redis 3.2.2 → 3.3.0

data/test/distributed_internals_test.rb

@@ -72,7 +72,7 @@ class TestDistributedInternals < Test::Unit::TestCase
     nodes = ["redis://localhost:#{PORT}/15", "redis://localhost:#{PORT}/15", *NODES]
 
     assert_raise(RuntimeError) do
-      redis = Redis::Distributed.new nodes
+      Redis::Distributed.new nodes
     end
   end
 

data/test/lint/blocking_commands.rb

@@ -35,7 +35,7 @@ module Lint
         :brpoplpush => lambda do |*args|
           sleep options[:delay] if options.has_key?(:delay)
           to_protocol(args.last)
-        end,
+        end
       }
 
       redis_mock(commands, &blk)

data/test/lint/sorted_sets.rb

@@ -39,8 +39,8 @@ module Lint
         # INCR option
         assert_equal 1.0, r.zadd("foo", 1, "s1", :incr => true)
         assert_equal 11.0, r.zadd("foo", 10, "s1", :incr => true)
-        assert_equal -Infinity, r.zadd("bar", "-inf", "s1", :incr => true)
-        assert_equal +Infinity, r.zadd("bar", "+inf", "s2", :incr => true)
+        assert_equal(-Infinity, r.zadd("bar", "-inf", "s1", :incr => true))
+        assert_equal(+Infinity, r.zadd("bar", "+inf", "s2", :incr => true))
         r.del "foo", "bar"
 
         # Incompatible options combination
@@ -101,8 +101,8 @@ module Lint
         # INCR option
         assert_equal 1.0, r.zadd("foo", [1, "s1"], :incr => true)
         assert_equal 11.0, r.zadd("foo", [10, "s1"], :incr => true)
-        assert_equal -Infinity, r.zadd("bar", ["-inf", "s1"], :incr => true)
-        assert_equal +Infinity, r.zadd("bar", ["+inf", "s2"], :incr => true)
+        assert_equal(-Infinity, r.zadd("bar", ["-inf", "s1"], :incr => true))
+        assert_equal(+Infinity, r.zadd("bar", ["+inf", "s2"], :incr => true))
         assert_raise(Redis::CommandError) { r.zadd("foo", [1, "s1", 2, "s2"], :incr => true) }
         r.del "foo", "bar"
 

data/test/publish_subscribe_test.rb

@@ -251,4 +251,32 @@ class TestPublishSubscribe < Test::Unit::TestCase
       assert received
     end
   end
+
+  def test_subscribe_with_timeout
+    received = false
+
+    assert_raise Redis::TimeoutError do
+      r.subscribe_with_timeout(1, "foo")  do |on|
+        on.message do |channel, message|
+          received = true
+        end
+      end
+    end
+
+    assert !received
+  end
+
+  def test_psubscribe_with_timeout
+    received = false
+
+    assert_raise Redis::TimeoutError do
+      r.psubscribe_with_timeout(1, "f*")  do |on|
+        on.message do |channel, message|
+          received = true
+        end
+      end
+    end
+
+    assert !received
+  end
 end

