httpi 2.4.2 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b00e0eb6313b47ac5eb3be9f3330bac10a9321b7
-  data.tar.gz: b49e8aaba759e1384bae07bf825b17f511c809ec
+SHA256:
+  metadata.gz: 2c921690b77440f26fa4da9bac58ed74d16440e9df7d180be606e1c21460dfbb
+  data.tar.gz: d95e355e1925d7cb78622fc6188cc761eedec15e30ad9bd93b565937873d86c6
 SHA512:
-  metadata.gz: b3a31c1b2ac5ebbb82336104e64130f3f214462838175c7d966677c5e1cb03b77273d80b0282e9a1a032ea38b963215974a29777223c0da287d7755418b1b05a
-  data.tar.gz: 1c9baad44d8900f1bad06e9c991079300541476dded64e9bd44468a77552fc8d1143c6abe1d6e1ef42c11adf6427ed1d4241f02f9538fccb820e83b985bafc1a
+  metadata.gz: '09c5e6e4bf5242de2f9472123c94ca3f17a3fd60e816886cf7402d4d977d45e2cc8be98e3d6a4ac2c7d16b68af8cef58a016d4b1b4aa443bfca92bde6f7232ce'
+  data.tar.gz: ba7d999bc0d771365a4c647df38419f7ba2ee22f3d06c33dd660645aad999d7529d1ce8036b9d2d24994098fcdf2f415df2b533b4c68c5c1a483b0e25862629a

data/.github/workflows/development.yml

@@ -0,0 +1,48 @@
+name: Development
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    name: ${{matrix.ruby}} on ${{matrix.os}}
+    runs-on: ${{matrix.os}}-latest
+    continue-on-error: ${{matrix.experimental}}
+    
+    strategy:
+      matrix:
+        os:
+          - ubuntu
+        
+        ruby:
+          - "2.6"
+          - "2.7"
+          - "3.0"
+        
+        experimental: [false]
+        env: [""]
+        
+        include:
+          - os: ubuntu
+            ruby: truffleruby
+            experimental: true
+          - os: ubuntu
+            ruby: jruby
+            experimental: true
+          - os: ubuntu
+            ruby: head
+            experimental: true
+    
+    steps:
+    - uses: actions/checkout@v2
+    
+    - name: Install dependencies
+      run: sudo apt-get install libcurl4-openssl-dev
+    
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{matrix.ruby}}
+        bundler-cache: true
+    
+    - name: Run tests
+      timeout-minutes: 5
+      run: ${{matrix.env}} bundle exec rspec

data/CHANGELOG.md

@@ -1,3 +1,30 @@
+### 2.5.0 (2021-10-05)
+
+* Feature: [#214](https://github.com/savonrb/httpi/pull/214) Add SSL ciphers configuration
+* Improvement: [#227](https://github.com/savonrb/httpi/pull/227) Use GitHub Actions as CI. Require at least Ruby v2.3.
+
+### 2.4.5
+
+* Improvement: [#209](https://github.com/savonrb/httpi/pull/209) Drop Travis CI support for Ruby < 2.3.0 and jruby.
+* Feature: [#208](https://github.com/savonrb/httpi/pull/208) Add SSL min/max_version configuration for supporting adapters
+* Improvement: [#206](https://github.com/savonrb/httpi/pull/206) Support for net-http-persistent v3
+* Improvement: [#204](https://github.com/savonrb/httpi/pull/204) Avoid excon warning
+
+### 2.4.4
+
+* Improvement: [#197](https://github.com/savonrb/httpi/pull/197) Add support for new write timeout option to all adapters
+* Fix: [#196](https://github.com/savonrb/httpi/pull/196) Fix httpi adapters support for read/open timeout
+* Improvement: [Remove references to broken site](https://github.com/savonrb/httpi/commit/345e5e2b1a4376a7be769f67088a431895de09ad)
+* Fix: [#190](https://github.com/savonrb/httpi/pull/190) Don't convert port to string on Excon adapter
+
+### 2.4.3
+
+* Fix: [#171](https://github.com/savonrb/httpi/pull/171) bug with rubyntlm v0.6.0
+* Fix: [#181](https://github.com/savonrb/httpi/pull/181) excon and http adapters
+* Feature: [#183](https://github.com/savonrb/httpi/pull/183) Logging ssl information of a request
+* Fix: [#187](https://github.com/savonrb/httpi/pull/187) only require ntlm if ntlm auth was requested
+
+
 ### 2.4.2
 
