logstash-mixin-rabbitmq_connection 5.0.0-java → 5.0.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 369b7b8885462316ac663ab74a818172be5717eb
-  data.tar.gz: 668e13d9c466042d75e471ec984c352f5dfe539e
+SHA256:
+  metadata.gz: 1880d5b299d491d5fb90b6ba5850494365fc9f1246e32725369f041da56fcd28
+  data.tar.gz: 3a7ee0f7182f50de4e2beabfac1bba2e316875cd43469e9c0e8db02526bd7f25
 SHA512:
-  metadata.gz: 5ab6a522eb401c004e1e13d7fd766e03ad2d32a2ac8b733e02cfc26c819a42a9c11603d3e7b04e5d409641f58b48ad0e2be19e98ae9f2d992ce3fe3b7783188c
-  data.tar.gz: 2ed7a7060b2d521ea6484665ca87d79fef6fae8a897381a7be1cd111295c151f8a240fc1ac6cf2f507276392d45b1962ed3335a6703b6d0ca712ab02652a9a16
+  metadata.gz: 93b69824965b0f6dee3fe1102f49053f0ad6948800cf24429c0ce9f517964d7fbff9995096963605e3505d0aab0022c019101e3b0449bbd2913e8bd641d307b8
+  data.tar.gz: db9767b055ccc12095c29a04b9fe820c5557848dafa051edb18fb7ae1fd6e46e0657e29bb7d087daf6bba5795f79b1a9e63a7b3159f1bb05729bb3cc5cdf7430

data/.travis.yml

@@ -2,17 +2,17 @@
 sudo: false
 language: ruby
 cache: bundler
-rvm:
-- jruby-1.7.25
-script:
-- bundle exec rspec spec
-jdk: oraclejdk8
 matrix:
   include:
-  - rvm: jruby-9.1.10.0
+  - rvm: jruby-9.1.13.0
     env: LOGSTASH_BRANCH=master
-  - rvm: jruby-9.1.10.0
+  - rvm: jruby-9.1.13.0
     env: LOGSTASH_BRANCH=6.x
-  - rvm: jruby-1.7.25
+  - rvm: jruby-9.1.13.0
+    env: LOGSTASH_BRANCH=6.0
+  - rvm: jruby-1.7.27
     env: LOGSTASH_BRANCH=5.6
-  fast_finish: true
+  fast_finish: true
+install: true
+script: ci/build.sh
+jdk: oraclejdk8

data/CHANGELOG.md

@@ -0,0 +1,44 @@
+## 5.0.1
+   - Relax constraint on march hare to allow 3.x [#44](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/issues/44)
+   - Validate validate :ssl_certificate_password as a password [#43](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/issues/43)
+## 5.0.0
+   - Mark deprecated options `debug`, `tls_certificate_path` and `tls_certificate_password` as obsolete
+## 4.3.0
+   - Bump march hare to 3.0.0
+## 4.2.2
+   - Bump march hare to 2.22.0 to properly convert LongString to String
+## 4.2.1
+   - Bump march_hare version to 2.20.0 to fix reconnection issues
+## 4.2.0
+   - Include URL of server when logging errors
+   - Add warning log when connection is severed
+## 4.1.3
+   - Bump march_hare version to 2.19.0 to fix reconnection failures with proxies. See [#76](https://github.com/logstash-plugins/logstash-input-rabbitmq/issues/76) for
+  more info
+## 4.1.2
+  - Retry the connection attempt if there is an IO Exception.
+## 4.1.1
+  - Remove internal Logstash deps that were not necessary
+## 4.1.0
+  - Fix SSL option to be boolean once again
+  - Add separate ssl_version parameter
+  - Mark verify_ssl parameter as obsolete since it never worked
+  - Better checks for SSL argument consistency
+## 2.4.0
+  - Add SSL/TLS Support
+  - Add support for "x-consistent-hash" and "x-modulus-hash" exchanges
+## 2.3.1
+  - use logstash-core-plugin-api as dependency instead of logstash-core directly
+## 2.3.0
+  - Bump march_mare version to 2.15.0 to fix perms issue internal to march hare gem (.jar not installed with o+r perms)
+## 2.2.0
+  - Rollback the changes in 2.1.0 . prefetch_count only belongs in the input plugin
+## 2.1.0
+  - Add prefetch_count config option
+## 2.0.3
+  - Add heartbeat setting
+  - Add connect_timeout setting
+## 2.0.0
+  - Make LS2 compatible
+## 1.0.1
+  - Initial Release

data/Gemfile

@@ -2,3 +2,11 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in logstash-mass_effect.gemspec
 gemspec
+
+logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
+use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
+
+if Dir.exist?(logstash_path) && use_logstash_source
+  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
+  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
+end

data/ci/build.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# version: 1
+########################################################
+#
+# AUTOMATICALLY GENERATED! DO NOT EDIT
+#
+########################################################
+set -e
+
+echo "Starting build process in: `pwd`"
+source ./ci/setup.sh
+
+if [[ -f "ci/run.sh" ]]; then
+    echo "Running custom build script in: `pwd`/ci/run.sh"
+    source ./ci/run.sh
+else
+    echo "Running default build scripts in: `pwd`/ci/build.sh"
+    bundle install
+    bundle exec rake vendor
+    bundle exec rspec spec
+fi

data/ci/setup.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# version: 1
+########################################################
+#
+# AUTOMATICALLY GENERATED! DO NOT EDIT
+#
+########################################################
+set -e
+if [ "$LOGSTASH_BRANCH" ]; then
+    echo "Building plugin using Logstash source"
+    BASE_DIR=`pwd`
+    echo "Checking out branch: $LOGSTASH_BRANCH"
+    git clone -b $LOGSTASH_BRANCH https://github.com/elastic/logstash.git ../../logstash --depth 1
+    printf "Checked out Logstash revision: %s\n" "$(git -C ../../logstash rev-parse HEAD)"
+    cd ../../logstash
+    echo "Building plugins with Logstash version:"
+    cat versions.yml
+    echo "---"
+    # We need to build the jars for that specific version
+    echo "Running gradle assemble in: `pwd`"
+    ./gradlew assemble
+    cd $BASE_DIR
+    export LOGSTASH_SOURCE=1
+else
+    echo "Building plugin using released gems on rubygems"
+fi

data/lib/logstash/plugin_mixins/rabbitmq_connection.rb

@@ -62,7 +62,7 @@ module LogStash
         config :ssl_certificate_path, :validate => :path
 
         # Password for the encrypted PKCS12 (.p12) certificate file specified in ssl_certificate_path
-        config :ssl_certificate_password, :validate => :string
+        config :ssl_certificate_password, :validate => :password
 
         config :debug, :validate => :boolean, :obsolete => "Use the logstash --debug flag for this instead."
 
@@ -121,7 +121,7 @@ module LogStash
           s[:tls] = @ssl_version
 
           cert_path = @ssl_certificate_path
-          cert_pass = @ssl_certificate_password
+          cert_pass = @ssl_certificate_password.value
 
           if !!cert_path ^ !!cert_pass
             raise LogStash::ConfigurationError, "RabbitMQ requires both ssl_certificate_path AND ssl_certificate_password to be set!"

data/logstash-mixin-rabbitmq_connection.gemspec

@@ -1,7 +1,7 @@
 
 Gem::Specification.new do |s|
   s.name            = 'logstash-mixin-rabbitmq_connection'
-  s.version         = '5.0.0'
+  s.version         = '5.0.1'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Common functionality for RabbitMQ plugins"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.test_files = s.files.grep(%r{^(test|spec|features)/})
 
   s.platform = RUBY_PLATFORM
-  s.add_runtime_dependency 'march_hare', ['~> 3.0.0'] #(MIT license)
+  s.add_runtime_dependency 'march_hare', ['~> 3.0'] #(MIT license)
   s.add_runtime_dependency 'stud', '~> 0.0.22'
 
   s.add_development_dependency 'logstash-devutils'

