grenache-ruby-http 0.2.4 → 0.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 15a1cf8dee8aa1f8916d109f769bd1e41af5995e
-  data.tar.gz: b0d81fe6ed1d46a42ae162aa63dfa48b57e117fc
+  metadata.gz: 985cc37eaad45ea6c7b4b12edeea4b7d299b64b5
+  data.tar.gz: 41f9a1189694c9499326c7ddd9bce5f0d4168176
 SHA512:
-  metadata.gz: baf12653020538a93f54d3a905b537f1ad9696df04f260846d8b6feac55b71aba0feaabd16d1099801bad7a2bb6f31c0ae6f2990812905c833fe057fecac0ca1
-  data.tar.gz: ba8c325edac6783ca4cace5b74fc4b6460eb468f4a7391abd5a69cb7c0cff0a5362f14e7734d365bb5d319f2ff53774355cc8ab174888fb2896956fbd6ba16cc
+  metadata.gz: b424721eb0cb1467bb5586cdcaf73ac6ab64c7a6c77f53813d83603946892940d53bc7a85f5bc102aba7908b04a81541d7c38bd39cc5c6d44cd37bcf090637ec
+  data.tar.gz: 00ada15ed90502d9f43c0557ddffb1f91fe3e8034558ac2c5780c774a1cac1701e02458ec7327e9d9edd43f38dd835e4954fab8d062c7e288d9a7881a2635690

data/Gemfile

@@ -1,3 +1,4 @@
 source 'https://rubygems.org'
 
 gemspec
+

data/examples/worker_ssl.rb

@@ -4,6 +4,7 @@ Grenache::Http.configure do |conf|
    conf.grape_address = "http://127.0.0.1:40002/"
    conf.key = File.expand_path('.') + "/ssl/server-key.pem"
    conf.cert_pem = File.expand_path('.') + "/ssl/server-chain.pem"
+   conf.ca = File.expand_path('.') + "/ssl/ca-crt.pem"
    conf.service_host = "localhost"
 end
 
@@ -16,7 +17,7 @@ EM.run do
 
   c.listen('rpc_test', 5004) do |msg, fingerprint|
     #[StandardError.new("Error!"),"hello #{msg.payload}"]
-    puts fingerprint
+    puts "certificate fingerprint #{fingerprint}"
     [nil,"hello #{msg.payload}"]
   end
 

data/grenache-ruby-http.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency "eventmachine", "~> 1.2"
   spec.add_runtime_dependency "faye-websocket", "~> 0.10"
-  spec.add_runtime_dependency "grenache-ruby-base", "~> 0.2.3"
+  spec.add_runtime_dependency "grenache-ruby-base", "~> 0.2.7"
   spec.add_runtime_dependency "httparty", "~> 0.14.0"
   spec.add_runtime_dependency "oj", "~> 2.18"
   spec.add_runtime_dependency "thin", "~> 1.7"

data/lib/grenache/http/configurable.rb

@@ -0,0 +1,37 @@
+module Granache
+  class Http < Grenache::Base
+    class Configuration < Grenache::Configuration
+
+      # thin server
+      attr_accessor :thin_threaded, :thin_threadpool_size
+
+      def initialize
+        set_bool :thin_threaded, params, false
+        set_val :thin_threadpool_size, params, 0
+        super
+      end
+    end
+  end
+
+  module HttpConfigurable
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    def config
+      self.class.config
+    end
+
+    module ClassMethods
+      def configure
+        yield config
+      end
+
+      def config
+        @configuration ||= Grenache::Http::Configuration.new
+      end
+    end
+  end
+
+  include HttpConfigurable
+end

data/lib/grenache/http/http_server.rb

@@ -0,0 +1,22 @@
+module Thin
+  class Connection < EventMachine::Connection
+    def ssl_verify_peer cert
+      client = OpenSSL::X509::Certificate.new cert
+      store.verify client
+    end
+
+
+    private
+    def store
+       @store ||= OpenSSL::X509::Store.new.tap do |store|
+         root = OpenSSL::X509::Certificate.new ca_cert
+         store.add_cert root
+       end
+    end
+
+    def ca_cert
+      @ca_cert ||= File.read Grenache::Http.config.ca
+    end
+  end
+end
+

