXMuY3JsMBwGA1UdEQQVMBOCEVdnZXRU
+ZXN0aW5nU2VydmVyMIHIBggrBgEFBQcBAQSBuzCBuDAuBggrBgEFBQcwAoYiaHR0
+cDovL3Rlc3Qud2dldHRlc3QuY29tL0JvZ3VzLmNydDAuBggrBgEFBQcwAoYiaHR0
+cDovL3Rlc3Qud2dldHRlc3QuY29tL0JvZ3VzLmNydDAqBggrBgEFBQcwAYYeaHR0
+cDovL3Rlc3Qud2dldHRlc3QuY29tL29jc3AvMCoGCCsGAQUFBzABhh5odHRwOi8v
+dGVzdC53Z2V0dGVzdC5jb20vb2NzcC8wDQYJKoZIhvcNAQEFBQADggIBAD2NqXqM
+Mn56nMXWFNQFPklQ0xGkYd+CkcOHJp37Py+1EIYi8E7FVG0JMxc8DaqHQyqJYsYo
+tU5BF31XrXb1PsbntTshFnl7oELuWYgWkk49jeyOhwc7it1VHQry6qrnIGsOTvUz
+RjQWjL5hsWxHUgPM34o+zQGSbRo5WtB1OHHysnhlJlzJcsYm3Anutui1YNboCdDb
+6sWAiobA+ZcdRJQzx3M50F5i55DYHyMJmBjG2ii0MODQbyCnpAZO7rTvPhgWC/dG
+8MfQbUEez8cIePcitqfFQL4JYVplccU3M/XBjLDDGtieophxEKM5xdJXXSRi3EhY
+LR7xKVSi592GCRumtCcn4X8EmJIu4WhIUThEWZo+PenRadvrTSfWn6TQSlgQyrRg
+3FJdY6BznHSJqpJAgZEKsa3q0va/nEmrztlHroaP2kGt7A8qy/bODmcJC3VgFpnN
+SivRuL6bN1hNeMVnaVzHSDFQg90QQLeA/tekqVkyxDyArWt8nEcU6HQY6PmttNzp
+9jghkAtYYEiilSuhWApSWrpdjkqWIqeOzPHbXhXN4nfbJR+DrdYQmBsKsEMjjBRl
+co7EuIH4oidVaTfm+kp0MPzQMeiaZ8+wWeOCkjcu8Xd/7EEtnG5GEWW3X7aLkPqn
+LE4+/RjHXGy28/QHE2ZIQ7Qw7LbK8T0DV8E4
+-----END CERTIFICATE-----
diff --git a/tests/certs/invalid.key b/tests/certs/invalid.key
new file mode 100644
index 0000000..426a2ef
--- /dev/null
+++ b/tests/certs/invalid.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAtNQL/jUlBaLsKMNq2BP3V3/28kuHZFkpy4GTwD31KzDUMEur
+4Q5aV+ms0O9i9qPy1yT2i+NUmGh1vPg0TC+WbNwdr3L5xlpuDwNMRe0KF5u6LvON
+fW7pSz022XoYLiRyW5iEWwlvpfKHsw3Xk5Iub2hP2114d8ZjBMYpZ0I6bw/A4sse
+UvMRC8OASj+1Xh9DDATEtPGVmOS3sEsU/hyZcPQckR7jmqL/SFT6PQHnSG8LP0+l
+RbEbmA1XbxWmdbtFClJm5ht3KbrFE0GRiwugakT6jmBGjMZD3mdGHTDFznfySlPC
+J4UfSGnIJ9+xcQlCEC5/uP6F/r05LIQqEKWAAHlCqG87VQjymMdE56C03MXBPnUw
+y6l6RKihA4pEy90EdFSRkREtMs5nK68jqWk1OYx+Sv7ZtIbJ//gJhiut6xJ0LGol
+KYyrE2iaJo8SLaw2I5mRf18iPvNso6Fb+mTa3YCBj402W+ePCg+Ex2r79G1NP87/
+9B7CYteV56/0V8K45LrSGB8sR+9ruH/jkk1tsoZw/v1UQg6Iz5wCfaURcu9uYwWB
+GgD8y7eRrzx8U9p6VNg7mOfevB4Qe/tgieZAE9ra19Z89mG5gjMcxmIGbq5cmasd
+RKcQfgNR3VmXCtqryIUoveBdEl2qAjwdpg5uQxi2rE5/80ovZ4TcfAzAn78CAwEA
+AQKCAgAZRMBgR4Di5r9letlFVJTtrz4M4a0LwsHqZDMHXCEUZgBgt1JPYrgRLOAv
+WiRUHtjiY5HoPl4l5gL94xk7xDKbB69GQyTQKPbUNjvEUbllTyeXRAVzj7od/3HY
+tg0G9aTdU9S6+/iUEe4QgVCsmHLQspzmJIufASP5GM/UVBbiSitEBeo44SpyoGEe
+/wQTIP83gLsUJeYntV5NzlAiqlBuzk3noY9gnoJZ0zYcrFVrc8j4keKgeH1IpCSh
+qz7VmNOu+5DReukN9cFwTWtPKNLDxtvUZXO2XEZDn97WWWhqz6wV4tpwt1OFxPJp
+UAL1rruCk1zZtwd2b26738QZC2d1bUdWwFo/d100cihzgvycMNCERne37ZDl4/NA
+izm1nfWraYiFcbAMXLccnt19SWvPo1/UgtHVutOgTuV/dHnLq4iBktUnbiwnHrn6
+aVchQeetKtVYtjDx3ioP1v8vnYtZiKh7TSePVrOZPQah4H3wqCvxawdRFsK4jSXq
+KFtCCDaspFcIcbkPnfRnCnojFnXwso0d0o3g0sY6RIRmkIrdzbFTwtYPTgiTP7A+
+F2LMjvAdkEQFHPop2vtji9tlMdNSK/zlG4M74Vc68IKa5/JtsnN+TjCkVlQ2uwfo
+/NJnGANZZZm3kpS+an7XrwJMo8WqWt35jS9i3mt0/awzTEVAoQKCAQEA4jvWInF/
+PK34RUzrVA4Xc5QCkVqxbcSu6+V2EKKLhS15eqp+jaBhUSL+d8e2oTIYCIEf2YWK
+7lrD424NR/i93TlBVdkg4AjZ6yvjFRqdK6+6NjINvgObkcdDMORrPxE5h2n1LoO0
+efHwRD3Ae1PHOgSPZHNHL75lfH4wzQOmHsBm6Oucu9DBFa8mAhFONrZOSFsD6cbi
+6B0Qdpz/Eb0MrNF8pJA0rupe88Jg1d6/DX24TIUMaKEd3rbqb3YENBw9mPlT1Vr7
+VHvR9oxyZgQ69sx9BblBVilyXoxtZclL1ebx/03zvzZ4v1PgP7x4eW1Upz8QyaBh
+KFed6yrzrJYc5wKCAQEAzJ7VNzxzTMfKgw/Ps3Y10qHTigyZ48y+6tMFGoc5ecul
+8zsElksR35D0wBsJHmoVLs0JFH2vsuWPFqAaS34o3ayaXhMOkD6PuwKN2jJOckxn
+3Urh9dQ5S0j2L4ektRt1dTTJrYDTpMShBEAuYBeDEiuEVYH+ccnPLhL7Tz/Kwfkj
+cfjo1WwmU3JMo3hSuEKRkdchYdS6F9sHeC04qjYzJSyKkvuularZN8alkiR8xJTx
+9iwjst0K9JEgL/pe3KvNx1ukh/jLPB3B6RtUhy5EWlT/IsO2MUyn0GrBRvR+CugF
+LdND4zJQEMy1FRdVjch2HZjOBuNCW5YOjvtb+NVzaQKCAQEAy4UC3Vd3HFJxD37k
+EWjf5gTXzoVlKpeOuP5jGRHxK6y+JQDt+mC2S3SMsZrDi/3xquzmhxvg4Q5cPOQL
+JJz7yOEyCpXbQlAUIsEHdzvK+rsKbKjYvgCm2h0FMB288S6Ar3Y9sEuhdzaUa/+V
+ghzbFDF4AejGuIey6qznH/fRYMa7jXwwMrHYkbZQHfoNf6C/ic3/Fjbqd991qQ8R
+U5bbqTiHxc9I5bZIF0fdL2lEPFHGE2h5wkJ3CZ1KB12G6I4jR9O8fCpuARGm0AKH
+A4l4tf891YFT6rw8fBweajwNce9h8sfgqDrLo2tESHI3ex1E03QjmQ8jeFRh52Zr
+ce5VLwKCAQAxUyBmnkXU/lxM16Tjx90VlzjdEEiQZyymgpO6X1p1h6fLSDDE4fe/
+ArxdCqdaE4xjqb1EmT+fSkMB2zo7dH/5X8AeaU2ba9lN5UG4lWPfnZdz+rcZgT0G
+buIZdwM3PRVFWaI8Fs/t6hA+bBJBy6km2iKeUiW53EH7A0xdQC1qMNpggPXvbJCY
+kPb0eO7HyBQ7Kba8VIE/eucECzKbpVES5vfIkq71GSgfj90dq3oAET96bg108l/P
+sKQnrJztaOTD581zkX+8UBgMTzBDHd4QQGj4QmFK5QWW8gUBS7KOgnutHj5BKEGw
+qwgDu4o+EVKXs9wGQQYf+b4srV7wTtPxAoIBAGnAVJA9pLhXHG0ClgbAyHDyK/uG
+/OSDkfJwLtauYs5ZpLIe0wnNJgDUWs4Sk/1UpedZeg5YuyjGJsBwwOLKmv4Smxgf
+2/j7mEU6otSeIdgGwrWdCGbQij4tWE0g6KehNbovOZm0dpUPw5LZqynWbkioSP/L
+qFSGfxvqdwYM0Oe+GI6gxXA9OU6kzZcXXYiq08eFaRWHcrksGHL84tp4T3OoL/Xq
+EBDHD8byyvCcOTb7aAopAA+XVWZEACeHbAHbyoD8t4aXRVWSddOBix/tM5aSIcvb
+G4I/tnbAb23NFmgLNxsUEg5zE0NklQx6ogt+OdEHmjTbDFCAnPFYEZ3Romc=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/revoked.crt b/tests/certs/revoked.crt
new file mode 100644
index 0000000..6884513
--- /dev/null
+++ b/tests/certs/revoked.crt
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHOTCCBSGgAwIBAgICESUwDQYJKoZIhvcNAQEFBQAwgZkxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dnZXQg
+VGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtX
+Z2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcwHhcN
+MTcwNTA5MjIzMDE5WhcNMTkwNTA5MjIzMDE5WjBiMRowGAYDVQQDDBFXZ2V0VGVz
+dGluZ1NlcnZlcjELMAkGA1UECAwCQ0ExCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcN
+AQkBFgxzZXJ2ZXJ0ZXN0ZXIxDTALBgNVBAoMBFNlcnYwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDOQ+DNimL/GtTaZZotU21lLk4tZnbLrgJkBjlIWQvU
+N91vhjrQqJDK7pwojk5kKZ4RL+ZBPdd0dYgXMNaDflv9mlwlzTIwy0nveY7/APML
+R4p+PtbmKVP3YXe8kLmgkJklWntu6iCVhESO8PJ/It2KUS6bgr/M2zXN6HiPlgns
+IyH1Mo+Nxtvs7Hz+Qc+37rctmgtSR25qfQtqK4MmzeAGcMIG3JRlVT6B1cjlOmIJ
+23+KCd24tng3+G0+4u1FnIQS0Z25yrPWSvRSZJE678zQDDxzd6gGsuQbG/fniTIt
+Csj/9SV+6C12ZIl/j5snzdNJtb72s5BlcTVIiTXXwOxx+1/IKvTRCpGUDF+7jLHF
+68jIIzbP7z2lSWJz70MDzZoyT63rgnlakrwwcvWK45cCuyHVrItPDOcPbiVfJYP7
+OSafzC2NqtK+JdY5/RWhEJIgm86nbPvZCIh9xAVpVXg4NXLvPBW+hwN1V5GFY6Pk
+9LG2IYEedUabHtojFC8JK8A+cHFsVn1Kur5Gn1aqp/lYotIKZ1hWryFB6gmOfK6J
+RI1Vrj/j/hSfFY5yZFRcb1qlP1Z1yi6X6WFlIU10JRB9qr1Pc5ohDDN9fwtL/n5b
+gzPP22NsOcIomf5PdPTjmI2JKe2cQRPZkatNoKqFmgPy6gR+jm2auQkKDzXhP18+
+xwIDAQABo4IBvzCCAbswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqTa7LrpK
+PiP4/zI29dHqqxgv/SkwHwYDVR0jBBgwFoAUF+2TQ4+npgB11Oi2gg2IN37AbQgw
+CwYDVR0PBAQDAgGmMBMGA1UdJQQMMAoGCCsGAQUFBwMBMF0GA1UdHwRWMFQwKKAm
