diff --git a/README.md b/README.md
index ec7990d3c4998f0eec4191277cf934b44b12161e..16e58bd4200609a3288799e51f02cf327492d721 100644
--- a/README.md
+++ b/README.md
@@ -29,3 +29,7 @@ A comma-separated list of _Fully Qualified Attribute Names_
### voms_user
+
+## Testing
+
+Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` folder.
diff --git a/t/README.md b/t/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..9cccd8c2b5e4775f114a3b0e0bb209c9fbdb31e3
--- /dev/null
+++ b/t/README.md
@@ -0,0 +1,29 @@
+# ngx\_http\_voms\_module Testing
+
+## Description
+
+Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.
+
+### Test fixture setup
+
+Proxy certificates are in the `certs` folder (see [README.md](certs/README.md) for further details), while trust-anchors (e.g. igi-test-ca.pem) are contained in `trust-anchors`.
+
+Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem, respectively, and they are contained in `certs`.
+
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. The *voms.example.lsc* can be found in `vomsdir/test.vo`.
+
+### Running Tests
+
+To run the tests made available in `t` just type
+
+ prove -v
+
+from `t`' s parent directory.
+
+Using the docker image provided to exploit Openresty in the Storm2 project (see [README.md](../README.md) for further details):
+
+ cp -r t /tmp
+ cd /tmp
+ prove -v
+
+A copy of the `t` folder is needed since the `prove` command creates a directory `servroot` in `t`.
diff --git a/t/certs/0.cert.pem b/t/certs/0.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..7597490669ee85bda03018f938dd5ea3ff998a6a
--- /dev/null
+++ b/t/certs/0.cert.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
+Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
+xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
+p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
+p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
+ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
+/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
+V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/0.key.pem b/t/certs/0.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..c07361691faedeee4f18c779ecf91268f9268d71
--- /dev/null
+++ b/t/certs/0.key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
+jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
+63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
+AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
+AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
+qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
+kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
+M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
+hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
+Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
+YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
+37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
+Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
+-----END RSA PRIVATE KEY-----
diff --git a/t/certs/0.pem b/t/certs/0.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e8f954be69cd9d9a72eb4049aea23cf46848087a
--- /dev/null
+++ b/t/certs/0.pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
+Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
+xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
+p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
+p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
+ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
+/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
+V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
+jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
+63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
+AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
+AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
+qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
+kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
+M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
+hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
+Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
+YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
+37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
+Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/1.cert.pem b/t/certs/1.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..2e4a5e2c8a0b392ce9923a58dc2b9ee4399df743
--- /dev/null
+++ b/t/certs/1.cert.pem
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
+lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
+PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
+dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
+Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
+HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
+XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
+UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
+R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
+scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
+ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
++KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
+IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
+ZTAXFVmk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/1.key.pem b/t/certs/1.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a52ef5b6d624e606c102dec0130d6e6dcf894e38
--- /dev/null
+++ b/t/certs/1.key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
+G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
+gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
+AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
+BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
+RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
+FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
+NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
+FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
+gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
+Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
+F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
+ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
+-----END RSA PRIVATE KEY-----
diff --git a/t/certs/1.pem b/t/certs/1.pem
new file mode 100644
index 0000000000000000000000000000000000000000..6ba17f228dd9d5ae5700e0ef4d23d8a4cf7dc3f1
--- /dev/null
+++ b/t/certs/1.pem
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
+lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
+PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
+dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
+Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
+HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
+XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
+UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
+R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
+scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
+ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
++KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
+IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
+ZTAXFVmk
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
+G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
+gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
+AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
+BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
+RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
+FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
+NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
+FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
+gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
+Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
+F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
+ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/2.cert.pem b/t/certs/2.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..aea83e035f395b9e1acb0a25f4b1702f056c127b
--- /dev/null
+++ b/t/certs/2.cert.pem
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIETKDkCTALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTc0MzQ5WhcN
+MTgwMzAyMTc0NDQ5WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTI4NTYxMjU1MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAn32CSq6B3ukrNYp+s5LoUp3I24j94ISIzML+ptf2znLsqsya
+V2VqCxFr7nBuYWi2dOR6Nbtfcc0pZKrEsnOWC8FYbB21GBdP9yBwQbQnQkoVgLPQ
+ZN6uf4d8AZXIgmP7C2p34lCJYlJ7MdC6LyzA08OYTfhM+YivX+bQJKV1/aMCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzQzNDlaGA8yMDE4MDMwMzA1NDM0OVowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAC/6WfYAvJEDQrBTUkBoCRKUEHI77go0Mv9PigJj2TbHEjru6xdvofe9be3d
+XiCqhSDPX5hzs1DM4sTeeV1AZqkzT8zF0Dk6G02n1UUx/vjAuCeEufdq65UqihMa
+2RPESIIvu0t7+/R9Htg7Ilh2G8FOOFaFdd/IOGq9my4ln5vaN7TruiswgxBvjeGW
+bBAuHp2Dsrh0lTttCMiUmICsmnBqE95rFNeW5PwXc62wK4DZQVzvINMDu4A+6MiI
+TDqx492HIglKUoDG6LibGgTieFmtT5DkbkyzfV0MKWKRRXsZl6G4FpT93GtJ3KMB
+mo8zhoQ4Vc1HoQgTd6fvczIIeL4wCwYJKoZIhvcNAQEFA4IBAQCp181nPGXDiStJ
+C7xsgpJpdnDfQgyAvs44MQ7BQA7MvwCSOwt+/IoG0Vm+dUW6NVhZwko45K6Y860Y
