Support for plain X.509 certs + tests

ea3e6196 · Andrea Ceccanti · 947eb5f2 · ea3e6196 · ea3e6196 · ea3e6196
Commit ea3e6196 authored 6 years ago by Andrea Ceccanti
--- a/src/ngx_http_voms_module.cpp
+++ b/src/ngx_http_voms_module.cpp
@@ -233,14 +233,19 @@ static ngx_int_t get_ssl_client_ee_s_dn(ngx_http_request_t* r,
        NGX_LOG_ERR, r->connection->log, 0, "SSL_get_peer_cert_chain() failed");
    return NGX_OK;
  }
-
-  // find first non-proxy
+  
  X509* ee_cert = nullptr;
-  for (int i = 0; i != sk_X509_num(chain); ++i) {
-    auto cert = sk_X509_value(chain, i);
-    if (cert && !is_proxy(cert)) {
-      ee_cert = cert;
-      break;
+
+  if (sk_X509_num(chain) == 0) {
+    ee_cert = SSL_get_peer_certificate(r->connection->ssl->connection);
+  } else {
+    // find first non-proxy
+    for (int i = 0; i != sk_X509_num(chain); ++i) {
+      auto cert = sk_X509_value(chain, i);
+      if (cert && !is_proxy(cert)) {
+        ee_cert = cert;
+        break;
+      }
    }
  }


--- a/t/certs/7.cert.pem
+++ b/t/certs/7.cert.pem
+-----BEGIN CERTIFICATE-----
+MIICZDCCAc+gAwIBAgIECbJ7aTALBgkqhkiG9w0BAQUwVTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAxEzARBgNVBAMTCjExMjA1NTI3NjcwHhcNMTgwNjI2MTE1OTU0WhcNMjIwOTI0
+MTUzOTM0WjBpMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzES
+MBAGA1UEAxMJMTYyNjkxOTQ1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY
+y5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib5noh3UB5jzT85ZyK
+mEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZLvGNr0BMedleJCe9
+Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQABozEwLzAOBgNVHQ8B
+Af8EBAMCBeAwHQYIKwYBBQUHAQ4BAf8EDjAMMAoGCCsGAQUFBxUBMAsGCSqGSIb3
+DQEBBQOBgQCKUH2ZNCrtUrz9atjgi3FY3pjIKZcCIxDLDz+YJC1CVJaZFQ0KMHkM
+PAuIwxqUdrR1jRG7s1QCZlr7QXySlql0v6icLAlnm1kVZ4MhOxGTLSVdUgqNz3kN
+Jz7cvtRnk4nCeb+4WnmSyfK8o7IPavp4DRs5aeZ9BtvCBzFRWALITg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICOzCCAaagAwIBAgIEQspHPzALBgkqhkiG9w0BAQUwQDELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAwHhcNMTgwNjI2MTE1OTQ0WhcNMjIwOTI0MTUzOTM0WjBVMQswCQYDVQQGEwJJ
+VDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUx
+MTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAkEUmDYhSUD64QKktC0A5d0LvufnAqcQbVktdpi8n14Up/7K2/jGFTVnu
+8NwPcfxog1kH5+ddp1JBI5FSELJkWD5a0oAfjz+6JNVb9sFRH4PuNO8O3ZrzpEDF
+I7rZ1x+vMqH43iYBaO89vafaeVHSEUJQOx3Z/Lv5OTv1r8tUKWECAwEAAaMxMC8w
+DgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATAL
+BgkqhkiG9w0BAQUDgYEAsY5QuVar+9Toz3FEOYjY1PBn5cBg+zBmdLDkMTruS8XS
+JA1WkSUNi5HtU8FuGkvs3Z8Rfw4vhQICl9wZdoPMDNo8rv2ErDgIM1QFqAiYqnz5
+Tt0xeZAJXCoAdoxg8wmeflQymbR2JoP2Q6UjI1LfwoYnaZf3saz5PQi+F4IZkq8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEf5WeODALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwNjI2MTE1OTE0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2pv6lQyWBT3/Yv4IiCkp7UbliS2DvEeZyR5bwoc0/zfRjCfk
