Merge pull request #42389 from thaJeztah/update_certs

hack: add script to regenerate certificates and update test-certs

hack/generate-test-certs.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+set -eu
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
+
+# integration/testdata/https (and integration-cli/fixtures/https, which has symlinks to these files)
+OUT_DIR="${SCRIPT_DIR}/../integration/testdata/https"
+
+# generate CA
+echo 01 > "${OUT_DIR}/ca.srl"
+openssl genrsa -out "${OUT_DIR}/ca-key.pem"
+
+openssl req \
+	-new \
+	-x509 \
+	-days 3652 \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=moby-ci/name=moby/emailAddress=moby@example.org" \
+	-nameopt compat \
+	-text \
+	-key "${OUT_DIR}/ca-key.pem" \
+	-out "${OUT_DIR}/ca.pem"
+
+# Now that we have a CA, create a server key and certificate signing request.
+# Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use
+# to connect or just use '*' for a certificate valid for any hostname:
+
+openssl genrsa -out server-key.pem
+openssl req -new \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=server/name=moby/emailAddress=moby@example.org" \
+	-text \
+	-key "${OUT_DIR}/server-key.pem" \
+	-out "${OUT_DIR}/server.csr"
+
+# Options for server certificate
+cat > "${OUT_DIR}/server-options.cfg" << 'EOF'
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+extendedKeyUsage=serverAuth
+subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
+EOF
+
+# Generate the certificate and sign with our CA
+openssl x509 \
+	-req \
+	-days 3652 \
+	-extfile "${OUT_DIR}/server-options.cfg" \
+	-CA "${OUT_DIR}/ca.pem" \
+	-CAkey "${OUT_DIR}/ca-key.pem" \
+	-nameopt compat \
+	-text \
+	-in "${OUT_DIR}/server.csr" \
+	-out "${OUT_DIR}/server-cert.pem"
+
+# For client authentication, create a client key and certificate signing request
+openssl genrsa -out "${OUT_DIR}/client-key.pem"
+openssl req -new \
+	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=client/name=moby/emailAddress=moby@example.org" \
+	-text \
+	-key "${OUT_DIR}/client-key.pem" \
+	-out "${OUT_DIR}/client.csr"
+
+# Options for client certificate
+cat > "${OUT_DIR}/client-options.cfg" << 'EOF'
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+extendedKeyUsage=clientAuth
+subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
+EOF
+
+# Generate the certificate and sign with our CA:
+openssl x509 \
+	-req \
+	-days 3652 \
+	-extfile "${OUT_DIR}/client-options.cfg" \
+	-CA "${OUT_DIR}/ca.pem" \
+	-CAkey "${OUT_DIR}/ca-key.pem" \
+	-nameopt compat \
+	-text \
+	-in "${OUT_DIR}/client.csr" \
+	-out "${OUT_DIR}/client-cert.pem"
+
+rm "${OUT_DIR}/ca.srl"
+rm "${OUT_DIR}/ca-key.pem"
+rm "${OUT_DIR}"/*.cfg
+rm "${OUT_DIR}"/*.csr

integration/testdata/https/ca.pem

@@ -1,23 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            45:9c:ce:13:92:42:39:2e:90:f5:93:05:f1:03:92:17:5d:e4:89:8d
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
+        Validity
+            Not Before: May 17 19:49:34 2021 GMT
+            Not After : May 17 19:49:34 2031 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:5a:af:10:15:fb:c8:46:c4:31:d7:ee:ec:d9:
+                    c4:1e:c3:b3:b6:4c:ec:e1:2b:57:40:a2:74:cd:d5:
+                    8e:7d:69:b6:22:60:21:05:be:a5:92:40:4c:43:2b:
+                    eb:c9:00:32:5f:59:1c:59:50:e2:98:df:ff:9b:2d:
+                    16:9f:c6:a0:57:78:bc:ae:a5:8d:b3:7d:98:73:7a:
+                    6f:d2:05:52:15:89:89:22:ec:9d:9a:e7:c7:35:8f:
+                    6b:38:a3:33:54:c5:74:2a:05:ad:af:a0:8a:54:7b:
+                    7d:d4:6a:9b:2b:90:cb:9a:e7:6e:94:bd:a2:f3:5b:
+                    40:d1:fa:4d:ec:fd:6f:14:1d:89:5b:fc:35:c2:1c:
+                    98:0b:c4:53:7a:25:16:3f:02:e9:e8:46:20:4d:e8:
+                    1e:25:0d:0d:10:e9:36:42:2a:88:d9:91:b3:fa:9e:
+                    07:c0:a9:b1:44:db:2c:e5:cb:85:bf:4a:38:a0:cf:
+                    7e:2c:20:e5:a9:cf:49:2a:6f:e3:b8:93:fd:38:9b:
+                    2a:c2:ea:c3:0f:3b:f5:f3:30:c8:f7:51:d5:8b:d0:
+                    5e:97:75:21:e4:d2:47:ca:1d:66:4a:36:b2:81:13:
+                    d9:13:19:0d:35:04:84:ca:35:f4:47:f9:47:37:21:
+                    64:95:a1:cb:8a:01:d3:e6:50:e2:01:17:e5:0e:64:
+                    89:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
+            X509v3 Authority Key Identifier: 
+                keyid:85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         46:73:2d:4b:ce:b0:c2:13:19:85:97:67:95:d9:15:6f:cf:e0:
+         89:e4:42:90:4e:a3:5a:64:8c:e9:92:6f:b4:cb:56:e6:ec:6e:
+         91:04:18:12:79:ca:70:bb:e5:ba:5d:ed:fe:8c:47:7e:8f:8b:
+         bd:9f:40:5a:63:51:b8:80:6f:b2:7b:ff:c1:43:68:7d:21:0c:
+         0a:a4:ea:b7:2d:0a:31:e4:3e:5e:bb:72:bd:63:6b:a1:2d:d3:
+         ca:6a:e0:af:17:52:12:71:73:77:41:11:f1:24:32:54:b4:67:
+         c9:5e:b1:f1:cf:bd:95:91:c8:9c:43:4f:3f:c3:f6:3c:0e:41:
+         2b:f9:c7:25:3f:17:4d:4a:e7:27:36:bc:9e:d4:30:e6:6e:29:
+         95:e4:33:66:b4:2e:11:ac:97:61:df:3f:4d:03:8e:96:04:10:
+         a5:d8:5f:85:a3:4b:6c:d5:1c:7d:17:8c:4c:8a:cb:9d:27:65:
+         2c:ee:dd:2b:19:27:1a:57:3c:68:2d:eb:6e:e8:b2:59:8c:0a:
+         17:75:ba:fc:89:d8:fc:c0:45:44:8a:a1:9c:52:b0:f3:b7:6d:
+         f2:2e:24:ee:50:d9:27:4d:33:89:5c:97:34:b0:47:81:94:4b:
+         c1:b4:aa:d9:65:b5:4f:98:0b:a9:76:30:a0:ef:f1:71:23:0f:
+         04:dc:83:fd
 -----BEGIN CERTIFICATE-----
-MIID0TCCAzqgAwIBAgIJAP2r7GqEJwSnMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
-VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
-A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
-Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
-QGhvc3QuZG9tYWluMB4XDTEzMTIwMzE2NTYzMFoXDTIzMTIwMTE2NTYzMFowgaIx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
-MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
-VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
-EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAn
-0xDw+5y7ZptQacq66pUhRu82JP2WU6IDgo5QUtNU6/CX5PwQATe/OnYTZQFbksxp
-AU9boG0FCkgxfsgPYXEuZxVEGKI2fxfKHOZZI8mrkWmj6eWU/0cvCjGVc9rTITP5
-sNQvg+hORyVDdNp2IdsbMJayiB3AQYMFx3vSDOMTAgMBAAGjggELMIIBBzAdBgNV
-HQ4EFgQUZu7DFz09q0QBa2+ymRm9qgK1NPswgdcGA1UdIwSBzzCBzIAUZu7DFz09
-q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
-QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
-ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
-Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
-hCcEpzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF8fJKKM+/oOdnNi
-zEd0M1+PmZOyqvjYQn/2ZR8UHH6Imgc/OPQKZXf0bVE1Txc/DaUNn9Isd1SuCuaE
-ic3vAIYYU7PmgeNN6vwec48V96T7jr+GAi6AVMhQEc2hHCfVtx11Xx+x6aHDZzJt
-Zxtf5lL6KSO9Y+EFwM+rju6hm5hW
+MIIEETCCAvmgAwIBAgIURZzOE5JCOS6Q9ZMF8QOSF13kiY0wDQYJKoZIhvcNAQEL
+BQAwgZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMU2FuRnJh
+bmNpc2NvMRUwEwYDVQQKDAxNb2J5LXByb2plY3QxCzAJBgNVBAsMAmNpMRAwDgYD
+VQQDDAdtb2J5LWNpMQ0wCwYDVQQpDARtb2J5MR8wHQYJKoZIhvcNAQkBFhBtb2J5
+QGV4YW1wbGUub3JnMB4XDTIxMDUxNzE5NDkzNFoXDTMxMDUxNzE5NDkzNFowgZcx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMU2FuRnJhbmNpc2Nv
+MRUwEwYDVQQKDAxNb2J5LXByb2plY3QxCzAJBgNVBAsMAmNpMRAwDgYDVQQDDAdt