data/lib/grenache/http/version.rb

@@ -1,5 +1,5 @@
 module Grenache
   module HTTP
-    VERSION = "0.2.4"
+    VERSION = "0.2.7"
   end
 end

data/lib/grenache/http.rb

@@ -19,6 +19,12 @@ module Grenache
           [200,nil, ServiceMessage.new(payload, err, req.rid).to_json]
         }
         server = Thin::Server.new config.service_host, port, {signals: false}, app
+
+        if config.thin_threaded
+          server.threaded = true
+          server.threadpool_size = config.thin_threadpool_size
+        end
+
         if tls?
           server.ssl = true
           server.ssl_options = {

data/lib/grenache-ruby-http.rb

@@ -7,3 +7,5 @@ require 'thin'
 require 'grenache/http'
 require 'grenache/http/version'
 require 'grenache/http/http_client'
+require 'grenache/http/http_server'
+require 'grenache/http/configurable'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grenache-ruby-http
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.7
 platform: ruby
 authors:
 - Bitfinex <info@bitfinex.com>
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-12 00:00:00.000000000 Z
+date: 2017-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.3
+        version: 0.2.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.3
+        version: 0.2.7
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -124,20 +124,14 @@ files:
 - examples/ssl/server-csr.pem
 - examples/ssl/server-key.pem
 - examples/ssl/server.cnf
-- examples/ssl_R/cacert.pem
-- examples/ssl_R/clientkey.pem
-- examples/ssl_R/clientreq.pem
-- examples/ssl_R/openssl.cnf
-- examples/ssl_R/private/cakey.pem
-- examples/ssl_R/serial
-- examples/ssl_R/serverkey.pem
-- examples/ssl_R/serverreq.pem
 - examples/worker.rb
 - examples/worker_ssl.rb
 - grenache-ruby-http.gemspec
 - lib/grenache-ruby-http.rb
 - lib/grenache/http.rb
+- lib/grenache/http/configurable.rb
 - lib/grenache/http/http_client.rb
+- lib/grenache/http/http_server.rb
 - lib/grenache/http/version.rb
 homepage: https://github.com/bitfinexcom/grenache-ruby-http
 licenses:

data/examples/ssl_R/cacert.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIJAKt0CAfWcrP1MA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV
-BAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xGTAXBgNVBAoMEEJpdGZpbmV4IExpbWl0
-ZWQxETAPBgNVBAsMCFNlY3VyaXR5MRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMTcw
-NjA3MjEzNzUxWhcNMTgwNjA3MjEzNzUxWjBgMQswCQYDVQQGEwJVSzEPMA0GA1UE
-CAwGTG9uZG9uMRkwFwYDVQQKDBBCaXRmaW5leCBMaW1pdGVkMREwDwYDVQQLDAhT
-ZWN1cml0eTESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxmu3r6ZNyE5UHrvaZ5fMgkQa28xrZINyKq2hk+0YV3dWzaA2
-gDSUxI7LzwrWygfGOkankQhpRhnRBTxIYJV2xtmHOqz0A40vIRc0xhKcl7WnsfOP
-X0gnjsAQL9CJBJ0zw4zubtV7+qmZG/mNaIKmGzJioR393Yqq9objAfy9E5bZV00e
-fErJnpvAkyTFMouwDfTcwkVP8dDSJ0pgqQt5vC6+r+0GXpwgVirka6Dw0S+j/kF3
-oP4kRDTUQ8lvxihcqvzZd3Z3dnlHiYAWjWcyifCvzWc9iQb/L1D+vz7vW3W5EPlL
-ZzB7b+m7iNXSm1/C3R2AFNKVZFkESWyESZ0+2QIDAQABo1MwUTAdBgNVHQ4EFgQU
-TJaXwKzssSOTNyZGwPz1t9yafWowHwYDVR0jBBgwFoAUTJaXwKzssSOTNyZGwPz1
-t9yafWowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA9tUOBxN
-ZIl/KvezJgkYjcc1HUsj+E/XKph1kvuD/A8oxWZ165XikFyj3/S/Ja3zZigaX26+
-OcaT3xb0KTYoCKO6FRtFaVc8YFva0j5RebpchhZWkaKaxcG4b0g/cthMhSTUz56K
-hjXRBEZIw3QMbwwLTCHw/j2QI83z03jnLT+QmDq+r1yXH5fEYNXJ/CFLqBi0c5vY
-ai8BMD2mkfrBwn5L3ZmCgljpeQikeloXWSKL8ss9CMzk3CKlrDw5awIk9CrxbKY8
-jrJc3qCme0If7nhoKwSEI9HkkYQlFoUVPhONWmldQFBdgrE7YAhZVoGYGW6ov0MK
-X9fL4mCWwh4mIw==
------END CERTIFICATE-----