 * Feature: [#165](https://github.com/savonrb/httpi/pull/165) Extended net_http adapter ssl options with cert_store and ca_path

data/Gemfile

@@ -3,15 +3,20 @@ gemspec
 
 gem 'jruby-openssl',                                       :platforms => :jruby
 
+gem 'public_suffix', '~> 4.0'
+
 # http clients
 gem 'httpclient',          '~> 2.3',    :require => false
-gem 'curb',                '~> 0.8',    :require => false, :platforms => :ruby
-gem 'em-http-request',                  :require => false, :platforms => [:ruby, :jruby]
+gem 'curb',                '~> 0.8',    :require => false, :platforms => [:ruby]
+gem 'em-http-request',                  :require => false, :platforms => [:ruby]
 gem 'em-synchrony',                     :require => false, :platforms => [:ruby, :jruby]
 gem 'excon',               '~> 0.21',   :require => false, :platforms => [:ruby, :jruby]
-gem 'net-http-persistent', '~> 2.8',    :require => false
+gem 'net-http-persistent', '~> 4.0',    :require => false
 gem 'http',                             :require => false
 
+# adapter extensions
+gem 'rack'
+gem 'socksify'
+
 # coverage
 gem 'simplecov',                        :require => false
-gem 'coveralls',                        :require => false

data/README.md

@@ -2,18 +2,14 @@
 
 A common interface for Ruby's HTTP libraries.
 
-[Documentation](http://httpirb.com) | [RDoc](http://rubydoc.info/gems/httpi) |
+[Documentation](https://www.rubydoc.info/gems/httpi) |
 [Mailing list](https://groups.google.com/forum/#!forum/httpirb)
 
-[![Build Status](https://secure.travis-ci.org/savonrb/httpi.png?branch=master)](http://travis-ci.org/savonrb/httpi)
-[![Gem Version](https://badge.fury.io/rb/httpi.png)](http://badge.fury.io/rb/httpi)
-[![Code Climate](https://codeclimate.com/github/savonrb/httpi.png)](https://codeclimate.com/github/savonrb/httpi)
-[![Coverage Status](https://coveralls.io/repos/savonrb/httpi/badge.png?branch=master)](https://coveralls.io/r/savonrb/httpi)
-
+[![Development](https://github.com/savonrb/httpi/actions/workflows/development.yml/badge.svg)](https://github.com/savonrb/httpi/actions/workflows/development.yml)
 
 ## Installation
 
-HTTPI is available through [Rubygems](http://rubygems.org/gems/httpi) and can be installed via:
+HTTPI is available through [Rubygems](https://rubygems.org/gems/httpi) and can be installed via:
 
 ```
 $ gem install httpi
@@ -28,7 +24,6 @@ gem 'httpi', '~> 2.1.0'
 
 ## Usage example
 
-
 ``` ruby
 require "httpi"
 
@@ -52,4 +47,4 @@ HTTPI.request(:custom, request)
 
 ## Documentation
 
-Continue reading at [httpirb.com](http://httpirb.com)
+Continue reading at https://www.rubydoc.info/gems/httpi

data/Rakefile

@@ -10,7 +10,9 @@ RSpec::Core::RakeTask.new "spec_integration" do |t|
   t.pattern = "spec/integration/*_spec.rb"
 end
 
-task :default => :spec
-
 desc "Run RSpec code and integration examples"
-task :ci => [:spec, :spec_integration]
+RSpec::Core::RakeTask.new "ci" do |t|
+  t.pattern = "spec/{httpi,integration}/**/*_spec.rb"
+end
+
+task :default => :spec

data/httpi.gemspec

@@ -11,19 +11,19 @@ Gem::Specification.new do |s|
   s.homepage    = "http://github.com/savonrb/#{s.name}"
   s.summary     = "Common interface for Ruby's HTTP libraries"
   s.description = s.summary
-  s.required_ruby_version = '>= 1.9.2'
 
