diff --git a/SOURCES/0057-curl-7.29.0-nss-obj-leak.patch b/SOURCES/0057-curl-7.29.0-nss-obj-leak.patch
new file mode 100644
index 0000000..4b1baf2
--- /dev/null
+++ b/SOURCES/0057-curl-7.29.0-nss-obj-leak.patch
@@ -0,0 +1,102 @@
+From 543ba995e5beb83a754a8f844491446747c83572 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 8 Feb 2018 11:23:49 +0100
+Subject: [PATCH] nss: use PK11_CreateManagedGenericObject() if available
+
+... so that the memory allocated by applications using libcurl does not
+grow per each TLS connection.
+
+Bug: https://bugzilla.redhat.com/1510247
+
+Closes #2297
+
+Upstream-commit: 1605d93a7b8ac4b7f348e304e018e9d15ffaabf0
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ configure | 10 ++++++++++
+ configure.ac | 9 +++++++++
+ lib/curl_config.h.in | 3 +++
+ lib/nss.c | 12 +++++++++++-
+ 4 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index fc260ee..3c77748 100755
+--- a/configure
++++ b/configure
+@@ -23753,6 +23753,16 @@ $as_echo "$as_me: detected NSS version $version" >&6;}
+ NSS_LIBS=$addlib
+
+
++ ac_fn_c_check_func "$LINENO" "PK11_CreateManagedGenericObject" "ac_cv_func_PK11_CreateManagedGenericObject"
++if test "x$ac_cv_func_PK11_CreateManagedGenericObject" = xyes; then :
++
++
++$as_echo "#define HAVE_PK11_CREATEMANAGEDGENERICOBJECT 1" >>confdefs.h
++
++
++fi
++
++
+ if test "x$cross_compiling" != "xyes"; then
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+ export LD_LIBRARY_PATH
+diff --git a/configure.ac b/configure.ac
+index 9612c2f..887ded9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2216,6 +2216,15 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+ NSS_LIBS=$addlib
+ AC_SUBST([NSS_LIBS])
+
++ dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
++ dnl PK11_DestroyGenericObject() does not release resources allocated by
++ dnl PK11_CreateGenericObject() early enough.
++ AC_CHECK_FUNC(PK11_CreateManagedGenericObject,
++ [
++ AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1,
++ [if you have the PK11_CreateManagedGenericObject function])
++ ])
++
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
+index 19b66fa..9db354b 100644
+--- a/lib/curl_config.h.in
++++ b/lib/curl_config.h.in
+@@ -503,6 +503,9 @@
+ /* Define to 1 if you have the `pipe' function. */
+ #undef HAVE_PIPE
+
++/* if you have the PK11_CreateManagedGenericObject function */
++#undef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
++
+ /* Define to 1 if you have a working poll function. */
+ #undef HAVE_POLL
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 1b8abd3..31e5d75 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -399,7 +399,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *ssl,
+ PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
+ }
+
+- obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
++ /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
++ * PK11_DestroyGenericObject() does not release resources allocated by
++ * PK11_CreateGenericObject() early enough. */
++ obj =
++#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
++ PK11_CreateManagedGenericObject
++#else
++ PK11_CreateGenericObject
++#endif
++ (slot, attrs, attr_cnt, PR_FALSE);
++
+ PK11_FreeSlot(slot);
+ if(!obj)
+ return err;
+--
+2.13.6
+
diff --git a/SOURCES/0058-curl-7.29.0-test-certs.patch b/SOURCES/0058-curl-7.29.0-test-certs.patch
new file mode 100644
index 0000000..657e27b
--- /dev/null
+++ b/SOURCES/0058-curl-7.29.0-test-certs.patch
@@ -0,0 +1,1793 @@
+From 8c0be699968463c2c2baf31f7b454e6280a7ef3b Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Sat, 21 Mar 2015 16:20:34 +0100
+Subject: [PATCH] tests/certs: rebuild certificates with modified key usage
+ bits
+
+The certificates were missing the digitalSignature and keyAgreement
+usage types, of which at least digitalSignature was checked by CyaSSL.
+This caused the test server in test 310 (among others) to fail the
+startup verification and therefore run (see
+http://curl.haxx.se/mail/lib-2014-07/0303.html).
+
+Upstream-commit: f9251a5c86f86388bb9aaa078738fcf49870ca3f
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/certs/EdelCurlRoot-ca.cacert | 119 ++++++++++++++---------------
+ tests/certs/EdelCurlRoot-ca.crt | 119 ++++++++++++++---------------
+ tests/certs/EdelCurlRoot-ca.csr | 30 ++++----
+ tests/certs/EdelCurlRoot-ca.key | 50 ++++++------
+ tests/certs/EdelCurlRoot-ca.prm | 2 +-
+ tests/certs/Makefile.am | 2 -
+ tests/certs/Server-localhost-sv.crl | 29 ++++---
+ tests/certs/Server-localhost-sv.crt | 101 ++++++++++++------------
+ tests/certs/Server-localhost-sv.csr | 14 ++--
+ tests/certs/Server-localhost-sv.dhp | 5 --
+ tests/certs/Server-localhost-sv.key | 26 +++----
+ tests/certs/Server-localhost-sv.pem | 136 ++++++++++++++++-----------------
+ tests/certs/Server-localhost-sv.prm | 4 +-
+ tests/certs/Server-localhost.nn-sv.crl | 30 +++++---
+ tests/certs/Server-localhost.nn-sv.crt | 101 ++++++++++++------------
+ tests/certs/Server-localhost.nn-sv.csr | 14 ++--
+ tests/certs/Server-localhost.nn-sv.dhp | 5 --
+ tests/certs/Server-localhost.nn-sv.key | 26 +++----
+ tests/certs/Server-localhost.nn-sv.pem | 136 ++++++++++++++++-----------------
+ tests/certs/Server-localhost.nn-sv.prm | 4 +-
+ tests/certs/Server-localhost0h-sv.crl | 32 +++++---
+ tests/certs/Server-localhost0h-sv.crt | 101 ++++++++++++------------
+ tests/certs/Server-localhost0h-sv.csr | 14 ++--
+ tests/certs/Server-localhost0h-sv.dhp | 5 --
+ tests/certs/Server-localhost0h-sv.key | 26 +++----
+ tests/certs/Server-localhost0h-sv.pem | 136 ++++++++++++++++-----------------
+ tests/certs/Server-localhost0h-sv.prm | 4 +-
+ 27 files changed, 628 insertions(+), 643 deletions(-)
+
+diff --git a/tests/certs/EdelCurlRoot-ca.cacert b/tests/certs/EdelCurlRoot-ca.cacert
+index 8bcbc18..d3ec4d3 100644
+--- a/tests/certs/EdelCurlRoot-ca.cacert
++++ b/tests/certs/EdelCurlRoot-ca.cacert
+@@ -1,42 +1,41 @@
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:94:f5:ab:a6
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311616 (0xcfa60bc5140)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:36:46 2010 GMT
+- Not After : Oct 30 21:36:46 2026 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Aug 24 15:07:11 2031 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+- 00:c1:a9:0a:ef:76:06:7d:fe:78:3a:f1:0e:40:6d:
+- c2:5b:ae:8f:8d:7f:f0:d5:89:9e:42:2a:f0:17:94:
+- d9:2e:67:c7:2d:01:1c:95:a3:b1:a6:86:d4:12:3c:
+- 47:3a:70:e6:7b:1f:11:06:d3:73:ae:df:ca:24:19:
+- 03:e4:62:0a:eb:67:d4:dc:ef:9d:2d:e0:82:77:fe:
+- 2a:30:5a:fb:57:e5:b8:4f:36:52:4c:2f:57:ad:12:
+- 6a:94:3e:e4:48:a7:ad:a5:c0:3a:d0:4e:00:99:88:
+- 8f:bd:4a:70:be:3b:5b:6b:ff:5e:6f:29:6d:0c:a7:
+- 55:4a:e2:43:e7:49:0f:99:54:59:68:81:34:d8:a9:
+- fb:c8:0d:14:5a:40:cb:70:1e:f5:3b:c0:42:39:06:
+- f9:63:ad:d9:29:14:53:af:42:10:1d:18:95:b6:15:
+- 8a:d8:41:d8:37:31:0a:97:5a:1b:10:90:ac:1d:ff:
+- 6e:71:33:6b:7e:88:18:20:ed:be:35:ff:e7:69:48:
+- 05:c0:78:2e:04:46:f4:c2:8d:4d:70:6e:42:fa:93:
+- eb:ce:12:3b:d1:f5:ce:3f:29:5c:8c:bd:59:83:e4:
+- a1:c1:3c:8e:3e:38:55:f3:99:18:b0:df:f6:74:c9:
+- 8e:28:f4:38:0d:45:20:d6:db:c0:73:a2:e6:8c:6e:
+- 98:9f
++ 00:e1:4c:d9:74:1a:a4:a3:42:57:a4:7a:2e:74:02:
++ 08:49:6a:6a:1d:db:de:c3:43:d6:48:60:12:30:ed:
++ d6:6e:74:16:81:16:4e:50:b9:6c:b9:36:0d:19:a4:
++ f7:85:99:40:46:26:46:33:86:ce:0c:27:71:e4:8f:
++ 0f:b4:3a:99:6d:af:78:48:b7:cb:c4:d3:60:7d:d0:
++ 17:6f:23:bc:89:c0:bc:16:b8:94:f0:b2:10:8d:c8:
++ e0:35:97:ed:8f:c6:db:9b:cd:aa:f6:8c:45:dc:0f:
++ ee:a0:78:12:be:f6:7d:f4:f7:b6:8c:4e:e5:7d:32:
++ e8:f7:f7:1e:04:46:9e:08:cd:cb:ec:e2:9a:c3:35:
++ 3f:ce:a1:01:e3:10:0a:ec:d9:ab:13:09:eb:e6:39:
++ 6b:92:30:c7:08:bd:8a:32:ef:0b:b2:61:6f:11:43:
++ 95:cf:31:ea:19:01:cc:1a:6d:d2:d5:57:35:da:c0:
++ ae:46:39:d3:33:ed:f8:c0:1e:ad:3d:68:6f:a8:53:
++ 24:ac:d6:f9:dd:2b:51:50:77:e4:b7:5d:ad:48:80:
++ 5d:65:57:e5:eb:07:82:7d:cb:72:4f:06:6a:34:d4:
++ 38:c8:6b:ed:8a:3a:68:5e:35:e3:78:14:da:5d:86:
++ 9f:e5:d4:1c:dd:90:c2:7c:a2:00:d4:95:65:04:85:
++ ff:83
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+@@ -44,42 +43,42 @@ Certificate:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+- AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ 12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+ Signature Algorithm: sha1WithRSAEncryption
+- 86:1f:9d:dd:45:11:c8:6b:f1:97:1a:f0:25:b2:0c:f7:1f:58:
+- c4:6a:a5:56:07:32:cb:2d:7a:8c:ae:47:1e:7d:e7:73:6c:3b:
+- 96:1e:75:b4:e5:89:05:a7:7e:b6:52:56:5a:e2:6b:38:e4:18:
+- 3c:64:6f:be:bd:d3:01:76:b4:83:7f:7a:1e:9c:cb:40:1b:9a:
+- dd:43:cb:9a:db:8a:f8:76:50:ab:ad:85:7f:cf:3a:6f:4b:e2:
+- 27:b0:8c:a9:0a:e0:d8:45:00:05:5e:29:ab:a0:8a:78:e5:09:
+- 89:48:8a:0d:42:49:1e:ad:c2:85:2f:29:9d:af:2e:c8:ef:b9:
+- dc:74:33:eb:e9:45:e9:a2:b3:00:ba:76:0b:74:59:c9:a8:96:
+- 4c:f3:cd:9b:34:5a:4a:87:b2:6a:52:74:5b:be:f3:81:f8:32:
+- d0:1f:c9:cc:9f:8a:6a:eb:6e:f3:6d:2c:54:20:86:f6:87:62:
+- c0:ed:55:03:9d:97:a9:5a:ae:39:a0:7e:e4:a6:95:e9:26:19:
+- 91:e6:0f:b6:18:f7:49:6c:a7:ce:fd:c1:04:c2:f9:27:27:4c:
+- 59:e9:bf:7a:f6:65:a0:d9:a0:71:a6:54:c6:6f:9a:5d:23:19:
+- 57:49:59:2c:06:91:3e:28:9b:c1:6f:f2:2d:9a:24:a7:0b:da:
+- cd:cc:f3:bc
++ d4:d0:22:19:78:2e:2e:1d:83:c6:79:89:c1:a8:23:43:4e:86:
++ 76:16:31:bd:b7:c0:44:2c:b9:2c:79:99:2f:02:48:33:1e:a7:
++ d7:0e:d9:f1:cb:ed:39:1a:34:b3:50:af:c9:8d:64:bf:ff:72:
++ 1b:1d:e0:5d:40:3b:b5:00:7c:d1:78:ff:45:ee:d9:05:3f:32:
++ f6:cd:f4:d3:79:58:d8:44:94:65:f5:c3:a9:5d:d8:13:d9:57:
++ e7:13:18:fa:f3:72:0b:cf:a3:4a:f4:6e:5e:74:30:3c:cb:76:
++ 28:f9:44:9a:ba:3e:b7:3e:01:79:3e:cb:5c:df:5a:d4:6c:34:
++ aa:bd:c0:6d:25:85:e5:28:f6:15:e1:9d:af:a7:f7:a7:6c:2a:
++ 1d:1d:93:1e:89:71:66:c7:0b:e4:ce:36:c1:21:c4:73:5d:2b:
++ 24:a9:3d:26:df:1c:e8:60:69:e3:82:98:c3:5b:91:9e:da:bd:
++ 27:ee:e0:fd:64:ea:7d:35:91:fd:5e:1e:33:82:24:39:7b:49:
++ af:23:05:fc:6e:53:7e:07:69:f4:e7:e3:1f:f0:1c:59:87:4c:
++ b6:74:c9:60:ed:f5:ab:a0:31:8a:05:d4:64:9f:1e:16:b6:9f:
++ f8:7e:0d:ac:b7:d9:16:b9:b3:bc:0b:03:6b:24:e9:46:81:dc:
++ d8:52:63:75
+ -----BEGIN CERTIFICATE-----
+-MIIDkDCCAnigAwIBAgIGC5iU9aumMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDkjCCAnqgAwIBAgIGDPpgvFFAMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzY0NloXDTI2MTAzMDIxMzY0NlowZzELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG
+-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqQrvdgZ9/ng68Q5AbcJbro+Nf/DViZ5C
+-KvAXlNkuZ8ctARyVo7GmhtQSPEc6cOZ7HxEG03Ou38okGQPkYgrrZ9Tc750t4IJ3
+-/iowWvtX5bhPNlJML1etEmqUPuRIp62lwDrQTgCZiI+9SnC+O1tr/15vKW0Mp1VK
+-4kPnSQ+ZVFlogTTYqfvIDRRaQMtwHvU7wEI5BvljrdkpFFOvQhAdGJW2FYrYQdg3
+-MQqXWhsQkKwd/25xM2t+iBgg7b41/+dpSAXAeC4ERvTCjU1wbkL6k+vOEjvR9c4/
+-KVyMvVmD5KHBPI4+OFXzmRiw3/Z0yY4o9DgNRSDW28BzouaMbpifAgMBAAGjQjBA
+-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBStPuI5
+-B7hcqiaQlEwmaSGD4k42lDANBgkqhkiG9w0BAQUFAAOCAQEAhh+d3UURyGvxlxrw
+-JbIM9x9YxGqlVgcyyy16jK5HHn3nc2w7lh51tOWJBad+tlJWWuJrOOQYPGRvvr3T
+-AXa0g396HpzLQBua3UPLmtuK+HZQq62Ff886b0viJ7CMqQrg2EUABV4pq6CKeOUJ
+-iUiKDUJJHq3ChS8pna8uyO+53HQz6+lF6aKzALp2C3RZyaiWTPPNmzRaSoeyalJ0
+-W77zgfgy0B/JzJ+Kautu820sVCCG9odiwO1VA52XqVquOaB+5KaV6SYZkeYPthj3
+-SWynzv3BBML5JydMWem/evZloNmgcaZUxm+aXSMZV0lZLAaRPiibwW/yLZokpwva
+-zczzvA==
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0zMTA4MjQxNTA3MTFaMGgxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjCCASIwDQYJ
++KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFM2XQapKNCV6R6LnQCCElqah3b3sND
++1khgEjDt1m50FoEWTlC5bLk2DRmk94WZQEYmRjOGzgwnceSPD7Q6mW2veEi3y8TT
++YH3QF28jvInAvBa4lPCyEI3I4DWX7Y/G25vNqvaMRdwP7qB4Er72ffT3toxO5X0y
++6Pf3HgRGngjNy+zimsM1P86hAeMQCuzZqxMJ6+Y5a5Iwxwi9ijLvC7JhbxFDlc8x
++6hkBzBpt0tVXNdrArkY50zPt+MAerT1ob6hTJKzW+d0rUVB35LddrUiAXWVX5esH
++gn3Lck8GajTUOMhr7Yo6aF4143gU2l2Gn+XUHN2QwnyiANSVZQSF/4MCAwEAAaNC
++MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLK
++uktGBKd1iizoDlSUvBJlpnvOMA0GCSqGSIb3DQEBBQUAA4IBAQDU0CIZeC4uHYPG
++eYnBqCNDToZ2FjG9t8BELLkseZkvAkgzHqfXDtnxy+05GjSzUK/JjWS//3IbHeBd
++QDu1AHzReP9F7tkFPzL2zfTTeVjYRJRl9cOpXdgT2VfnExj683ILz6NK9G5edDA8
++y3Yo+USauj63PgF5Pstc31rUbDSqvcBtJYXlKPYV4Z2vp/enbCodHZMeiXFmxwvk
++zjbBIcRzXSskqT0m3xzoYGnjgpjDW5Ge2r0n7uD9ZOp9NZH9Xh4zgiQ5e0mvIwX8
++blN+B2n05+Mf8BxZh0y2dMlg7fWroDGKBdRknx4Wtp/4fg2st9kWubO8CwNrJOlG
++gdzYUmN1
+ -----END CERTIFICATE-----
+diff --git a/tests/certs/EdelCurlRoot-ca.crt b/tests/certs/EdelCurlRoot-ca.crt
+index 8bcbc18..d3ec4d3 100644
+--- a/tests/certs/EdelCurlRoot-ca.crt
++++ b/tests/certs/EdelCurlRoot-ca.crt
+@@ -1,42 +1,41 @@
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:94:f5:ab:a6
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311616 (0xcfa60bc5140)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:36:46 2010 GMT
+- Not After : Oct 30 21:36:46 2026 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Aug 24 15:07:11 2031 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+- 00:c1:a9:0a:ef:76:06:7d:fe:78:3a:f1:0e:40:6d:
+- c2:5b:ae:8f:8d:7f:f0:d5:89:9e:42:2a:f0:17:94:
+- d9:2e:67:c7:2d:01:1c:95:a3:b1:a6:86:d4:12:3c:
+- 47:3a:70:e6:7b:1f:11:06:d3:73:ae:df:ca:24:19:
+- 03:e4:62:0a:eb:67:d4:dc:ef:9d:2d:e0:82:77:fe:
+- 2a:30:5a:fb:57:e5:b8:4f:36:52:4c:2f:57:ad:12:
+- 6a:94:3e:e4:48:a7:ad:a5:c0:3a:d0:4e:00:99:88:
+- 8f:bd:4a:70:be:3b:5b:6b:ff:5e:6f:29:6d:0c:a7:
+- 55:4a:e2:43:e7:49:0f:99:54:59:68:81:34:d8:a9:
+- fb:c8:0d:14:5a:40:cb:70:1e:f5:3b:c0:42:39:06:
+- f9:63:ad:d9:29:14:53:af:42:10:1d:18:95:b6:15:
+- 8a:d8:41:d8:37:31:0a:97:5a:1b:10:90:ac:1d:ff:
+- 6e:71:33:6b:7e:88:18:20:ed:be:35:ff:e7:69:48:
+- 05:c0:78:2e:04:46:f4:c2:8d:4d:70:6e:42:fa:93:
+- eb:ce:12:3b:d1:f5:ce:3f:29:5c:8c:bd:59:83:e4:
+- a1:c1:3c:8e:3e:38:55:f3:99:18:b0:df:f6:74:c9:
+- 8e:28:f4:38:0d:45:20:d6:db:c0:73:a2:e6:8c:6e:
+- 98:9f
++ 00:e1:4c:d9:74:1a:a4:a3:42:57:a4:7a:2e:74:02:
++ 08:49:6a:6a:1d:db:de:c3:43:d6:48:60:12:30:ed:
++ d6:6e:74:16:81:16:4e:50:b9:6c:b9:36:0d:19:a4:
++ f7:85:99:40:46:26:46:33:86:ce:0c:27:71:e4:8f:
++ 0f:b4:3a:99:6d:af:78:48:b7:cb:c4:d3:60:7d:d0:
++ 17:6f:23:bc:89:c0:bc:16:b8:94:f0:b2:10:8d:c8:
++ e0:35:97:ed:8f:c6:db:9b:cd:aa:f6:8c:45:dc:0f:
++ ee:a0:78:12:be:f6:7d:f4:f7:b6:8c:4e:e5:7d:32:
++ e8:f7:f7:1e:04:46:9e:08:cd:cb:ec:e2:9a:c3:35:
++ 3f:ce:a1:01:e3:10:0a:ec:d9:ab:13:09:eb:e6:39:
++ 6b:92:30:c7:08:bd:8a:32:ef:0b:b2:61:6f:11:43:
++ 95:cf:31:ea:19:01:cc:1a:6d:d2:d5:57:35:da:c0:
++ ae:46:39:d3:33:ed:f8:c0:1e:ad:3d:68:6f:a8:53:
++ 24:ac:d6:f9:dd:2b:51:50:77:e4:b7:5d:ad:48:80:
++ 5d:65:57:e5:eb:07:82:7d:cb:72:4f:06:6a:34:d4:
++ 38:c8:6b:ed:8a:3a:68:5e:35:e3:78:14:da:5d:86:
++ 9f:e5:d4:1c:dd:90:c2:7c:a2:00:d4:95:65:04:85:
++ ff:83
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+@@ -44,42 +43,42 @@ Certificate:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+- AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ 12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+ Signature Algorithm: sha1WithRSAEncryption
+- 86:1f:9d:dd:45:11:c8:6b:f1:97:1a:f0:25:b2:0c:f7:1f:58:
+- c4:6a:a5:56:07:32:cb:2d:7a:8c:ae:47:1e:7d:e7:73:6c:3b:
+- 96:1e:75:b4:e5:89:05:a7:7e:b6:52:56:5a:e2:6b:38:e4:18:
+- 3c:64:6f:be:bd:d3:01:76:b4:83:7f:7a:1e:9c:cb:40:1b:9a:
+- dd:43:cb:9a:db:8a:f8:76:50:ab:ad:85:7f:cf:3a:6f:4b:e2:
+- 27:b0:8c:a9:0a:e0:d8:45:00:05:5e:29:ab:a0:8a:78:e5:09:
+- 89:48:8a:0d:42:49:1e:ad:c2:85:2f:29:9d:af:2e:c8:ef:b9:
+- dc:74:33:eb:e9:45:e9:a2:b3:00:ba:76:0b:74:59:c9:a8:96:
+- 4c:f3:cd:9b:34:5a:4a:87:b2:6a:52:74:5b:be:f3:81:f8:32:
+- d0:1f:c9:cc:9f:8a:6a:eb:6e:f3:6d:2c:54:20:86:f6:87:62:
+- c0:ed:55:03:9d:97:a9:5a:ae:39:a0:7e:e4:a6:95:e9:26:19:
+- 91:e6:0f:b6:18:f7:49:6c:a7:ce:fd:c1:04:c2:f9:27:27:4c:
+- 59:e9:bf:7a:f6:65:a0:d9:a0:71:a6:54:c6:6f:9a:5d:23:19:
+- 57:49:59:2c:06:91:3e:28:9b:c1:6f:f2:2d:9a:24:a7:0b:da:
+- cd:cc:f3:bc
++ d4:d0:22:19:78:2e:2e:1d:83:c6:79:89:c1:a8:23:43:4e:86:
++ 76:16:31:bd:b7:c0:44:2c:b9:2c:79:99:2f:02:48:33:1e:a7:
++ d7:0e:d9:f1:cb:ed:39:1a:34:b3:50:af:c9:8d:64:bf:ff:72:
++ 1b:1d:e0:5d:40:3b:b5:00:7c:d1:78:ff:45:ee:d9:05:3f:32:
++ f6:cd:f4:d3:79:58:d8:44:94:65:f5:c3:a9:5d:d8:13:d9:57:
++ e7:13:18:fa:f3:72:0b:cf:a3:4a:f4:6e:5e:74:30:3c:cb:76:
++ 28:f9:44:9a:ba:3e:b7:3e:01:79:3e:cb:5c:df:5a:d4:6c:34:
++ aa:bd:c0:6d:25:85:e5:28:f6:15:e1:9d:af:a7:f7:a7:6c:2a:
++ 1d:1d:93:1e:89:71:66:c7:0b:e4:ce:36:c1:21:c4:73:5d:2b:
++ 24:a9:3d:26:df:1c:e8:60:69:e3:82:98:c3:5b:91:9e:da:bd:
++ 27:ee:e0:fd:64:ea:7d:35:91:fd:5e:1e:33:82:24:39:7b:49:
++ af:23:05:fc:6e:53:7e:07:69:f4:e7:e3:1f:f0:1c:59:87:4c:
++ b6:74:c9:60:ed:f5:ab:a0:31:8a:05:d4:64:9f:1e:16:b6:9f:
++ f8:7e:0d:ac:b7:d9:16:b9:b3:bc:0b:03:6b:24:e9:46:81:dc:
++ d8:52:63:75
+ -----BEGIN CERTIFICATE-----