+Wt169bDzDlgYqqXp+tO+PNbOovz48zHbhtNHGGT8I5N6wi6PUp7RPPBkHnlC13P5
+AlSQg5E+k+xyEJ6zRLhi2IcO5vd8oXGqGrj1hlli7gtNdtEwEd8pz8OkkB0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBAHs2qi5wGjQ2g7nX2UTNpCzkUxKSjYuf+5gx
+v74JSKUIaRxmtVWoa4UzH3tSYqdjDGFv6XEPScbbMz6HJjEMN1M7Elcsd01mnFCj
+WFHLlMkcBTyfCHMTzDtGhuUL5TdBJs0ha98Q+/hI3Nm+6SoZ2/2flRTdLOh9qQzx
+870bckwo6FHNZ32hdCPGJ4cy0pcV3Hc99K1iiQHTYEDZJoxvlZ/Wn2q+d/DsJycC
+Cdh237RRwWSxAJ3V1XWpXbP+FYFJx1aJEBwEVfXL0dqUrn7BYEOvR7SDPFXHbnFx
+x7Pd9+dwIh9aEdUYqXQWBCIHwFtVMv6P0jG0ochpQjmO3TjIkS4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
--- a/t/certs/7.key.pem
+++ b/t/certs/7.key.pem
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCYy5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib
+5noh3UB5jzT85ZyKmEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZ
+LvGNr0BMedleJCe9Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQAB
+AoGAGiw1rr9qvMAQw113o5N4/urblGAkquwY2kRxp50tf9SsBpnkv3+5R/e4RZpM
+P02thOgVQTivw21Ocmhs0w1XjH+LUNo8f9+Aet5F5qTS0p/cvCKeBfb4cVAAJFjM
+T8DxEpN5ZTwQVdb/CeoIr513suW6QuFqrJP2XjuTD37tZSkCQQDKb/AHVb+ajKq4
+mFQE+N3AcSYYqlqBbfdiPegaxUYTe9j0r6Rjzd/GpCtTSmpk+lIC9jWqMFr1OnDc
+3u8I0DVXAkEAwTkphRZeufrHghNFtFRec/+11vluqHEzUgno16bwxIg8ipqs/hjK
+iHKjtD7b3jIdKiISJIleEf2t9E3q05Z/lwJAWs63pzKpzlQHSOLb3ZcdMfQPmMTh
+8Gk5rVIDye5wLtFBUxFu9m4lUV/XJ3ecHkvDehyjmgIy6woaEpnWM+fh5QJAP2K8
+Hx+ehY4iAqbF2AlRTuZUxaffyDwSZNhBXPUzyJUUnzdshpKlZiuNTmTMhdCUxqyU
+nQ2/IVHBzgH9hdm6EwJAXk30m26ayo5awSv7LgtsgFh/1kTCSpzlfycwnO+NEfkV
+co+HkGYnU5lVXGMzAQyJDtiq+8f2A/lxdov6QYy/0w==
+-----END RSA PRIVATE KEY-----
--- a/t/certs/7.pem
+++ b/t/certs/7.pem
+-----BEGIN CERTIFICATE-----
+MIICZDCCAc+gAwIBAgIECbJ7aTALBgkqhkiG9w0BAQUwVTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAxEzARBgNVBAMTCjExMjA1NTI3NjcwHhcNMTgwNjI2MTE1OTU0WhcNMjIwOTI0
+MTUzOTM0WjBpMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzES
+MBAGA1UEAxMJMTYyNjkxOTQ1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY
+y5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib5noh3UB5jzT85ZyK
+mEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZLvGNr0BMedleJCe9
+Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQABozEwLzAOBgNVHQ8B
+Af8EBAMCBeAwHQYIKwYBBQUHAQ4BAf8EDjAMMAoGCCsGAQUFBxUBMAsGCSqGSIb3
+DQEBBQOBgQCKUH2ZNCrtUrz9atjgi3FY3pjIKZcCIxDLDz+YJC1CVJaZFQ0KMHkM
+PAuIwxqUdrR1jRG7s1QCZlr7QXySlql0v6icLAlnm1kVZ4MhOxGTLSVdUgqNz3kN
+Jz7cvtRnk4nCeb+4WnmSyfK8o7IPavp4DRs5aeZ9BtvCBzFRWALITg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCYy5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib
+5noh3UB5jzT85ZyKmEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZ
+LvGNr0BMedleJCe9Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQAB
+AoGAGiw1rr9qvMAQw113o5N4/urblGAkquwY2kRxp50tf9SsBpnkv3+5R/e4RZpM
+P02thOgVQTivw21Ocmhs0w1XjH+LUNo8f9+Aet5F5qTS0p/cvCKeBfb4cVAAJFjM
+T8DxEpN5ZTwQVdb/CeoIr513suW6QuFqrJP2XjuTD37tZSkCQQDKb/AHVb+ajKq4
+mFQE+N3AcSYYqlqBbfdiPegaxUYTe9j0r6Rjzd/GpCtTSmpk+lIC9jWqMFr1OnDc