-  s.rubyforge_project = s.name
+  s.required_ruby_version = '>= 2.3'
+
   s.license = 'MIT'
 
   s.add_dependency 'rack'
   s.add_dependency 'socksify'
 
   s.add_development_dependency 'rubyntlm', '~> 0.3.2'
-  s.add_development_dependency 'rake',     '~> 10.0'
-  s.add_development_dependency 'rspec',    '~> 2.14'
+  s.add_development_dependency 'rake',     '~> 13.0'
+  s.add_development_dependency 'rspec',    '~> 3.5'
   s.add_development_dependency 'mocha',    '~> 0.13'
-  s.add_development_dependency 'puma',     '~> 2.3.2'
+  s.add_development_dependency 'puma',     '~> 5.0'
   s.add_development_dependency 'webmock'
 
   s.files = `git ls-files`.split("\n")

data/lib/httpi/adapter/curb.rb

@@ -72,8 +72,9 @@ module HTTPI
       def basic_setup
         @client.url = @request.url.to_s
         @client.proxy_url = @request.proxy.to_s if @request.proxy
-        @client.timeout = @request.read_timeout if @request.read_timeout
-        @client.connect_timeout = @request.open_timeout if @request.open_timeout
+        read_or_write_timeout = @request.read_timeout || @request.write_timeout
+        @client.timeout_ms = read_or_write_timeout * 1000 if read_or_write_timeout
+        @client.connect_timeout_ms = @request.open_timeout * 1000 if @request.open_timeout
         @client.headers = @request.headers.to_hash
         @client.verbose = false
         # cURL workaround
@@ -115,6 +116,7 @@ module HTTPI
           @client.cert_key = ssl.cert_key_file
           @client.cert = ssl.cert_file
           @client.certpassword = ssl.cert_key_password
+          @client.set(:ssl_cipher_list, ssl.ciphers.join(':')) if ssl.ciphers
 
           @client.ssl_verify_peer = ssl.verify_mode == :peer
         end
@@ -127,6 +129,9 @@ module HTTPI
           when :SSLv23  then 2
           when :SSLv3   then 3
         end
+        if ssl.min_version || ssl.max_version
+          raise NotSupportedError, 'Curb adapter does not support #min_version or #max_version. Please, use #ssl_version instead.'
+        end
       end
 
       def respond_with(client)

data/lib/httpi/adapter/em_http.rb

@@ -69,10 +69,11 @@ module HTTPI
       end
 
       def connection_options
-        options = {
-          :connect_timeout    => @request.open_timeout,
-          :inactivity_timeout => @request.read_timeout
-        }
+        options = {}
+
+        read_or_write_timeout = @request.read_timeout || @request.write_timeout
+        options[:inactivity_timeout] = read_or_write_timeout if read_or_write_timeout
+        options[:connect_timeout] = @request.open_timeout if @request.open_timeout
 
         options[:proxy] = proxy_options if @request.proxy
 

data/lib/httpi/adapter/excon.rb

@@ -41,8 +41,9 @@ module HTTPI
 
         opts = {
           :host => url.host,
+          :hostname => url.hostname,
           :path => url.path,
-          :port => url.port.to_s,
+          :port => url.port,
           :query => url.query,
           :scheme => url.scheme,
           :headers => @request.headers,
@@ -58,6 +59,7 @@ module HTTPI
         opts[:user], opts[:password] = *@request.auth.credentials if @request.auth.basic?
         opts[:connect_timeout] = @request.open_timeout if @request.open_timeout
         opts[:read_timeout]    = @request.read_timeout if @request.read_timeout
+        opts[:write_timeout]   = @request.write_timeout if @request.write_timeout
         opts[:response_block]  = @request.on_body if @request.on_body
         opts[:proxy]           = @request.proxy if @request.proxy
 
@@ -71,13 +73,20 @@ module HTTPI
           opts[:ssl_verify_peer] = false
         end
 
+        opts[:ciphers] = ssl.ciphers if ssl.ciphers
         opts[:ssl_version] = ssl.ssl_version if ssl.ssl_version
+        opts[:ssl_min_version] = ssl.min_version if ssl.min_version
+        opts[:ssl_max_version] = ssl.max_version if ssl.max_version
 
         opts
       end
 
       def respond_with(response)
-        Response.new response.status, response.headers, response.body
+        headers = response.headers.dup
+        if (cookies = response.data[:cookies]) && !cookies.empty?
+          headers["Set-Cookie"] = cookies
+        end
+        Response.new response.status, headers, response.body
       end
 
     end

data/lib/httpi/adapter/http.rb

@@ -32,9 +32,13 @@ module HTTPI
         unless ::HTTP::Request::METHODS.include? method
           raise NotSupportedError, "http.rb does not support custom HTTP methods"
         end
-        response = @client.send(method, @request.url, :body => @request.body)
+        response = begin
+          @client.send(method, @request.url, :body => @request.body)
+        rescue OpenSSL::SSL::SSLError
+          raise SSLError
+        end
 