+-MIIDkDCCAnigAwIBAgIGC5iU9aumMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDkjCCAnqgAwIBAgIGDPpgvFFAMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzY0NloXDTI2MTAzMDIxMzY0NlowZzELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-JTAjBgNVBAMMHE5vdGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqG
+-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqQrvdgZ9/ng68Q5AbcJbro+Nf/DViZ5C
+-KvAXlNkuZ8ctARyVo7GmhtQSPEc6cOZ7HxEG03Ou38okGQPkYgrrZ9Tc750t4IJ3
+-/iowWvtX5bhPNlJML1etEmqUPuRIp62lwDrQTgCZiI+9SnC+O1tr/15vKW0Mp1VK
+-4kPnSQ+ZVFlogTTYqfvIDRRaQMtwHvU7wEI5BvljrdkpFFOvQhAdGJW2FYrYQdg3
+-MQqXWhsQkKwd/25xM2t+iBgg7b41/+dpSAXAeC4ERvTCjU1wbkL6k+vOEjvR9c4/
+-KVyMvVmD5KHBPI4+OFXzmRiw3/Z0yY4o9DgNRSDW28BzouaMbpifAgMBAAGjQjBA
+-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBStPuI5
+-B7hcqiaQlEwmaSGD4k42lDANBgkqhkiG9w0BAQUFAAOCAQEAhh+d3UURyGvxlxrw
+-JbIM9x9YxGqlVgcyyy16jK5HHn3nc2w7lh51tOWJBad+tlJWWuJrOOQYPGRvvr3T
+-AXa0g396HpzLQBua3UPLmtuK+HZQq62Ff886b0viJ7CMqQrg2EUABV4pq6CKeOUJ
+-iUiKDUJJHq3ChS8pna8uyO+53HQz6+lF6aKzALp2C3RZyaiWTPPNmzRaSoeyalJ0
+-W77zgfgy0B/JzJ+Kautu820sVCCG9odiwO1VA52XqVquOaB+5KaV6SYZkeYPthj3
+-SWynzv3BBML5JydMWem/evZloNmgcaZUxm+aXSMZV0lZLAaRPiibwW/yLZokpwva
+-zczzvA==
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0zMTA4MjQxNTA3MTFaMGgxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjCCASIwDQYJ
++KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFM2XQapKNCV6R6LnQCCElqah3b3sND
++1khgEjDt1m50FoEWTlC5bLk2DRmk94WZQEYmRjOGzgwnceSPD7Q6mW2veEi3y8TT
++YH3QF28jvInAvBa4lPCyEI3I4DWX7Y/G25vNqvaMRdwP7qB4Er72ffT3toxO5X0y
++6Pf3HgRGngjNy+zimsM1P86hAeMQCuzZqxMJ6+Y5a5Iwxwi9ijLvC7JhbxFDlc8x
++6hkBzBpt0tVXNdrArkY50zPt+MAerT1ob6hTJKzW+d0rUVB35LddrUiAXWVX5esH
++gn3Lck8GajTUOMhr7Yo6aF4143gU2l2Gn+XUHN2QwnyiANSVZQSF/4MCAwEAAaNC
++MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLK
++uktGBKd1iizoDlSUvBJlpnvOMA0GCSqGSIb3DQEBBQUAA4IBAQDU0CIZeC4uHYPG
++eYnBqCNDToZ2FjG9t8BELLkseZkvAkgzHqfXDtnxy+05GjSzUK/JjWS//3IbHeBd
++QDu1AHzReP9F7tkFPzL2zfTTeVjYRJRl9cOpXdgT2VfnExj683ILz6NK9G5edDA8
++y3Yo+USauj63PgF5Pstc31rUbDSqvcBtJYXlKPYV4Z2vp/enbCodHZMeiXFmxwvk
++zjbBIcRzXSskqT0m3xzoYGnjgpjDW5Ge2r0n7uD9ZOp9NZH9Xh4zgiQ5e0mvIwX8
++blN+B2n05+Mf8BxZh0y2dMlg7fWroDGKBdRknx4Wtp/4fg2st9kWubO8CwNrJOlG
++gdzYUmN1
+ -----END CERTIFICATE-----
+diff --git a/tests/certs/EdelCurlRoot-ca.csr b/tests/certs/EdelCurlRoot-ca.csr
+index 2df94f5..7d5e300 100644
+--- a/tests/certs/EdelCurlRoot-ca.csr
++++ b/tests/certs/EdelCurlRoot-ca.csr
+@@ -1,17 +1,17 @@
+ -----BEGIN CERTIFICATE REQUEST-----
+-MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
+-cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJTAjBgNVBAMMHE5vdGhlcm4g
+-Tm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+-AoIBAQDBqQrvdgZ9/ng68Q5AbcJbro+Nf/DViZ5CKvAXlNkuZ8ctARyVo7GmhtQS
+-PEc6cOZ7HxEG03Ou38okGQPkYgrrZ9Tc750t4IJ3/iowWvtX5bhPNlJML1etEmqU
+-PuRIp62lwDrQTgCZiI+9SnC+O1tr/15vKW0Mp1VK4kPnSQ+ZVFlogTTYqfvIDRRa
+-QMtwHvU7wEI5BvljrdkpFFOvQhAdGJW2FYrYQdg3MQqXWhsQkKwd/25xM2t+iBgg
+-7b41/+dpSAXAeC4ERvTCjU1wbkL6k+vOEjvR9c4/KVyMvVmD5KHBPI4+OFXzmRiw
+-3/Z0yY4o9DgNRSDW28BzouaMbpifAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
+-eFMy55kFke/e9mrGloRUh1o8dxmzSiVwVCw5DTZQzTFNAMSOZXIId8k2IeHSUd84
+-ZyJ1UNyJn2EFcwgaYaMtvZ8xMWR2W0C7lBvOOcjvWmiGze9F2Z5XMQzL8cjkK4jW
+-RKIq9b0W6TC8lLO5F2eJpW6BoTQ8cBCDiVIDlCm7xZxPRjHowuyM0Tpewq2PltC1
+-p8DbQipZWl5LPaHBSZSmIuUgOBU9porH/Vn0oWXxYfts59103VJY5YKkdz0PiqqA
+-5kWYCMFDZyL+nZ2aIol4r8nXkN9MuPOU12aHqPGcDlaGS2i5zfm2Ywsg110k+NCk
+-AmqhjnrQjvJhif3rGO4+qw==
++MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
++cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAkBgNVBAMMHU5vcnRoZXJu
++IE5vd2hlcmUgVHJ1c3QgQW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
++CgKCAQEA4UzZdBqko0JXpHoudAIISWpqHdvew0PWSGASMO3WbnQWgRZOULlsuTYN
++GaT3hZlARiZGM4bODCdx5I8PtDqZba94SLfLxNNgfdAXbyO8icC8FriU8LIQjcjg
++NZftj8bbm82q9oxF3A/uoHgSvvZ99Pe2jE7lfTLo9/ceBEaeCM3L7OKawzU/zqEB
++4xAK7NmrEwnr5jlrkjDHCL2KMu8LsmFvEUOVzzHqGQHMGm3S1Vc12sCuRjnTM+34
++wB6tPWhvqFMkrNb53StRUHfkt12tSIBdZVfl6weCfctyTwZqNNQ4yGvtijpoXjXj
++eBTaXYaf5dQc3ZDCfKIA1JVlBIX/gwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
++ANpolqnyNQ2zhqURf1ImBOTKLqN77neGe01rdkMrQfNP+ZSr5pxcoOZgMjUGrhyQ
++C6RWexcjwMFvr+16bsEyiBgw/PxTziw6ozvJZkDVQanKZet9+6o8P6AzfjOfwIiU
++8OkLYDaNJ0M807fTNFWdt/yDY1WNfNAxIX3gMMJ1dRvvLvgIJVE4RRAaW/pEMHky
++sQTfExs99Xooqh3E6CWyR1bVHWuid0a02LcD2Q0bKTBmi3xyBjEaq3vXxS6j1fDs
++aWpwznwuuX+J7K+MHYJH9DQIg/QY6rQzxokZ92wJGFdzL3m+kou6++OAPu1plpTL
++im5n/e87gdjerEJgCqoP4S8=
+ -----END CERTIFICATE REQUEST-----
+diff --git a/tests/certs/EdelCurlRoot-ca.key b/tests/certs/EdelCurlRoot-ca.key
+index 9a1303a..bf46d1e 100644
+--- a/tests/certs/EdelCurlRoot-ca.key
++++ b/tests/certs/EdelCurlRoot-ca.key
+@@ -1,27 +1,27 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIIEowIBAAKCAQEAwakK73YGff54OvEOQG3CW66PjX/w1YmeQirwF5TZLmfHLQEc
+-laOxpobUEjxHOnDmex8RBtNzrt/KJBkD5GIK62fU3O+dLeCCd/4qMFr7V+W4TzZS
+-TC9XrRJqlD7kSKetpcA60E4AmYiPvUpwvjtba/9ebyltDKdVSuJD50kPmVRZaIE0
+-2Kn7yA0UWkDLcB71O8BCOQb5Y63ZKRRTr0IQHRiVthWK2EHYNzEKl1obEJCsHf9u
+-cTNrfogYIO2+Nf/naUgFwHguBEb0wo1NcG5C+pPrzhI70fXOPylcjL1Zg+ShwTyO
+-PjhV85kYsN/2dMmOKPQ4DUUg1tvAc6LmjG6YnwIDAQABAoIBAEQculXigwIJYCwK
+-4GJUuEkaqi6wUvonvtuy0mLY3VHu+iSgAXe37SGOxkPro3mwf7/J+2kVMdjNqQDt
+-M2s9+G03Ray3MecS0ZB2ekwrk78kcqCZkHRvKj0a/xVI0W2kW/SyGX1uEdPuLe/7
+-oI+nvM3NMV+TiGEs8Vi3H/7WuX/JiEpBFNtgKqlT1ZdTblj+igrAT30on9FBfOyo
+-NtkxIL7YY1TAZ7YjdpZWrAAyo7gBjXAmeslnJ9IHzKPBsuSXQ4A7JjGOAGyv3INi
+-D8mwoa/8pNaZTxFCCRnvezA3JvVa4gWigZtb0JX5Z+H1nERZWoJq4Cj4kMa3ERuC
+-iyVXijECgYEA4q5bkQTrQ7liRCrNETmbVspmbuBc6XaAFrYwbrxlzvl2nyumCgKg
+-GaPeP2Skh5nPz+1x1EXmYAqXsAfLoE4z6kk1D1Ws4FWxxaAuwlWTmoJ2HXl2dcbR
+-f0HLgQ/oswYtNVaP7HASmEf5Y3DeGLDrojh1aOE8kq/MpBHsO28qTA0CgYEA2rVV
+-eTfj4VV5tpVlfiU5D947qIERVwIQ+FW8Epokwct1VgUeWwXMQFJFX6KWQdkB+Ktj
+-vknBSrN+VmwBMMhuUTpMxvaZFL5UCyLUUt2K8azNDdg9FcfH8dSZnnNoo8aH9k6A
+-v5gFk+QQ7VgGVBeLv22PG1zknj4SsGZhzx9H0FsCgYB/8uq8cIpbL8jHsWEO1/VW
+-h+hJrVrEbJ7gMvYjizPsH+NU9M5D2DeGQXixT52O7MLgGqalqs7eZxw3wC6vzXSA
+-SdIpVbK+7Z/qbP/3sVYfYIRLHsQ+tnqJ2hmEP/aZFmNuN+4FBz13tyiNeKfkR/i5
+-GCUtjfUi1xgrg/JTmevGAQKBgQC9QEh0Gj7gj9xAeEpYu9ECwCUTjIv6pFkW6ulR
+-l3zTDUG9a7R2wy+ZQReyx7gJxsSD75rh4GSYRXW/RrpJAkcjlrU1PdH9Nyz2be8Y
+-vYgr1IGjx0gkfrmvs24yxF75ySOBqTCTmfLJpIJZPuBLCAzvWtiIrvtNSx1U82MT
+-nVfBHQKBgDJZQmr5lqdo5Zv/VP+w+VtxeX2oCgw7Mn56TW4IzDEL6ly+sKNNs+Ji
+-pp/c2XYw24o7318yV70oWVWscay1SOjK7RdoCat590iuTGMSYyY8pMkgK+QuDqDe
+-1Hhyb0iPorMS5wZXx/TROS4+4GOIHLAtZOZ8B+20tczp7HGqUIK1
++MIIEpAIBAAKCAQEA4UzZdBqko0JXpHoudAIISWpqHdvew0PWSGASMO3WbnQWgRZO
++ULlsuTYNGaT3hZlARiZGM4bODCdx5I8PtDqZba94SLfLxNNgfdAXbyO8icC8FriU
++8LIQjcjgNZftj8bbm82q9oxF3A/uoHgSvvZ99Pe2jE7lfTLo9/ceBEaeCM3L7OKa
++wzU/zqEB4xAK7NmrEwnr5jlrkjDHCL2KMu8LsmFvEUOVzzHqGQHMGm3S1Vc12sCu
++RjnTM+34wB6tPWhvqFMkrNb53StRUHfkt12tSIBdZVfl6weCfctyTwZqNNQ4yGvt
++ijpoXjXjeBTaXYaf5dQc3ZDCfKIA1JVlBIX/gwIDAQABAoIBAQDGGcWGgjrLVnUr
++qUcZOARDUW9XK9IWjZpn7xlvrmECo8552Lwp3LDNtcoVB2mhLhxG0jad7eVU6IYL
++ewNK7M+lk0lHX1yrh1Trq0I/tgN8eFyp+cj0Tw2hLcR/O0RmTGsi9tdhi/uNQPEI
++ZivNf31HHVyEyIae7FnOVpotFk6022EElQd8F8GeeKpo9pQs8sHAVOUVC8Mf2sr+
++bFyo9nzU0XkSay72ozU9O5Iw2d5aVrN5f3NS+JG9OpzvouNwkaAMOUsLVvZlUTqY
++0ve5CY2rB3D72h4GJfM2aHi8hwj56yBOsyIhBSXNYJM8nXKEbJaK5ulVv/a7KKTk
++KzSdk/mJAoGBAPXPLLJgx0mZKXNXqSvSsvgVzcpLrJh8figoF4rMzq8+5bN9Y6KU
++Lvb2ODIm/oGCIiGDdFTYqBJ0/EpauaAJgdzIwYnMZXmVB97pmwni9KrDPDwWTOqS
++3Yzh0t4C8DAgwZE4X6Ad/fmn7V06dfJZZJynL9exPp8RF7ptJ2yOnlbdAoGBAOqk
++AfRWuPGeZL9rFkd45+j03MDHglE2xKhsbRobHANItHo7r26D/Ov7QkM+lGlqdrNg
++tTPPtHs50Ek+Sb0X31/Fj45IqQroxctpbZAaJchVl88tvKXA8fkk14a9GLiow3Bk
++UGA5DFRmsIMXEengzRJoxcHAbbciGWdeSneH49nfAoGAVMypHcyXU8Ob8ieuu+iP
++R1i2SvC6VUy1dQMHxCGNuBVZxwcd5Ut7vEUK8/pR2LndLnScIF0x9lQXaUtNOHGv
++NEypv/EcnMoWEgfDLbD3OSXrVMtYs6ABAIYzadXXqLLUNFYfXyyZnpQZJg1x/S5r
++sENZFO8XrGaIKg9YB3JYG50CgYBUQweMpmQOKNKHRz6d9hZaOyzXcg4jeiaPUTiw
++6lFaAI8HYk2yw2VdnUKDgYKshJYR/sWz0IBAzFc3Jk42wM7vxrOx5fgGuebmEHtP
++B4TP96TnusYHRE3hKdDYSyoIjlp5Dx0qIPKDkMkMmolNUvRyCvwRgzgjTvSOgXb+
++i+dQQwKBgQCKn04xYbhkMOiHxNP/DUf6+XmV1V7KbpjIySychbxcTKCV98c9q491
++YjF8FJgi2JdV5XOHWaKti2Qg/tYz7CBtqkQdeNjtfKkOUA8ZyZeiNZdPIza9tzmr
++t6mCthH1oT3jyiddhSYxyfUBW3olPhBPj8YBblmq1QHE8y2j3CNjvw==
+ -----END RSA PRIVATE KEY-----
+diff --git a/tests/certs/EdelCurlRoot-ca.prm b/tests/certs/EdelCurlRoot-ca.prm
+index 4c53ef5..d0eff48 100644
+--- a/tests/certs/EdelCurlRoot-ca.prm
++++ b/tests/certs/EdelCurlRoot-ca.prm
+@@ -10,7 +10,7 @@ countryName_value = NN
+ organizationName = "Organization Name"
+ organizationName_value = Edel Curl Arctic Illudium Research Cloud
+ commonName = "Common Name"
+-commonName_value = Nothern Nowhere Trust Anchor
++commonName_value = Northern Nowhere Trust Anchor
+ [ x509v3 ]
+ basicConstraints = critical,CA:true
+ keyUsage = critical,keyCertSign,cRLSign
+diff --git a/tests/certs/Makefile.am b/tests/certs/Makefile.am
+index cd35bdf..3337276 100644
+--- a/tests/certs/Makefile.am
++++ b/tests/certs/Makefile.am
+@@ -37,7 +37,6 @@ CERTFILES = \
+ Server-localhost-sv.der \
+ Server-localhost-sv.dhp \
+ Server-localhost-sv.key \
+- Server-localhost-sv.p12 \
+ Server-localhost-sv.pem \
+ Server-localhost-sv.prm \
+ Server-localhost.nn-sv.crl \
+@@ -54,7 +53,6 @@ CERTFILES = \
+ Server-localhost0h-sv.der \
+ Server-localhost0h-sv.dhp \
+ Server-localhost0h-sv.key \
+- Server-localhost0h-sv.p12 \
+ Server-localhost0h-sv.pem \
+ Server-localhost0h-sv.prm
+
+diff --git a/tests/certs/Server-localhost-sv.crl b/tests/certs/Server-localhost-sv.crl
+index 804655d..3e75229 100644
+--- a/tests/certs/Server-localhost-sv.crl
++++ b/tests/certs/Server-localhost-sv.crl
+@@ -1,12 +1,21 @@
+ -----BEGIN X509 CRL-----
+-MIIB2zCBxAIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJOTjExMC8GA1UE
+-CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDElMCMG
+-A1UEAwwcTm90aGVybiBOb3doZXJlIFRydXN0IEFuY2hvchcNMTAwNTI3MjEzNzEx
+-WhcNMTAwNjI2MjEzNzExWjAZMBcCBguYlPl8ahcNMTAwNTI3MjEzNzExWqAOMAww
+-CgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAFuPZJ/cNNCeAzkSxVvPPPRX
+-Wsv9T6Dt61C5Fmq9eSNN2kRf7/dq5A5nqTIlHbXXiLdj3UqNhUHXe2oA1UpbdHz9
+-0JlfwWm1Y/gMr1fh1n0oFebEtCuOgDRpd07Uiz8AqOUBykDNDUlMvVwR9raHL8hj
+-NRwzugsfIxl0CvLLqrBpUWMxW3qemk4cWW39yrDdZgKo6eOZAOR3FQYlLIrw6Jcr
+-Kmm0PjdcJIfRgJvNysgyx1dIIKe7QXvFTR/QzdHWIWTkiYIW7wUKSzSICvDCr094
+-eo3nr3n9BtOqT61Z1m6FGCP6Mm0wFl6xLTCNd6ygfFo7pcAdWlUsdBgKzics0Kc=
++MIIDbzCCAlcCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
++BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
++BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0xNTAzMjExNTA3
++MTFaFw0xNTA0MjAxNTA3MTFaMIIBqTAXAgYM+ly45CIXDTE1MDMyMTEzMTQ1N1ow
++FwIGDPpcwXH8Fw0xNTAzMjExMzE1NTNaMBcCBgz6XO7ujBcNMTUwMzIxMTMyMDUx
++WjAXAgYM+lzu7p0XDTE1MDMyMTEzMjA1MVowFwIGDPpc7u6uFw0xNTAzMjExMzIw
++NTFaMBcCBgz6XZyD1RcNMTUwMzIxMTMzOTQ5WjAXAgYM+l4OXa8XDTE1MDMyMTEz
++NTIxNVowFwIGDPpeJlPZFw0xNTAzMjExMzU0NTJaMBcCBgz6XiZT6hcNMTUwMzIx
++MTM1NDUyWjAXAgYM+l4mU/sXDTE1MDMyMTEzNTQ1MlowFwIGDPpemKKEFw0xNTAz
++MjExNDA3MjFaMBcCBgz6XpiilRcNMTUwMzIxMTQwNzIxWjAXAgYM+l6YoqYXDTE1
++MDMyMTE0MDcyMVowFwIGDPpffssxFw0xNTAzMjExNDMyMzBaMBcCBgz6X37yUxcN
++MTUwMzIxMTQzMjMxWjAXAgYM+l9+8mYXDTE1MDMyMTE0MzIzMVowFwIGDPpgvFFL
++Fw0xNTAzMjExNTA3MTFaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOC
++AQEAllslrhWUoq49PC+KQghVDAeFREP3pKPUlSebVVR8PCtCKrFtc53dUaTl8qhK
++1wOLodr80lfr2kEgzTEDt2CfXryl3orLPeMWe0OWTBsPbuwj+d7m3uq4B43laqJn
++JM5ebRvzHWMJkVNkwiXiadPTW5ZMUqu2Bs97rdcjklUrEcamf9aMLqb6sPGtU4EO
++o/GxGW2eypYwncFmzAc5W3NDRePGPhN5rUDfqm5Id4T9FKmGcNmI7qlLQi+jp23F
++V6RvrqANIemopQQ4kYGy7pzilDYm6+R+fPCIh2H/0eqCDY8NdjygXtWW+pJ58axV
++MPZ2mFPcH5UHiqmi8kRstnA8KQ==
+ -----END X509 CRL-----
+diff --git a/tests/certs/Server-localhost-sv.crt b/tests/certs/Server-localhost-sv.crt
+index 9a3d944..abf6924 100644
+--- a/tests/certs/Server-localhost-sv.crt
++++ b/tests/certs/Server-localhost-sv.crt
+@@ -1,16 +1,15 @@
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:94:f9:7c:6a
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311627 (0xcfa60bc514b)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:37:11 2010 GMT
+- Not After : Aug 13 21:37:11 2018 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Jun 7 15:07:11 2023 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+@@ -19,63 +18,63 @@ Certificate:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+- 00:b0:27:79:26:2c:b9:e4:d1:81:0a:09:d2:76:fe:
+- 9a:e1:05:68:01:b3:72:77:97:38:e4:60:1c:71:9d:
+- 99:f7:26:7b:21:b5:6d:aa:9f:14:76:07:6c:a4:2a:
+- 2d:7d:ee:f6:6f:8a:58:c4:93:de:fe:a1:25:0f:ff:
+- 57:49:c0:d9:94:d9:07:79:bf:8c:6d:fa:f1:18:82:
+- 67:a0:3f:d7:31:03:82:ec:b9:39:69:07:ec:ec:93:
+- 17:5b:1a:72:91:93:b2:6b:98:66:63:fe:61:29:e7:
+- ad:86:0e:04:ba:bf:8b:55:57:61:a5:4a:f6:ca:e7:
+- c6:d1:b8:65:42:ab:67:64:17
++ 00:ba:5f:4b:69:74:31:99:4d:f4:b4:b7:2a:65:b8:
++ b7:31:c1:38:cf:36:37:bb:5e:18:e3:52:1f:52:aa:
++ 5a:25:2f:0c:66:88:32:b0:ef:b2:2c:90:38:5e:6e:
++ 6f:0e:e4:3b:3f:f0:2e:f1:7a:3d:5e:c3:64:86:3f:
++ 68:b7:cf:0b:b3:ea:0a:ca:94:16:d4:2b:6a:02:e3:
++ a1:b3:c7:d1:d0:06:b8:ff:df:dc:e0:32:2a:e7:dd:
++ 62:cc:71:c4:e8:cf:9d:de:5c:75:69:9d:b6:ce:e2:
++ 42:d8:a7:bd:50:54:78:2d:55:67:7f:00:7b:8f:9c:
++ 11:d1:9e:ce:be:1e:fe:cf:37
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+- Key Encipherment
++ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+- BC:69:86:84:70:3A:AD:DE:08:2A:70:C6:3B:47:8C:11:3F:E0:9A:6D
++ 7E:42:8D:AC:2E:93:AD:4C:E0:09:AC:C6:08:F1:82:E0:B7:B7:C6:7F
+ X509v3 Authority Key Identifier:
+- keyid:AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+- X509v3 Basic Constraints: critical
++ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+- 7b:f0:b0:a0:d9:d0:91:38:9b:fe:cf:78:c8:d6:30:5d:87:9d:
+- b3:b9:6e:8b:5a:73:74:93:cb:30:49:d1:00:79:9d:5a:c2:71:
+- a3:93:5f:de:d3:5a:0c:fb:6d:41:83:89:1b:4f:0d:1c:65:0c:
+- 1a:0c:0f:96:79:62:90:e1:74:04:dd:c6:d8:cf:0f:5f:0f:28:
+- 87:d7:86:56:90:b4:d0:88:80:f1:a7:cd:fd:0b:13:58:bb:6d:
+- e6:ab:44:f6:9b:d6:cc:c7:db:3d:3a:90:c4:20:72:f4:38:38:
+- c0:ef:80:1d:60:3f:4e:30:40:11:56:29:70:aa:17:91:90:5f:
+- 70:0b:89:51:af:17:a8:ed:20:4e:76:bb:cf:a8:88:9a:25:0f:
+- 3a:96:26:17:50:2a:af:f3:8b:21:9c:cf:ff:f9:20:fc:fe:c0:
+- 37:95:c7:cd:0d:7a:53:d9:26:12:38:2c:f6:03:95:1b:da:d0:
+- 08:f7:32:91:07:a7:35:0c:14:00:44:c7:43:fb:23:2e:14:44:
+- e6:ee:a9:c9:20:37:09:b8:ae:21:4f:4b:b7:86:4d:e3:41:84:
+- 15:4e:1a:29:00:03:a8:92:99:3c:75:ea:43:0f:e3:2b:f7:17:
+- b1:1b:87:80:04:d3:a7:73:b1:5e:85:38:7d:89:01:16:19:f6:
+- c4:e1:1b:75
++ 00:fe:c4:fc:4b:28:b8:bc:39:8c:6f:f1:72:d3:76:da:28:27:
++ e2:97:94:bb:ad:2f:91:c4:db:df:33:4b:48:4e:97:5b:4c:4c:
++ be:fc:e4:b7:19:5c:b8:83:6e:ef:2c:b0:d5:7c:fc:0d:cb:7e:
++ 29:ed:fd:4d:ef:05:1c:89:15:31:78:9b:18:29:d3:37:83:c7:
++ 39:f4:78:27:b7:00:75:d1:fb:f0:29:88:79:e4:e9:a7:d4:65:
++ 04:bf:d5:a1:dc:05:b2:17:c4:a9:da:61:10:22:5f:8f:50:fc:
++ 1f:ab:f6:39:dd:ab:35:a6:94:54:63:5c:6d:25:f0:dc:3a:0a:
++ 70:4e:49:ef:be:fa:2c:0a:cd:ce:a6:2d:26:cd:f8:24:89:77:
++ 2c:ea:6e:19:b6:5c:8c:1a:08:ea:a8:9f:2c:1b:c7:fc:13:6c:
++ fe:a7:90:08:e5:98:83:30:52:86:ac:83:0b:cb:25:92:21:94:
++ 80:13:d7:e8:d0:42:56:83:55:d3:09:9b:e8:c5:96:82:15:64:
++ 6b:83:77:eb:99:e5:52:dc:1b:36:29:a0:c9:da:8b:d3:0d:77:
++ 24:f2:c3:df:2e:c4:93:e0:34:47:a9:9b:54:d3:75:d5:c7:de:
++ 88:a1:ef:7b:40:2f:dc:e9:28:8c:69:be:eb:71:4a:c2:30:50:
++ 99:36:52:69
+ -----BEGIN CERTIFICATE-----
+-MIIDQTCCAimgAwIBAgIGC5iU+XxqMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDPzCCAiegAwIBAgIGDPpgvFFLMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzcxMVoXDTE4MDgxMzIxMzcxMVowVDELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+-sCd5Jiy55NGBCgnSdv6a4QVoAbNyd5c45GAccZ2Z9yZ7IbVtqp8UdgdspCotfe72
+-b4pYxJPe/qElD/9XScDZlNkHeb+MbfrxGIJnoD/XMQOC7Lk5aQfs7JMXWxpykZOy
+-a5hmY/5hKeethg4Eur+LVVdhpUr2yufG0bhlQqtnZBcCAwEAAaOBiTCBhjAUBgNV
+-HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF
+-BwMBMB0GA1UdDgQWBBS8aYaEcDqt3ggqcMY7R4wRP+CabTAfBgNVHSMEGDAWgBSt
+-PuI5B7hcqiaQlEwmaSGD4k42lDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA
+-A4IBAQB78LCg2dCROJv+z3jI1jBdh52zuW6LWnN0k8swSdEAeZ1awnGjk1/e01oM
+-+21Bg4kbTw0cZQwaDA+WeWKQ4XQE3cbYzw9fDyiH14ZWkLTQiIDxp839CxNYu23m
+-q0T2m9bMx9s9OpDEIHL0ODjA74AdYD9OMEARVilwqheRkF9wC4lRrxeo7SBOdrvP
+-qIiaJQ86liYXUCqv84shnM//+SD8/sA3lcfNDXpT2SYSOCz2A5Ub2tAI9zKRB6c1
+-DBQARMdD+yMuFETm7qnJIDcJuK4hT0u3hk3jQYQVThopAAOokpk8depDD+Mr9xex
+-G4eABNOnc7FehTh9iQEWGfbE4Rt1
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFQxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
++ALpfS2l0MZlN9LS3KmW4tzHBOM82N7teGONSH1KqWiUvDGaIMrDvsiyQOF5ubw7k
++Oz/wLvF6PV7DZIY/aLfPC7PqCsqUFtQragLjobPH0dAGuP/f3OAyKufdYsxxxOjP
++nd5cdWmdts7iQtinvVBUeC1VZ38Ae4+cEdGezr4e/s83AgMBAAGjgYYwgYMwFAYD
++VR0RBA0wC4IJbG9jYWxob3N0MAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEF
++BQcDATAdBgNVHQ4EFgQUfkKNrC6TrUzgCazGCPGC4Le3xn8wHwYDVR0jBBgwFoAU
++Esq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOC
++AQEAAP7E/EsouLw5jG/xctN22ign4peUu60vkcTb3zNLSE6XW0xMvvzktxlcuINu
++7yyw1Xz8Dct+Ke39Te8FHIkVMXibGCnTN4PHOfR4J7cAddH78CmIeeTpp9RlBL/V
++odwFshfEqdphECJfj1D8H6v2Od2rNaaUVGNcbSXw3DoKcE5J7776LArNzqYtJs34
++JIl3LOpuGbZcjBoI6qifLBvH/BNs/qeQCOWYgzBShqyDC8slkiGUgBPX6NBCVoNV
++0wmb6MWWghVka4N365nlUtwbNimgydqL0w13JPLD3y7Ek+A0R6mbVNN11cfeiKHv
++e0Av3OkojGm+63FKwjBQmTZSaQ==
+ -----END CERTIFICATE-----
+diff --git a/tests/certs/Server-localhost-sv.csr b/tests/certs/Server-localhost-sv.csr
+index a8773f5..f919409 100644
+--- a/tests/certs/Server-localhost-sv.csr
++++ b/tests/certs/Server-localhost-sv.csr
+@@ -1,11 +1,11 @@
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy
+ Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0
+-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwJ3kmLLnk0YEKCdJ2/prhBWgB
+-s3J3lzjkYBxxnZn3JnshtW2qnxR2B2ykKi197vZviljEk97+oSUP/1dJwNmU2Qd5
+-v4xt+vEYgmegP9cxA4LsuTlpB+zskxdbGnKRk7JrmGZj/mEp562GDgS6v4tVV2Gl
+-SvbK58bRuGVCq2dkFwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAlIivGkhU8iph
+-eZQAaiwakIwPx1TPA3+Dl4tbStTr3Ludd8rjZMGPRXKU+wjvfhCmDlyk90yOun2C
+-lPIT8W/ibXNgRF1vz+eFofjM0hZtNPOX4G18wwD5y0OTr7obyqJPKAZsJZh6L3YE
+-aARr27RCoFv92hFwVr181wAU+bVCekA=
++MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6X0tpdDGZTfS0typluLcxwTjP
++Nje7XhjjUh9SqlolLwxmiDKw77IskDhebm8O5Ds/8C7xej1ew2SGP2i3zwuz6grK
++lBbUK2oC46Gzx9HQBrj/39zgMirn3WLMccToz53eXHVpnbbO4kLYp71QVHgtVWd/
++AHuPnBHRns6+Hv7PNwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAsJ+ypJAE5YiR
++A1niVNXKoqXmIQsXGJv9BA39AjT+cdqvdd+WTKCaZ9QXucDArhG9B9Dp66bfSgvT
++WVz6F85ju5HQekZrS2ZxdR1+muWAFE/vDgi22QwTysXvTWUfsqBQ0ZGEmdzyPJJq
++7AGzbAWx8JDhgGg2jStvQJBLhtYxhoY=
+ -----END CERTIFICATE REQUEST-----
+diff --git a/tests/certs/Server-localhost-sv.dhp b/tests/certs/Server-localhost-sv.dhp
+index b61c28b..e69de29 100644
+--- a/tests/certs/Server-localhost-sv.dhp
++++ b/tests/certs/Server-localhost-sv.dhp
+@@ -1,5 +0,0 @@
+------BEGIN DH PARAMETERS-----
+-MIGHAoGBAP5mA7oYimErFUulbvNC8V0HwyB62NCj6TZb6YXJwElCksQc8RyHnkrY
+-9Wx2+lduFqHjUWalgVF7Gma7CfR/pt+fiU6Jn2vWR2v7KT6hYeRKsJrONJlth+NK
+-V7/d4zyvleJ/VSp0TuuSxmMMQ6hG3i5YhSGXyCh4h0pl4Wu/hdVTAgEC
+------END DH PARAMETERS-----
+diff --git a/tests/certs/Server-localhost-sv.key b/tests/certs/Server-localhost-sv.key
+index 8ade26a..3540179 100644
+--- a/tests/certs/Server-localhost-sv.key
++++ b/tests/certs/Server-localhost-sv.key
+@@ -1,15 +1,15 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXQIBAAKBgQCwJ3kmLLnk0YEKCdJ2/prhBWgBs3J3lzjkYBxxnZn3JnshtW2q
+-nxR2B2ykKi197vZviljEk97+oSUP/1dJwNmU2Qd5v4xt+vEYgmegP9cxA4LsuTlp
+-B+zskxdbGnKRk7JrmGZj/mEp562GDgS6v4tVV2GlSvbK58bRuGVCq2dkFwIDAQAB
+-AoGBAKa0JHWZHC9MiSa71t5f4qiTGjOJ5AkDJocR4bkv4dZAJ4TmEqvGsnFkY08U
+-z0p/i95Q+eLG4eDtFYsHJU8Z343odktK99BUJzkDzqWT9RMzJ5Ykx6LbldJyW5NN
+-IwvhDuW3rq8fbCMr+NGe9chc1Rg2lrfeEJDwjki/drBQs7zpAkEA3R6QEcuST7Gq
+-JzjfU9uLD2tHLYZFNzS4dm4PvwC2aK7OdEOm7VkXFwUyP97QjwPV7fabrQ2QjwGg
+-ek+nVEdH9QJBAMvxFickez9eqgiMfZbfY8t5I+Dxz69ZVGsPvl/6xhiUvgxjREM7
+-EnScf86HwlBnteoUtMptAKu7Dbq5inPbkFsCQCV8FuRNZGJKNhQsGf/3Sd21S/21
+-s2omb9bz1YuFrWaVq74d8eBup/FpGhmlxilYdx2+Hqn5kLYNiozxj+ZDpzkCQQC8
+-7VJAYKNsSR3rXXra0Yd5b3e1Y02qe26g36zU7VOmYeTNRQhv38FxFamwgkOYiPsV
+-Jql0/RWqAVburAN+4OARAkB9FwUtKyhs7FM4N9bXi+c8m42hkBv+dSim534tPijS
+-UCcCONLEQTv4yjlCOwTKMVDoajkWH1A2e7psTmIR+zwc
++MIICXgIBAAKBgQC6X0tpdDGZTfS0typluLcxwTjPNje7XhjjUh9SqlolLwxmiDKw
++77IskDhebm8O5Ds/8C7xej1ew2SGP2i3zwuz6grKlBbUK2oC46Gzx9HQBrj/39zg
++Mirn3WLMccToz53eXHVpnbbO4kLYp71QVHgtVWd/AHuPnBHRns6+Hv7PNwIDAQAB
++AoGBAJdWRGVIPfJP1BJe3eWl3dRgI2JXk1/pY+pLSDYXMIYbM0Wa+RamPRdksPE1
++WadM+zPLNENP0L+/iERe/wiq7sNxKQLwH5eE3tUxC+iC8GO6gQ2zHaWVNu3R79CM
++t8YZhlmG2o+xC4CGYzuITgPE16m24CYauLZHO/YVDzG6yNApAkEA6K0db5bZmIaU
++TJW/jEnPJSubDx8kE1YncTOAKaAeoJwaaSfFphVKNGNrZHu3jBhKFgVNBNxGUWrW
++0pIkDrb3hQJBAM0N7+ghZ/7vaOoKqYHQI2z8SgPsUjQjmubCBALe/Ys3kg9PPpyz
++umJSAOYjC4X1dSlkAkciJqRS0Y6uKgSH4osCQQCVIWftft1GsnNYxt43t5MKOvGu
++doIz1pN/LcgmZddbj9IptfErqxedjl9lzxnstCDADnO3+ssjIfxAiKSNvd3VAkA3
++3yFMTbXpZ9BdXPRc05qjeoasVPr9C+qMD7dKFPpesZCRrVTxG6OgYJmwG0JriLsY
++wRBB05NV2N8SknAOdfwLAkEAw5Hqxc/Xlh6xhy9tBdJXDtuptV10mg6EbO98x9/7
++gyuAArSguhXna+aRqjLRelCwVB9f9aZ1XVoDKWVCsnfCbQ==
+ -----END RSA PRIVATE KEY-----
+diff --git a/tests/certs/Server-localhost-sv.pem b/tests/certs/Server-localhost-sv.pem
+index 86b48b3..6ef1fd5 100644
+--- a/tests/certs/Server-localhost-sv.pem
++++ b/tests/certs/Server-localhost-sv.pem
+@@ -1,11 +1,11 @@
+ extensions = x509v3
+ [ x509v3 ]
+ subjectAltName = DNS:localhost
+-keyUsage = keyEncipherment
++keyUsage = keyEncipherment,digitalSignature,keyAgreement
+ extendedKeyUsage = serverAuth
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid
+-basicConstraints = critical,CA:false
++basicConstraints = CA:false
+ [ req ]
+ default_bits = 1024
+ distinguished_name = req_DN
+@@ -24,33 +24,32 @@ commonName_value = localhost
+ # the certficate
+ # some dhparam
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXQIBAAKBgQCwJ3kmLLnk0YEKCdJ2/prhBWgBs3J3lzjkYBxxnZn3JnshtW2q
+-nxR2B2ykKi197vZviljEk97+oSUP/1dJwNmU2Qd5v4xt+vEYgmegP9cxA4LsuTlp
+-B+zskxdbGnKRk7JrmGZj/mEp562GDgS6v4tVV2GlSvbK58bRuGVCq2dkFwIDAQAB
+-AoGBAKa0JHWZHC9MiSa71t5f4qiTGjOJ5AkDJocR4bkv4dZAJ4TmEqvGsnFkY08U
+-z0p/i95Q+eLG4eDtFYsHJU8Z343odktK99BUJzkDzqWT9RMzJ5Ykx6LbldJyW5NN
+-IwvhDuW3rq8fbCMr+NGe9chc1Rg2lrfeEJDwjki/drBQs7zpAkEA3R6QEcuST7Gq
+-JzjfU9uLD2tHLYZFNzS4dm4PvwC2aK7OdEOm7VkXFwUyP97QjwPV7fabrQ2QjwGg
+-ek+nVEdH9QJBAMvxFickez9eqgiMfZbfY8t5I+Dxz69ZVGsPvl/6xhiUvgxjREM7
+-EnScf86HwlBnteoUtMptAKu7Dbq5inPbkFsCQCV8FuRNZGJKNhQsGf/3Sd21S/21
+-s2omb9bz1YuFrWaVq74d8eBup/FpGhmlxilYdx2+Hqn5kLYNiozxj+ZDpzkCQQC8
+-7VJAYKNsSR3rXXra0Yd5b3e1Y02qe26g36zU7VOmYeTNRQhv38FxFamwgkOYiPsV
+-Jql0/RWqAVburAN+4OARAkB9FwUtKyhs7FM4N9bXi+c8m42hkBv+dSim534tPijS
+-UCcCONLEQTv4yjlCOwTKMVDoajkWH1A2e7psTmIR+zwc
++MIICXgIBAAKBgQC6X0tpdDGZTfS0typluLcxwTjPNje7XhjjUh9SqlolLwxmiDKw
++77IskDhebm8O5Ds/8C7xej1ew2SGP2i3zwuz6grKlBbUK2oC46Gzx9HQBrj/39zg
++Mirn3WLMccToz53eXHVpnbbO4kLYp71QVHgtVWd/AHuPnBHRns6+Hv7PNwIDAQAB
++AoGBAJdWRGVIPfJP1BJe3eWl3dRgI2JXk1/pY+pLSDYXMIYbM0Wa+RamPRdksPE1
++WadM+zPLNENP0L+/iERe/wiq7sNxKQLwH5eE3tUxC+iC8GO6gQ2zHaWVNu3R79CM
++t8YZhlmG2o+xC4CGYzuITgPE16m24CYauLZHO/YVDzG6yNApAkEA6K0db5bZmIaU
++TJW/jEnPJSubDx8kE1YncTOAKaAeoJwaaSfFphVKNGNrZHu3jBhKFgVNBNxGUWrW
++0pIkDrb3hQJBAM0N7+ghZ/7vaOoKqYHQI2z8SgPsUjQjmubCBALe/Ys3kg9PPpyz
++umJSAOYjC4X1dSlkAkciJqRS0Y6uKgSH4osCQQCVIWftft1GsnNYxt43t5MKOvGu
++doIz1pN/LcgmZddbj9IptfErqxedjl9lzxnstCDADnO3+ssjIfxAiKSNvd3VAkA3
++3yFMTbXpZ9BdXPRc05qjeoasVPr9C+qMD7dKFPpesZCRrVTxG6OgYJmwG0JriLsY
++wRBB05NV2N8SknAOdfwLAkEAw5Hqxc/Xlh6xhy9tBdJXDtuptV10mg6EbO98x9/7
++gyuAArSguhXna+aRqjLRelCwVB9f9aZ1XVoDKWVCsnfCbQ==
+ -----END RSA PRIVATE KEY-----
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:94:f9:7c:6a
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311627 (0xcfa60bc514b)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:37:11 2010 GMT
+- Not After : Aug 13 21:37:11 2018 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Jun 7 15:07:11 2023 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+@@ -59,68 +58,63 @@ Certificate:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+- 00:b0:27:79:26:2c:b9:e4:d1:81:0a:09:d2:76:fe:
+- 9a:e1:05:68:01:b3:72:77:97:38:e4:60:1c:71:9d:
+- 99:f7:26:7b:21:b5:6d:aa:9f:14:76:07:6c:a4:2a:
+- 2d:7d:ee:f6:6f:8a:58:c4:93:de:fe:a1:25:0f:ff:
+- 57:49:c0:d9:94:d9:07:79:bf:8c:6d:fa:f1:18:82:
+- 67:a0:3f:d7:31:03:82:ec:b9:39:69:07:ec:ec:93:
+- 17:5b:1a:72:91:93:b2:6b:98:66:63:fe:61:29:e7:
+- ad:86:0e:04:ba:bf:8b:55:57:61:a5:4a:f6:ca:e7:
+- c6:d1:b8:65:42:ab:67:64:17
++ 00:ba:5f:4b:69:74:31:99:4d:f4:b4:b7:2a:65:b8:
++ b7:31:c1:38:cf:36:37:bb:5e:18:e3:52:1f:52:aa:
++ 5a:25:2f:0c:66:88:32:b0:ef:b2:2c:90:38:5e:6e:
++ 6f:0e:e4:3b:3f:f0:2e:f1:7a:3d:5e:c3:64:86:3f:
++ 68:b7:cf:0b:b3:ea:0a:ca:94:16:d4:2b:6a:02:e3:
++ a1:b3:c7:d1:d0:06:b8:ff:df:dc:e0:32:2a:e7:dd:
++ 62:cc:71:c4:e8:cf:9d:de:5c:75:69:9d:b6:ce:e2:
++ 42:d8:a7:bd:50:54:78:2d:55:67:7f:00:7b:8f:9c:
++ 11:d1:9e:ce:be:1e:fe:cf:37
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+- Key Encipherment
++ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+- BC:69:86:84:70:3A:AD:DE:08:2A:70:C6:3B:47:8C:11:3F:E0:9A:6D
++ 7E:42:8D:AC:2E:93:AD:4C:E0:09:AC:C6:08:F1:82:E0:B7:B7:C6:7F
+ X509v3 Authority Key Identifier:
+- keyid:AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+- X509v3 Basic Constraints: critical
++ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+- 7b:f0:b0:a0:d9:d0:91:38:9b:fe:cf:78:c8:d6:30:5d:87:9d:
+- b3:b9:6e:8b:5a:73:74:93:cb:30:49:d1:00:79:9d:5a:c2:71:
+- a3:93:5f:de:d3:5a:0c:fb:6d:41:83:89:1b:4f:0d:1c:65:0c:
+- 1a:0c:0f:96:79:62:90:e1:74:04:dd:c6:d8:cf:0f:5f:0f:28:
+- 87:d7:86:56:90:b4:d0:88:80:f1:a7:cd:fd:0b:13:58:bb:6d:
+- e6:ab:44:f6:9b:d6:cc:c7:db:3d:3a:90:c4:20:72:f4:38:38:
+- c0:ef:80:1d:60:3f:4e:30:40:11:56:29:70:aa:17:91:90:5f:
+- 70:0b:89:51:af:17:a8:ed:20:4e:76:bb:cf:a8:88:9a:25:0f:
+- 3a:96:26:17:50:2a:af:f3:8b:21:9c:cf:ff:f9:20:fc:fe:c0:
+- 37:95:c7:cd:0d:7a:53:d9:26:12:38:2c:f6:03:95:1b:da:d0:
+- 08:f7:32:91:07:a7:35:0c:14:00:44:c7:43:fb:23:2e:14:44:
+- e6:ee:a9:c9:20:37:09:b8:ae:21:4f:4b:b7:86:4d:e3:41:84:
+- 15:4e:1a:29:00:03:a8:92:99:3c:75:ea:43:0f:e3:2b:f7:17:
+- b1:1b:87:80:04:d3:a7:73:b1:5e:85:38:7d:89:01:16:19:f6:
+- c4:e1:1b:75
++ 00:fe:c4:fc:4b:28:b8:bc:39:8c:6f:f1:72:d3:76:da:28:27:
++ e2:97:94:bb:ad:2f:91:c4:db:df:33:4b:48:4e:97:5b:4c:4c:
++ be:fc:e4:b7:19:5c:b8:83:6e:ef:2c:b0:d5:7c:fc:0d:cb:7e:
++ 29:ed:fd:4d:ef:05:1c:89:15:31:78:9b:18:29:d3:37:83:c7:
++ 39:f4:78:27:b7:00:75:d1:fb:f0:29:88:79:e4:e9:a7:d4:65:
++ 04:bf:d5:a1:dc:05:b2:17:c4:a9:da:61:10:22:5f:8f:50:fc:
++ 1f:ab:f6:39:dd:ab:35:a6:94:54:63:5c:6d:25:f0:dc:3a:0a:
++ 70:4e:49:ef:be:fa:2c:0a:cd:ce:a6:2d:26:cd:f8:24:89:77:
++ 2c:ea:6e:19:b6:5c:8c:1a:08:ea:a8:9f:2c:1b:c7:fc:13:6c:
++ fe:a7:90:08:e5:98:83:30:52:86:ac:83:0b:cb:25:92:21:94:
++ 80:13:d7:e8:d0:42:56:83:55:d3:09:9b:e8:c5:96:82:15:64:
++ 6b:83:77:eb:99:e5:52:dc:1b:36:29:a0:c9:da:8b:d3:0d:77:
++ 24:f2:c3:df:2e:c4:93:e0:34:47:a9:9b:54:d3:75:d5:c7:de:
++ 88:a1:ef:7b:40:2f:dc:e9:28:8c:69:be:eb:71:4a:c2:30:50:
++ 99:36:52:69
+ -----BEGIN CERTIFICATE-----
+-MIIDQTCCAimgAwIBAgIGC5iU+XxqMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDPzCCAiegAwIBAgIGDPpgvFFLMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzcxMVoXDTE4MDgxMzIxMzcxMVowVDELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+-sCd5Jiy55NGBCgnSdv6a4QVoAbNyd5c45GAccZ2Z9yZ7IbVtqp8UdgdspCotfe72
+-b4pYxJPe/qElD/9XScDZlNkHeb+MbfrxGIJnoD/XMQOC7Lk5aQfs7JMXWxpykZOy
+-a5hmY/5hKeethg4Eur+LVVdhpUr2yufG0bhlQqtnZBcCAwEAAaOBiTCBhjAUBgNV
+-HREEDTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUF
+-BwMBMB0GA1UdDgQWBBS8aYaEcDqt3ggqcMY7R4wRP+CabTAfBgNVHSMEGDAWgBSt
+-PuI5B7hcqiaQlEwmaSGD4k42lDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUA
+-A4IBAQB78LCg2dCROJv+z3jI1jBdh52zuW6LWnN0k8swSdEAeZ1awnGjk1/e01oM
+-+21Bg4kbTw0cZQwaDA+WeWKQ4XQE3cbYzw9fDyiH14ZWkLTQiIDxp839CxNYu23m
+-q0T2m9bMx9s9OpDEIHL0ODjA74AdYD9OMEARVilwqheRkF9wC4lRrxeo7SBOdrvP
+-qIiaJQ86liYXUCqv84shnM//+SD8/sA3lcfNDXpT2SYSOCz2A5Ub2tAI9zKRB6c1
+-DBQARMdD+yMuFETm7qnJIDcJuK4hT0u3hk3jQYQVThopAAOokpk8depDD+Mr9xex
+-G4eABNOnc7FehTh9iQEWGfbE4Rt1
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFQxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
++ALpfS2l0MZlN9LS3KmW4tzHBOM82N7teGONSH1KqWiUvDGaIMrDvsiyQOF5ubw7k
++Oz/wLvF6PV7DZIY/aLfPC7PqCsqUFtQragLjobPH0dAGuP/f3OAyKufdYsxxxOjP
++nd5cdWmdts7iQtinvVBUeC1VZ38Ae4+cEdGezr4e/s83AgMBAAGjgYYwgYMwFAYD
++VR0RBA0wC4IJbG9jYWxob3N0MAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEF
++BQcDATAdBgNVHQ4EFgQUfkKNrC6TrUzgCazGCPGC4Le3xn8wHwYDVR0jBBgwFoAU
++Esq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOC
++AQEAAP7E/EsouLw5jG/xctN22ign4peUu60vkcTb3zNLSE6XW0xMvvzktxlcuINu
++7yyw1Xz8Dct+Ke39Te8FHIkVMXibGCnTN4PHOfR4J7cAddH78CmIeeTpp9RlBL/V
++odwFshfEqdphECJfj1D8H6v2Od2rNaaUVGNcbSXw3DoKcE5J7776LArNzqYtJs34
++JIl3LOpuGbZcjBoI6qifLBvH/BNs/qeQCOWYgzBShqyDC8slkiGUgBPX6NBCVoNV
++0wmb6MWWghVka4N365nlUtwbNimgydqL0w13JPLD3y7Ek+A0R6mbVNN11cfeiKHv
++e0Av3OkojGm+63FKwjBQmTZSaQ==
+ -----END CERTIFICATE-----
+------BEGIN DH PARAMETERS-----
+-MIGHAoGBAP5mA7oYimErFUulbvNC8V0HwyB62NCj6TZb6YXJwElCksQc8RyHnkrY
+-9Wx2+lduFqHjUWalgVF7Gma7CfR/pt+fiU6Jn2vWR2v7KT6hYeRKsJrONJlth+NK
+-V7/d4zyvleJ/VSp0TuuSxmMMQ6hG3i5YhSGXyCh4h0pl4Wu/hdVTAgEC
+------END DH PARAMETERS-----
+diff --git a/tests/certs/Server-localhost-sv.prm b/tests/certs/Server-localhost-sv.prm
+index 6351025..97e64ce 100644
+--- a/tests/certs/Server-localhost-sv.prm
++++ b/tests/certs/Server-localhost-sv.prm
+@@ -1,11 +1,11 @@
+ extensions = x509v3
+ [ x509v3 ]
+ subjectAltName = DNS:localhost
+-keyUsage = keyEncipherment
++keyUsage = keyEncipherment,digitalSignature,keyAgreement
+ extendedKeyUsage = serverAuth
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid
+-basicConstraints = critical,CA:false
++basicConstraints = CA:false
+ [ req ]
+ default_bits = 1024
+ distinguished_name = req_DN
+diff --git a/tests/certs/Server-localhost.nn-sv.crl b/tests/certs/Server-localhost.nn-sv.crl
+index db40831..0676f73 100644
+--- a/tests/certs/Server-localhost.nn-sv.crl
++++ b/tests/certs/Server-localhost.nn-sv.crl
+@@ -1,13 +1,21 @@
+ -----BEGIN X509 CRL-----
+-MIIB9DCB3QIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJOTjExMC8GA1UE
+-CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDElMCMG
+-A1UEAwwcTm90aGVybiBOb3doZXJlIFRydXN0IEFuY2hvchcNMTAwNTI3MjEzNzI0
+-WhcNMTAwNjI2MjEzNzI0WjAyMBcCBguYlPl8ahcNMTAwNTI3MjEzNzExWjAXAgYL
+-mJT7eF8XDTEwMDUyNzIxMzcyNFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
+-BQUAA4IBAQCo8mBpkZqiYWJMkJsZ1qqqOqVRne4iWhPOJSDGDgxoCTA4RgN1sQUv
+-/MxO2LgSEyo9GopCpgWlhig+wzQmYCUf7HDw8sLzClUG4XUKRSW2Uq6q5BF5fwIu
+-vHksi/RIPdcMx/+3dGIFeoccZZd5o7xgryGySAN6wHy6lY7LeeW7acpaDU43D7yi
+-wQipBczrlH/jJDy6ja5FFBrAvvyRc4zC2X1/Rh3f0vNqnX9PLC524HxRmasCKYM8
+-vgcPbvJ7Z/HRGOYRu9vTp5X0+lPPj24WE8vX3AZdjyI6qpinHzrsYen/qs6c0v3k
+-FKYuzuVlUAy+5aZDhx+GHr+KW+y2T/ol
++MIIDiDCCAnACAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
++BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
++BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0xNTAzMjExNTA3
++MTFaFw0xNTA0MjAxNTA3MTFaMIIBwjAXAgYM+ly45CIXDTE1MDMyMTEzMTQ1N1ow
++FwIGDPpcwXH8Fw0xNTAzMjExMzE1NTNaMBcCBgz6XO7ujBcNMTUwMzIxMTMyMDUx
++WjAXAgYM+lzu7p0XDTE1MDMyMTEzMjA1MVowFwIGDPpc7u6uFw0xNTAzMjExMzIw
++NTFaMBcCBgz6XZyD1RcNMTUwMzIxMTMzOTQ5WjAXAgYM+l4OXa8XDTE1MDMyMTEz
++NTIxNVowFwIGDPpeJlPZFw0xNTAzMjExMzU0NTJaMBcCBgz6XiZT6hcNMTUwMzIx
++MTM1NDUyWjAXAgYM+l4mU/sXDTE1MDMyMTEzNTQ1MlowFwIGDPpemKKEFw0xNTAz
++MjExNDA3MjFaMBcCBgz6XpiilRcNMTUwMzIxMTQwNzIxWjAXAgYM+l6YoqYXDTE1
++MDMyMTE0MDcyMVowFwIGDPpffssxFw0xNTAzMjExNDMyMzBaMBcCBgz6X37yUxcN
++MTUwMzIxMTQzMjMxWjAXAgYM+l9+8mYXDTE1MDMyMTE0MzIzMVowFwIGDPpgvFFL
++Fw0xNTAzMjExNTA3MTFaMBcCBgz6YLxRXBcNMTUwMzIxMTUwNzExWqAOMAwwCgYD
++VR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBANd1Fp3lPmLALcGvEB4kB4Uo6vhM
++ZWcAUE96oerpW0OnZ6v7o8ghLvs/pJfIoD+7hV3RuAgUUBqv2N8VTaL2IYarom/H
++CK78oLrIwwej/7K1pIfG53bJuaYyim5Lpl/YzGwhdC2vO2kBXHC1gVj5hN3uM/2A
+++cFPTDMsDU7szGq1bHObEKumXXzG5LfwGJGaHNGdvglV7zKthRjk/plYKE4/F0Ah
++jRQys6crClCKC5vug1GbzKbQue/Pbw1e3Rm/e0DVeOCREdvcHat43SIPf5yUYLsz
++b7P7pIOIoSgiIgEdbmj2pi1xdtxrYRyJJk0H7XQJHDehkyZsy6l62mKam/E=
+ -----END X509 CRL-----
+diff --git a/tests/certs/Server-localhost.nn-sv.crt b/tests/certs/Server-localhost.nn-sv.crt
+index 722aeeb..69bd40d 100644
+--- a/tests/certs/Server-localhost.nn-sv.crt
++++ b/tests/certs/Server-localhost.nn-sv.crt
+@@ -1,16 +1,15 @@
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:94:fb:78:5f
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311644 (0xcfa60bc515c)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:37:24 2010 GMT
+- Not After : Aug 13 21:37:24 2018 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Jun 7 15:07:11 2023 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+@@ -19,63 +18,63 @@ Certificate:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+- 00:d3:d4:4e:db:63:5c:3f:3a:3a:5e:38:09:94:e6:
+- 4d:70:9d:0d:af:49:e6:82:5d:07:b7:f5:cd:a0:df:
+- af:71:f1:cf:bf:d5:9a:bd:af:7c:78:5d:55:3f:14:
+- bd:bb:2c:0e:73:9d:d6:82:9a:d5:e6:f6:21:5d:08:
+- 92:a2:71:5f:80:5f:5c:ce:f0:c2:37:37:79:0f:4d:
+- 3d:d4:f2:80:6d:47:36:45:d1:d2:8b:7a:2e:12:71:
+- 4b:47:86:f5:8c:99:af:e7:0e:cf:b5:c9:4d:7a:75:
+- f7:b2:74:0c:41:e3:ab:bb:2c:9d:6f:54:08:13:5a:
+- 3a:ef:7c:27:f7:3f:0b:0b:71
++ 00:ac:cc:11:70:74:29:ed:7b:00:44:8a:c0:47:03:
++ 50:9d:6f:51:b7:c9:7b:dd:7e:ee:29:67:5b:91:9b:
++ c7:c5:e6:9d:59:3e:6b:33:25:b7:7c:39:7c:84:79:
++ dd:15:98:e7:27:63:93:10:3a:3a:40:a0:dd:d0:1e:
++ 6e:60:f4:1e:a4:f7:1e:0a:0b:84:44:77:e7:05:16:
++ 39:aa:de:bd:1e:c7:bc:c9:e1:4e:8c:86:1c:3f:d6:
++ cd:e3:f2:68:02:5b:17:53:49:51:29:a8:89:f3:d0:
++ e1:5e:71:07:9f:15:47:08:40:e9:ac:49:e4:21:ac:
++ 65:29:09:ca:a2:dc:9e:ab:89
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost.nn
+ X509v3 Key Usage:
+- Key Encipherment
++ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+- 81:26:F9:75:CC:9C:2D:3C:36:64:68:41:F7:07:3C:66:86:E5:4A:C1
++ 12:AF:44:46:B1:04:69:61:64:83:39:A2:BD:5D:97:2B:F4:1D:D4:6C
+ X509v3 Authority Key Identifier:
+- keyid:AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+- X509v3 Basic Constraints: critical
++ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+- 65:05:8c:48:14:58:8c:1a:d4:95:67:1c:29:52:ed:5a:6e:14:
+- 41:bc:2b:16:20:c4:89:3a:6e:cb:c1:ff:ab:61:79:5f:ce:27:
+- 93:3c:ff:29:7a:25:68:00:27:04:f3:68:17:30:f0:fd:ff:09:
+- 0e:15:2a:25:b1:45:18:93:ab:12:8e:0c:13:11:9a:b8:a4:75:
+- d0:17:1b:ca:f2:66:6b:73:15:dd:8b:bb:34:d6:70:dc:34:1b:
+- e7:7a:30:ea:50:50:2f:88:67:b3:f8:b3:55:62:44:7e:3e:df:
+- 59:4f:a8:57:83:40:9f:bf:52:bf:fd:2c:18:6e:bd:0c:41:b7:
+- 78:1c:9b:fa:c4:ff:c3:2b:46:a4:8f:0c:19:a7:3d:75:81:29:
+- 6b:cf:07:f0:1d:65:d4:0e:19:51:87:92:a8:3d:7e:80:04:84:
+- ad:5e:4e:b6:ef:9a:02:c3:84:95:ec:c3:e8:a1:69:1f:42:cb:
+- da:63:1a:35:6f:d0:ba:62:9e:73:36:63:58:0f:cc:25:c8:59:
+- 73:df:3b:c2:b9:5a:da:3d:e1:3f:0a:1f:0f:41:c4:88:2d:92:
+- 06:88:d4:54:81:e1:12:57:53:ab:6b:f8:c8:90:3e:30:4c:f5:
+- 72:cf:f0:d4:18:70:c1:78:85:30:9c:fe:94:f4:1b:c2:6c:14:
+- 49:7a:0e:27
++ 44:54:d7:d7:75:14:60:a5:1a:1d:1e:a9:dc:6f:b1:b1:d8:13:
++ e2:10:22:9a:f5:ca:b6:38:3c:d9:ac:2e:dc:ce:38:bc:cc:38:
++ a1:cc:a8:9c:73:37:f9:b6:a8:42:87:d9:80:21:45:81:43:9d:
++ 73:3c:67:cf:cd:c5:c3:91:df:60:6b:6d:69:f9:be:a1:92:cc:
++ 5d:ea:bc:67:f3:c7:bc:ea:41:d1:11:7b:e3:f1:b8:a7:8d:9a:
++ d0:23:6c:df:0e:2a:35:98:50:c1:a6:8b:d2:07:aa:a6:2f:cb:
++ 98:a9:a3:8d:a0:8c:87:ab:ec:e1:c5:0b:25:e2:e9:a9:08:13:
++ 30:86:1b:e5:b6:ac:03:85:35:0c:9a:5d:5b:82:c4:04:6a:05:
++ 4c:f3:f7:b3:b5:ac:92:3b:46:71:a8:7f:54:c7:96:37:dc:38:
++ 2c:a2:18:23:10:00:de:f8:21:40:52:99:94:ad:b2:b6:e5:87:
++ 8e:29:0b:3b:b3:8a:52:67:54:dc:0a:e9:75:60:33:ff:13:9a:
++ 61:a4:15:0c:d0:6f:de:0d:06:23:a8:44:ad:f0:68:60:93:6b:
++ 75:06:24:5b:47:9a:b9:3a:ef:d9:4f:df:31:d5:65:3a:e2:94:
++ 03:be:88:94:49:7c:6a:d0:da:c0:d0:62:81:f5:61:50:96:5a:
++ d0:ee:22:39
+ -----BEGIN CERTIFICATE-----
+-MIIDRzCCAi+gAwIBAgIGC5iU+3hfMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDRTCCAi2gAwIBAgIGDPpgvFFcMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzcyNFoXDTE4MDgxMzIxMzcyNFowVzELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-FTATBgNVBAMMDGxvY2FsaG9zdC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+-gYEA09RO22NcPzo6XjgJlOZNcJ0Nr0nmgl0Ht/XNoN+vcfHPv9Wava98eF1VPxS9
+-uywOc53WgprV5vYhXQiSonFfgF9czvDCNzd5D0091PKAbUc2RdHSi3ouEnFLR4b1
+-jJmv5w7PtclNenX3snQMQeOruyydb1QIE1o673wn9z8LC3ECAwEAAaOBjDCBiTAX
+-BgNVHREEEDAOggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoG
+-CCsGAQUFBwMBMB0GA1UdDgQWBBSBJvl1zJwtPDZkaEH3BzxmhuVKwTAfBgNVHSME
+-GDAWgBStPuI5B7hcqiaQlEwmaSGD4k42lDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
+-DQEBBQUAA4IBAQBlBYxIFFiMGtSVZxwpUu1abhRBvCsWIMSJOm7Lwf+rYXlfzieT
+-PP8peiVoACcE82gXMPD9/wkOFSolsUUYk6sSjgwTEZq4pHXQFxvK8mZrcxXdi7s0
+-1nDcNBvnejDqUFAviGez+LNVYkR+Pt9ZT6hXg0Cfv1K//SwYbr0MQbd4HJv6xP/D
+-K0akjwwZpz11gSlrzwfwHWXUDhlRh5KoPX6ABIStXk6275oCw4SV7MPooWkfQsva
+-Yxo1b9C6Yp5zNmNYD8wlyFlz3zvCuVraPeE/Ch8PQcSILZIGiNRUgeESV1Ora/jI
+-kD4wTPVyz/DUGHDBeIUwnP6U9BvCbBRJeg4n
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFcxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
++AoGBAKzMEXB0Ke17AESKwEcDUJ1vUbfJe91+7ilnW5Gbx8XmnVk+azMlt3w5fIR5
++3RWY5ydjkxA6OkCg3dAebmD0HqT3HgoLhER35wUWOarevR7HvMnhToyGHD/WzePy
++aAJbF1NJUSmoifPQ4V5xB58VRwhA6axJ5CGsZSkJyqLcnquJAgMBAAGjgYkwgYYw
++FwYDVR0RBBAwDoIMbG9jYWxob3N0Lm5uMAsGA1UdDwQEAwIDqDATBgNVHSUEDDAK
++BggrBgEFBQcDATAdBgNVHQ4EFgQUEq9ERrEEaWFkgzmivV2XK/Qd1GwwHwYDVR0j
++BBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0B
++AQUFAAOCAQEARFTX13UUYKUaHR6p3G+xsdgT4hAimvXKtjg82awu3M44vMw4ocyo
++nHM3+baoQofZgCFFgUOdczxnz83Fw5HfYGttafm+oZLMXeq8Z/PHvOpB0RF74/G4
++p42a0CNs3w4qNZhQwaaL0geqpi/LmKmjjaCMh6vs4cULJeLpqQgTMIYb5basA4U1
++DJpdW4LEBGoFTPP3s7WskjtGcah/VMeWN9w4LKIYIxAA3vghQFKZlK2ytuWHjikL
++O7OKUmdU3ArpdWAz/xOaYaQVDNBv3g0GI6hErfBoYJNrdQYkW0eauTrv2U/fMdVl
++OuKUA76IlEl8atDawNBigfVhUJZa0O4iOQ==
+ -----END CERTIFICATE-----
+diff --git a/tests/certs/Server-localhost.nn-sv.csr b/tests/certs/Server-localhost.nn-sv.csr
+index 6424343..7f2fa77 100644
+--- a/tests/certs/Server-localhost.nn-sv.csr
++++ b/tests/certs/Server-localhost.nn-sv.csr
+@@ -1,11 +1,11 @@
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
+ cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
+-dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA09RO22NcPzo6XjgJlOZN
+-cJ0Nr0nmgl0Ht/XNoN+vcfHPv9Wava98eF1VPxS9uywOc53WgprV5vYhXQiSonFf
+-gF9czvDCNzd5D0091PKAbUc2RdHSi3ouEnFLR4b1jJmv5w7PtclNenX3snQMQeOr
+-uyydb1QIE1o673wn9z8LC3ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAM5PenDC
+-AtDhzdVKrX6DcJINWck5XFEnvWQksSYU7iDeiQVycQxR+LYKGZiy04u+9C+MN7eq
+-JmHAIi+88r7/ZaGJLujqSUOJn8ocZ+vwhJOwh2XBhhLaCjIW/H05g0aNlk80Ye6m
+-OA9DCIZUINF0lDQaJCpKXxwNVcz4Rifp5/9T
++dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArMwRcHQp7XsARIrARwNQ
++nW9Rt8l73X7uKWdbkZvHxeadWT5rMyW3fDl8hHndFZjnJ2OTEDo6QKDd0B5uYPQe
++pPceCguERHfnBRY5qt69Hse8yeFOjIYcP9bN4/JoAlsXU0lRKaiJ89DhXnEHnxVH
++CEDprEnkIaxlKQnKotyeq4kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBADnob1ds
++8MytEcgSZdkgP4iQ2L+aPXTPBqTThaV7Zto1mAhwG/D6rTiGq6t+IlZQNoDdZPp3
++r1WDQJj6ed54xUY4Im4m1Np8oURamt5NJMKURDbv0xOQHW8EOoN+F8rfKyu2Hk1O
++hJulv+cBz75yi3+LVu+IEuSFQIQUZiy6V+Il
+ -----END CERTIFICATE REQUEST-----
+diff --git a/tests/certs/Server-localhost.nn-sv.dhp b/tests/certs/Server-localhost.nn-sv.dhp
+index 5d54840..e69de29 100644
+--- a/tests/certs/Server-localhost.nn-sv.dhp
++++ b/tests/certs/Server-localhost.nn-sv.dhp
+@@ -1,5 +0,0 @@
+------BEGIN DH PARAMETERS-----
+-MIGHAoGBAPrtEVPhZfEczB9JnWXbln79YnTh/V6ehXMWe414wyn/VT1ow25sLEev
+-H2+eT84aDp5e+TfBSFjA6or96/lyQvsgAE+cE6f6uuw9ApVG2MK+BCn4snxHBb6G
+-LFQf+9qHZ4BEkpBL60p1fkGu8BM1wXGXEaeYhgGumNA9fm5YJrl7AgEC
+------END DH PARAMETERS-----
+diff --git a/tests/certs/Server-localhost.nn-sv.key b/tests/certs/Server-localhost.nn-sv.key
+index bf1cc7e..6a75071 100644
+--- a/tests/certs/Server-localhost.nn-sv.key
++++ b/tests/certs/Server-localhost.nn-sv.key
+@@ -1,15 +1,15 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXgIBAAKBgQDT1E7bY1w/OjpeOAmU5k1wnQ2vSeaCXQe39c2g369x8c+/1Zq9
+-r3x4XVU/FL27LA5zndaCmtXm9iFdCJKicV+AX1zO8MI3N3kPTT3U8oBtRzZF0dKL
+-ei4ScUtHhvWMma/nDs+1yU16dfeydAxB46u7LJ1vVAgTWjrvfCf3PwsLcQIDAQAB
+-AoGBALr1HQxAq8AaMj3KE5rZkOudkeBtxwaz+QYB6hTcl8pnc8aKTmKwKZlKNtzP
+-/4zdG3wriJII+lU4UsX7tP+uNGxKxALrDQRuBPyi8XQfUT1nJth6qkp8g3V/ixfE
+-Yah3od9dL3+xsOH28RKKUC5kjmnNupO9KQZ6/CyYfUHAEG+pAkEA+PP+7FIvpPQ+
+-7bbG4IIqn7QKVxGbtaFY8pdLnsUkrnIqwEIbZoU12iEKm5qMoXNv30GknXrvxU53
+-tdIZU5Z28wJBANnTTMb/jac+Q1SaqmWQnrpcmvuPZ/8xRM6xeSJh+MDpK768WpYe
+-nivHvinQjQZBQmNM3IPYbJ33nTAdJylmFQsCQQCn4crATPAKOheRsJdO4RijWAM9
+-EgfCJUtZVMPPDr0c0qqXujzGFwDo1y1TH5bEbZc8pATBmhzFHpRFzaf8oVQXAkAX
+-Hch5GefDhuUIVn2c17MwneFIrxhfSbA+qzDqyDDo8BXXYQ/P/KHWjZUNxPciYcyU
+-0zRXvaERRpTk5UMhrpavAkEAy4ZyhH1UViuWsmTQaRjc5mDs8aXkd2y85A7jnfWA
+-8r7CL+sOe4TU1/CVyJf2FJaqHfD/GG6fqqeFoHuaqwTyiw==
++MIICXQIBAAKBgQCszBFwdCntewBEisBHA1Cdb1G3yXvdfu4pZ1uRm8fF5p1ZPmsz
++Jbd8OXyEed0VmOcnY5MQOjpAoN3QHm5g9B6k9x4KC4REd+cFFjmq3r0ex7zJ4U6M
++hhw/1s3j8mgCWxdTSVEpqInz0OFecQefFUcIQOmsSeQhrGUpCcqi3J6riQIDAQAB
++AoGAK7nYD+TVV0rw3mdeEJo+JBivTRqnRX2BNuj4uvf4rZOV7adl6SN6Mu05HSzZ
++TUXL+KOx60FQzFnox2lr9QzRU/LelLQ3H9fgVTVmGUCEAoDVRoWas8XlYGZsiHZ/
++yJn+9Z3yQYpufSb0LQiSt73sgrTNPu50gMxe/ZSAbSscyyECQQDV8juKzWmizlTh
+++wVs/pihE0+BX1BRCsezs7FCdDEWle3XidBtYlYyUIm5wx6v8xM/F7Q/nwgymOnV
++A62PtfyjAkEAzsM3DsuJ9dG5n+EPTH3kDdfr0eYy76XPYz4HK8/FgiKPWy55BRCH
++biLcbDAe06olJiCzEvwggFigthrIqj0t4wJBALDTUi74c3SiADn+FI/vJQsMQMv2
++kRVKSZ/WxozcJ645IKjiOKgPfJp9QjeMcxKNXrzoxItIz6eyBqGONqbujO0CQQCh
++b6azdJR5TJEklfL+BGVlsas8rgIjP1FX6Xxr5sQNwbIwvW5cV/WGNs3n4wKOvZBX
++3rwzHIy76XdB+FOpKC+FAkBDVbicC19LE6+tBzOyx4uTEm3N7N8vh566VaOpok02
++Io7F/WYL7WSCXAtvmueWV+FJyVUMN1f2nWfWqaEXP2ag
+ -----END RSA PRIVATE KEY-----
+diff --git a/tests/certs/Server-localhost.nn-sv.pem b/tests/certs/Server-localhost.nn-sv.pem
+index b5c2531..b3712f7 100644
+--- a/tests/certs/Server-localhost.nn-sv.pem
++++ b/tests/certs/Server-localhost.nn-sv.pem
+@@ -1,11 +1,11 @@
+ extensions = x509v3
+ [ x509v3 ]
+ subjectAltName = DNS:localhost.nn
+-keyUsage = keyEncipherment
++keyUsage = keyEncipherment,digitalSignature,keyAgreement
+ extendedKeyUsage = serverAuth
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid
+-basicConstraints = critical,CA:false
++basicConstraints = CA:false
+ [ req ]
+ default_bits = 1024
+ distinguished_name = req_DN
+@@ -24,33 +24,32 @@ commonName_value = localhost.nn
+ # the certficate
+ # some dhparam
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXgIBAAKBgQDT1E7bY1w/OjpeOAmU5k1wnQ2vSeaCXQe39c2g369x8c+/1Zq9
+-r3x4XVU/FL27LA5zndaCmtXm9iFdCJKicV+AX1zO8MI3N3kPTT3U8oBtRzZF0dKL
+-ei4ScUtHhvWMma/nDs+1yU16dfeydAxB46u7LJ1vVAgTWjrvfCf3PwsLcQIDAQAB
+-AoGBALr1HQxAq8AaMj3KE5rZkOudkeBtxwaz+QYB6hTcl8pnc8aKTmKwKZlKNtzP
+-/4zdG3wriJII+lU4UsX7tP+uNGxKxALrDQRuBPyi8XQfUT1nJth6qkp8g3V/ixfE
+-Yah3od9dL3+xsOH28RKKUC5kjmnNupO9KQZ6/CyYfUHAEG+pAkEA+PP+7FIvpPQ+
+-7bbG4IIqn7QKVxGbtaFY8pdLnsUkrnIqwEIbZoU12iEKm5qMoXNv30GknXrvxU53
+-tdIZU5Z28wJBANnTTMb/jac+Q1SaqmWQnrpcmvuPZ/8xRM6xeSJh+MDpK768WpYe
+-nivHvinQjQZBQmNM3IPYbJ33nTAdJylmFQsCQQCn4crATPAKOheRsJdO4RijWAM9
+-EgfCJUtZVMPPDr0c0qqXujzGFwDo1y1TH5bEbZc8pATBmhzFHpRFzaf8oVQXAkAX
+-Hch5GefDhuUIVn2c17MwneFIrxhfSbA+qzDqyDDo8BXXYQ/P/KHWjZUNxPciYcyU
+-0zRXvaERRpTk5UMhrpavAkEAy4ZyhH1UViuWsmTQaRjc5mDs8aXkd2y85A7jnfWA
+-8r7CL+sOe4TU1/CVyJf2FJaqHfD/GG6fqqeFoHuaqwTyiw==
++MIICXQIBAAKBgQCszBFwdCntewBEisBHA1Cdb1G3yXvdfu4pZ1uRm8fF5p1ZPmsz
++Jbd8OXyEed0VmOcnY5MQOjpAoN3QHm5g9B6k9x4KC4REd+cFFjmq3r0ex7zJ4U6M
++hhw/1s3j8mgCWxdTSVEpqInz0OFecQefFUcIQOmsSeQhrGUpCcqi3J6riQIDAQAB
++AoGAK7nYD+TVV0rw3mdeEJo+JBivTRqnRX2BNuj4uvf4rZOV7adl6SN6Mu05HSzZ
++TUXL+KOx60FQzFnox2lr9QzRU/LelLQ3H9fgVTVmGUCEAoDVRoWas8XlYGZsiHZ/
++yJn+9Z3yQYpufSb0LQiSt73sgrTNPu50gMxe/ZSAbSscyyECQQDV8juKzWmizlTh
+++wVs/pihE0+BX1BRCsezs7FCdDEWle3XidBtYlYyUIm5wx6v8xM/F7Q/nwgymOnV
++A62PtfyjAkEAzsM3DsuJ9dG5n+EPTH3kDdfr0eYy76XPYz4HK8/FgiKPWy55BRCH
++biLcbDAe06olJiCzEvwggFigthrIqj0t4wJBALDTUi74c3SiADn+FI/vJQsMQMv2
++kRVKSZ/WxozcJ645IKjiOKgPfJp9QjeMcxKNXrzoxItIz6eyBqGONqbujO0CQQCh
++b6azdJR5TJEklfL+BGVlsas8rgIjP1FX6Xxr5sQNwbIwvW5cV/WGNs3n4wKOvZBX
++3rwzHIy76XdB+FOpKC+FAkBDVbicC19LE6+tBzOyx4uTEm3N7N8vh566VaOpok02
++Io7F/WYL7WSCXAtvmueWV+FJyVUMN1f2nWfWqaEXP2ag
+ -----END RSA PRIVATE KEY-----
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:94:fb:78:5f
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311644 (0xcfa60bc515c)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:37:24 2010 GMT
+- Not After : Aug 13 21:37:24 2018 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Jun 7 15:07:11 2023 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+@@ -59,68 +58,63 @@ Certificate:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+- 00:d3:d4:4e:db:63:5c:3f:3a:3a:5e:38:09:94:e6:
+- 4d:70:9d:0d:af:49:e6:82:5d:07:b7:f5:cd:a0:df:
+- af:71:f1:cf:bf:d5:9a:bd:af:7c:78:5d:55:3f:14:
+- bd:bb:2c:0e:73:9d:d6:82:9a:d5:e6:f6:21:5d:08:
+- 92:a2:71:5f:80:5f:5c:ce:f0:c2:37:37:79:0f:4d:
+- 3d:d4:f2:80:6d:47:36:45:d1:d2:8b:7a:2e:12:71:
+- 4b:47:86:f5:8c:99:af:e7:0e:cf:b5:c9:4d:7a:75:
+- f7:b2:74:0c:41:e3:ab:bb:2c:9d:6f:54:08:13:5a:
+- 3a:ef:7c:27:f7:3f:0b:0b:71
++ 00:ac:cc:11:70:74:29:ed:7b:00:44:8a:c0:47:03:
++ 50:9d:6f:51:b7:c9:7b:dd:7e:ee:29:67:5b:91:9b:
++ c7:c5:e6:9d:59:3e:6b:33:25:b7:7c:39:7c:84:79:
++ dd:15:98:e7:27:63:93:10:3a:3a:40:a0:dd:d0:1e:
++ 6e:60:f4:1e:a4:f7:1e:0a:0b:84:44:77:e7:05:16:
++ 39:aa:de:bd:1e:c7:bc:c9:e1:4e:8c:86:1c:3f:d6:
++ cd:e3:f2:68:02:5b:17:53:49:51:29:a8:89:f3:d0:
++ e1:5e:71:07:9f:15:47:08:40:e9:ac:49:e4:21:ac:
++ 65:29:09:ca:a2:dc:9e:ab:89
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost.nn
+ X509v3 Key Usage:
+- Key Encipherment
++ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+- 81:26:F9:75:CC:9C:2D:3C:36:64:68:41:F7:07:3C:66:86:E5:4A:C1
++ 12:AF:44:46:B1:04:69:61:64:83:39:A2:BD:5D:97:2B:F4:1D:D4:6C
+ X509v3 Authority Key Identifier:
+- keyid:AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+- X509v3 Basic Constraints: critical
++ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+- 65:05:8c:48:14:58:8c:1a:d4:95:67:1c:29:52:ed:5a:6e:14:
+- 41:bc:2b:16:20:c4:89:3a:6e:cb:c1:ff:ab:61:79:5f:ce:27:
+- 93:3c:ff:29:7a:25:68:00:27:04:f3:68:17:30:f0:fd:ff:09:
+- 0e:15:2a:25:b1:45:18:93:ab:12:8e:0c:13:11:9a:b8:a4:75:
+- d0:17:1b:ca:f2:66:6b:73:15:dd:8b:bb:34:d6:70:dc:34:1b:
+- e7:7a:30:ea:50:50:2f:88:67:b3:f8:b3:55:62:44:7e:3e:df:
+- 59:4f:a8:57:83:40:9f:bf:52:bf:fd:2c:18:6e:bd:0c:41:b7:
+- 78:1c:9b:fa:c4:ff:c3:2b:46:a4:8f:0c:19:a7:3d:75:81:29:
+- 6b:cf:07:f0:1d:65:d4:0e:19:51:87:92:a8:3d:7e:80:04:84:
+- ad:5e:4e:b6:ef:9a:02:c3:84:95:ec:c3:e8:a1:69:1f:42:cb:
+- da:63:1a:35:6f:d0:ba:62:9e:73:36:63:58:0f:cc:25:c8:59:
+- 73:df:3b:c2:b9:5a:da:3d:e1:3f:0a:1f:0f:41:c4:88:2d:92:
+- 06:88:d4:54:81:e1:12:57:53:ab:6b:f8:c8:90:3e:30:4c:f5:
+- 72:cf:f0:d4:18:70:c1:78:85:30:9c:fe:94:f4:1b:c2:6c:14:
+- 49:7a:0e:27
++ 44:54:d7:d7:75:14:60:a5:1a:1d:1e:a9:dc:6f:b1:b1:d8:13:
++ e2:10:22:9a:f5:ca:b6:38:3c:d9:ac:2e:dc:ce:38:bc:cc:38:
++ a1:cc:a8:9c:73:37:f9:b6:a8:42:87:d9:80:21:45:81:43:9d:
++ 73:3c:67:cf:cd:c5:c3:91:df:60:6b:6d:69:f9:be:a1:92:cc:
++ 5d:ea:bc:67:f3:c7:bc:ea:41:d1:11:7b:e3:f1:b8:a7:8d:9a:
++ d0:23:6c:df:0e:2a:35:98:50:c1:a6:8b:d2:07:aa:a6:2f:cb:
++ 98:a9:a3:8d:a0:8c:87:ab:ec:e1:c5:0b:25:e2:e9:a9:08:13:
++ 30:86:1b:e5:b6:ac:03:85:35:0c:9a:5d:5b:82:c4:04:6a:05:
++ 4c:f3:f7:b3:b5:ac:92:3b:46:71:a8:7f:54:c7:96:37:dc:38:
++ 2c:a2:18:23:10:00:de:f8:21:40:52:99:94:ad:b2:b6:e5:87:
++ 8e:29:0b:3b:b3:8a:52:67:54:dc:0a:e9:75:60:33:ff:13:9a:
++ 61:a4:15:0c:d0:6f:de:0d:06:23:a8:44:ad:f0:68:60:93:6b:
++ 75:06:24:5b:47:9a:b9:3a:ef:d9:4f:df:31:d5:65:3a:e2:94:
++ 03:be:88:94:49:7c:6a:d0:da:c0:d0:62:81:f5:61:50:96:5a:
++ d0:ee:22:39
+ -----BEGIN CERTIFICATE-----
+-MIIDRzCCAi+gAwIBAgIGC5iU+3hfMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDRTCCAi2gAwIBAgIGDPpgvFFcMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzcyNFoXDTE4MDgxMzIxMzcyNFowVzELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-FTATBgNVBAMMDGxvY2FsaG9zdC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+-gYEA09RO22NcPzo6XjgJlOZNcJ0Nr0nmgl0Ht/XNoN+vcfHPv9Wava98eF1VPxS9
+-uywOc53WgprV5vYhXQiSonFfgF9czvDCNzd5D0091PKAbUc2RdHSi3ouEnFLR4b1
+-jJmv5w7PtclNenX3snQMQeOruyydb1QIE1o673wn9z8LC3ECAwEAAaOBjDCBiTAX
+-BgNVHREEEDAOggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoG
+-CCsGAQUFBwMBMB0GA1UdDgQWBBSBJvl1zJwtPDZkaEH3BzxmhuVKwTAfBgNVHSME
+-GDAWgBStPuI5B7hcqiaQlEwmaSGD4k42lDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
+-DQEBBQUAA4IBAQBlBYxIFFiMGtSVZxwpUu1abhRBvCsWIMSJOm7Lwf+rYXlfzieT
+-PP8peiVoACcE82gXMPD9/wkOFSolsUUYk6sSjgwTEZq4pHXQFxvK8mZrcxXdi7s0
+-1nDcNBvnejDqUFAviGez+LNVYkR+Pt9ZT6hXg0Cfv1K//SwYbr0MQbd4HJv6xP/D
+-K0akjwwZpz11gSlrzwfwHWXUDhlRh5KoPX6ABIStXk6275oCw4SV7MPooWkfQsva
+-Yxo1b9C6Yp5zNmNYD8wlyFlz3zvCuVraPeE/Ch8PQcSILZIGiNRUgeESV1Ora/jI
+-kD4wTPVyz/DUGHDBeIUwnP6U9BvCbBRJeg4n
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFcxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
++AoGBAKzMEXB0Ke17AESKwEcDUJ1vUbfJe91+7ilnW5Gbx8XmnVk+azMlt3w5fIR5
++3RWY5ydjkxA6OkCg3dAebmD0HqT3HgoLhER35wUWOarevR7HvMnhToyGHD/WzePy
++aAJbF1NJUSmoifPQ4V5xB58VRwhA6axJ5CGsZSkJyqLcnquJAgMBAAGjgYkwgYYw
++FwYDVR0RBBAwDoIMbG9jYWxob3N0Lm5uMAsGA1UdDwQEAwIDqDATBgNVHSUEDDAK
++BggrBgEFBQcDATAdBgNVHQ4EFgQUEq9ERrEEaWFkgzmivV2XK/Qd1GwwHwYDVR0j
++BBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84wCQYDVR0TBAIwADANBgkqhkiG9w0B
++AQUFAAOCAQEARFTX13UUYKUaHR6p3G+xsdgT4hAimvXKtjg82awu3M44vMw4ocyo
++nHM3+baoQofZgCFFgUOdczxnz83Fw5HfYGttafm+oZLMXeq8Z/PHvOpB0RF74/G4
++p42a0CNs3w4qNZhQwaaL0geqpi/LmKmjjaCMh6vs4cULJeLpqQgTMIYb5basA4U1
++DJpdW4LEBGoFTPP3s7WskjtGcah/VMeWN9w4LKIYIxAA3vghQFKZlK2ytuWHjikL
++O7OKUmdU3ArpdWAz/xOaYaQVDNBv3g0GI6hErfBoYJNrdQYkW0eauTrv2U/fMdVl
++OuKUA76IlEl8atDawNBigfVhUJZa0O4iOQ==
+ -----END CERTIFICATE-----
+------BEGIN DH PARAMETERS-----
+-MIGHAoGBAPrtEVPhZfEczB9JnWXbln79YnTh/V6ehXMWe414wyn/VT1ow25sLEev