data/spec/fixtures/README.md

@@ -0,0 +1,150 @@
+# TLS Testing notes
+
+Currently all TLS integration style testing is manual. This fixture may be used to help test. 
+
+* client - has the key store with client public/private key and the server public key
+* server - has the key store with server public/private key and the client public key
+* client_untrusted - has a keystore with public/private key that is self signed
+
+logstash config
+---------
+```
+input {
+  rabbitmq {
+    host => "localhost"
+    port => 5671
+    queue => "hello"
+    codec => plain
+    ssl => true
+    ssl_certificate_path => "/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/client/keycert.p12"
+    ssl_certificate_password => "MySecretPassword"
+  }
+}
+
+output{ stdout { codec => rubydebug } }
+```
+
+rabbit mq install
+--------
+(mac) 
+
+```
+brew install rabbitmq
+export PATH=$PATH:/usr/local/sbin
+vim /usr/local/etc/rabbitmq/rabbitmq.config
+
+```
+```
+[
+  {rabbit, [
+     {ssl_listeners, [5671]},
+     {ssl_options, [{cacertfile,"/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/testca/cacert.pem"},
+                    {certfile,"/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/server/cert.pem"},
+                    {keyfile,"/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/server/key.pem"},
+                    {verify,verify_peer},
+                    {fail_if_no_peer_cert,false}]}
+   ]}
+].
+```
+```
+export PATH=$PATH:/usr/local/sbin
+rabbitmq-server
+tail -f /usr/local/var/log/rabbitmq/rabbit@localhost.log
+```
+
+sending a test message with ruby
+----------
+https://www.rabbitmq.com/tutorials/tutorial-one-ruby.html
+
+```
+gem install bunny --version ">= 2.6.4"
+```
+Create a file called send.rb
+```
+#!/usr/bin/env ruby
+# encoding: utf-8
+
+require "bunny"
+
+conn = Bunny.new(:automatically_recover => false)
+conn.start
+
+ch   = conn.create_channel
+q    = ch.queue("hello")
+
+ch.default_exchange.publish("Test message", :routing_key => q.name)
+puts "Message sent'"
+
+conn.close
+```
+Send the message with Logstash running as the consumer
+``` 
+ruby send.rb 
+```
+
+password for all files
+--------
+MySecretPassword
+
+start from testca dir
+---------
+```
+cd testca
+```
+
+client
+-------
+```
+openssl genrsa -out ../client/key.pem 2048
+openssl req -config openssl.cnf  -key ../client/key.pem  -new -sha256 -out ../client/req.pem
+# for hostname use localhost, O=client
+openssl ca -config openssl.cnf  -in ../client/req.pem -out ../client/cert.pem
+openssl x509 -in ../client/cert.pem -text -noout
+openssl pkcs12 -export -out ../client/keycert.p12 -inkey ../client/key.pem -in ../client/cert.pem
+```
+
+server
+-------
+```
+openssl genrsa -out ../server/key.pem 2048
+openssl req -config openssl.cnf  -key ../server/key.pem  -new -sha256 -out ../server/req.pem
+# for hostname use localhost, O=server
+openssl ca -config openssl.cnf  -in ../server/req.pem -out ../server/cert.pem
+openssl x509 -in ../server/cert.pem -text -noout
+openssl pkcs12 -export -out ../server/keycert.p12 -inkey ../server/key.pem -in ../server/cert.pem
+```
+
+establish trust
+----------
+```
+cd server
+keytool -import -file ../client/cert.pem  -alias client_cert -keystore keycert.p12
+cd client
+keytool -import -file ../server/cert.pem  -alias server_cert -keystore keycert.p12
+```
+
+reading
+-----------
+```
+openssl x509 -in cert.pem -text -noout
+keytool -list -v -keystore keycert.p12
+```
+
+self signed cert (untrusted)
+-------
+ ```
+openssl req -x509  -batch -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/CN=localhost, O=client" -days 10000
+openssl pkcs12 -export -out keycert.p12 -inkey key.pem -in cert.pem
+
+```
+
+Issue [44](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/issues/44) validation
+---------
+configure Logstash to the untrusted cert :`ssl_certificate_path => "/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/client_untrusted/keycert.p12"`
+
+This _SHOULD_ fail an error like the following:
+```
+Using TLS/SSL version TLSv1.2
+[2017-12-19T12:47:12,891][ERROR][logstash.inputs.rabbitmq ] RabbitMQ connection error, will retry. {:error_message=>"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>"Java::JavaxNetSsl::SSLHandshakeException"}
+```
+There should _NOT_ be any warnings about a NullTrustManager or disabling verification, and you should _NOT_ be able to send messages.

data/spec/fixtures/client/cert.pem

@@ -1,18 +1,69 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=MyTestCA
+        Validity
+            Not Before: Dec 18 23:38:39 2017 GMT
+            Not After : May  5 23:38:39 2045 GMT
+        Subject: CN=localhost, O=client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:58:26:53:85:b2:d2:25:6e:b8:bd:09:2a:b3:
+                    e7:c5:bb:05:bc:5e:57:41:1b:d5:9a:90:0a:55:4a:
+                    b9:2f:c0:f7:d0:73:aa:fe:ed:8c:a4:8a:62:42:db:
+                    e2:7b:5b:17:66:a7:2a:6a:a8:6a:59:fc:ac:8e:bb:
+                    4c:ca:68:3f:50:73:e6:01:dd:f0:63:8a:c4:da:b6:
+                    46:16:e8:fe:dd:14:f5:d8:71:06:4f:06:6c:55:c9:
+                    41:63:04:ab:4c:5d:35:aa:4d:d5:27:dd:0d:9e:be:
+                    47:6c:06:56:9c:0a:48:23:ce:c3:4e:9d:e2:bc:3f:
+                    78:8f:ec:24:73:97:8f:94:97:38:e4:4e:75:eb:aa:
+                    14:9f:6e:3c:8e:1f:0a:bf:37:9f:65:f7:2a:48:9e:
+                    c1:f4:31:a6:b2:19:73:62:4d:b9:9f:4d:bd:2a:cb:
+                    c6:c5:55:75:b6:63:f8:56:c8:4c:9d:98:b5:3a:e5:
+                    16:96:09:cc:53:ca:3e:82:fb:e4:b4:ff:1b:aa:d3:
+                    6c:01:1f:00:31:da:81:2e:82:7e:d8:a5:a1:bd:5d:
+                    85:f7:22:01:fb:77:46:9b:23:0a:a1:b4:e1:66:b7:
+                    ff:c9:9b:f6:be:0d:1a:39:d1:2e:1c:40:4c:a9:e5:
+                    25:05:9c:57:99:95:f4:0c:67:1e:b0:cb:d3:4a:b0:
+                    2c:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         27:c6:56:63:d5:18:c2:32:e7:c2:7c:45:2d:15:02:48:a7:eb:
+         8a:fc:a2:70:65:e1:ce:2f:f2:fa:78:3c:e0:5f:f8:69:1f:a6:
+         f1:cd:d7:32:f7:46:60:74:bf:18:71:81:f4:42:d8:90:a1:4b:
+         83:07:b0:dc:c9:33:84:a4:e9:e4:84:e9:9a:02:c2:78:86:bd:
+         b9:9e:30:63:d6:97:f3:8b:cc:0f:d5:81:dc:05:8c:01:7a:30:
+         53:ab:2a:3c:23:b5:a4:16:dc:1b:a0:35:47:b5:2d:b5:6d:d8:
+         a1:c8:98:7f:77:a9:00:3e:9e:44:c7:75:d8:91:15:56:7b:c4:
+         a4:7c:0d:73:3b:a6:9a:55:59:c2:d7:f4:71:0d:1e:46:0e:da:
+         01:9f:15:d8:02:6b:e6:85:23:64:1c:c5:da:b3:4e:18:23:33:
+         79:80:c9:1c:cc:35:fd:0f:37:8d:12:40:6c:5d:a2:16:cb:17:
+         e4:f7:90:b9:8f:8e:a5:ab:0e:c8:64:86:c3:b0:64:ef:46:7a:
+         82:21:a9:4b:8f:bd:5a:a0:b4:54:84:36:2b:bc:4e:30:e3:8c:
+         fe:ea:7f:49:c2:fb:2f:5a:7d:c6:16:7a:4c:8a:e3:ec:68:76:
+         de:80:20:ab:f4:76:09:27:65:26:e1:31:9a:02:6a:af:08:39:
+         aa:40:36:40
 -----BEGIN CERTIFICATE-----
-MIIC4jCCAcqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
-c3RDQTAeFw0xNjA1MTAxNzAwMDFaFw0xNzA1MTAxNzAwMDFaMCUxEjAQBgNVBAMT
-CWxvY2FsaG9zdDEPMA0GA1UEChMGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAo9dLuAbDY5jBAlx1UqsOQf480ni4BVbxOjEAL4PVBfIU4xmn
-F3Z+tAvmcd3oNc9JYYxXVq5sKA/HE5eWhVdXdQWX0IrTHraJAXvRlHuu1TSuTvuq
-7QgQVFbZdWzRfvukLoKPDm1DtI5BFJ7L83j8RJy6tyvek4KzsHtG3JKoVzoz5+Hz
-7fL7gE76Dr82uH1t9WouZ5oXS2HgBR0l9CTYxARa6OMrr/+r4w1RoYDXnrlit5Ft
-81mQAVibnei9dN3EXoECUflclQ1nip12XVuoH9GXF6AetzDsbhInYvRoxm1Q9pNz
-g/L1QswPkF5MCuSIkkwgtHazZkIWlUKqPMVtIQIDAQABoy8wLTAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsF
-AAOCAQEAuJ1ruPLP2WdRZz5bb/qgaBqADUVKJu3Ny9TsEK/oZzUwgWVc4hvsiFms
-gj/JVmXy4f36s6VLfOiDNHI6jIb31wvfduYV58Z+IUXMyj9OV4ZxqpQBqS9YK1Gq
-2AChr1wYUs+WmnNATwa4Q51ytTU4DcLdJTusZIfo5BAvnnz35QnQPsB11EEHRovA
-1bnzvG6uKAG0MjxNvXpWRUImNXrIKrbRXnvu5FDXAVMPg674g1QMhaa6SlPO5bFP
-meg4+1jH2tUMKR8qCS4KfOfbccNF/u09pRYcMJwiTXu++gCAu1il9jn0C5zxX3Ni
-GKm0/sj2BpZf9D4Kl8LppAIxcphBUg==
+MIICuTCCAaGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
+c3RDQTAeFw0xNzEyMTgyMzM4MzlaFw00NTA1MDUyMzM4MzlaMB4xHDAaBgNVBAMM
+E2xvY2FsaG9zdCwgTz1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDLWCZThbLSJW64vQkqs+fFuwW8XldBG9WakApVSrkvwPfQc6r+7YykimJC
+2+J7WxdmpypqqGpZ/KyOu0zKaD9Qc+YB3fBjisTatkYW6P7dFPXYcQZPBmxVyUFj
+BKtMXTWqTdUn3Q2evkdsBlacCkgjzsNOneK8P3iP7CRzl4+UlzjkTnXrqhSfbjyO
+Hwq/N59l9ypInsH0MaayGXNiTbmfTb0qy8bFVXW2Y/hWyEydmLU65RaWCcxTyj6C
+++S0/xuq02wBHwAx2oEugn7YpaG9XYX3IgH7d0abIwqhtOFmt//Jm/a+DRo50S4c
+QEyp5SUFnFeZlfQMZx6wy9NKsCzNAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZI
+hvcNAQELBQADggEBACfGVmPVGMIy58J8RS0VAkin64r8onBl4c4v8vp4POBf+Gkf
+pvHN1zL3RmB0vxhxgfRC2JChS4MHsNzJM4Sk6eSE6ZoCwniGvbmeMGPWl/OLzA/V
+gdwFjAF6MFOrKjwjtaQW3BugNUe1LbVt2KHImH93qQA+nkTHddiRFVZ7xKR8DXM7
+pppVWcLX9HENHkYO2gGfFdgCa+aFI2QcxdqzThgjM3mAyRzMNf0PN40SQGxdohbL
+F+T3kLmPjqWrDshkhsOwZO9GeoIhqUuPvVqgtFSENiu8TjDjjP7qf0nC+y9afcYW
+ekyK4+xodt6AIKv0dgknZSbhMZoCaq8IOapANkA=
 -----END CERTIFICATE-----

data/spec/fixtures/client/key.pem

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAo9dLuAbDY5jBAlx1UqsOQf480ni4BVbxOjEAL4PVBfIU4xmn
-F3Z+tAvmcd3oNc9JYYxXVq5sKA/HE5eWhVdXdQWX0IrTHraJAXvRlHuu1TSuTvuq
-7QgQVFbZdWzRfvukLoKPDm1DtI5BFJ7L83j8RJy6tyvek4KzsHtG3JKoVzoz5+Hz
-7fL7gE76Dr82uH1t9WouZ5oXS2HgBR0l9CTYxARa6OMrr/+r4w1RoYDXnrlit5Ft
-81mQAVibnei9dN3EXoECUflclQ1nip12XVuoH9GXF6AetzDsbhInYvRoxm1Q9pNz
-g/L1QswPkF5MCuSIkkwgtHazZkIWlUKqPMVtIQIDAQABAoIBAEFgfJdfI4JPhtzR
-VgN5vEO7FjwJ7aw7yCAnQ2KyYUNxGMKSDum+38oqYXcYTDuEjkx9erBdA01tFkwM
-FgT5GC3a4HxXmOzNe5f692Mfg2ESF2fu5oKU0CdHTJidpm7cLOReNoVUNksK5I88
-2jc6FLewLpU+zR7hbaBDYMBNSR0cufli3/tEBC3UkDJUQhqBB99ZSF2qsvY4ayy+
-SWWspwltPQFmTcrvcWdcfx3DCHgMRexjiFMF9ITxmsAIpwB8JHtqeDQNLyzXH3s5
-Q5FQhMdzK0O5iKkukLALMlN6+VvZH92mvtN/216TbaKuFnDXwwUsHwBDfErAnyfc
-KFmidwECgYEAz8/mYg/mnqvKiUDjqM28Bpiw8WEilXMlUPBnDWCh4uOn/EemFQIY
-zF8isrrNjXmTLGO3Jidesr39VWVhMSdE8rABTj2JNyQyvgNc72E9+QRl4pp7lM6d
-H9D56MGd3r20gGffjIlsWLCIHb43eAkfwJOyoW+kr+TNUSR3RMlYBNECgYEAydUx
-GBZMMb04qVGd/rixEk8dbMSnGLzcqLet151jc5b/QmaqjPiK/0iTIQmginXERUJx
-XI3xQXUkykCuFpNdJ1KgcU1KYH1aJ6j6i62TVzgVlOFWk+z9d1zKOGXJaw/9m11U
-ThjCHz6WpH6BOy1RvRwGXLz6sU13TDwL9GVzN1ECgYBqIWUpY7GGC3pOioM6LIgA
-Xm7Pd6ov5TSDl6Mpo9ZJh7a9EuJxDDcZ+ORBn0FnJVXSb8KTi7vDUWBWAoaWkdWW
-k+i2ypqPPL9lZ1ZJMsJxsJtQFVFT+AkqvJFFG8zCeuP6SBJVNcHNsapydjjh5tb+
-hO/PnrLe2d05uYPn72QyYQKBgC41HNRC5pbMl1hMUzup1QA4FKh+LTNAqdQGmUov
-wkEIZNAy6QD1Nf1UBDsgFR0d8R1aJNHnvUAbLZ0QScrpWf5SsGDALTMB/83spc+s
-oXrqYCaBoGylaTIWkEVxKDfWpV0YdOCcUnUMwzhNrhB6Q6hj7iD1Mv+8mH9fj+0X
-/NTBAoGAcJoIVPUVI8/0WoaSyzJSS5PRYRyqBh7mMtWRJ9dn3yszaBLyzoItAwWF
-MKjwvJJJ0E1fGx2gFsHoDEek69ZvwhjoVtzciy/BOkWbetNSXDoNFtj8fZmrDurY
-6qZGKlG9NI2WN7SU1ZfWIIIV7dNkboKlSwLTwhdmZdr0dSosemc=
+MIIEowIBAAKCAQEAy1gmU4Wy0iVuuL0JKrPnxbsFvF5XQRvVmpAKVUq5L8D30HOq
+/u2MpIpiQtvie1sXZqcqaqhqWfysjrtMymg/UHPmAd3wY4rE2rZGFuj+3RT12HEG
+TwZsVclBYwSrTF01qk3VJ90Nnr5HbAZWnApII87DTp3ivD94j+wkc5ePlJc45E51
+66oUn248jh8KvzefZfcqSJ7B9DGmshlzYk25n029KsvGxVV1tmP4VshMnZi1OuUW
+lgnMU8o+gvvktP8bqtNsAR8AMdqBLoJ+2KWhvV2F9yIB+3dGmyMKobThZrf/yZv2
+vg0aOdEuHEBMqeUlBZxXmZX0DGcesMvTSrAszQIDAQABAoIBAG8TNMRU+QxPxD6H
+jDVWVpmtAoIV6oW3RaQLYImcqrHKL9QfCt38NuI+cVRiNkH5zTuWvtXKL2X+XugM
+qfK6pTM2TALjEAff6o4qGPk0xttPMsfLXY3XTWBC8kO7bjLli4X+xBvlZSY8fFkm
+0TKlbyiYLhmIpyz7YskDThoSRSz9wKO/Oct4VSjK7KiKUpfZX/358rzRHJ3H5mFU