+b2J5LWNpMQ0wCwYDVQQpDARtb2J5MR8wHQYJKoZIhvcNAQkBFhBtb2J5QGV4YW1w
+bGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlqvEBX7yEbE
+Mdfu7NnEHsOztkzs4StXQKJ0zdWOfWm2ImAhBb6lkkBMQyvryQAyX1kcWVDimN//
+my0Wn8agV3i8rqWNs32Yc3pv0gVSFYmJIuydmufHNY9rOKMzVMV0KgWtr6CKVHt9
+1GqbK5DLmudulL2i81tA0fpN7P1vFB2JW/w1whyYC8RTeiUWPwLp6EYgTegeJQ0N
+EOk2QiqI2ZGz+p4HwKmxRNss5cuFv0o4oM9+LCDlqc9JKm/juJP9OJsqwurDDzv1
+8zDI91HVi9Bel3Uh5NJHyh1mSjaygRPZExkNNQSEyjX0R/lHNyFklaHLigHT5lDi
+ARflDmSJDQIDAQABo1MwUTAdBgNVHQ4EFgQUhVfQ/6m0Hh+AM/u4NO19BjnNNJgw
+HwYDVR0jBBgwFoAUhVfQ/6m0Hh+AM/u4NO19BjnNNJgwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEARnMtS86wwhMZhZdnldkVb8/gieRCkE6jWmSM
+6ZJvtMtW5uxukQQYEnnKcLvlul3t/oxHfo+LvZ9AWmNRuIBvsnv/wUNofSEMCqTq
+ty0KMeQ+XrtyvWNroS3TymrgrxdSEnFzd0ER8SQyVLRnyV6x8c+9lZHInENPP8P2
+PA5BK/nHJT8XTUrnJza8ntQw5m4pleQzZrQuEayXYd8/TQOOlgQQpdhfhaNLbNUc
+fReMTIrLnSdlLO7dKxknGlc8aC3rbuiyWYwKF3W6/InY/MBFRIqhnFKw87dt8i4k
+7lDZJ00ziVyXNLBHgZRLwbSq2WW1T5gLqXYwoO/xcSMPBNyD/Q==
 -----END CERTIFICATE-----

integration/testdata/https/client-cert.pem

@@ -2,72 +2,85 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 3 (0x3)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
         Validity
-            Not Before: Dec  4 14:17:54 2013 GMT
-            Not After : Dec  2 14:17:54 2023 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+            Not Before: May 17 19:49:34 2021 GMT
+            Not After : May 17 19:49:34 2031 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=client/name=moby/emailAddress=moby@example.org
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:ca:c9:05:d0:09:4e:3e:a4:fc:d5:14:f4:a5:e8:
-                    34:d3:6b:51:e3:f3:62:ea:a1:f0:e8:ed:c4:2a:bc:
-                    f0:4f:ca:07:df:e3:88:fa:f4:21:99:35:0e:3d:ea:
-                    b0:86:e7:c4:d2:8a:83:2b:42:b8:ec:a3:99:62:70:
-                    81:46:cc:fc:a5:1d:d2:63:e8:eb:07:25:9a:e2:25:
-                    6d:11:56:f2:1a:51:a1:b6:3e:1c:57:32:e9:7b:2c:
-                    aa:1b:cc:97:2d:89:2d:b1:c9:5e:35:28:4d:7c:fa:
-                    65:31:3e:f7:70:dd:6e:0b:3c:58:af:a8:2e:24:c0:
-                    7e:4e:78:7d:0a:9e:8f:42:43
+                    00:e3:20:9f:c9:63:fe:29:a9:0e:21:e0:4d:4c:42:
+                    cb:cc:9f:29:8c:73:5d:f7:88:bd:81:62:1f:b2:a3:
+                    95:4d:3a:58:28:af:f0:3e:aa:a7:c2:c6:52:b9:94:
+                    9f:6b:58:d6:9a:08:b4:5f:60:fb:f1:ea:e7:49:8d:
+                    46:35:e2:e9:82:9f:20:44:41:82:a7:fa:ab:82:1b:
+                    03:7f:f0:4e:78:38:37:20:9d:67:43:c0:e2:8f:09:
+                    07:3f:7f:96:13:7a:64:c5:90:13:87:71:6d:ed:e7:
+                    28:3a:05:48:eb:d6:e6:27:da:46:f9:a4:5c:66:49:
+                    56:5f:88:87:4e:0a:8b:fe:ea:05:a6:c1:72:b9:94:
+                    d5:8e:d4:9a:18:58:ac:56:1b:34:3e:c3:50:06:5d:
+                    f3:3d:85:93:2c:8b:3f:33:e6:32:14:92:9e:fd:fc:
+                    5d:8a:71:1b:20:67:43:e0:72:fc:4e:31:c6:b7:03:
+                    98:99:e7:95:ef:7c:5a:30:cf:c1:a4:43:42:fb:be:
+                    1b:a7:08:d5:e0:b5:b2:10:ff:0f:e1:0d:ee:3e:b2:
+                    04:05:86:1e:72:a9:d6:16:84:37:73:28:5d:d9:3c:
+                    fd:f3:99:18:dc:90:83:59:23:90:bc:25:33:0f:23:
+                    48:9d:d2:97:a0:ac:94:4f:8e:31:22:cc:74:83:f7:
+                    31:9d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
-            Netscape Comment: 
-                Easy-RSA Generated Certificate
             X509v3 Subject Key Identifier: 