data/examples/ssl_R/clientkey.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDbP9kIJ4oEwGH0
-Dgy8chvLBl2o0WDYONOiJvQTT/W9xMZ52t0/+XL6P1y9S0BO46atk/k+6dRck3DU
-QZk9DMEtt+QZOHnHREqnJ7BLpwz6GBMcCTd7mrcjW8v+c7isS2EfHPtzDAGpN8hd
-Zltv1Yc0W1tR9FTgqA82P+LBQ0pM6e20KnHTHqB+q56baJErbHaDoO6bVeVS14pv
-qnfDX6TsXUBw6ewqpJVIf6tEvbGk8EGt9GW/vzxZGvDsLqOL8OtG3XLfqXH84HKq
-QfwmLtKYGv7fZ0hg+6dE/pdBLP+hz66TqwaVPmJdZHMdtPhaYnuKz9J1xA8WONjH
-8R3jREN/AgMBAAECggEBALtKX2vH2u8UKJkDJ34TPArC9V8w/Tm30ZHDFN0qgRIK
-9kFB5Z6wyLddSSurDNRXRBsjPNexh+dNTCUFpJGyQ5N6cy/YPq8qd1szXDZEDaHW
-zvw0I2FDWQ6rbCeBU1BbVCvv5hzxNLoJHPAscA+oqEbhg7EOtzLyXYxKJrpRcTch
-SJ6RcGzaap2s7G2wHrr0g0/zj1VJFKiNt/yucrMN6Omo2KNNmFEKZnIQtFGm5MDr
-kfoL/kI+Uxna5EqpFOYmape0XffqcrSAhzXUH5Vxfu3sq+n33h56dkSRdzY/3byN
-f2w+9zOSCmWB/P0oXvE+DQmjZFIAH/CaeviVrs66LYECgYEA+5WR/FgCsg/pwKPL
-uzozaveBbnaj53g09BNHW4X/IGahC2G6UA0mm9Rd/xe8FzFx4LeNFYeY6jOIDN/3
-aGxa+j6IOnqc7k1bPF2PUI0IzKCIoVSDRSYrxLUWXVXDH5BnwZXzndfN3OK++xNh
-sPD/UVvqlJR16ZPvKnXTlazqBqUCgYEA3xj9NcNYZ1XY3hCmgnwlXzntwKIh9bmz
-VuFek7WVEVP5zPcDcF6YbOwWYEtRZUxsOIzpJBwSB7OqwCwN0oCyCHQbnU32vHcr
-Yvk9SndXiQGKyNfqMc5YGB9YjUp+fT146wtVD7AnliA7hDB+BkCAqFsC4eN61zhq
-/Z3DgcD07FMCgYAQeOuVDSIoDHiun0rgmF/zef8kf2od5rX44SZD7NMWiQG0YBK1
-2RaVD2OUJzaughNFtl7rcPRnKTaYOTXWxXlzdxKuWYba53+4xRt0F7fixgQMJB9w
-MJ6fA4hSViIvd+IDP9EynYWiF8qPX+Z+klj1N8J1Nf8+auw26H4RB8BO7QKBgQC2
-IrCWM+T4eB2VLgLChJf+Jkzz92nCMtk3FMch0BzjCKvnqcIk+xV110htVRAeo0W2
-5VNxJ3mQ0B2WxmCCeo7eV+wzgHLvalsBcnmXUdclAx1K2vtXrh49k1m4ABlEJeuR
-+K55IFcxOR9dzDkW4ZIn4CV6RT0EeArhAuuaAu3yAQKBgQCj6VHPX4s5izR6D89J
-fhEJrEmxzighH0jvC1mDtYea/5SDI0nKb2KfPWyy69E1EOOgLvalG5+3H5UcBGx9
-Z0Y2D0BkKY1rdkTEC7HYLrreRis8HqtuQas92HQzVh6jDSdA0ZdMDARF6JrtEhA8
-ecYY8PuPaIPDzzeB6XHUUqTlAQ==
------END PRIVATE KEY-----