+B22cj4BFE4aVnFNhvr26OcUrqoTreC34DMegALmp9nB8TvTTlCFcPRSPWbNbfwuK
+41uAScSuPvIkcMb5XfCXDY+dx/+hhAv0inNZosmdvhR1qYDB4zotDyM+mkfrDvpS
+Upv6d6ECgYEA5Gj/3q8nEIdSycG3MXSBTtKD1b7Z9MGIKtzCUeaInf5PRxCLFsoc
+BJsbVNdZOLymUX1k+S1dSgB5NaqXc4587+06hrMkw+MLl2V7b/0AHe2s58ADkhiF
+6hFFGVl0+dQDkM3/SloCRS9i/ND9BnGqtVxiSwBW/dN5DZjbdvc4orUCgYEA4+gN
+xRdL/6GK275ncLMU8DwUXdJnJgHlOsAI1CPyuT0s+SBUgOugoWMSwIVhZI1xujjE
+tZ0oKY4LCEUeWCgVxMJK97v4vw1nSN9RXXzu/z0JTPvgfs7Ic3U6p5YDxGE+m7Hm
+7UezvvE2S4lvjcUZ1a83n22/f3nF6+1GDyZfOLkCgYBj3Xyx8kbUNTZ/PBFKsDOx
+MN2vYMiO+Ob+RpM3l+H3oi8rVRJbHnbtlJt4lsdNxT26t2akg68cIeTdD/8z6QK7
+LC/AoSbb9rMkuJwltKqOa1KD6TImeE5krrRVhwVcDdSZRVfvPDdt5HAVNZLLdHs8
+3G2leTqPtBxjU4fxFdpPWQKBgQCQRL8iumKjiZErFVbJorNod7+0vJILHzwKerGc
+CL2HwVAMzAhyK7ZdMygVstk6G8eYSINNLBTWaVJWg9p3l7hf+1YViGooFsYA/Uy2
+T3XDINIYZ4FvBFsjq1vb5jywPZayXGWAYtlHz828910kc1atS+N8Cq8kdONzO5oT
+0QiKEQKBgCLtLGO/qeaWDf6uoG8Ei05xqDFwvwosZ5niZbuT4q6VelCnEUCCL3wT
+0v+Krz0qNQthn0ugTy2HbZ8Uu8y4LNKt0BrYIuRwTeFWb4xj9074fezqGzm275RE
+rsiuuJNBslXjmwt6avxc66tdkyd2YonMuwawsEQ8x1WuGtvKCdIf
 -----END RSA PRIVATE KEY-----

data/spec/fixtures/client/req.pem

@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICajCCAVICAQAwJTESMBAGA1UEAxMJbG9jYWxob3N0MQ8wDQYDVQQKEwZjbGll
-bnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj10u4BsNjmMECXHVS
-qw5B/jzSeLgFVvE6MQAvg9UF8hTjGacXdn60C+Zx3eg1z0lhjFdWrmwoD8cTl5aF
-V1d1BZfQitMetokBe9GUe67VNK5O+6rtCBBUVtl1bNF++6Qugo8ObUO0jkEUnsvz
-ePxEnLq3K96TgrOwe0bckqhXOjPn4fPt8vuATvoOvza4fW31ai5nmhdLYeAFHSX0
-JNjEBFro4yuv/6vjDVGhgNeeuWK3kW3zWZABWJud6L103cRegQJR+VyVDWeKnXZd
-W6gf0ZcXoB63MOxuEidi9GjGbVD2k3OD8vVCzA+QXkwK5IiSTCC0drNmQhaVQqo8
-xW0hAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAb2KtxPDC4D8KJywEVWGUw6Y9
-wrlZGFLO1qkIjjQLfs4SBEhtTiRIlAUHT8hZWigBIBSmpEjRHzsc+EqM3OOjLtX4
-n4eUmQHnKiGIOD7D7iLdvtNAm6eWpo7+ndgTpx+JRlBiT5/lTZf5W4Hgss3ijn6P
-hT7sXajSeLlMeklG152lEdXgAtoSuhZbD9dQfm8DVS1W/Z6gJSlPY6URIENqlxK3
-63yjDcPa4RG22RDr2YHFne9UBduSzhqvupdtaz9Hwq1yHObTAB0h9gupfasppgoP
-fvxqepvJlg7Pbc5qci+bNUGfDkwkplqGab+jDOsFbpHLVM6tB8ZbaxumlJkBag==
+MIICYzCCAUsCAQAwHjEcMBoGA1UEAwwTbG9jYWxob3N0LCBPPWNsaWVudDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtYJlOFstIlbri9CSqz58W7Bbxe
+V0Eb1ZqQClVKuS/A99Bzqv7tjKSKYkLb4ntbF2anKmqoaln8rI67TMpoP1Bz5gHd
+8GOKxNq2Rhbo/t0U9dhxBk8GbFXJQWMEq0xdNapN1SfdDZ6+R2wGVpwKSCPOw06d
+4rw/eI/sJHOXj5SXOOROdeuqFJ9uPI4fCr83n2X3KkiewfQxprIZc2JNuZ9NvSrL
+xsVVdbZj+FbITJ2YtTrlFpYJzFPKPoL75LT/G6rTbAEfADHagS6Cftilob1dhfci
+Aft3RpsjCqG04Wa3/8mb9r4NGjnRLhxATKnlJQWcV5mV9AxnHrDL00qwLM0CAwEA
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBsJrkLjkJKFnJJTe9CLKmVdRmM1RlAhvWd
+6Pp4oU6edFbL3rgLKWXH0dw8HKMy2LpZGGhRMa24bvV9oPeOusS3H93pQp8z2Yo5
+MahMWyc9WoYlaxBZz4eW9nF81vpFWfx6jf8spu/nGAaxIV1+7aW1yHtqAGHJcWmY
+40wW/ixmxKM8LQr426wrVLPJOJAv8ATKJ2pQhUOPhdO3/J0YFzdIZbxbGShJvztJ
+0lfQ2AY61LuJz41et9fdtm50lAp8ouJjwrf+iZIiRy6+0StM1o84bXdc/s2qrinr
+7wDy5ZUkwtn+BOkWE/dJ9zlIHEp3oIWqEiQQ3X6VFcjGyikWbLlC
 -----END CERTIFICATE REQUEST-----

data/spec/fixtures/client_untrusted/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIJAJRcY5v9OJ5zMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV
+BAMME2xvY2FsaG9zdCwgTz1jbGllbnQwHhcNMTcxMjE5MDAwNDI2WhcNNDUwNTA2
+MDAwNDI2WjAeMRwwGgYDVQQDDBNsb2NhbGhvc3QsIE89Y2xpZW50MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LCL79MFnPgOTODLH22IRznhoW9E0I93
+KilguCYTj9Su/x4UjK5RaWaHYLLxtWlHvKl9dd3xsLOCi2c6fF1u1iUjlbv6bUqS
+iB7N6G9WP3UGaCIIIQWG6ZSM1CRfeVN3TRFot0fILrlSZLscj7AGtt5NcAmRrIPk
+xvDmc9Rnh0oMHvQEVQQJN3/xNatFCFdBGsBb6kDKgOBO1VKd3RTpRJtCDbVB1lei
+H3ZR8OOTm3x6A5fVxgEAiUuBJcfIEiUva+q7gJ1qvjZExwLgfhS7zDCxO7649tB7
+OJPEdjVUe/f1D2OvAnS68BSpbi2E9tSwD/QamdqvPvQA0EBW9Z4N8wIDAQABo1Aw
+TjAdBgNVHQ4EFgQUXQvkrSeJIMs3NO//7JQGNqh4yyEwHwYDVR0jBBgwFoAUXQvk
+rSeJIMs3NO//7JQGNqh4yyEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAg7ItnTuvdvQm7m46RAq71bfJPWzdTrbkmkTE1HqdmsJy/jtk7CpSGRsILLcR
+sjIBoyqXV3GJP5toVkusc5g0wPAIMJKv6O96hbTXzBF62faONfXaJpwbKZTy64Ej
+8lvuHTcfqmXFKdryu6Q2I1ab6+2DCAIKKg8R8IQWV/+r71xklpGzYPRhEHaV5ahH
+XrAWnimVKG9zpUYZNGkfU7Y/KmX0a/wH63pY2n++Jm3NHK3Gi92gt4vXWnGA037k
+3IgDAxjMqeC7v0Mr1uBgYOvl0SGzrA3sWZX1mkKksVV9po5RjJk0kL0aXt3nz10p
+OMGlgP2pP58FuKmU7WTCGPavDQ==
+-----END CERTIFICATE-----

data/spec/fixtures/client_untrusted/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDwsIvv0wWc+A5M
+4MsfbYhHOeGhb0TQj3cqKWC4JhOP1K7/HhSMrlFpZodgsvG1aUe8qX113fGws4KL
+Zzp8XW7WJSOVu/ptSpKIHs3ob1Y/dQZoIgghBYbplIzUJF95U3dNEWi3R8guuVJk
+uxyPsAa23k1wCZGsg+TG8OZz1GeHSgwe9ARVBAk3f/E1q0UIV0EawFvqQMqA4E7V
+Up3dFOlEm0INtUHWV6IfdlHw45ObfHoDl9XGAQCJS4Elx8gSJS9r6ruAnWq+NkTH
+AuB+FLvMMLE7vrj20Hs4k8R2NVR79/UPY68CdLrwFKluLYT21LAP9BqZ2q8+9ADQ
+QFb1ng3zAgMBAAECggEBAMRlCopygg4HSoPomVXXpm+YB0gW5uvXZMD+anFYgHXI
+cdKx1MrGIqACjUyWNyxz75k+I6VdqK0qjMb7QHniM2KBg3vWmw064D46BII49wNo
+lgW6Xy+yttc543/m/hCdzqcQIYYMCIg3p8eR9kg4tgHZew6EgF1ocfDy+Nhi5Oc6
+K26QGQkiF6/TcdH2hIaNb63s5aYRlEaLTW75MACyi3BXvaT33Jx0vhJ5EPwVkOqv
+NIRvrY/mhtxujiqE7hgvUsR9mDxJv1IlwDFzZnwwMrHAxecBbv8QweaO0RZ1t+uJ
+BwBe64Llz+WyFOEisxwkczzluY5tVx5IpEXk9IyFTWECgYEA+9HNk5ZLmgB+ntlW
+qFBJMI6xUqiZ0upSeWsbiiIGUICSeubf78tzIaY6aFUtZQsiPImYfdxl+CtQ1oEq
+SsKsfV0S87qXxbaxaXJM1d5+rkGXoGNBffQ+4vI6tDigeNMnRTBgMrgyL5aDQ/Jc
+Ua8lGQ8DX8rXCjzy50uDmGpudXcCgYEA9K9xbc8xTC68r0OH/t7XSdfimAjhOcQD
+57XSNMqmrPkZd1YQ7E23IFTRMvFLYmX+rKzbDAI/6Nprl/fDdWWLEHF1FYcW9P7D
+Sir3/X1COZMBvBM4vrGb34LzShU4uM17BbpCBqaDLV66iOmjL0OqsNQ0Rl08y9fl
+tGacQZwpemUCgYA9l/2uoc5wJrrR49s8ZBbi16Qr0a1+V25A4J/l05izzB8IDLyt
+jJfmnSAgMOVfl6+SGx2/e089umqVbRaJHsDOERv3naZN5/fREPIWRcu6l7ScuGpm
+gn13SURunIMzyoIKfGCrRz6PQUNuNTO7jxmF3ZQ3tAeRK4NGa8QOXcoS1QKBgA8R