-                DE:42:EF:2D:98:A3:6C:A8:AA:E0:8C:71:2C:9D:64:23:A9:E2:7E:81
+                23:1C:5A:99:1A:2B:BC:FD:39:97:8D:1F:5A:49:BF:4F:33:0F:26:C1
             X509v3 Authority Key Identifier: 
-                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:FD:AB:EC:6A:84:27:04:A7
+                keyid:85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
 
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-         1c:44:26:ea:e1:66:25:cb:e4:8e:57:1c:f6:b9:17:22:62:40:
-         12:90:8f:3b:b2:61:7a:54:94:8f:b1:20:0b:bf:a3:51:e3:fa:
-         1c:a1:be:92:3a:d0:76:44:c0:57:83:ab:6a:e4:1a:45:49:a4:
-         af:39:0d:60:32:fc:3a:be:d7:fb:5d:99:7a:1f:87:e7:d5:ab:
-         84:a2:5e:90:d8:bf:fa:89:6d:32:26:02:5e:31:35:68:7f:31:
-         f5:6b:51:46:bc:af:70:ed:5a:09:7d:ec:b2:48:4f:fe:c5:2f:
-         56:04:ad:f6:c1:d2:2a:e4:6a:c4:87:fe:08:35:c5:38:cb:5e:
-         4a:c4
+            X509v3 Subject Alternative Name: 
+                DNS:*, DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
+    Signature Algorithm: sha256WithRSAEncryption
+         4d:79:c0:07:ac:13:51:00:5c:4b:70:6d:9f:bf:87:c8:ac:31:
+         c9:37:5e:4e:4c:9f:c6:cd:a4:e3:df:72:b5:06:28:9d:f6:3e:
+         32:b5:01:81:43:78:6d:93:b2:b2:0a:0b:95:64:f2:25:a4:5e:
+         d1:4b:b1:11:5c:54:17:21:a7:f7:e6:73:af:f2:53:54:b3:69:
+         40:8c:26:5b:1b:a7:63:07:26:c4:d2:c4:7a:64:b3:ab:f1:23:
+         fa:58:9c:b2:b7:17:35:34:91:dd:84:bb:b0:ee:a6:cd:78:cf:
+         32:39:d8:5f:23:ad:62:ef:82:38:88:cd:34:1b:7d:3b:02:a8:
+         75:70:72:50:33:44:a4:65:01:14:ef:78:46:3b:27:4e:82:e6:
+         01:1b:5c:65:97:2c:08:f7:4f:e6:ee:dd:1c:40:0c:48:59:33:
+         5e:c7:da:bf:40:ce:b0:e9:03:95:6f:a8:07:b3:7f:6b:15:cd:
+         c0:6f:57:e3:73:99:67:aa:fd:90:6c:a7:6f:ff:b9:5f:f6:8a:
+         8c:93:f1:c3:75:34:10:c6:6c:0e:ae:0a:22:6b:16:6c:56:41:
+         0a:b5:e6:74:52:b8:3e:f2:e4:fc:f1:54:a0:84:90:d5:97:70:
+         25:4b:28:2c:8a:ec:46:0a:63:ac:32:c6:cd:96:71:ee:f6:17:
+         2c:e9:60:5e
 -----BEGIN CERTIFICATE-----
-MIIEFTCCA36gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
-cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
-MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
-bWFpbjAeFw0xMzEyMDQxNDE3NTRaFw0yMzEyMDIxNDE3NTRaMIGgMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
-ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEPMA0GA1UEAxMGY2xp
-ZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
-LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyskF0AlOPqT81RT0
-peg002tR4/Ni6qHw6O3EKrzwT8oH3+OI+vQhmTUOPeqwhufE0oqDK0K47KOZYnCB
-Rsz8pR3SY+jrByWa4iVtEVbyGlGhtj4cVzLpeyyqG8yXLYktscleNShNfPplMT73
-cN1uCzxYr6guJMB+Tnh9Cp6PQkMCAwEAAaOCAVkwggFVMAkGA1UdEwQCMAAwLQYJ
-YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
-HQ4EFgQU3kLvLZijbKiq4IxxLJ1kI6nifoEwgdcGA1UdIwSBzzCBzIAUZu7DFz09
-q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
-QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
-ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
-Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
-hCcEpzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcN
-AQEFBQADgYEAHEQm6uFmJcvkjlcc9rkXImJAEpCPO7JhelSUj7EgC7+jUeP6HKG+
-kjrQdkTAV4OrauQaRUmkrzkNYDL8Or7X+12Zeh+H59WrhKJekNi/+oltMiYCXjE1
-aH8x9WtRRryvcO1aCX3sskhP/sUvVgSt9sHSKuRqxIf+CDXFOMteSsQ=
+MIIEPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1v
+YnktcHJvamVjdDELMAkGA1UECwwCY2kxEDAOBgNVBAMMB21vYnktY2kxDTALBgNV
+BCkMBG1vYnkxHzAdBgkqhkiG9w0BCQEWEG1vYnlAZXhhbXBsZS5vcmcwHhcNMjEw