-        Response.new(response.code, response.headers, response.body.to_s)
+        Response.new(response.code, response.headers.to_h, response.body.to_s)
       end
 
       private
@@ -54,7 +58,10 @@ module HTTPI
           context.cert        = @request.auth.ssl.cert
           context.key         = @request.auth.ssl.cert_key
           context.ssl_version = @request.auth.ssl.ssl_version if @request.auth.ssl.ssl_version != nil
+          context.min_version = @request.auth.ssl.min_version if @request.auth.ssl.min_version != nil
+          context.max_version = @request.auth.ssl.max_version if @request.auth.ssl.max_version != nil
           context.verify_mode = @request.auth.ssl.openssl_verify_mode
+          context.ciphers     = @request.auth.ssl.ciphers if @request.auth.ssl.ciphers
 
           client = ::HTTP::Client.new(:ssl_context => context)
         else
@@ -69,6 +76,12 @@ module HTTPI
           client = client.via(@request.proxy.host, @request.proxy.port, @request.proxy.user, @request.proxy.password)
         end
 
+        timeouts = {}
+        timeouts[:connect] = @request.open_timeout if @request.open_timeout
+        timeouts[:read] = @request.read_timeout if @request.read_timeout
+        timeouts[:write] = @request.write_timeout if @request.write_timeout
+        client = client.timeout(timeouts) if timeouts.any?
+
         client.headers(@request.headers)
       end
     end

data/lib/httpi/adapter/httpclient.rb

@@ -45,6 +45,7 @@ module HTTPI
         @client.proxy = @request.proxy if @request.proxy
         @client.connect_timeout = @request.open_timeout if @request.open_timeout
         @client.receive_timeout = @request.read_timeout if @request.read_timeout
+        @client.send_timeout = @request.write_timeout if @request.write_timeout
       end
 
       def setup_auth
@@ -72,11 +73,15 @@ module HTTPI
           # Send client-side certificate regardless of state of SSL verify mode
           @client.ssl_config.client_cert = ssl.cert
           @client.ssl_config.client_key = ssl.cert_key
+          @client.ssl_config.ciphers = ssl.ciphers if ssl.ciphers
 
           @client.ssl_config.verify_mode = ssl.openssl_verify_mode
         end
 
         @client.ssl_config.ssl_version = ssl.ssl_version.to_s if ssl.ssl_version
+        if ssl.min_version || ssl.max_version
+          raise NotSupportedError, 'Httpclient adapter does not support #min_version or #max_version. Please, use #ssl_version instead'
+        end
       end
 
       def respond_with(response)

data/lib/httpi/adapter/net_http.rb

@@ -18,7 +18,7 @@ module HTTPI
 
       register :net_http, :deps => %w(net/https)
       def initialize(request)
-        check_net_ntlm_version!
+        check_net_ntlm_version! if request.auth.ntlm?
         @request = request
         @client = create_client
       end
@@ -55,11 +55,15 @@ module HTTPI
       end
 
       private
+      def ntlm_version
+        Net::NTLM::VERSION::STRING
+      end
+
       def check_net_ntlm_version!
         begin
           require 'net/ntlm'
-          require 'net/ntlm/version' unless Net::NTLM.const_defined?(:VERSION)
-          unless Net::NTLM::VERSION::STRING >= '0.3.2'
+          require 'net/ntlm/version' unless Net::NTLM.const_defined?(:VERSION, false)
+          unless ntlm_version >= '0.3.2'
             raise ArgumentError, 'Invalid version of rubyntlm. Please use v0.3.2+.'
           end
         rescue LoadError
@@ -151,6 +155,13 @@ module HTTPI
         @client.use_ssl = @request.ssl?
         @client.open_timeout = @request.open_timeout if @request.open_timeout
         @client.read_timeout = @request.read_timeout if @request.read_timeout
+        if @request.write_timeout
+          if @client.respond_to?(:write_timeout=) # Expected to appear in Ruby 2.6
+            @client.write_timeout = @request.write_timeout
+          else
+            raise NotSupportedError, "Net::HTTP supports write_timeout starting from Ruby 2.6"
+          end
+        end
       end
 
       def setup_ssl_auth
@@ -166,11 +177,14 @@ module HTTPI
           # Send client-side certificate regardless of state of SSL verify mode
           @client.key = ssl.cert_key
           @client.cert = ssl.cert
+          @client.ciphers = ssl.ciphers if ssl.ciphers
 