+oCSGImh0dHA6Ly90ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwKKAmoCSGImh0
+dHA6Ly90ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwHAYDVR0RBBUwE4IRV2dl
+dFRlc3RpbmdTZXJ2ZXIwgcgGCCsGAQUFBwEBBIG7MIG4MC4GCCsGAQUFBzAChiJo
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MC4GCCsGAQUFBzAChiJo
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MCoGCCsGAQUFBzABhh5o
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vb2NzcC8wKgYIKwYBBQUHMAGGHmh0dHA6
+Ly90ZXN0LndnZXR0ZXN0LmNvbS9vY3NwLzANBgkqhkiG9w0BAQUFAAOCAgEAPUgd
+LtrK+WYYhSJkvsa7pB6hUmZFMiqs1/uJqz8b8Q6uX33IXyg5zmFU07d3uOrFYSXi
+MFMhpw2A/D+CbPECaPEWGXII8dh9WlomxpjpZABZ/cmeG2SM7BxVwjIjACscXogJ
+A/Gm7I0hhvYSZ/G+kFbYbSf/Pj7Rz/4KW6WSwwQK23ab00MXBM6jWEueAeWebzeW
+rzWgyyy+GiqgLqQAKQrYtD51uF5Co+S0e2wazORLakvdF/USCBQwX+Pla09Wyf+b
+0HBqNjuxQc278/69Xp0mg8k67oUrWt3zgJ8kDhNIGvLnCB+0595G/z+7+mxdEztc
+BavKAMEDWTSCClwxO6lBQR7+oiNWdaaqHP1SS8sckjtt2jTbmjmRzWWkU+xSIlt2
+waIXS/BYRbyhLuWfxivvRjS7eQogeSP0rtZj/upBwM4xKVPF0bal/LMyEfrY3qV5
+8YXXFhnoVr7q3t0YaioIZXY35QcA5aR+P4XyLnzCTVuKUi172BS8KJBXMijEXxta
+rRQxtHLQeYB5eP/MaC2qMJH/OMR3A9Z7sXYbp/YuE+V/MxcGwAoHWKxMeKtdF420
+HGeKfzMla6uJQk26VEFAt+TYV2KUriPWyL/IPDzAjrSPMF9ZDIMhqELjFYCRGPwc
+X6txpIEgZCGdJWK0H3et8ZSe469AED6oqTfn44w=
+-----END CERTIFICATE-----
diff --git a/tests/certs/revoked.key b/tests/certs/revoked.key
new file mode 100644
index 0000000..2f41605
--- /dev/null
+++ b/tests/certs/revoked.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAzkPgzYpi/xrU2mWaLVNtZS5OLWZ2y64CZAY5SFkL1Dfdb4Y6
+0KiQyu6cKI5OZCmeES/mQT3XdHWIFzDWg35b/ZpcJc0yMMtJ73mO/wDzC0eKfj7W
+5ilT92F3vJC5oJCZJVp7buoglYREjvDyfyLdilEum4K/zNs1zeh4j5YJ7CMh9TKP
+jcbb7Ox8/kHPt+63LZoLUkduan0LaiuDJs3gBnDCBtyUZVU+gdXI5TpiCdt/ignd
+uLZ4N/htPuLtRZyEEtGducqz1kr0UmSROu/M0Aw8c3eoBrLkGxv354kyLQrI//Ul
+fugtdmSJf4+bJ83TSbW+9rOQZXE1SIk118DscftfyCr00QqRlAxfu4yxxevIyCM2
+z+89pUlic+9DA82aMk+t64J5WpK8MHL1iuOXArsh1ayLTwznD24lXyWD+zkmn8wt
+jarSviXWOf0VoRCSIJvOp2z72QiIfcQFaVV4ODVy7zwVvocDdVeRhWOj5PSxtiGB
+HnVGmx7aIxQvCSvAPnBxbFZ9Srq+Rp9Wqqf5WKLSCmdYVq8hQeoJjnyuiUSNVa4/
+4/4UnxWOcmRUXG9apT9Wdcoul+lhZSFNdCUQfaq9T3OaIQwzfX8LS/5+W4Mzz9tj
+bDnCKJn+T3T045iNiSntnEET2ZGrTaCqhZoD8uoEfo5tmrkJCg814T9fPscCAwEA
+AQKCAgAEWkxZKg1ywrcxMKmzQSpy0ypVLO9e1vo38CWvUCm+vbsPim6dTqFXlvd2
+p6Ih3Pr38+HRCKQOUhigHKi6N6VrUaGWLqFbhD64LgGFghie6VCT33Gbg83Az66+
+LPOt3r9MmX83VPuBDDyCI7WKV0sDizkHkRfJE+srwDcjGJB3CjrCOOHspQCpHEh6
++RqQEBqPfMu2XcmHt8HQ6MAoxnluyVxe1rLO/KCIDuHhbHz7JkWnvROPvVIGJFjx
+1coaCPaEiyXf8NYgtI45WuPxsXPKBCgWa7UBBy9nHwz5Ntz3NF4PgLXc2rty3yZD
+qd0lVuOZj5tLC3kFmwD72eFn/ys+JtIw9a2wwQ1sGbNa764yY4T3GWLJ6HgHHhPk
+D94PC7wfBFzoZtUoZrE0T4XP8TrM730SERj0HCNfURnYlYR6mqj+0pVTHZaeXEho
+NZdDgdWP0b8v+EZky1L5pgM761GtJ9vKHZMMBj0/hVULIkpVcf5gs5fwGiXzj/o6
+CcSoLP4JvFm8nINH302dBzS0o2bW4fZehvRtiapdu6kXE9k7ZsnpFcvMCxmtHJGd
+p3yRyhqO5CEMVJOVJSpNQqRueyd8X6QRbuFsGG+FcBOTe9DxIcdzKkwHRAo1osRw
+mPF85QzsgF7tWw/AoYzi5FupLud7HUNg4ucQS6NZdKM+DvEzcQKCAQEA7tPxo01m
+z3MAJdHtyG8PE66SNCXBDyoIYhXl1EiYppPn75jjOnaIK0sRSJF9DX6rt+7OX6Jd
+InhqEJKFk22pJ7lcACBZl0Obg9RBTd2hNKWkH5oRvPOHwGC8NF34HDxpgY6utw3Z
+LiLr8nwLZkd7FXGi6GFL0wB2YQhXqn2cJvPSgnNE8HQINU5OHfEMPRhikat8+OoJ
+ZVgm8kQ5N7sy6Up9G2OCF8iV/qkSLYyVATN/5SZmLohSWlSJZIfMJe1tEexSOQEM
+8wQxgBaJNqBXeeEOR7XIrbCcc50ZZ6INzR1Hdakyd27Qi8gOJqCKkAOS8bwlGzMb
+5Na7xm4/GQn5eQKCAQEA3RiO6x66Pmsuz4Q+2+3sZFipX9D1GRnMRVSsgd/HjtZk
+8NkaGXI2NA5GdVXmZrWl/65kAcDsh93+rv1X7hKYkTkpOE+G1Zkj8mLgEN3V0nh9
+WoPcrqthzvRNUUuklJCuxAGA3mgKIUuSW4oBnBgop5EFtz9Y0aai/wP0gdAp4/7S
+CR2g910KgvDtbsAp93hTBrzzu/+Engar5mdZKvqCl7uOxWqSmeaPD1tucraDX0e5
+rd3KE/vXd9RSlcWiJmKkqEiNnsQ2XnwjiE0jJdJdH5z+Vo7OqfexXDsydtFKrmke
+2ZQ+eajLU7iXipiYpM+wWkwGGdUFdJAi+N7T6KUqPwKCAQAe03Zt+JCbmCFdwFHr
+vAH7LV4rou/fUDKSznbCxrgFUDPwphA2PJRo2iCZ+EVm14G8lPNIPsG8sEQobXEW
+TWI3AWLRlVta/dv10RC4xzGGhRbBCXbep6RO/W1taO+cXWPU2CDO+dedb956hu5F
+vlYxt2AqlFxgGMAu2A/QrrPYB0KVmeE9FAz3LGtCzBkjTaFzYeoYisS5sv4b6Rhl
+jCEPIZEyVs602SwbGaGCBZI5/Ha2khVATlIq3Jx7QFfmUVXxqUoXl34fY9wrxzzg
+syN3VMguE1WaraAUACQGT1FutyfBFRyxc7kxQZop/DDGU9/Emd9EOn2QNPM5soMs
+bTApAoIBAAZnMaxphWdNX1uvLsrbxx7Y2n7l5FNHxfy0CRLx0iu21dGL2A+omR1E
+1JGNXVDYLeiLumW6mp8MtNWIjMVeUIDUMPdqhjMlbj8U0fxrEEg6KRc3/moomHqP
+5LVYBXov/n+6s2q9hJ2WPLTd+FH2+SZxMsMt2Hqp4sqT6L7hsnTh6l9NNl4zmZxV
+MeslMZHzMCRf0Ic/TS3ub4gKsjBmdOXEDsx0264NWVNOiJJV6tQVlbENXU7a2lCk
+G4gu4xVNggtFnqRcdl6iJb1KzpvHzd6eg1cqZ53QiJhtNnbudMU8UiJnArAvTUQt
+cmYXKUSMp0TWMs8ItlG74udmPKjeL60CggEAdUp2FbZZEB3/G8tR7Z5slF925zXK
+N8ku/qOUEk3d76kcqYi9XJLmyJAXu9PhQnsN8DpfThOqJUXCh9xtk+1AiHTdXk8m
+BP7RE2oI2aoT9lO0ozwFJBFRRCkd6zTtYJYUbwIk1nayro83xl/AQPF2wRm5unKU
+xl5KJ8I2GCUw4Bh5Gjwk21y6XpPsjO8tfbO5jrAIQVTqab3hAcBouwQNsxNpunJm
+BaP+XYTBNM+HVamwLwDQgtVxPb8WUX8TSTuFv99jpWBYhlhq/OUcbo8f1D7miIFt
+b6UYNl1ofvBtqjlNz3NKJ+S57AN+jcdQfOG8xAiKPWCj1QnVc3aJdr+8bQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/revokedcrl.pem b/tests/certs/revokedcrl.pem
new file mode 100644
index 0000000..f863d66
--- /dev/null
+++ b/tests/certs/revokedcrl.pem
@@ -0,0 +1,19 @@
+-----BEGIN X509 CRL-----
+MIIDCjCB8wIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMREwDwYDVQQHDAhTYW4gSm9zZTEgMB4GA1UECgwXV2dldCBUZXN0aW5n
+IERlcGFydG1lbnQxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMMC1dnZXRUZXN0
+aW5nMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZxcNMTcwNTA5MjIz
+MjEyWhcNMTkwNTA5MjIzMjEyWjAVMBMCAhElFw0xNzA1MDkyMjMxMDBaoA4wDDAK
+BgNVHRQEAwIBADANBgkqhkiG9w0BAQUFAAOCAgEADReMcnUQbWyXE1xYcPHlSAfh
+bBBY2w7e/CUeuCXaalaM9cfdMz0trR+JApdoBg/g+UV/+q8xYXEeQM7wKXOXOax4
+tYpS3+EdCpm1r+e4hhuGBMp01qtoJD8v5y3a77ujXWldgCEJHz05qjtpBkya775V
+w1UzLsbh6DVgrwSEOgMJHYfgJHuPwfD4PpCTSbAUSwNrHXIbDG6zPVyoBpl8WRCc
+4uDWVeh2+N0fmTucbm3x1dBnOol1JXI7LvnVDr+mtQVcHLD9OknNylmLOiuMrpmc
+9PENMdbgRKA4kkHcV9lg37elYubaIBA48Vkssnr90wU6nITLabojWYNEspjqQejG
+QOE78ASG0bS8O4vKxCVx4pX/ZQwcO9BeCnuIOsTlV2KUYiCA6yxNPkPoBjpdfOAB
+j3hu+Jk3S0aX6At1AHDvmtWErEnH4B0gGopt8VJL1ZBEglb9rUIg5OlbTr+x5vIX
+7FVuxhZYSxl1AYGqajmcLIwvucidaIlwtgFGeZR8GZ0y3aFdIoKO8V+wyNEPjI5I
+i9tvavJ23nlYFTQJwNgESIR0voipoiiYeSa8cED28rHfkQvnY2iNsCO+ztxZvC70
+4K0CAIbfhYx1eeIakeFFHdIGPSXf+oFGomij0yt3bZC2h4sFhsr7sYUIMb5KlSSW
+mZ3uHBLaS0xQ9p1vSRo=
+-----END X509 CRL-----
diff --git a/tests/certs/rootca.conf b/tests/certs/rootca.conf
