From 629a427041657d4998d372259b94b7cb51bb9086 Mon Sep 17 00:00:00 2001
From: newland86 <newland86@gmail.com>
Date: Mon, 5 Mar 2018 09:15:19 +0100
Subject: [PATCH 01/13] Added proxy certificates 0-1-2.pem
---
t/README.md | 0
t/certs/0.pem | 53 ++++++++++++++++++
t/certs/1.pem | 86 ++++++++++++++++++++++++++++++
t/certs/2.pem | 86 ++++++++++++++++++++++++++++++
t/nginx_voms_example.cert.pem | 85 +++++++++++++++++++++++++++++
t/nginx_voms_example.key.pem | 27 ++++++++++
t/trust-anchors/igi-test-ca.pem | 21 ++++++++
t/voms_example.cert.pem | 85 +++++++++++++++++++++++++++++
t/voms_example.key.pem | 27 ++++++++++
t/vomsdir/test.vo/voms.example.lsc | 2 +
10 files changed, 472 insertions(+)
create mode 100644 t/README.md
create mode 100644 t/certs/0.pem
create mode 100644 t/certs/1.pem
create mode 100644 t/certs/2.pem
create mode 100644 t/nginx_voms_example.cert.pem
create mode 100644 t/nginx_voms_example.key.pem
create mode 100644 t/trust-anchors/igi-test-ca.pem
create mode 100644 t/voms_example.cert.pem
create mode 100644 t/voms_example.key.pem
create mode 100644 t/vomsdir/test.vo/voms.example.lsc
diff --git a/t/README.md b/t/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/t/certs/0.pem b/t/certs/0.pem
new file mode 100644
index 0000000..e8f954b
--- /dev/null
+++ b/t/certs/0.pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
+Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
+xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
+p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
+p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
+ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
+/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
+V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
+jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
+63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
+AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
+AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
+qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
+kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
+M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
+hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
+Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
+YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
+37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
+Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/1.pem b/t/certs/1.pem
new file mode 100644
index 0000000..6ba17f2
--- /dev/null
+++ b/t/certs/1.pem
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
+lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
+PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
+dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
+Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
+HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
+XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
+UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
+R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
+scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
+ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
++KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
+IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
+ZTAXFVmk
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
+G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
+gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
+AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
+BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
+RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
+FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
+NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
+FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
+gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
+Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
+F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
+ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/2.pem b/t/certs/2.pem
new file mode 100644
index 0000000..737da77
--- /dev/null
+++ b/t/certs/2.pem
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIETKDkCTALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTc0MzQ5WhcN
+MTgwMzAyMTc0NDQ5WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTI4NTYxMjU1MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAn32CSq6B3ukrNYp+s5LoUp3I24j94ISIzML+ptf2znLsqsya
+V2VqCxFr7nBuYWi2dOR6Nbtfcc0pZKrEsnOWC8FYbB21GBdP9yBwQbQnQkoVgLPQ
+ZN6uf4d8AZXIgmP7C2p34lCJYlJ7MdC6LyzA08OYTfhM+YivX+bQJKV1/aMCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzQzNDlaGA8yMDE4MDMwMzA1NDM0OVowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAC/6WfYAvJEDQrBTUkBoCRKUEHI77go0Mv9PigJj2TbHEjru6xdvofe9be3d
+XiCqhSDPX5hzs1DM4sTeeV1AZqkzT8zF0Dk6G02n1UUx/vjAuCeEufdq65UqihMa
+2RPESIIvu0t7+/R9Htg7Ilh2G8FOOFaFdd/IOGq9my4ln5vaN7TruiswgxBvjeGW
+bBAuHp2Dsrh0lTttCMiUmICsmnBqE95rFNeW5PwXc62wK4DZQVzvINMDu4A+6MiI
+TDqx492HIglKUoDG6LibGgTieFmtT5DkbkyzfV0MKWKRRXsZl6G4FpT93GtJ3KMB
+mo8zhoQ4Vc1HoQgTd6fvczIIeL4wCwYJKoZIhvcNAQEFA4IBAQCp181nPGXDiStJ
+C7xsgpJpdnDfQgyAvs44MQ7BQA7MvwCSOwt+/IoG0Vm+dUW6NVhZwko45K6Y860Y
+DmlYt2ytkXcQI5solt+onZ7QE3BKqzDVrMtdu2w0KeKzfveJUC/DSpmOwY/q9lzp
+xA7Gf6jkiNpffEzBLxWGWwKJRnRw2AxopwdGzZz8dCUAsb+aAi5XpkkJ2izBXfz0
+wYgV8BS5pklZ3pg+TjNFdRMc8SoMuNyzLYcf+fab0tKd5hEh3SW2Kpr15UXdnhfe
+n16zQj/1sL6C5SOKqJOEGjjMRB+C4kQsV06O4hmUSs6dpIYqyw2j22Dm3t9R0xlk
+ggMdmoIl
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCffYJKroHe6Ss1in6zkuhSncjbiP3ghIjMwv6m1/bOcuyqzJpX
+ZWoLEWvucG5haLZ05Ho1u19xzSlkqsSyc5YLwVhsHbUYF0/3IHBBtCdCShWAs9Bk
+3q5/h3wBlciCY/sLanfiUIliUnsx0LovLMDTw5hN+Ez5iK9f5tAkpXX9owIDAQAB
+AoGAbxTOQ0+JeoSxqIe+OTnvf2MPuv+Nuur0EJEbJX8zEZTviwIX2Rj0I6NNpfM+
+na99rKpZB8Vp82vuEYPynUtty77UJ7o0iziWQoyb0OsY/U8C0DL0jInicEa7exGP
+jWch1d9mFz5A4+mo8QFApo88Cx7ENHvWftro4CWPYkvEEikCQQD/28TpNbAAnJB7
+99S5QaXqAxaPdQIwff5T2OncIsmzL/DHbkp21tPccZ+LVtZp3/2vNF11HT8FYEbW
+bcsSZa2/AkEAn5QX82MXrcqEt0pdoU04UdNeSAXY8zaiRinPWlVAOjYl2kDcgInV
+DVx0psaoUYbvg+hxzKKunuHChytTYcBxHQJBAPq2hJatWCDRSjdf22AJNyY/Dm1W
+j+WqoHvTEx32LMVcVclmhqs6yXG7GUZ1ujcXGUQEwQuQs/91nxRhk9scLYsCQQCT
+MSSOaR6UPTMBZeTLPdDvGMnkIRCl9gTkNvh92BiwGPX9RMqe/YO5GUi39JGY8Z/H
+ygX9vSjYgGDQERSOG9W5AkAOhzoSyonBVeIvc7ky4F0KQSQupvyAQpTIZ/wkjbGo
+W5z9Y3TbN0zJA7Qnx6oEV5ZHshplSdZXYJNvVe5qGvG1
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/nginx_voms_example.cert.pem b/t/nginx_voms_example.cert.pem
new file mode 100644
index 0000000..156e8ec
--- /dev/null
+++ b/t/nginx_voms_example.cert.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 788 (0x314)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=IT, O=IGI, CN=Test CA
+ Validity
+ Not Before: Mar 2 16:20:13 2018 GMT
+ Not After : Feb 28 16:20:13 2028 GMT
+ Subject: C=IT, O=IGI, CN=nginx-voms.example
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b0:40:e2:d8:57:f2:36:5b:8d:a4:0a:b0:8a:c2:
+ 15:44:3d:3a:a3:c5:3a:a6:86:76:7a:ce:2c:93:5c:
+ 7a:b2:ac:42:2d:e7:4f:20:fe:65:fa:ec:c7:84:3d:
+ 78:2b:31:58:11:c6:04:3f:5e:f2:9b:c8:c1:0a:9c:
+ 30:14:74:64:ae:23:0c:8a:4d:c6:ab:2a:9a:24:b5:
+ 8b:89:c6:5d:0c:72:e2:12:ec:06:e6:7f:54:80:8b:
+ 2a:a1:2a:0e:2e:96:ee:0d:af:6e:fd:57:f2:48:34:
+ a7:6b:8f:c0:c9:39:4c:83:24:96:75:94:be:b7:1c:
+ 6c:bb:e8:c8:00:43:46:ef:8d:d7:1c:e6:79:d7:a8:
+ 20:4f:66:65:6c:c5:4e:51:c7:b3:dc:39:43:84:65:
+ 18:14:57:a4:37:55:8c:5f:5b:63:b6:20:7e:bb:b6:
+ c3:99:4f:41:fa:87:3a:73:ed:34:91:c5:a8:3b:50:
+ 15:2d:de:8e:76:ab:87:06:cc:5b:0c:44:8d:30:24:
+ 6f:2d:6e:a7:b0:97:7c:5d:50:52:6b:66:3b:8f:f8:
+ 2e:41:c4:71:ad:52:14:07:c2:35:57:4e:64:d6:d2:
+ 9f:46:d3:d4:28:c1:15:3b:bb:ff:b1:73:9d:d0:1b:
+ 7e:81:9c:50:48:55:c1:58:63:a8:25:12:4e:1c:aa:
+ 90:a1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 2F:BA:E2:77:B3:3E:47:82:3B:5C:8C:A1:13:7A:4D:59:50:4D:8C:FD
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
+ X509v3 Authority Key Identifier:
+ keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
+
+ X509v3 Subject Alternative Name:
+ DNS:nginx-voms.example
+ Signature Algorithm: sha256WithRSAEncryption
+ 4f:13:10:00:61:f5:76:3b:2d:43:ab:89:55:4c:a5:b3:16:84:
+ dd:bf:18:6d:f3:4a:b3:65:32:0a:fa:14:aa:5e:61:45:05:fa:
+ f8:35:1e:ad:b9:ff:3e:70:be:94:99:3c:04:28:59:4d:12:88:
+ 5f:e4:2a:e5:bc:eb:c7:59:49:59:b8:f7:79:a3:2f:ec:99:af:
+ eb:f9:05:5e:68:14:fb:bb:35:a3:3e:d7:1b:55:c2:91:a5:cc:
+ b5:88:15:0c:36:aa:25:e8:76:bc:e5:b0:b7:a8:b4:af:7b:c9:
+ 8a:52:ae:34:07:4e:18:5a:e2:83:21:bf:10:fe:8c:91:1f:88:
+ b0:0e:60:ea:8a:40:df:2e:d5:0e:70:2b:07:95:d5:00:02:3b:
+ be:b6:22:ff:a2:30:5e:52:83:7b:b9:44:ce:56:be:de:d0:55:
+ 35:35:e7:3f:45:1a:ad:93:42:65:84:2d:d4:86:b6:5c:7e:06:
+ e8:76:87:2e:2e:e3:fa:d6:65:1e:00:7a:a4:71:be:c8:4a:2f:
+ 8a:06:bf:15:02:68:53:99:44:ce:45:8e:d0:e9:5d:76:3f:93:
+ e9:57:91:2c:af:56:ce:a4:20:88:5d:fc:49:44:cc:78:d6:4e:
+ 0e:e3:8e:1b:f7:81:9e:eb:15:26:ba:97:f6:c3:ca:6f:3f:5f:
+ 3d:23:a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgICAxQwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xODAzMDIxNjIwMTNa
+Fw0yODAyMjgxNjIwMTNaMDgxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxGzAZ
+BgNVBAMMEm5naW54LXZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALBA4thX8jZbjaQKsIrCFUQ9OqPFOqaGdnrOLJNcerKsQi3nTyD+
+Zfrsx4Q9eCsxWBHGBD9e8pvIwQqcMBR0ZK4jDIpNxqsqmiS1i4nGXQxy4hLsBuZ/
+VICLKqEqDi6W7g2vbv1X8kg0p2uPwMk5TIMklnWUvrccbLvoyABDRu+N1xzmedeo
+IE9mZWzFTlHHs9w5Q4RlGBRXpDdVjF9bY7Ygfru2w5lPQfqHOnPtNJHFqDtQFS3e
+jnarhwbMWwxEjTAkby1up7CXfF1QUmtmO4/4LkHEca1SFAfCNVdOZNbSn0bT1CjB
+FTu7/7FzndAbfoGcUEhVwVhjqCUSThyqkKECAwEAAaOBwDCBvTAMBgNVHRMBAf8E
+AjAAMB0GA1UdDgQWBBQvuuJ3sz5HgjtcjKETek1ZUE2M/TAOBgNVHQ8BAf8EBAMC
+BeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglg
+hkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOi
+EUnGMB0GA1UdEQQWMBSCEm5naW54LXZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsF
+AAOCAQEATxMQAGH1djstQ6uJVUylsxaE3b8YbfNKs2UyCvoUql5hRQX6+DUerbn/
+PnC+lJk8BChZTRKIX+Qq5bzrx1lJWbj3eaMv7Jmv6/kFXmgU+7s1oz7XG1XCkaXM
+tYgVDDaqJeh2vOWwt6i0r3vJilKuNAdOGFrigyG/EP6MkR+IsA5g6opA3y7VDnAr
+B5XVAAI7vrYi/6IwXlKDe7lEzla+3tBVNTXnP0UarZNCZYQt1Ia2XH4G6HaHLi7j
++tZlHgB6pHG+yEoviga/FQJoU5lEzkWO0Olddj+T6VeRLK9WzqQgiF38SUTMeNZO
+DuOOG/eBnusVJrqX9sPKbz9fPSOg/Q==
+-----END CERTIFICATE-----
diff --git a/t/nginx_voms_example.key.pem b/t/nginx_voms_example.key.pem
new file mode 100644
index 0000000..c46267b
--- /dev/null
+++ b/t/nginx_voms_example.key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsEDi2FfyNluNpAqwisIVRD06o8U6poZ2es4sk1x6sqxCLedP
+IP5l+uzHhD14KzFYEcYEP17ym8jBCpwwFHRkriMMik3GqyqaJLWLicZdDHLiEuwG
+5n9UgIsqoSoOLpbuDa9u/VfySDSna4/AyTlMgySWdZS+txxsu+jIAENG743XHOZ5
+16ggT2ZlbMVOUcez3DlDhGUYFFekN1WMX1tjtiB+u7bDmU9B+oc6c+00kcWoO1AV
+Ld6OdquHBsxbDESNMCRvLW6nsJd8XVBSa2Y7j/guQcRxrVIUB8I1V05k1tKfRtPU
+KMEVO7v/sXOd0Bt+gZxQSFXBWGOoJRJOHKqQoQIDAQABAoIBAQCt47Zqn4n2GymJ
+GIrIu2bj5ky+Ws3ckXi+/D56PJlJQi4gv78P3C2c/JJzY3n1kz9CecyjAPf2vn/G
+CgZdh9/09dtfcBB7uxJM+Vfr2+rdZ1KoPHkqW6FxGNw8GRPY30uJ8PVdubDtkBVF
+R5R6cq+MC0LuSoxGeCLG2YjIyZdoqzLKGyHy6Sv1Cdd1ctXa4DHKBA6XUwKTN6tB
+GFdrNiz5ucGB9AzOcpXSRD/F8Vy7beb8Gb+4skEXp2hAVzVFOd9xbrsZZRpPmQky
+4UN3E8Fy+1hbqlXBnCJF8pRywVLEtuCOF8BJlFCqgnV79JxKsxf/iIV+gXJje2i8
+MRbKbZjJAoGBANeMHUiJeF2y40lD+9VHHPj5Y69aN6osUQs++IXE+9bT513TGvLx
+6WtwRE45tWFg2VT45NoVJ1a5HW6aj0LbSqHsgO80A4yumdPd8W4Fa1LhqNSwKqKx
+38RsZL8AS1FghEt/HayxaboqGDl/q4qP0b3lzgIM98LGpIgDbPwoePQfAoGBANFU
+6e2FquwmxX9ZsOd5tYU6mLrdhvEBbXlVF3V/JpdYMwS4OEyV8pkIdaw+lapcF7/G
+l9Atksb44xYCNf45e/SUR+dLpvCDjKgkO9vmfnNM/sv057KyfjaLU5ogag0cfKFQ
+qYvYRzd4ujUj4EoM7DMNsF6IPrhqNbqwIChDseM/AoGBALZkOeNHcDLZTLqSbGbs
+5fdIELIxBSlalrmNb37CUNhYN0+NcyBg08O2HBaVfoYIDd95PS3M+JzJx73vy4on
+Rd/+4JuIx/gjRseg5srSix53FQXkjC9flJoBnr6A4TrbERdRWSrodS6ysAz3m5CE
+YlbuPoQ9tOl8bX0qaO520OLBAoGAPYwO35ROhfJ8XQ488kIZudtZro+VrmSyEFuR
+cy14ZkU7cubLPtFTq+UN3B/ml1lObkdwuXe80R26fu0VfPLf3DCA16OpqMu03ncQ
+1n31reb0f3k5apQKgfUDFqzzIXm/txplT0W+4rNvZFJxDrSv+e7LbW/3qPcpZwOD
+4PLOabcCgYASw9uVfE9JhOoawDtROQkiOtg8gx5CffvdSqztRnIbR/LN9Ne+CMsl
+UJuPaEj/O7y00ZyfHNmOfKMjFNwEGyk+LdLUkKEw0feNZQzHvfTmuBCqwWQYM8dL
+mA0WApTCO1rMTg/KouRSy9QFCpUx0oMJN7mgKo0BaH+H2RhIlssOAg==
+-----END RSA PRIVATE KEY-----
diff --git a/t/trust-anchors/igi-test-ca.pem b/t/trust-anchors/igi-test-ca.pem
new file mode 100644
index 0000000..19906b3
--- /dev/null
+++ b/t/trust-anchors/igi-test-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV
+BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2
+MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD
+SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora
+m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS
+8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV
+gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY
+4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE
+EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7
+LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ
+xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz
+dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV
+FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x
+PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog
+UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC
+uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb
+l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ
+-----END CERTIFICATE-----
diff --git a/t/voms_example.cert.pem b/t/voms_example.cert.pem
new file mode 100644
index 0000000..a23de3f
--- /dev/null
+++ b/t/voms_example.cert.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 787 (0x313)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=IT, O=IGI, CN=Test CA
+ Validity
+ Not Before: Dec 6 09:46:37 2017 GMT
+ Not After : Dec 4 09:46:37 2027 GMT
+ Subject: C=IT, O=IGI, CN=voms.example
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:bc:7f:c8:da:1e:0d:93:50:b4:98:22:1a:2f:ad:
+ 23:f4:92:2b:72:91:12:9b:ef:e1:a3:a2:a6:03:04:
+ bd:c7:c2:7f:78:51:78:fd:94:06:d3:aa:e8:dd:56:
+ 8f:1d:d5:1d:a5:49:3f:4c:b2:4c:d1:3e:69:2c:60:
+ c0:8f:5f:0f:7c:6d:a4:cb:58:0c:6e:de:33:6a:6c:
+ 32:11:bb:d3:e1:4d:03:13:b5:1f:99:35:1d:1f:af:
+ b4:7b:da:b6:1b:5a:76:76:54:04:f3:e8:d7:60:6b:
+ c6:55:d9:d4:12:eb:7b:f2:3d:df:ec:9e:da:d4:df:
+ 10:af:ee:dc:9d:96:c7:14:8c:60:16:d8:92:ca:29:
+ 8c:df:f7:4f:8f:8b:a7:80:01:e7:f7:7a:4f:3c:32:
+ 42:af:ce:2e:f8:1a:7b:bc:b5:eb:20:a7:d5:28:c1:
+ a4:d3:54:d3:dc:c0:dc:96:7b:c4:09:c5:9f:2f:c8:
+ db:73:61:01:e4:2e:97:b9:05:64:1a:dc:76:09:09:
+ eb:af:be:6c:47:b9:5b:41:86:c1:51:c0:fe:65:23:
+ 2b:94:ac:b0:81:46:99:9a:c2:9e:6f:0b:62:03:34:
+ d3:5b:b5:db:e7:ac:38:0e:31:63:ed:81:1f:6e:bc:
+ 41:65:89:b1:8d:2f:5f:fa:8a:da:88:ac:f8:cb:3f:
+ eb:2b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 33:8C:09:D4:49:94:01:CE:D1:FB:0B:9D:19:5E:AD:C4:D7:F5:90:C4
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
+ X509v3 Authority Key Identifier:
+ keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
+
+ X509v3 Subject Alternative Name:
+ DNS:voms.example
+ Signature Algorithm: sha256WithRSAEncryption
+ e0:c5:08:e4:92:9b:26:09:04:64:b9:9e:c9:27:82:2c:90:4c:
+ 4b:f1:3c:1a:4d:cd:f6:5a:fe:8a:58:6b:36:42:3b:7b:d0:e0:
+ 66:2a:ee:2d:ad:d0:2a:59:52:c8:44:85:b6:90:af:12:49:cc:
+ de:a4:65:aa:e9:6e:83:e1:cf:20:d3:98:8f:3e:a8:a1:82:f8:
+ f5:6e:97:73:78:be:46:a7:5a:a7:10:30:b7:01:13:cf:b4:03:
+ c6:74:f7:e4:b8:51:21:33:79:4a:88:d6:01:cb:c1:22:37:6e:
+ 9f:1d:2c:3e:eb:d0:09:51:3b:0a:5f:b5:19:b6:1a:35:63:95:
+ 94:f5:99:a1:bc:18:bc:84:aa:9b:70:3a:b2:2d:c2:ed:50:19:
+ 20:16:94:21:ea:49:e1:d8:61:10:9d:f5:29:65:11:a2:15:2b:
+ 8a:f7:14:5a:49:b8:2d:5c:0f:fc:77:20:e7:03:3a:15:b8:21:
+ 31:d8:33:fc:8f:70:1c:a6:90:80:84:b3:af:1f:2d:28:9e:c6:
+ e2:8a:43:ec:26:32:bf:d7:6a:aa:42:5a:2c:50:29:33:5d:b7:
+ e8:58:22:b6:c7:7b:bf:a4:ac:55:32:2d:51:58:1a:ee:9e:80:
+ d2:4d:24:4b:6a:e3:97:2e:a7:5c:e3:50:84:33:b5:ec:a4:20:
+ 6e:70:1d:e9
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzEyMDYwOTQ2Mzda
+Fw0yNzEyMDQwOTQ2MzdaMDIxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxFTAT
+BgNVBAMMDHZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALx/yNoeDZNQtJgiGi+tI/SSK3KREpvv4aOipgMEvcfCf3hReP2UBtOq6N1W
+jx3VHaVJP0yyTNE+aSxgwI9fD3xtpMtYDG7eM2psMhG70+FNAxO1H5k1HR+vtHva
+thtadnZUBPPo12BrxlXZ1BLre/I93+ye2tTfEK/u3J2WxxSMYBbYksopjN/3T4+L
+p4AB5/d6TzwyQq/OLvgae7y16yCn1SjBpNNU09zA3JZ7xAnFny/I23NhAeQul7kF
+ZBrcdgkJ66++bEe5W0GGwVHA/mUjK5SssIFGmZrCnm8LYgM001u12+esOA4xY+2B
+H268QWWJsY0vX/qK2ois+Ms/6ysCAwEAAaOBujCBtzAMBgNVHRMBAf8EAjAAMB0G
+A1UdDgQWBBQzjAnUSZQBztH7C50ZXq3E1/WQxDAOBgNVHQ8BAf8EBAMCBeAwPgYD
+VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
+BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMBcG
+A1UdEQQQMA6CDHZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEA4MUI5JKb
+JgkEZLmeySeCLJBMS/E8Gk3N9lr+ilhrNkI7e9DgZiruLa3QKllSyESFtpCvEknM
+3qRlqulug+HPINOYjz6ooYL49W6Xc3i+RqdapxAwtwETz7QDxnT35LhRITN5SojW
+AcvBIjdunx0sPuvQCVE7Cl+1GbYaNWOVlPWZobwYvISqm3A6si3C7VAZIBaUIepJ
+4dhhEJ31KWURohUrivcUWkm4LVwP/Hcg5wM6FbghMdgz/I9wHKaQgISzrx8tKJ7G
+4opD7CYyv9dqqkJaLFApM1236Fgitsd7v6SsVTItUVga7p6A0k0kS2rjly6nXONQ
+hDO17KQgbnAd6Q==
+-----END CERTIFICATE-----
diff --git a/t/voms_example.key.pem b/t/voms_example.key.pem
new file mode 100644
index 0000000..807ebac
--- /dev/null
+++ b/t/voms_example.key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
+/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
+mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
+yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
+c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
+56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
+fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
+TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
+htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
+9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
+uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
+Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
+vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
+dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
+1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
+dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
+oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
+UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
+pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
+x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
+OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
+N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
+Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
+j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
+Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
+-----END RSA PRIVATE KEY-----
diff --git a/t/vomsdir/test.vo/voms.example.lsc b/t/vomsdir/test.vo/voms.example.lsc
new file mode 100644
index 0000000..0121b81
--- /dev/null
+++ b/t/vomsdir/test.vo/voms.example.lsc
@@ -0,0 +1,2 @@
+/C=IT/O=IGI/CN=voms.example
+/C=IT/O=IGI/CN=Test CA
--
GitLab
From e85baad514e1c9f397ccc9d86c85047f3a21370f Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Mon, 5 Mar 2018 14:30:29 +0100
Subject: [PATCH 02/13] Expired proxy test
---
t/README.md | 5 ++
t/certs/0.cert.pem | 38 ++++++++++++
t/certs/0.key.pem | 15 +++++
t/certs/1.cert.pem | 71 ++++++++++++++++++++++
t/certs/1.key.pem | 15 +++++
t/certs/2.cert.pem | 71 ++++++++++++++++++++++
t/certs/2.key.pem | 15 +++++
t/{ => certs}/nginx_voms_example.cert.pem | 0
t/{ => certs}/nginx_voms_example.key.pem | 0
t/{ => certs}/voms_example.cert.pem | 0
t/{ => certs}/voms_example.key.pem | 0
t/expired_proxy.t | 32 ++++++++++
t/servroot/conf/nginx.conf | 73 +++++++++++++++++++++++
t/servroot/html/index.html | 1 +
t/servroot/logs/access.log | 2 +
t/servroot/logs/error.log | 11 ++++
16 files changed, 349 insertions(+)
create mode 100644 t/certs/0.cert.pem
create mode 100644 t/certs/0.key.pem
create mode 100644 t/certs/1.cert.pem
create mode 100644 t/certs/1.key.pem
create mode 100644 t/certs/2.cert.pem
create mode 100644 t/certs/2.key.pem
rename t/{ => certs}/nginx_voms_example.cert.pem (100%)
rename t/{ => certs}/nginx_voms_example.key.pem (100%)
rename t/{ => certs}/voms_example.cert.pem (100%)
rename t/{ => certs}/voms_example.key.pem (100%)
create mode 100644 t/expired_proxy.t
create mode 100644 t/servroot/conf/nginx.conf
create mode 100644 t/servroot/html/index.html
create mode 100644 t/servroot/logs/access.log
create mode 100644 t/servroot/logs/error.log
diff --git a/t/README.md b/t/README.md
index e69de29..8a49daa 100644
--- a/t/README.md
+++ b/t/README.md
@@ -0,0 +1,5 @@
+# ngx_http_voms_module testing
+
+## Description
+
+
diff --git a/t/certs/0.cert.pem b/t/certs/0.cert.pem
new file mode 100644
index 0000000..7597490
--- /dev/null
+++ b/t/certs/0.cert.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
+Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
+xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
+p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
+p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
+ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
+/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
+V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/0.key.pem b/t/certs/0.key.pem
new file mode 100644
index 0000000..c073616
--- /dev/null
+++ b/t/certs/0.key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
+jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
+63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
+AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
+AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
+qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
+kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
+M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
+hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
+Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
+YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
+37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
+Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
+-----END RSA PRIVATE KEY-----
diff --git a/t/certs/1.cert.pem b/t/certs/1.cert.pem
new file mode 100644
index 0000000..2e4a5e2
--- /dev/null
+++ b/t/certs/1.cert.pem
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
+lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
+PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
+dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
+Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
+HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
+XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
+UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
+R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
+scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
+ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
++KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
+IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
+ZTAXFVmk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/1.key.pem b/t/certs/1.key.pem
new file mode 100644
index 0000000..a52ef5b
--- /dev/null
+++ b/t/certs/1.key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
+G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
+gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
+AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
+BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
+RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
+FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
+NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
+FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
+gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
+Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
+F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
+ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
+-----END RSA PRIVATE KEY-----
diff --git a/t/certs/2.cert.pem b/t/certs/2.cert.pem
new file mode 100644
index 0000000..aea83e0
--- /dev/null
+++ b/t/certs/2.cert.pem
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIIojCCB4ygAwIBAgIETKDkCTALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTc0MzQ5WhcN
+MTgwMzAyMTc0NDQ5WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTI4NTYxMjU1MzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAn32CSq6B3ukrNYp+s5LoUp3I24j94ISIzML+ptf2znLsqsya
+V2VqCxFr7nBuYWi2dOR6Nbtfcc0pZKrEsnOWC8FYbB21GBdP9yBwQbQnQkoVgLPQ
+ZN6uf4d8AZXIgmP7C2p34lCJYlJ7MdC6LyzA08OYTfhM+YivX+bQJKV1/aMCAwEA
+AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
+KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
+NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
+VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
+NzQzNDlaGA8yMDE4MDMwMzA1NDM0OVowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
+ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
+AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
+AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
+SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
+o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
+amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
+r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
+3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
+msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
+MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
+MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
+CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
+ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
+SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
+0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
+EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
+vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
+uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
+Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
+BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
+ggEBAC/6WfYAvJEDQrBTUkBoCRKUEHI77go0Mv9PigJj2TbHEjru6xdvofe9be3d
+XiCqhSDPX5hzs1DM4sTeeV1AZqkzT8zF0Dk6G02n1UUx/vjAuCeEufdq65UqihMa
+2RPESIIvu0t7+/R9Htg7Ilh2G8FOOFaFdd/IOGq9my4ln5vaN7TruiswgxBvjeGW
+bBAuHp2Dsrh0lTttCMiUmICsmnBqE95rFNeW5PwXc62wK4DZQVzvINMDu4A+6MiI
+TDqx492HIglKUoDG6LibGgTieFmtT5DkbkyzfV0MKWKRRXsZl6G4FpT93GtJ3KMB
+mo8zhoQ4Vc1HoQgTd6fvczIIeL4wCwYJKoZIhvcNAQEFA4IBAQCp181nPGXDiStJ
+C7xsgpJpdnDfQgyAvs44MQ7BQA7MvwCSOwt+/IoG0Vm+dUW6NVhZwko45K6Y860Y
+DmlYt2ytkXcQI5solt+onZ7QE3BKqzDVrMtdu2w0KeKzfveJUC/DSpmOwY/q9lzp
+xA7Gf6jkiNpffEzBLxWGWwKJRnRw2AxopwdGzZz8dCUAsb+aAi5XpkkJ2izBXfz0
+wYgV8BS5pklZ3pg+TjNFdRMc8SoMuNyzLYcf+fab0tKd5hEh3SW2Kpr15UXdnhfe
+n16zQj/1sL6C5SOKqJOEGjjMRB+C4kQsV06O4hmUSs6dpIYqyw2j22Dm3t9R0xlk
+ggMdmoIl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/2.key.pem b/t/certs/2.key.pem
new file mode 100644
index 0000000..e829c42
--- /dev/null
+++ b/t/certs/2.key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCffYJKroHe6Ss1in6zkuhSncjbiP3ghIjMwv6m1/bOcuyqzJpX
+ZWoLEWvucG5haLZ05Ho1u19xzSlkqsSyc5YLwVhsHbUYF0/3IHBBtCdCShWAs9Bk
+3q5/h3wBlciCY/sLanfiUIliUnsx0LovLMDTw5hN+Ez5iK9f5tAkpXX9owIDAQAB
+AoGAbxTOQ0+JeoSxqIe+OTnvf2MPuv+Nuur0EJEbJX8zEZTviwIX2Rj0I6NNpfM+
+na99rKpZB8Vp82vuEYPynUtty77UJ7o0iziWQoyb0OsY/U8C0DL0jInicEa7exGP
+jWch1d9mFz5A4+mo8QFApo88Cx7ENHvWftro4CWPYkvEEikCQQD/28TpNbAAnJB7
+99S5QaXqAxaPdQIwff5T2OncIsmzL/DHbkp21tPccZ+LVtZp3/2vNF11HT8FYEbW
+bcsSZa2/AkEAn5QX82MXrcqEt0pdoU04UdNeSAXY8zaiRinPWlVAOjYl2kDcgInV
+DVx0psaoUYbvg+hxzKKunuHChytTYcBxHQJBAPq2hJatWCDRSjdf22AJNyY/Dm1W
+j+WqoHvTEx32LMVcVclmhqs6yXG7GUZ1ujcXGUQEwQuQs/91nxRhk9scLYsCQQCT
+MSSOaR6UPTMBZeTLPdDvGMnkIRCl9gTkNvh92BiwGPX9RMqe/YO5GUi39JGY8Z/H
+ygX9vSjYgGDQERSOG9W5AkAOhzoSyonBVeIvc7ky4F0KQSQupvyAQpTIZ/wkjbGo
+W5z9Y3TbN0zJA7Qnx6oEV5ZHshplSdZXYJNvVe5qGvG1
+-----END RSA PRIVATE KEY-----
diff --git a/t/nginx_voms_example.cert.pem b/t/certs/nginx_voms_example.cert.pem
similarity index 100%
rename from t/nginx_voms_example.cert.pem
rename to t/certs/nginx_voms_example.cert.pem
diff --git a/t/nginx_voms_example.key.pem b/t/certs/nginx_voms_example.key.pem
similarity index 100%
rename from t/nginx_voms_example.key.pem
rename to t/certs/nginx_voms_example.key.pem
diff --git a/t/voms_example.cert.pem b/t/certs/voms_example.cert.pem
similarity index 100%
rename from t/voms_example.cert.pem
rename to t/certs/voms_example.cert.pem
diff --git a/t/voms_example.key.pem b/t/certs/voms_example.key.pem
similarity index 100%
rename from t/voms_example.key.pem
rename to t/certs/voms_example.key.pem
diff --git a/t/expired_proxy.t b/t/expired_proxy.t
new file mode 100644
index 0000000..e064f60
--- /dev/null
+++ b/t/expired_proxy.t
@@ -0,0 +1,32 @@
+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, expired client certificate
+--- main_config
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+--- http_config
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ }
+--- config
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/2.cert.pem;
+ proxy_ssl_certificate_key ../../certs/2.key.pem;
+ }
+--- request
+GET /
+--- response_body_like: 400 Bad Request
+--- error_code: 400
+--- error_log
+certificate has expired
diff --git a/t/servroot/conf/nginx.conf b/t/servroot/conf/nginx.conf
new file mode 100644
index 0000000..bd4fda8
--- /dev/null
+++ b/t/servroot/conf/nginx.conf
@@ -0,0 +1,73 @@
+worker_processes 1;
+daemon on;
+master_process off;
+error_log /home/build/ngx_http_voms_module/t/servroot/logs/error.log debug;
+pid /home/build/ngx_http_voms_module/t/servroot/logs/nginx.pid;
+env MOCKEAGAIN_VERBOSE;
+env MOCKEAGAIN;
+env MOCKEAGAIN_WRITE_TIMEOUT_PATTERN;
+env LD_PRELOAD;
+env LD_LIBRARY_PATH;
+env DYLD_INSERT_LIBRARIES;
+env DYLD_FORCE_FLAT_NAMESPACE;
+#env LUA_PATH;
+#env LUA_CPATH;
+
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+
+
+http {
+ access_log /home/build/ngx_http_voms_module/t/servroot/logs/access.log;
+ #access_log off;
+
+ default_type text/plain;
+ keepalive_timeout 68;
+
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ }
+
+
+ server {
+ listen 1984;
+ server_name 'localhost';
+
+ client_max_body_size 30M;
+ #client_body_buffer_size 4k;
+
+ # Begin preamble config...
+
+ # End preamble config...
+
+ # Begin test case config...
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/2.cert.pem;
+ proxy_ssl_certificate_key ../../certs/2.key.pem;
+ }
+
+ # End test case config.