           @client.verify_mode = ssl.openssl_verify_mode
         end
 
         @client.ssl_version = ssl.ssl_version if ssl.ssl_version
+        @client.min_version = ssl.min_version if ssl.min_version
+        @client.max_version = ssl.max_version if ssl.max_version
       end
 
       def ssl_cert_store(ssl)

data/lib/httpi/adapter/net_http_persistent.rb

@@ -12,7 +12,11 @@ module HTTPI
       private
 
       def create_client
-        Net::HTTP::Persistent.new thread_key
+        if Gem::Version.new(Net::HTTP::Persistent::VERSION) >= Gem::Version.new('3.0.0')
+          Net::HTTP::Persistent.new name: thread_key
+        else
+          Net::HTTP::Persistent.new thread_key
+        end
       end
 
       def perform(http, http_request, &on_body)
@@ -32,12 +36,12 @@ module HTTPI
 
         @client.open_timeout = @request.open_timeout if @request.open_timeout
         @client.read_timeout = @request.read_timeout if @request.read_timeout
+        raise NotSupportedError, "Net::HTTP::Persistent does not support write_timeout" if @request.write_timeout
       end
 
       def thread_key
         @request.url.host.split(/\W/).reject{|p|p == ""}.join('-')
       end
-
     end
   end
 end

data/lib/httpi/auth/ssl.rb

@@ -10,11 +10,22 @@ module HTTPI
 
       VERIFY_MODES = [:none, :peer, :fail_if_no_peer_cert, :client_once]
       CERT_TYPES = [:pem, :der]
-      SSL_VERSIONS = OpenSSL::SSL::SSLContext::METHODS.reject { |method| method.match(/server|client/) }.sort.reverse
+
+      # Fix for
+      # httpi/auth/ssl.rb:13: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
+      ssl_context = OpenSSL::SSL::SSLContext
+      SSL_VERSIONS = if ssl_context.const_defined? :METHODS_MAP
+        ssl_context.const_get(:METHODS_MAP).keys
+      else
+        ssl_context::METHODS.reject { |method| method.match(/server|client/) }
+      end.sort.reverse
+
+      # Returns OpenSSL::SSL::*_VERSION values for min_version and max_version
+      MIN_MAX_VERSIONS = OpenSSL::SSL.constants.select{|constant| constant =~/_VERSION$/}.map{|version| version.to_s.gsub(/_VERSION$/,'').to_sym}.reverse
 
       # Returns whether SSL configuration is present.
       def present?
-        (verify_mode == :none) || (cert && cert_key) || ca_cert_file
+        (verify_mode == :none) || (cert && cert_key) || ca_cert_file || ciphers
       rescue TypeError, Errno::ENOENT
         false
       end
@@ -34,9 +45,27 @@ module HTTPI
       # Accessor for the ca_path to validate SSL certificates.
       attr_accessor :ca_cert_path
 
-      # ertificate store holds trusted CA certificates used to verify peer certificates.
+      # Certificate store holds trusted CA certificates used to verify peer certificates.
       attr_accessor :cert_store
 
+      # Accessor for the SSL ciphers list.
+      attr_reader :ciphers
+
+      # Sets the available symmetric algorithms for encryption and decryption.
+      # @see OpenSSL::SSL::SSLContext#ciphers
+      # @example
+      #   ssl.ciphers = "cipher1:cipher2:..."
+      #   ssl.ciphers = [name, ...]
+      #   ssl.ciphers = [[name, version, bits, alg_bits], ...]
+      def ciphers=(ciphers)
+        @ciphers =
+          if ciphers
+            context = OpenSSL::SSL::SSLContext.new
+            context.ciphers = ciphers
+            context.ciphers.map(&:first)
+          end
+      end
+
       # Returns the cert type to validate SSL certificates PEM|DER.
       def cert_type
         @cert_type ||= :pem
@@ -82,6 +111,36 @@ module HTTPI
         @ssl_version = version
       end
 