new file mode 100644
index 0000000..fd63a44
--- /dev/null
+++ b/tests/certs/rootca.conf
@@ -0,0 +1,64 @@
+[ ca ]
+default_ca = myca
+
+[ crl_ext ]
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+ [ myca ]
+ dir = /usr/oms/src/wget1.x/tests/certs
+ new_certs_dir = ./
+ unique_subject = no
+ certificate = $dir/test-ca-cert.pem
+ database = certindex
+ private_key = $dir/test-ca-key.pem
+ serial = certserial
+ default_days = 730
+ default_md = sha1
+ policy = myca_policy
+ x509_extensions = myca_extensions
+ crlnumber = crlnumber
+ default_crl_days = 730
+
+ [ myca_policy ]
+ commonName = supplied
+ stateOrProvinceName = supplied
+ countryName = optional
+ emailAddress = optional
+ organizationName = supplied
+ organizationalUnitName = optional
+
+ [ myca_extensions ]
+ basicConstraints = critical,CA:TRUE
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [ v3_ca ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [alt_names]
+ DNS.0 = WgetTestingServer
+
+ [crl_section]
+ URI.0 = http://test.wgettest.org/Bogus.crl
+ URI.1 = http://test.wgettest.org/Bogus.crl
+
+ [ocsp_section]
+ caIssuers;URI.0 = http://test.wgettest.com/Bogus.crt
+ caIssuers;URI.1 = http://test.wgettest.com/Bogus.crt
+ OCSP;URI.0 = http://test.wgettest.com/ocsp/
+ OCSP;URI.1 = http://test.wgettest.com/ocsp/
diff --git a/tests/certs/rootca.conf.in b/tests/certs/rootca.conf.in
new file mode 100644
index 0000000..ab6e8af
--- /dev/null
+++ b/tests/certs/rootca.conf.in
@@ -0,0 +1,64 @@
+[ ca ]
+default_ca = myca
+
+[ crl_ext ]
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+ [ myca ]
+ dir = @abs_srcdir@
+ new_certs_dir = ./
+ unique_subject = no
+ certificate = $dir/test-ca-cert.pem
+ database = certindex
+ private_key = $dir/test-ca-key.pem
+ serial = certserial
+ default_days = 730
+ default_md = sha1
+ policy = myca_policy
+ x509_extensions = myca_extensions
+ crlnumber = crlnumber
+ default_crl_days = 730
+
+ [ myca_policy ]
+ commonName = supplied
+ stateOrProvinceName = supplied
+ countryName = optional
+ emailAddress = optional
+ organizationName = supplied
+ organizationalUnitName = optional
+
+ [ myca_extensions ]
+ basicConstraints = critical,CA:TRUE
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [ v3_ca ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = critical,any
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+ keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
+ extendedKeyUsage = serverAuth
+ crlDistributionPoints = @crl_section
+ subjectAltName = @alt_names
+ authorityInfoAccess = @ocsp_section
+
+ [alt_names]
+ DNS.0 = WgetTestingServer
+
+ [crl_section]
+ URI.0 = http://test.wgettest.org/Bogus.crl
+ URI.1 = http://test.wgettest.org/Bogus.crl
+
+ [ocsp_section]
+ caIssuers;URI.0 = http://test.wgettest.com/Bogus.crt
+ caIssuers;URI.1 = http://test.wgettest.com/Bogus.crt
+ OCSP;URI.0 = http://test.wgettest.com/ocsp/
+ OCSP;URI.1 = http://test.wgettest.com/ocsp/
diff --git a/tests/certs/selfsigned.crt b/tests/certs/selfsigned.crt
new file mode 100644
index 0000000..41e24e9
--- /dev/null
+++ b/tests/certs/selfsigned.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgIJANAKYgHn6Nk9MA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMTXlzdGVyeSBTcG90MQwwCgYD
+VQQKDANEaXMxGjAYBgNVBAMMEVdnZXRUZXN0aW5nU2VydmVyMRUwEwYJKoZIhvcN
+AQkBFgZ0ZXN0ZXIwHhcNMTcwNTA5MjI0OTQ0WhcNMTgwNTA5MjI0OTQ0WjByMQsw
+CQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAcMDE15c3RlcnkgU3BvdDEM
+MAoGA1UECgwDRGlzMRowGAYDVQQDDBFXZ2V0VGVzdGluZ1NlcnZlcjEVMBMGCSqG
+SIb3DQEJARYGdGVzdGVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+2Zc7ZtsoPrlnQLTfMTrfuH7ghL6OrNVPAGpHQ4N+ddJwkF52lQXbeo9JO+09HF7s
+VFnxTG2+0Ld98kcvY3Ylco1Sxl18Bdjzv13sIJtgh7HyuRJ6Ryq2LZGWLKPBaGq1
+G2bBO4nUmsJLjj/1KqKxjk38iJ3Sf02nh8MhRGr8OHFSTMf9pPKW6hibXbsMUVyQ
+2u2RUXbvEtR1rkInWAVhEo97Row0+Z1+ZiqINOcBgpQl0sWh204dZqqi/y3uBbLQ
+3MkenioCb/udLdPRsileVhhwnrq6/0M/YhghMyI9Y+ajQ90h6tM10iyrILYzMCLx
+FB+3iReEJVX7Sy9qaqLJmTttxD7yqReCAxsrdDp1ZmrkQWLRAqBRdZo8RahkfdTu
+wa/fNuwuFFnMC8w/UgCWgDOEH85n4asRNlufYz+GXTsYybiH3klkAe9o09/Cm+zk
+pcX+zcHUkw6aZLC4VbKHNfyKDbWqTMzS66C2Ln4g9p8Zk0KJIvcmVG9uz/zjVIwM
+BWrbEawjMuejy+HUNcaV9CoaBFquwRJd4hlsE6FEryo3k1hEtDancobXl0XLsylU
+SMKMPr6PHjdxt+PdUhL79VNUJT2k35LqLKvtWZAuTOOcfjm0uXSDUC4GvW+onD7L
+n0XB/m4Gqm55EPLnDJgFYdEylvozglg+hSuoywab6NkCAwEAAaNQME4wHQYDVR0O
+BBYEFJF+Iyz8/pwx50cqFXckWIXoat/AMB8GA1UdIwQYMBaAFJF+Iyz8/pwx50cq
+FXckWIXoat/AMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGRKLYCQ
+W+pdPOF0ojwrufYNbF2qryjJU7OzT7HbdrQOFZ+vcegi5rpZXOsFENTh0gdbI+M3
+FwxDIdyF7CvaRS1uMoTboqaqAzTy+gVVW/6d+UdOdHhJTpduhtQi3gtNvqzdkUpl
+01rX+Da6/jy4kPZfJap3mFPQLVvqVmcvJEcgHVOyB5/23RWS6TSEX35O3De9pnha
+XLqliFBQ/Sqj/2vZmkHBEXdNRfwfw1dHIcxmg25YTb6tyvrKURpXN6suDJEO+M6h
+9IVRv9qCNtvVHpo/xUxwjf7ZBHnGdcGl8AaAoIhRF7JTTGoRX7VAR+DLa5jHMAE2
+BmXzt+HHPMXZiQtzcUUcWc7+a740F8kM03CUMcz8sB4xzovGsZTLJ64afRFP1yaf
++1H7efbrogVjtpGzreWhJ8I5UXO/AoMjwUgyjjHb51KVRn6VrQfDHtw/hrIZVryI
+y8wOH0qzMK2JhB2oh1JvmjhtGxkWlqDztttfglYJENuMf8m/DxsmkSPksSnm8GkA
+El/GdocnZhl8vl8PcqzJ0nNn6EOTiZe+urGxG0r50ckVD+km/J7b56i+Gow46UH3
+Kkp69X9FHDfh3akaeU5chRfH99A/ehtdalD/W5Dy/hA9giA19foPUo6wKBE5unqz
+bfjzK+eNfIkER5JDL6hZQICdjiqa2+IzUnG8
+-----END CERTIFICATE-----
diff --git a/tests/certs/selfsigned.key b/tests/certs/selfsigned.key
new file mode 100644
index 0000000..d6d4a59
--- /dev/null
+++ b/tests/certs/selfsigned.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZlztm2yg+uWdA
+tN8xOt+4fuCEvo6s1U8AakdDg3510nCQXnaVBdt6j0k77T0cXuxUWfFMbb7Qt33y
+Ry9jdiVyjVLGXXwF2PO/Xewgm2CHsfK5EnpHKrYtkZYso8FoarUbZsE7idSawkuO
+P/UqorGOTfyIndJ/TaeHwyFEavw4cVJMx/2k8pbqGJtduwxRXJDa7ZFRdu8S1HWu
+QidYBWESj3tGjDT5nX5mKog05wGClCXSxaHbTh1mqqL/Le4FstDcyR6eKgJv+50t
+09GyKV5WGHCeurr/Qz9iGCEzIj1j5qND3SHq0zXSLKsgtjMwIvEUH7eJF4QlVftL
+L2pqosmZO23EPvKpF4IDGyt0OnVmauRBYtECoFF1mjxFqGR91O7Br9827C4UWcwL
+zD9SAJaAM4QfzmfhqxE2W59jP4ZdOxjJuIfeSWQB72jT38Kb7OSlxf7NwdSTDppk
+sLhVsoc1/IoNtapMzNLroLYufiD2nxmTQoki9yZUb27P/ONUjAwFatsRrCMy56PL
+4dQ1xpX0KhoEWq7BEl3iGWwToUSvKjeTWES0NqdyhteXRcuzKVRIwow+vo8eN3G3
+491SEvv1U1QlPaTfkuosq+1ZkC5M45x+ObS5dINQLga9b6icPsufRcH+bgaqbnkQ