+
+ location / {
+ root /home/build/ngx_http_voms_module/t/servroot/html;
+ index index.html index.htm;
+ }
+ }
+}
+
+
+
+#timer_resolution 100ms;
+
+events {
+ accept_mutex off;
+
+ worker_connections 64;
+}
+env ASAN_OPTIONS;
diff --git a/t/servroot/html/index.html b/t/servroot/html/index.html
new file mode 100644
index 0000000..d99c1a6
--- /dev/null
+++ b/t/servroot/html/index.html
@@ -0,0 +1 @@
+<html><head><title>It works!</title></head><body>It works!</body></html>
\ No newline at end of file
diff --git a/t/servroot/logs/access.log b/t/servroot/logs/access.log
new file mode 100644
index 0000000..8ab584c
--- /dev/null
+++ b/t/servroot/logs/access.log
@@ -0,0 +1,2 @@
+127.0.0.1 - - [05/Mar/2018:13:23:08 +0000] "GET / HTTP/1.0" 400 237 "-" "-"
+127.0.0.1 - - [05/Mar/2018:13:23:08 +0000] "GET / HTTP/1.1" 400 237 "-" "-"
diff --git a/t/servroot/logs/error.log b/t/servroot/logs/error.log
new file mode 100644
index 0000000..fcce3a0
--- /dev/null
+++ b/t/servroot/logs/error.log
@@ -0,0 +1,11 @@
+2018/03/05 13:23:08 [notice] 8663#8663: using the "epoll" event method
+2018/03/05 13:23:08 [notice] 8663#8663: openresty/1.13.6.1
+2018/03/05 13:23:08 [notice] 8663#8663: built by gcc 7.2.1 20170829 (Red Hat 7.2.1-1) (GCC)
+2018/03/05 13:23:08 [notice] 8663#8663: OS: Linux 4.13.0-26-generic
+2018/03/05 13:23:08 [notice] 8663#8663: getrlimit(RLIMIT_NOFILE): 1048576:1048576
+2018/03/05 13:23:08 [info] 8664#8664: *3 client SSL certificate verify error: (10:certificate has expired) while reading client request headers, client: 127.0.0.1, server: , request: "GET / HTTP/1.0", host: "localhost:8443"
+2018/03/05 13:23:08 [notice] 8664#8664: signal 3 (SIGQUIT) received from 8650, shutting down
+2018/03/05 13:23:08 [info] 8664#8664: epoll_wait() failed (4: Interrupted system call)
+2018/03/05 13:23:08 [notice] 8664#8664: signal 15 (SIGTERM) received from 8650, exiting
+2018/03/05 13:23:08 [notice] 8664#8664: exiting
+2018/03/05 13:23:08 [notice] 8664#8664: exit
--
GitLab
From 5e2f0ebbe85fb3c60686951436a9fa59a91e760c Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Mon, 5 Mar 2018 16:50:33 +0100
Subject: [PATCH 03/13] Expired AC and Empty voms attribute tests
---
t/empty_voms_proxy.t | 38 ++++++++++++++++++++
t/expired_ac_proxy.t | 38 ++++++++++++++++++++
t/expired_proxy.t | 9 +++--
t/servroot/conf/nginx.conf | 73 --------------------------------------
t/servroot/html/index.html | 1 -
t/servroot/logs/access.log | 2 --
t/servroot/logs/error.log | 11 ------
7 files changed, 83 insertions(+), 89 deletions(-)
create mode 100644 t/empty_voms_proxy.t
create mode 100644 t/expired_ac_proxy.t
delete mode 100644 t/servroot/conf/nginx.conf
delete mode 100644 t/servroot/html/index.html
delete mode 100644 t/servroot/logs/access.log
delete mode 100644 t/servroot/logs/error.log
diff --git a/t/empty_voms_proxy.t b/t/empty_voms_proxy.t
new file mode 100644
index 0000000..84eb5c9
--- /dev/null
+++ b/t/empty_voms_proxy.t
@@ -0,0 +1,38 @@
+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, valid proxy certificate no voms attributes
+--- main_config
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+ env X509_VOMS_DIR=t/vomsdir;
+--- http_config
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ location = / {
+ default_type text/plain;
+ echo $voms_fqans $voms_user;
+ }
+ }
+--- config
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/0.cert.pem;
+ proxy_ssl_certificate_key ../../certs/0.key.pem;
+ }
+--- request
+GET /
+--- response_body_like eval
+qr/\n/
+--- error_log
+VOMS extension not found
+--- error_code: 200
diff --git a/t/expired_ac_proxy.t b/t/expired_ac_proxy.t
new file mode 100644
index 0000000..88bb867
--- /dev/null
+++ b/t/expired_ac_proxy.t
@@ -0,0 +1,38 @@
+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, valid proxy certificate expired voms attributes
+--- main_config
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+ env X509_VOMS_DIR=t/vomsdir;
+--- http_config
+ server {
+ error_log logs/error.log debug;
+ listen 8443 ssl;
+ ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+ ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+ ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+ ssl_verify_depth 10;
+ ssl_verify_client on;
+ location = / {
+ default_type text/plain;
+ echo $voms_fqans $voms_user;
+ }
+ }
+--- config
+ location = / {
+ proxy_pass https://localhost:8443/;
+ proxy_ssl_certificate ../../certs/1.cert.pem;
+ proxy_ssl_certificate_key ../../certs/1.key.pem;
+ }
+--- request
+GET /
+--- response_body_like eval
+qr/\n/
+--- error_log
+AC not valid anymore
+--- error_code: 200
diff --git a/t/expired_proxy.t b/t/expired_proxy.t
index e064f60..188502b 100644
--- a/t/expired_proxy.t
+++ b/t/expired_proxy.t
@@ -17,6 +17,10 @@ __DATA__
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
+ location = / {
+ default_type text/plain;
+ echo $ssl_client_s_dn;
+ }
}
--- config
location = / {
@@ -26,7 +30,8 @@ __DATA__
}
--- request
GET /
---- response_body_like: 400 Bad Request
---- error_code: 400
+--- response_body_like eval
+qr/\n/
--- error_log
certificate has expired
+--- error_code: 400
diff --git a/t/servroot/conf/nginx.conf b/t/servroot/conf/nginx.conf
deleted file mode 100644
index bd4fda8..0000000
--- a/t/servroot/conf/nginx.conf
+++ /dev/null
@@ -1,73 +0,0 @@
-worker_processes 1;
-daemon on;
-master_process off;
-error_log /home/build/ngx_http_voms_module/t/servroot/logs/error.log debug;
-pid /home/build/ngx_http_voms_module/t/servroot/logs/nginx.pid;
-env MOCKEAGAIN_VERBOSE;
-env MOCKEAGAIN;
-env MOCKEAGAIN_WRITE_TIMEOUT_PATTERN;
-env LD_PRELOAD;
-env LD_LIBRARY_PATH;
-env DYLD_INSERT_LIBRARIES;
-env DYLD_FORCE_FLAT_NAMESPACE;
-#env LUA_PATH;
-#env LUA_CPATH;
-
- env OPENSSL_ALLOW_PROXY_CERTS=1;
-
-
-http {
- access_log /home/build/ngx_http_voms_module/t/servroot/logs/access.log;
- #access_log off;
-
- default_type text/plain;
- keepalive_timeout 68;
-
- server {
- error_log logs/error.log debug;
- listen 8443 ssl;
- ssl_certificate ../../certs/nginx_voms_example.cert.pem;
- ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
- ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
- ssl_verify_depth 10;
- ssl_verify_client on;
- }
-
-
- server {
- listen 1984;
- server_name 'localhost';
-
- client_max_body_size 30M;
- #client_body_buffer_size 4k;
-
- # Begin preamble config...
-
- # End preamble config...
-
- # Begin test case config...
- location = / {
- proxy_pass https://localhost:8443/;
- proxy_ssl_certificate ../../certs/2.cert.pem;
- proxy_ssl_certificate_key ../../certs/2.key.pem;
- }
-
- # End test case config.