data/examples/ssl_R/clientreq.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIJAMI0yYskTydNMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
-BAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xGTAXBgNVBAoMEEJpdGZpbmV4IExpbWl0
-ZWQxFzAVBgNVBAsMDkluZnJhc3RydWN0dXJlMRIwEAYDVQQDDAkxMjcuMC4wLjEw
-HhcNMTcwNjA3MjEzOTM1WhcNMTgwNjA3MjEzOTM1WjBmMQswCQYDVQQGEwJVSzEP
-MA0GA1UECAwGTG9uZG9uMRkwFwYDVQQKDBBCaXRmaW5leCBMaW1pdGVkMRcwFQYD
-VQQLDA5JbmZyYXN0cnVjdHVyZTESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2z/ZCCeKBMBh9A4MvHIbywZdqNFg2DjT
-oib0E0/1vcTGedrdP/ly+j9cvUtATuOmrZP5PunUXJNw1EGZPQzBLbfkGTh5x0RK
-pyewS6cM+hgTHAk3e5q3I1vL/nO4rEthHxz7cwwBqTfIXWZbb9WHNFtbUfRU4KgP
-Nj/iwUNKTOnttCpx0x6gfquem2iRK2x2g6Dum1XlUteKb6p3w1+k7F1AcOnsKqSV
-SH+rRL2xpPBBrfRlv788WRrw7C6ji/DrRt1y36lx/OByqkH8Ji7SmBr+32dIYPun
-RP6XQSz/oc+uk6sGlT5iXWRzHbT4WmJ7is/SdcQPFjjYx/Ed40RDfwIDAQABo1Mw
-UTAdBgNVHQ4EFgQUDTUx+d9DTDhBPmbmrDsbnZDamLUwHwYDVR0jBBgwFoAUDTUx
-+d9DTDhBPmbmrDsbnZDamLUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
-AAOCAQEA1YFKHna73k6otketEGbOfP0dAN8SF9qJ1tEoRUFgbRd/a6b9Pgz9cVwZ
-7MfFnz77+HHomUTVLt7Euxly3Me8Y8dkftPRffoURykrH6GABkE2Q38bqBfKcFT2
-25Pu8C18un43hIRC2ti50/zdsoaXY/XxwcWMBvRt3zOE7JxV6iPXX9K2cLdfyMxR
-sYI5rCA3bEqQrv2kjEt42Slp861TrddgYvaM00iUrWW4QewBJI3ahPsfbzJgxdyl
-2DKbcoqFLtEi8VAv47xam3jMoVcpmvMsn7deQs8vKT58tfsKFE7DXUCm2BzBPy5Y
-iGksJFFkmiBcJ+zHOuilqXlOpqTecg==
------END CERTIFICATE-----