+8ucMmAVh0TKW+jOCWD6FK6jLBpvo2QIDAQABAoICABF+ZCs30XuBgnikUhFuL1Bw
++vIRM/1XRPu+j64w4zjry1sADT6b8vJelL+5qiEezJdXh9viMuYq6nhRGtE/TXFx
+RUdnerIpqCcpkPNqKo+eUeppPuV73Ju7SbybCdCwS5FBaKW1xh8PIe303GwqGmZb
+hMMjFSpg/ugeWw1aIJ8VFU3RAmaBjnqRseQORsY/z/GaCgXnrv7vj+qLrQgZnp1U
+Zc/dM+EhtWjXYI4ISInMCWJxuzqbhCed7m7frXRN1Rb7IHgM3pdMPm3RytktFEWN
+v3gzgRdGu9DSKdEnnpHqmBO7sp9jjb8xEi0WGPV0ybcZebMO7fPmfsajsEWUguql
+8kAwq6DkoQXPm8uMHoYaJhs14X2cJhITLccVWccCF7DO52y/KrL/k6QICnqTLtZq
+mdzwdOLCKXews0IeK3Ut/VEEi/+pMpAjdmxnSEv8lPKyLE8moOoxU/xdegUffn+j
+BwmtqFamdP817MzypPbfujR/muuM4+XNMTt8t81WvQtL7/7ZID3NUN4m+XgtJy++
+noi8etnANgT2jMATvzNIAAh3utbcP8mA7HGF7FT7tyqYkOd/1VxlY4kYl7d6Au1S
+75qmiAd8c+yBOS/y2E34HrrPuIcEdttyOhvhAiHJZuJ7akkAk0uLPJ25RK0qCYzl
+sO5rtWaqBfBCS3fts6gRAoIBAQDy0Aw0RrxZxB0XZHb9Xl/whUASFwxlSn2whVSV
+4eFL/bhpWhrKXsAwQ9HsI5q1vPOZIlzssVUnjAdN8tTiMiwGmgv33PJNnZBs8opy
+upTpbBpk97D847phzkJqCkuAmLaYEpOovVBBDN7xhgzu7ZcT+lLiSDCtQGIwgI+O
+TxhDJOLapLYs65ujVPSs4rO0DYh9cC4t4CwJv8JS7D3e1xnrnL2RA5RrrLgfphxU
+SQzrRyo3eXgjHC67KkeBBSi978IAE3NFBzyo945us/KxePXhIU0KlWmH0gHDNNcv
+0D6x4kod3UgDxep4aJnYZQKEfNI7xZo1zCkrFmwQE4s9HWSNAoIBAQDlaIKysObZ
+iYBXjw8fWhA2DImAsgS6C/Y/uBhS2EzDTtxaYV4VTTUNwijiwXY0F2sz/1kkk3WU
+LJ5bH2wjoRZEQu5xRvhdCJnullwxxVqvRj6O/W2SKkincbrpOukIzDCC/pvhlg0T
+P603bDz9J7xoCgIlfihG6adezS4eDtC8z4U+FnJgBUJcIZWTHx+CdSMMN/twmsc4
+VyGkgMa45EcC4JT53bysSkaKFKWh+2Pri3n+x/M403cBEW+zHh89UWtaAnn+UN6a
+S5TOahOj9JukJEZk8HB6R0u9rkfaZZ12uTzyBdP2T+ck8S2AUy5uvkzdAFfuojdv
+4nXlU1sJHRB9AoIBAE269G03x8wkz/tRGhZ6Q9RHk/82ia1Tb3E2/aENsoYVLxfq
+1HC8bGIHFAi4TSqo1oLLUVwkWNJULXJyrlvLG/TxE6vBe4AFVNrLui6INGuVQ83W
+zT3n2R6+XNx9dzYvrSR5rfNyx2JLsIM5GqLSRG8Mz8PIwGx2E/ja7xnrkCTOhiDg
+YcF3m1dqNvmxiT22p18grmfZP7/PN3I8VoIj8hRPFRB7SOQ/YqIfFyqUSCJ5obYo
+mKEEwKECI+nVsPk866oCkAAlFPIybdJaoPLXej8b3gHpWuM0A4RuQgT4cVmYy4lL
+8WXj0e/B7J4tl+S54MNpurhGJ1e30dhDqWtjIXECggEBAKVMNtB2swAQGY/9ntHi
+XUf0pKc8njdIIzkqdyxKepVIH3JoMhh7Nz0gp8Er0PYb4bznwt2d+ty3gar66zqI
++bhZ2eF5V8ABUJkfcnLSV1Nv8+eoJ+ln2k38nscrEXqrVlEtEDjtm6JBAZirvw5S
+MWltvLozOuZNubGPeiliV3mUtddU6TjS0Uv9Tv9hL50athQ5yk0K2X15Gt6jg4z5
+v0kNdYrNAQPLySP5WJdswkSYjWDNxi0uAdOdMrUHgU73ebizjB95OcxHpYNN37UF
+rZgKI0bcEM+qy6JzD4cILPu84XMqS95xGIX/2d9bEFvvdwbPFoz2CafurzB8bV4V
+uSkCggEAQRL390lx9uI4csLTTCUSa3Fl4BVPseqKlyadoxyzTMDyxAPxktw0vzht
+OyQdLssTVjL/0cHEBMnDawddk5L+1UF7izwhZinVtTGDvn5TC2elk+bJ1aWMQ5qg
+yUPdFbeLypmRlDUU8lJxppHcmrMY7/eAmOYAJTXn7Ygk030S6Hv1npSCtpyT1Stv
+CMtiE8bDaTv7qN2RJjPcvZ9xMB9GFcIdVpw8pf5jXQeci6kOR1FPW1j9DOSMAdf4
+0xPly00agfZxG/kkmL2rBrTGOJLYI8tgGpjPciJaSJ4NArFzxJbDG1DFw6GNKzBU
+qNaPYEH/kYsrfWzp/w1WMUpPdbl5iQ==
+-----END PRIVATE KEY-----
diff --git a/tests/certs/server.crt b/tests/certs/server.crt
new file mode 100644
index 0000000..0d6d155
--- /dev/null
+++ b/tests/certs/server.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEsTCCApkCCQCFKV9Q4gGmRjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhTYW4gSm9zZTEgMB4GA1UECgwXV2dl
+dCBUZXN0aW5nIERlcGFydG1lbnQxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMM
+C1dnZXRUZXN0aW5nMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZzAe
+Fw0xNzA0MDYyMTMxMTNaFw0xODA4MTkyMTMxMTNaMIGaMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNXZ2V0IFRl
+c3RpbmcgU2VydmVyMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAYBgNVBAMMEVdnZXRUZXN0
+aW5nU2VydmVyMSAwHgYJKoZIhvcNAQkBFhFidWdzLXdnZXRAZ251Lm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXGNSzoaeTX3B34xqiKuVXc2YzL
+/QQFexj+dyJ5XwwDF420gEv+zFjy8Y9wiGZ4rgHzF2TviNCoAy7ntlltA9Ab41jk
+CikwbZ9R81qsvmxc4HXRNgiKadNIb7BYNh6HljJjOSclkbF/LypJtdF5g7b6Qron
+ME/UuDIYLQV765emZh+2h/BJLtTXU+8n985gC+/9dw68WjLnWk9REzHYZPFU4UGK
+bCx+h7M/cVE5uIWjDC3Uq93jCweZJ8UFbmAnwlER8fXSEzy2SK5yqlRu+st8ae5w
+ZQAgXSeHF0jZ/lUgZBlq2QnqfzVlDd26CXMa/2OLZo9qUIoS/c0y5qLghTUCAwEA
+ATANBgkqhkiG9w0BAQsFAAOCAgEACWiOsXM9Mu+mg0+eGAlhuHP4/nOR8nFrZ0A/
+RaBwsW6yBSZ6NAHLQKhApm3TOgxrMFM82hB+L9AW05p6dz6fHm25ajJKmefsbAGi
+gqhBdEI9GJJKj6Wm5od7MT9jZ0z5edcPFXqnyapLXYJHps+Sm7ZJ81Mt/sTDjQCb
+6I/Y5yQW6KomjtqfMIw6miOqXnabRDFN8CQ6nKzFBMviQVBn04G+pQRCJ5//4bSc
+33erZb56C36xTnTXiIXKo6LkVhH+TG28dTxRh8d+xBYbqe8ZR9aCoCVVn7ca3UZZ
+iQBOTfVKMRVUthHo2ntRs/jE5qhPYXA1km5rvUE2+sSIUdoqol4JTshK6bzt6VN9
+1bDKkmJa5IqcXEjcXADEJA62Zcr+I/8D1KxVf/CAPvtT1z4EqCWOeKk1uMjURZVR
+BbFmjJ76LZ65YFTAJBm0EdVG917Yd9jsC8zCT/Lb+LFLuecXpBBp9tCcdp9z1MX+
+Pw4Co54keMBWXQeOnrtg8haGTXSwTOOp0F5wmWdUKjiwjhxanTgJZMZTjfcMLcNS
+1GIhFt7sIEnc/PkX6vBOIeyFBppw9So+YYJE2MOsKaUvi+IX5XJXZf8R73k1+e0d
+V8sKjQoYVDwavJSeOx19nJVKQa8fEvv5t5tPES3UlZ1FWAdKVEpDECiEKyQEfkmK
+jQ9qZJU=
+-----END CERTIFICATE-----
diff --git a/tests/certs/server.key b/tests/certs/server.key
new file mode 100644
index 0000000..8f75db4
--- /dev/null
+++ b/tests/certs/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA1cY1LOhp5NfcHfjGqIq5VdzZjMv9BAV7GP53InlfDAMXjbSA
+S/7MWPLxj3CIZniuAfMXZO+I0KgDLue2WW0D0BvjWOQKKTBtn1HzWqy+bFzgddE2
+CIpp00hvsFg2HoeWMmM5JyWRsX8vKkm10XmDtvpCuicwT9S4MhgtBXvrl6ZmH7aH
+8Eku1NdT7yf3zmAL7/13DrxaMudaT1ETMdhk8VThQYpsLH6Hsz9xUTm4haMMLdSr
+3eMLB5knxQVuYCfCURHx9dITPLZIrnKqVG76y3xp7nBlACBdJ4cXSNn+VSBkGWrZ
+Cep/NWUN3boJcxr/Y4tmj2pQihL9zTLmouCFNQIDAQABAoIBAEXCOlP/O58Lua6m
+Id2Z90THns5NOrF3QGY1k5bSWGvJDoSVZFBoQzK7hIw0Qq59rvq/4uBzMgg062UB
+BAZGhroAf73gHFi4ju0whuMN/83IuQ55SNKcqE/kEV5QSsjHogGrU1ks71AmmrOH
+/ibvKkYpgGDSrPdACSN/tCFYANcpQtzbhkFXRqZ5JSIQyVCE+XLrZinxI6D23XVe
+5qMpfBH1gnKfBPf86UCI+iVTdNIC9sLp+C5MoSKCWMvYzKlQqbxVgulEdcOq01U7
+Sq7ZU6/f8QuTjd3d+WGTp2ZxFf2H+2XuKNVl9akp2exap+/JEj9Et0jMIN5Z9zHa
+6bTDMPkCgYEA8uO+VAAq4R1WJCTFpYy4/gzJPbQtxVxOMGBnxgAW+4G0jv+BiqiU
+WrQ6Rtcyfx8LFB/z1tExfDSJSpTw8wd3j19a/sMqACwCgkudmi8dzKbH2Y9U9DCz
+IB++zaQVKgJNE1VEsuySpf9HzQKBJGhO4fNMzol6YhlQT4ex7gSrFyMCgYEA4VAl
+p0A6798a9rmUGhNSzn5IcO2unpS7IYDTqKv46oIQ1rKKEiawugni+F1gL9StK90g
+NvDREiaM0eKo9QlhUzqBBSsNBVh4UVadbOpBOqyM6CUE94I4H199SwfzPuCILYa4
+01syaosJ2SRUr8S101x7U0VQ2SCYq38as27FY8cCgYB67dr5RrBtCNz9JANIW2WR
+ZsU/Tn7P4XzNLS24X3lCR44rxZM5q0KSeZ75FZdAEWUZBWby9SN3elt1/NXKGqBf
+VuKGCB6swZlvenfEfk41sr95E/rqL++otYhrKb1waoO54jEH4YYDL6WWU8sqswQh
+hXL9IUVoeulTpxjdn008QwKBgCxCnELwoSNBxoA1EFzW8utRb1WPuz+3o9L/BZUa
+wzj99+TVCb5rD0hcbNOxNBXxR1tYgt2IDOnt3LfWOK55+z5oPbQQMuyb5nbD9wTQ
+N6QZBU0NCJ6+W9v93BUDKMtvPBEFaAVM4uh/C542PtSQZc9xWWCQO0OL3bHCtDIP
+ToM9AoGADJ+6tYMTBEHhJyZxqD6oZgHTAqfA6HqKP5UUCpQ8G4IEedEq+cpQSFM9