-
- location / {
- root /home/build/ngx_http_voms_module/t/servroot/html;
- index index.html index.htm;
- }
- }
-}
-
-
-
-#timer_resolution 100ms;
-
-events {
- accept_mutex off;
-
- worker_connections 64;
-}
-env ASAN_OPTIONS;
diff --git a/t/servroot/html/index.html b/t/servroot/html/index.html
deleted file mode 100644
index d99c1a6..0000000
--- a/t/servroot/html/index.html
+++ /dev/null
@@ -1 +0,0 @@
-<html><head><title>It works!</title></head><body>It works!</body></html>
\ No newline at end of file
diff --git a/t/servroot/logs/access.log b/t/servroot/logs/access.log
deleted file mode 100644
index 8ab584c..0000000
--- a/t/servroot/logs/access.log
+++ /dev/null
@@ -1,2 +0,0 @@
-127.0.0.1 - - [05/Mar/2018:13:23:08 +0000] "GET / HTTP/1.0" 400 237 "-" "-"
-127.0.0.1 - - [05/Mar/2018:13:23:08 +0000] "GET / HTTP/1.1" 400 237 "-" "-"
diff --git a/t/servroot/logs/error.log b/t/servroot/logs/error.log
deleted file mode 100644
index fcce3a0..0000000
--- a/t/servroot/logs/error.log
+++ /dev/null
@@ -1,11 +0,0 @@
-2018/03/05 13:23:08 [notice] 8663#8663: using the "epoll" event method
-2018/03/05 13:23:08 [notice] 8663#8663: openresty/1.13.6.1
-2018/03/05 13:23:08 [notice] 8663#8663: built by gcc 7.2.1 20170829 (Red Hat 7.2.1-1) (GCC)
-2018/03/05 13:23:08 [notice] 8663#8663: OS: Linux 4.13.0-26-generic
-2018/03/05 13:23:08 [notice] 8663#8663: getrlimit(RLIMIT_NOFILE): 1048576:1048576
-2018/03/05 13:23:08 [info] 8664#8664: *3 client SSL certificate verify error: (10:certificate has expired) while reading client request headers, client: 127.0.0.1, server: , request: "GET / HTTP/1.0", host: "localhost:8443"
-2018/03/05 13:23:08 [notice] 8664#8664: signal 3 (SIGQUIT) received from 8650, shutting down
-2018/03/05 13:23:08 [info] 8664#8664: epoll_wait() failed (4: Interrupted system call)
-2018/03/05 13:23:08 [notice] 8664#8664: signal 15 (SIGTERM) received from 8650, exiting
-2018/03/05 13:23:08 [notice] 8664#8664: exiting
-2018/03/05 13:23:08 [notice] 8664#8664: exit
--
GitLab
From 80cb0f80e0d255f05f7cdc4cafc1499529195287 Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Mon, 5 Mar 2018 18:06:19 +0100
Subject: [PATCH 04/13] Readme
---
t/README.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
diff --git a/t/README.md b/t/README.md
index 8a49daa..084e7ec 100644
--- a/t/README.md
+++ b/t/README.md
@@ -1,5 +1,70 @@
-# ngx_http_voms_module testing
+# ngx\_http\_voms\_module Testing
## Description
+Setup and files to test the *ngx\_http\_voms\_module* are contained in the **t** folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.
+### Voms proxy certificates
+
+Proxy certificates are in the **certs** folder:
+
+ * 0.pem: long-lived proxy, no AC;
+ * 1.pem: long-lived proxy, expired AC;
+ * 2.pem: expired proxy certificate.
+
+Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/).
+
+The following options are evoked:
+
+ VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
+
+*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the **certs** folder.
+
+To perform correctly the VOMS server connection, an *.lsc or *.pem file is needed in **/etc/grid-security/vomsdir**, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in **vomsdir/test.vo**.
+
+The *vomses* configuration is not actually needed for *voms-proxy-fake* evocations.
+
+### Test Description
+
+ * *empty\_voms\_proxy.t*:
+
+ **Input ->** 0.pem certificate and key.
+
+ **Expected output ->** 200-error-code, empty voms variables.
+
+ **Error log ->** "VOMS extension not found".
+
+ * *expired\_ac\_proxy.t*:
+
+ **Input ->** 1.pem certificate and key.
+
+ **Expected output ->** 200-error-code, empty voms variables.
+
+ **Error log ->** "AC not valid anymore".
+
+ * *expired\_proxy.t*:
+
+ **Input ->** 2.pem certificate and key.
+
+ **Expected output ->** 400-error-code, empty nginx variables.
+
+ ** Error log ->** "certificate has expired".
+
+Trust-anchors (igi-test-ca.pem) are contained in the **trust-anchors** folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the **certs** folder.
+
+### Running Tests
+
+To run the tests made available in the **t** folder just type
+
+ prove -v t
+
+
+Using the docker image provided to exploit Openresty in the Storm2 project:
+
+ docker run --rm -it -v /path/to/ngx_http_voms_module:/home/build/ngx_http_voms_module storm2/ngx-voms-build
+ cd openresty-1.x.y
+ ./configure ${resty_config_options} --add-module=../ngx_http_voms_module
+ make && make install
+ cd ..
+ sudo chown build.build -R t
+ prove -v t
--
GitLab
From c0e6b7c2d05fa2a37f70544c610354380b59af70 Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Tue, 6 Mar 2018 15:15:09 +0100
Subject: [PATCH 05/13] README.md fixed
---
t/README.md | 34 +++-------------------------------
1 file changed, 3 insertions(+), 31 deletions(-)
diff --git a/t/README.md b/t/README.md
index 084e7ec..a223aab 100644
--- a/t/README.md
+++ b/t/README.md
@@ -4,7 +4,7 @@
Setup and files to test the *ngx\_http\_voms\_module* are contained in the **t** folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.
-### Voms proxy certificates
+### Test fixture setup
Proxy certificates are in the **certs** folder:
@@ -14,42 +14,14 @@ Proxy certificates are in the **certs** folder:
Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/).
-The following options are evoked:
+The following options are used:
VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the **certs** folder.
-To perform correctly the VOMS server connection, an *.lsc or *.pem file is needed in **/etc/grid-security/vomsdir**, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in **vomsdir/test.vo**.
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in **/etc/grid-security/vomsdir**, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in **vomsdir/test.vo**.
-The *vomses* configuration is not actually needed for *voms-proxy-fake* evocations.
-
-### Test Description
-
- * *empty\_voms\_proxy.t*:
-
- **Input ->** 0.pem certificate and key.
-
- **Expected output ->** 200-error-code, empty voms variables.
-
- **Error log ->** "VOMS extension not found".
-
- * *expired\_ac\_proxy.t*:
-
- **Input ->** 1.pem certificate and key.
-
- **Expected output ->** 200-error-code, empty voms variables.
-
- **Error log ->** "AC not valid anymore".
-
- * *expired\_proxy.t*:
-
- **Input ->** 2.pem certificate and key.
-
- **Expected output ->** 400-error-code, empty nginx variables.
-
- ** Error log ->** "certificate has expired".
-
Trust-anchors (igi-test-ca.pem) are contained in the **trust-anchors** folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the **certs** folder.
### Running Tests
--
GitLab
From 4db9d5bcec665914c25019caeb3bad1f6b721417 Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Tue, 6 Mar 2018 18:28:47 +0100
Subject: [PATCH 06/13] README.md, empty_voms_proxy.t and expired_ac_proxy.t
fixed
---
README.md | 4 ++++
t/README.md | 22 +++++++++++-----------
t/empty_voms_proxy.t | 7 ++++---
t/expired_ac_proxy.t | 7 ++++---
4 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index ec7990d..16e58bd 100644
--- a/README.md
+++ b/README.md
@@ -29,3 +29,7 @@ A comma-separated list of _Fully Qualified Attribute Names_
### voms_user
+
+## Testing
+
+Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` folder.
diff --git a/t/README.md b/t/README.md
index a223aab..ee257f6 100644
--- a/t/README.md
+++ b/t/README.md
@@ -2,33 +2,33 @@
## Description
-Setup and files to test the *ngx\_http\_voms\_module* are contained in the **t** folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.
+Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.
### Test fixture setup
-Proxy certificates are in the **certs** folder:
+Proxy certificates are in the `certs` folder:
- * 0.pem: long-lived proxy, no AC;
- * 1.pem: long-lived proxy, expired AC;
+ * 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
+ * 1.pem: long-lived proxy certificate, with an expired AC;
* 2.pem: expired proxy certificate.
Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/).
-The following options are used:
+The following command is used:
VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
-*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the **certs** folder.
+*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder.
-To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in **/etc/grid-security/vomsdir**, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in **vomsdir/test.vo**.
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
-Trust-anchors (igi-test-ca.pem) are contained in the **trust-anchors** folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the **certs** folder.
+Trust-anchors (igi-test-ca.pem) are contained in the `trust-anchors` folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the `certs` folder.
### Running Tests
-To run the tests made available in the **t** folder just type
+To run the tests made available in the `t` folder just type
- prove -v t
+ prove -v
Using the docker image provided to exploit Openresty in the Storm2 project:
@@ -39,4 +39,4 @@ Using the docker image provided to exploit Openresty in the Storm2 project:
make && make install
cd ..
sudo chown build.build -R t
- prove -v t
+ prove -v
diff --git a/t/empty_voms_proxy.t b/t/empty_voms_proxy.t
index 84eb5c9..c08fd21 100644
--- a/t/empty_voms_proxy.t
+++ b/t/empty_voms_proxy.t
@@ -5,7 +5,7 @@ run_tests();
__DATA__
-=== TEST 1: https with x509 client authentication, valid proxy certificate no voms attributes
+=== TEST 1: https with x509 client authentication, valid proxy certificate with no VOMS attributes
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
@@ -20,7 +20,8 @@ __DATA__
ssl_verify_client on;
location = / {
default_type text/plain;
- echo $voms_fqans $voms_user;
+ echo $voms_fqans;
+ echo $voms_user;
}
}
--- config
@@ -32,7 +33,7 @@ __DATA__
--- request
GET /
--- response_body_like eval
-qr/\n/
+qr/\n\n/
--- error_log
VOMS extension not found
--- error_code: 200
diff --git a/t/expired_ac_proxy.t b/t/expired_ac_proxy.t
index 88bb867..cad7d17 100644
--- a/t/expired_ac_proxy.t
+++ b/t/expired_ac_proxy.t
@@ -5,7 +5,7 @@ run_tests();
__DATA__
-=== TEST 1: https with x509 client authentication, valid proxy certificate expired voms attributes
+=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
@@ -20,7 +20,8 @@ __DATA__
ssl_verify_client on;
location = / {
default_type text/plain;
- echo $voms_fqans $voms_user;
+ echo $voms_fqans;
+ echo $voms_user;
}
}
--- config
@@ -32,7 +33,7 @@ __DATA__
--- request
GET /
--- response_body_like eval
-qr/\n/
+qr/\n\n/
--- error_log
AC not valid anymore
--- error_code: 200
--
GitLab
From f34df2da97374297980f4a5417a27665b511cbfa Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Thu, 8 Mar 2018 12:05:20 +0100
Subject: [PATCH 07/13] README fixed
---
t/README.md | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/t/README.md b/t/README.md
index ee257f6..63f2dfd 100644
--- a/t/README.md
+++ b/t/README.md
@@ -33,10 +33,8 @@ To run the tests made available in the `t` folder just type
Using the docker image provided to exploit Openresty in the Storm2 project:
- docker run --rm -it -v /path/to/ngx_http_voms_module:/home/build/ngx_http_voms_module storm2/ngx-voms-build
- cd openresty-1.x.y
- ./configure ${resty_config_options} --add-module=../ngx_http_voms_module
- make && make install
- cd ..