+3u8I0DVXAkEAwTkphRZeufrHghNFtFRec/+11vluqHEzUgno16bwxIg8ipqs/hjK
+iHKjtD7b3jIdKiISJIleEf2t9E3q05Z/lwJAWs63pzKpzlQHSOLb3ZcdMfQPmMTh
+8Gk5rVIDye5wLtFBUxFu9m4lUV/XJ3ecHkvDehyjmgIy6woaEpnWM+fh5QJAP2K8
+Hx+ehY4iAqbF2AlRTuZUxaffyDwSZNhBXPUzyJUUnzdshpKlZiuNTmTMhdCUxqyU
+nQ2/IVHBzgH9hdm6EwJAXk30m26ayo5awSv7LgtsgFh/1kTCSpzlfycwnO+NEfkV
+co+HkGYnU5lVXGMzAQyJDtiq+8f2A/lxdov6QYy/0w==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICOzCCAaagAwIBAgIEQspHPzALBgkqhkiG9w0BAQUwQDELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAwHhcNMTgwNjI2MTE1OTQ0WhcNMjIwOTI0MTUzOTM0WjBVMQswCQYDVQQGEwJJ
+VDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUx
+MTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAkEUmDYhSUD64QKktC0A5d0LvufnAqcQbVktdpi8n14Up/7K2/jGFTVnu
+8NwPcfxog1kH5+ddp1JBI5FSELJkWD5a0oAfjz+6JNVb9sFRH4PuNO8O3ZrzpEDF
+I7rZ1x+vMqH43iYBaO89vafaeVHSEUJQOx3Z/Lv5OTv1r8tUKWECAwEAAaMxMC8w
+DgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATAL
+BgkqhkiG9w0BAQUDgYEAsY5QuVar+9Toz3FEOYjY1PBn5cBg+zBmdLDkMTruS8XS
+JA1WkSUNi5HtU8FuGkvs3Z8Rfw4vhQICl9wZdoPMDNo8rv2ErDgIM1QFqAiYqnz5
+Tt0xeZAJXCoAdoxg8wmeflQymbR2JoP2Q6UjI1LfwoYnaZf3saz5PQi+F4IZkq8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEf5WeODALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwNjI2MTE1OTE0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2pv6lQyWBT3/Yv4IiCkp7UbliS2DvEeZyR5bwoc0/zfRjCfk
+Wt169bDzDlgYqqXp+tO+PNbOovz48zHbhtNHGGT8I5N6wi6PUp7RPPBkHnlC13P5
+AlSQg5E+k+xyEJ6zRLhi2IcO5vd8oXGqGrj1hlli7gtNdtEwEd8pz8OkkB0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBAHs2qi5wGjQ2g7nX2UTNpCzkUxKSjYuf+5gx
+v74JSKUIaRxmtVWoa4UzH3tSYqdjDGFv6XEPScbbMz6HJjEMN1M7Elcsd01mnFCj
+WFHLlMkcBTyfCHMTzDtGhuUL5TdBJs0ha98Q+/hI3Nm+6SoZ2/2flRTdLOh9qQzx
+870bckwo6FHNZ32hdCPGJ4cy0pcV3Hc99K1iiQHTYEDZJoxvlZ/Wn2q+d/DsJycC
+Cdh237RRwWSxAJ3V1XWpXbP+FYFJx1aJEBwEVfXL0dqUrn7BYEOvR7SDPFXHbnFx
+x7Pd9+dwIh9aEdUYqXQWBCIHwFtVMv6P0jG0ochpQjmO3TjIkS4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
--- a/t/certs/8.cert.pem
+++ b/t/certs/8.cert.pem
+-----BEGIN CERTIFICATE-----
+MIICZDCCAc+gAwIBAgIECbJ7aTALBgkqhkiG9w0BAQUwVTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAxEzARBgNVBAMTCjExMjA1NTI3NjcwHhcNMTgwNjI2MTE1OTU0WhcNMjIwOTI0
+MTUzOTM0WjBpMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzES
+MBAGA1UEAxMJMTYyNjkxOTQ1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY
+y5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib5noh3UB5jzT85ZyK
+mEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZLvGNr0BMedleJCe9
+Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQABozEwLzAOBgNVHQ8B
+Af8EBAMCBeAwHQYIKwYBBQUHAQ4BAf8EDjAMMAoGCCsGAQUFBxUBMAsGCSqGSIb3
+DQEBBQOBgQCKUH2ZNCrtUrz9atjgi3FY3pjIKZcCIxDLDz+YJC1CVJaZFQ0KMHkM
+PAuIwxqUdrR1jRG7s1QCZlr7QXySlql0v6icLAlnm1kVZ4MhOxGTLSVdUgqNz3kN
