Compare revisions

3c4a7183 · 4db9d5bc · 4db9d5bc · 4db9d5bc · 4db9d5bc · 4db9d5bc
--- a/t/README.md
+++ b/t/README.md
-# ngx\_http\_voms\_module Testing 
+# `ngx_http_voms_module` Testing 

 ## Description

-Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.
+Setup and files to test the *ngx_http_voms_module* are contained in the `t` folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.

 ### Test fixture setup 

-Proxy certificates are in the `certs` folder:
+All the certificates, proxy certificates, trust-anchors directory, LSC files, etc., needed for the tests are automatically created by the `t/setup.sh` script. It uses utilities contained in the [helper-scripts](https://baltig.infn.it/mw-devel/helper-scripts) repo, in particulare in the `x509-scripts` subdirectory, and the VOMS clients. Certificates and proxies are described in configuration files `t/openssl.conf`, `t/conf.d/*` and `t/proxies.d/*`.

- * 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
- * 1.pem: long-lived proxy certificate, with an expired AC;
- * 2.pem: expired proxy certificate.
+The `helper-scripts` repo needs to be cloned somewhere locally and its X509 scripts made available in the PATH:

-Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/). 
+```shell
+$ git clone https://baltig.infn.it/mw-devel/helper-scripts.git
+$ PATH=$(pwd)/helper-scripts/x509-scripts/scripts:$PATH
+```

-The following command is used:
+Then, to setup, just run:

-	VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
-
-*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder. 
-
-To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
-
-Trust-anchors (igi-test-ca.pem) are contained in the `trust-anchors` folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the `certs` folder.
+```shell
+$(cd t && ./setup.sh)
+```

 ### Running Tests

-To run the tests made available in the `t` folder just type
-
-	prove -v 
-
-
-Using the docker image provided to exploit Openresty in the Storm2 project:
-
-	docker run --rm -it -v /path/to/ngx_http_voms_module:/home/build/ngx_http_voms_module storm2/ngx-voms-build
-	cd openresty-1.x.y
-	./configure ${resty_config_options} --add-module=../ngx_http_voms_module
-	make && make install
-	cd ..
-	sudo chown build.build -R t
-	prove -v 
+To run the tests made available in `t` just type
+
+```shell
+$ prove
+```
+
+from `t`'s parent directory.
+
+The `prove` command creates a directory called `servroot` in `t`, so if the `t` folder is accessible read-only, for
+example in a docker container, just make a copy somewhere else and run the tests from there:
+
+```shell
+cp -r t /tmp
+cd /tmp
+prove
+```
+
+Note: the alert below is unavoidable, but it doesn't affect the tests.
+
+```
+[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
+```
+
+### Testing directly the Nginx server
+
+You can reuse the config file `t/servroot/conf/nginx.conf` produced by `test::Nginx`, which contains something like
+
+```
+...
+http {
+    ...
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+        location = / {
+            default_type text/plain;
+            return 200 "$voms_user";
+        }
+    }
+    ...
+}
+```
+
+You may want to change the configuration so that the log goes to standard output instead of to a log file:
+
+```
+server {
+    error_log /dev/stdout debug;
+    ...
+```
+
+Start nginx:
+
+```shell
+$ nginx -c conf/nginx.conf -p t/servroot/ -elogs/error.log
+```
+
+Modify (as root) `/etc/hosts` so that `nginx-voms.test.example` is an alias for `localhost`:
+
+```
+127.0.0.1	localhost nginx-voms.test.example
+```
+
+Then run for example `curl`, calling directly the HTTPS endpoint:
+
+```shell
+$ curl https://nginx-voms.test.example:8443 --cert t/certs/3.pem --capath t/trust-anchors --cacert t/certs/3.cert.pem
+```
--- a/t/certs/0.cert.pem
+++ b/t/certs/0.cert.pem
-----BEGIN CERTIFICATE-----
-MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
-MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
-VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
-Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
-xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
-AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
-BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
-p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
-p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
-ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
-/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
-V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- a/t/certs/0.key.pem
+++ b/t/certs/0.key.pem