+-H2+eT84aDp5e+TfBSFjA6or96/lyQvsgAE+cE6f6uuw9ApVG2MK+BCn4snxHBb6G
+-LFQf+9qHZ4BEkpBL60p1fkGu8BM1wXGXEaeYhgGumNA9fm5YJrl7AgEC
+------END DH PARAMETERS-----
+diff --git a/tests/certs/Server-localhost.nn-sv.prm b/tests/certs/Server-localhost.nn-sv.prm
+index e515ea1..399e38a 100644
+--- a/tests/certs/Server-localhost.nn-sv.prm
++++ b/tests/certs/Server-localhost.nn-sv.prm
+@@ -1,11 +1,11 @@
+ extensions = x509v3
+ [ x509v3 ]
+ subjectAltName = DNS:localhost.nn
+-keyUsage = keyEncipherment
++keyUsage = keyEncipherment,digitalSignature,keyAgreement
+ extendedKeyUsage = serverAuth
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid
+-basicConstraints = critical,CA:false
++basicConstraints = CA:false
+ [ req ]
+ default_bits = 1024
+ distinguished_name = req_DN
+diff --git a/tests/certs/Server-localhost0h-sv.crl b/tests/certs/Server-localhost0h-sv.crl
+index 87a1859..319af89 100644
+--- a/tests/certs/Server-localhost0h-sv.crl
++++ b/tests/certs/Server-localhost0h-sv.crl
+@@ -1,14 +1,22 @@
+ -----BEGIN X509 CRL-----
+-MIICDTCB9gIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJOTjExMC8GA1UE
+-CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDElMCMG
+-A1UEAwwcTm90aGVybiBOb3doZXJlIFRydXN0IEFuY2hvchcNMTAwNTI3MjEzNzU0
+-WhcNMTAwNjI2MjEzNzU0WjBLMBcCBguYlPl8ahcNMTAwNTI3MjEzNzExWjAXAgYL
+-mJT7eF8XDTEwMDUyNzIxMzcyNFowFwIGC5iVAAx+Fw0xMDA1MjcyMTM3NTRaoA4w
+-DDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOCAQEAWBL4VhArwJkUv91oyMIo
+-xyyRmVl+1oY5IjEpLGd+mNIgqXuljQmbp8cS8A+jWinJPOWZqvsHa+mLCl4OuwhP
+-JbAtIQ22OQRaVqWRuguG2T1sh3Dd7a1GcupIGKc/zgnY45D4pY4UNZv+KmY3bF0S
+-83zn6YoQtBTzF9y2Nq5R0UTdxl6+j5swpo1ttvQPz40yqIlmjmW/llkaD4UBaegl
+-zSxmnR5xCjAR7nYm+HyWW9SLSWGptUOd32B9TPJPLDhJa9lfBb8H9l5k7kx9ECJG
+-LyujleeXIucfqOgE2cB0zCjExqrGWRp8ZgEWfpdSkDEpXBCDo88TA3dIr2f3Zxwp
+-QA==
++MIIDoTCCAokCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
++BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
++BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0xNTAzMjExNTA3
++MTFaFw0xNTA0MjAxNTA3MTFaMIIB2zAXAgYM+ly45CIXDTE1MDMyMTEzMTQ1N1ow
++FwIGDPpcwXH8Fw0xNTAzMjExMzE1NTNaMBcCBgz6XO7ujBcNMTUwMzIxMTMyMDUx
++WjAXAgYM+lzu7p0XDTE1MDMyMTEzMjA1MVowFwIGDPpc7u6uFw0xNTAzMjExMzIw
++NTFaMBcCBgz6XZyD1RcNMTUwMzIxMTMzOTQ5WjAXAgYM+l4OXa8XDTE1MDMyMTEz
++NTIxNVowFwIGDPpeJlPZFw0xNTAzMjExMzU0NTJaMBcCBgz6XiZT6hcNMTUwMzIx
++MTM1NDUyWjAXAgYM+l4mU/sXDTE1MDMyMTEzNTQ1MlowFwIGDPpemKKEFw0xNTAz
++MjExNDA3MjFaMBcCBgz6XpiilRcNMTUwMzIxMTQwNzIxWjAXAgYM+l6YoqYXDTE1
++MDMyMTE0MDcyMVowFwIGDPpffssxFw0xNTAzMjExNDMyMzBaMBcCBgz6X37yUxcN
++MTUwMzIxMTQzMjMxWjAXAgYM+l9+8mYXDTE1MDMyMTE0MzIzMVowFwIGDPpgvFFL
++Fw0xNTAzMjExNTA3MTFaMBcCBgz6YLxRXBcNMTUwMzIxMTUwNzExWjAXAgYM+mC8
++UW4XDTE1MDMyMTE1MDcxMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
++A4IBAQDER99gBe9w8a9X1pQQnzC87kYnW7R0K8wFr4KqCYP0De8tKxhCGrXaoQDK
++AvHQcT3RpCR5PAK5J1InxlCumJJjvo39OLTsaCbSyoynmAMGCXS0earSL83biquG
++jJ29ROXukT3fGE6HO+cKAaHyHeJa6OZEibmCvCls/YvvQTW2jlceOZmi22AL3jYN
++w6UVHRpbHDHupF5YxhwFG1GVTOd9cuik8CqVxPkOfIxeQbEV+qEiDWzjyy2aU3X7
++dLhZE47P5tYgb8nIsXb5PATqiK9vdv4EOyVKiiCmyFemrGGU7MqbTtTjJVB9nS2R
++QMWLS24xr3IcHt7FOX1w8UF/GXiP
+ -----END X509 CRL-----
+diff --git a/tests/certs/Server-localhost0h-sv.crt b/tests/certs/Server-localhost0h-sv.crt
+index 0dcb5df..b00859a 100644
+--- a/tests/certs/Server-localhost0h-sv.crt
++++ b/tests/certs/Server-localhost0h-sv.crt
+@@ -1,16 +1,15 @@
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:95:00:0c:7e
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311662 (0xcfa60bc516e)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:37:54 2010 GMT
+- Not After : Aug 13 21:37:54 2018 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Jun 7 15:07:11 2023 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+@@ -19,63 +18,63 @@ Certificate:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+- 00:cc:a9:91:2b:22:e8:90:2b:e5:4c:dc:ae:6d:da:
+- 4c:f3:32:cc:a5:68:67:5a:3b:b9:86:a3:95:88:3e:
+- e8:63:c3:ed:00:60:19:03:2b:5d:5b:56:8a:da:21:
+- 5e:71:5c:d1:e3:de:51:18:c1:17:14:b1:33:90:00:
+- 5c:9a:e5:73:0b:a8:88:9c:d0:0b:54:bc:ea:3a:39:
+- dd:f6:65:81:4b:29:99:4c:71:d3:f7:69:7f:80:e8:
+- e8:6d:61:41:83:87:eb:ac:2c:bd:0f:eb:1b:fd:a2:
+- 37:97:6d:31:56:ba:4b:51:dd:b1:01:eb:89:f8:25:
+- de:5b:a3:e5:b2:3f:4c:77:53
++ 00:e3:c7:52:fb:7d:02:b1:a7:0b:4c:2d:a6:2a:b0:
++ 57:6b:5e:0b:f9:9e:4b:e7:d0:ac:55:43:47:fa:b1:
++ e0:fc:b0:63:30:84:31:f5:95:44:90:9a:b7:22:01:
++ 6f:c7:17:16:be:5a:19:ee:47:35:90:a5:5e:27:ba:
++ 86:47:3b:c5:63:d2:f2:c6:a1:db:ac:be:b1:2f:4c:
++ c2:98:86:19:72:d5:f9:12:45:09:bc:23:e2:00:eb:
++ 4d:ba:99:71:b5:4a:fb:49:8c:4d:f3:0b:4e:cf:48:
++ 7b:c8:06:37:92:35:ff:bb:4f:ea:98:af:13:ac:a8:
++ cd:9f:a7:e0:78:db:15:bc:3b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+- Key Encipherment
++ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+- 3B:2B:84:0D:23:3C:46:F9:9B:E5:C2:FA:B7:30:E7:AC:E3:ED:09:C3
++ 23:D7:CE:D8:B2:D0:F8:8E:3C:82:26:6C:F1:F5:2A:8A:48:90:58:66
+ X509v3 Authority Key Identifier:
+- keyid:AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+- X509v3 Basic Constraints: critical
++ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+- a2:fa:61:4e:c0:10:1f:f8:38:2c:fd:a6:74:85:df:8e:ee:41:
+- 90:a1:d7:c9:32:65:5d:61:d5:13:51:3b:11:1c:7b:01:06:70:
+- 9f:93:52:54:15:bd:93:3a:f8:40:e3:e2:ab:01:96:fb:73:c5:
+- 42:2c:ad:ce:e8:52:57:db:b6:15:90:75:e3:e5:75:99:b0:83:
+- ed:b0:fc:f2:d0:d9:3d:68:1c:d9:b4:cd:a1:a9:40:19:44:46:
+- 14:8b:11:6e:2e:1c:65:85:73:45:f0:8b:4f:ea:01:2d:61:0f:
+- ae:0d:70:0c:d3:3c:1c:1f:24:66:a3:0b:62:d1:87:1e:8e:96:
+- f6:43:cf:1c:24:e7:94:d0:7e:b0:ee:1b:6f:14:1f:04:35:e8:
+- fc:3c:c8:9e:e3:6e:0e:4c:7d:a9:23:97:2d:6e:b1:4d:e3:05:
+- 1b:ce:86:2f:2f:b3:c9:60:47:58:ac:ea:4c:cb:c2:7b:0f:08:
+- b8:a7:90:e7:22:32:70:f6:09:3e:f9:54:94:b0:37:50:22:60:
+- 49:1c:84:9e:1a:22:0c:3e:a9:16:7c:5e:b1:50:13:6b:82:14:
+- d3:8a:3d:4d:ed:18:ca:40:59:d6:b9:72:9f:64:e5:0b:e7:a6:
+- b8:ee:29:b5:6a:ec:82:b2:94:56:36:e3:87:b3:07:aa:69:b8:
+- 2c:ef:0c:14
++ 28:b9:77:ea:4a:8d:d6:a5:fb:72:5b:d6:cd:60:40:33:56:bf:
++ dd:23:ff:bf:e8:2e:10:cd:30:ab:24:a4:43:d8:98:71:e3:59:
++ 66:3e:38:bd:b8:fb:19:1a:13:8f:a1:c8:39:93:b5:83:8d:62:
++ 52:a9:7a:5b:0d:69:47:40:5c:51:4c:3a:be:a7:c9:5f:7b:93:
++ 49:20:59:23:30:7c:d9:4a:dd:29:2c:ed:96:fd:cb:b8:13:ff:
++ 36:2c:27:ce:28:c3:a6:d0:d8:ba:8c:38:9f:78:ff:54:c7:76:
++ 05:37:47:f5:d3:55:9c:2c:12:41:81:14:ca:48:a2:b7:6d:05:
++ 49:2b:c5:f5:7b:63:6d:6f:cd:3f:f4:8d:74:51:07:ff:e1:40:
++ d5:96:60:d8:c8:38:5a:15:f9:c5:fd:e1:5e:a3:02:95:90:4b:
++ fc:8a:42:de:72:31:72:3d:dd:a2:df:19:42:c8:fa:a8:77:11:
++ 67:e6:64:8c:d0:fd:45:fd:f0:49:8c:e1:85:e6:f5:1f:47:c6:
++ ae:f2:70:c3:e8:99:d0:cd:9d:88:6b:33:ba:b9:65:3d:f4:b1:
++ f4:d0:3c:76:9c:18:9e:9e:c8:62:29:43:8e:f7:2f:2c:12:37:
++ 39:02:26:4e:4b:b0:14:30:80:bb:2d:cc:fc:93:dc:c9:8b:c0:
++ 69:12:71:36
+ -----BEGIN CERTIFICATE-----
+-MIIDQzCCAiugAwIBAgIGC5iVAAx+MA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDQTCCAimgAwIBAgIGDPpgvFFuMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzc1NFoXDTE4MDgxMzIxMzc1NFowVDELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+-zKmRKyLokCvlTNyubdpM8zLMpWhnWju5hqOViD7oY8PtAGAZAytdW1aK2iFecVzR
+-495RGMEXFLEzkABcmuVzC6iInNALVLzqOjnd9mWBSymZTHHT92l/gOjobWFBg4fr
+-rCy9D+sb/aI3l20xVrpLUd2xAeuJ+CXeW6Plsj9Md1MCAwEAAaOBizCBiDAWBgNV
+-HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
+-BQUHAwEwHQYDVR0OBBYEFDsrhA0jPEb5m+XC+rcw56zj7QnDMB8GA1UdIwQYMBaA
+-FK0+4jkHuFyqJpCUTCZpIYPiTjaUMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
+-BQADggEBAKL6YU7AEB/4OCz9pnSF347uQZCh18kyZV1h1RNROxEcewEGcJ+TUlQV
+-vZM6+EDj4qsBlvtzxUIsrc7oUlfbthWQdePldZmwg+2w/PLQ2T1oHNm0zaGpQBlE
+-RhSLEW4uHGWFc0Xwi0/qAS1hD64NcAzTPBwfJGajC2LRhx6OlvZDzxwk55TQfrDu
+-G28UHwQ16Pw8yJ7jbg5Mfakjly1usU3jBRvOhi8vs8lgR1is6kzLwnsPCLinkOci
+-MnD2CT75VJSwN1AiYEkchJ4aIgw+qRZ8XrFQE2uCFNOKPU3tGMpAWda5cp9k5Qvn
+-prjuKbVq7IKylFY244ezB6ppuCzvDBQ=
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFQxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
++AOPHUvt9ArGnC0wtpiqwV2teC/meS+fQrFVDR/qx4PywYzCEMfWVRJCatyIBb8cX
++Fr5aGe5HNZClXie6hkc7xWPS8sah26y+sS9MwpiGGXLV+RJFCbwj4gDrTbqZcbVK
+++0mMTfMLTs9Ie8gGN5I1/7tP6pivE6yozZ+n4HjbFbw7AgMBAAGjgYgwgYUwFgYD
++VR0RBA8wDYILbG9jYWxob3N0AGgwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsG
++AQUFBwMBMB0GA1UdDgQWBBQj187YstD4jjyCJmzx9SqKSJBYZjAfBgNVHSMEGDAW
++gBQSyrpLRgSndYos6A5UlLwSZaZ7zjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA
++A4IBAQAouXfqSo3WpftyW9bNYEAzVr/dI/+/6C4QzTCrJKRD2Jhx41lmPji9uPsZ
++GhOPocg5k7WDjWJSqXpbDWlHQFxRTDq+p8lfe5NJIFkjMHzZSt0pLO2W/cu4E/82
++LCfOKMOm0Ni6jDifeP9Ux3YFN0f101WcLBJBgRTKSKK3bQVJK8X1e2Ntb80/9I10
++UQf/4UDVlmDYyDhaFfnF/eFeowKVkEv8ikLecjFyPd2i3xlCyPqodxFn5mSM0P1F
++/fBJjOGF5vUfR8au8nDD6JnQzZ2IazO6uWU99LH00Dx2nBienshiKUOO9y8sEjc5
++AiZOS7AUMIC7Lcz8k9zJi8BpEnE2
+ -----END CERTIFICATE-----
+diff --git a/tests/certs/Server-localhost0h-sv.csr b/tests/certs/Server-localhost0h-sv.csr
+index edf776f..d075157 100644
+--- a/tests/certs/Server-localhost0h-sv.csr
++++ b/tests/certs/Server-localhost0h-sv.csr
+@@ -1,11 +1,11 @@
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBkzCB/QIBADBUMQswCQYDVQQGEwJOTjExMC8GA1UECgwoRWRlbCBDdXJsIEFy
+ Y3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDESMBAGA1UEAwwJbG9jYWxob3N0
+-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMqZErIuiQK+VM3K5t2kzzMsyl
+-aGdaO7mGo5WIPuhjw+0AYBkDK11bVoraIV5xXNHj3lEYwRcUsTOQAFya5XMLqIic
+-0AtUvOo6Od32ZYFLKZlMcdP3aX+A6OhtYUGDh+usLL0P6xv9ojeXbTFWuktR3bEB
+-64n4Jd5bo+WyP0x3UwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAPor+2apn3kPJ
+-ZdjyyT/iXETRTrN87PuBaujcV+oVeVSWW+YgGUzDHi+RkEKTxWdz3leW2goE41X9
+-2D/n66ASQGs1x8wXwIMIX83MjkWtjqdfcrJVi1l6T7NjzZt6EyJdvreRntCUu8zc
+-J5tK3rl/tIeudKUE2COc0Ngu9JUB1j8=
++MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjx1L7fQKxpwtMLaYqsFdrXgv5
++nkvn0KxVQ0f6seD8sGMwhDH1lUSQmrciAW/HFxa+WhnuRzWQpV4nuoZHO8Vj0vLG
++odusvrEvTMKYhhly1fkSRQm8I+IA6026mXG1SvtJjE3zC07PSHvIBjeSNf+7T+qY
++rxOsqM2fp+B42xW8OwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAC6NxWuiENuj/
++oPsopZy/tVZzbioXZP/S9ECCbdgy33bg9zKwQYLeHOSgXxJzES+RhJwQCliFV17j
++jM1CH7heggwkPAx5KelyZ20DeoeaYOi/xv7TjozrZ+EkmivHKBJi3+qNjNYH0ul9
++HhQBO5+sSDAGLMkWL/nAfYKbf/8KSvA=
+ -----END CERTIFICATE REQUEST-----
+diff --git a/tests/certs/Server-localhost0h-sv.dhp b/tests/certs/Server-localhost0h-sv.dhp
+index 99e6107..e69de29 100644
+--- a/tests/certs/Server-localhost0h-sv.dhp
++++ b/tests/certs/Server-localhost0h-sv.dhp
+@@ -1,5 +0,0 @@
+------BEGIN DH PARAMETERS-----
+-MIGHAoGBAL/3hRxvWX+Mdyu/aBPU1JeeA5sg4nXtA7B24eCql9Tq53Lks1/HJ5B+
+-xSapGAFd+22xhBsNkJihf74oiPEVr9nNoLjFV/DZe259+JYgs+pBTFN+Cp13ALUi
+-CeZxX2mlxlstD1SBRTKgxA/j4ttR1Chn8knn+RVdFE9YFKCYPyLrAgEC
+------END DH PARAMETERS-----
+diff --git a/tests/certs/Server-localhost0h-sv.key b/tests/certs/Server-localhost0h-sv.key
+index 95c4666..5fcc9c5 100644
+--- a/tests/certs/Server-localhost0h-sv.key
++++ b/tests/certs/Server-localhost0h-sv.key
+@@ -1,15 +1,15 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXAIBAAKBgQDMqZErIuiQK+VM3K5t2kzzMsylaGdaO7mGo5WIPuhjw+0AYBkD
+-K11bVoraIV5xXNHj3lEYwRcUsTOQAFya5XMLqIic0AtUvOo6Od32ZYFLKZlMcdP3
+-aX+A6OhtYUGDh+usLL0P6xv9ojeXbTFWuktR3bEB64n4Jd5bo+WyP0x3UwIDAQAB
+-AoGAGT+OBilPUYHoztumtSyqM5J/xqQjo/EcSSzjJKTGHJCuK06vp0FxSfRaOuDE
+-+u09g4QIsyoXA9l8h/ZTdlR6Jax5nc+iRFs/21isrgKAsZYj4DghjgXJ9LWGHXnb
+-7xstVFkFBGnOaeY7dVr54907TYUQwtJg4fk7Vror05gb1qECQQDykAxr2D/CxLk9
+-RjWDi/P6JnfF0ZxZzCe0yATvuZ89+rpWQ5uxEJDq5FqwW4QXX+0G2aWDv64YExPS
+-JmWQTlojAkEA2AAHDv2KBWFcXeTlWnKZTdzUOniE8PzS5zipi2ssiqXScrj9NX2U
+-yCCOkv/42blPXBKbaVnfWBEhtj7pQxHJEQJBAOTvXjnfVXafs/IINPPegLyF2B/G
+-EZqTXJp8+mPEP28BGSPYFbdN2mlIc+vlxEtHh3AitdweatNgFiIPiWZk/R8CQEIf
+-EAoYtw2alknv7f3YIvHg7d7QUfHrkyxQ/iW9sy7mQBv6YRjkzozM2phJX4ZW4eJP
+-l9+SMXqmE+nULFfps+ECQFVkjPDF065x++Fh3BVtNJ0goYStTJM6IcmYKflap+Ux
+-cORZUWJ8tvDavlSSwQQYK8kOVTINC6iFwwEQ41HlYLE=
++MIICXAIBAAKBgQDjx1L7fQKxpwtMLaYqsFdrXgv5nkvn0KxVQ0f6seD8sGMwhDH1
++lUSQmrciAW/HFxa+WhnuRzWQpV4nuoZHO8Vj0vLGodusvrEvTMKYhhly1fkSRQm8
++I+IA6026mXG1SvtJjE3zC07PSHvIBjeSNf+7T+qYrxOsqM2fp+B42xW8OwIDAQAB
++AoGAHdkk2qfLDpShOl5RBA8PpZYxY4iG0d3ad2HVsNhWb0Z9+QGZumDRF1Hu5Zni
++l+hCprcP5tWWA1poODSNHBCNEQRYZcHrfZlh+sDiV6ZmexBg7x9D5azyRbn20vr1
++79UxmisRxnDQQHCfOmgZtgs1EZXnFOs0OotoZAHFr+GLtQECQQD+R2TaWMCEPKJc
++IswGBqLGL8cyy+v2d5Glt5l+xzb/KCdY9cbOR/B9wq//0Nvqyiq1I1jUBVw9NJi/
++eBx/OYxhAkEA5VIC6uMpIck0Qxpbj7/H3k2pBf1HROgmLEq+cVLFgY62CIpTgleO
++SAzTmn0vDXir0jQHJn+JTokvn0PxyNquGwJBAJW+77rSl5WIq8j8yRAnakayrmnQ
++w8ZjBggExsVthorfV8TBAPJMVWmKdOF/W3O62UnRZid+fKKize28S3P1LSECQDF8
++3FJSSWsYH6YnhwDjkz9fJQ281eeB7dL7IlQUV7kY0iHPsCvdtz/HPNcHEuNmWjYX
++sj9VoI0JP/Sv1frRbmcCQDPaeWowPGf1Xtj0oTSlA6KQsKZPO7t15nivgX/AnZWQ
++01l8q6GPHeYwyG/caD3BZwAavsVLg9nhKx0lf0wExM0=
+ -----END RSA PRIVATE KEY-----
+diff --git a/tests/certs/Server-localhost0h-sv.pem b/tests/certs/Server-localhost0h-sv.pem
+index 45be9c3..a953370 100644
+--- a/tests/certs/Server-localhost0h-sv.pem
++++ b/tests/certs/Server-localhost0h-sv.pem
+@@ -2,11 +2,11 @@ extensions = x509v3
+ [ x509v3 ]
+ #subjectAltName = DNS:localhost\0h
+ subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
+-keyUsage = keyEncipherment
++keyUsage = keyEncipherment,digitalSignature,keyAgreement
+ extendedKeyUsage = serverAuth
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid
+-basicConstraints = critical,CA:false
++basicConstraints = CA:false
+ [ req ]
+ default_bits = 1024
+ distinguished_name = req_DN
+@@ -25,33 +25,32 @@ commonName_value = localhost
+ # the certificate
+ # some dhparam
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXAIBAAKBgQDMqZErIuiQK+VM3K5t2kzzMsylaGdaO7mGo5WIPuhjw+0AYBkD
+-K11bVoraIV5xXNHj3lEYwRcUsTOQAFya5XMLqIic0AtUvOo6Od32ZYFLKZlMcdP3
+-aX+A6OhtYUGDh+usLL0P6xv9ojeXbTFWuktR3bEB64n4Jd5bo+WyP0x3UwIDAQAB
+-AoGAGT+OBilPUYHoztumtSyqM5J/xqQjo/EcSSzjJKTGHJCuK06vp0FxSfRaOuDE
+-+u09g4QIsyoXA9l8h/ZTdlR6Jax5nc+iRFs/21isrgKAsZYj4DghjgXJ9LWGHXnb
+-7xstVFkFBGnOaeY7dVr54907TYUQwtJg4fk7Vror05gb1qECQQDykAxr2D/CxLk9
+-RjWDi/P6JnfF0ZxZzCe0yATvuZ89+rpWQ5uxEJDq5FqwW4QXX+0G2aWDv64YExPS
+-JmWQTlojAkEA2AAHDv2KBWFcXeTlWnKZTdzUOniE8PzS5zipi2ssiqXScrj9NX2U
+-yCCOkv/42blPXBKbaVnfWBEhtj7pQxHJEQJBAOTvXjnfVXafs/IINPPegLyF2B/G
+-EZqTXJp8+mPEP28BGSPYFbdN2mlIc+vlxEtHh3AitdweatNgFiIPiWZk/R8CQEIf
+-EAoYtw2alknv7f3YIvHg7d7QUfHrkyxQ/iW9sy7mQBv6YRjkzozM2phJX4ZW4eJP
+-l9+SMXqmE+nULFfps+ECQFVkjPDF065x++Fh3BVtNJ0goYStTJM6IcmYKflap+Ux
+-cORZUWJ8tvDavlSSwQQYK8kOVTINC6iFwwEQ41HlYLE=
++MIICXAIBAAKBgQDjx1L7fQKxpwtMLaYqsFdrXgv5nkvn0KxVQ0f6seD8sGMwhDH1
++lUSQmrciAW/HFxa+WhnuRzWQpV4nuoZHO8Vj0vLGodusvrEvTMKYhhly1fkSRQm8
++I+IA6026mXG1SvtJjE3zC07PSHvIBjeSNf+7T+qYrxOsqM2fp+B42xW8OwIDAQAB
++AoGAHdkk2qfLDpShOl5RBA8PpZYxY4iG0d3ad2HVsNhWb0Z9+QGZumDRF1Hu5Zni
++l+hCprcP5tWWA1poODSNHBCNEQRYZcHrfZlh+sDiV6ZmexBg7x9D5azyRbn20vr1
++79UxmisRxnDQQHCfOmgZtgs1EZXnFOs0OotoZAHFr+GLtQECQQD+R2TaWMCEPKJc
++IswGBqLGL8cyy+v2d5Glt5l+xzb/KCdY9cbOR/B9wq//0Nvqyiq1I1jUBVw9NJi/
++eBx/OYxhAkEA5VIC6uMpIck0Qxpbj7/H3k2pBf1HROgmLEq+cVLFgY62CIpTgleO
++SAzTmn0vDXir0jQHJn+JTokvn0PxyNquGwJBAJW+77rSl5WIq8j8yRAnakayrmnQ
++w8ZjBggExsVthorfV8TBAPJMVWmKdOF/W3O62UnRZid+fKKize28S3P1LSECQDF8
++3FJSSWsYH6YnhwDjkz9fJQ281eeB7dL7IlQUV7kY0iHPsCvdtz/HPNcHEuNmWjYX
++sj9VoI0JP/Sv1frRbmcCQDPaeWowPGf1Xtj0oTSlA6KQsKZPO7t15nivgX/AnZWQ
++01l8q6GPHeYwyG/caD3BZwAavsVLg9nhKx0lf0wExM0=
+ -----END RSA PRIVATE KEY-----
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+- Serial Number:
+- 0b:98:95:00:0c:7e
+- Signature Algorithm: sha1WithRSAEncryption
++ Serial Number: 14269504311662 (0xcfa60bc516e)
++ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+- commonName = Nothern Nowhere Trust Anchor
++ commonName = Northern Nowhere Trust Anchor
+ Validity
+- Not Before: May 27 21:37:54 2010 GMT
+- Not After : Aug 13 21:37:54 2018 GMT
++ Not Before: Mar 21 15:07:11 2015 GMT
++ Not After : Jun 7 15:07:11 2023 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research Cloud
+@@ -60,68 +59,63 @@ Certificate:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+- 00:cc:a9:91:2b:22:e8:90:2b:e5:4c:dc:ae:6d:da:
+- 4c:f3:32:cc:a5:68:67:5a:3b:b9:86:a3:95:88:3e:
+- e8:63:c3:ed:00:60:19:03:2b:5d:5b:56:8a:da:21:
+- 5e:71:5c:d1:e3:de:51:18:c1:17:14:b1:33:90:00:
+- 5c:9a:e5:73:0b:a8:88:9c:d0:0b:54:bc:ea:3a:39:
+- dd:f6:65:81:4b:29:99:4c:71:d3:f7:69:7f:80:e8:
+- e8:6d:61:41:83:87:eb:ac:2c:bd:0f:eb:1b:fd:a2:
+- 37:97:6d:31:56:ba:4b:51:dd:b1:01:eb:89:f8:25:
+- de:5b:a3:e5:b2:3f:4c:77:53
++ 00:e3:c7:52:fb:7d:02:b1:a7:0b:4c:2d:a6:2a:b0:
++ 57:6b:5e:0b:f9:9e:4b:e7:d0:ac:55:43:47:fa:b1:
++ e0:fc:b0:63:30:84:31:f5:95:44:90:9a:b7:22:01:
++ 6f:c7:17:16:be:5a:19:ee:47:35:90:a5:5e:27:ba:
++ 86:47:3b:c5:63:d2:f2:c6:a1:db:ac:be:b1:2f:4c:
++ c2:98:86:19:72:d5:f9:12:45:09:bc:23:e2:00:eb:
++ 4d:ba:99:71:b5:4a:fb:49:8c:4d:f3:0b:4e:cf:48:
++ 7b:c8:06:37:92:35:ff:bb:4f:ea:98:af:13:ac:a8:
++ cd:9f:a7:e0:78:db:15:bc:3b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost
+ X509v3 Key Usage:
+- Key Encipherment
++ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+- 3B:2B:84:0D:23:3C:46:F9:9B:E5:C2:FA:B7:30:E7:AC:E3:ED:09:C3
++ 23:D7:CE:D8:B2:D0:F8:8E:3C:82:26:6C:F1:F5:2A:8A:48:90:58:66
+ X509v3 Authority Key Identifier:
+- keyid:AD:3E:E2:39:07:B8:5C:AA:26:90:94:4C:26:69:21:83:E2:4E:36:94
++ keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+- X509v3 Basic Constraints: critical
++ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+- a2:fa:61:4e:c0:10:1f:f8:38:2c:fd:a6:74:85:df:8e:ee:41:
+- 90:a1:d7:c9:32:65:5d:61:d5:13:51:3b:11:1c:7b:01:06:70:
+- 9f:93:52:54:15:bd:93:3a:f8:40:e3:e2:ab:01:96:fb:73:c5:
+- 42:2c:ad:ce:e8:52:57:db:b6:15:90:75:e3:e5:75:99:b0:83:
+- ed:b0:fc:f2:d0:d9:3d:68:1c:d9:b4:cd:a1:a9:40:19:44:46:
+- 14:8b:11:6e:2e:1c:65:85:73:45:f0:8b:4f:ea:01:2d:61:0f:
+- ae:0d:70:0c:d3:3c:1c:1f:24:66:a3:0b:62:d1:87:1e:8e:96:
+- f6:43:cf:1c:24:e7:94:d0:7e:b0:ee:1b:6f:14:1f:04:35:e8:
+- fc:3c:c8:9e:e3:6e:0e:4c:7d:a9:23:97:2d:6e:b1:4d:e3:05:
+- 1b:ce:86:2f:2f:b3:c9:60:47:58:ac:ea:4c:cb:c2:7b:0f:08:
+- b8:a7:90:e7:22:32:70:f6:09:3e:f9:54:94:b0:37:50:22:60:
+- 49:1c:84:9e:1a:22:0c:3e:a9:16:7c:5e:b1:50:13:6b:82:14:
+- d3:8a:3d:4d:ed:18:ca:40:59:d6:b9:72:9f:64:e5:0b:e7:a6:
+- b8:ee:29:b5:6a:ec:82:b2:94:56:36:e3:87:b3:07:aa:69:b8:
+- 2c:ef:0c:14
++ 28:b9:77:ea:4a:8d:d6:a5:fb:72:5b:d6:cd:60:40:33:56:bf:
++ dd:23:ff:bf:e8:2e:10:cd:30:ab:24:a4:43:d8:98:71:e3:59:
++ 66:3e:38:bd:b8:fb:19:1a:13:8f:a1:c8:39:93:b5:83:8d:62:
++ 52:a9:7a:5b:0d:69:47:40:5c:51:4c:3a:be:a7:c9:5f:7b:93:
++ 49:20:59:23:30:7c:d9:4a:dd:29:2c:ed:96:fd:cb:b8:13:ff:
++ 36:2c:27:ce:28:c3:a6:d0:d8:ba:8c:38:9f:78:ff:54:c7:76:
++ 05:37:47:f5:d3:55:9c:2c:12:41:81:14:ca:48:a2:b7:6d:05:
++ 49:2b:c5:f5:7b:63:6d:6f:cd:3f:f4:8d:74:51:07:ff:e1:40:
++ d5:96:60:d8:c8:38:5a:15:f9:c5:fd:e1:5e:a3:02:95:90:4b:
++ fc:8a:42:de:72:31:72:3d:dd:a2:df:19:42:c8:fa:a8:77:11:
++ 67:e6:64:8c:d0:fd:45:fd:f0:49:8c:e1:85:e6:f5:1f:47:c6:
++ ae:f2:70:c3:e8:99:d0:cd:9d:88:6b:33:ba:b9:65:3d:f4:b1:
++ f4:d0:3c:76:9c:18:9e:9e:c8:62:29:43:8e:f7:2f:2c:12:37:
++ 39:02:26:4e:4b:b0:14:30:80:bb:2d:cc:fc:93:dc:c9:8b:c0:
++ 69:12:71:36
+ -----BEGIN CERTIFICATE-----
+-MIIDQzCCAiugAwIBAgIGC5iVAAx+MA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT
++MIIDQTCCAimgAwIBAgIGDPpgvFFuMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+ Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+-IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
+-DTEwMDUyNzIxMzc1NFoXDTE4MDgxMzIxMzc1NFowVDELMAkGA1UEBhMCTk4xMTAv
+-BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
+-EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+-zKmRKyLokCvlTNyubdpM8zLMpWhnWju5hqOViD7oY8PtAGAZAytdW1aK2iFecVzR
+-495RGMEXFLEzkABcmuVzC6iInNALVLzqOjnd9mWBSymZTHHT92l/gOjobWFBg4fr
+-rCy9D+sb/aI3l20xVrpLUd2xAeuJ+CXeW6Plsj9Md1MCAwEAAaOBizCBiDAWBgNV
+-HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
+-BQUHAwEwHQYDVR0OBBYEFDsrhA0jPEb5m+XC+rcw56zj7QnDMB8GA1UdIwQYMBaA
+-FK0+4jkHuFyqJpCUTCZpIYPiTjaUMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
+-BQADggEBAKL6YU7AEB/4OCz9pnSF347uQZCh18kyZV1h1RNROxEcewEGcJ+TUlQV
+-vZM6+EDj4qsBlvtzxUIsrc7oUlfbthWQdePldZmwg+2w/PLQ2T1oHNm0zaGpQBlE
+-RhSLEW4uHGWFc0Xwi0/qAS1hD64NcAzTPBwfJGajC2LRhx6OlvZDzxwk55TQfrDu
+-G28UHwQ16Pw8yJ7jbg5Mfakjly1usU3jBRvOhi8vs8lgR1is6kzLwnsPCLinkOci
+-MnD2CT75VJSwN1AiYEkchJ4aIgw+qRZ8XrFQE2uCFNOKPU3tGMpAWda5cp9k5Qvn
+-prjuKbVq7IKylFY244ezB6ppuCzvDBQ=
++IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
++Fw0xNTAzMjExNTA3MTFaFw0yMzA2MDcxNTA3MTFaMFQxCzAJBgNVBAYTAk5OMTEw
++LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
++MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
++AOPHUvt9ArGnC0wtpiqwV2teC/meS+fQrFVDR/qx4PywYzCEMfWVRJCatyIBb8cX
++Fr5aGe5HNZClXie6hkc7xWPS8sah26y+sS9MwpiGGXLV+RJFCbwj4gDrTbqZcbVK
+++0mMTfMLTs9Ie8gGN5I1/7tP6pivE6yozZ+n4HjbFbw7AgMBAAGjgYgwgYUwFgYD
++VR0RBA8wDYILbG9jYWxob3N0AGgwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsG
++AQUFBwMBMB0GA1UdDgQWBBQj187YstD4jjyCJmzx9SqKSJBYZjAfBgNVHSMEGDAW
++gBQSyrpLRgSndYos6A5UlLwSZaZ7zjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA
++A4IBAQAouXfqSo3WpftyW9bNYEAzVr/dI/+/6C4QzTCrJKRD2Jhx41lmPji9uPsZ
++GhOPocg5k7WDjWJSqXpbDWlHQFxRTDq+p8lfe5NJIFkjMHzZSt0pLO2W/cu4E/82
++LCfOKMOm0Ni6jDifeP9Ux3YFN0f101WcLBJBgRTKSKK3bQVJK8X1e2Ntb80/9I10
++UQf/4UDVlmDYyDhaFfnF/eFeowKVkEv8ikLecjFyPd2i3xlCyPqodxFn5mSM0P1F
++/fBJjOGF5vUfR8au8nDD6JnQzZ2IazO6uWU99LH00Dx2nBienshiKUOO9y8sEjc5
++AiZOS7AUMIC7Lcz8k9zJi8BpEnE2
+ -----END CERTIFICATE-----
+------BEGIN DH PARAMETERS-----
+-MIGHAoGBAL/3hRxvWX+Mdyu/aBPU1JeeA5sg4nXtA7B24eCql9Tq53Lks1/HJ5B+
+-xSapGAFd+22xhBsNkJihf74oiPEVr9nNoLjFV/DZe259+JYgs+pBTFN+Cp13ALUi
+-CeZxX2mlxlstD1SBRTKgxA/j4ttR1Chn8knn+RVdFE9YFKCYPyLrAgEC
+------END DH PARAMETERS-----
+diff --git a/tests/certs/Server-localhost0h-sv.prm b/tests/certs/Server-localhost0h-sv.prm
+index 5e8944b..619d825 100644
+--- a/tests/certs/Server-localhost0h-sv.prm
++++ b/tests/certs/Server-localhost0h-sv.prm
+@@ -2,11 +2,11 @@ extensions = x509v3
+ [ x509v3 ]
+ #subjectAltName = DNS:localhost\0h
+ subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68
+-keyUsage = keyEncipherment
++keyUsage = keyEncipherment,digitalSignature,keyAgreement
+ extendedKeyUsage = serverAuth
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid
+-basicConstraints = critical,CA:false
++basicConstraints = CA:false
+ [ req ]
+ default_bits = 1024
+ distinguished_name = req_DN
+--
+2.14.3
+
diff --git a/SOURCES/0059-curl-7.29.0-tlsauthtype-doc.patch b/SOURCES/0059-curl-7.29.0-tlsauthtype-doc.patch
new file mode 100644
index 0000000..5296f63
--- /dev/null
+++ b/SOURCES/0059-curl-7.29.0-tlsauthtype-doc.patch
@@ -0,0 +1,32 @@
+From 3ba5c596cb6610c883335a07c0e04335b8372563 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 12 Feb 2018 13:31:59 +0100
+Subject: [PATCH] tlsauthtype.d: works only if libcurl is built with TLS-SRP
+ support
+
+Bug: https://bugzilla.redhat.com/1542256
+
+Closes #2306
+
+Upstream-commit: 08029a7e73f8768b1b4e37876b34c6ff6ef32ece
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ docs/curl.1 | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index 7906f1f..a26b03c 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -1446,6 +1446,8 @@ If this option is used several times, the last one will be used.
+ Set TLS authentication type. Currently, the only supported option is "SRP",
+ for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
+ specified but \fI--tlsauthtype\fP is not, then this option defaults to "SRP".
++This option works only if the underlying libcurl is built with TLS-SRP support,
++which requires OpenSSL or GnuTLS with TLS-SRP support.
+ (Added in 7.21.4)
+ .IP "--tlspassword <password>"
+ Set password for use with the TLS authentication method specified with
+--
+2.14.3
+
diff --git a/SOURCES/0060-curl-7.29.0-CVE-2018-1000007.patch b/SOURCES/0060-curl-7.29.0-CVE-2018-1000007.patch
new file mode 100644
index 0000000..616a65e
--- /dev/null
+++ b/SOURCES/0060-curl-7.29.0-CVE-2018-1000007.patch
@@ -0,0 +1,322 @@
+From e6968d1d220891230bcca5340bfd364183ceaa31 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 19 Jan 2018 13:19:25 +0100
+Subject: [PATCH] http: prevent custom Authorization headers in redirects
+
+... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
+curl already handles Authorization headers created internally.
+
+Note: this changes behavior slightly, for the sake of reducing mistakes.
+
+Added test 317 and 318 to verify.
+
+Reported-by: Craig de Stigter
+Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
+
+Upstream-commit: af32cd3859336ab963591ca0df9b1e33a7ee066b
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ docs/libcurl/curl_easy_setopt.3 | 10 +++++
+ lib/http.c | 10 ++++-
+ lib/url.c | 2 +-
+ lib/urldata.h | 2 +-
+ tests/data/Makefile.am | 3 +-
+ tests/data/test317 | 94 ++++++++++++++++++++++++++++++++++++++++
+ tests/data/test318 | 95 +++++++++++++++++++++++++++++++++++++++++
+ 7 files changed, 212 insertions(+), 4 deletions(-)
+ create mode 100644 tests/data/test317
+ create mode 100644 tests/data/test318
+
+diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
+index 4ce8207..cbebfba 100644
+--- a/docs/libcurl/curl_easy_setopt.3
++++ b/docs/libcurl/curl_easy_setopt.3
+@@ -67,6 +67,16 @@ this when you debug/report problems. Another neat option for debugging is the
+ A parameter set to 1 tells the library to include the header in the body
+ output. This is only relevant for protocols that actually have headers
+ preceding the data (like HTTP).
++
++Custom headers are sent in all requests done by the easy handles, which
++implies that if you tell libcurl to follow redirects
++(\fICURLOPT_FOLLOWLOCATION(3)\fP), the same set of custom headers will be sent
++in the subsequent request. Redirects can of course go to other hosts and thus
++those servers will get all the contents of your custom headers too.
++
++Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
++from being sent to other hosts than the first used one, unless specifically
++permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
+ .IP CURLOPT_NOPROGRESS
+ Pass a long. If set to 1, it tells the library to shut off the progress meter
+ completely. It will also prevent the \fICURLOPT_PROGRESSFUNCTION\fP from
+diff --git a/lib/http.c b/lib/http.c
+index b73e58c..c15208d 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -666,7 +666,7 @@ Curl_http_output_auth(struct connectdata *conn,
+ if(!data->state.this_is_a_follow ||
+ conn->bits.netrc ||
+ !data->state.first_host ||
+- data->set.http_disable_hostname_check_before_authentication ||
++ data->set.allow_auth_to_other_hosts ||
+ Curl_raw_equal(data->state.first_host, conn->host.name)) {
+ result = output_auth_headers(conn, authhost, request, path, FALSE);
+ }
+@@ -1550,6 +1550,14 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
+ Connection: */
+ checkprefix("Connection", headers->data))
+ ;
++ else if(checkprefix("Authorization:", headers->data) &&
++ /* be careful of sending this potentially sensitive header to
++ other hosts */
++ (conn->data->state.this_is_a_follow &&
++ conn->data->state.first_host &&
++ !conn->data->set.allow_auth_to_other_hosts &&
++ !strequal(conn->data->state.first_host, conn->host.name)))
++ ;
+ else {
+ CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",
+ headers->data);
+diff --git a/lib/url.c b/lib/url.c
+index 71d4d8b..ba53131 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -912,7 +912,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+ * Send authentication (user+password) when following locations, even when
+ * hostname changed.
+ */
+- data->set.http_disable_hostname_check_before_authentication =
++ data->set.allow_auth_to_other_hosts =
+ (0 != va_arg(param, long))?TRUE:FALSE;
+ break;
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index b4f18e7..1dd62ae 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1528,7 +1528,7 @@ struct UserDefined {
+ bool http_fail_on_error; /* fail on HTTP error codes >= 300 */
+ bool http_follow_location; /* follow HTTP redirects */
+ bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
+- bool http_disable_hostname_check_before_authentication;
++ bool allow_auth_to_other_hosts;
+ bool include_header; /* include received protocol headers in data output */
+ bool http_set_referer; /* is a custom referer used */
+ bool http_auto_referer; /* set "correct" referer when following location: */
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 3b31581..56cb286 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -36,7 +36,8 @@ test276 test277 test278 test279 test280 test281 test282 test283 test284 \
+ test285 test286 test287 test288 test289 test290 test291 test292 test293 \
+ test294 test295 test296 test297 test298 test299 test300 test301 test302 \
+ test303 test304 test305 test306 test307 test308 test309 test310 test311 \
+-test312 test313 test320 test321 test322 test323 test324 test350 test351 \
++test312 test313 test317 test318 \
++test320 test321 test322 test323 test324 test350 test351 \
+ test352 test353 test354 test400 test401 test402 test403 test404 test405 \
+ test406 test407 test408 test409 test500 test501 test502 test503 test504 \
+ test505 test506 test507 test508 test510 test511 test512 test513 test514 \
+diff --git a/tests/data/test317 b/tests/data/test317
+new file mode 100644
+index 0000000..c6d8697
+--- /dev/null
++++ b/tests/data/test317
+@@ -0,0 +1,94 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP proxy
++HTTP Basic auth
++HTTP proxy Basic auth
++followlocation
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 302 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Location: http://goto.second.host.now/3170002
++Content-Length: 8
++Connection: close
++
++contents
++</data>
++<data2>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Content-Length: 9
++
++contents
++</data2>
++
++<datacheck>
++HTTP/1.1 302 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Location: http://goto.second.host.now/3170002
++Content-Length: 8
++Connection: close
++
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Content-Length: 9
++
++contents
++</datacheck>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP with custom Authorization: and redirect to new host
++ </name>
++ <command>
++http://first.host.it.is/we/want/that/page/317 -x %HOSTIP:%HTTPPORT -H "Authorization: s3cr3t" --proxy-user testing:this --location
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++GET http://first.host.it.is/we/want/that/page/317 HTTP/1.1
++Proxy-Authorization: Basic dGVzdGluZzp0aGlz
++Host: first.host.it.is
++Accept: */*
++Proxy-Connection: Keep-Alive
++Authorization: s3cr3t
++
++GET http://goto.second.host.now/3170002 HTTP/1.1
++Proxy-Authorization: Basic dGVzdGluZzp0aGlz
++Host: goto.second.host.now
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test318 b/tests/data/test318
+new file mode 100644
+index 0000000..838d1ba
+--- /dev/null
++++ b/tests/data/test318
+@@ -0,0 +1,95 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP proxy
++HTTP Basic auth
++HTTP proxy Basic auth
++followlocation
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 302 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Location: http://goto.second.host.now/3180002
++Content-Length: 8
++Connection: close
++
++contents
++</data>
++<data2>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Content-Length: 9
++
++contents
++</data2>
++
++<datacheck>
++HTTP/1.1 302 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Location: http://goto.second.host.now/3180002
++Content-Length: 8
++Connection: close
++
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake swsclose
++Content-Type: text/html
++Funny-head: yesyes
++Content-Length: 9
++
++contents
++</datacheck>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP with custom Authorization: and redirect to new host
++ </name>
++ <command>
++http://first.host.it.is/we/want/that/page/318 -x %HOSTIP:%HTTPPORT -H "Authorization: s3cr3t" --proxy-user testing:this --location-trusted
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++GET http://first.host.it.is/we/want/that/page/318 HTTP/1.1
++Proxy-Authorization: Basic dGVzdGluZzp0aGlz
++Host: first.host.it.is
++Accept: */*
++Proxy-Connection: Keep-Alive
++Authorization: s3cr3t
++
++GET http://goto.second.host.now/3180002 HTTP/1.1
++Proxy-Authorization: Basic dGVzdGluZzp0aGlz
++Host: goto.second.host.now
++Accept: */*
++Proxy-Connection: Keep-Alive
++Authorization: s3cr3t
++
++</protocol>
++</verify>
++</testcase>
+--
+2.13.6
+
diff --git a/SOURCES/0061-curl-7.29.0-CVE-2018-1000122.patch b/SOURCES/0061-curl-7.29.0-CVE-2018-1000122.patch
new file mode 100644
index 0000000..74e9fa7
--- /dev/null
+++ b/SOURCES/0061-curl-7.29.0-CVE-2018-1000122.patch
@@ -0,0 +1,667 @@
+From 9f163418fabbe6219ab04cfe9bf81d2f33bd54d7 Mon Sep 17 00:00:00 2001
+From: Richy Kim <richy@fb.com>
+Date: Tue, 20 Dec 2016 05:48:15 -0500
+Subject: [PATCH 1/7] CURLOPT_BUFFERSIZE: support enlarging receive buffer
+
+Replace use of fixed macro BUFSIZE to define the size of the receive
+buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
+buffer size. Upon setting, resize buffer if larger than the current
+default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
+like SFTP.