+Jz7cvtRnk4nCeb+4WnmSyfK8o7IPavp4DRs5aeZ9BtvCBzFRWALITg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICOzCCAaagAwIBAgIEQspHPzALBgkqhkiG9w0BAQUwQDELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAwHhcNMTgwNjI2MTE1OTQ0WhcNMjIwOTI0MTUzOTM0WjBVMQswCQYDVQQGEwJJ
+VDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUx
+MTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAkEUmDYhSUD64QKktC0A5d0LvufnAqcQbVktdpi8n14Up/7K2/jGFTVnu
+8NwPcfxog1kH5+ddp1JBI5FSELJkWD5a0oAfjz+6JNVb9sFRH4PuNO8O3ZrzpEDF
+I7rZ1x+vMqH43iYBaO89vafaeVHSEUJQOx3Z/Lv5OTv1r8tUKWECAwEAAaMxMC8w
+DgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATAL
+BgkqhkiG9w0BAQUDgYEAsY5QuVar+9Toz3FEOYjY1PBn5cBg+zBmdLDkMTruS8XS
+JA1WkSUNi5HtU8FuGkvs3Z8Rfw4vhQICl9wZdoPMDNo8rv2ErDgIM1QFqAiYqnz5
+Tt0xeZAJXCoAdoxg8wmeflQymbR2JoP2Q6UjI1LfwoYnaZf3saz5PQi+F4IZkq8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEf5WeODALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwNjI2MTE1OTE0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2pv6lQyWBT3/Yv4IiCkp7UbliS2DvEeZyR5bwoc0/zfRjCfk
+Wt169bDzDlgYqqXp+tO+PNbOovz48zHbhtNHGGT8I5N6wi6PUp7RPPBkHnlC13P5
+AlSQg5E+k+xyEJ6zRLhi2IcO5vd8oXGqGrj1hlli7gtNdtEwEd8pz8OkkB0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBAHs2qi5wGjQ2g7nX2UTNpCzkUxKSjYuf+5gx
+v74JSKUIaRxmtVWoa4UzH3tSYqdjDGFv6XEPScbbMz6HJjEMN1M7Elcsd01mnFCj
+WFHLlMkcBTyfCHMTzDtGhuUL5TdBJs0ha98Q+/hI3Nm+6SoZ2/2flRTdLOh9qQzx
+870bckwo6FHNZ32hdCPGJ4cy0pcV3Hc99K1iiQHTYEDZJoxvlZ/Wn2q+d/DsJycC
+Cdh237RRwWSxAJ3V1XWpXbP+FYFJx1aJEBwEVfXL0dqUrn7BYEOvR7SDPFXHbnFx
+x7Pd9+dwIh9aEdUYqXQWBCIHwFtVMv6P0jG0ochpQjmO3TjIkS4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV
+BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2
+MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD
+SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora
+m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS
+8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV
+gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY
+4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE
+EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7
+LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ
+xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz
+dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV
+FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x
+PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog
+UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC
+uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb
+l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ
+-----END CERTIFICATE-----
--- a/t/certs/8.key.pem
+++ b/t/certs/8.key.pem
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCYy5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib
+5noh3UB5jzT85ZyKmEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZ
+LvGNr0BMedleJCe9Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQAB
+AoGAGiw1rr9qvMAQw113o5N4/urblGAkquwY2kRxp50tf9SsBpnkv3+5R/e4RZpM
+P02thOgVQTivw21Ocmhs0w1XjH+LUNo8f9+Aet5F5qTS0p/cvCKeBfb4cVAAJFjM