- sudo chown build.build -R t
- prove -v
+ cp -r t /tmp
+ cd /tmp
+ prove -v
+
+A copy of the `t` folder is needed since the `prove` command creates a directory `servroot` in `t`.
--
GitLab
From f9acafedc47fc5277904f26de25b98e6b80d1e44 Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Thu, 8 Mar 2018 12:25:02 +0100
Subject: [PATCH 08/13] README formatting issue solved
---
t/README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/t/README.md b/t/README.md
index 63f2dfd..a1398d1 100644
--- a/t/README.md
+++ b/t/README.md
@@ -33,8 +33,8 @@ To run the tests made available in the `t` folder just type
Using the docker image provided to exploit Openresty in the Storm2 project:
- cp -r t /tmp
- cd /tmp
- prove -v
+ cp -r t /tmp
+ cd /tmp
+ prove -v
A copy of the `t` folder is needed since the `prove` command creates a directory `servroot` in `t`.
--
GitLab
From 5aa5db3ec46e093320d95b148f1669842ae282b7 Mon Sep 17 00:00:00 2001
From: Francesco Giacomini <giaco at cnaf dot infn dot it>
Date: Sat, 10 Mar 2018 18:00:44 +0100
Subject: [PATCH 09/13] fix test
---
t/expired_ac_proxy.t | 5 +++--
t/trust-anchors/10b10516.0 | 1 +
2 files changed, 4 insertions(+), 2 deletions(-)
create mode 120000 t/trust-anchors/10b10516.0
diff --git a/t/expired_ac_proxy.t b/t/expired_ac_proxy.t
index cad7d17..95d474f 100644
--- a/t/expired_ac_proxy.t
+++ b/t/expired_ac_proxy.t
@@ -7,8 +7,9 @@ __DATA__
=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
--- main_config
- env OPENSSL_ALLOW_PROXY_CERTS=1;
- env X509_VOMS_DIR=t/vomsdir;
+ env OPENSSL_ALLOW_PROXY_CERTS=1;
+ env X509_VOMS_DIR=/home/build/ngx_http_voms_module/t/vomsdir;
+ env X509_CERT_DIR=/home/build/ngx_http_voms_module/t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
diff --git a/t/trust-anchors/10b10516.0 b/t/trust-anchors/10b10516.0
new file mode 120000
index 0000000..b8991ae
--- /dev/null
+++ b/t/trust-anchors/10b10516.0
@@ -0,0 +1 @@
+igi-test-ca.pem
\ No newline at end of file
--
GitLab
From 966825b67fba759129e874af0306d01313708dca Mon Sep 17 00:00:00 2001
From: Francesco Giacomini <giaco at cnaf dot infn dot it>
Date: Mon, 12 Mar 2018 12:04:56 +0100
Subject: [PATCH 10/13] use relative paths for X509_VOMS_DIR and X509_CERT_DIR
---
t/expired_ac_proxy.t | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/t/expired_ac_proxy.t b/t/expired_ac_proxy.t
index 95d474f..2b07a96 100644
--- a/t/expired_ac_proxy.t
+++ b/t/expired_ac_proxy.t
@@ -8,8 +8,8 @@ __DATA__
=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
- env X509_VOMS_DIR=/home/build/ngx_http_voms_module/t/vomsdir;
- env X509_CERT_DIR=/home/build/ngx_http_voms_module/t/trust-anchors;
+ env X509_VOMS_DIR=t/vomsdir;
+ env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
--
GitLab
From 10df12f554cbeb70cd9dda433b9da2e3381e3d83 Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Mon, 12 Mar 2018 12:32:34 +0100
Subject: [PATCH 11/13] fixed README.md, adding links
---
t/README.md | 21 +++------------------
t/certs/README.md | 18 ++++++++++++++++++
2 files changed, 21 insertions(+), 18 deletions(-)
create mode 100644 t/certs/README.md
diff --git a/t/README.md b/t/README.md
index a1398d1..2d4ef93 100644
--- a/t/README.md
+++ b/t/README.md
@@ -6,23 +6,9 @@ Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` f
### Test fixture setup
-Proxy certificates are in the `certs` folder:
+Proxy certificates are in the `certs` folder (see [README.md](certs/README.md) for further details). Trust-anchors (e.g. igi-test-ca.pem) are contained in the `trust-anchors` folder. Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem, respectively, and they are in the `certs` folder.
- * 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
- * 1.pem: long-lived proxy certificate, with an expired AC;
- * 2.pem: expired proxy certificate.
-
-Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/).
-
-The following command is used:
-
- VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
-
-*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder.
-
-To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
-
-Trust-anchors (igi-test-ca.pem) are contained in the `trust-anchors` folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the `certs` folder.
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. The *voms.example.lsc* can be found in `vomsdir/test.vo`.
### Running Tests
@@ -30,8 +16,7 @@ To run the tests made available in the `t` folder just type
prove -v
-
-Using the docker image provided to exploit Openresty in the Storm2 project:
+Using the docker image provided to exploit Openresty in the Storm2 project (see [README.md](../README.md) for further details):
cp -r t /tmp
cd /tmp
diff --git a/t/certs/README.md b/t/certs/README.md
new file mode 100644
index 0000000..44bc200
--- /dev/null
+++ b/t/certs/README.md
@@ -0,0 +1,18 @@
+# Certificates for ngx\_http\_voms\_module Testing
+
+Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/):
+
+ * 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
+ * 1.pem: long-lived proxy certificate, with an expired AC;
+ * 2.pem: expired proxy certificate.
+
+To obtain such certificates the following command is used:
+
+ VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
+
+*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder.
+
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
+
+Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem.
+
--
GitLab
From 2691909dec94d5b3980059ae27c8743c4422b130 Mon Sep 17 00:00:00 2001
From: nterranova <nicholas.terranova@cnaf.infn.it>
Date: Mon, 12 Mar 2018 12:47:00 +0100
Subject: [PATCH 12/13] added line to run prove to README.md
---
t/README.md | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/t/README.md b/t/README.md
index 2d4ef93..9cccd8c 100644
--- a/t/README.md
+++ b/t/README.md
@@ -6,16 +6,20 @@ Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` f
### Test fixture setup
-Proxy certificates are in the `certs` folder (see [README.md](certs/README.md) for further details). Trust-anchors (e.g. igi-test-ca.pem) are contained in the `trust-anchors` folder. Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem, respectively, and they are in the `certs` folder.
+Proxy certificates are in the `certs` folder (see [README.md](certs/README.md) for further details), while trust-anchors (e.g. igi-test-ca.pem) are contained in `trust-anchors`.
+
+Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem, respectively, and they are contained in `certs`.
To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. The *voms.example.lsc* can be found in `vomsdir/test.vo`.
### Running Tests
-To run the tests made available in the `t` folder just type
+To run the tests made available in `t` just type
prove -v
+from `t`' s parent directory.