data/examples/ssl_R/openssl.cnf

@@ -1,346 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file		= $ENV::HOME/.oid
-oid_section		= new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions		= 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-# Policies used by the TSA examples.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= .		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several certs with same subject.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= usr_cert		# The extensions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions	= crl_ext
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= default		# use public key default MD
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
-# default: PrintableString, T61String, BMPString.
-# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings (PKIX recommendation after 2004).
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-string_mask = utf8only
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= World Wide Web Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-# SET-ex3			= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This is required for TSA certificates.
-# extendedKeyUsage = critical,timeStamping
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer
-
-basicConstraints = critical,CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-
-####################################################################
-[ tsa ]
-
-default_tsa = tsa_config1	# the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir		= /etc/ssl		# TSA root directory
-serial		= $dir/tsaserial	# The current serial number (mandatory)
-crypto_device	= builtin		# OpenSSL engine to use for signing
-signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
-					# (optional)
-certs		= $dir/cacert.pem	# Certificate chain to include in reply
-					# (optional)
-signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
-signer_digest  = sha256			# Signing digest to use. (Optional)
-default_policy	= tsa_policy1		# Policy if request did not specify it
-					# (optional)
-other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
-digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
-accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
-clock_precision_digits  = 0	# number of digits after dot. (optional)
-ordering		= yes	# Is ordering defined for timestamps?
-				# (optional, default: no)
-tsa_name		= yes	# Must the TSA name be included in the reply?
-				# (optional, default: no)
-ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
-				# (optional, default: no)

data/examples/ssl_R/private/cakey.pem

@@ -1,30 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI/9PYxW9nXMoCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLrgz9P2kXvGBIIEyMik2zIicpbu
-+RaCRPYH7u7Nv21eAB5xkBcRt8yvWPDkVA/6bgCVcfpDNVW7yIMszMyEHCtUSoKh
-XXhTeaTDk0E1ArASv8GWMtycd9kVl5MfEP1QqvP2HcXrYjkXPtQXLhah59vF3iBJ
-JO7278RzqYlOfmh4j9o+YE3Qt+4kdiNboDYc1RxREridi651N2M9Rzi2xtiwn6Hr
-CQfZ4MMaQhfp8QRuqGMv24ddWpi3eCySauV+pKuAWeaRTm0KPcng3pKuHwBO31OJ
-S81MZPojWdKspgsZkXO3RTfndKfB9+Oi5g9SV9KGlV96dRiJkadhXGLPU+8Vpfm6
-qMDExNPJ7cq70y8lYOEMiXeu8OWuMc8+CWnt5uHpJS9Ig7c9D6gwLAfufymBj6yN
-6C9UnzjXmnpZYBvU31uET2Y7qmf2x95wCJ3z72XsURsomf5KwyJKEPecV2o1GWrC
-vsupV41qVu9L9nhlWpmzL99XRxmmy8KE+Tm1LpncCseSIdVWcdZ7DOtLry3kn3a/
-J61c5/rFWbiKEzuTo+jIAKCVgkOKhy/7V16eOLuvgal6cmi02uKNFZRVhcfNdV99
-CZ5X12+Cz0p9w/632R9f0qM04clBE3JnT0JeiP3c6cDMCUP6DZtNxwaMIZ+bVPRp
-M4nBaxk3yE50oyMwvw/+L5KkZ/wAaswuJkFq2Cf6mXjWusr2Hq0Kaz1YAQ3WVaGL
-YSeuS8LilkJhLQTctvO0zv3tAa9mPnDg5M1bJTUHtnpezIWrwG1VId3Wg1ykUZPV
-cOk1nr5dJlLbEv86C2unAKCdUKITNKAqcxoRmfi/cUEJIzsWuoDRAxsZ0gcE8y8r
-izC3RvAazbBndo2EkIPtTrWHdh4ppilgSZ6ETT6rw8ik7fPB48NtnuAaM/G3xtD3
-B5M5T6W00iPJCPZqMe9LRhiu9VWnamHPQcSnNt/IWXh6C+rwO338o2cXd4uZJGWo
-tfRjOdLmKjzGVi57jcpKcHyZ+AbiEYE3gsa+6Qiebd2W2hW+VsQJKBfYEGlnW8da
-WNldU+eZtJFpUbBBBkv878isFXQyrP+22NmgUdU+PfUMKPc0DTDrKGmO3LOptv1k
-PFtquWON5dlmhrAFvNPl3BH0wVhHFRYm9616jkM27nGvqSnf2F3GQUX+eFwrpTmI
-N75O4mHEQDVU8JImHrWrjthFVJzkF76BsJA8jit4Oeg5MWlE/Lrvd3eLp+Pi4UIo
-K2P8Xa9SxFucqEyNkE9YYE2uuTiIwjOwKxE5vVs1iJokEPeH5IMbq0zfDiprFU1o
-evyKFiDdFHrpGA7wdQ1bHSMbb/YA2TZGnmailwOjBF+jeCh7RZPPhLEg6eviRgwJ
-8PU00u3+DNZ0HRrCnRU85MbgTiqfBNh1LUqxu6hbf0k4D2vKwKVOgeVEOam3sy7T
-nV7eUlIIaLKecoPsTUjg91p3JNQ+pNUZR6+9BW15D3d7ANnHp1Vrv2FetQNesHFi
-XLBJbXgjMxCCExpVHed0LGvrl/GBTYhpRD/G3FDP/QE7UmZgbRdJl9Py21TLoAKQ
-l+uZ/wEUy4VJAC6smgttK+7vWpSwzNzq6Zyqmlu9pC/y515NWLNUHDybXhOHnaKd
-OLx8SUhmBHuCQ/EnOM0CXA==
------END ENCRYPTED PRIVATE KEY-----