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
-jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
-63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
-AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
-AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
-qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
-kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
-M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
-hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
-Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
-YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
-37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
-Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
-----END RSA PRIVATE KEY-----
--- a/t/certs/0.pem
+++ b/t/certs/0.pem
-----BEGIN CERTIFICATE-----
-MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
-MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
-VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
-Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
-xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
-AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
-BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
-p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
-p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
-ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
-/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
-V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
-jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
-63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
-AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
-AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
-qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
-kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
-M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
-hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
-Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
-YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
-37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
-Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- a/t/certs/1.cert.pem
+++ b/t/certs/1.cert.pem
-----BEGIN CERTIFICATE-----
-MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
-MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
-VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
-lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
-PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
-AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
-KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
-NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
-ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
-VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
-NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
-ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
-AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
-AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
-IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
-SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
-o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
-amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
-r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
-3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
-msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
-MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
-MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
-CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
-ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
-SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
-0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
-EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
-vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
-uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
-Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
-BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
-ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
-dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
-Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
-HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
-XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
-UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
-R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
-scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
-ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
-+KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
-IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
-ZTAXFVmk
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- a/t/certs/1.key.pem
+++ b/t/certs/1.key.pem
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
-G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
-gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
-AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
-BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
-RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
-FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
-NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
-FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
-gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
-Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
-F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
-ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
-----END RSA PRIVATE KEY-----
--- a/t/certs/1.pem
+++ b/t/certs/1.pem
-----BEGIN CERTIFICATE-----
-MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
-MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
-VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
-lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
-PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
-AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
-KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
-NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
-ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
-VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
-NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
-ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
-AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
-AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
-IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
-SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
-o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
-amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
-r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
-3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
-msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
-MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
-MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
-CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
-ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
-SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
-0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
-EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
-vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
-uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
-Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
-BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
-ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
-dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
-Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
-HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
-XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
-UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
-R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
-scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
-ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
-+KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
-IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
-ZTAXFVmk
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
-G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
-gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
-AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
-BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
-RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
-FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
-NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
-FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
-gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
-Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
-F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
-ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- a/t/certs/2.cert.pem
+++ b/t/certs/2.cert.pem
-----BEGIN CERTIFICATE-----
-MIIIojCCB4ygAwIBAgIETKDkCTALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTc0MzQ5WhcN
-MTgwMzAyMTc0NDQ5WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
-VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTI4NTYxMjU1MzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAn32CSq6B3ukrNYp+s5LoUp3I24j94ISIzML+ptf2znLsqsya
-V2VqCxFr7nBuYWi2dOR6Nbtfcc0pZKrEsnOWC8FYbB21GBdP9yBwQbQnQkoVgLPQ
-ZN6uf4d8AZXIgmP7C2p34lCJYlJ7MdC6LyzA08OYTfhM+YivX+bQJKV1/aMCAwEA
-AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
-KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
-NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
-ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
-VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
-NzQzNDlaGA8yMDE4MDMwMzA1NDM0OVowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
-ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
-AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
-AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
-IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
-SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
-o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
-amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
-r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
-3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
-msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
-MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
-MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
-CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
-ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
-SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
-0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
-EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
-vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
-uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
-Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
-BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
-ggEBAC/6WfYAvJEDQrBTUkBoCRKUEHI77go0Mv9PigJj2TbHEjru6xdvofe9be3d
-XiCqhSDPX5hzs1DM4sTeeV1AZqkzT8zF0Dk6G02n1UUx/vjAuCeEufdq65UqihMa
-2RPESIIvu0t7+/R9Htg7Ilh2G8FOOFaFdd/IOGq9my4ln5vaN7TruiswgxBvjeGW
-bBAuHp2Dsrh0lTttCMiUmICsmnBqE95rFNeW5PwXc62wK4DZQVzvINMDu4A+6MiI
-TDqx492HIglKUoDG6LibGgTieFmtT5DkbkyzfV0MKWKRRXsZl6G4FpT93GtJ3KMB
-mo8zhoQ4Vc1HoQgTd6fvczIIeL4wCwYJKoZIhvcNAQEFA4IBAQCp181nPGXDiStJ
-C7xsgpJpdnDfQgyAvs44MQ7BQA7MvwCSOwt+/IoG0Vm+dUW6NVhZwko45K6Y860Y
-DmlYt2ytkXcQI5solt+onZ7QE3BKqzDVrMtdu2w0KeKzfveJUC/DSpmOwY/q9lzp
-xA7Gf6jkiNpffEzBLxWGWwKJRnRw2AxopwdGzZz8dCUAsb+aAi5XpkkJ2izBXfz0
-wYgV8BS5pklZ3pg+TjNFdRMc8SoMuNyzLYcf+fab0tKd5hEh3SW2Kpr15UXdnhfe
-n16zQj/1sL6C5SOKqJOEGjjMRB+C4kQsV06O4hmUSs6dpIYqyw2j22Dm3t9R0xlk
-ggMdmoIl
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- a/t/certs/2.key.pem
+++ b/t/certs/2.key.pem
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCffYJKroHe6Ss1in6zkuhSncjbiP3ghIjMwv6m1/bOcuyqzJpX
-ZWoLEWvucG5haLZ05Ho1u19xzSlkqsSyc5YLwVhsHbUYF0/3IHBBtCdCShWAs9Bk
-3q5/h3wBlciCY/sLanfiUIliUnsx0LovLMDTw5hN+Ez5iK9f5tAkpXX9owIDAQAB
-AoGAbxTOQ0+JeoSxqIe+OTnvf2MPuv+Nuur0EJEbJX8zEZTviwIX2Rj0I6NNpfM+
-na99rKpZB8Vp82vuEYPynUtty77UJ7o0iziWQoyb0OsY/U8C0DL0jInicEa7exGP
-jWch1d9mFz5A4+mo8QFApo88Cx7ENHvWftro4CWPYkvEEikCQQD/28TpNbAAnJB7
-99S5QaXqAxaPdQIwff5T2OncIsmzL/DHbkp21tPccZ+LVtZp3/2vNF11HT8FYEbW
-bcsSZa2/AkEAn5QX82MXrcqEt0pdoU04UdNeSAXY8zaiRinPWlVAOjYl2kDcgInV
-DVx0psaoUYbvg+hxzKKunuHChytTYcBxHQJBAPq2hJatWCDRSjdf22AJNyY/Dm1W
-j+WqoHvTEx32LMVcVclmhqs6yXG7GUZ1ujcXGUQEwQuQs/91nxRhk9scLYsCQQCT
-MSSOaR6UPTMBZeTLPdDvGMnkIRCl9gTkNvh92BiwGPX9RMqe/YO5GUi39JGY8Z/H
-ygX9vSjYgGDQERSOG9W5AkAOhzoSyonBVeIvc7ky4F0KQSQupvyAQpTIZ/wkjbGo
-W5z9Y3TbN0zJA7Qnx6oEV5ZHshplSdZXYJNvVe5qGvG1
-----END RSA PRIVATE KEY-----
--- a/t/certs/2.pem
+++ b/t/certs/2.pem
-----BEGIN CERTIFICATE-----
-MIIIojCCB4ygAwIBAgIETKDkCTALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTc0MzQ5WhcN
-MTgwMzAyMTc0NDQ5WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
-VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTI4NTYxMjU1MzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAn32CSq6B3ukrNYp+s5LoUp3I24j94ISIzML+ptf2znLsqsya
-V2VqCxFr7nBuYWi2dOR6Nbtfcc0pZKrEsnOWC8FYbB21GBdP9yBwQbQnQkoVgLPQ
-ZN6uf4d8AZXIgmP7C2p34lCJYlJ7MdC6LyzA08OYTfhM+YivX+bQJKV1/aMCAwEA
-AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
-KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
-NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
-ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
-VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
-NzQzNDlaGA8yMDE4MDMwMzA1NDM0OVowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
-ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
-AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
-AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
-IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
-SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
-o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
-amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