+NTE3MTk0OTM0WhcNMzEwNTE3MTk0OTM0WjCBljELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1vYnktcHJv
+amVjdDELMAkGA1UECwwCY2kxDzANBgNVBAMMBmNsaWVudDENMAsGA1UEKQwEbW9i
+eTEfMB0GCSqGSIb3DQEJARYQbW9ieUBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOMgn8lj/impDiHgTUxCy8yfKYxzXfeIvYFiH7Kj
+lU06WCiv8D6qp8LGUrmUn2tY1poItF9g+/Hq50mNRjXi6YKfIERBgqf6q4IbA3/w
+Tng4NyCdZ0PA4o8JBz9/lhN6ZMWQE4dxbe3nKDoFSOvW5ifaRvmkXGZJVl+Ih04K
+i/7qBabBcrmU1Y7UmhhYrFYbND7DUAZd8z2FkyyLPzPmMhSSnv38XYpxGyBnQ+By
+/E4xxrcDmJnnle98WjDPwaRDQvu+G6cI1eC1shD/D+EN7j6yBAWGHnKp1haEN3Mo
+Xdk8/fOZGNyQg1kjkLwlMw8jSJ3Sl6CslE+OMSLMdIP3MZ0CAwEAAaOBlDCBkTAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBQjHFqZGiu8/TmXjR9aSb9PMw8mwTAfBgNVHSME
+GDAWgBSFV9D/qbQeH4Az+7g07X0GOc00mDATBgNVHSUEDDAKBggrBgEFBQcDAjAv
+BgNVHREEKDAmggEqgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEw
+DQYJKoZIhvcNAQELBQADggEBAE15wAesE1EAXEtwbZ+/h8isMck3Xk5Mn8bNpOPf
+crUGKJ32PjK1AYFDeG2TsrIKC5Vk8iWkXtFLsRFcVBchp/fmc6/yU1SzaUCMJlsb
+p2MHJsTSxHpks6vxI/pYnLK3FzU0kd2Eu7Dups14zzI52F8jrWLvgjiIzTQbfTsC
+qHVwclAzRKRlARTveEY7J06C5gEbXGWXLAj3T+bu3RxADEhZM17H2r9AzrDpA5Vv
+qAezf2sVzcBvV+NzmWeq/ZBsp2//uV/2ioyT8cN1NBDGbA6uCiJrFmxWQQq15nRS
+uD7y5PzxVKCEkNWXcCVLKCyK7EYKY6wyxs2Wce72FyzpYF4=
 -----END CERTIFICATE-----

integration/testdata/https/client-key.pem

@@ -1,16 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMrJBdAJTj6k/NUU
-9KXoNNNrUePzYuqh8OjtxCq88E/KB9/jiPr0IZk1Dj3qsIbnxNKKgytCuOyjmWJw
-gUbM/KUd0mPo6wclmuIlbRFW8hpRobY+HFcy6XssqhvMly2JLbHJXjUoTXz6ZTE+
-93Ddbgs8WK+oLiTAfk54fQqej0JDAgMBAAECgYBOFEzKp2qbMEexe9ofL2N3rDDh
-xkrl8OijpzkLA6i78BxMFn4dsnZlWUpciMrjhsYAExkiRRSS+QMMJimAq1jzQqc3
-FAQV2XGYwkd0cUn7iZGvfNnEPysjsfyYQM+m+sT0ATj4BZjVShC6kkSjTdm1leLN
-OSvcHdcu3Xxg9ufF0QJBAPYdnNt5sIndt2WECePuRVi+uF4mlxTobFY0fjn26yhC
-4RsnhhD3Vldygo9gvnkwrAZYaALGSPBewes2InxvjA8CQQDS7erKiNXpwoqz5XiU
-SVEsIIVTdWzBjGbIqMOu/hUwM5FK4j6JTBks0aTGMyh0YV9L1EzM0X79J29JahCe
-iQKNAkBKNMOGqTpBV0hko1sYDk96YobUXG5RL4L6uvkUIQ7mJMQam+AgXXL7Ctuy
-v0iu4a38e8tgisiTMP7nHHtpaXihAkAOiN54/lzfMsykANgCP9scE1GcoqbP34Dl
-qttxH4kOPT9xzY1JoLjLYdbc4YGUI3GRpBt2sajygNkmUey7P+2xAkBBsVCZFvTw
-qHvOpPS2kX5ml5xoc/QAHK9N7kR+X7XFYx82RTVSqJEK4lPb+aEWn+CjiIewO4Q5
-ksDFuNxAzbhl
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA4yCfyWP+KakOIeBNTELLzJ8pjHNd94i9gWIfsqOVTTpYKK/w
+PqqnwsZSuZSfa1jWmgi0X2D78ernSY1GNeLpgp8gREGCp/qrghsDf/BOeDg3IJ1n
+Q8DijwkHP3+WE3pkxZATh3Ft7ecoOgVI69bmJ9pG+aRcZklWX4iHTgqL/uoFpsFy
+uZTVjtSaGFisVhs0PsNQBl3zPYWTLIs/M+YyFJKe/fxdinEbIGdD4HL8TjHGtwOY
+meeV73xaMM/BpENC+74bpwjV4LWyEP8P4Q3uPrIEBYYecqnWFoQ3cyhd2Tz985kY
+3JCDWSOQvCUzDyNIndKXoKyUT44xIsx0g/cxnQIDAQABAoIBAQCZ0oGFIlyDGISC
+uud+64oc9fpsrcGJIKm/k5YGJTW7jPUh8S4TMv7VMf3aw+ZIDG2i+pw2MHfRepbT
+wIM5gYlGNsDimT+ExocbYXI4Vqa+Usw7IX9LarnFx4aKIb2hSXYwOwiO5WpfAfvD
+d8rQNsW/XdxNvFv7xlVh9BQ27Xus0sjz7dNBSt+LQ4hSyfZgFwbXh1+E9k6PDhnX
+oYFz4/U/1G+HwXKivvKcRIkYZpMyD80H/M4+bB9x6btFvb4+R3K6Ii8wh+VMz5pX
+Nm+mN8d3W/7Mhyof8EbbQpJMdwemzI7lM6wf1FPfSEeKXAclJ3+BnjOuh295Jv4Z
+u+YWhzDhAoGBAPcRWiVyU7US7K4dhbVo2zyM6mGO3gFBXgeSwFFby8kMsbi8aewt
+m90WMdWjvITw/sNsIRye7sCUVXOmGgz+5UfxRKtcFB5JnfLymrmQS7y1+TZ1WRak
+T0400U+VEE4Cw3vkd4lFbyu94P4iDmn816Ix6tR8UTt11wMG3NgVoFSFAoGBAOtW
+uKYN58BXWA3nU9rPEKq7n1cx7ML/xFvIPPNWp+6Pc1EJ2yX7tnyhPzvPdm3+XdTz
+PU0oIBVfKNToPqYJRX8kK4hCYPvgOOAccZkSrxe3jBupKW72BwVvl/wN6Yb7ggda
+NMbsQ85XyF4K9bvIFxROrR1K/nsowO0UaLvtEOA5AoGBALf2pabIT+e95Zlnxg1j
+vAqD6mkl1cwdfgQpkyWBMmXLG/Gv6TbAZxPh2M14k4BxaWDdfHIxLRkb2dy4yyDu
+Eo7U6QqnDxvWONOTLP4KoTosTRntmp4vThWvYkLdfTx49lGjthXyK2rogUT42r60
+U2Mjw/TfdCTQA37vdzU2NSF5AoGBAOZQpsEMVsRsNqbUv8IiZ8NPf2+MUpO8T+Ur