+DmlYt2ytkXcQI5solt+onZ7QE3BKqzDVrMtdu2w0KeKzfveJUC/DSpmOwY/q9lzp
+xA7Gf6jkiNpffEzBLxWGWwKJRnRw2AxopwdGzZz8dCUAsb+aAi5XpkkJ2izBXfz0
+wYgV8BS5pklZ3pg+TjNFdRMc8SoMuNyzLYcf+fab0tKd5hEh3SW2Kpr15UXdnhfe
+n16zQj/1sL6C5SOKqJOEGjjMRB+C4kQsV06O4hmUSs6dpIYqyw2j22Dm3t9R0xlk
+ggMdmoIl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/2.key.pem b/t/certs/2.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e829c4225dffdb0e9416a53cff33f8988eab121a
--- /dev/null
+++ b/t/certs/2.key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCffYJKroHe6Ss1in6zkuhSncjbiP3ghIjMwv6m1/bOcuyqzJpX
+ZWoLEWvucG5haLZ05Ho1u19xzSlkqsSyc5YLwVhsHbUYF0/3IHBBtCdCShWAs9Bk
+3q5/h3wBlciCY/sLanfiUIliUnsx0LovLMDTw5hN+Ez5iK9f5tAkpXX9owIDAQAB
+AoGAbxTOQ0+JeoSxqIe+OTnvf2MPuv+Nuur0EJEbJX8zEZTviwIX2Rj0I6NNpfM+
+na99rKpZB8Vp82vuEYPynUtty77UJ7o0iziWQoyb0OsY/U8C0DL0jInicEa7exGP
+jWch1d9mFz5A4+mo8QFApo88Cx7ENHvWftro4CWPYkvEEikCQQD/28TpNbAAnJB7
+99S5QaXqAxaPdQIwff5T2OncIsmzL/DHbkp21tPccZ+LVtZp3/2vNF11HT8FYEbW
+bcsSZa2/AkEAn5QX82MXrcqEt0pdoU04UdNeSAXY8zaiRinPWlVAOjYl2kDcgInV
+DVx0psaoUYbvg+hxzKKunuHChytTYcBxHQJBAPq2hJatWCDRSjdf22AJNyY/Dm1W
+j+WqoHvTEx32LMVcVclmhqs6yXG7GUZ1ujcXGUQEwQuQs/91nxRhk9scLYsCQQCT
+MSSOaR6UPTMBZeTLPdDvGMnkIRCl9gTkNvh92BiwGPX9RMqe/YO5GUi39JGY8Z/H
+ygX9vSjYgGDQERSOG9W5AkAOhzoSyonBVeIvc7ky4F0KQSQupvyAQpTIZ/wkjbGo
+W5z9Y3TbN0zJA7Qnx6oEV5ZHshplSdZXYJNvVe5qGvG1
+-----END RSA PRIVATE KEY-----
diff --git a/t/certs/2.pem b/t/certs/2.pem
new file mode 100644
index 0000000000000000000000000000000000000000..737da77d8a1ec72cdcec72cd190794b1f33d3347
--- /dev/null
+++ b/t/certs/2.pem
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIETKDkCTALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTc0MzQ5WhcN
+MTgwMzAyMTc0NDQ5WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTI4NTYxMjU1MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAn32CSq6B3ukrNYp+s5LoUp3I24j94ISIzML+ptf2znLsqsya
+V2VqCxFr7nBuYWi2dOR6Nbtfcc0pZKrEsnOWC8FYbB21GBdP9yBwQbQnQkoVgLPQ
+ZN6uf4d8AZXIgmP7C2p34lCJYlJ7MdC6LyzA08OYTfhM+YivX+bQJKV1/aMCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzQzNDlaGA8yMDE4MDMwMzA1NDM0OVowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAC/6WfYAvJEDQrBTUkBoCRKUEHI77go0Mv9PigJj2TbHEjru6xdvofe9be3d
+XiCqhSDPX5hzs1DM4sTeeV1AZqkzT8zF0Dk6G02n1UUx/vjAuCeEufdq65UqihMa
+2RPESIIvu0t7+/R9Htg7Ilh2G8FOOFaFdd/IOGq9my4ln5vaN7TruiswgxBvjeGW
+bBAuHp2Dsrh0lTttCMiUmICsmnBqE95rFNeW5PwXc62wK4DZQVzvINMDu4A+6MiI
+TDqx492HIglKUoDG6LibGgTieFmtT5DkbkyzfV0MKWKRRXsZl6G4FpT93GtJ3KMB
+mo8zhoQ4Vc1HoQgTd6fvczIIeL4wCwYJKoZIhvcNAQEFA4IBAQCp181nPGXDiStJ
+C7xsgpJpdnDfQgyAvs44MQ7BQA7MvwCSOwt+/IoG0Vm+dUW6NVhZwko45K6Y860Y
+DmlYt2ytkXcQI5solt+onZ7QE3BKqzDVrMtdu2w0KeKzfveJUC/DSpmOwY/q9lzp
+xA7Gf6jkiNpffEzBLxWGWwKJRnRw2AxopwdGzZz8dCUAsb+aAi5XpkkJ2izBXfz0
+wYgV8BS5pklZ3pg+TjNFdRMc8SoMuNyzLYcf+fab0tKd5hEh3SW2Kpr15UXdnhfe
+n16zQj/1sL6C5SOKqJOEGjjMRB+C4kQsV06O4hmUSs6dpIYqyw2j22Dm3t9R0xlk
+ggMdmoIl
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCffYJKroHe6Ss1in6zkuhSncjbiP3ghIjMwv6m1/bOcuyqzJpX
+ZWoLEWvucG5haLZ05Ho1u19xzSlkqsSyc5YLwVhsHbUYF0/3IHBBtCdCShWAs9Bk
+3q5/h3wBlciCY/sLanfiUIliUnsx0LovLMDTw5hN+Ez5iK9f5tAkpXX9owIDAQAB
+AoGAbxTOQ0+JeoSxqIe+OTnvf2MPuv+Nuur0EJEbJX8zEZTviwIX2Rj0I6NNpfM+
+na99rKpZB8Vp82vuEYPynUtty77UJ7o0iziWQoyb0OsY/U8C0DL0jInicEa7exGP
+jWch1d9mFz5A4+mo8QFApo88Cx7ENHvWftro4CWPYkvEEikCQQD/28TpNbAAnJB7
+99S5QaXqAxaPdQIwff5T2OncIsmzL/DHbkp21tPccZ+LVtZp3/2vNF11HT8FYEbW
+bcsSZa2/AkEAn5QX82MXrcqEt0pdoU04UdNeSAXY8zaiRinPWlVAOjYl2kDcgInV
+DVx0psaoUYbvg+hxzKKunuHChytTYcBxHQJBAPq2hJatWCDRSjdf22AJNyY/Dm1W
+j+WqoHvTEx32LMVcVclmhqs6yXG7GUZ1ujcXGUQEwQuQs/91nxRhk9scLYsCQQCT
+MSSOaR6UPTMBZeTLPdDvGMnkIRCl9gTkNvh92BiwGPX9RMqe/YO5GUi39JGY8Z/H
+ygX9vSjYgGDQERSOG9W5AkAOhzoSyonBVeIvc7ky4F0KQSQupvyAQpTIZ/wkjbGo
+W5z9Y3TbN0zJA7Qnx6oEV5ZHshplSdZXYJNvVe5qGvG1
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/README.md b/t/certs/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..b23d8ee80f41691f24b2d130d3b5419b7f963b0a
--- /dev/null
+++ b/t/certs/README.md
@@ -0,0 +1,18 @@
+=======
+# Certificates for ngx\_http\_voms\_module Testing
+
+Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/):
+
+ * 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
+ * 1.pem: long-lived proxy certificate, with an expired AC;
+ * 2.pem: expired proxy certificate.
+
+To obtain such certificates the following command is used:
+
+ VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
+
+*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder.