-r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
-3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
-msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
-MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
-MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
-CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
-ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
-SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
-0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
-EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
-vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
-uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
-Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
-BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
-ggEBAC/6WfYAvJEDQrBTUkBoCRKUEHI77go0Mv9PigJj2TbHEjru6xdvofe9be3d
-XiCqhSDPX5hzs1DM4sTeeV1AZqkzT8zF0Dk6G02n1UUx/vjAuCeEufdq65UqihMa
-2RPESIIvu0t7+/R9Htg7Ilh2G8FOOFaFdd/IOGq9my4ln5vaN7TruiswgxBvjeGW
-bBAuHp2Dsrh0lTttCMiUmICsmnBqE95rFNeW5PwXc62wK4DZQVzvINMDu4A+6MiI
-TDqx492HIglKUoDG6LibGgTieFmtT5DkbkyzfV0MKWKRRXsZl6G4FpT93GtJ3KMB
-mo8zhoQ4Vc1HoQgTd6fvczIIeL4wCwYJKoZIhvcNAQEFA4IBAQCp181nPGXDiStJ
-C7xsgpJpdnDfQgyAvs44MQ7BQA7MvwCSOwt+/IoG0Vm+dUW6NVhZwko45K6Y860Y
-DmlYt2ytkXcQI5solt+onZ7QE3BKqzDVrMtdu2w0KeKzfveJUC/DSpmOwY/q9lzp
-xA7Gf6jkiNpffEzBLxWGWwKJRnRw2AxopwdGzZz8dCUAsb+aAi5XpkkJ2izBXfz0
-wYgV8BS5pklZ3pg+TjNFdRMc8SoMuNyzLYcf+fab0tKd5hEh3SW2Kpr15UXdnhfe
-n16zQj/1sL6C5SOKqJOEGjjMRB+C4kQsV06O4hmUSs6dpIYqyw2j22Dm3t9R0xlk
-ggMdmoIl
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCffYJKroHe6Ss1in6zkuhSncjbiP3ghIjMwv6m1/bOcuyqzJpX
-ZWoLEWvucG5haLZ05Ho1u19xzSlkqsSyc5YLwVhsHbUYF0/3IHBBtCdCShWAs9Bk
-3q5/h3wBlciCY/sLanfiUIliUnsx0LovLMDTw5hN+Ez5iK9f5tAkpXX9owIDAQAB
-AoGAbxTOQ0+JeoSxqIe+OTnvf2MPuv+Nuur0EJEbJX8zEZTviwIX2Rj0I6NNpfM+
-na99rKpZB8Vp82vuEYPynUtty77UJ7o0iziWQoyb0OsY/U8C0DL0jInicEa7exGP
-jWch1d9mFz5A4+mo8QFApo88Cx7ENHvWftro4CWPYkvEEikCQQD/28TpNbAAnJB7
-99S5QaXqAxaPdQIwff5T2OncIsmzL/DHbkp21tPccZ+LVtZp3/2vNF11HT8FYEbW
-bcsSZa2/AkEAn5QX82MXrcqEt0pdoU04UdNeSAXY8zaiRinPWlVAOjYl2kDcgInV
-DVx0psaoUYbvg+hxzKKunuHChytTYcBxHQJBAPq2hJatWCDRSjdf22AJNyY/Dm1W
-j+WqoHvTEx32LMVcVclmhqs6yXG7GUZ1ujcXGUQEwQuQs/91nxRhk9scLYsCQQCT
-MSSOaR6UPTMBZeTLPdDvGMnkIRCl9gTkNvh92BiwGPX9RMqe/YO5GUi39JGY8Z/H
-ygX9vSjYgGDQERSOG9W5AkAOhzoSyonBVeIvc7ky4F0KQSQupvyAQpTIZ/wkjbGo
-W5z9Y3TbN0zJA7Qnx6oEV5ZHshplSdZXYJNvVe5qGvG1
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- a/t/certs/nginx_voms_example.cert.pem
+++ b/t/certs/nginx_voms_example.cert.pem
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 788 (0x314)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=IT, O=IGI, CN=Test CA
-        Validity
-            Not Before: Mar  2 16:20:13 2018 GMT
-            Not After : Feb 28 16:20:13 2028 GMT
-        Subject: C=IT, O=IGI, CN=nginx-voms.example
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b0:40:e2:d8:57:f2:36:5b:8d:a4:0a:b0:8a:c2:
-                    15:44:3d:3a:a3:c5:3a:a6:86:76:7a:ce:2c:93:5c:
-                    7a:b2:ac:42:2d:e7:4f:20:fe:65:fa:ec:c7:84:3d:
-                    78:2b:31:58:11:c6:04:3f:5e:f2:9b:c8:c1:0a:9c:
-                    30:14:74:64:ae:23:0c:8a:4d:c6:ab:2a:9a:24:b5:
-                    8b:89:c6:5d:0c:72:e2:12:ec:06:e6:7f:54:80:8b:
-                    2a:a1:2a:0e:2e:96:ee:0d:af:6e:fd:57:f2:48:34:
-                    a7:6b:8f:c0:c9:39:4c:83:24:96:75:94:be:b7:1c:
-                    6c:bb:e8:c8:00:43:46:ef:8d:d7:1c:e6:79:d7:a8:
-                    20:4f:66:65:6c:c5:4e:51:c7:b3:dc:39:43:84:65:
-                    18:14:57:a4:37:55:8c:5f:5b:63:b6:20:7e:bb:b6:
-                    c3:99:4f:41:fa:87:3a:73:ed:34:91:c5:a8:3b:50:
-                    15:2d:de:8e:76:ab:87:06:cc:5b:0c:44:8d:30:24:
-                    6f:2d:6e:a7:b0:97:7c:5d:50:52:6b:66:3b:8f:f8:
-                    2e:41:c4:71:ad:52:14:07:c2:35:57:4e:64:d6:d2:
-                    9f:46:d3:d4:28:c1:15:3b:bb:ff:b1:73:9d:d0:1b:
-                    7e:81:9c:50:48:55:c1:58:63:a8:25:12:4e:1c:aa:
-                    90:a1
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                2F:BA:E2:77:B3:3E:47:82:3B:5C:8C:A1:13:7A:4D:59:50:4D:8C:FD
-            X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
-            X509v3 Authority Key Identifier: 
-                keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
-
-            X509v3 Subject Alternative Name: 
-                DNS:nginx-voms.example
-    Signature Algorithm: sha256WithRSAEncryption
-        4f:13:10:00:61:f5:76:3b:2d:43:ab:89:55:4c:a5:b3:16:84:
-        dd:bf:18:6d:f3:4a:b3:65:32:0a:fa:14:aa:5e:61:45:05:fa:
-        f8:35:1e:ad:b9:ff:3e:70:be:94:99:3c:04:28:59:4d:12:88:
-        5f:e4:2a:e5:bc:eb:c7:59:49:59:b8:f7:79:a3:2f:ec:99:af:
-        eb:f9:05:5e:68:14:fb:bb:35:a3:3e:d7:1b:55:c2:91:a5:cc:
-        b5:88:15:0c:36:aa:25:e8:76:bc:e5:b0:b7:a8:b4:af:7b:c9:
-        8a:52:ae:34:07:4e:18:5a:e2:83:21:bf:10:fe:8c:91:1f:88:
-        b0:0e:60:ea:8a:40:df:2e:d5:0e:70:2b:07:95:d5:00:02:3b:
-        be:b6:22:ff:a2:30:5e:52:83:7b:b9:44:ce:56:be:de:d0:55:
-        35:35:e7:3f:45:1a:ad:93:42:65:84:2d:d4:86:b6:5c:7e:06:
-        e8:76:87:2e:2e:e3:fa:d6:65:1e:00:7a:a4:71:be:c8:4a:2f:
-        8a:06:bf:15:02:68:53:99:44:ce:45:8e:d0:e9:5d:76:3f:93:
-        e9:57:91:2c:af:56:ce:a4:20:88:5d:fc:49:44:cc:78:d6:4e:
-        0e:e3:8e:1b:f7:81:9e:eb:15:26:ba:97:f6:c3:ca:6f:3f:5f:
-        3d:23:a0:fd
-----BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgICAxQwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xODAzMDIxNjIwMTNa
-Fw0yODAyMjgxNjIwMTNaMDgxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxGzAZ
-BgNVBAMMEm5naW54LXZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALBA4thX8jZbjaQKsIrCFUQ9OqPFOqaGdnrOLJNcerKsQi3nTyD+
-Zfrsx4Q9eCsxWBHGBD9e8pvIwQqcMBR0ZK4jDIpNxqsqmiS1i4nGXQxy4hLsBuZ/
-VICLKqEqDi6W7g2vbv1X8kg0p2uPwMk5TIMklnWUvrccbLvoyABDRu+N1xzmedeo
-IE9mZWzFTlHHs9w5Q4RlGBRXpDdVjF9bY7Ygfru2w5lPQfqHOnPtNJHFqDtQFS3e
-jnarhwbMWwxEjTAkby1up7CXfF1QUmtmO4/4LkHEca1SFAfCNVdOZNbSn0bT1CjB
-FTu7/7FzndAbfoGcUEhVwVhjqCUSThyqkKECAwEAAaOBwDCBvTAMBgNVHRMBAf8E
-AjAAMB0GA1UdDgQWBBQvuuJ3sz5HgjtcjKETek1ZUE2M/TAOBgNVHQ8BAf8EBAMC
-BeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglg
-hkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOi
-EUnGMB0GA1UdEQQWMBSCEm5naW54LXZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsF
-AAOCAQEATxMQAGH1djstQ6uJVUylsxaE3b8YbfNKs2UyCvoUql5hRQX6+DUerbn/
-PnC+lJk8BChZTRKIX+Qq5bzrx1lJWbj3eaMv7Jmv6/kFXmgU+7s1oz7XG1XCkaXM
-tYgVDDaqJeh2vOWwt6i0r3vJilKuNAdOGFrigyG/EP6MkR+IsA5g6opA3y7VDnAr
-B5XVAAI7vrYi/6IwXlKDe7lEzla+3tBVNTXnP0UarZNCZYQt1Ia2XH4G6HaHLi7j
-+tZlHgB6pHG+yEoviga/FQJoU5lEzkWO0Olddj+T6VeRLK9WzqQgiF38SUTMeNZO
-DuOOG/eBnusVJrqX9sPKbz9fPSOg/Q==
-----END CERTIFICATE-----
--- a/t/certs/nginx_voms_example.key.pem
+++ b/t/certs/nginx_voms_example.key.pem
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAsEDi2FfyNluNpAqwisIVRD06o8U6poZ2es4sk1x6sqxCLedP
-IP5l+uzHhD14KzFYEcYEP17ym8jBCpwwFHRkriMMik3GqyqaJLWLicZdDHLiEuwG
-5n9UgIsqoSoOLpbuDa9u/VfySDSna4/AyTlMgySWdZS+txxsu+jIAENG743XHOZ5
-16ggT2ZlbMVOUcez3DlDhGUYFFekN1WMX1tjtiB+u7bDmU9B+oc6c+00kcWoO1AV
-Ld6OdquHBsxbDESNMCRvLW6nsJd8XVBSa2Y7j/guQcRxrVIUB8I1V05k1tKfRtPU
-KMEVO7v/sXOd0Bt+gZxQSFXBWGOoJRJOHKqQoQIDAQABAoIBAQCt47Zqn4n2GymJ
-GIrIu2bj5ky+Ws3ckXi+/D56PJlJQi4gv78P3C2c/JJzY3n1kz9CecyjAPf2vn/G
-CgZdh9/09dtfcBB7uxJM+Vfr2+rdZ1KoPHkqW6FxGNw8GRPY30uJ8PVdubDtkBVF
-R5R6cq+MC0LuSoxGeCLG2YjIyZdoqzLKGyHy6Sv1Cdd1ctXa4DHKBA6XUwKTN6tB
-GFdrNiz5ucGB9AzOcpXSRD/F8Vy7beb8Gb+4skEXp2hAVzVFOd9xbrsZZRpPmQky
-4UN3E8Fy+1hbqlXBnCJF8pRywVLEtuCOF8BJlFCqgnV79JxKsxf/iIV+gXJje2i8
-MRbKbZjJAoGBANeMHUiJeF2y40lD+9VHHPj5Y69aN6osUQs++IXE+9bT513TGvLx
-6WtwRE45tWFg2VT45NoVJ1a5HW6aj0LbSqHsgO80A4yumdPd8W4Fa1LhqNSwKqKx
-38RsZL8AS1FghEt/HayxaboqGDl/q4qP0b3lzgIM98LGpIgDbPwoePQfAoGBANFU
-6e2FquwmxX9ZsOd5tYU6mLrdhvEBbXlVF3V/JpdYMwS4OEyV8pkIdaw+lapcF7/G
-l9Atksb44xYCNf45e/SUR+dLpvCDjKgkO9vmfnNM/sv057KyfjaLU5ogag0cfKFQ
-qYvYRzd4ujUj4EoM7DMNsF6IPrhqNbqwIChDseM/AoGBALZkOeNHcDLZTLqSbGbs
-5fdIELIxBSlalrmNb37CUNhYN0+NcyBg08O2HBaVfoYIDd95PS3M+JzJx73vy4on
-Rd/+4JuIx/gjRseg5srSix53FQXkjC9flJoBnr6A4TrbERdRWSrodS6ysAz3m5CE
-YlbuPoQ9tOl8bX0qaO520OLBAoGAPYwO35ROhfJ8XQ488kIZudtZro+VrmSyEFuR
-cy14ZkU7cubLPtFTq+UN3B/ml1lObkdwuXe80R26fu0VfPLf3DCA16OpqMu03ncQ
-1n31reb0f3k5apQKgfUDFqzzIXm/txplT0W+4rNvZFJxDrSv+e7LbW/3qPcpZwOD
-4PLOabcCgYASw9uVfE9JhOoawDtROQkiOtg8gx5CffvdSqztRnIbR/LN9Ne+CMsl
-UJuPaEj/O7y00ZyfHNmOfKMjFNwEGyk+LdLUkKEw0feNZQzHvfTmuBCqwWQYM8dL
-mA0WApTCO1rMTg/KouRSy9QFCpUx0oMJN7mgKo0BaH+H2RhIlssOAg==
-----END RSA PRIVATE KEY-----
--- a/t/certs/voms_example.cert.pem
+++ b/t/certs/voms_example.cert.pem
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 787 (0x313)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=IT, O=IGI, CN=Test CA
-        Validity
-            Not Before: Dec  6 09:46:37 2017 GMT
-            Not After : Dec  4 09:46:37 2027 GMT
-        Subject: C=IT, O=IGI, CN=voms.example
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bc:7f:c8:da:1e:0d:93:50:b4:98:22:1a:2f:ad:
-                    23:f4:92:2b:72:91:12:9b:ef:e1:a3:a2:a6:03:04:
-                    bd:c7:c2:7f:78:51:78:fd:94:06:d3:aa:e8:dd:56:
-                    8f:1d:d5:1d:a5:49:3f:4c:b2:4c:d1:3e:69:2c:60:
-                    c0:8f:5f:0f:7c:6d:a4:cb:58:0c:6e:de:33:6a:6c:
-                    32:11:bb:d3:e1:4d:03:13:b5:1f:99:35:1d:1f:af:
-                    b4:7b:da:b6:1b:5a:76:76:54:04:f3:e8:d7:60:6b:
-                    c6:55:d9:d4:12:eb:7b:f2:3d:df:ec:9e:da:d4:df:
-                    10:af:ee:dc:9d:96:c7:14:8c:60:16:d8:92:ca:29:
-                    8c:df:f7:4f:8f:8b:a7:80:01:e7:f7:7a:4f:3c:32:
-                    42:af:ce:2e:f8:1a:7b:bc:b5:eb:20:a7:d5:28:c1:
-                    a4:d3:54:d3:dc:c0:dc:96:7b:c4:09:c5:9f:2f:c8:
-                    db:73:61:01:e4:2e:97:b9:05:64:1a:dc:76:09:09:
-                    eb:af:be:6c:47:b9:5b:41:86:c1:51:c0:fe:65:23:
-                    2b:94:ac:b0:81:46:99:9a:c2:9e:6f:0b:62:03:34:
-                    d3:5b:b5:db:e7:ac:38:0e:31:63:ed:81:1f:6e:bc:
-                    41:65:89:b1:8d:2f:5f:fa:8a:da:88:ac:f8:cb:3f:
-                    eb:2b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                33:8C:09:D4:49:94:01:CE:D1:FB:0B:9D:19:5E:AD:C4:D7:F5:90:C4
-            X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
-            X509v3 Authority Key Identifier: 
-                keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
-
-            X509v3 Subject Alternative Name: 
-                DNS:voms.example
-    Signature Algorithm: sha256WithRSAEncryption
-        e0:c5:08:e4:92:9b:26:09:04:64:b9:9e:c9:27:82:2c:90:4c:
-        4b:f1:3c:1a:4d:cd:f6:5a:fe:8a:58:6b:36:42:3b:7b:d0:e0:
-        66:2a:ee:2d:ad:d0:2a:59:52:c8:44:85:b6:90:af:12:49:cc:
-        de:a4:65:aa:e9:6e:83:e1:cf:20:d3:98:8f:3e:a8:a1:82:f8:
-        f5:6e:97:73:78:be:46:a7:5a:a7:10:30:b7:01:13:cf:b4:03:
-        c6:74:f7:e4:b8:51:21:33:79:4a:88:d6:01:cb:c1:22:37:6e:
-        9f:1d:2c:3e:eb:d0:09:51:3b:0a:5f:b5:19:b6:1a:35:63:95:
-        94:f5:99:a1:bc:18:bc:84:aa:9b:70:3a:b2:2d:c2:ed:50:19:
-        20:16:94:21:ea:49:e1:d8:61:10:9d:f5:29:65:11:a2:15:2b:
-        8a:f7:14:5a:49:b8:2d:5c:0f:fc:77:20:e7:03:3a:15:b8:21:
-        31:d8:33:fc:8f:70:1c:a6:90:80:84:b3:af:1f:2d:28:9e:c6:
-        e2:8a:43:ec:26:32:bf:d7:6a:aa:42:5a:2c:50:29:33:5d:b7:
-        e8:58:22:b6:c7:7b:bf:a4:ac:55:32:2d:51:58:1a:ee:9e:80:
-        d2:4d:24:4b:6a:e3:97:2e:a7:5c:e3:50:84:33:b5:ec:a4:20:
-        6e:70:1d:e9
-----BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzEyMDYwOTQ2Mzda
-Fw0yNzEyMDQwOTQ2MzdaMDIxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxFTAT
-BgNVBAMMDHZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALx/yNoeDZNQtJgiGi+tI/SSK3KREpvv4aOipgMEvcfCf3hReP2UBtOq6N1W
-jx3VHaVJP0yyTNE+aSxgwI9fD3xtpMtYDG7eM2psMhG70+FNAxO1H5k1HR+vtHva
-thtadnZUBPPo12BrxlXZ1BLre/I93+ye2tTfEK/u3J2WxxSMYBbYksopjN/3T4+L
-p4AB5/d6TzwyQq/OLvgae7y16yCn1SjBpNNU09zA3JZ7xAnFny/I23NhAeQul7kF
-ZBrcdgkJ66++bEe5W0GGwVHA/mUjK5SssIFGmZrCnm8LYgM001u12+esOA4xY+2B
-H268QWWJsY0vX/qK2ois+Ms/6ysCAwEAAaOBujCBtzAMBgNVHRMBAf8EAjAAMB0G
-A1UdDgQWBBQzjAnUSZQBztH7C50ZXq3E1/WQxDAOBgNVHQ8BAf8EBAMCBeAwPgYD
-VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
-BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMBcG
-A1UdEQQQMA6CDHZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEA4MUI5JKb
-JgkEZLmeySeCLJBMS/E8Gk3N9lr+ilhrNkI7e9DgZiruLa3QKllSyESFtpCvEknM
-3qRlqulug+HPINOYjz6ooYL49W6Xc3i+RqdapxAwtwETz7QDxnT35LhRITN5SojW
-AcvBIjdunx0sPuvQCVE7Cl+1GbYaNWOVlPWZobwYvISqm3A6si3C7VAZIBaUIepJ
-4dhhEJ31KWURohUrivcUWkm4LVwP/Hcg5wM6FbghMdgz/I9wHKaQgISzrx8tKJ7G
-4opD7CYyv9dqqkJaLFApM1236Fgitsd7v6SsVTItUVga7p6A0k0kS2rjly6nXONQ
-hDO17KQgbnAd6Q==
-----END CERTIFICATE-----
--- a/t/certs/voms_example.key.pem
+++ b/t/certs/voms_example.key.pem
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
-/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
-mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
-yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
-c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
-56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
-fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
-TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
-htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
-9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
-uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
-Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
-vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
-dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
-1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
-dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
-oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
-UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
-pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