data/test/ssl_test.rb

@@ -0,0 +1,66 @@
+# encoding: UTF-8
+
+if RUBY_VERSION >= "1.9.3"
+  require File.expand_path("helper", File.dirname(__FILE__))
+
+  class SslTest < Test::Unit::TestCase
+
+    include Helper::Client
+
+    driver(:ruby) do
+
+      def test_verified_ssl_connection
+        RedisMock.start({ :ping => proc { "+PONG" } }, ssl_server_opts("trusted")) do |port|
+          redis = Redis.new(:port => port, :ssl => true, :ssl_params => { :ca_file => ssl_ca_file })
+          assert_equal redis.ping, "PONG"
+        end
+      end
+
+      def test_unverified_ssl_connection
+        assert_raise(OpenSSL::SSL::SSLError) do
+          RedisMock.start({ :ping => proc { "+PONG" } }, ssl_server_opts("untrusted")) do |port|
+            redis = Redis.new(:port => port, :ssl => true, :ssl_params => { :ca_file => ssl_ca_file })
+            redis.ping
+          end
+        end
+      end
+
+    end
+
+    driver(:hiredis, :synchrony) do
+
+      def test_ssl_not_implemented_exception
+        assert_raise(NotImplementedError) do
+          RedisMock.start({ :ping => proc { "+PONG" } }, ssl_server_opts("trusted")) do |port|
+            redis = Redis.new(:port => port, :ssl => true, :ssl_params => { :ca_file => ssl_ca_file })
+            redis.ping
+          end
+        end
+      end
+
+    end
+
+    private
+
+    def ssl_server_opts(prefix)
+      ssl_cert = File.join(cert_path, "#{prefix}-cert.crt")
+      ssl_key  = File.join(cert_path, "#{prefix}-cert.key")
+
+      {
+        :ssl => true,
+        :ssl_params => {
+          :cert => OpenSSL::X509::Certificate.new(File.read(ssl_cert)),
+          :key  => OpenSSL::PKey::RSA.new(File.read(ssl_key))
+        }
+      }
+    end
+
+    def ssl_ca_file
+      File.join(cert_path, "trusted-ca.crt")
+    end
+
+    def cert_path
+      File.expand_path("../support/ssl/", __FILE__)
+    end
+  end
+end

data/test/support/redis_mock.rb

@@ -3,8 +3,19 @@ require "socket"
 module RedisMock
   class Server
     def initialize(options = {}, &block)
-      @server = TCPServer.new(options[:host] || "127.0.0.1", 0)
-      @server.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEADDR, true)
+      tcp_server = TCPServer.new(options[:host] || "127.0.0.1", 0)
+      tcp_server.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEADDR, true)
+
+      if options[:ssl]
+        ctx = OpenSSL::SSL::SSLContext.new
+
+        ssl_params = options.fetch(:ssl_params, {})
+        ctx.set_params(ssl_params) unless ssl_params.empty?
+
+        @server = OpenSSL::SSL::SSLServer.new(tcp_server, ctx)
+      else
+        @server = tcp_server
+      end
     end
 
     def port

data/test/support/ssl/gen_certs.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+get_subject() {
+  if [ "$1" = "trusted" ]
+  then
+    echo "/C=IT/ST=Sicily/L=Catania/O=Redis/OU=Security/CN=127.0.0.1"
+  else
+    echo "/C=XX/ST=Untrusted/L=Evilville/O=Evil Hacker/OU=Attack Department/CN=127.0.0.1"
+  fi
+}
+
+# Generate two CAs: one to be considered trusted, and one that's untrusted
+for type in trusted untrusted; do
+  rm -rf ./demoCA
+  mkdir -p ./demoCA
+  mkdir -p ./demoCA/certs
+  mkdir -p ./demoCA/crl
+  mkdir -p ./demoCA/newcerts
+  mkdir -p ./demoCA/private
+  touch ./demoCA/index.txt
+
+  openssl genrsa -out ${type}-ca.key 2048
+  openssl req -new -x509 -days 12500 -key ${type}-ca.key -out ${type}-ca.crt -subj "$(get_subject $type)"
+  openssl x509 -in ${type}-ca.crt -noout -next_serial -out ./demoCA/serial
+
+  openssl req -newkey rsa:2048 -keyout ${type}-cert.key -nodes -out ${type}-cert.req -subj "$(get_subject $type)"
+  openssl ca -days 12500 -cert ${type}-ca.crt -keyfile ${type}-ca.key -out ${type}-cert.crt -infiles ${type}-cert.req
+  rm ${type}-cert.req
+done
+
+rm -rf ./demoCA