+
+Closes #1222
+
+Upstream-commit: 6b7616690e5370c21e3a760321af6bf4edbabfb6
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ docs/libcurl/curl_easy_setopt.3 | 12 ++++++------
+ docs/libcurl/symbols-in-versions | 1 +
+ include/curl/curl.h | 5 +++++
+ lib/easy.c | 6 ++++++
+ lib/file.c | 2 +-
+ lib/ftp.c | 4 ++--
+ lib/http.c | 3 ++-
+ lib/telnet.c | 5 +++--
+ lib/url.c | 28 +++++++++++++++++++++++-----
+ lib/urldata.h | 5 ++++-
+ 10 files changed, 53 insertions(+), 18 deletions(-)
+
+diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
+index cbebfba..17b632f 100644
+--- a/docs/libcurl/curl_easy_setopt.3
++++ b/docs/libcurl/curl_easy_setopt.3
+@@ -938,12 +938,12 @@ to using the share interface instead! See \fICURLOPT_SHARE\fP and
+ .IP CURLOPT_BUFFERSIZE
+ Pass a long specifying your preferred size (in bytes) for the receive buffer
+ in libcurl. The main point of this would be that the write callback gets
+-called more often and with smaller chunks. This is just treated as a request,
+-not an order. You cannot be guaranteed to actually get the given size. (Added
+-in 7.10)
+-
+-This size is by default set as big as possible (CURL_MAX_WRITE_SIZE), so it
+-only makes sense to use this option if you want it smaller.
++called more often and with smaller chunks. Secondly, for some protocols,
++there's a benefit of having a larger buffer for performance. This is just
++treated as a request, not an order. You cannot be guaranteed to actually get
++the given size. This buffer size is by default \fICURL_MAX_WRITE_SIZE\fP
++(16kB). The maximum buffer size allowed to set is \fICURL_MAX_READ_SIZE\fP
++(512kB). (Added in 7.10)
+ .IP CURLOPT_PORT
+ Pass a long specifying what remote port number to connect to, instead of the
+ one specified in the URL or the default port for the used protocol.
+diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
+index b0b6232..e2cce4c 100644
+--- a/docs/libcurl/symbols-in-versions
++++ b/docs/libcurl/symbols-in-versions
+@@ -639,6 +639,7 @@ CURL_LOCK_TYPE_DNS 7.10 - 7.10.2
+ CURL_LOCK_TYPE_NONE 7.10 - 7.10.2
+ CURL_LOCK_TYPE_SSL_SESSION 7.10 - 7.10.2
+ CURL_MAX_HTTP_HEADER 7.19.7
++CURL_MAX_READ_SIZE 7.53.0
+ CURL_MAX_WRITE_SIZE 7.9.7
+ CURL_NETRC_IGNORED 7.9.8
+ CURL_NETRC_OPTIONAL 7.9.8
+diff --git a/include/curl/curl.h b/include/curl/curl.h
+index 0375a64..8b639fa 100644
+--- a/include/curl/curl.h
++++ b/include/curl/curl.h
+@@ -170,6 +170,11 @@ typedef int (*curl_progress_callback)(void *clientp,
+ double ultotal,
+ double ulnow);
+
++#ifndef CURL_MAX_READ_SIZE
++ /* The maximum receive buffer size configurable via CURLOPT_BUFFERSIZE. */
++#define CURL_MAX_READ_SIZE 524288
++#endif
++
+ #ifndef CURL_MAX_WRITE_SIZE
+ /* Tests have proven that 20K is a very bad buffer size for uploads on
+ Windows, while 16K for some odd reason performed a lot better.
+diff --git a/lib/easy.c b/lib/easy.c
+index 0e9ba18..5d4d5ae 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -563,6 +563,11 @@ CURL *curl_easy_duphandle(CURL *incurl)
+ * get setup on-demand in the code, as that would probably decrease
+ * the likeliness of us forgetting to init a buffer here in the future.
+ */
++ outcurl->set.buffer_size = data->set.buffer_size;
++ outcurl->state.buffer = malloc(CURL_BUFSIZE(outcurl->set.buffer_size) + 1);
++ if(!outcurl->state.buffer)
++ goto fail;
++
+ outcurl->state.headerbuff = malloc(HEADERSIZE);
+ if(!outcurl->state.headerbuff)
+ goto fail;
+@@ -633,6 +638,7 @@ CURL *curl_easy_duphandle(CURL *incurl)
+ if(outcurl) {
+ curl_slist_free_all(outcurl->change.cookielist);
+ outcurl->change.cookielist = NULL;
++ Curl_safefree(outcurl->state.buffer);
+ Curl_safefree(outcurl->state.headerbuff);
+ Curl_safefree(outcurl->change.url);
+ Curl_safefree(outcurl->change.referer);
+diff --git a/lib/file.c b/lib/file.c
+index 038bf42..1ad4758 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -473,7 +473,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+ date. */
+ if(data->set.opt_no_body && data->set.include_header && fstated) {
+ CURLcode result;
+- snprintf(buf, sizeof(data->state.buffer),
++ snprintf(buf, CURL_BUFSIZE(data->set.buffer_size),
+ "Content-Length: %" FORMAT_OFF_T "\r\n", expected_size);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ if(result)
+diff --git a/lib/ftp.c b/lib/ftp.c
+index a9826ce..730b695 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2136,7 +2136,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
+ /* we have a time, reformat it */
+ time_t secs=time(NULL);
+ /* using the good old yacc/bison yuck */
+- snprintf(buf, sizeof(conn->data->state.buffer),
++ snprintf(buf, CURL_BUFSIZE(conn->data->set.buffer_size),
+ "%04d%02d%02d %02d:%02d:%02d GMT",
+ year, month, day, hour, minute, second);
+ /* now, convert this into a time() value: */
+@@ -2347,7 +2347,7 @@ static CURLcode ftp_state_size_resp(struct connectdata *conn,
+ if(instate == FTP_SIZE) {
+ #ifdef CURL_FTP_HTTPSTYLE_HEAD
+ if(-1 != filesize) {
+- snprintf(buf, sizeof(data->state.buffer),
++ snprintf(buf, CURL_BUFSIZE(data->set.buffer_size),
+ "Content-Length: %" FORMAT_OFF_T "\r\n", filesize);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ if(result)
+diff --git a/lib/http.c b/lib/http.c
+index 1487fb2..f4368c4 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -247,7 +247,8 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
+ pwd = conn->passwd;
+ }
+
+- snprintf(data->state.buffer, sizeof(data->state.buffer), "%s:%s", user, pwd);
++ snprintf(data->state.buffer, CURL_BUFSIZE(data->set.buffer_size),
++ "%s:%s", user, pwd);
+
+ error = Curl_base64_encode(data,
+ data->state.buffer, strlen(data->state.buffer),
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 77d8b7b..89452dd 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -1421,6 +1421,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
+
+ /* Keep on listening and act on events */
+ while(keepon) {
++ const size_t buf_size = CURL_BUFSIZE(data->set.buffer_size);
+ waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout);
+ switch(waitret) {
+ case WAIT_TIMEOUT:
+@@ -1455,7 +1456,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
+ if(!readfile_read)
+ break;
+
+- if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
++ if(!ReadFile(stdin_handle, buf, buf_size,
+ &readfile_read, NULL)) {
+ keepon = FALSE;
+ code = CURLE_READ_ERROR;
+@@ -1474,7 +1475,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
+
+ case WAIT_OBJECT_0 + 1:
+ {
+- if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
++ if(!ReadFile(stdin_handle, buf, buf_size,
+ &readfile_read, NULL)) {
+ keepon = FALSE;
+ code = CURLE_READ_ERROR;
+diff --git a/lib/url.c b/lib/url.c
+index 89958a7..32e7e2e 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -441,6 +441,7 @@ CURLcode Curl_close(struct SessionHandle *data)
+ }
+ data->change.url = NULL;
+
++ Curl_safefree(data->state.buffer);
+ Curl_safefree(data->state.headerbuff);
+
+ Curl_flush_cookies(data, 1);
+@@ -612,6 +613,12 @@ CURLcode Curl_open(struct SessionHandle **curl)
+
+ /* We do some initial setup here, all those fields that can't be just 0 */
+
++ data->state.buffer = malloc(BUFSIZE + 1);
++ if(!data->state.buffer) {
++ DEBUGF(fprintf(stderr, "Error: malloc of buffer failed\n"));
++ res = CURLE_OUT_OF_MEMORY;
++ }
++
+ data->state.headerbuff = malloc(HEADERSIZE);
+ if(!data->state.headerbuff) {
+ DEBUGF(fprintf(stderr, "Error: malloc of headerbuff failed\n"));
+@@ -642,8 +649,8 @@ CURLcode Curl_open(struct SessionHandle **curl)
+
+ if(res) {
+ Curl_resolver_cleanup(data->state.resolver);
+- if(data->state.headerbuff)
+- free(data->state.headerbuff);
++ free(data->state.buffer);
++ free(data->state.headerbuff);
+ Curl_freeset(data);
+ free(data);
+ data = NULL;
+@@ -1960,9 +1967,20 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+ */
+ data->set.buffer_size = va_arg(param, long);
+
+- if((data->set.buffer_size> (BUFSIZE -1 )) ||
+- (data->set.buffer_size < 1))
+- data->set.buffer_size = 0; /* huge internal default */
++ if(data->set.buffer_size > MAX_BUFSIZE)
++ data->set.buffer_size = MAX_BUFSIZE; /* huge internal default */
++ else if(data->set.buffer_size < 1)
++ data->set.buffer_size = BUFSIZE;
++
++ /* Resize only if larger than default buffer size. */
++ if(data->set.buffer_size > BUFSIZE) {
++ data->state.buffer = realloc(data->state.buffer,
++ data->set.buffer_size + 1);
++ if(!data->state.buffer) {
++ DEBUGF(fprintf(stderr, "Error: realloc of buffer failed\n"));
++ result = CURLE_OUT_OF_MEMORY;
++ }
++ }
+
+ break;
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index 7431825..a7807cf 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -196,6 +196,9 @@
+ /* Download buffer size, keep it fairly big for speed reasons */
+ #undef BUFSIZE
+ #define BUFSIZE CURL_MAX_WRITE_SIZE
++#undef MAX_BUFSIZE
++#define MAX_BUFSIZE CURL_MAX_READ_SIZE
++#define CURL_BUFSIZE(x) ((x)?(x):(BUFSIZE))
+
+ /* Initial size of the buffer to store headers in, it'll be enlarged in case
+ of need. */
+@@ -1174,7 +1177,7 @@ struct UrlState {
+ char *headerbuff; /* allocated buffer to store headers in */
+ size_t headersize; /* size of the allocation */
+
+- char buffer[BUFSIZE+1]; /* download buffer */
++ char *buffer; /* download buffer */
+ char uploadbuffer[BUFSIZE+1]; /* upload buffer */
+ curl_off_t current_speed; /* the ProgressShow() funcion sets this,
+ bytes / second */
+--
+2.14.3
+
+
+From f175a713c964d351012baaf8c78c1b468cc6aba0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 24 Apr 2017 15:33:57 +0200
+Subject: [PATCH 2/7] http: use private user:password output buffer
+
+Don't clobber the receive buffer.
+
+Upstream-commit: 94460878cc634b590a7282e3fe60ceafb62d141a
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http.c | 32 +++++++++++++++++++-------------
+ 1 file changed, 19 insertions(+), 13 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index f4368c4..12e7dc3 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -234,7 +234,8 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
+ char **userp;
+ const char *user;
+ const char *pwd;
+- CURLcode error;
++ CURLcode result;
++ char *out;
+
+ if(proxy) {
+ userp = &conn->allocptr.proxyuserpwd;
+@@ -247,27 +248,32 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
+ pwd = conn->passwd;
+ }
+
+- snprintf(data->state.buffer, CURL_BUFSIZE(data->set.buffer_size),
+- "%s:%s", user, pwd);
++ out = aprintf("%s:%s", user, pwd);
++ if(!out)
++ return CURLE_OUT_OF_MEMORY;
+
+- error = Curl_base64_encode(data,
+- data->state.buffer, strlen(data->state.buffer),
+- &authorization, &size);
+- if(error)
+- return error;
++ result = Curl_base64_encode(data, out, strlen(out), &authorization, &size);
++ if(result)
++ goto fail;
+
+- if(!authorization)
+- return CURLE_REMOTE_ACCESS_DENIED;
++ if(!authorization) {
++ result = CURLE_REMOTE_ACCESS_DENIED;
++ goto fail;
++ }
+
+ Curl_safefree(*userp);
+ *userp = aprintf("%sAuthorization: Basic %s\r\n",
+ proxy?"Proxy-":"",
+ authorization);
+ free(authorization);
+- if(!*userp)
+- return CURLE_OUT_OF_MEMORY;
++ if(!*userp) {
++ result = CURLE_OUT_OF_MEMORY;
++ goto fail;
++ }
+
+- return CURLE_OK;
++ fail:
++ free(out);
++ return result;
+ }
+
+ /* pickoneauth() selects the most favourable authentication method from the
+--
+2.14.3
+
+
+From 6ff175806c338223a2a9a69f6ae8ae2b91dc2b56 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 24 Apr 2017 16:05:46 +0200
+Subject: [PATCH 3/7] ftp: use private buffer for temp storage, not receive
+ buffer
+
+Upstream-commit: 349789e645a306a6ee467ef90a57f6cc306ca92e
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/ftp.c | 22 ++++++++++++----------
+ 1 file changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 730b695..10a21ce 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2130,17 +2130,17 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
+ /* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the
+ last .sss part is optional and means fractions of a second */
+ int year, month, day, hour, minute, second;
+- char *buf = data->state.buffer;
+- if(6 == sscanf(buf+4, "%04d%02d%02d%02d%02d%02d",
++ if(6 == sscanf(&data->state.buffer[4], "%04d%02d%02d%02d%02d%02d",
+ &year, &month, &day, &hour, &minute, &second)) {
+ /* we have a time, reformat it */
++ char timebuf[24];
+ time_t secs=time(NULL);
+- /* using the good old yacc/bison yuck */
+- snprintf(buf, CURL_BUFSIZE(conn->data->set.buffer_size),
++
++ snprintf(timebuf, sizeof(timebuf),
+ "%04d%02d%02d %02d:%02d:%02d GMT",
+ year, month, day, hour, minute, second);
+ /* now, convert this into a time() value: */
+- data->info.filetime = (long)curl_getdate(buf, &secs);
++ data->info.filetime = (long)curl_getdate(timebuf, &secs);
+ }
+
+ #ifdef CURL_FTP_HTTPSTYLE_HEAD
+@@ -2151,6 +2151,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
+ ftpc->file &&
+ data->set.get_filetime &&
+ (data->info.filetime>=0) ) {
++ char headerbuf[128];
+ time_t filetime = (time_t)data->info.filetime;
+ struct tm buffer;
+ const struct tm *tm = &buffer;
+@@ -2160,7 +2161,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
+ return result;
+
+ /* format: "Tue, 15 Nov 1994 12:45:26" */
+- snprintf(buf, BUFSIZE-1,
++ snprintf(headerbuf, sizeof(headerbuf),
+ "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+ Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+ tm->tm_mday,
+@@ -2169,7 +2170,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
+ tm->tm_hour,
+ tm->tm_min,
+ tm->tm_sec);
+- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
++ result = Curl_client_write(conn, CLIENTWRITE_BOTH, headerbuf, 0);
+ if(result)
+ return result;
+ } /* end of a ridiculous amount of conditionals */
+@@ -2347,9 +2348,10 @@ static CURLcode ftp_state_size_resp(struct connectdata *conn,
+ if(instate == FTP_SIZE) {
+ #ifdef CURL_FTP_HTTPSTYLE_HEAD
+ if(-1 != filesize) {
+- snprintf(buf, CURL_BUFSIZE(data->set.buffer_size),
++ char clbuf[128];
++ snprintf(clbuf, sizeof(clbuf),
+ "Content-Length: %" FORMAT_OFF_T "\r\n", filesize);
+- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
++ result = Curl_client_write(conn, CLIENTWRITE_BOTH, clbuf, 0);
+ if(result)
+ return result;
+ }
+@@ -2450,7 +2452,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct FTP *ftp = data->state.proto.ftp;
+- char *buf = data->state.buffer;
+
+ if((ftpcode == 150) || (ftpcode == 125)) {
+
+@@ -2494,6 +2495,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
+ *
+ * Example D above makes this parsing a little tricky */
+ char *bytes;
++ char *buf = data->state.buffer;
+ bytes=strstr(buf, " bytes");
+ if(bytes--) {
+ long in=(long)(bytes-buf);
+--
+2.14.3
+
+
+From b67324919089fc4f9bb7a38a6a31174883a4bc24 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2017 00:09:22 +0200
+Subject: [PATCH 4/7] CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
+
+The buffer is needed to receive FTP, HTTP CONNECT responses etc so
+already at this size things risk breaking and smaller is certainly not
+wise.
+
+Upstream-commit: c2ddc12d6086b522703c8b80a72ab791680f1a28
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/url.c | 15 +++++++++------
+ lib/urldata.h | 1 +
+ 2 files changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 32e7e2e..f87dca4 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -1965,15 +1965,17 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+ * The application kindly asks for a differently sized receive buffer.
+ * If it seems reasonable, we'll use it.
+ */
+- data->set.buffer_size = va_arg(param, long);
++ arg = va_arg(param, long);
+
+- if(data->set.buffer_size > MAX_BUFSIZE)
+- data->set.buffer_size = MAX_BUFSIZE; /* huge internal default */
+- else if(data->set.buffer_size < 1)
+- data->set.buffer_size = BUFSIZE;
++ if(arg > MAX_BUFSIZE)
++ arg = MAX_BUFSIZE; /* huge internal default */
++ else if(arg < 1)
++ arg = BUFSIZE;
++ else if(arg < MIN_BUFSIZE)
++ arg = BUFSIZE;
+
+ /* Resize only if larger than default buffer size. */
+- if(data->set.buffer_size > BUFSIZE) {
++ if(arg > BUFSIZE) {
+ data->state.buffer = realloc(data->state.buffer,
+ data->set.buffer_size + 1);
+ if(!data->state.buffer) {
+@@ -1981,6 +1983,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
++ data->set.buffer_size = arg;
+
+ break;
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index a7807cf..cd96e8f 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -198,6 +198,7 @@
+ #define BUFSIZE CURL_MAX_WRITE_SIZE
+ #undef MAX_BUFSIZE
+ #define MAX_BUFSIZE CURL_MAX_READ_SIZE
++#define MIN_BUFSIZE 1024
+ #define CURL_BUFSIZE(x) ((x)?(x):(BUFSIZE))
+
+ /* Initial size of the buffer to store headers in, it'll be enlarged in case
+--
+2.14.3
+
+
+From 9798012315c087168c5a4a1dc56eacfe82c69626 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2017 00:15:28 +0200
+Subject: [PATCH 5/7] file: use private buffer for C-L output
+
+... instead of clobbering the download buffer.
+
+Upstream-commit: 7c312f84ea930d89c0f0f774b50032c4f9ae30e4
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/file.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index 1ad4758..b6bf18e 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -473,9 +473,10 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+ date. */
+ if(data->set.opt_no_body && data->set.include_header && fstated) {
+ CURLcode result;
+- snprintf(buf, CURL_BUFSIZE(data->set.buffer_size),
++ char header[80];
++ snprintf(header, sizeof(header),
+ "Content-Length: %" FORMAT_OFF_T "\r\n", expected_size);
+- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
++ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+ if(result)
+ return result;
+
+@@ -493,7 +494,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+ return result;
+
+ /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
+- snprintf(buf, BUFSIZE-1,
++ snprintf(header, sizeof(header),
+ "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+ Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+ tm->tm_mday,
+--
+2.14.3
+
+
+From f4868e737e9f8d719cb9897506da2c7f92dfd87d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2017 00:16:10 +0200
+Subject: [PATCH 6/7] buffer_size: make sure it always has the correct size
+
+Removes the need for CURL_BUFSIZE
+
+Upstream-commit: f535f4f5fc6cbdce1aec5a3481cec37369dca468
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/easy.c | 2 +-
+ lib/telnet.c | 2 +-
+ lib/url.c | 2 ++
+ lib/urldata.h | 1 -
+ 4 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/easy.c b/lib/easy.c
+index 5d4d5ae..9cad5f1 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -564,7 +564,7 @@ CURL *curl_easy_duphandle(CURL *incurl)
+ * the likeliness of us forgetting to init a buffer here in the future.
+ */
+ outcurl->set.buffer_size = data->set.buffer_size;
+- outcurl->state.buffer = malloc(CURL_BUFSIZE(outcurl->set.buffer_size) + 1);
++ outcurl->state.buffer = malloc(outcurl->set.buffer_size + 1);
+ if(!outcurl->state.buffer)
+ goto fail;
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 89452dd..e43b423 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -1421,7 +1421,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
+
+ /* Keep on listening and act on events */
+ while(keepon) {
+- const size_t buf_size = CURL_BUFSIZE(data->set.buffer_size);
++ const size_t buf_size = (DWORD)data->set.buffer_size;
+ waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout);
+ switch(waitret) {
+ case WAIT_TIMEOUT:
+diff --git a/lib/url.c b/lib/url.c
+index f87dca4..81de7c2 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -577,6 +577,8 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
+ set->tcp_keepintvl = 60;
+ set->tcp_keepidle = 60;
+
++ set->buffer_size = BUFSIZE;
++
+ return res;
+ }
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index cd96e8f..fbe69c2 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -199,7 +199,6 @@
+ #undef MAX_BUFSIZE
+ #define MAX_BUFSIZE CURL_MAX_READ_SIZE
+ #define MIN_BUFSIZE 1024
+-#define CURL_BUFSIZE(x) ((x)?(x):(BUFSIZE))
+
+ /* Initial size of the buffer to store headers in, it'll be enlarged in case
+ of need. */
+--
+2.14.3
+
+
+From 9f3810bae5fad685e848a39750863557e17a0163 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 8 Mar 2018 10:33:16 +0100
+Subject: [PATCH 7/7] readwrite: make sure excess reads don't go beyond buffer
+ end
+
+CVE-2018-1000122
+Bug: https://curl.haxx.se/docs/adv_2018-b047.html
+
+Detected by OSS-fuzz
+
+Upstream-commit: d52dc4760f6d9ca1937eefa2093058a952465128
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/transfer.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index dff6838..7ad6e3c 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -738,10 +738,15 @@ static CURLcode readwrite_data(struct SessionHandle *data,
+
+ } /* if(! header and data to read ) */
+
+- if(conn->handler->readwrite &&
+- (excess > 0 && !conn->bits.stream_was_rewound)) {
++ if(conn->handler->readwrite && excess && !conn->bits.stream_was_rewound) {
+ /* Parse the excess data */
+ k->str += nread;
++
++ if(&k->str[excess] > &k->buf[data->set.buffer_size]) {
++ /* the excess amount was too excessive(!), make sure
++ it doesn't read out of buffer */
++ excess = &k->buf[data->set.buffer_size] - k->str;
++ }
+ nread = (ssize_t)excess;
+
+ result = conn->handler->readwrite(data, conn, &nread, &readmore);
+--
+2.14.3
+
diff --git a/SOURCES/0062-curl-7.29.0-CVE-2018-1000121.patch b/SOURCES/0062-curl-7.29.0-CVE-2018-1000121.patch
new file mode 100644
index 0000000..763b568
--- /dev/null
+++ b/SOURCES/0062-curl-7.29.0-CVE-2018-1000121.patch
@@ -0,0 +1,45 @@
+From 1d7bcc866591aba5788dc6c701ef8b564d09e329 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 6 Mar 2018 23:02:16 +0100
+Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL
+ before using
+
+CVE-2018-1000121
+Reported-by: Dario Weisser
+Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
+
+Upstream-commit: 9889db043393092e9d4b5a42720bba0b3d58deba
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/openldap.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/openldap.c b/lib/openldap.c
+index 369309c..d71946d 100644
+--- a/lib/openldap.c
++++ b/lib/openldap.c
+@@ -435,7 +435,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
+
+ for(ent = ldap_first_message(li->ld, result); ent;
+ ent = ldap_next_message(li->ld, ent)) {
+- struct berval bv, *bvals, **bvp = &bvals;
++ struct berval bv, *bvals;
+ int binary = 0, msgtype;
+
+ msgtype = ldap_msgtype(ent);
+@@ -481,9 +481,9 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
+ Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ data->req.bytecount += bv.bv_len + 5;
+
+- for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
+- rc == LDAP_SUCCESS;
+- rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
++ for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
++ (rc == LDAP_SUCCESS) && bvals;
++ rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
+ int i;
+
+ if(bv.bv_val == NULL) break;
+--
+2.14.3
+
diff --git a/SOURCES/0063-curl-7.29.0-CVE-2018-1000120.patch b/SOURCES/0063-curl-7.29.0-CVE-2018-1000120.patch
new file mode 100644
index 0000000..da3e4fe
--- /dev/null
+++ b/SOURCES/0063-curl-7.29.0-CVE-2018-1000120.patch
@@ -0,0 +1,446 @@
+From 5452fdc5ae93f3571074c591fdf28cdf630796a0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 12 Sep 2017 09:29:01 +0200
+Subject: [PATCH 1/3] FTP: URL decode path for dir listing in nocwd mode
+
+Reported-by: Zenju on github
+
+Test 244 added to verify
+Fixes #1974
+Closes #1976
+
+Upstream-commit: ecf21c551fa3426579463abe34b623111b8d487c
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/ftp.c | 93 +++++++++++++++++++++++---------------------------
+ tests/data/Makefile.am | 3 +-
+ tests/data/test244 | 54 +++++++++++++++++++++++++++++
+ 3 files changed, 99 insertions(+), 51 deletions(-)
+ create mode 100644 tests/data/test244
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index bcba6bb..fb3a716 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -1003,7 +1003,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
+ char *port_start = NULL;
+ char *port_sep = NULL;
+
+- addr = calloc(addrlen+1, 1);
++ addr = calloc(addrlen + 1, 1);
+ if(!addr)
+ return CURLE_OUT_OF_MEMORY;
+
+@@ -1041,7 +1041,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
+ /* parse the port */
+ if(ip_end != NULL) {
+ if((port_start = strchr(ip_end, ':')) != NULL) {
+- port_min = curlx_ultous(strtoul(port_start+1, NULL, 10));
++ port_min = curlx_ultous(strtoul(port_start + 1, NULL, 10));
+ if((port_sep = strchr(port_start, '-')) != NULL) {
+ port_max = curlx_ultous(strtoul(port_sep + 1, NULL, 10));
+ }
+@@ -1469,25 +1469,22 @@ static CURLcode ftp_state_post_listtype(struct connectdata *conn)
+ then just do LIST (in that case: nothing to do here)
+ */
+ char *cmd,*lstArg,*slashPos;
++ const char *inpath = data->state.path;
+
+ lstArg = NULL;
+ if((data->set.ftp_filemethod == FTPFILE_NOCWD) &&
+- data->state.path &&
+- data->state.path[0] &&
+- strchr(data->state.path,'/')) {
+-
+- lstArg = strdup(data->state.path);
+- if(!lstArg)
+- return CURLE_OUT_OF_MEMORY;
++ inpath && inpath[0] && strchr(inpath, '/')) {
++ size_t n = strlen(inpath);
+
+ /* Check if path does not end with /, as then we cut off the file part */
+- if(lstArg[strlen(lstArg) - 1] != '/') {
+-
++ if(inpath[n - 1] != '/') {
+ /* chop off the file part if format is dir/dir/file */
+- slashPos = strrchr(lstArg,'/');
+- if(slashPos)
+- *(slashPos+1) = '\0';
++ slashPos = strrchr(inpath, '/');
++ n = slashPos - inpath;
+ }
++ result = Curl_urldecode(data, inpath, n, &lstArg, NULL, FALSE);
++ if(result)
++ return result;
+ }
+
+ cmd = aprintf( "%s%s%s",
+@@ -3327,12 +3324,10 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
+ }
+
+ /* get the "raw" path */
+- path = curl_easy_unescape(data, path_to_use, 0, NULL);
+- if(!path) {
++ result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
++ if(result) {
+ /* out of memory, but we can limp along anyway (and should try to
+ * since we may already be in the out of memory cleanup path) */
+- if(!result)
+- result = CURLE_OUT_OF_MEMORY;
+ ftpc->ctl_valid = FALSE; /* mark control connection as bad */
+ conn->bits.close = TRUE; /* mark for connection closure */
+ ftpc->prevpath = NULL; /* no path remembering */
+@@ -3643,7 +3638,7 @@ static CURLcode ftp_range(struct connectdata *conn)
+ }
+ else {
+ /* X-Y */
+- data->req.maxdownload = (to-from)+1; /* include last byte */
++ data->req.maxdownload = (to - from) + 1; /* include last byte */
+ data->state.resume_from = from;
+ DEBUGF(infof(conn->data, "FTP RANGE from %" FORMAT_OFF_T
+ " getting %" FORMAT_OFF_T " bytes\n",
+@@ -4332,20 +4327,22 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
+ }
+ slash_pos=strrchr(cur_pos, '/');
+ if(slash_pos || !*cur_pos) {
++ CURLcode result;
+ ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0]));
+ if(!ftpc->dirs)
+ return CURLE_OUT_OF_MEMORY;
+
+- ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
+- slash_pos ?