+      # Returns the SSL min_version number. Defaults to <tt>nil</tt> (auto-negotiate).
+      def min_version
+        @min_version ||= nil
+      end
+
+      # Sets the SSL min_version number. Expects one of <tt>HTTPI::Auth::SSL::MIN_MAX_VERSIONS</tt>.
+      def min_version=(version)
+        unless MIN_MAX_VERSIONS.include? version
+          raise ArgumentError, "Invalid SSL min_version #{version.inspect}\n" +
+                               "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
+        end
+
+        @min_version = version
+      end
+
+      # Returns the SSL min_version number. Defaults to <tt>nil</tt> (auto-negotiate).
+      def max_version
+        @max_version ||= nil
+      end
+
+      # Sets the SSL min_version number. Expects one of <tt>HTTPI::Auth::SSL::MIN_MAX_VERSIONS</tt>.
+      def max_version=(version)
+        unless MIN_MAX_VERSIONS.include? version
+          raise ArgumentError, "Invalid SSL max_version #{version.inspect}\n" +
+                               "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
+        end
+
+        @max_version = version
+      end
+
       # Returns an <tt>OpenSSL::X509::Certificate</tt> for the +cert_file+.
       def cert
         @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file)

data/lib/httpi/logger.rb

@@ -43,8 +43,13 @@ module HTTPI
     protected
 
     def log_request(method, request, adapter)
-      log("HTTPI #{method.to_s.upcase} request to #{request.url.host} (#{adapter})")
+      log("HTTPI #{request_ssl_info(request)} #{method.to_s.upcase} request to #{request.url.host} (#{adapter})")
     end
 
+    def request_ssl_info(request)
+      if request.auth && request.auth.ssl
+        "#{request.auth.ssl.ssl_version}/#{request.auth.ssl.verify_mode}"
+      end
+    end
   end
 end

data/lib/httpi/request.rb

@@ -11,7 +11,7 @@ module HTTPI
   class Request
 
     # Available attribute writers.
-    ATTRIBUTES = [:url, :proxy, :headers, :body, :open_timeout, :read_timeout, :follow_redirect, :redirect_limit, :query]
+    ATTRIBUTES = [:url, :proxy, :headers, :body, :open_timeout, :read_timeout, :write_timeout, :follow_redirect, :redirect_limit, :query]
 
     # Accepts a Hash of +args+ to mass assign attributes and authentication credentials.
     def initialize(args = {})
@@ -90,7 +90,7 @@ module HTTPI
       headers["Cookie"] = cookies if cookies
     end
 
-    attr_accessor :open_timeout, :read_timeout
+    attr_accessor :open_timeout, :read_timeout, :write_timeout
     attr_reader :body
 