+
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
+
+Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem.
diff --git a/t/certs/nginx_voms_example.cert.pem b/t/certs/nginx_voms_example.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..156e8ec7d3714bae5dd037d0100d2c9b86baf30d
--- /dev/null
+++ b/t/certs/nginx_voms_example.cert.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 788 (0x314)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=IT, O=IGI, CN=Test CA
+ Validity
+ Not Before: Mar 2 16:20:13 2018 GMT
+ Not After : Feb 28 16:20:13 2028 GMT
+ Subject: C=IT, O=IGI, CN=nginx-voms.example
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b0:40:e2:d8:57:f2:36:5b:8d:a4:0a:b0:8a:c2:
+ 15:44:3d:3a:a3:c5:3a:a6:86:76:7a:ce:2c:93:5c:
+ 7a:b2:ac:42:2d:e7:4f:20:fe:65:fa:ec:c7:84:3d:
+ 78:2b:31:58:11:c6:04:3f:5e:f2:9b:c8:c1:0a:9c:
+ 30:14:74:64:ae:23:0c:8a:4d:c6:ab:2a:9a:24:b5:
+ 8b:89:c6:5d:0c:72:e2:12:ec:06:e6:7f:54:80:8b:
+ 2a:a1:2a:0e:2e:96:ee:0d:af:6e:fd:57:f2:48:34:
+ a7:6b:8f:c0:c9:39:4c:83:24:96:75:94:be:b7:1c:
+ 6c:bb:e8:c8:00:43:46:ef:8d:d7:1c:e6:79:d7:a8:
+ 20:4f:66:65:6c:c5:4e:51:c7:b3:dc:39:43:84:65:
+ 18:14:57:a4:37:55:8c:5f:5b:63:b6:20:7e:bb:b6:
+ c3:99:4f:41:fa:87:3a:73:ed:34:91:c5:a8:3b:50:
+ 15:2d:de:8e:76:ab:87:06:cc:5b:0c:44:8d:30:24:
+ 6f:2d:6e:a7:b0:97:7c:5d:50:52:6b:66:3b:8f:f8:
+ 2e:41:c4:71:ad:52:14:07:c2:35:57:4e:64:d6:d2:
+ 9f:46:d3:d4:28:c1:15:3b:bb:ff:b1:73:9d:d0:1b:
+ 7e:81:9c:50:48:55:c1:58:63:a8:25:12:4e:1c:aa:
+ 90:a1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 2F:BA:E2:77:B3:3E:47:82:3B:5C:8C:A1:13:7A:4D:59:50:4D:8C:FD
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
+ X509v3 Authority Key Identifier:
+ keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
+
+ X509v3 Subject Alternative Name:
+ DNS:nginx-voms.example
+ Signature Algorithm: sha256WithRSAEncryption
+ 4f:13:10:00:61:f5:76:3b:2d:43:ab:89:55:4c:a5:b3:16:84:
+ dd:bf:18:6d:f3:4a:b3:65:32:0a:fa:14:aa:5e:61:45:05:fa:
+ f8:35:1e:ad:b9:ff:3e:70:be:94:99:3c:04:28:59:4d:12:88:
+ 5f:e4:2a:e5:bc:eb:c7:59:49:59:b8:f7:79:a3:2f:ec:99:af:
+ eb:f9:05:5e:68:14:fb:bb:35:a3:3e:d7:1b:55:c2:91:a5:cc:
+ b5:88:15:0c:36:aa:25:e8:76:bc:e5:b0:b7:a8:b4:af:7b:c9:
+ 8a:52:ae:34:07:4e:18:5a:e2:83:21:bf:10:fe:8c:91:1f:88:
+ b0:0e:60:ea:8a:40:df:2e:d5:0e:70:2b:07:95:d5:00:02:3b:
+ be:b6:22:ff:a2:30:5e:52:83:7b:b9:44:ce:56:be:de:d0:55:
+ 35:35:e7:3f:45:1a:ad:93:42:65:84:2d:d4:86:b6:5c:7e:06:
+ e8:76:87:2e:2e:e3:fa:d6:65:1e:00:7a:a4:71:be:c8:4a:2f:
+ 8a:06:bf:15:02:68:53:99:44:ce:45:8e:d0:e9:5d:76:3f:93:
+ e9:57:91:2c:af:56:ce:a4:20:88:5d:fc:49:44:cc:78:d6:4e:
+ 0e:e3:8e:1b:f7:81:9e:eb:15:26:ba:97:f6:c3:ca:6f:3f:5f:
+ 3d:23:a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgICAxQwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xODAzMDIxNjIwMTNa
+Fw0yODAyMjgxNjIwMTNaMDgxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxGzAZ
+BgNVBAMMEm5naW54LXZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALBA4thX8jZbjaQKsIrCFUQ9OqPFOqaGdnrOLJNcerKsQi3nTyD+
+Zfrsx4Q9eCsxWBHGBD9e8pvIwQqcMBR0ZK4jDIpNxqsqmiS1i4nGXQxy4hLsBuZ/
+VICLKqEqDi6W7g2vbv1X8kg0p2uPwMk5TIMklnWUvrccbLvoyABDRu+N1xzmedeo
+IE9mZWzFTlHHs9w5Q4RlGBRXpDdVjF9bY7Ygfru2w5lPQfqHOnPtNJHFqDtQFS3e
+jnarhwbMWwxEjTAkby1up7CXfF1QUmtmO4/4LkHEca1SFAfCNVdOZNbSn0bT1CjB
+FTu7/7FzndAbfoGcUEhVwVhjqCUSThyqkKECAwEAAaOBwDCBvTAMBgNVHRMBAf8E
+AjAAMB0GA1UdDgQWBBQvuuJ3sz5HgjtcjKETek1ZUE2M/TAOBgNVHQ8BAf8EBAMC
+BeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglg
+hkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOi
+EUnGMB0GA1UdEQQWMBSCEm5naW54LXZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsF
+AAOCAQEATxMQAGH1djstQ6uJVUylsxaE3b8YbfNKs2UyCvoUql5hRQX6+DUerbn/
+PnC+lJk8BChZTRKIX+Qq5bzrx1lJWbj3eaMv7Jmv6/kFXmgU+7s1oz7XG1XCkaXM
+tYgVDDaqJeh2vOWwt6i0r3vJilKuNAdOGFrigyG/EP6MkR+IsA5g6opA3y7VDnAr
+B5XVAAI7vrYi/6IwXlKDe7lEzla+3tBVNTXnP0UarZNCZYQt1Ia2XH4G6HaHLi7j
++tZlHgB6pHG+yEoviga/FQJoU5lEzkWO0Olddj+T6VeRLK9WzqQgiF38SUTMeNZO
+DuOOG/eBnusVJrqX9sPKbz9fPSOg/Q==
+-----END CERTIFICATE-----
diff --git a/t/certs/nginx_voms_example.key.pem b/t/certs/nginx_voms_example.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..c46267bf5f4ce0a84200d36c1fd2e89a0ec27ba9
--- /dev/null
+++ b/t/certs/nginx_voms_example.key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsEDi2FfyNluNpAqwisIVRD06o8U6poZ2es4sk1x6sqxCLedP
+IP5l+uzHhD14KzFYEcYEP17ym8jBCpwwFHRkriMMik3GqyqaJLWLicZdDHLiEuwG
+5n9UgIsqoSoOLpbuDa9u/VfySDSna4/AyTlMgySWdZS+txxsu+jIAENG743XHOZ5
+16ggT2ZlbMVOUcez3DlDhGUYFFekN1WMX1tjtiB+u7bDmU9B+oc6c+00kcWoO1AV
+Ld6OdquHBsxbDESNMCRvLW6nsJd8XVBSa2Y7j/guQcRxrVIUB8I1V05k1tKfRtPU
+KMEVO7v/sXOd0Bt+gZxQSFXBWGOoJRJOHKqQoQIDAQABAoIBAQCt47Zqn4n2GymJ
+GIrIu2bj5ky+Ws3ckXi+/D56PJlJQi4gv78P3C2c/JJzY3n1kz9CecyjAPf2vn/G
+CgZdh9/09dtfcBB7uxJM+Vfr2+rdZ1KoPHkqW6FxGNw8GRPY30uJ8PVdubDtkBVF
+R5R6cq+MC0LuSoxGeCLG2YjIyZdoqzLKGyHy6Sv1Cdd1ctXa4DHKBA6XUwKTN6tB
+GFdrNiz5ucGB9AzOcpXSRD/F8Vy7beb8Gb+4skEXp2hAVzVFOd9xbrsZZRpPmQky
+4UN3E8Fy+1hbqlXBnCJF8pRywVLEtuCOF8BJlFCqgnV79JxKsxf/iIV+gXJje2i8
+MRbKbZjJAoGBANeMHUiJeF2y40lD+9VHHPj5Y69aN6osUQs++IXE+9bT513TGvLx
+6WtwRE45tWFg2VT45NoVJ1a5HW6aj0LbSqHsgO80A4yumdPd8W4Fa1LhqNSwKqKx
+38RsZL8AS1FghEt/HayxaboqGDl/q4qP0b3lzgIM98LGpIgDbPwoePQfAoGBANFU
+6e2FquwmxX9ZsOd5tYU6mLrdhvEBbXlVF3V/JpdYMwS4OEyV8pkIdaw+lapcF7/G
+l9Atksb44xYCNf45e/SUR+dLpvCDjKgkO9vmfnNM/sv057KyfjaLU5ogag0cfKFQ
+qYvYRzd4ujUj4EoM7DMNsF6IPrhqNbqwIChDseM/AoGBALZkOeNHcDLZTLqSbGbs
+5fdIELIxBSlalrmNb37CUNhYN0+NcyBg08O2HBaVfoYIDd95PS3M+JzJx73vy4on
+Rd/+4JuIx/gjRseg5srSix53FQXkjC9flJoBnr6A4TrbERdRWSrodS6ysAz3m5CE
+YlbuPoQ9tOl8bX0qaO520OLBAoGAPYwO35ROhfJ8XQ488kIZudtZro+VrmSyEFuR
+cy14ZkU7cubLPtFTq+UN3B/ml1lObkdwuXe80R26fu0VfPLf3DCA16OpqMu03ncQ
+1n31reb0f3k5apQKgfUDFqzzIXm/txplT0W+4rNvZFJxDrSv+e7LbW/3qPcpZwOD
+4PLOabcCgYASw9uVfE9JhOoawDtROQkiOtg8gx5CffvdSqztRnIbR/LN9Ne+CMsl
+UJuPaEj/O7y00ZyfHNmOfKMjFNwEGyk+LdLUkKEw0feNZQzHvfTmuBCqwWQYM8dL
+mA0WApTCO1rMTg/KouRSy9QFCpUx0oMJN7mgKo0BaH+H2RhIlssOAg==
+-----END RSA PRIVATE KEY-----
diff --git a/t/certs/test0.cert.pem b/t/certs/test0.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..3cd77ed084628aeca59d87519a50f89540ac55f5
--- /dev/null
+++ b/t/certs/test0.cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/test0.key.pem b/t/certs/test0.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..3237513c7a6725dd431e7a18b5986b71d6cc6638
--- /dev/null
+++ b/t/certs/test0.key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA
+MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF
+XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp
+PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4
+Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM
+mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm
+P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea
+zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr
+ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2
+q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY
+RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW
+ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC
+MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq
+V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p
+hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al
+ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK
+G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S
+T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR
+v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si
+eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy
+QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE
+OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7
+xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O
+Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4
+pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es
+WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd
+poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I
+1o0=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/t/certs/test0.p12 b/t/certs/test0.p12
new file mode 100644
index 0000000000000000000000000000000000000000..1c97d37226171077c98e89c5d9f23932895fb137
Binary files /dev/null and b/t/certs/test0.p12 differ
diff --git a/t/certs/voms_example.cert.pem b/t/certs/voms_example.cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a23de3f17bef1a87c938e6c88f73397656f47a3b
--- /dev/null
+++ b/t/certs/voms_example.cert.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 787 (0x313)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=IT, O=IGI, CN=Test CA
+ Validity
+ Not Before: Dec 6 09:46:37 2017 GMT
+ Not After : Dec 4 09:46:37 2027 GMT
+ Subject: C=IT, O=IGI, CN=voms.example
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:bc:7f:c8:da:1e:0d:93:50:b4:98:22:1a:2f:ad:
+ 23:f4:92:2b:72:91:12:9b:ef:e1:a3:a2:a6:03:04:
+ bd:c7:c2:7f:78:51:78:fd:94:06:d3:aa:e8:dd:56:
+ 8f:1d:d5:1d:a5:49:3f:4c:b2:4c:d1:3e:69:2c:60:
+ c0:8f:5f:0f:7c:6d:a4:cb:58:0c:6e:de:33:6a:6c:
+ 32:11:bb:d3:e1:4d:03:13:b5:1f:99:35:1d:1f:af:
+ b4:7b:da:b6:1b:5a:76:76:54:04:f3:e8:d7:60:6b:
+ c6:55:d9:d4:12:eb:7b:f2:3d:df:ec:9e:da:d4:df:
+ 10:af:ee:dc:9d:96:c7:14:8c:60:16:d8:92:ca:29:
+ 8c:df:f7:4f:8f:8b:a7:80:01:e7:f7:7a:4f:3c:32:
+ 42:af:ce:2e:f8:1a:7b:bc:b5:eb:20:a7:d5:28:c1:
+ a4:d3:54:d3:dc:c0:dc:96:7b:c4:09:c5:9f:2f:c8:
+ db:73:61:01:e4:2e:97:b9:05:64:1a:dc:76:09:09:
+ eb:af:be:6c:47:b9:5b:41:86:c1:51:c0:fe:65:23:
+ 2b:94:ac:b0:81:46:99:9a:c2:9e:6f:0b:62:03:34:
+ d3:5b:b5:db:e7:ac:38:0e:31:63:ed:81:1f:6e:bc:
+ 41:65:89:b1:8d:2f:5f:fa:8a:da:88:ac:f8:cb:3f:
+ eb:2b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 33:8C:09:D4:49:94:01:CE:D1:FB:0B:9D:19:5E:AD:C4:D7:F5:90:C4
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
+ X509v3 Authority Key Identifier:
+ keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
+
+ X509v3 Subject Alternative Name:
+ DNS:voms.example
+ Signature Algorithm: sha256WithRSAEncryption
+ e0:c5:08:e4:92:9b:26:09:04:64:b9:9e:c9:27:82:2c:90:4c:
+ 4b:f1:3c:1a:4d:cd:f6:5a:fe:8a:58:6b:36:42:3b:7b:d0:e0:
+ 66:2a:ee:2d:ad:d0:2a:59:52:c8:44:85:b6:90:af:12:49:cc:
+ de:a4:65:aa:e9:6e:83:e1:cf:20:d3:98:8f:3e:a8:a1:82:f8:
+ f5:6e:97:73:78:be:46:a7:5a:a7:10:30:b7:01:13:cf:b4:03:
+ c6:74:f7:e4:b8:51:21:33:79:4a:88:d6:01:cb:c1:22:37:6e:
+ 9f:1d:2c:3e:eb:d0:09:51:3b:0a:5f:b5:19:b6:1a:35:63:95:
+ 94:f5:99:a1:bc:18:bc:84:aa:9b:70:3a:b2:2d:c2:ed:50:19:
+ 20:16:94:21:ea:49:e1:d8:61:10:9d:f5:29:65:11:a2:15:2b:
+ 8a:f7:14:5a:49:b8:2d:5c:0f:fc:77:20:e7:03:3a:15:b8:21:
+ 31:d8:33:fc:8f:70:1c:a6:90:80:84:b3:af:1f:2d:28:9e:c6:
+ e2:8a:43:ec:26:32:bf:d7:6a:aa:42:5a:2c:50:29:33:5d:b7:
+ e8:58:22:b6:c7:7b:bf:a4:ac:55:32:2d:51:58:1a:ee:9e:80:
+ d2:4d:24:4b:6a:e3:97:2e:a7:5c:e3:50:84:33:b5:ec:a4:20:
+ 6e:70:1d:e9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzEyMDYwOTQ2Mzda
+Fw0yNzEyMDQwOTQ2MzdaMDIxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxFTAT
+BgNVBAMMDHZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALx/yNoeDZNQtJgiGi+tI/SSK3KREpvv4aOipgMEvcfCf3hReP2UBtOq6N1W
+jx3VHaVJP0yyTNE+aSxgwI9fD3xtpMtYDG7eM2psMhG70+FNAxO1H5k1HR+vtHva
+thtadnZUBPPo12BrxlXZ1BLre/I93+ye2tTfEK/u3J2WxxSMYBbYksopjN/3T4+L
+p4AB5/d6TzwyQq/OLvgae7y16yCn1SjBpNNU09zA3JZ7xAnFny/I23NhAeQul7kF
+ZBrcdgkJ66++bEe5W0GGwVHA/mUjK5SssIFGmZrCnm8LYgM001u12+esOA4xY+2B
+H268QWWJsY0vX/qK2ois+Ms/6ysCAwEAAaOBujCBtzAMBgNVHRMBAf8EAjAAMB0G
+A1UdDgQWBBQzjAnUSZQBztH7C50ZXq3E1/WQxDAOBgNVHQ8BAf8EBAMCBeAwPgYD
+VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
+BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMBcG
+A1UdEQQQMA6CDHZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEA4MUI5JKb
+JgkEZLmeySeCLJBMS/E8Gk3N9lr+ilhrNkI7e9DgZiruLa3QKllSyESFtpCvEknM
+3qRlqulug+HPINOYjz6ooYL49W6Xc3i+RqdapxAwtwETz7QDxnT35LhRITN5SojW
+AcvBIjdunx0sPuvQCVE7Cl+1GbYaNWOVlPWZobwYvISqm3A6si3C7VAZIBaUIepJ
+4dhhEJ31KWURohUrivcUWkm4LVwP/Hcg5wM6FbghMdgz/I9wHKaQgISzrx8tKJ7G
+4opD7CYyv9dqqkJaLFApM1236Fgitsd7v6SsVTItUVga7p6A0k0kS2rjly6nXONQ
+hDO17KQgbnAd6Q==
+-----END CERTIFICATE-----
diff --git a/t/certs/voms_example.key.pem b/t/certs/voms_example.key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..807ebace16e39765ab683616149deb3645f29c67
--- /dev/null
+++ b/t/certs/voms_example.key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
+/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
+mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
+yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
+c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
+56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
+fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
+TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
+htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
+9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
+uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
+Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
+vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
+dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
+1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
+dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
+oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
+UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
+pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
+x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
+OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
+N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
+Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
+j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
+Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
+-----END RSA PRIVATE KEY-----
diff --git a/t/empty_voms_proxy.t b/t/empty_voms_proxy.t
new file mode 100644
index 0000000000000000000000000000000000000000..c08fd21ea8dbec57b30b7e7fd275c95e44f38f9f
--- /dev/null
+++ b/t/empty_voms_proxy.t
@@ -0,0 +1,39 @@
+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, valid proxy certificate with no VOMS attributes
+--- main_config
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+ env X509_VOMS_DIR=t/vomsdir;
+--- http_config
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ location = / {
+ default_type text/plain;
+ echo $voms_fqans;
+ echo $voms_user;
+ }
+ }
+--- config
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/0.cert.pem;