data/examples/ssl_R/serial

@@ -1 +0,0 @@
-01

data/examples/ssl_R/serverkey.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDarkxzkR3m+xeQ
-6UDuPdMk8H8gBhQ6r/HMheOvYKlyhcxWtdlyZcPTEqKcbmeygKTIuSBQpiEzfH0y
-opc+qdEwaXbQfUNkkfAPddXQPjQo+sw3V6XGHoB0GaiIZW/F09RVlVfWFgvyqUzB
-QiuhlJrhUdZCSx8o8OZU06tW3E4AOyeDZPkiIGPfV13FHH39MmpNDw8BP9+ezbGf
-FaZJ9byYkIH+vfEIgGSAqVs3NL2Fu3bE4RFCKL/Mq7xlbxHG4wUVTbKiztpZasx1
-CJ4K2OWa/QSvSAlXjfireRIBA/bSLKshyjCR+Kyg/pHEp4SVT+Tp/6EGGKypUQud
-4Ok/mAhZAgMBAAECggEALCDqKpQJLbhTvBll0e3F8vlZHfQ8Fs+0gqouFRDzgLnB
-T2oo9C3XA3wKNnkNEfdlyV+aRswPfR1NAm/PB4UrQpK1uELe26ebgvMrb3dt/SsH
-FM/qEv3KvCMFYGjf0lL50T9u1zPhu1kwtPsOZO/hBUEHdJ9GLXPXdxyzwbZ5QxBN
-UYrplS5gpKY3/xxYqJ+DoiAibMHbX+25Gmals0j9OEnEloe+DsaFWm8SW1ZS9k7Q
-pcFA29j9dYc2DNPJRUfqfr3Q+pCFwES1QyaoZouXRsXboHCkdsplfYTNMyyEdLGV
-qe2F+OYQJAD44P3YoOZqeQ2a75by0l5gF/hkzxEUUQKBgQD0Nc1JygKh1cUZytrJ
-RknZGCARHQPHhxGV4WXAhYshatjih8yBA51HDskURsie78RQBKZJ4xVg+uanrxv/
-QVH4Nrr2/sovwzduMRB4opyuS0ivE5qCg6y6PGxXk96SurEi6pxp+LQa3jQ3sdX7
-RED44KxJEg2Q6vS42ti9rlMf7QKBgQDlPPrAyIZUUd+aztTnMuhoSt6uqg+H9mtF
-kdQOEgaYwOkGa5LxfWnqpvcBsLRQ+twhJUbJrEaBohR0M28KrkV25VeaFlAxPXBL
-bwCJWEj047UjweJG8LSesvz1HjteYJMpEIm+f8sBQe1GT3hdYWoRdt3sKw8bfF4s
-MglV/VzEnQKBgQCQJeHTGGaNWD1LiC20eMTGXDMxZssAT33V1oHVLf597y+uJzJT
-ROrlMpkGWvG4vxZFlTkCjAPmhrL3b6k69jeIJ+YcPTDjGHvzkwqB6ppJVy7ECPI+
-77JZC6l32FScj45XadyBwMeuxFJWPaZs9lDTluqbBwjy7X0eUC93Zxqx0QKBgQDO
-QBhIXeLmeKebrJ5HyjjqpPpH4oCIzwBjHrrRUgyXYXIHscALANDMLB8vaSJDfgGS
-3OwcxaDGP+LxTdmJnZSoTd6Mp6jNNL8VT7EG4eT6WOoAWxBQzX9lDhukGuhFmNSu
-7M9SE769yehHC3d7ZQs+3Vj8hR1ZmINOdlKKCKRvzQKBgQDnfoNhMLgHMyzxe9QU
-yIbW0Iy/bZgHgogbiZUSrqccFzZqoJYYppDtf9r/4v/fv33N0LXlTHnmynqdEn2V
-9uq297R+Xx3JmdBIuHRhYfVWBjPZpS0AaWCg7TWy9IDRs7w0rNnWQIHZ31UXJ1FV
-IXGqWb8lkCJYf5SJ5wFH9FeKhg==
------END PRIVATE KEY-----