+IEtdgVf9V/P1W13e7Acon4PfU53uFNJ1gobiQBPqX0GOUNGZvUPimB/wJo4aME9U
+RvBx0p25agsgEIahjNmLDwkEbIlH10duxrvvOaTVUCiJPVibR8r9/HnwjQDnL3hW
+QvG33o4xAoGBAOsX3ABiBnXzqotDlqgoofgmv7zGkjZByiGQz3d+nL74ucRmZRgX
+aeYb14YbJ1I1sGj2u2fPa4P1EJ0RnjgYkaQ7c0ZyTXceS+2/LtJ56RvRepKKs+Yg
+fX1EruZYZvoDW+AViWF784CzpIpmedgB7dbXJPahTh0Q76OWQdP3T/uh
+-----END RSA PRIVATE KEY-----

integration/testdata/https/server-cert.pem

@@ -1,76 +1,86 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=moby-ci/name=moby/emailAddress=moby@example.org
         Validity
-            Not Before: Dec  4 15:01:20 2013 GMT
-            Not After : Dec  2 15:01:20 2023 GMT
-        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=*/name=changeme/emailAddress=mail@host.domain
+            Not Before: May 17 19:49:34 2021 GMT
+            Not After : May 17 19:49:34 2031 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Moby-project, OU=ci, CN=server/name=moby/emailAddress=moby@example.org
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:ff:7d:30:6f:64:4a:b1:92:b1:71:d1:c1:74:
-                    e2:1d:db:2d:11:24:e1:00:d4:00:ae:6f:c8:9e:ae:
-                    67:b3:4a:bd:f7:e6:9e:57:6d:19:4c:3c:23:94:2d:
-                    3d:d6:63:84:d8:fa:76:2b:38:12:c1:ed:20:9d:32:
-                    e0:e8:c2:bf:9a:77:70:04:3f:7f:ca:8c:2c:82:d6:
-                    3d:25:5c:02:1a:4f:64:93:03:dd:9c:42:97:5e:09:
-                    49:af:f0:c2:e1:30:08:0e:21:46:95:d1:13:59:c0:
-                    c8:76:be:94:0d:8b:43:67:21:33:b2:08:60:9d:76:
-                    a8:05:32:1e:f9:95:09:14:75
+                    00:f2:23:b2:a3:22:03:a2:0b:cd:71:de:19:29:14:
+                    92:7f:e8:9d:30:7f:e3:0e:13:da:de:f9:9b:5a:65:
+                    ec:22:c5:ce:73:e7:2f:c2:ae:c3:04:eb:72:43:77:
+                    87:46:d2:63:e2:3a:08:85:9f:58:1f:fc:f3:82:4f:
+                    5e:4e:5a:92:0f:ac:a1:16:a0:7e:92:a3:8e:aa:93:
+                    fd:4c:e0:ed:f0:96:09:43:b8:e6:ec:72:1b:aa:aa:
+                    76:3f:79:00:89:26:c4:2f:ff:99:01:95:f2:8e:39:
+                    a0:4f:13:63:bf:6b:6c:40:0f:7c:ed:ee:a8:2b:90:
+                    11:94:d8:a9:15:c1:91:40:89:13:eb:49:ec:0d:fe:
+                    4f:cd:41:8f:a6:e0:ab:15:db:45:86:28:23:79:98:
+                    42:bb:52:a8:96:c3:aa:91:df:5a:67:24:09:4b:2e:
+                    ce:9a:ba:fc:97:4e:89:5e:c3:18:08:4e:31:e4:1c:
+                    b6:65:c2:7e:93:ef:52:e7:92:ee:25:88:07:4a:d5:
+                    3d:86:44:31:07:e5:1a:f5:63:dc:c3:11:b5:4d:10:
+                    a0:9c:6a:99:7a:d9:b4:22:07:97:e2:f4:0e:5a:10:
+                    bc:90:09:c1:0f:5a:65:e8:f3:9c:e0:e2:04:29:24:
+                    ee:a7:ee:aa:fa:02:7f:80:ac:9d:ca:9f:0f:8d:f5:
+                    c5:b3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
-            Netscape Cert Type: 
-                SSL Server
-            Netscape Comment: 
-                Easy-RSA Generated Server Certificate
             X509v3 Subject Key Identifier: 
-                14:02:FD:FD:DD:13:38:E0:71:EA:D1:BE:C0:0E:89:1A:2D:B6:19:06
+                82:DD:B4:72:E4:DB:12:4E:9A:3B:45:75:F0:1B:4E:7F:43:2C:10:BF
             X509v3 Authority Key Identifier: 
-                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
-                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
-                serial:FD:AB:EC:6A:84:27:04:A7
+                keyid:85:57:D0:FF:A9:B4:1E:1F:80:33:FB:B8:34:ED:7D:06:39:CD:34:98
 
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-    Signature Algorithm: sha1WithRSAEncryption