+Wez+ChUdeDCaFSOeh+8o/u4w3x44g7GyFdOL6lGV6YjzGk4WkbRwqJWW/AKV0htl
+Fby2y2PzLnbLGKnt7nGTxag9l28NwbGppy7Kex8jVYcQP15djCg=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/test-ca-cert.pem b/tests/certs/test-ca-cert.pem
new file mode 100644
index 0000000..c399954
--- /dev/null
+++ b/tests/certs/test-ca-cert.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgIJAJlGYwAp0+gKMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMSAwHgYDVQQK
+DBdXZ2V0IFRlc3RpbmcgRGVwYXJ0bWVudDEQMA4GA1UECwwHVGVzdGluZzEUMBIG
+A1UEAwwLV2dldFRlc3RpbmcxIDAeBgkqhkiG9w0BCQEWEWJ1Z3Mtd2dldEBnbnUu
+b3JnMB4XDTE3MDQwNjIxMDEyOFoXDTE4MDQwNjIxMDEyOFowgZkxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dn
+ZXQgVGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQD
+DAtXZ2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvHmnQlY58T/PcZeR3ntBp
+6YYELxmYTjrdiHLpa1HvDDkwYyVCaWxhi8R5mP/cUt7aZ0BrNMCVTy5/cEzl/w9R
+VqERKDB68ZU0ku2A4YmDFenlyyUuVZhn5reovUUlhWo8p+Ir+1vwGyDPM/IQKaUJ
+6tfDWVD7fgVzfpvDm8XDqKB6BvzLPk3n3K9mndv2KihTUnnJFMZOkSYaFStQ11Rz
+YwR7ZvAuISB99WZf2hzaYiovB9G0WMky81vpmvjbKWVYLlpV5Inzq2QiG4tFBEP+
+ebLc1H9PGd7vrgGE2cn78g1XXpR8nPUDYF4UGFs90ftPqNDHcHFENB7DrpB7wRIa
+5ZrpKyNbCGIKX+UnVR5Ra32mMM2pPiR95ZDNkqdsygLuHAsyaaj1+wvrmM81H2Jy
+V/kVcFqnf3+C1aX2+hu5OL7rIskEYG8HgWwWxE0NW7Q8zTrBR7D932hM/7f8Yojx
+SeqJP7vpGULeVzJF0CTksoWh+D1s+Q2b93DpoMW18VMTig2NFetQr3DdJmySed7a
+g694qgY5iDv1P/CWBSj75TDBrw3Ji6PJxWES+ox29frxrCWtAjEwVI5zJ5qIZW5n
++BYir/tVloMkYSmeby9eSmTLGENZrepBwuocpvJ1yQRosdzYG42MjfI2JhlTFWvw
+wdGCsFqsRcsfPTJqu801QQIDAQABo1AwTjAdBgNVHQ4EFgQUF+2TQ4+npgB11Oi2
+gg2IN37AbQgwHwYDVR0jBBgwFoAUF+2TQ4+npgB11Oi2gg2IN37AbQgwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAewaQ/hmPbjNI7FFNM63M1qnWHK+t
+Zsm5qHWMk5WkcdavsqpexGDc3VxBYFzqqEjlCTseMgsNZ76FENZeNGNFtKScUHuR
+J6Fp+pqEZJ9AoQy8WbkDuFjsKs+En3cMvqy4QUqVOFrKg1PKJEWlqvonMs+apzvJ
+0bjj5Aj2w906XvpKYTnfR6QHJC5ZP5xTorJWLvAwWl0ZuqxQKT0fXKcPeAlE0c4b
+3eJ5jFXPIFkYt0fJcUnZp6QJv608/METl9x+rTYfRsD6kQGC+281C19PxBacTzxH
+fAjsesvP7t7pPlh+Chdd7w1QqFg4UUH9NfIkiq06UtIUoQHfCgT1FvXoFoPiRR5f
+5m67jGE8Sn04nnGhvHnN03kOuwK/VIniLuHdWw0nwLBWIEpzZPbIQQSezoJd7ViY
+2zBJQCtp1ewEDOXecBL+8CNIUXTiFoOxP/YMuLruoYB5dkLpIFbscHp3dZJMScoz
+XJQHh68KH0oRm+/FnK3MLxn56nbwoV4uhdIr5FgLglh7PUfUa2wavFjhi3MY50qD
+SsvoCmBny/N2KJK2tEBIGWbdYy1XBF/l8xaORdT/M4ILYV52Wf2AYy9NTYJxiB0V
+LwVGbG5plMbJiBFDOZcram4pQrG6k21t2Xv2lkVf1AvOlx4qKfUN04TGWXwu5dAP
+pnv5yEwOelBLq7Q=
+-----END CERTIFICATE-----
diff --git a/tests/certs/test-ca-key.pem b/tests/certs/test-ca-key.pem
new file mode 100644
index 0000000..bc4afb5
--- /dev/null
+++ b/tests/certs/test-ca-key.pem
@@ -0,0 +1,58 @@
+!!!!!DO NOT USE THIS KEY FOR ANYTHING !!!!!!!
+!!!!THIS FILE IS FOR TESTING WGET ONLY!!!!!!
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEArx5p0JWOfE/z3GXkd57QaemGBC8ZmE463Yhy6WtR7ww5MGMl
+QmlsYYvEeZj/3FLe2mdAazTAlU8uf3BM5f8PUVahESgwevGVNJLtgOGJgxXp5csl
+LlWYZ+a3qL1FJYVqPKfiK/tb8BsgzzPyECmlCerXw1lQ+34Fc36bw5vFw6igegb8
+yz5N59yvZp3b9iooU1J5yRTGTpEmGhUrUNdUc2MEe2bwLiEgffVmX9oc2mIqLwfR
+tFjJMvNb6Zr42yllWC5aVeSJ86tkIhuLRQRD/nmy3NR/Txne764BhNnJ+/INV16U
+fJz1A2BeFBhbPdH7T6jQx3BxRDQew66Qe8ESGuWa6SsjWwhiCl/lJ1UeUWt9pjDN
+qT4kfeWQzZKnbMoC7hwLMmmo9fsL65jPNR9iclf5FXBap39/gtWl9vobuTi+6yLJ
+BGBvB4FsFsRNDVu0PM06wUew/d9oTP+3/GKI8UnqiT+76RlC3lcyRdAk5LKFofg9
+bPkNm/dw6aDFtfFTE4oNjRXrUK9w3SZsknne2oOveKoGOYg79T/wlgUo++Uwwa8N
+yYujycVhEvqMdvX68awlrQIxMFSOcyeaiGVuZ/gWIq/7VZaDJGEpnm8vXkpkyxhD
+Wa3qQcLqHKbydckEaLHc2BuNjI3yNiYZUxVr8MHRgrBarEXLHz0yarvNNUECAwEA
+AQKCAgEApUnNkoU3QfqtMCA0bvvFt9IlHpneTLW6NhNucwdLBJjC+fr61h5vn/qu
+bh+NkMXfdsHyOb5G8CcWuk6jJouCR8G+sVT/vWt862yrI/S9OK9cX/tIkt1Txu4r
+9+b99xZgWfQUNHNCKfVRGIHtPngwQJYbJVWObHJcbtDX8N984Nqu7b7eqG+cVPcl
+z3O8hDLycQLt1G/5ZXr3PbMxeVJlcavKNTfKB6BY7MrN4Dcc+LujGVUGCHWtIpw0
+6t/Nd/8wmvTVazEVTJs/HjplT7VhADaaLnmb2GuQ0yWoZV6zmUy0bvzkpmH3mUJC
+SjFbHZSu4ldzCGwHXNrdFtITqdtoW81Tj+b3EsqNlB2u1I8DpOMR8vMGy5f0rYhs
+Lf4Vmpvggw4bzLeu9A6XStxiB/wExn1QlQd54X1zfhssoF/pbu2RtCujn+y3zYCd
+2c9gqdN5MaGsr1NSYUPilj39E4S4FwtGnZGIYhClglToy0sMB/8lQvGIz0WRRfSG
+g+LUuiWuqn95ZrnSJvTSYCvsH0OB64IWpd9sHtu/P8Cjms3B/nIYjbG5gj68m319
+AsK1uFAqVmlGYVJVzgND9B9Egd4cODlTSsncEUQlS8PUZaym50FoBuO4vN+IYrZO
+H/yL6+hq3l/va/xlr4ZMEiBdEAiSj7g6XqQGzTgOz47RJn1FAGECggEBAOi8Moix
+SGHhxpJZgeHuL2FgBuNT9GVDoTNbUtEoZ7NsJd4BG3MjbZFluFoSfFiawAqJ3e6c
+ptUSiZ1KXN1gvMwVkget3MyenEzohYczwYOQeREAeRVr25Wq8cegvLaDFejMclCs
+ILC80BaGbVcAmJMdOBzLVqtY/7lps0LWpGd/6KYXTm41erhWJkvx+Vt0uPKVzGqx
+Ijjh/DSc5eX5BIdn2bYHLRu/xqfnX2kSH37PSto55ROSu8D8YwjaOdyQ1Hha6+O1
+Q6E4d2HliYqv1WaDHjyAXjmlP/3ob5f3QdXbqpB1smGPimK3hiZB0sYgdUI3yW9c
+NkynqGBeoTSPjG0CggEBAMCfyVJnG1fCnFZFCtPawYKK/IoMNyYzgIKomlcBdF/8
+J8Gwr6jcFBbdefT+VypVO0DywPrIFppDzjGEmZarFRgXsspGBenQQrZTPG1eUldY
+U89ODTsYNk0AXdctkMvAFSfVbA/4pnXAiXzKeEDk2YOhDYP1Y/T9eZQ3AI+LNeGO
+1Oqd9hGgsW0rqVgW+rCbUTezFE5J+2zbzMu2XnJieueG33iaVMpHzqnLLe27SYcI
+7VmgttZL4eL6/klPHSKC8x3y1c2T88d+HAuW+mB+bQ2iQWYfM82SyxjTER/7jpTy
+Zpj/mibgt2cQxVowWFmMMOLXczhpu/GOgRxxCXVQn6UCggEBAOa30vzxiskGMn1Y
+4EpifnPw50MrMkfFEKRB70rL3GnhV3TK8jRlNbSC+4vHcZ/A4YpQ/EMU5sqp0uSs
+GH2Z7e//nkGgmRf8UQRpKh5LL5bGfU5egqq6vveTfJajARGJyAl9zAGvccTjmQIL
+h49NVvPYbo0VAzlgRDrBz2T+NgMoqTEmP6k/uQXO2a5GFiYVA1fxKrHGIh/z37sk
+o0Aladj2Gby7RnuQ1VYUJ+CYh8KFqzXFWRPbTefWDDN1axD+PrOFpv2Y749+09Kn
+438qKsqyRyJBO6e360VBzIcBJjHkzyTgmNLgopaUSxfX/yRMfxIDDd0os+ev+Vp3
+1SWu/M0CggEAWSvfZCFNPCRggWN27rpPaOJ0pGehRDMFY/cvc+W9fQ3bTcRAnXg8
+aJVg9vSjX3qTcq6ufaoRJJsNIklTXLeYjU2zPAaMiEAcEhGYYL0Qe1Ttf4OPhnLf
++GeaCZoTdO9YG9emLgKa9NoMC9QjNU98Dn6JJjR8cJbDKMUJomn8qI2ZrX8wwdpV
+KMfUnm4M4aMVRybE2LVRCoT6WrfzIxrJ8NK0Mz2m0PnLBzmC6pIQKM4OKrbGzY/V
+Y2F0RHW2dBqQ96VKKuA6M3kC/K6I/BCq5WvewKrjLWCuWrCjNd4blIJe0qdJMoRH
+AxR1eBn3XIUUwH6i3VO9aMbiqEr/6OpI7QKCAQEAslqWEcRSL8bxXTVs1Jqip4wW
+lbJoym+zXhMLiqxCbMukClkkCdaI+lxNVdxs4MpACHYRAhHwVvAujz5JcgiMjSRC
+IK/JGu9uVkSriA/YJxmmMPvTYI1bmT1lT99HUqhzM5COuSFJh9D8cfpHJSUC+6rF
+1U/YcdcrZAMl3UH30XdsJLc6l3L/0gyseohwWT76dSqqOOathvNM5PsE8jNzPEo7
+VUdfrrDpEw0dPjk4IF8cpC389H1j8lnwxkWQtHHhXZTXHJlC9xYPa3PRsRn18pJy
+vxz9r76vJ3YJiQTxv8MKw/AaQrNDZng0Ff5kqQAqc/q/CvHdb2pur8NTsS/09w==
+-----END RSA PRIVATE KEY-----
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!DO NOT USE THIS KEY FOR ANYTHING !!!!!!!