-x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
-OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
-N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
-Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
-j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
-Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
-----END RSA PRIVATE KEY-----
--- a/t/conf.d/ephemeral_ca.conf
+++ b/t/conf.d/ephemeral_ca.conf
+
+[ ephemeral_ca ]
+
+dir                    = ${ENV::CA_NAME}
+certs                  = $dir/certs
+database               = $dir/index.txt
+serial                 = $dir/serial
+certificate            = $dir/ca.crt
+private_key            = $dir/private/ca.key
+default_crl_days       = 30
+default_md             = sha512
+
+[ ephemeral_ca_cert ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/private/ca.key
+distinguished_name     = ${ENV::CA_NAME}_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = ${ENV::CA_NAME}_extensions
+
+[ ephemeral_ca_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Ephemeral CA
+
+[ ephemeral_ca_extensions ]
+
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+basicConstraints       = critical, CA:true
+keyUsage               = critical, cRLSign, keyCertSign
--- a/t/conf.d/expired.conf
+++ b/t/conf.d/expired.conf
+
+[ expired ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/expired.key.pem
+distinguished_name     = expired_dn
+prompt                 = no
+output_password        = pass
+default_md             = sha512
+x509_extensions        = expired_extensions
+
+[ expired_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Expired
+
+[ expired_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = email:expired@cnaf.infn.it
+
+
--- a/t/conf.d/igi_test_ca.conf
+++ b/t/conf.d/igi_test_ca.conf
+
+[ igi_test_ca ]
+
+dir                    = ${ENV::CA_NAME}
+certs                  = $dir/certs
+database               = $dir/index.txt
+serial                 = $dir/serial
+certificate            = $dir/ca.crt
+private_key            = $dir/private/ca.key
+default_crl_days       = 30
+default_md             = sha512
+
+[ igi_test_ca_cert ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/private/ca.key
+distinguished_name     = ${ENV::CA_NAME}_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = ${ENV::CA_NAME}_extensions
+
+[ igi_test_ca_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Test CA
+
+[ igi_test_ca_extensions ]
+
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+basicConstraints       = critical, CA:true
+keyUsage               = critical, cRLSign, keyCertSign
--- a/t/conf.d/igi_test_ca2.conf
+++ b/t/conf.d/igi_test_ca2.conf
+
+[ igi_test_ca2 ]
+
+dir                    = ${ENV::CA_NAME}
+certs                  = $dir/certs
+database               = $dir/index.txt
+serial                 = $dir/serial
+certificate            = $dir/ca.crt
+private_key            = $dir/private/ca.key
+default_crl_days       = 30
+default_md             = sha512
+
+[ igi_test_ca2_cert ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/private/ca.key
+distinguished_name     = ${ENV::CA_NAME}_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = ${ENV::CA_NAME}_extensions
+
+[ igi_test_ca2_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Test CA 2
+
+[ igi_test_ca2_extensions ]
+
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+basicConstraints       = critical, CA:true
+keyUsage               = critical, cRLSign, keyCertSign
--- a/t/conf.d/revoked.conf
+++ b/t/conf.d/revoked.conf
+
+[ revoked ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/revoked.key.pem
+distinguished_name     = revoked_dn
+prompt                 = no
+output_password        = pass
+default_md             = sha512
+x509_extensions        = revoked_extensions
+
+[ revoked_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Revoked
+
+[ revoked_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = email:revoked@cnaf.infn.it
+
+
--- a/t/conf.d/star_test_example.conf
+++ b/t/conf.d/star_test_example.conf
+
+[ star_test_example ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/star_test_example.key.pem
+distinguished_name     = star_test_example_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = star_test_example_extensions
+
+[ star_test_example_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = *.test.example
+
+[ star_test_example_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, digitalSignature
+extendedKeyUsage       = serverAuth, clientAuth
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = DNS:*.test.example
No results found