-         40:0f:10:39:c4:b7:0f:0d:2f:bf:d2:16:cc:8e:d3:9a:fb:8b:
-         ce:4b:7b:0d:48:77:ce:f1:fe:d5:8f:ea:b1:71:ed:49:1d:9f:
-         23:3a:16:d4:70:7c:c5:29:bf:e4:90:34:d0:f0:00:24:f4:e4:
-         df:2c:c3:83:01:66:61:c9:a8:ab:29:e7:98:6d:27:89:4a:76:
-         c9:2e:19:8e:fe:6e:d5:f8:99:11:0e:97:67:4b:34:e3:1e:e3:
-         9f:35:00:a5:32:f9:b5:2c:f2:e0:c5:2e:cc:81:bd:18:dd:5c:
-         12:c8:6b:fa:0c:17:74:30:55:f6:6e:20:9a:6c:1e:09:b4:0c:
-         15:42
+            X509v3 Subject Alternative Name: 
+                DNS:*, DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
+    Signature Algorithm: sha256WithRSAEncryption
+         1e:a5:f6:ed:f9:8b:a4:c8:1d:11:e3:03:3b:ec:6a:a2:59:44:
+         35:d1:28:0a:0e:b5:84:3c:17:3b:38:6f:e5:8c:03:4c:70:13:
+         b8:cf:40:3c:4a:5d:bf:96:a6:ca:26:9d:ce:00:13:10:a9:eb:
+         91:b4:50:98:a2:68:6f:6b:95:54:46:39:97:74:d6:fd:bb:54:
+         f4:27:91:b7:4e:9f:bc:85:5f:51:69:59:87:86:7e:1d:06:10:
+         74:f5:c3:e3:81:09:e6:77:f5:b7:ed:ae:1c:b0:56:2e:8d:31:
+         60:ff:ef:f5:ab:03:fb:da:9a:69:d8:8a:ca:e7:00:99:d5:9f:
+         39:f7:d5:19:4c:57:a1:90:23:c8:21:a3:9b:ab:05:d4:b7:a8:
+         7c:12:a9:6e:d5:c3:ae:e0:c0:2c:08:95:da:16:c4:35:e0:89:
+         3b:01:f1:f7:b2:d8:15:b6:05:7f:ec:09:fd:0a:5f:a9:48:16:
+         11:c1:30:0a:fd:98:71:69:03:91:19:5f:02:14:d7:42:75:fb:
+         b7:01:af:c2:09:08:4c:7b:c9:d2:bc:0f:2d:de:57:84:9d:8e:
+         a8:f0:22:7e:eb:05:6e:f3:5b:cd:2f:1f:67:b4:3a:2f:b4:b1:
+         a6:bd:78:0f:c4:65:c5:01:7a:06:b2:63:3e:a0:de:a7:ef:84:
+         cc:17:4b:22
 -----BEGIN CERTIFICATE-----
-MIIEKjCCA5OgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
-cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
-MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
-bWFpbjAeFw0xMzEyMDQxNTAxMjBaFw0yMzEyMDIxNTAxMjBaMIGbMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
-ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEKMAgGA1UEAxQBKjER
-MA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21h
-aW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMH/fTBvZEqxkrFx0cF04h3b
-LREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y4OjCv5p3
-cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+lA2LQ2ch
-M7IIYJ12qAUyHvmVCRR1AgMBAAGjggFzMIIBbzAJBgNVHRMEAjAAMBEGCWCGSAGG
-+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
-cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFAL9/d0TOOBx6tG+wA6JGi22GQYw
-gdcGA1UdIwSBzzCBzIAUZu7DFz09q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
-EwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
-EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
-aWxAaG9zdC5kb21haW6CCQD9q+xqhCcEpzATBgNVHSUEDDAKBggrBgEFBQcDATAL
-BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAQA8QOcS3Dw0vv9IWzI7TmvuL
-zkt7DUh3zvH+1Y/qsXHtSR2fIzoW1HB8xSm/5JA00PAAJPTk3yzDgwFmYcmoqynn
-mG0niUp2yS4Zjv5u1fiZEQ6XZ0s04x7jnzUApTL5tSzy4MUuzIG9GN1cEshr+gwX
-dDBV9m4gmmweCbQMFUI=
+MIIEPzCCAyegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1v
+YnktcHJvamVjdDELMAkGA1UECwwCY2kxEDAOBgNVBAMMB21vYnktY2kxDTALBgNV
+BCkMBG1vYnkxHzAdBgkqhkiG9w0BCQEWEG1vYnlAZXhhbXBsZS5vcmcwHhcNMjEw
+NTE3MTk0OTM0WhcNMzEwNTE3MTk0OTM0WjCBljELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xFTATBgNVBAoMDE1vYnktcHJv
+amVjdDELMAkGA1UECwwCY2kxDzANBgNVBAMMBnNlcnZlcjENMAsGA1UEKQwEbW9i
+eTEfMB0GCSqGSIb3DQEJARYQbW9ieUBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAPIjsqMiA6ILzXHeGSkUkn/onTB/4w4T2t75m1pl
+7CLFznPnL8KuwwTrckN3h0bSY+I6CIWfWB/884JPXk5akg+soRagfpKjjqqT/Uzg