+!!!!THIS FILE IS FOR TESTING WGET ONLY!!!!!!
diff --git a/tests/certs/user.crt b/tests/certs/user.crt
new file mode 100644
index 0000000..f1a6d8c
--- /dev/null
+++ b/tests/certs/user.crt
@@ -0,0 +1,148 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4388 (0x1124)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=ica-wgetTestingServer, ST=CA, C=US/emailAddress=icatester, O=Int
+ Validity
+ Not Before: May 9 21:30:44 2017 GMT
+ Not After : May 9 21:30:44 2019 GMT
+ Subject: CN=WgetTestingServer, ST=CA, C=US/emailAddress=usertester, O=Int
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:b9:ed:5a:89:c5:8e:20:a2:8d:c6:ee:0c:62:f6:
+ 9a:65:4d:da:3a:04:27:b8:23:cf:8c:1a:5f:1c:79:
+ 09:1a:e5:eb:57:82:f3:48:66:b2:74:bb:95:a4:00:
+ 87:5a:27:88:57:7e:ee:80:87:ec:d2:ca:89:86:53:
+ 0d:79:f6:9c:66:e0:19:ad:78:61:8b:20:9b:3e:da:
+ b4:42:3b:bd:b8:62:f1:0e:40:26:73:f2:e5:eb:6e:
+ 89:de:d7:26:63:11:cf:bc:30:8a:7d:ea:e1:a1:9c:
+ 9e:bc:e8:5c:8a:50:7f:c8:cf:8c:8c:09:e2:ae:1b:
+ 3f:18:1d:54:7e:6a:a8:ed:a9:04:9e:fc:fc:48:47:
+ a7:d5:a3:de:f3:ac:63:4f:40:ee:27:de:02:0d:f8:
+ 6c:fb:98:dc:73:f1:c6:bc:48:7f:fb:f4:3c:8f:7a:
+ 57:7d:ac:76:51:d7:8a:c7:7b:81:65:37:ed:cb:99:
+ f2:c8:6b:8d:88:10:9f:ea:e1:23:58:14:40:0a:bf:
+ 67:f7:8b:e9:cf:56:dd:f8:5c:2e:35:86:a7:fb:20:
+ e0:8f:3c:bb:20:f6:c3:c3:e9:9d:91:67:15:65:50:
+ ba:d9:6a:75:1e:93:a2:cd:66:ed:d0:58:bf:bd:1a:
+ 7f:ed:de:25:ff:03:fa:82:ab:41:52:34:8c:3d:6b:
+ ae:9b:6a:3e:05:2b:3f:87:88:0d:8c:a4:04:0a:cc:
+ b1:f6:0c:02:3b:0c:98:47:6c:1f:a4:0e:d3:ce:ef:
+ 5f:e8:e0:23:64:84:04:64:ad:d0:18:44:b0:93:7c:
+ 43:f5:5a:2f:8d:d6:43:ed:fa:a1:e8:da:42:e2:cb:
+ 56:c5:28:e7:c6:1c:b0:04:3b:23:57:76:7d:20:b4:
+ 30:b1:9c:69:54:7c:45:db:1b:7f:8e:83:a9:89:7c:
+ 59:32:30:9b:70:7e:bc:b3:33:96:89:33:c9:6c:fe:
+ 79:b9:06:ed:6b:e5:70:65:9f:ad:35:e0:13:0c:27:
+ 17:4b:70:67:e3:95:f3:a0:90:b6:fb:06:4a:33:21:
+ 4f:7b:c4:ba:a2:b3:47:bd:cb:3d:88:3e:46:31:27:
+ e3:83:f8:8f:25:54:83:a9:63:a3:1b:33:82:7c:ea:
+ 78:2d:60:10:fe:54:a8:d5:cf:a1:c4:e6:8b:0e:a5:
+ 98:5d:f7:1d:6c:36:35:58:72:9a:81:06:a7:ed:7d:
+ 3a:ae:99:62:4f:af:d2:88:c9:ad:32:b0:55:aa:ce:
+ ee:0e:5d:70:2a:84:a8:ef:66:a5:a4:3c:c4:f1:96:
+ e7:e4:05:7c:8d:c1:a5:ac:7f:54:3c:bd:b3:7e:1d:
+ 31:ad:d5:c2:73:60:db:23:c6:29:9b:d3:f9:4f:d6:
+ 7d:f7:ed
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 6F:00:AE:EF:A0:15:4C:5C:1E:A7:B4:6C:8F:5F:1F:DD:EE:C6:6C:11
+ X509v3 Authority Key Identifier:
+ keyid:24:D0:7C:F3:88:2A:73:FF:87:A0:CB:69:E0:6B:2E:16:BD:4E:D5:E6
+
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://intertest.wgettest.org/Bogus.crl
+
+ Full Name:
+ URI:http://intertest.wgettest.org/Bogus.crl
+
+ X509v3 Subject Alternative Name:
+ DNS:WgetTestingServer
+ Authority Information Access:
+ CA Issuers - URI:http://intertest.wgettest.com/Bogus.crt
+ CA Issuers - URI:http://intertest.wgettest.com/Bogus.crt
+ OCSP - URI:http://intertest.wgettest.com/ocsp/
+ OCSP - URI:http://intertest.wgettest.com/ocsp/
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 4b:e0:19:75:65:2d:0c:fe:d4:b6:3d:a1:02:8f:3d:89:a6:6b:
+ 12:c6:ee:e3:79:a0:b4:af:fa:15:97:be:35:f7:06:00:39:ba:
+ f9:30:e4:55:d9:98:fc:a5:b7:54:22:52:71:3a:35:d4:3b:9e:
+ 00:1e:5e:bb:8b:4f:21:bd:c7:df:7d:65:4c:cc:32:4e:ab:51:
+ 95:e2:59:b4:09:c2:78:8d:bf:ac:3b:d9:ca:9e:dc:39:ac:95:
+ d2:91:f9:28:31:cd:93:54:db:7a:f3:c8:a2:76:df:a0:b3:8a:
+ e1:00:31:a5:ba:f3:3e:3f:2e:b8:7b:cb:bb:a3:61:83:5f:6a:
+ ee:37:88:2f:89:a5:b6:79:ef:3c:c1:e7:cd:0b:5f:51:d4:de:
+ ab:85:97:f5:8c:8d:d6:59:1e:e6:db:a3:ab:1d:1d:5f:fd:ba:
+ 70:39:97:a1:0f:b4:6d:cc:1d:5d:49:41:9c:12:9e:b3:19:de:
+ 64:ab:83:2f:f3:bf:6f:26:14:e4:be:1a:50:9a:78:22:99:c0:
+ 39:35:ff:b1:45:ea:d3:8f:0d:ed:3d:c2:b0:77:71:26:12:4a:
+ f0:81:83:d7:c9:f2:0c:e8:c2:7b:9b:96:7b:06:ab:e5:ef:ac:
+ e6:34:58:ed:d3:9b:a3:b9:9e:7e:78:16:6e:ba:21:d3:48:01:
+ bc:3e:5f:6e:56:63:cc:4a:f4:e0:12:5e:8b:68:73:b7:3a:0e:
+ 1d:cd:44:15:6e:5c:f4:fd:8e:02:f2:a4:37:ce:08:da:5c:86:
+ 26:57:65:30:5a:13:29:08:ab:0f:f6:a6:ab:99:de:f0:c5:bf:
+ 15:a1:30:ea:23:ca:af:0a:8b:a4:58:8d:12:4f:52:27:fc:52:
+ dc:6d:9a:66:0f:43:c7:28:29:92:92:da:e7:9c:5c:fb:29:e6:
+ 31:06:81:a9:8c:51:86:d2:a2:08:bd:76:fb:61:4b:8e:49:48:
+ 9a:ca:a3:04:6c:dd:59:32:e1:41:f3:09:0b:9b:c0:60:64:34:
+ 87:21:cf:33:bf:17:14:c2:d5:05:0c:4d:21:8a:4d:5e:13:bf:
+ 32:c7:59:bb:48:de:82:15:8e:24:93:4c:c8:8e:e7:12:86:af:
+ 69:5c:5c:d8:a0:90:80:64:74:84:bb:ce:2e:e9:11:06:96:ed:
+ 52:3a:ba:1f:48:a2:13:14:d1:26:e8:a2:13:6d:2e:ec:ad:28:
+ f5:74:da:d7:7e:5e:eb:eb:4b:8d:3d:73:c1:ac:38:20:52:e6:
+ c5:72:fa:7e:e0:6c:fa:21:25:42:f8:fe:3a:1d:0a:4b:c1:ee:
+ 3b:36:61:b9:58:ec:09:4a:4d:4f:51:e5:7c:af:b4:1b:8d:28:
+ 45:e1:67:d1:2c:72:47:7d
+-----BEGIN CERTIFICATE-----
+MIIHHDCCBQSgAwIBAgICESQwDQYJKoZIhvcNAQEFBQAwYjEeMBwGA1UEAwwVaWNh
+LXdnZXRUZXN0aW5nU2VydmVyMQswCQYDVQQIDAJDQTELMAkGA1UEBhMCVVMxGDAW
+BgkqhkiG9w0BCQEWCWljYXRlc3RlcjEMMAoGA1UECgwDSW50MB4XDTE3MDUwOTIx
+MzA0NFoXDTE5MDUwOTIxMzA0NFowXzEaMBgGA1UEAwwRV2dldFRlc3RpbmdTZXJ2
+ZXIxCzAJBgNVBAgMAkNBMQswCQYDVQQGEwJVUzEZMBcGCSqGSIb3DQEJARYKdXNl
+cnRlc3RlcjEMMAoGA1UECgwDSW50MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAue1aicWOIKKNxu4MYvaaZU3aOgQnuCPPjBpfHHkJGuXrV4LzSGaydLuV
+pACHWieIV37ugIfs0sqJhlMNefacZuAZrXhhiyCbPtq0Qju9uGLxDkAmc/Ll626J
+3tcmYxHPvDCKferhoZyevOhcilB/yM+MjAnirhs/GB1Ufmqo7akEnvz8SEen1aPe
+86xjT0DuJ94CDfhs+5jcc/HGvEh/+/Q8j3pXfax2UdeKx3uBZTfty5nyyGuNiBCf