     # Sets a body request given a String or a Hash.

data/lib/httpi/version.rb

@@ -1,3 +1,3 @@
 module HTTPI
-  VERSION = '2.4.2'
+  VERSION = '2.5.0'
 end

data/spec/fixtures/client_cert.pem

@@ -1,16 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIICbTCCAdYCCQDC4v8d04615DANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJE
-RTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzEOMAwGA1UEChMF
-aHR0cGkxFDASBgNVBAMTC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt
-cGxlQGV4YW1wbGUuY29tMB4XDTEwMTAxNTE4NTg0N1oXDTExMTAxNTE4NTg0N1ow
-ezELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1
-cmcxDjAMBgNVBAoTBWh0dHBpMRQwEgYDVQQDEwtleGFtcGxlLmNvbTEiMCAGCSqG
-SIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAvJiaojIFQAbFczXkBmjxpxra9LbQm0VIESFSl8uBSjmG/gmCBwKg
-8O94P3tAjDNClC+fEqBLE37KH4qe76yw7upgRruP5jQzUEL1yCaVtA/DoqgaCxZy
-7VhB2A3f71Zw6kQPt3BOME68fnGsTX65x9XAawCGzGmJSk/Z6wvml1MCAwEAATAN
-BgkqhkiG9w0BAQUFAAOBgQCxOyni9LOKf17vUKVG8Y4TBzRYwm8/hlEdVEU3JKG0
-/aCCwIJLHl+z+3L4r81IN3+YKrHilqx9K0emboJbBRQklYsv/AE+J44Bq3llRiro
-0e5zwH61jb1j+kxhcxoGiiy8R7hYho24ljuMgFGqtK3kZSP/t9tBLLVp+ItWQ6xX
-5g==
+MIIDVTCCAj2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQKDBhEZXZl
+bG9wbWVudC9DTj1sb2NhbGhvc3QwHhcNMTgwODEwMDAzMTQzWhcNMjgwODA3MDAz
+MTQzWjAjMSEwHwYDVQQKDBhEZXZlbG9wbWVudC9DTj1sb2NhbGhvc3QwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbU3vifU9omTx5T6ECuYnvryr4iWPP
+A4sXhduO8aD3IdA8zHlPtZnmh0liE30nAY00xKa4Eisxs9/UgUoHlEb5nCtYs6Od
+9pjiuyry2G5lBHIhLlVNTbReRKfjhr3ewUxcnQN0xiynjfsUMbzoVI1ZsGDWZ9gF
+4DHg3Accee3+/BNBDTWixYXh64D9YI1Tj/3fC1I2taUp32jdLXE9mbCByQlk5EZf
+BZUWx868FtwwzU3ymbq2uQQtTl5a0QHqLUwb0nkdewoRvaZJFkopI+1tgy0Hs+pY
+QM99vQWS7ViM5qbVYtPil/4VVWJbx/kQi/To4/Q8TxYbIRkoeJSOq9U3AgMBAAGj
+gZMwgZAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU4W1eb4Zc4NOpBe8UXcmIzLHB
+FFQwSwYDVR0jBEQwQoAU4W1eb4Zc4NOpBe8UXcmIzLHBFFShJ6QlMCMxITAfBgNV
+BAoMGERldmVsb3BtZW50L0NOPWxvY2FsaG9zdIIBATAUBgNVHREEDTALgglsb2Nh
+bGhvc3QwDQYJKoZIhvcNAQELBQADggEBAM7oYR6eVIascNLhgfJFboVernRl137Y
+7hyjBQTSleMame/VN1MwMscUYpen8rFu9lUviKe9fxV/7OqNR4vvZ83ttbb+CxJ7
+3mwoQHufjrGcxsWUKrmtJsXAGZpGJFw7ygnKDAfDPKWSKYeUuQ417AutPWSvhWqa
+LEohhNCeHJj/+3U2vj2g2rvy0AASeMff9IMz/lpPZ2bjJQjlITXXPvswB2/uZSRT
+KWEifqfo03/nTjhzN7dz2hXEeZHroCq6FZa1R6smYVM79TORFWiKfdKtjXI8wQQ2
+BhVJpWQB2yw9d/4Q7x2EPjJEPiVoRLW0vF8uxr++14nhVkSpYJCSNAw=
 -----END CERTIFICATE-----