+jua4T8zlQ/F3MzTa/F8r0GSUh2pLTAJFDED8Ce+1F4Bl6Hzk/FYdYxTED2Rr65cu
+vf6rVMw+R0oAlCTyr/G/SvqcaymDVvuGUedmg2GQUBcJCAGWZocJRXpWfDvFS8I6
+ij5mmsV8g/hSix4qCKUDLIT40PmsvhSyDQVtXJCRAoGAdv+J1s8Tn/JNNAz0ymJ9
+KUy/RF7EvREr/AKgn1UWYg38WxGrIydGGsRyBKbfmtZPTHt4GNZbmiMAhmXhHYs1
+9QfM+atdmVGFtx447m3E8Hq8MIWhBwIYBthrKM+WfVedZDS8CDuobTvEXXleN/nk
+M9AyQC/Un/Vl5G6q4HTSW8M=
+-----END PRIVATE KEY-----

data/spec/fixtures/server/cert.pem

@@ -1,18 +1,69 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=MyTestCA
+        Validity
+            Not Before: Dec 18 23:42:53 2017 GMT
+            Not After : May  5 23:42:53 2045 GMT
+        Subject: CN=localhost, O=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a1:ff:8b:5b:3f:5e:7f:21:71:71:54:a0:53:da:
+                    88:25:c6:42:20:34:57:a3:62:e6:1d:3a:0b:75:22:
+                    0e:94:4d:07:c8:dc:15:f6:48:15:b7:c9:f2:81:c4:
+                    7e:0b:b7:a8:2c:1b:a7:ec:d5:8c:d3:75:a4:b3:c2:
+                    64:98:8d:18:c7:4b:9f:cb:5e:06:21:be:f6:03:c7:
+                    e0:e4:ff:85:7b:07:44:71:ea:8f:b1:90:57:d3:73:
+                    f1:12:a3:30:aa:f3:48:ee:45:84:d3:32:b2:1c:28:
+                    27:21:11:83:6d:fd:76:4b:10:83:bd:02:e4:4a:81:
+                    fd:bb:cc:24:c1:c9:e7:86:19:e0:3f:52:27:e4:b4:
+                    b3:df:69:6d:4d:0e:ac:11:83:5b:1d:61:85:9c:9d:
+                    11:05:2b:53:64:48:e9:cf:31:c5:7c:8c:5f:1f:d7:
+                    fa:11:cf:19:a5:af:26:18:40:64:c6:2a:03:09:32:
+                    09:9f:dc:fe:4c:f4:a0:4c:7b:c1:47:d7:d0:41:0b:
+                    27:08:aa:c0:5d:70:27:7a:e1:49:54:21:fe:6e:45:
+                    d6:c2:9f:1b:f0:7f:0c:6b:da:a4:4c:44:15:d3:2b:
+                    02:db:9b:ea:99:05:3a:03:2f:0b:4a:f7:d8:38:55:
+                    3c:31:47:bf:28:28:27:53:68:4d:f3:7f:f2:62:5b:
+                    7a:d1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         79:01:07:ac:0e:33:ae:5d:af:47:6c:6d:0a:7c:21:16:41:63:
+         9f:fa:0f:fc:d2:a6:b8:74:72:4b:5d:a7:ab:e0:42:6c:e3:52:
+         7c:45:20:12:d0:9a:de:70:2c:75:04:15:9e:fa:48:1a:ec:a3:
+         04:5d:37:9b:eb:84:eb:42:f2:04:53:90:d9:84:6c:9b:49:3a:
+         39:e5:23:47:2e:ca:92:07:4b:5b:0b:69:fa:a6:5d:67:f7:e6:
+         da:9b:f2:93:05:23:ce:e4:ad:5d:d8:7b:2c:1d:4f:0e:2d:88:
+         d7:f4:86:70:6a:f6:d6:bd:68:fa:60:6b:d0:02:f1:bd:3c:77:
+         09:4c:66:ce:95:57:3f:ce:97:2a:90:46:a9:f2:e1:8b:60:cb:
+         95:78:5f:10:60:66:62:60:88:de:fc:42:44:9e:fd:b0:3c:47:
+         cf:33:9e:eb:8f:dd:a1:14:9e:23:e9:a4:44:e4:35:65:4f:21:
+         f4:29:6b:d5:33:23:3e:51:cb:6d:ce:81:d0:0e:6a:9c:b1:3c:
+         5a:fc:a9:6f:8d:d0:8a:64:f0:99:59:56:9a:d4:25:75:27:d3:
+         2e:85:ec:56:0d:99:1c:d1:54:54:96:7a:2d:04:15:8b:82:ab:
+         d7:56:54:6b:73:0d:ab:a0:0e:94:3b:92:e3:b4:43:d7:fa:c7:
+         2f:7c:57:5d
 -----BEGIN CERTIFICATE-----
-MIIC4jCCAcqgAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
-c3RDQTAeFw0xNjA1MTAxNjU3NTlaFw0xNzA1MTAxNjU3NTlaMCUxEjAQBgNVBAMT
-CWxvY2FsaG9zdDEPMA0GA1UEChMGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAuey95MXuzVtVQlOtQ083r9fZjuJ2D6kMmu/KBAYf95dzLKa/
-OhtUVWtyQOt9kvKFEhOjKrqEifhN/635zXNkHPGAwkAj0+wQVPbrR9QcjP/7Ifrm
-GycYQ3fs7klsftcg9yplZ3haBosUoDrJ+5B3MOUjN+2XjUCdJygLRVFCz80C0ePU
-pGKiq1Uh8jLpCho3HwXq8k6VQPGREq5avRrcTjTXSA5EuBZM8sdzPYix7+zyv3Qd
-o5bHcHHfZg1FLmgH+pKThuudiq18ywCEeZpI6CqYrNbzNgmSmu1fUKq97VZFJjRQ
-Tx7TQexLK8LG3H4Oqzb9NOlwRqOgjHp9BSwvCQIDAQABoy8wLTAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIFIDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
-AAOCAQEAiN+aGl2gLGwnn9ja5aJ6es3zM7GuRkIhP0+UpUjt9j027KzXM88X5/pS
-n1rDS/yp0sWwGKU+CfPO/9zrFihZ+V5fQKNJpMo4xBr6g9lhyK3U9iRv1CB+88kD
-ad9C8HvPzftQgu+q6fv+8RfU9NbWjq/I0hW6izzOdcwK4zCN9segjfRGy6M+E9Oo
-1QTfUHHqHCDowlRSR5iFJP1RopyfBILz8dAZ98jqneYFulkrKFc8MjNP+GoLJ3Je
-2iVycYbOST4WjKurjaf7huXtYaqmFwY/dBaSDG8qrLVCGjYtf98PIFP2E+Tv8Yvw
-8TIAsXtglo5qh1hnTntnZZ3yaFgrXg==
+MIICuTCCAaGgAwIBAgIBBjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
+c3RDQTAeFw0xNzEyMTgyMzQyNTNaFw00NTA1MDUyMzQyNTNaMB4xHDAaBgNVBAMM
+E2xvY2FsaG9zdCwgTz1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCh/4tbP15/IXFxVKBT2oglxkIgNFejYuYdOgt1Ig6UTQfI3BX2SBW3yfKB
+xH4Lt6gsG6fs1YzTdaSzwmSYjRjHS5/LXgYhvvYDx+Dk/4V7B0Rx6o+xkFfTc/ES
+ozCq80juRYTTMrIcKCchEYNt/XZLEIO9AuRKgf27zCTByeeGGeA/UifktLPfaW1N
+DqwRg1sdYYWcnREFK1NkSOnPMcV8jF8f1/oRzxmlryYYQGTGKgMJMgmf3P5M9KBM
+e8FH19BBCycIqsBdcCd64UlUIf5uRdbCnxvwfwxr2qRMRBXTKwLbm+qZBToDLwtK
+99g4VTwxR78oKCdTaE3zf/JiW3rRAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZI
+hvcNAQELBQADggEBAHkBB6wOM65dr0dsbQp8IRZBY5/6D/zSprh0cktdp6vgQmzj
+UnxFIBLQmt5wLHUEFZ76SBrsowRdN5vrhOtC8gRTkNmEbJtJOjnlI0cuypIHS1sL
+afqmXWf35tqb8pMFI87krV3YeywdTw4tiNf0hnBq9ta9aPpga9AC8b08dwlMZs6V
+Vz/OlyqQRqny4Ytgy5V4XxBgZmJgiN78QkSe/bA8R88znuuP3aEUniPppETkNWVP
+IfQpa9UzIz5Ry23OgdAOapyxPFr8qW+N0Ipk8JlZVprUJXUn0y6F7FYNmRzRVFSW
+ei0EFYuCq9dWVGtzDaugDpQ7kuO0Q9f6xy98V10=
 -----END CERTIFICATE-----

data/spec/fixtures/server/key.pem

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAuey95MXuzVtVQlOtQ083r9fZjuJ2D6kMmu/KBAYf95dzLKa/
-OhtUVWtyQOt9kvKFEhOjKrqEifhN/635zXNkHPGAwkAj0+wQVPbrR9QcjP/7Ifrm
-GycYQ3fs7klsftcg9yplZ3haBosUoDrJ+5B3MOUjN+2XjUCdJygLRVFCz80C0ePU
-pGKiq1Uh8jLpCho3HwXq8k6VQPGREq5avRrcTjTXSA5EuBZM8sdzPYix7+zyv3Qd
-o5bHcHHfZg1FLmgH+pKThuudiq18ywCEeZpI6CqYrNbzNgmSmu1fUKq97VZFJjRQ
-Tx7TQexLK8LG3H4Oqzb9NOlwRqOgjHp9BSwvCQIDAQABAoIBAQCZTYGOXz52iXaV
-iBV3SJxsG5jB3izm4McKAeoaw0ochv5qtNs8eEhjXoMI0KPsRJhAvXxuwPiEIv99
-cOBm7VyBGQjIIsbn+N/GjwqVYWphQLi73ftaLDQvfXUZTeVt+MivxH90f6ILfyZ0
-r8TX7ti4slcFyJyL1dk+7h/M+iIS4FkYAkXUQdf8cYmF9vdUONQQ4owRshqmjB8+