+6uEjWBRACr9n94vpz1bd+FwuNYan+yDgjzy7IPbDw+mdkWcVZVC62Wp1HpOizWbt
+0Fi/vRp/7d4l/wP6gqtBUjSMPWuum2o+BSs/h4gNjKQECsyx9gwCOwyYR2wfpA7T
+zu9f6OAjZIQEZK3QGESwk3xD9VovjdZD7fqh6NpC4stWxSjnxhywBDsjV3Z9ILQw
+sZxpVHxF2xt/joOpiXxZMjCbcH68szOWiTPJbP55uQbta+VwZZ+tNeATDCcXS3Bn
+45XzoJC2+wZKMyFPe8S6orNHvcs9iD5GMSfjg/iPJVSDqWOjGzOCfOp4LWAQ/lSo
+1c+hxOaLDqWYXfcdbDY1WHKagQan7X06rpliT6/SiMmtMrBVqs7uDl1wKoSo72al
+pDzE8Zbn5AV8jcGlrH9UPL2zfh0xrdXCc2DbI8Ypm9P5T9Z99+0CAwEAAaOCAd0w
+ggHZMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFG8Aru+gFUxcHqe0bI9fH93u
+xmwRMB8GA1UdIwQYMBaAFCTQfPOIKnP/h6DLaeBrLha9TtXmMAsGA1UdDwQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDATBnBgNVHR8EYDBeMC2gK6AphidodHRwOi8v
+aW50ZXJ0ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwLaAroCmGJ2h0dHA6Ly9p
+bnRlcnRlc3Qud2dldHRlc3Qub3JnL0JvZ3VzLmNybDAcBgNVHREEFTATghFXZ2V0
+VGVzdGluZ1NlcnZlcjCB3AYIKwYBBQUHAQEEgc8wgcwwMwYIKwYBBQUHMAKGJ2h0
+dHA6Ly9pbnRlcnRlc3Qud2dldHRlc3QuY29tL0JvZ3VzLmNydDAzBggrBgEFBQcw
+AoYnaHR0cDovL2ludGVydGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MC8GCCsG
+AQUFBzABhiNodHRwOi8vaW50ZXJ0ZXN0LndnZXR0ZXN0LmNvbS9vY3NwLzAvBggr
+BgEFBQcwAYYjaHR0cDovL2ludGVydGVzdC53Z2V0dGVzdC5jb20vb2NzcC8wDQYJ
+KoZIhvcNAQEFBQADggIBAEvgGXVlLQz+1LY9oQKPPYmmaxLG7uN5oLSv+hWXvjX3
+BgA5uvkw5FXZmPylt1QiUnE6NdQ7ngAeXruLTyG9x999ZUzMMk6rUZXiWbQJwniN
+v6w72cqe3DmsldKR+SgxzZNU23rzyKJ236CziuEAMaW68z4/Lrh7y7ujYYNfau43
+iC+JpbZ57zzB580LX1HU3quFl/WMjdZZHubbo6sdHV/9unA5l6EPtG3MHV1JQZwS
+nrMZ3mSrgy/zv28mFOS+GlCaeCKZwDk1/7FF6tOPDe09wrB3cSYSSvCBg9fJ8gzo
+wnublnsGq+XvrOY0WO3Tm6O5nn54Fm66IdNIAbw+X25WY8xK9OASXotoc7c6Dh3N
+RBVuXPT9jgLypDfOCNpchiZXZTBaEykIqw/2pquZ3vDFvxWhMOojyq8Ki6RYjRJP
+Uif8UtxtmmYPQ8coKZKS2uecXPsp5jEGgamMUYbSogi9dvthS45JSJrKowRs3Vky
+4UHzCQubwGBkNIchzzO/FxTC1QUMTSGKTV4TvzLHWbtI3oIVjiSTTMiO5xKGr2lc
+XNigkIBkdIS7zi7pEQaW7VI6uh9IohMU0SboohNtLuytKPV02td+XuvrS409c8Gs
+OCBS5sVy+n7gbPohJUL4/jodCkvB7js2YblY7AlKTU9R5XyvtBuNKEXhZ9Esckd9
+-----END CERTIFICATE-----
diff --git a/tests/certs/user.key b/tests/certs/user.key
new file mode 100644
index 0000000..5980ffe
--- /dev/null
+++ b/tests/certs/user.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAue1aicWOIKKNxu4MYvaaZU3aOgQnuCPPjBpfHHkJGuXrV4Lz
+SGaydLuVpACHWieIV37ugIfs0sqJhlMNefacZuAZrXhhiyCbPtq0Qju9uGLxDkAm
+c/Ll626J3tcmYxHPvDCKferhoZyevOhcilB/yM+MjAnirhs/GB1Ufmqo7akEnvz8
+SEen1aPe86xjT0DuJ94CDfhs+5jcc/HGvEh/+/Q8j3pXfax2UdeKx3uBZTfty5ny
+yGuNiBCf6uEjWBRACr9n94vpz1bd+FwuNYan+yDgjzy7IPbDw+mdkWcVZVC62Wp1
+HpOizWbt0Fi/vRp/7d4l/wP6gqtBUjSMPWuum2o+BSs/h4gNjKQECsyx9gwCOwyY
+R2wfpA7Tzu9f6OAjZIQEZK3QGESwk3xD9VovjdZD7fqh6NpC4stWxSjnxhywBDsj
+V3Z9ILQwsZxpVHxF2xt/joOpiXxZMjCbcH68szOWiTPJbP55uQbta+VwZZ+tNeAT
+DCcXS3Bn45XzoJC2+wZKMyFPe8S6orNHvcs9iD5GMSfjg/iPJVSDqWOjGzOCfOp4
+LWAQ/lSo1c+hxOaLDqWYXfcdbDY1WHKagQan7X06rpliT6/SiMmtMrBVqs7uDl1w
+KoSo72alpDzE8Zbn5AV8jcGlrH9UPL2zfh0xrdXCc2DbI8Ypm9P5T9Z99+0CAwEA
+AQKCAgBzBQnwlx1wxP8OZK+W/VXQe9QX9gAYY1b/JkVWmO3wDPKFZcZZMOcPXgiZ
+t5YESNaIwkaLjwsL8C4ZwgFhRRXGcraP4Rv+9MH1pVjEbK7Whab4mOjw7AAeoHh8
+Of9OZHNtyV2zvf2te/WbiefNzTTwJq2c6HSqHsLuiR5/Qj6VH+1y6bCsil+iw8im
+WCvrmJB8a1Q8DkZlc1BWDelTC0rZtGNOo3HCllFwGfaJp7cJxgq+3NMb96VL2nUD
+2hmCYKypuXV4575R/Tw+a9BOXqpGqjUhh4GASAgdh8VpcSsETWf6Hmir7MtXZGiU
+boLXWrBvl/FLjMuJ0KYNU+K6EIaoIqb0PDbxfmo+nmQD/a/JSF3sYOUiqMJd34VC
+PYWpO+tDXSbtfHxJdP0/YBEKsvIU1kNYO8TE2zT8wl+AZJ2yz71p7VlQGN/24jnJ
+qTNY8HJ0TXgBZVBHsrgOlwTVWmuUcqIpVkrVO99iVO9C5EwqZey8CmGsJp+FfBpG
+pwVd99N7qi1q/VhBMERbeawDAjdKwU4IWFREB4ryTDw1+tVdCo3vXPYT+kRgPHW/
+mP1sG1kRkxYlrrGspx0o2wIHS/DUouxijJ0hC9UYoKINpvjSC+3Kijkl5cULtrO3
+Py6qeZPgoAK7iMtIVUwkxMZ3KNP7y7NoOIsP5L/dX+L311tG5QKCAQEA2woTdkZE
+un8wlGAsvBxSBzqD0l9otKQ297BLrqgnvIOqs02AF4sekaYdB2jIE/eMftZm7bjL
+4na4F7SGpKhMumJhaJUPa22fChcLHjWg082PoGHQM0Mf1Syyup+uLa2qFF+YAxHe
+aK9UO9Fi+cK5L0JeEY3ft0EkP1IELn+TfTnOCTeoMFy9K3ypaYW4td6aEIdhSMxf
+1am+5BB1Zu1NRsNiPWK3TOKeOqnFm0E3IhXLPjmd9RIDRDmvOXcLuRc3a5TC7zEG
+MuBD1deYFZSwJHIa/ykReW/fQRiqzYa+zZCpzwLx2Daz1RAqmibUEmCL9ldxh3vJ
+Dt8x3B6+UydYQwKCAQEA2Uzq+Y7sh1SNWKxlR94UDvBC6Cbz7vJWy5zcs8vV3YNn
+jNi+/tXdAWpmTxGgW8bxa8iwpfGNKQmMVLQDmoSRk9s5KsVomtLkEkTdtIRyrdjh
+NKjSmy0ECyfeGU/1KflHBpw+DRwVVxEhoFhum88FcDoihD9CKzPMr2d5RMmsPtCS
+WpldQKbhoIAEOWnXyIsEU090m9u9jKKfDU5lUGXD7Gl4bMhe2umPJN0Cj6MrOmhj
+kvc3V7bqlC3ikYbOI4r8oFT0sbo9XWl0caRmtqwvpPXQOQ6XLbFkLcNKRubMWSvs
+OcznU4o0PJiujO1Ue1sBz4/BwM1Dq4dYkur0qGpEDwKCAQBkuzaGDvyuc62onq4T
++EY08tEKnzvszxRERjwX31ce18JZ4QtGSIFPZAA3lxVkMVTYQ8tkCbcht40jwa6l
+7IwUrwey69ICipA4OK6xPuJuZTtm+3SfDoCGLZ8oOiUE9ref1PJ4fvA0XmUzeTC2
+QbmeJTxTgFZg1UFRKWuo4py2Wy4IiSL80rlgVV0nnQp8ARoC/e9cZjiwbvbNtU/4
+fKssHtCAAHThk9pGiirJIm2zbChivmaI/Lap2olduQSYIzgmbmxTSc1a+k3X+uUD
+D7UNnbgSnhVeLneSXUC3cf8vVBbzj5we3dFH675b0/11Uhcru70HHIMzJqusWisW
+3KI3AoIBAQCJmsDNyekUhcGAXqNAUGyJTTJBSrF8JfA6vhmwraq/vH+tXHAOdiWe
+yN8CwRm4JJIq/AqI+x611vsLhHcnuT1q0Q8xe5MTP+r3eq6eqqToXAe4zhOX+niu
+C9AEXXLV4qpMkFJnANquqQWPQZDBj+ZUvCuxbVGchA/hH3hWzBMMMA4N20KHN2Z3
+ublzFgh0UTwq+YzRSeSNk0l/Jp7Xu6nHIr8EvBn9LJvd7yq5BM3SDdrIbU6ZeBay
+QSBRoXkWXuQ9L69IgLRtW+NGN6JnmUAOiS8Tgp7Pa58Rr7JwlaTf7wWHUK9IYqNT
+oCggzAWMnAPYiaNbUWDB1VKMrsbBg5GXAoIBAHzDXgiVAXkvMKIrVk+QOj5/mV5s
+bggtYtUCrs5bEBHdBvykPdMWjLiVpNhHniIXCp8jc1Cvc1gJiFTo2oJIVvPHVQvr
+9xd0dEtcXYjusLrbzijd5KefelkQeZbo1EX3p4wFVOcYjuR4EHLHQN9xe5fb5Hne
+e97CtK/P9SLKOF9Lwy3oqjZkRk1sgY9DWzYMNj/VHhCFbF1rodlQJx9ThBXYat9L