data/test/support/ssl/trusted-ca.crt

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIJAM7kyjC89Qj/MA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNV
+BAYTAklUMQ8wDQYDVQQIEwZTaWNpbHkxEDAOBgNVBAcTB0NhdGFuaWExDjAMBgNV
+BAoTBVJlZGlzMREwDwYDVQQLEwhTZWN1cml0eTESMBAGA1UEAxMJMTI3LjAuMC4x
+MCAXDTE2MDQwMjAzMzQ0MVoYDzIwNTAwNjIzMDMzNDQxWjBnMQswCQYDVQQGEwJJ
+VDEPMA0GA1UECBMGU2ljaWx5MRAwDgYDVQQHEwdDYXRhbmlhMQ4wDAYDVQQKEwVS
+ZWRpczERMA8GA1UECxMIU2VjdXJpdHkxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeibFqEG38mtN9DSXy6NZdd7AjH
+4/D+VdDzlbJlI5IBACCV9p6P2j5PFlFvkHFE6vr6biMaLXNAmUHYfDzeT95LODHH
+t+8HlR51cNYrnt9B3eiVwEnJ7+axuDHg6nUgLXeKeog+vEqreZwLnFibxt2qpFze
+xzyKJ37Pm+iAey5glCc/v7ECYQ4sWVVV+ciC+sAwmZDfZXCBQtRRokJ6ikqQDwWV
+DugGcV46feTpu79OmkLLM8PI3E7ow2F/3iv67gmdlO5m9wX1ahWzJKUapBTxgf4X
+QG0s60WbC9iJIvgXRGW7wWSsqSVJkfLYllDTPgfpLyl1+FR3A4awrsPiMVUCAwEA
+AaOBzDCByTAdBgNVHQ4EFgQU+YG9kJR3Vy31d7QVyxRAYyKTK18wgZkGA1UdIwSB
+kTCBjoAU+YG9kJR3Vy31d7QVyxRAYyKTK1+ha6RpMGcxCzAJBgNVBAYTAklUMQ8w
+DQYDVQQIEwZTaWNpbHkxEDAOBgNVBAcTB0NhdGFuaWExDjAMBgNVBAoTBVJlZGlz
+MREwDwYDVQQLEwhTZWN1cml0eTESMBAGA1UEAxMJMTI3LjAuMC4xggkAzuTKMLz1
+CP8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeFKB7DUixmxbdvNw
+n/mNoHK+OOZXmfxZDCo0v2gcQ4WXUiCqL6MagrImCvkEz5RL6Fk2ZflEV2iGQ5Ds
+CmF2n47ISpqG29bfI5R1rcbfqK/5tazUIhQu12ThNmkEh7hCuW/0LqJrnmxpuRLy
+le9e3svCC96lwjFczzU/utWurKt7S7Di3C4P+AXAJJuszDMLMCBLaB/3j24cNpOx
+zzeZo02x4rpsD2+MMfRDWMWezVEyk63KnI0kt3JGnepsKCFc48ZOk09LwFk3Rfaq
+zuKSgEJJw1mfsdBfysM0HQw20yyjSdoTEfQq3bXctTNi+pEOgW6x7TMsnngYYLXV
+9XTrpg==
+-----END CERTIFICATE-----