data/examples/ssl_R/serverreq.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIJAJ+xCVRfdiL2MA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV
-BAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xGTAXBgNVBAoMEEJpdGZpbmV4IExpbWl0
-ZWQxETAPBgNVBAsMCFNlY3VyaXR5MRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMTcw
-NjA3MjEzODUzWhcNMTgwNjA3MjEzODUzWjBgMQswCQYDVQQGEwJVSzEPMA0GA1UE
-CAwGTG9uZG9uMRkwFwYDVQQKDBBCaXRmaW5leCBMaW1pdGVkMREwDwYDVQQLDAhT
-ZWN1cml0eTESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA2q5Mc5Ed5vsXkOlA7j3TJPB/IAYUOq/xzIXjr2CpcoXMVrXZ
-cmXD0xKinG5nsoCkyLkgUKYhM3x9MqKXPqnRMGl20H1DZJHwD3XV0D40KPrMN1el
-xh6AdBmoiGVvxdPUVZVX1hYL8qlMwUIroZSa4VHWQksfKPDmVNOrVtxOADsng2T5
-IiBj31ddxRx9/TJqTQ8PAT/fns2xnxWmSfW8mJCB/r3xCIBkgKlbNzS9hbt2xOER
-Qii/zKu8ZW8RxuMFFU2yos7aWWrMdQieCtjlmv0Er0gJV434q3kSAQP20iyrIcow
-kfisoP6RxKeElU/k6f+hBhisqVELneDpP5gIWQIDAQABo1MwUTAdBgNVHQ4EFgQU
-ljiy80UAHCJU946wKXxtJAIL6eEwHwYDVR0jBBgwFoAUljiy80UAHCJU946wKXxt
-JAIL6eEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsOXXgYSI
-IDI+ZPErZJ2cb2unsgtd1xwFxd8KTx7ZRmVu+ElnJjMhRyaKOUw4EXhplbQoyK/1
-EKHqAGpl+uwddafFsx3qK0sMBRH/oSEz6RG5ONRCfISZ2jMSGKfg2AsdJIBD+Wko
-c5hHFVZk/xkeEri6tI04co9xfl1pJquAtbH0cQyDUISssdUJeC9jRTm8460fBkFg
-79bbxn+34swSCe/lVIcF6u4Tu7fiaUsUG2XSRyjsNRWrZe0nKmJ3QQsMHYwkua7p
-HEBJXLzamDdd+0wHyKckk+R7TXa0d2r83t6c7kNVbFwGWl1iljXvtbhnbddzlAzk
-Ts0eU2wgPtMQQw==
------END CERTIFICATE-----