+ proxy_ssl_certificate_key ../../certs/0.key.pem;
+ }
+--- request
+GET /
+--- response_body_like eval
+qr/\n\n/
+--- error_log
+VOMS extension not found
+--- error_code: 200
diff --git a/t/expired_ac_proxy.t b/t/expired_ac_proxy.t
new file mode 100644
index 0000000000000000000000000000000000000000..2b07a96348f9c058dab569ef0ddd5f1daf30ed45
--- /dev/null
+++ b/t/expired_ac_proxy.t
@@ -0,0 +1,40 @@
+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
+--- main_config
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+ env X509_VOMS_DIR=t/vomsdir;
+ env X509_CERT_DIR=t/trust-anchors;
+--- http_config
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ location = / {
+ default_type text/plain;
+ echo $voms_fqans;
+ echo $voms_user;
+ }
+ }
+--- config
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/1.cert.pem;
+ proxy_ssl_certificate_key ../../certs/1.key.pem;
+ }
+--- request
+GET /
+--- response_body_like eval
+qr/\n\n/
+--- error_log
+AC not valid anymore
+--- error_code: 200
diff --git a/t/expired_proxy.t b/t/expired_proxy.t
new file mode 100644
index 0000000000000000000000000000000000000000..188502b569cf99352c5ce28c6c156b00a9ae8166
--- /dev/null
+++ b/t/expired_proxy.t
@@ -0,0 +1,37 @@
+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, expired client certificate
+--- main_config
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+--- http_config
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ location = / {
+ default_type text/plain;
+ echo $ssl_client_s_dn;
+ }
+ }
+--- config
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/2.cert.pem;
+ proxy_ssl_certificate_key ../../certs/2.key.pem;
+ }
+--- request
+GET /
+--- response_body_like eval
+qr/\n/
+--- error_log
+certificate has expired
+--- error_code: 400
diff --git a/t/trust-anchors/10b10516.0 b/t/trust-anchors/10b10516.0
new file mode 120000
index 0000000000000000000000000000000000000000..b8991ae7113de419b1b4fda094099a3d53e4d0f6
--- /dev/null
+++ b/t/trust-anchors/10b10516.0
@@ -0,0 +1 @@
+igi-test-ca.pem
\ No newline at end of file
diff --git a/t/trust-anchors/igi-test-ca.pem b/t/trust-anchors/igi-test-ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..19906b3bfeba47713fd49f0f204400371409d8b3
--- /dev/null
+++ b/t/trust-anchors/igi-test-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV
+BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2
+MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD
+SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora
+m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS
+8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV
+gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY
+4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE
+EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7
+LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ
+xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz
+dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV
+FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x
+PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog
+UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC
+uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb
+l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ
+-----END CERTIFICATE-----
diff --git a/t/vomsdir/test.vo/voms.example.lsc b/t/vomsdir/test.vo/voms.example.lsc
new file mode 100644
index 0000000000000000000000000000000000000000..0121b81028e30efc7bb922276d1154f3903fe9a7
--- /dev/null
+++ b/t/vomsdir/test.vo/voms.example.lsc
@@ -0,0 +1,2 @@
+/C=IT/O=IGI/CN=voms.example
+/C=IT/O=IGI/CN=Test CA