+7fCWCUO45uxyG6qqdj95AIkmxC//mQGV8o45oE8TY79rbEAPfO3uqCuQEZTYqRXB
+kUCJE+tJ7A3+T81Bj6bgqxXbRYYoI3mYQrtSqJbDqpHfWmckCUsuzpq6/JdOiV7D
+GAhOMeQctmXCfpPvUueS7iWIB0rVPYZEMQflGvVj3MMRtU0QoJxqmXrZtCIHl+L0
+DloQvJAJwQ9aZejznODiBCkk7qfuqvoCf4CsncqfD431xbMCAwEAAaOBlDCBkTAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBSC3bRy5NsSTpo7RXXwG05/QywQvzAfBgNVHSME
+GDAWgBSFV9D/qbQeH4Az+7g07X0GOc00mDATBgNVHSUEDDAKBggrBgEFBQcDATAv
+BgNVHREEKDAmggEqgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEw
+DQYJKoZIhvcNAQELBQADggEBAB6l9u35i6TIHRHjAzvsaqJZRDXRKAoOtYQ8Fzs4
+b+WMA0xwE7jPQDxKXb+Wpsomnc4AExCp65G0UJiiaG9rlVRGOZd01v27VPQnkbdO
+n7yFX1FpWYeGfh0GEHT1w+OBCeZ39bftrhywVi6NMWD/7/WrA/vammnYisrnAJnV
+nzn31RlMV6GQI8gho5urBdS3qHwSqW7Vw67gwCwIldoWxDXgiTsB8fey2BW2BX/s
+Cf0KX6lIFhHBMAr9mHFpA5EZXwIU10J1+7cBr8IJCEx7ydK8Dy3eV4SdjqjwIn7r
+BW7zW80vH2e0Oi+0saa9eA/EZcUBegayYz6g3qfvhMwXSyI=
 -----END CERTIFICATE-----

integration/testdata/https/server-key.pem

@@ -1,16 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMH/fTBvZEqxkrFx
-0cF04h3bLREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y
-4OjCv5p3cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+
-lA2LQ2chM7IIYJ12qAUyHvmVCRR1AgMBAAECgYAmwckb9RUfSwyYgLm8IYLPHiuJ
-wkllZfVg5Bo7gXJcQnFjZmJ56uTj8xvUjZlODIHM63TSO5ibv6kFXtXKCqZGd2M+
-wGbhZ0f+2GvKcwMmJERnIQjuoNaYSQLT0tM0VB9Iz0rJlZC+tzPZ+5pPqEumRdsS
-IzWNXfF42AhcbwAQYQJBAPVXtMYIJc9EZsz86ZcQiMPWUpCX5vnRmtwL8kKyR8D5
-4KfYeiowyFffSRMMcclwNHq7TgSXN+nIXM9WyzyzwikCQQDKbNA28AgZp9aT54HP
-WnbeE2pmt+uk/zl/BtxJSoK6H+69Jec+lf7EgL7HgOWYRSNot4uQWu8IhsHLTiUq
-+0FtAkEAqwlRxRy4/x24bP+D+QRV0/D97j93joFJbE4Hved7jlSlAV4xDGilwlyv
-HNB4Iu5OJ6Gcaibhm+FKkmD3noHSwQJBAIpu3fokLzX0bS+bDFBU6qO3HXX/47xj
-+tsfQvkwZrSI8AkU6c8IX0HdVhsz0FBRQAT2ORDQz1XCarfxykNZrwUCQQCGCBIc
-BBCWzhHlswlGidWJg3HqqO6hPPClEr3B5G87oCsdeYwiO23XT6rUnoJXfJHp6oCW
-5nCwDu5ZTP+khltg
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA8iOyoyIDogvNcd4ZKRSSf+idMH/jDhPa3vmbWmXsIsXOc+cv
+wq7DBOtyQ3eHRtJj4joIhZ9YH/zzgk9eTlqSD6yhFqB+kqOOqpP9TODt8JYJQ7jm
+7HIbqqp2P3kAiSbEL/+ZAZXyjjmgTxNjv2tsQA987e6oK5ARlNipFcGRQIkT60ns
+Df5PzUGPpuCrFdtFhigjeZhCu1KolsOqkd9aZyQJSy7Omrr8l06JXsMYCE4x5By2
+ZcJ+k+9S55LuJYgHStU9hkQxB+Ua9WPcwxG1TRCgnGqZetm0IgeX4vQOWhC8kAnB
+D1pl6POc4OIEKSTup+6q+gJ/gKydyp8PjfXFswIDAQABAoIBAEKIvJVGy2jDhXg8
+Zv16waaT7F1fRqyfmAyc2atFRlVntQr0A5OjIcNATu1q8qjrNrb660yMNFLV1rN/
+y5IMIQZdkQX+o8j3WERW1ctCIx9wmqsZK5rc3+1NWaCnRxZoqI/n08szwKqD+yC/
+WzFF+0C/AL0ATwVpWOtlfVCVF6x7dTkTqtc+65C/nw86ymp6cDq7Fh39d0deD8HB
+h4zxGnvTr4jFGkFWg6Vq4XdzKdVeVz/Njw19wJjdi/6Q3aC90APlJ6nuX3OWv6VV
+/Xs9rXqIUS4bhYyRrzCQ5Y/vINZCx3ekKynfghul4NDE4zo1GQm3E+7tVYZ6ll+9
++uHeUwECgYEA81NxVe5ViOWa4NFXucAgiNGl7KkN9/gDh77weXzGPhZDBULTv4OC
+yKokQOnn41qF5eq+YRKr+B733fGEhwJRoEyoyXSDpgTxdJHKmohdxGfsRoOEMO4Z
+ALm9+XmJYTq11l01M5Jqn36Smz5+iXAD7QVQdZMnA++IaBs2/uTuEQMCgYEA/sBv
+GweGKfdM11ZckNG8ocrAhkttq+5V9uFcGcpBmw08vu/Woy+L1dFvyUa7Hc/l6fe1
+PLdTvNaSK6mP/gfeevwNlS1NUVLtdnOq9cl/1/xfqi8Cj46VUTqRaEQMKHCeXyuA
+A3N1k06hMuW/bYstspyWvGyjsWth5QT7MNjkYZECgYEAoWcoNqfxdO1Y3uf+GOio
+rBjkxyccbO/G57RwLyXlGioKKuM5MkA58IFrquN9PgI971TXE+0exWdFY6NhFW0k
+WACBtZ/j86wzve83RWpPSIjm4Z87gHlvfFu4+FL2Hdij5Z3OPHdS4plDBldd+Cyl
+bgOoa1VA/AtXoDbtNAcHI6ECgYB7b6ymMSgd73jpIixp82ZuErrkl2nFlA9NN3cT
++/977JcRgU7D9UbRTNDYexAxasnhaygDCmVlq6ZZx6hAk3mGp9jA/plnHUJ4UaV1
+wLPUaLHF2U9pVdId8L4CAm7NrXvfa0l04p4GyWOsMMxnfLegwuT62b0bO4fMm3RG
+/+DxMQKBgQDTz8wKQFRWuDYshcRKJ8GB7Czgb4aFU0iTPFC4ql1HXkiGePDXyWjC
++6JQ3dTadn8HA540nCOWWvpgWeSCec9Q5YslpIdupMKpCx/zUfZZ2Y2/y+yJdQCr
+gGDf7LxhxBHQFyCLM9KuTdCzhQPsHVFHFrfr1UdDEe/e9QaJAyUw7Q==
+-----END RSA PRIVATE KEY-----