-CndHrz70DqfCMuwee7NXWt99DzlqpHqYr0s36SB+euepFrqWzPcfuajEjq42tz6l
-d1VeRLCbyMKVOvGnUhEvQQo6JRebz55l7EYWA/gg9eh4n6qHuCfHf1gB1KZDBSjm
-mvgdc4PZAoGBAOyop18aMwiUU9eSR6onePfGl3PPLIlYE1dNamtUzY6qcNQ/Cz2R
-QiDYC9RuGVWDUyBL+tM/5+vDMD/PK2YWaYVm8PSHAkC8BnD6mMOo1SGPVH/1HshC
-2nyUPSOqlrZ5gCTQy+jNgYQqg6Bbl/x9uWZcFAXXSNqDiFzoJwxys2nbAoGBAMke
-owjEM6fuY4aKx9ngzOzK8PKwCqbNAiolVPby2/GOqsgDNcOZXHfjckMpJg1ZGil7
-L9LGDIYyZjbm9isEhB1h5PJggonHDmjwTC/fJxJeFp5Ivj8VKXSipvqDZOhEP4N/
-y4LGAOEL6m1xOCnZzgyju1yNGjtRLx+yEKX6zPnrAoGBANx5VswbvVWN0fov9gHI
-GkNDSQ+D/6rIWeRoY+8wJvx1Pv4M6azm6aNtgr/Z/lITMVsSTc+GZsrWodmgaH8H
-/DBisbItIOUsBhg07iLB5CUKwZ8fvhi1Z5TOCZNztkqzMLWbq4vsAHAfp1a6XgLF
-IfcBa0nxwZaJGX3sbYyEQy8nAoGAY3may/g3UIVRhrdX2AUfdrN975tw+UWHH49t
-ceN3NAgLongr/H37RXUjC+LrZki+7ut2IPtCMJH3Coq8EVTff6Tu148yobDqCK9q
-D3eBXM1axJlYN91grsbQbjHVFCjFfWYVI66JusXpAo6wZ8rJ5miJgGJuKg6ijzvE
-jkP5ZFcCgYEAxZFA5htznu0XDqhnlylo4N+V4ERfC86AjL3x0DDcFEYtzKKvI0AO
-i7n9UQgT1YisFhG5nPJ+iMxliqACbHm00k5pua6ediBVWCUWEwVi9Uu4geQU7C6G
-wLGiHPqLCzHGMFGWj1TSqg/Fd08meF0R/L36KlPI1na+EAbEvrefhXk=
+MIIEpQIBAAKCAQEAof+LWz9efyFxcVSgU9qIJcZCIDRXo2LmHToLdSIOlE0HyNwV
+9kgVt8nygcR+C7eoLBun7NWM03Wks8JkmI0Yx0ufy14GIb72A8fg5P+FewdEceqP
+sZBX03PxEqMwqvNI7kWE0zKyHCgnIRGDbf12SxCDvQLkSoH9u8wkwcnnhhngP1In
+5LSz32ltTQ6sEYNbHWGFnJ0RBStTZEjpzzHFfIxfH9f6Ec8Zpa8mGEBkxioDCTIJ
+n9z+TPSgTHvBR9fQQQsnCKrAXXAneuFJVCH+bkXWwp8b8H8Ma9qkTEQV0ysC25vq
+mQU6Ay8LSvfYOFU8MUe/KCgnU2hN83/yYlt60QIDAQABAoIBAEfzbD3W422ruOsR
+HzSfNyEv8WbEWLhk0Lfic/xOaBNOM0rvFYIRejPrKh6g2yrxI2yTy/3Qy3+QHNsK
+WAu5f2vlFtAIrsiGPFZpjGWpZ+vAypGeELxY0+lC8avJd3A2JgpOLjRvq9P9sYNq
+d+l+TfABIcHtat/85GlovlqkBoT0fFKL2kfjfUv5i9SDXAuW6G4BCS+fhgE3edSw
+3ndWe1J6xZ2bpt62V9wLpsdykqsRwjz2NiJpdhtZx7zOCHY71O64Ina414X0N3G5
+ONaH8RlJXmggruhNdKR1bSVBmJy576iQjVCyxFuwJB6T3x3XSEfZhfVy1MI2/WMK
+eWb07pECgYEAzGH3BZRd9NwYpqPhHfGOx9IOdBIWk99FNWwvJX+Cj5XFS9MUZ13l
+qroyggS8rPH2ymRNySYoaC+BAEvpIR8A1D53toKuoVZHus89A2C47beNP3TZ1Hdm
+0sJ8rBFhBooWE2wdVtC45q7JxLzzNM2EpxKTGtjcX9a91wW4HJaCxfMCgYEAyulH
+vjIar0Hf4yNT5U7206EULMye/pn6SH/ef0CejB4Yp8nZu1lrgPslXw/zE8Xy3eSG
+7dVr5r0qtM5AMHZ6XVQuvvK68wd6EDzAJd6Tz7oKmMSmS3CK+M8qqgC2Hohq1v/D
+Vhof4nzq9XFG1Lk+W8kHMRtCQuwLvSoCQ50SmSsCgYEAqZxG9k9pJZIdtvTbFhFn
+rzYIHpUAPZkVAz+TZKgLvoLJJ6K1FQ8cUHGTBslNlqx6ZP2We+55q/R4NrnIb18e
+PgTVLhYHPAaxIjtnY805yrT/uACN4T9xikgyVE1b2qRvq5CWTHyMZYv6D5XKszA2
+/Ltybt43DCXWh4HMh5T0U7cCgYEAwEqgxZq/9RRtcth42heiC95buzTS/B65tFkR
+ZvC7D7g5z1CXuVc9bMcUnGkGB9gQl73JLLyTe+ALB7tp00OEJMvxXN200zljsN2R
+jpHG7BW3kxzRJy7pVG8nVGJGNNs8vLE20XMCgmW1WJJX+KHweZUh7qSRf9AoM8UK
+zj6dcG8CgYEAgiacxsNfTVA9055vKjzUFQERk2qvK7JHIEX8hFvr2/iO7xd22Aoi
+4EUrtGp/6uuoS76O/Ig1lLA1ZWxZURE82LoIbN65MDfwSl+MKIpv9GEtgkUvKNVZ
+eyf+Ef1tJupoWsR+xqnjQj/gIvE/6NVwFGzFv664VHwaO8VkC5W/EGY=
 -----END RSA PRIVATE KEY-----

data/spec/fixtures/server/req.pem

@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICajCCAVICAQAwJTESMBAGA1UEAxMJbG9jYWxob3N0MQ8wDQYDVQQKEwZzZXJ2
-ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC57L3kxe7NW1VCU61D
-Tzev19mO4nYPqQya78oEBh/3l3Mspr86G1RVa3JA632S8oUSE6MquoSJ+E3/rfnN
-c2Qc8YDCQCPT7BBU9utH1ByM//sh+uYbJxhDd+zuSWx+1yD3KmVneFoGixSgOsn7
-kHcw5SM37ZeNQJ0nKAtFUULPzQLR49SkYqKrVSHyMukKGjcfBeryTpVA8ZESrlq9
-GtxONNdIDkS4Fkzyx3M9iLHv7PK/dB2jlsdwcd9mDUUuaAf6kpOG652KrXzLAIR5
-mkjoKpis1vM2CZKa7V9Qqr3tVkUmNFBPHtNB7Esrwsbcfg6rNv006XBGo6CMen0F
-LC8JAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAFKV3mbWhNsvwi1h+Hhqt1Yyu
-MPL+eXhcNSg4xev8Wf0TVRxNRXwlrXOqMWb75Q3ik0vvjR6LQSEEp20obwjuynQF
-DnIoBza4M9QI8aanA5vlF8h9tNROER2PPsc7CHiCuh7Nga1IrCza286tPtaSHICJ
-Rbis9EnVaAqF/haofqWzYoodz5RRU6tS4HXpkqtHGDMGA/dCIzZmTSOo+cSp+w5N
-Nyx+DnI6w60VQDQJcwwMa+oIPvGdgAOEJ2tosiyJfVpbLNW5kaDun7kwqJ8eELV6
-l/BxgRJAbg+SOq3BdY1c0v1kpym3IaaIc7hUHnEGsZw+8pinC2hiJDUo1sK7RA==
+MIICYzCCAUsCAQAwHjEcMBoGA1UEAwwTbG9jYWxob3N0LCBPPXNlcnZlcjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKH/i1s/Xn8hcXFUoFPaiCXGQiA0
+V6Ni5h06C3UiDpRNB8jcFfZIFbfJ8oHEfgu3qCwbp+zVjNN1pLPCZJiNGMdLn8te
+BiG+9gPH4OT/hXsHRHHqj7GQV9Nz8RKjMKrzSO5FhNMyshwoJyERg239dksQg70C
+5EqB/bvMJMHJ54YZ4D9SJ+S0s99pbU0OrBGDWx1hhZydEQUrU2RI6c8xxXyMXx/X
++hHPGaWvJhhAZMYqAwkyCZ/c/kz0oEx7wUfX0EELJwiqwF1wJ3rhSVQh/m5F1sKf
+G/B/DGvapExEFdMrAtub6pkFOgMvC0r32DhVPDFHvygoJ1NoTfN/8mJbetECAwEA
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9PImWOEba/bMY6lkFEYWhT8gYNs9cDlrf
+ekTK+PESuPFzsXOfOZY4C6KPDRzdqNEkg/x2bPUanZVplAUENulMnDGuBezfYB+n
+Lbz1poTsFoLmOZDPlgGQSAEU+cm75A+yKIdOkJvd0Tja8Kjk40DTb3hGCFLD8FPE
+8qubPSTCCgmtvvE2yH0/LvStKT6DGAb33FQATkPKvZ5W6JptP5HpWvzT7iglTkEl
+V829V0u0GYiH7YRClXDulhbC7l3yFSEKPpWaXiy4hkvJwPCXyf6nL1shQvCe3++b
+JGKfBE6NEr2QRiUTXgi5JmzhG0JoY47rQTnH41s7uhM4hdduCCKp
 -----END CERTIFICATE REQUEST-----

data/spec/fixtures/testca/certs/05.pem

@@ -0,0 +1,69 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=MyTestCA
+        Validity
+            Not Before: Dec 18 23:38:39 2017 GMT
+            Not After : May  5 23:38:39 2045 GMT
+        Subject: CN=localhost, O=client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:58:26:53:85:b2:d2:25:6e:b8:bd:09:2a:b3:
+                    e7:c5:bb:05:bc:5e:57:41:1b:d5:9a:90:0a:55:4a:
+                    b9:2f:c0:f7:d0:73:aa:fe:ed:8c:a4:8a:62:42:db:
+                    e2:7b:5b:17:66:a7:2a:6a:a8:6a:59:fc:ac:8e:bb:
+                    4c:ca:68:3f:50:73:e6:01:dd:f0:63:8a:c4:da:b6:
+                    46:16:e8:fe:dd:14:f5:d8:71:06:4f:06:6c:55:c9:
+                    41:63:04:ab:4c:5d:35:aa:4d:d5:27:dd:0d:9e:be:
+                    47:6c:06:56:9c:0a:48:23:ce:c3:4e:9d:e2:bc:3f:
+                    78:8f:ec:24:73:97:8f:94:97:38:e4:4e:75:eb:aa:
+                    14:9f:6e:3c:8e:1f:0a:bf:37:9f:65:f7:2a:48:9e:
+                    c1:f4:31:a6:b2:19:73:62:4d:b9:9f:4d:bd:2a:cb:
+                    c6:c5:55:75:b6:63:f8:56:c8:4c:9d:98:b5:3a:e5:
+                    16:96:09:cc:53:ca:3e:82:fb:e4:b4:ff:1b:aa:d3:
+                    6c:01:1f:00:31:da:81:2e:82:7e:d8:a5:a1:bd:5d:
+                    85:f7:22:01:fb:77:46:9b:23:0a:a1:b4:e1:66:b7:
+                    ff:c9:9b:f6:be:0d:1a:39:d1:2e:1c:40:4c:a9:e5:
+                    25:05:9c:57:99:95:f4:0c:67:1e:b0:cb:d3:4a:b0:
+                    2c:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         27:c6:56:63:d5:18:c2:32:e7:c2:7c:45:2d:15:02:48:a7:eb:
+         8a:fc:a2:70:65:e1:ce:2f:f2:fa:78:3c:e0:5f:f8:69:1f:a6:
+         f1:cd:d7:32:f7:46:60:74:bf:18:71:81:f4:42:d8:90:a1:4b:
+         83:07:b0:dc:c9:33:84:a4:e9:e4:84:e9:9a:02:c2:78:86:bd:
+         b9:9e:30:63:d6:97:f3:8b:cc:0f:d5:81:dc:05:8c:01:7a:30:
+         53:ab:2a:3c:23:b5:a4:16:dc:1b:a0:35:47:b5:2d:b5:6d:d8:
+         a1:c8:98:7f:77:a9:00:3e:9e:44:c7:75:d8:91:15:56:7b:c4:
+         a4:7c:0d:73:3b:a6:9a:55:59:c2:d7:f4:71:0d:1e:46:0e:da:
+         01:9f:15:d8:02:6b:e6:85:23:64:1c:c5:da:b3:4e:18:23:33:
+         79:80:c9:1c:cc:35:fd:0f:37:8d:12:40:6c:5d:a2:16:cb:17:
+         e4:f7:90:b9:8f:8e:a5:ab:0e:c8:64:86:c3:b0:64:ef:46:7a:
+         82:21:a9:4b:8f:bd:5a:a0:b4:54:84:36:2b:bc:4e:30:e3:8c:
+         fe:ea:7f:49:c2:fb:2f:5a:7d:c6:16:7a:4c:8a:e3:ec:68:76:
+         de:80:20:ab:f4:76:09:27:65:26:e1:31:9a:02:6a:af:08:39:
+         aa:40:36:40
+-----BEGIN CERTIFICATE-----
+MIICuTCCAaGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
+c3RDQTAeFw0xNzEyMTgyMzM4MzlaFw00NTA1MDUyMzM4MzlaMB4xHDAaBgNVBAMM
+E2xvY2FsaG9zdCwgTz1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDLWCZThbLSJW64vQkqs+fFuwW8XldBG9WakApVSrkvwPfQc6r+7YykimJC
+2+J7WxdmpypqqGpZ/KyOu0zKaD9Qc+YB3fBjisTatkYW6P7dFPXYcQZPBmxVyUFj
+BKtMXTWqTdUn3Q2evkdsBlacCkgjzsNOneK8P3iP7CRzl4+UlzjkTnXrqhSfbjyO
+Hwq/N59l9ypInsH0MaayGXNiTbmfTb0qy8bFVXW2Y/hWyEydmLU65RaWCcxTyj6C
+++S0/xuq02wBHwAx2oEugn7YpaG9XYX3IgH7d0abIwqhtOFmt//Jm/a+DRo50S4c
+QEyp5SUFnFeZlfQMZx6wy9NKsCzNAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZI
+hvcNAQELBQADggEBACfGVmPVGMIy58J8RS0VAkin64r8onBl4c4v8vp4POBf+Gkf
+pvHN1zL3RmB0vxhxgfRC2JChS4MHsNzJM4Sk6eSE6ZoCwniGvbmeMGPWl/OLzA/V
+gdwFjAF6MFOrKjwjtaQW3BugNUe1LbVt2KHImH93qQA+nkTHddiRFVZ7xKR8DXM7
+pppVWcLX9HENHkYO2gGfFdgCa+aFI2QcxdqzThgjM3mAyRzMNf0PN40SQGxdohbL
+F+T3kLmPjqWrDshkhsOwZO9GeoIhqUuPvVqgtFSENiu8TjDjjP7qf0nC+y9afcYW
+ekyK4+xodt6AIKv0dgknZSbhMZoCaq8IOapANkA=
+-----END CERTIFICATE-----

data/spec/fixtures/testca/certs/06.pem

@@ -0,0 +1,69 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=MyTestCA
+        Validity
+            Not Before: Dec 18 23:42:53 2017 GMT
+            Not After : May  5 23:42:53 2045 GMT
+        Subject: CN=localhost, O=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a1:ff:8b:5b:3f:5e:7f:21:71:71:54:a0:53:da:
+                    88:25:c6:42:20:34:57:a3:62:e6:1d:3a:0b:75:22:
+                    0e:94:4d:07:c8:dc:15:f6:48:15:b7:c9:f2:81:c4:
+                    7e:0b:b7:a8:2c:1b:a7:ec:d5:8c:d3:75:a4:b3:c2:
+                    64:98:8d:18:c7:4b:9f:cb:5e:06:21:be:f6:03:c7:
+                    e0:e4:ff:85:7b:07:44:71:ea:8f:b1:90:57:d3:73:
+                    f1:12:a3:30:aa:f3:48:ee:45:84:d3:32:b2:1c:28:
+                    27:21:11:83:6d:fd:76:4b:10:83:bd:02:e4:4a:81:
+                    fd:bb:cc:24:c1:c9:e7:86:19:e0:3f:52:27:e4:b4:
+                    b3:df:69:6d:4d:0e:ac:11:83:5b:1d:61:85:9c:9d:
+                    11:05:2b:53:64:48:e9:cf:31:c5:7c:8c:5f:1f:d7:
+                    fa:11:cf:19:a5:af:26:18:40:64:c6:2a:03:09:32:
+                    09:9f:dc:fe:4c:f4:a0:4c:7b:c1:47:d7:d0:41:0b:
+                    27:08:aa:c0:5d:70:27:7a:e1:49:54:21:fe:6e:45:
+                    d6:c2:9f:1b:f0:7f:0c:6b:da:a4:4c:44:15:d3:2b:
+                    02:db:9b:ea:99:05:3a:03:2f:0b:4a:f7:d8:38:55:
+                    3c:31:47:bf:28:28:27:53:68:4d:f3:7f:f2:62:5b:
+                    7a:d1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         79:01:07:ac:0e:33:ae:5d:af:47:6c:6d:0a:7c:21:16:41:63:
+         9f:fa:0f:fc:d2:a6:b8:74:72:4b:5d:a7:ab:e0:42:6c:e3:52:
+         7c:45:20:12:d0:9a:de:70:2c:75:04:15:9e:fa:48:1a:ec:a3:
+         04:5d:37:9b:eb:84:eb:42:f2:04:53:90:d9:84:6c:9b:49:3a:
+         39:e5:23:47:2e:ca:92:07:4b:5b:0b:69:fa:a6:5d:67:f7:e6:
+         da:9b:f2:93:05:23:ce:e4:ad:5d:d8:7b:2c:1d:4f:0e:2d:88:
+         d7:f4:86:70:6a:f6:d6:bd:68:fa:60:6b:d0:02:f1:bd:3c:77:
+         09:4c:66:ce:95:57:3f:ce:97:2a:90:46:a9:f2:e1:8b:60:cb:
+         95:78:5f:10:60:66:62:60:88:de:fc:42:44:9e:fd:b0:3c:47:
+         cf:33:9e:eb:8f:dd:a1:14:9e:23:e9:a4:44:e4:35:65:4f:21:
+         f4:29:6b:d5:33:23:3e:51:cb:6d:ce:81:d0:0e:6a:9c:b1:3c:
+         5a:fc:a9:6f:8d:d0:8a:64:f0:99:59:56:9a:d4:25:75:27:d3:
+         2e:85:ec:56:0d:99:1c:d1:54:54:96:7a:2d:04:15:8b:82:ab:
+         d7:56:54:6b:73:0d:ab:a0:0e:94:3b:92:e3:b4:43:d7:fa:c7:
+         2f:7c:57:5d
+-----BEGIN CERTIFICATE-----
+MIICuTCCAaGgAwIBAgIBBjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
+c3RDQTAeFw0xNzEyMTgyMzQyNTNaFw00NTA1MDUyMzQyNTNaMB4xHDAaBgNVBAMM
+E2xvY2FsaG9zdCwgTz1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCh/4tbP15/IXFxVKBT2oglxkIgNFejYuYdOgt1Ig6UTQfI3BX2SBW3yfKB
+xH4Lt6gsG6fs1YzTdaSzwmSYjRjHS5/LXgYhvvYDx+Dk/4V7B0Rx6o+xkFfTc/ES
+ozCq80juRYTTMrIcKCchEYNt/XZLEIO9AuRKgf27zCTByeeGGeA/UifktLPfaW1N
+DqwRg1sdYYWcnREFK1NkSOnPMcV8jF8f1/oRzxmlryYYQGTGKgMJMgmf3P5M9KBM
+e8FH19BBCycIqsBdcCd64UlUIf5uRdbCnxvwfwxr2qRMRBXTKwLbm+qZBToDLwtK
+99g4VTwxR78oKCdTaE3zf/JiW3rRAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZI
+hvcNAQELBQADggEBAHkBB6wOM65dr0dsbQp8IRZBY5/6D/zSprh0cktdp6vgQmzj
+UnxFIBLQmt5wLHUEFZ76SBrsowRdN5vrhOtC8gRTkNmEbJtJOjnlI0cuypIHS1sL
+afqmXWf35tqb8pMFI87krV3YeywdTw4tiNf0hnBq9ta9aPpga9AC8b08dwlMZs6V
+Vz/OlyqQRqny4Ytgy5V4XxBgZmJgiN78QkSe/bA8R88znuuP3aEUniPppETkNWVP
+IfQpa9UzIz5Ry23OgdAOapyxPFr8qW+N0Ipk8JlZVprUJXUn0y6F7FYNmRzRVFSW
+ei0EFYuCq9dWVGtzDaugDpQ7kuO0Q9f6xy98V10=
+-----END CERTIFICATE-----

data/spec/fixtures/testca/index.txt

@@ -1,2 +1,4 @@
 V	170510165759Z		01	unknown	/CN=localhost/O=server
 V	170510170001Z		02	unknown	/CN=localhost/O=client
+V	450505233839Z		05	unknown	/CN=localhost, O=client
+V	450505234253Z		06	unknown	/CN=localhost, O=server

data/spec/fixtures/testca/index.txt.old

@@ -1 +1,3 @@
 V	170510165759Z		01	unknown	/CN=localhost/O=server
+V	170510170001Z		02	unknown	/CN=localhost/O=client
+V	450505233839Z		05	unknown	/CN=localhost, O=client

data/spec/fixtures/testca/openssl.cnf

@@ -10,7 +10,7 @@ private_key = $dir/private/cakey.pem
 serial = $dir/serial
 
 default_crl_days = 7
-default_days = 365
+default_days = 10000
 default_md = sha256
 
 policy = testca_policy

data/spec/fixtures/testca/serial

@@ -1 +1 @@
-03
+07

data/spec/fixtures/testca/serial.old

@@ -1 +1 @@
-02
+06

metadata

@@ -1,21 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: logstash-mixin-rabbitmq_connection
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.1
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-08-02 00:00:00.000000000 Z
+date: 2017-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.0'
   name: march_hare
   prerelease: false
   type: :runtime
@@ -23,7 +23,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -80,7 +80,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
+description: This gem is a Logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
+  gem is not a stand-alone program
 email: info@elastic.co
 executables: []
 extensions: []
@@ -91,17 +93,22 @@ files:
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".gitignore"
 - ".travis.yml"
-- CHANGELOG
+- CHANGELOG.md
 - Gemfile
 - README.md
 - Rakefile
+- ci/build.sh
+- ci/setup.sh
 - lib/logstash/plugin_mixins/rabbitmq_connection.rb
 - logstash-mixin-rabbitmq_connection.gemspec
+- spec/fixtures/README.md
 - spec/fixtures/client/cert.pem
 - spec/fixtures/client/key.pem
 - spec/fixtures/client/keycert.p12
 - spec/fixtures/client/req.pem
-- spec/fixtures/password_for_files
+- spec/fixtures/client_untrusted/cert.pem
+- spec/fixtures/client_untrusted/key.pem
+- spec/fixtures/client_untrusted/keycert.p12
 - spec/fixtures/server/cert.pem
 - spec/fixtures/server/key.pem
 - spec/fixtures/server/key_password
@@ -112,6 +119,8 @@ files:
 - spec/fixtures/testca/cacert.pem
 - spec/fixtures/testca/certs/01.pem
 - spec/fixtures/testca/certs/02.pem
+- spec/fixtures/testca/certs/05.pem
+- spec/fixtures/testca/certs/06.pem
 - spec/fixtures/testca/index.txt
 - spec/fixtures/testca/index.txt.attr
 - spec/fixtures/testca/index.txt.attr.old
@@ -141,16 +150,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.13
 signing_key:
 specification_version: 4
 summary: Common functionality for RabbitMQ plugins
 test_files:
+- spec/fixtures/README.md
 - spec/fixtures/client/cert.pem
 - spec/fixtures/client/key.pem
 - spec/fixtures/client/keycert.p12
 - spec/fixtures/client/req.pem
-- spec/fixtures/password_for_files
+- spec/fixtures/client_untrusted/cert.pem
+- spec/fixtures/client_untrusted/key.pem
+- spec/fixtures/client_untrusted/keycert.p12
 - spec/fixtures/server/cert.pem
 - spec/fixtures/server/key.pem
 - spec/fixtures/server/key_password
@@ -161,6 +173,8 @@ test_files:
 - spec/fixtures/testca/cacert.pem
 - spec/fixtures/testca/certs/01.pem
 - spec/fixtures/testca/certs/02.pem
+- spec/fixtures/testca/certs/05.pem
+- spec/fixtures/testca/certs/06.pem
 - spec/fixtures/testca/index.txt
 - spec/fixtures/testca/index.txt.attr
 - spec/fixtures/testca/index.txt.attr.old

data/CHANGELOG

@@ -1,44 +0,0 @@
-* 5.0.0
-- Mark deprecated options `debug`, `tls_certificate_path` and `tls_certificate_password` as obsolete
-
-* 4.3.0
-- Bump march hare to 3.0.0
-* 4.2.2
-- Bump march hare to 2.22.0 to properly convert LongString to String
-* 4.2.1
-- Bump march_hare version to 2.20.0 to fix reconnection issues
-* 4.2.0
-- Include URL of server when logging errors
-- Add warning log when connection is severed
-* 4.1.3
-- Bump march_hare version to 2.19.0 to fix reconnection failures with
-  proxies. See
-  https://github.com/logstash-plugins/logstash-input-rabbitmq/issues/76 for
-  more info
-* 4.1.2
-  - Retry the connection attempt if there is an IO Exception.
-* 4.1.1
-  - Remove internal Logstash deps that were not necessary
-* 4.1.0
-  - Fix SSL option to be boolean once again
-  - Add separate ssl_version parameter
-  - Mark verify_ssl parameter as obsolete since it never worked
-  - Better checks for SSL argument consistency
-* 2.4.0
-  - Add SSL/TLS Support
-  - Add support for "x-consistent-hash" and "x-modulus-hash" exchanges
-* 2.3.1
-  - use logstash-core-plugin-api as dependency instead of logstash-core directly
-* 2.3.0
-  - Bump march_mare version to 2.15.0 to fix perms issue internal to march hare gem (.jar not installed with o+r perms)
-* 2.2.0
-  - Rollback the changes in 2.1.0 . prefetch_count only belongs in the input plugin
-* 2.1.0
-  - Add prefetch_count config option
-* 2.0.3
-  - Add heartbeat setting
-  - Add connect_timeout setting
-* 2.0.0
-  - Make LS2 compatible
-* 1.0.1
-  - Initial Release

data/spec/fixtures/password_for_files

@@ -1 +0,0 @@
-MySecretPassword