data/spec/fixtures/client_key.pem

@@ -1,15 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC8mJqiMgVABsVzNeQGaPGnGtr0ttCbRUgRIVKXy4FKOYb+CYIH
-AqDw73g/e0CMM0KUL58SoEsTfsofip7vrLDu6mBGu4/mNDNQQvXIJpW0D8OiqBoL
-FnLtWEHYDd/vVnDqRA+3cE4wTrx+caxNfrnH1cBrAIbMaYlKT9nrC+aXUwIDAQAB
-AoGBAKjrGh1KJg+pwPInA5yGJGMil5h1obRgwmKtcPeKi7u6eOFSDMdQoGwMYKyj
-LTYlt21Yleat8XB9sHW9yAstpq5dU8Id2A4wfbJeaBYpek7u5+QwBENO4UrnulTk
-W0d+jECBVYECn8wCStxfoFcQQRhlGrsOn05379cD8e1odMOJAkEA3o/7CsgXqahG
-7L1HaWYtKnpFfTS+EQgdGvSahOolByAKTtMA2TUBU1FdlCk+ggWBGorqmWON5Qnm
-7UDHjOasZQJBANjuPOqa9ubqHccGwHec+72pQz6q5e8f1gf1XPn7EEuXsBzYiMMH
-qEa8zpfF0TmhQ0oWN75Cq709gfVVBfx/bVcCQHan1HN/Ef6FlKqKjxQGQXYwEfQa
-tmpmJP5GAktyeaM+1cAIhp9GvxooeveOtaCkRpxcC48ToIbHrLI4oyrfoHECQQC6
-bAHtmz6TMp5ka2j7Yez1EIC5WiQ/WxyTukgsi5V1YOX35B2jfPEf2SGxTE6BOBSb
-lnxRBPqRpkoIiwiZ9OgBAkBOWKBuHXmXM6wr+0p4KQ/DOeStZiBxUT8rYbX/i1BI
-/9Xo48KNerTx7qoDK+jIslDrilahvcwUz0fuVV7rHy/X
+MIIEpAIBAAKCAQEA21N74n1PaJk8eU+hArmJ768q+IljzwOLF4XbjvGg9yHQPMx5
+T7WZ5odJYhN9JwGNNMSmuBIrMbPf1IFKB5RG+ZwrWLOjnfaY4rsq8thuZQRyIS5V
+TU20XkSn44a93sFMXJ0DdMYsp437FDG86FSNWbBg1mfYBeAx4NwHHHnt/vwTQQ01
+osWF4euA/WCNU4/93wtSNrWlKd9o3S1xPZmwgckJZORGXwWVFsfOvBbcMM1N8pm6
+trkELU5eWtEB6i1MG9J5HXsKEb2mSRZKKSPtbYMtB7PqWEDPfb0Fku1YjOam1WLT
+4pf+FVViW8f5EIv06OP0PE8WGyEZKHiUjqvVNwIDAQABAoIBAQCbixNaxt/gIHyg
+0/YuRoMqdqIU7OrZz3t/TTEuqPItEc/qrmCCRRpGQT+rzIJ/fTw1ZhmOhWQYtaZR
+wPdNdLz5HOYo3A13Y4F9mpuU6iUwgvylx4Q7dJYsHKisVcymA5QyQjBHSpw0oB6m
+bbe5VO2B4/JpW+/6CsuU2rY4XciJgc+MDitqxgZOfMK8xcOiQ4EDa1OxL3TeZcYQ
+F5yUc39DhIDV03O/AFYnMZUMUQFNpSAyktms6YUL1JhwozcCaXB/da8TVRrLz1pl
+Cj3p2VgzHKa40NVCjXc2nvPCYRMF0yD0Jm9fRJPsCkVS3wtGgqQW+rwum1p/UPTr
+6x0MGd7RAoGBAPbxwBLiPyRnLy+9qgu2fS0JwXcG/6d6bhUrWS4hjzoggKyDz8Jg
+4KByXxnJVigZ8qlkynZKfb3FMuAPNxHxFhK5qPDNxV2UsdnR6RbDc9Sba8mBmzhl
+vvJSH7Nf7B0ws7sTzecXkh3BkaP5rhPycOxdLJs705p4RUALkDW7hn1NAoGBAONe
+dfmO49s2y1Ye2XrRCmGqfVa0n4pFmQajgputc4BPkf3XudtH365O0QEwt54Nw3dQ
+IvFzq/f0XVhkw4Coo38WZ4nTctbW/ZkVvKJnk2DJE1ubNJvw1wHzwz848BVT/b4Z
+VplqNDPvWmEmGFzrLeOwPZfDcglDxaCpjF7q0GqTAoGAcEOjUHJuxjvqpceR4NVL
+vwfqXhRecWMlXJZiaqhzFrfkB4m9D98+/3I/bdesRXrWaNAbgv+GfpmB8X65SHzT
+zht9hEvn6A1LdX0KfIDKzeMCc49qY49N6ZgQNVnsW7DiZLAyMVbz5Hc1oNhHnWXg
+lHQfbUsbfeQjh2Q6YVMpZxkCgYAmC2pGJciup46CjIrraAsKqJJsbbC8XETsvXNf
+RTisYaQWC4DH1lDxQ7LpNhOjWL46Oqh+KlK+HJ956PJlltI0s7UDdOQkWrj4YpC7
+xAT/DuY0T9YPuc7gPr+O1qIlj3ZH1smMxh6SChzfYJZ3BcsZ7CWCPWvZbQOmjHg2
+cagKDQKBgQCjuICU3aElEXyGwPCEazVakgcuAuiAAjECQrHrbSVPaTDu6Cumupkw
+50ypk/qJ3DegEumpufwLg37A9yFogkkHBI9Sw0PVjzXM0iWJsHceLTHWUgJBWcl3
+5Sl/AacXbUHz4NMqARNVrfR3DP33Z/YXJ4bpsVswEjD51jPwwluwyA==
 -----END RSA PRIVATE KEY-----