+
Using the docker image provided to exploit Openresty in the Storm2 project (see [README.md](../README.md) for further details):
cp -r t /tmp
--
GitLab
From 97a2aa12fa109dfa3e1d98341884b6491f7a671e Mon Sep 17 00:00:00 2001
From: Andrea Ceccanti <andrea.ceccanti@gmail.com>
Date: Mon, 12 Mar 2018 15:22:12 +0100
Subject: [PATCH 13/13] Imported test0 certificate
---
t/certs/README.md | 3 +++
t/certs/test0.cert.pem | 22 ++++++++++++++++++++++
t/certs/test0.key.pem | 30 ++++++++++++++++++++++++++++++
t/certs/test0.p12 | Bin 0 -> 2533 bytes
4 files changed, 55 insertions(+)
create mode 100644 t/certs/README.md
create mode 100644 t/certs/test0.cert.pem
create mode 100644 t/certs/test0.key.pem
create mode 100644 t/certs/test0.p12
diff --git a/t/certs/README.md b/t/certs/README.md
new file mode 100644
index 0000000..36f6f3c
--- /dev/null
+++ b/t/certs/README.md
@@ -0,0 +1,3 @@
+TBD:
+
+Add docs on certs here
diff --git a/t/certs/test0.cert.pem b/t/certs/test0.cert.pem
new file mode 100644
index 0000000..3cd77ed
--- /dev/null
+++ b/t/certs/test0.cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
diff --git a/t/certs/test0.key.pem b/t/certs/test0.key.pem
new file mode 100644
index 0000000..3237513
--- /dev/null
+++ b/t/certs/test0.key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA
+MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF
+XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp
+PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4
+Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM
+mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm
+P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea
+zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr
+ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2
+q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY
+RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW
+ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC
+MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq
+V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p
+hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al
+ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK
+G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S
+T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR
+v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si
+eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy
+QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE
+OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7
+xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O
+Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4
+pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es
+WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd
+poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I
+1o0=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/t/certs/test0.p12 b/t/certs/test0.p12
new file mode 100644
index 0000000000000000000000000000000000000000..1c97d37226171077c98e89c5d9f23932895fb137
GIT binary patch
literal 2533
zcmY+^c{CJ?9tZF-W`@xq%%m9EXR?jaWwP&5C}kN+vNRHEP_j02&2ZxyjeWhAxrXd9
zj4kUG*+U{_$(AkIN_O|@ocG>+?~mX4o%8*k^ZoOKr9!8H9GqAxG#>($e|qWZHZKPk
z2ZIVt1yP}i$8ju{3Nrntf-tBc_2Wnt$N@NhO8+z*SR{n!-wQAf2$m1TJyHbIj}X}R
z1_HSOp;QpS{UKP%R=i0{Q|+=HW6dpF_z-gYR3yzpC$+pPnyWNo&@|tBW?9ZoGvsMk
zD%?x9-*|sq8!M6_W^CN%6jn$$diCvG$%yK3maSy(gkU(Ec7>wfmn4FowgMn5AvHlb
zG}#Tf#Rmfi7<e;-yv_=>wO*YhUSxK6y)Q8l-<w!5z~Ub|SdE(J+^GG5IOB#sa?d^c
zuI5~*SxjK2xC{`2AN+bx9?e?04j{~KS0b}xhcs5oQ$~fro>|4jUl$lVL59`^I-zxR
zs_QjB0%}u!Ku$Y_d`8hdcfYSs)j&)+gmd3CCsvm711k;I_oHZzGfhujJi#vY^~;G3
zrGfuQ$4-c71Mif6EmGnUJ%4B=I9I-Gk(=4+nzfK`WFuJ#b(M1nPZ`tWMN*y@wD;5U
zTIhBuVHG)S+YdARlMPeNxNfP5sq!i*`CD}#fK8a&7w9$;7j!lXHxyd0o2_yjU^9c?
z;SzrwCg80rzbfBe1=BnLqrGM>_{Zu(iOSLQ+5Trge%2vf<qn_t(@l1`%X}UA*|&h)
zPXXvM#5AuFb&Et^hK5F->SCiUCNdo|+IE@3DZzg)irvZTX48@QQ<KFtUm%t(T#DT?
zYgO}zHfkt&5%RpP#}~z_?-?*5&8vJ5gtl-<f4f}sz*NxH!=TlnH0{BRdzsO`dUX=d
zr3WhK!BraFEk|&y;r5c(GS1Ng7>JTxpW_+S-F8C>N+C}w6I@$3^{#^bR93@t&NRb?
zQcEOXNJqy;^$Rsv_$5~vA_>n5?>}3+`a0QmlqG)Mt2Cdh;f;B%@W)(%yq?{jzAE||
z@DW!`XG)R`MO(7?B{G~m_?qy0OjR1|jE2eyW*mO@IgWJw{h-Z?_-UAuA52x%Ic|(q
z658(2A6EW*YkuPzZq%0_U_O#(vf#5LMH)sQC8~MxqvN*A_z(Ao6%HTk43I>NGOn>^
zt&m1i{zz1ssE|w^I>=byjA1H^zDtQx5fC+|CUl4UK(FpcZ1;W|@qZ-or&dIs*pvK6
zSu!Tk3)7ub{1@Dj6KZk;0<%J8K@V~Z&00#k<T%}wy7z)qnp`WY*6u^%@ZclEVC!Xy
z83bmnwp~5E6)3qV+E3eI)6~_hd!HX@%!%1(9mES*CyNmInst+yCH^J&OxSll{)~oa
zeIikqmKYnT(-@7;szYncf2q4`9ph_r_P~L{HPb!2;s#RxaleWdS!&rTf$K2J!}j2c
zMaF*Nnet$!e!Su~)xq)_5#%)G)e98+W3i?=!A-m2R+Co0%EeJ}L9E@}pm2BgmjaE9
zThIM9<^_XhJ0+$DV+D+X>h~obJsctIQA>W+ncnu#w$AMbweiJRD%jwEz+h0p=Rs63
z<~Wu=J{07{fB4|x03JKDdJN3+|Ea?HQ<c-{+5ji3yvsjT0Z~DnmGvK=-0j&T+rNs=
zy(g0okyRl3<lS3cmi}_nTR6+%%jylY<UQH)Al#6pusaugR)$Po)Xt7(WFL_NwkE7F
zs*t6jg)eYPb+8#CEh`)B%?hucPW(vmr;X!c-_4KAl&@{fSk6lC+J6<z<a7bJS{<w+
zz-7CeuzN!@7V7H5%>1RVDfH=k<?m7RcfmLwV9u5_n+<pTG1Nhuw9I1sQCy0+^qVKk
zX;c2q3&aaogy!<<$pm9YgREWfX54EpS*oJH=A0*&bV9M}i>^)YjF8^jZx8s!;E{?5
zt7xYh2ah9;RVcstNaXKxwv}ki(HO><?VEur1(68Vuj~9n-Y!xu9u(<~b*MBi4mDL*
zItsPwe|~`Z92G&7YO>tavwxv@T{wX>RDY=S35kE*7HY$>oz6K~o7UKqKJUVCg5OGe
zl;`F3$iyk*;k`PC;AvMWmx_~wm~@;`BhcurSUlQtm_1PRfjj!f66|H_Mp_@Ab6J~#
zD8&tPu#rjx?X)y{-RlY9EjEUD1UWTt+zm6YyQzOwTr6;-bjphi*c+U_d<PVnT|28P
zGQhvJ*>2M4@(}{-uniri1c!<5-+GAuJW_^&>-pOM(3lGIF+F8VAm|Cb8jE{ZQN6}P
zdy?$QxNJ4UkT9+VbbU7uSkE-WH(9S>Dz;}?n_u}R+;h_*;jq7?Rc@9p@2hGtypzgB
zCO%mEMQoLiW9*r|Y?EbLigTEkUD<9@@SKg>@X8XVpD}u_S%-zK8W$z_6?_(|pgH)T
zi*&yrV6Q86k;+seHs5^tHF%x(TWP_@QWM5Ji)hckrkzviP@RzDOcb+4qLvp@FVzN(
zN&&@QHJHuV%!5Rn57wmg0|s>6Q~F=3a##Hp6N<#i?G?4|NXG(j#w?3h&pe#<bneUT
zJ)J9zn*Swv=uTMtg-HaY_DuYP(=>c&fdO~+oy5u0$$;<qsCL;adNU($K`svsW489@
z_@VRpbK|i$hKvf{JZA~4cZo*Q_t*W#%EEVkGx%XoaI3NHfzAH)l0@j}h}_k!kBEsG
zehBN&5{epX=Tt{Lfdl0)NH2sLHR0!*pYd@EY&`I|NZofZ`X-<EUTaOsLy6VtzN<|B
zvnRcw#pyK#C3>lsj_y53jPATa(w~U2EGBIUOL%iaJJth43kBA&^%5J?opB}C|FZRD
zIul)$%&l|7&{!r`zhg#DQ)7I8mt2?XDKmvOwOjplz`)0K!8fO7EWYgI8;P3^sH;8^
zh>*Kg3GMSO=Wg3+{QU)Mf2~s){OQOL{)_0hYey;G2%}4Z-n<7QCXOz--@6GH&nK7d
z6!U7-_hFJf{n%H+&SFMqaf%1417wI}EFm);r9kAYAntr`OMMq-oT*g|qsJcTEoE2S
z9B%Z%)szpZ;5zP8hGOGQqkQ3Pf6!wEhT=>ciZ7>FfL!u2>)C+hMylfN4NU`AVniS*
zA=*?#_<VHCY`}udk<NX%$%Wpx$|$hRq!pin)x*9p9*s<+EXjKL5YZU1b@e&=^>^h;
z=l3xfx<>TokP8XumTkMx&eeFM$i$~P?y+YtDOR`lEMCjxFliH!^QMTzU9*`Q?5Ip`
z_alaU>UNWANDeXD2~&~9O8-|!C_?2F2wtGZUcU)g%oRLe$V73k^ug$RC$K75Nh}ls
tR^a0Vihuzicq1M<x|rpC=|$8kqgW@qUM7PY58`e;WQtJ`MeRS8{1=<xrAPn(
literal 0
HcmV?d00001
--
GitLab