+gOmUK1AJrCkQEPTbcL5GERL/pG821OeZ6hd94zBzk/gddU0Fgwp5E1IsIhxe1Wp5
+D+yzH9HJ7Hm0ileMcAi9dvvvGPV8CXIc/7rVtVwxmTKZBHiN3DpFOMgOFrE=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/wgethosts b/tests/certs/wgethosts
new file mode 100644
index 0000000..04b5215
--- /dev/null
+++ b/tests/certs/wgethosts
@@ -0,0 +1 @@
+WgetTestingServer localhost
diff --git a/tests/certs/wotca.pem b/tests/certs/wotca.pem
new file mode 100644
index 0000000..a968cd0
--- /dev/null
+++ b/tests/certs/wotca.pem
@@ -0,0 +1,78 @@
+-----BEGIN CERTIFICATE-----
+MIIHOTCCBSGgAwIBAgICESMwDQYJKoZIhvcNAQEFBQAwgZkxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dnZXQg
+VGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtX
+Z2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcwHhcN
+MTcwNTA5MjEyNDMwWhcNMTkwNTA5MjEyNDMwWjBiMR4wHAYDVQQDDBVpY2Etd2dl
+dFRlc3RpbmdTZXJ2ZXIxCzAJBgNVBAgMAkNBMQswCQYDVQQGEwJVUzEYMBYGCSqG
+SIb3DQEJARYJaWNhdGVzdGVyMQwwCgYDVQQKDANJbnQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCpFc5lZraIIP8PVVbnwSrE11p2kjVgzDPwIJ/bDYGd
+60VEMc2ehVOMtj3lFbAUu4nb6j7IbAGB4bUqg4BUVfRodvd2f1WsfAfhf3AUnpI0
+c+ytK8HuXSfv3s44+/iQJftLE0kTADZf9iV/GxdEbhwQXBWku0xU/mxRH4zxDGwZ
+6gurQ96Md6DVUgnZsnRgrukQikr9C5e8cbKj7FHLZgq9E+NlGppmKi8qGTUXK17L
+cLBEP04glOnMuRQKB6SCIoX+VCiw33hWYfzIiXDKFqcj0liYANyLbM9TiFITGyTj
+Jr+Ne1Lac0HlNd8vNeP6IPBjViNZ8Iw3GYly1i8li4THzo8VpXBkJlwOLEYSq9Hr
+ZJ0QzUbyzVTLdhlCBhFme17Z9PxQyBr+2A0Lp+r/oKdr+KfMYZN3tzV3YozSw5d6
+4uV2Nz9pVCmLjR8UAV6cJqJILAxCQRVs4Qs7Ko3mGWKWi3T5xxvFy8gQrNHg7+IN
+g+0OhsIkfHTGsfW7WGukGhfmispi6sjrbNABRws8Vlr7JcVNFS4uu4H3cVCZ3Rde
+9IduNYs0gqss4SYMAxKAz0/M7OCY8Z9obh7zIdsG1A2S07cv9OMsjgPhLiO/i4HF
+RriQtYR5sWZKkmZgmS68aJuh/JLijlF/m2HLbI5gSlgwuSAtKUj2C68mTrXZJ3Xl
+IwIDAQABo4IBvzCCAbswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJNB884gq
+c/+HoMtp4GsuFr1O1eYwHwYDVR0jBBgwFoAUF+2TQ4+npgB11Oi2gg2IN37AbQgw
+CwYDVR0PBAQDAgGmMBMGA1UdJQQMMAoGCCsGAQUFBwMBMF0GA1UdHwRWMFQwKKAm
+oCSGImh0dHA6Ly90ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwKKAmoCSGImh0
+dHA6Ly90ZXN0LndnZXR0ZXN0Lm9yZy9Cb2d1cy5jcmwwHAYDVR0RBBUwE4IRV2dl
+dFRlc3RpbmdTZXJ2ZXIwgcgGCCsGAQUFBwEBBIG7MIG4MC4GCCsGAQUFBzAChiJo
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MC4GCCsGAQUFBzAChiJo
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vQm9ndXMuY3J0MCoGCCsGAQUFBzABhh5o
+dHRwOi8vdGVzdC53Z2V0dGVzdC5jb20vb2NzcC8wKgYIKwYBBQUHMAGGHmh0dHA6
+Ly90ZXN0LndnZXR0ZXN0LmNvbS9vY3NwLzANBgkqhkiG9w0BAQUFAAOCAgEAqUa7
+cQLhjXCAHiMT9V5+hzB/ngriEKC456htspq9RC/FWnYXZ+au89FehFunjy5qzbSz
+q7N97rCD2drSwn4B6uBymmIxU6iARmtcsPrfhgXHdvhuVop6yuXspoaU7+g1WMXi
+t0RGBx0FahYlggt8a7HnMu3Qz6v8llDeA3U2BCe5ui7mWTauj3bFv/pLW3sigvm0
+Cr3aBHpkIzfHU5D6EC3fKNXQNQruXCCIcBayNiaX+FJcK18sU8tRewiWo/VvffHi
+J89/oHvZnXkteT/mEyeAbjkPkNrmNQTmG69t/x4NdxNDe5ZrEpbEPE/6S5z+YP1T
+bXG7OeES2/+K3Fprwv/oCoeQdv3bBh4IcRhhE7KpEGnJOLfV1a5aRpVCz/0C30xk
+x5GYo0a+AkPAW3zYTaKQXIKDJLpAU6QJ13WaEjVS1EYnUE2o3XEjyZPJVL1y7VSd
+1gdk5MEto6RsVH6EmJBBaSiiAj6d1GbkmNku73FiUvRGk39WbGN9qfjrMPvGhAcL
+0GrIg5oQLOf0f6sdIU3TJkARNSmgSoLV+RatIEgKI+/i6FxlRdBPoGopPJkrh/gS
+stf93A7rFKWmYNKZOMhWXxyv14lwWhBi0bW9QfzavJse047v9X3UvRki06uWXH2t
+H51/0uT9gISqZ1CKDpnez4wrjACuKmfI9D2p6J4=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgIJAJlGYwAp0+gKMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMSAwHgYDVQQK
+DBdXZ2V0IFRlc3RpbmcgRGVwYXJ0bWVudDEQMA4GA1UECwwHVGVzdGluZzEUMBIG
+A1UEAwwLV2dldFRlc3RpbmcxIDAeBgkqhkiG9w0BCQEWEWJ1Z3Mtd2dldEBnbnUu
+b3JnMB4XDTE3MDQwNjIxMDEyOFoXDTE4MDQwNjIxMDEyOFowgZkxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxIDAeBgNVBAoMF1dn
+ZXQgVGVzdGluZyBEZXBhcnRtZW50MRAwDgYDVQQLDAdUZXN0aW5nMRQwEgYDVQQD
+DAtXZ2V0VGVzdGluZzEgMB4GCSqGSIb3DQEJARYRYnVncy13Z2V0QGdudS5vcmcw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvHmnQlY58T/PcZeR3ntBp
+6YYELxmYTjrdiHLpa1HvDDkwYyVCaWxhi8R5mP/cUt7aZ0BrNMCVTy5/cEzl/w9R
+VqERKDB68ZU0ku2A4YmDFenlyyUuVZhn5reovUUlhWo8p+Ir+1vwGyDPM/IQKaUJ
+6tfDWVD7fgVzfpvDm8XDqKB6BvzLPk3n3K9mndv2KihTUnnJFMZOkSYaFStQ11Rz
+YwR7ZvAuISB99WZf2hzaYiovB9G0WMky81vpmvjbKWVYLlpV5Inzq2QiG4tFBEP+
+ebLc1H9PGd7vrgGE2cn78g1XXpR8nPUDYF4UGFs90ftPqNDHcHFENB7DrpB7wRIa
+5ZrpKyNbCGIKX+UnVR5Ra32mMM2pPiR95ZDNkqdsygLuHAsyaaj1+wvrmM81H2Jy
+V/kVcFqnf3+C1aX2+hu5OL7rIskEYG8HgWwWxE0NW7Q8zTrBR7D932hM/7f8Yojx
+SeqJP7vpGULeVzJF0CTksoWh+D1s+Q2b93DpoMW18VMTig2NFetQr3DdJmySed7a
+g694qgY5iDv1P/CWBSj75TDBrw3Ji6PJxWES+ox29frxrCWtAjEwVI5zJ5qIZW5n
++BYir/tVloMkYSmeby9eSmTLGENZrepBwuocpvJ1yQRosdzYG42MjfI2JhlTFWvw
+wdGCsFqsRcsfPTJqu801QQIDAQABo1AwTjAdBgNVHQ4EFgQUF+2TQ4+npgB11Oi2
+gg2IN37AbQgwHwYDVR0jBBgwFoAUF+2TQ4+npgB11Oi2gg2IN37AbQgwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAewaQ/hmPbjNI7FFNM63M1qnWHK+t
+Zsm5qHWMk5WkcdavsqpexGDc3VxBYFzqqEjlCTseMgsNZ76FENZeNGNFtKScUHuR
+J6Fp+pqEZJ9AoQy8WbkDuFjsKs+En3cMvqy4QUqVOFrKg1PKJEWlqvonMs+apzvJ
+0bjj5Aj2w906XvpKYTnfR6QHJC5ZP5xTorJWLvAwWl0ZuqxQKT0fXKcPeAlE0c4b
+3eJ5jFXPIFkYt0fJcUnZp6QJv608/METl9x+rTYfRsD6kQGC+281C19PxBacTzxH
+fAjsesvP7t7pPlh+Chdd7w1QqFg4UUH9NfIkiq06UtIUoQHfCgT1FvXoFoPiRR5f
+5m67jGE8Sn04nnGhvHnN03kOuwK/VIniLuHdWw0nwLBWIEpzZPbIQQSezoJd7ViY
+2zBJQCtp1ewEDOXecBL+8CNIUXTiFoOxP/YMuLruoYB5dkLpIFbscHp3dZJMScoz
+XJQHh68KH0oRm+/FnK3MLxn56nbwoV4uhdIr5FgLglh7PUfUa2wavFjhi3MY50qD
+SsvoCmBny/N2KJK2tEBIGWbdYy1XBF/l8xaORdT/M4ILYV52Wf2AYy9NTYJxiB0V
+LwVGbG5plMbJiBFDOZcram4pQrG6k21t2Xv2lkVf1AvOlx4qKfUN04TGWXwu5dAP
+pnv5yEwOelBLq7Q=
+-----END CERTIFICATE-----
+