+- curlx_sztosi(slash_pos-cur_pos) : 1,
+- NULL);
+- if(!ftpc->dirs[0]) {
++ result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
++ slash_pos ?
++ curlx_sztosi(slash_pos-cur_pos) : 1,
++ &ftpc->dirs[0], NULL,
++ FALSE);
++ if(result) {
+ freedirs(ftpc);
+- return CURLE_OUT_OF_MEMORY;
++ return result;
+ }
+ ftpc->dirdepth = 1; /* we consider it to be a single dir */
+- filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
++ filename = slash_pos ? slash_pos + 1 : cur_pos; /* rest is file name */
+ }
+ else
+ filename = cur_pos; /* this is a file name only */
+@@ -4377,18 +4374,15 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
+ /* we skip empty path components, like "x//y" since the FTP command
+ CWD requires a parameter and a non-existent parameter a) doesn't
+ work on many servers and b) has no effect on the others. */
+- int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir);
+- ftpc->dirs[ftpc->dirdepth] =
+- curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL);
+- if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
+- failf(data, "no memory");
+- freedirs(ftpc);
+- return CURLE_OUT_OF_MEMORY;
+- }
+- if(isBadFtpString(ftpc->dirs[ftpc->dirdepth])) {
++ size_t len = slash_pos - cur_pos + absolute_dir;
++ CURLcode result =
++ Curl_urldecode(conn->data, cur_pos - absolute_dir, len,
++ &ftpc->dirs[ftpc->dirdepth], NULL,
++ TRUE);
++ if(result) {
+ free(ftpc->dirs[ftpc->dirdepth]);
+ freedirs(ftpc);
+- return CURLE_URL_MALFORMAT;
++ return result;
+ }
+ }
+ else {
+@@ -4415,15 +4409,12 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
+ } /* switch */
+
+ if(filename && *filename) {
+- ftpc->file = curl_easy_unescape(conn->data, filename, 0, NULL);
+- if(NULL == ftpc->file) {
+- freedirs(ftpc);
+- failf(data, "no memory");
+- return CURLE_OUT_OF_MEMORY;
+- }
+- if(isBadFtpString(ftpc->file)) {
++ CURLcode result =
++ Curl_urldecode(conn->data, filename, 0, &ftpc->file, NULL, TRUE);
++
++ if(result) {
+ freedirs(ftpc);
+- return CURLE_URL_MALFORMAT;
++ return result;
+ }
+ }
+ else
+@@ -4441,15 +4432,17 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
+ if(ftpc->prevpath) {
+ /* prevpath is "raw" so we convert the input path before we compare the
+ strings */
+- int dlen;
+- char *path = curl_easy_unescape(conn->data, data->state.path, 0, &dlen);
+- if(!path) {
++ size_t dlen;
++ char *path;
++ CURLcode result =
++ Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
++ if(result) {
+ freedirs(ftpc);
+- return CURLE_OUT_OF_MEMORY;
++ return result;
+ }
+
+- dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0;
+- if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) &&
++ dlen -= ftpc->file?strlen(ftpc->file):0;
++ if((dlen == strlen(ftpc->prevpath)) &&
+ strnequal(path, ftpc->prevpath, dlen)) {
+ infof(data, "Request has same path as previous transfer\n");
+ ftpc->cwddone = TRUE;
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 56cb286..e7955ee 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -28,7 +28,8 @@ test200 test201 test202 test203 test204 test205 test206 test207 test208 \
+ test209 test210 test211 test212 test213 test214 test215 test216 test217 \
+ test218 test220 test221 test222 test223 test224 test225 test226 test227 \
+ test228 test229 test231 test233 test234 test235 test236 test237 test238 \
+-test239 test240 test241 test242 test243 test245 test246 test247 test248 \
++test239 test240 test241 test242 test243 \
++test244 test245 test246 test247 test248 \
+ test249 test250 test251 test252 test253 test254 test255 test256 test257 \
+ test258 test259 test260 test261 test262 test263 test264 test265 test266 \
+ test267 test268 test269 test270 test271 test272 test273 test274 test275 \
+diff --git a/tests/data/test244 b/tests/data/test244
+new file mode 100644
+index 0000000..8ce4b63
+--- /dev/null
++++ b/tests/data/test244
+@@ -0,0 +1,54 @@
++<testcase>
++<info>
++<keywords>
++FTP
++PASV
++CWD
++--ftp-method
++nocwd
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data mode="text">
++total 20
++drwxr-xr-x 8 98 98 512 Oct 22 13:06 .
++drwxr-xr-x 8 98 98 512 Oct 22 13:06 ..
++drwxr-xr-x 2 98 98 512 May 2 1996 .NeXT
++-r--r--r-- 1 0 1 35 Jul 16 1996 README
++lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin
++dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev
++drwxrwxrwx 2 98 98 512 May 29 16:04 download.html
++dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc
++drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub
++dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr
++</data>
++</reply>
++
++# Client-side
++<client>
++<server>
++ftp
++</server>
++ <name>
++FTP dir listing with nocwd and URL encoded path
++ </name>
++ <command>
++--ftp-method nocwd ftp://%HOSTIP:%FTPPORT/fir%23t/th%69rd/244/
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++USER anonymous
++PASS ftp@example.com
++PWD
++EPSV
++TYPE A
++LIST fir#t/third/244/
++QUIT
++</protocol>
++</verify>
++</testcase>
+--
+2.14.3
+
+
+From 295fc8b0dc5c94a1cbf6688bfba768128b13cde6 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 2 Nov 2016 07:22:27 +0100
+Subject: [PATCH 2/3] ftp_done: don't clobber the passed in error code
+
+Coverity CID 1374359 pointed out the unused result value.
+
+Upstream-commit: f81a8364618caf99b4691ffd494a9b2d4c9fb1f6
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/ftp.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 9da5a24..0259a14 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -3323,11 +3323,12 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
+ ftpc->known_filesize = -1;
+ }
+
+- /* get the "raw" path */
+- result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
++ if(!result)
++ /* get the "raw" path */
++ result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
+ if(result) {
+- /* out of memory, but we can limp along anyway (and should try to
+- * since we may already be in the out of memory cleanup path) */
++ /* We can limp along anyway (and should try to since we may already be in
++ * the error path) */
+ ftpc->ctl_valid = FALSE; /* mark control connection as bad */
+ conn->bits.close = TRUE; /* mark for connection closure */
+ ftpc->prevpath = NULL; /* no path remembering */
+--
+2.14.4
+
+
+From 9534442aae1da4e6cf2ce815e47dbcd82695c3d4 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 31 Jan 2018 08:40:11 +0100
+Subject: [PATCH 3/3] FTP: reject path components with control codes
+
+Refuse to operate when given path components featuring byte values lower
+than 32.
+
+Previously, inserting a %00 sequence early in the directory part when
+using the 'singlecwd' ftp method could make curl write a zero byte
+outside of the allocated buffer.
+
+Test case 340 verifies.
+
+CVE-2018-1000120
+Reported-by: Duy Phan Thanh
+Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
+
+Upstream-commit: 535432c0adb62fe167ec09621500470b6fa4eb0f
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/ftp.c | 8 ++++----
+ tests/data/Makefile.am | 1 +
+ tests/data/test340 | 40 ++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 45 insertions(+), 4 deletions(-)
+ create mode 100644 tests/data/test340
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index fb3a716..268efdd 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -1482,7 +1482,7 @@ static CURLcode ftp_state_post_listtype(struct connectdata *conn)
+ slashPos = strrchr(inpath, '/');
+ n = slashPos - inpath;
+ }
+- result = Curl_urldecode(data, inpath, n, &lstArg, NULL, FALSE);
++ result = Curl_urldecode(data, inpath, n, &lstArg, NULL, TRUE);
+ if(result)
+ return result;
+ }
+@@ -3325,7 +3325,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
+
+ if(!result)
+ /* get the "raw" path */
+- result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
++ result = Curl_urldecode(data, path_to_use, 0, &path, NULL, TRUE);
+ if(result) {
+ /* We can limp along anyway (and should try to since we may already be in
+ * the error path) */
+@@ -4337,7 +4337,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
+ slash_pos ?
+ curlx_sztosi(slash_pos-cur_pos) : 1,
+ &ftpc->dirs[0], NULL,
+- FALSE);
++ TRUE);
+ if(result) {
+ freedirs(ftpc);
+ return result;
+@@ -4436,7 +4436,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
+ size_t dlen;
+ char *path;
+ CURLcode result =
+- Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
++ Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, TRUE);
+ if(result) {
+ freedirs(ftpc);
+ return result;
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index e7955ee..910db5b 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -39,6 +39,7 @@ test294 test295 test296 test297 test298 test299 test300 test301 test302 \
+ test303 test304 test305 test306 test307 test308 test309 test310 test311 \
+ test312 test313 test317 test318 \
+ test320 test321 test322 test323 test324 test350 test351 \
++test340 \
+ test352 test353 test354 test400 test401 test402 test403 test404 test405 \
+ test406 test407 test408 test409 test500 test501 test502 test503 test504 \
+ test505 test506 test507 test508 test510 test511 test512 test513 test514 \
+diff --git a/tests/data/test340 b/tests/data/test340
+new file mode 100644
+index 0000000..d834d76
+--- /dev/null
++++ b/tests/data/test340
+@@ -0,0 +1,40 @@
++<testcase>
++<info>
++<keywords>
++FTP
++PASV
++CWD
++--ftp-method
++singlecwd
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++</reply>
++
++# Client-side
++<client>
++<server>
++ftp
++</server>
++ <name>
++FTP using %00 in path with singlecwd
++ </name>
++ <command>
++--ftp-method singlecwd ftp://%HOSTIP:%FTPPORT/%00first/second/third/340
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++USER anonymous
++PASS ftp@example.com
++PWD
++</protocol>
++<errorcode>
++3
++</errorcode>
++</verify>
++</testcase>
+--
+2.14.3
+
diff --git a/SOURCES/0064-curl-7.29.0-CVE-2018-1000301.patch b/SOURCES/0064-curl-7.29.0-CVE-2018-1000301.patch
new file mode 100644
index 0000000..9a06ee6
--- /dev/null
+++ b/SOURCES/0064-curl-7.29.0-CVE-2018-1000301.patch
@@ -0,0 +1,48 @@
+From 5815730864a2010872840bae24797983e892eb90 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 24 Mar 2018 23:47:41 +0100
+Subject: [PATCH 1/2] http: restore buffer pointer when bad response-line is
+ parsed
+
+... leaving the k->str could lead to buffer over-reads later on.
+
+CVE: CVE-2018-1000301
+Assisted-by: Max Dymond
+
+Detected by OSS-Fuzz.
+Bug: https://curl.haxx.se/docs/adv_2018-b138.html
+Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
+
+Upstream-commit: 8c7b3737d29ed5c0575bf592063de8a51450812d
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index 841f6cc..dc10f5f 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2789,6 +2789,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
+ {
+ CURLcode result;
+ struct SingleRequest *k = &data->req;
++ ssize_t onread = *nread;
++ char *ostr = k->str;
+
+ /* header line within buffer loop */
+ do {
+@@ -2853,7 +2855,9 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
+ else {
+ /* this was all we read so it's all a bad header */
+ k->badheader = HEADER_ALLBAD;
+- *nread = (ssize_t)rest_length;
++ *nread = onread;
++ k->str = ostr;
++ return CURLE_OK;
+ }
+ break;
+ }
+--
+2.14.3
+
diff --git a/SOURCES/0065-curl-7.29.0-tftp-speed-limit.patch b/SOURCES/0065-curl-7.29.0-tftp-speed-limit.patch
new file mode 100644
index 0000000..d1af5ec
--- /dev/null
+++ b/SOURCES/0065-curl-7.29.0-tftp-speed-limit.patch
@@ -0,0 +1,275 @@
+From 71e1317a4b44d9d81ec99c46038ada32c0e51bc9 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 22 Aug 2013 19:23:08 +0200
+Subject: [PATCH 1/2] tftpd: support "writedelay" within <servercmd>
+
+Upstream-commit: 06d1b10cbefaa7c54c73e09df746ae79b7f14e14
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/FILEFORMAT | 4 +++
+ tests/server/tftpd.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 84 insertions(+), 3 deletions(-)
+
+diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT
+index 702368f..4759668 100644
+--- a/tests/FILEFORMAT
++++ b/tests/FILEFORMAT
+@@ -137,6 +137,10 @@ rtp: part [num] channel [num] size [num]
+ connection-monitor When used, this will log [DISCONNECT] to the server.input
+ log when the connection is disconnected.
+
++
++For TFTP:
++writedelay: [secs] delay this amount between reply packets (each packet being
++ 512 bytes payload)
+ </servercmd>
+ </reply>
+
+diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c
+index 48950c5..e2ec628 100644
+--- a/tests/server/tftpd.c
++++ b/tests/server/tftpd.c
+@@ -107,8 +107,10 @@ struct testcase {
+ size_t bufsize; /* size of the data in buffer */
+ char *rptr; /* read pointer into the buffer */
+ size_t rcount; /* amount of data left to read of the file */
+- long num; /* test case number */
++ long testno; /* test case number */
+ int ofile; /* file descriptor for output file when uploading to us */
++
++ int writedelay; /* number of seconds between each packet */
+ };
+
+ struct formats {
+@@ -579,7 +581,7 @@ static ssize_t write_behind(struct testcase *test, int convert)
+
+ if(!test->ofile) {
+ char outfile[256];
+- snprintf(outfile, sizeof(outfile), "log/upload.%ld", test->num);
++ snprintf(outfile, sizeof(outfile), "log/upload.%ld", test->testno);
+ test->ofile=open(outfile, O_CREAT|O_RDWR, 0777);
+ if(test->ofile == -1) {
+ logmsg("Couldn't create and/or open file %s for upload!", outfile);
+@@ -1026,6 +1028,73 @@ again:
+ return 0;
+ }
+
++/* Based on the testno, parse the correct server commands. */
++static int parse_servercmd(struct testcase *req)
++{
++ FILE *stream;
++ char *filename;
++ int error;
++
++ filename = test2file(req->testno);
++
++ stream=fopen(filename, "rb");
++ if(!stream) {
++ error = errno;
++ logmsg("fopen() failed with error: %d %s", error, strerror(error));
++ logmsg(" [1] Error opening file: %s", filename);
++ logmsg(" Couldn't open test file %ld", req->testno);
++ return 1; /* done */
++ }
++ else {
++ char *orgcmd = NULL;
++ char *cmd = NULL;
++ size_t cmdsize = 0;
++ int num=0;
++
++ /* get the custom server control "commands" */
++ error = getpart(&orgcmd, &cmdsize, "reply", "servercmd", stream);
++ fclose(stream);
++ if(error) {
++ logmsg("getpart() failed with error: %d", error);
++ return 1; /* done */
++ }
++
++ cmd = orgcmd;
++ while(cmd && cmdsize) {
++ char *check;
++ if(1 == sscanf(cmd, "writedelay: %d", &num)) {
++ logmsg("instructed to delay %d secs between packets", num);
++ req->writedelay = num;
++ }
++ else {
++ logmsg("Unknown <servercmd> instruction found: %s", cmd);
++ }
++ /* try to deal with CRLF or just LF */
++ check = strchr(cmd, '\r');
++ if(!check)
++ check = strchr(cmd, '\n');
++
++ if(check) {
++ /* get to the letter following the newline */
++ while((*check == '\r') || (*check == '\n'))
++ check++;
++
++ if(!*check)
++ /* if we reached a zero, get out */
++ break;
++ cmd = check;
++ }
++ else
++ break;
++ }
++ if(orgcmd)
++ free(orgcmd);
++ }
++
++ return 0; /* OK! */
++}
++
++
+ /*
+ * Validate file access.
+ */
+@@ -1076,7 +1145,9 @@ static int validate_access(struct testcase *test,
+
+ logmsg("requested test number %ld part %ld", testno, partno);
+
+- test->num = testno;
++ test->testno = testno;
++
++ (void)parse_servercmd(test);
+
+ file = test2file(testno);
+
+@@ -1147,6 +1218,12 @@ static void sendtftp(struct testcase *test, struct formats *pf)
+ #ifdef HAVE_SIGSETJMP
+ (void) sigsetjmp(timeoutbuf, 1);
+ #endif
++ if(test->writedelay) {
++ logmsg("Pausing %d seconds before %d bytes", test->writedelay,
++ size);
++ wait_ms(1000*test->writedelay);
++ }
++
+ send_data:
+ if (swrite(peer, sdp, size + 4) != size + 4) {
+ logmsg("write");
+--
+2.14.4
+
+
+From fd692a86883109c1ab5b57b9b9ab19ae0ab15a1f Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 22 Aug 2013 22:40:38 +0200
+Subject: [PATCH 2/2] TFTP: make the CURLOPT_LOW_SPEED* options work
+
+... this also makes sure that the progess callback gets called more
+often during TFTP transfers.
+
+Added test 1238 to verify.
+
+Bug: http://curl.haxx.se/bug/view.cgi?id=1269
+Reported-by: Jo3
+
+Upstream-commit: 4bea91fc677359f3dcedb05a431258b6cd5d98f3
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/tftp.c | 10 ++++++++++
+ tests/data/Makefile.am | 2 +-
+ tests/data/test1238 | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 60 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test1238
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index ef740b8..79b4f41 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -56,6 +56,7 @@
+ #include "multiif.h"
+ #include "url.h"
+ #include "rawstr.h"
++#include "speedcheck.h"
+
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -1259,6 +1260,15 @@ static CURLcode tftp_doing(struct connectdata *conn, bool *dophase_done)
+ if(*dophase_done) {
+ DEBUGF(infof(conn->data, "DO phase is complete\n"));
+ }
++ else {
++ /* The multi code doesn't have this logic for the DOING state so we
++ provide it for TFTP since it may do the entire transfer in this
++ state. */
++ if(Curl_pgrsUpdate(conn))
++ result = CURLE_ABORTED_BY_CALLBACK;
++ else
++ result = Curl_speedcheck(conn->data, Curl_tvnow());
++ }
+ return result;
+ }
+
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 677564b..9d9b9ea 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -81,7 +81,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
+ test1126 test1127 test1128 test1129 test1130 test1131 test1132 test1133 \
+ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
+ test1208 test1209 test1210 test1211 test1213 test1214 test1216 test1218 \
+-test1220 test1221 test1222 test1223 test1233 test1236 \
++test1220 test1221 test1222 test1223 test1233 test1236 test1238 \
+ test1300 test1301 test1302 test1303 test1304 test1305 \
+ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
+diff --git a/tests/data/test1238 b/tests/data/test1238
+new file mode 100644
+index 0000000..1859339
+--- /dev/null
++++ b/tests/data/test1238
+@@ -0,0 +1,49 @@
++<testcase>
++<info>
++<keywords>
++TFTP
++TFTP RRQ
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++writedelay: 2
++</servercmd>
++# ~1200 bytes (so that they don't fit in two 512 byte chunks)
++<data nocheck="yes">
++012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++tftp
++</server>
++ <name>
++slow TFTP retrieve cancel due to -Y and -y
++ </name>
++# if less than 1000 bytes/sec within 2 seconds, abort!
++ <command>
++tftp://%HOSTIP:%TFTPPORT//1238 -Y1000 -y2
++</command>
++</client>
++
++#
++# Verify pseudo protocol after the test has been "shot"
++<verify>
++<protocol>
++opcode: 1
++filename: /1238
++mode: octet
++</protocol>
++# 28 = CURLE_OPERATION_TIMEDOUT
++<errorcode>
++28
++</errorcode>
++</verify>
++</testcase>
+--
+2.14.4
+
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index 8aa74bc..5bab6fa 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.29.0
-Release: 46%{?dist}
+Release: 51%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -175,6 +175,33 @@ Patch55: 0055-curl-7.29.0-CVE-2017-1000257.patch
# reset authentication state when HTTP transfer is done (#1511523)
Patch56: 0056-curl-7.29.0-0afbcfd8.patch
+# make NSS deallocate PKCS #11 objects early enough (#1510247)
+Patch57: 0057-curl-7.29.0-nss-obj-leak.patch
+
+# update certificates in the test-suite because they expire soon (#1572723)
+Patch58: 0058-curl-7.29.0-test-certs.patch
+
+# doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
+Patch59: 0059-curl-7.29.0-tlsauthtype-doc.patch
+
+# http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
+Patch60: 0060-curl-7.29.0-CVE-2018-1000007.patch
+
+# fix RTSP RTP buffer over-read (CVE-2018-1000122)
+Patch61: 0061-curl-7.29.0-CVE-2018-1000122.patch
+
+# fix LDAP NULL pointer dereference (CVE-2018-1000121)
+Patch62: 0062-curl-7.29.0-CVE-2018-1000121.patch
+
+# fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
+Patch63: 0063-curl-7.29.0-CVE-2018-1000120.patch
+
+# fix RTSP bad headers buffer over-read (CVE-2018-1000301)
+Patch64: 0064-curl-7.29.0-CVE-2018-1000301.patch
+
+# make curl --speed-limit work with TFTP (#1584750)
+Patch65: 0065-curl-7.29.0-tftp-speed-limit.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.29.0-multilib.patch
@@ -255,6 +282,9 @@ Summary: A library for getting files from web servers
Group: Development/Libraries
Requires: libssh2%{?_isa} >= %{libssh2_version}
+# require a new enough version of nss-pem to avoid regression in yum (#1610998)
+Requires: nss-pem%{?_isa} >= 1.0.3-5
+
%description -n libcurl
libcurl is a free and easy-to-use client-side URL transfer library, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
@@ -358,6 +388,15 @@ documentation of the library, too.
%patch54 -p1
%patch55 -p1
%patch56 -p1
+%patch57 -p1
+%patch58 -p1
+%patch59 -p1
+%patch60 -p1
+%patch61 -p1
+%patch62 -p1
+%patch63 -p1
+%patch64 -p1
+%patch65 -p1
# regenerate Makefile.in files
aclocal -I m4
@@ -473,6 +512,28 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Wed Aug 08 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-51
+- require a new enough version of nss-pem to avoid regression in yum (#1610998)
+
+* Thu Jun 07 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-50
+- remove dead code, detected by Coverity Analysis
+- remove unused variable, detected by GCC and Clang
+
+* Wed Jun 06 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-49
+- make curl --speed-limit work with TFTP (#1584750)
+
+* Wed May 30 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-48
+- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
+- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
+- fix LDAP NULL pointer dereference (CVE-2018-1000121)
+- fix RTSP RTP buffer over-read (CVE-2018-1000122)
+- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
+- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
+- update certificates in the test-suite because they expire soon (#1572723)
+
+* Fri Mar 02 2018 Kamil Dudka <kdudka@redhat.com> - 7.29.0-47
+- make NSS deallocate PKCS #11 objects early enough (#1510247)
+
* Mon Dec 11 2017 Kamil Dudka <kdudka@redhat.com> - 7.29.0-46
- reset authentication state when HTTP transfer is done (#1511523)