+T8DxEpN5ZTwQVdb/CeoIr513suW6QuFqrJP2XjuTD37tZSkCQQDKb/AHVb+ajKq4
+mFQE+N3AcSYYqlqBbfdiPegaxUYTe9j0r6Rjzd/GpCtTSmpk+lIC9jWqMFr1OnDc
+3u8I0DVXAkEAwTkphRZeufrHghNFtFRec/+11vluqHEzUgno16bwxIg8ipqs/hjK
+iHKjtD7b3jIdKiISJIleEf2t9E3q05Z/lwJAWs63pzKpzlQHSOLb3ZcdMfQPmMTh
+8Gk5rVIDye5wLtFBUxFu9m4lUV/XJ3ecHkvDehyjmgIy6woaEpnWM+fh5QJAP2K8
+Hx+ehY4iAqbF2AlRTuZUxaffyDwSZNhBXPUzyJUUnzdshpKlZiuNTmTMhdCUxqyU
+nQ2/IVHBzgH9hdm6EwJAXk30m26ayo5awSv7LgtsgFh/1kTCSpzlfycwnO+NEfkV
+co+HkGYnU5lVXGMzAQyJDtiq+8f2A/lxdov6QYy/0w==
+-----END RSA PRIVATE KEY-----
--- a/t/certs/8.pem
+++ b/t/certs/8.pem
+-----BEGIN CERTIFICATE-----
+MIICZDCCAc+gAwIBAgIECbJ7aTALBgkqhkiG9w0BAQUwVTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAxEzARBgNVBAMTCjExMjA1NTI3NjcwHhcNMTgwNjI2MTE1OTU0WhcNMjIwOTI0
+MTUzOTM0WjBpMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
+ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzES
+MBAGA1UEAxMJMTYyNjkxOTQ1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY
+y5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib5noh3UB5jzT85ZyK
+mEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZLvGNr0BMedleJCe9
+Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQABozEwLzAOBgNVHQ8B
+Af8EBAMCBeAwHQYIKwYBBQUHAQ4BAf8EDjAMMAoGCCsGAQUFBxUBMAsGCSqGSIb3
+DQEBBQOBgQCKUH2ZNCrtUrz9atjgi3FY3pjIKZcCIxDLDz+YJC1CVJaZFQ0KMHkM
+PAuIwxqUdrR1jRG7s1QCZlr7QXySlql0v6icLAlnm1kVZ4MhOxGTLSVdUgqNz3kN
+Jz7cvtRnk4nCeb+4WnmSyfK8o7IPavp4DRs5aeZ9BtvCBzFRWALITg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCYy5e3JJDyhKnsh8yT15qfFCuViyzPzzGhWLTiX57giLsRsbib
+5noh3UB5jzT85ZyKmEpHvZ3acWzcWqbqM/YyU2vPpxamm6+uZ2JUJFUc4zKahNQZ
+LvGNr0BMedleJCe9Ht+cQlSIons2rRvCuzMCnXRsYMyPFT4ZesbZcz+fUQIDAQAB
+AoGAGiw1rr9qvMAQw113o5N4/urblGAkquwY2kRxp50tf9SsBpnkv3+5R/e4RZpM
+P02thOgVQTivw21Ocmhs0w1XjH+LUNo8f9+Aet5F5qTS0p/cvCKeBfb4cVAAJFjM
+T8DxEpN5ZTwQVdb/CeoIr513suW6QuFqrJP2XjuTD37tZSkCQQDKb/AHVb+ajKq4
+mFQE+N3AcSYYqlqBbfdiPegaxUYTe9j0r6Rjzd/GpCtTSmpk+lIC9jWqMFr1OnDc
+3u8I0DVXAkEAwTkphRZeufrHghNFtFRec/+11vluqHEzUgno16bwxIg8ipqs/hjK
+iHKjtD7b3jIdKiISJIleEf2t9E3q05Z/lwJAWs63pzKpzlQHSOLb3ZcdMfQPmMTh
+8Gk5rVIDye5wLtFBUxFu9m4lUV/XJ3ecHkvDehyjmgIy6woaEpnWM+fh5QJAP2K8
+Hx+ehY4iAqbF2AlRTuZUxaffyDwSZNhBXPUzyJUUnzdshpKlZiuNTmTMhdCUxqyU
+nQ2/IVHBzgH9hdm6EwJAXk30m26ayo5awSv7LgtsgFh/1kTCSpzlfycwnO+NEfkV
+co+HkGYnU5lVXGMzAQyJDtiq+8f2A/lxdov6QYy/0w==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICOzCCAaagAwIBAgIEQspHPzALBgkqhkiG9w0BAQUwQDELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAxEzARBgNVBAMTCjIxNDA1MTE4
+MDAwHhcNMTgwNjI2MTE1OTQ0WhcNMjIwOTI0MTUzOTM0WjBVMQswCQYDVQQGEwJJ
+VDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUx
+MTgwMDETMBEGA1UEAxMKMTEyMDU1Mjc2NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAkEUmDYhSUD64QKktC0A5d0LvufnAqcQbVktdpi8n14Up/7K2/jGFTVnu
+8NwPcfxog1kH5+ddp1JBI5FSELJkWD5a0oAfjz+6JNVb9sFRH4PuNO8O3ZrzpEDF
+I7rZ1x+vMqH43iYBaO89vafaeVHSEUJQOx3Z/Lv5OTv1r8tUKWECAwEAAaMxMC8w
+DgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATAL
+BgkqhkiG9w0BAQUDgYEAsY5QuVar+9Toz3FEOYjY1PBn5cBg+zBmdLDkMTruS8XS
+JA1WkSUNi5HtU8FuGkvs3Z8Rfw4vhQICl9wZdoPMDNo8rv2ErDgIM1QFqAiYqnz5
+Tt0xeZAJXCoAdoxg8wmeflQymbR2JoP2Q6UjI1LfwoYnaZf3saz5PQi+F4IZkq8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkjCCAXygAwIBAgIEf5WeODALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwNjI2MTE1OTE0WhcN
+MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
+VQQDEwV0ZXN0MDETMBEGA1UEAxMKMjE0MDUxMTgwMDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2pv6lQyWBT3/Yv4IiCkp7UbliS2DvEeZyR5bwoc0/zfRjCfk
+Wt169bDzDlgYqqXp+tO+PNbOovz48zHbhtNHGGT8I5N6wi6PUp7RPPBkHnlC13P5
+AlSQg5E+k+xyEJ6zRLhi2IcO5vd8oXGqGrj1hlli7gtNdtEwEd8pz8OkkB0CAwEA
+AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
+BQcVATALBgkqhkiG9w0BAQUDggEBAHs2qi5wGjQ2g7nX2UTNpCzkUxKSjYuf+5gx
+v74JSKUIaRxmtVWoa4UzH3tSYqdjDGFv6XEPScbbMz6HJjEMN1M7Elcsd01mnFCj
+WFHLlMkcBTyfCHMTzDtGhuUL5TdBJs0ha98Q+/hI3Nm+6SoZ2/2flRTdLOh9qQzx
+870bckwo6FHNZ32hdCPGJ4cy0pcV3Hc99K1iiQHTYEDZJoxvlZ/Wn2q+d/DsJycC
+Cdh237RRwWSxAJ3V1XWpXbP+FYFJx1aJEBwEVfXL0dqUrn7BYEOvR7SDPFXHbnFx
+x7Pd9+dwIh9aEdUYqXQWBCIHwFtVMv6P0jG0ochpQjmO3TjIkS4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
+DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
+A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
+hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
+BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
+CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
+2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
+xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
+kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
+CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
+BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
+gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
+AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
+d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
+SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
+49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
+C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
+vDxcPMc/wmnMa+smNal0sJ6m
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV
+BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2
+MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD
+SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora
+m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS
+8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV
+gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY
+4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE
+EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7
+LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ
+xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz
+dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV
+FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x
+PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog
+UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC
+uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb
+l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ
+-----END CERTIFICATE-----
--- a/t/certs/README.md
+++ b/t/certs/README.md
@@ -10,7 +10,9 @@ Proxy certificates are generated using [VOMS client 3.3.1](http://italiangrid.gi
 * 4.pem: long-lived proxy with VOMS generic attributes containing reserved characters;
 * 5.pem: long-lived proxy with valid VOMS attributes, `*.lsc` file missing in `vomsdir`. 
 * 6.pem: long-lived proxy with valid VOMS attributes, with an old format for fqans. 
-
+ * 7.pem: long-lived proxy (3 delegations), without VOMS attributes;
+ * 8.pem: long-lived proxy (3 delegations), without VOMS attributes, plus CA
+   certificate included in the chain;

 To obtain such certificates the following command is used:


--- a/t/eec_subject.t
+++ b/t/eec_subject.t
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: rfc proxy certificate, no AC
+--- main_config
+    env OPENSSL_ALLOW_PROXY_CERTS=1;
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+--- http_config
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $ssl_client_ee_s_dn;
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/0.cert.pem;
+        proxy_ssl_certificate_key ../../certs/0.key.pem;
+    }
+--- request
+GET / 
+--- response_body
+CN=test0,O=IGI,C=IT
+--- error_code: 200
+
+=== TEST 2: standard x.509 certificate 
+--- main_config
+    env OPENSSL_ALLOW_PROXY_CERTS=1;
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+--- http_config
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $ssl_client_ee_s_dn;
+            echo $ssl_client_s_dn;
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        proxy_ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+    }
+--- request
+GET / 
+--- response_body
+CN=nginx-voms.example,O=IGI,C=IT
+CN=nginx-voms.example,O=IGI,C=IT
+--- error_code: 200
+
+=== TEST 3: three delegations proxy
+--- main_config
+    env OPENSSL_ALLOW_PROXY_CERTS=1;
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+--- http_config
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $ssl_client_ee_s_dn;
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/7.cert.pem;
+        proxy_ssl_certificate_key ../../certs/7.key.pem;
+    }
+--- request
+GET / 
+--- response_body
+CN=test0,O=IGI,C=IT
+--- error_code: 200
+
+
+=== TEST 4: three delegations proxy + CA cert
+--- main_config
+    env OPENSSL_ALLOW_PROXY_CERTS=1;
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+--- http_config
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $ssl_client_ee_s_dn;
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/8.cert.pem;
+        proxy_ssl_certificate_key ../../certs/8.key.pem;
+    }
+--- request
+GET / 
+--- response_body
+CN=test0,O=IGI,C=IT
+--- error_code: 200