data/test/support/ssl/trusted-ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAx6JsWoQbfya030NJfLo1l13sCMfj8P5V0POVsmUjkgEAIJX2
+no/aPk8WUW+QcUTq+vpuIxotc0CZQdh8PN5P3ks4Mce37weVHnVw1iue30Hd6JXA
+Scnv5rG4MeDqdSAtd4p6iD68Sqt5nAucWJvG3aqkXN7HPIonfs+b6IB7LmCUJz+/
+sQJhDixZVVX5yIL6wDCZkN9lcIFC1FGiQnqKSpAPBZUO6AZxXjp95Om7v06aQssz
+w8jcTujDYX/eK/ruCZ2U7mb3BfVqFbMkpRqkFPGB/hdAbSzrRZsL2Iki+BdEZbvB
+ZKypJUmR8tiWUNM+B+kvKXX4VHcDhrCuw+IxVQIDAQABAoIBAQCzbGHiQJXOA+XQ
+O9OSjHGaJ8n6Yl2VvaE3eZXzjj8X/Fo271GGVVgbZE10x8aUZxKim+3dEqwCx+52
+ZbHTqyMxcX2CEDRaWwBFLdxKQU467iIZ5m26ZAp/1v7rpXBT8KWsqQNT7L6ihdd4
+zl6orOlhVPsAlSGQYcL5kHJZ1w/fL0phEbwdISd3PYhGHXMNmqfXorzJYHDQA4R+
+yR7WpP1dmnUeEKrHc9FFcBZ75BGlWjdCPZMFKc7IndZumarhBpWH9yZMUxrUIo4V
+SCweRUFdD5H1lMZ0YiIAE25wKNEQ2iGd3Jfr8Vj1KFSHC9I2FJA3aFRRUgTwxx/W
+h0mJy1ZJAoGBAPYsSSlwQdxZjnyZiVkNSD4MoLdof//nRxeKGejq6AiXDvcsLyJy
+0MKk4YBFw2249TWm/KBbMAFiBE7d8uPtP5pPfjNVPX6VltH3AhSZ7Ugbpo6C3NFA
+GpzFVtNaWgCVDloDVdmsY7ssDFuAIih0paklPAqnLY+Ua9m1BiEPrB+bAoGBAM+a
+i+0NMR4AyKpuo1exdd+7BIHw5HNPwGmR1ggdGWduH0zsOhEawQKKFv1X9xKAcXxW
+PyeD56/Tmn7fkWvuE8dOu9E6em0vgmxhYyn4nyLAFYF5uKXYo78MpIEThdpl1ldT
+iHwG/25vunaBUHhwbHPUD+F989tmRuCjoFkuA5nPAoGAaqPIlcDhZvkMtoE0dHVC
+hE6oGIuWV17y9wmGK9YG6iG2A/EKAhxGvur6HL0b6Z4j6zgJW9Xkt9SkFR4kqAQQ
+d2JUQxx75SgcC5y7M/1yQrhnsHiT+7mPTbZW5HvRXUs0yl2DhSYeleiA+epJ4ciW
+Mu3EUsEVBYvAJLE8lHnbkF0CgYEAhyxpz3+3a4G3JsHDOWYjCfoLhVAEb9CNyC9c
+3QuVbvMVDlEBvgFdivm+3lZYWYOoYP0HQgNw59svzUxks5Hg7vUk9abN8CnvEgKX
+PszTUR0g450NzW6xr8PbmO/NR9bnKRUK2Tb1OkMldePdMY6CDykU7g3EqiZ+H+Zq
+kaaUUaECgYEAmk5W+S94q5jLemnfAChC5lva/0/aHdhtaoH4Lo+j0haMsdiy8/ZE
+sh+3gQ8pqwaCAwnKxAcppt/FNZ7tHRsH3oyY6biypn3WppQj+BA41nuzbspOKJhR
+ZDXKFCItbzUjyi23Dx4P4DgMivkpV+e88RMIuBnv4yjl5iOLq+vf4Rg=
+-----END RSA PRIVATE KEY-----

data/test/support/ssl/trusted-cert.crt

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14908262977180600576 (0xcee4ca30bcf50900)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=IT, ST=Sicily, L=Catania, O=Redis, OU=Security, CN=127.0.0.1
+        Validity
+            Not Before: Apr  2 03:34:42 2016 GMT
+            Not After : Jun 23 03:34:42 2050 GMT
+        Subject: C=IT, ST=Sicily, O=Redis, OU=Security, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ab:bf:ac:ef:dc:99:35:fa:07:3f:d5:33:86:f1:
+                    7d:9e:57:8b:d5:c1:10:04:0c:35:95:7c:61:ff:05:
+                    a6:f9:ef:71:5c:c5:83:68:a2:ad:5d:0f:a5:2b:b4:
+                    76:9f:36:8f:df:75:fb:d6:48:00:c0:f0:68:56:f6:
+                    49:84:4d:4e:e1:ca:dd:24:9f:2f:5e:7c:35:26:57:
+                    d6:d5:95:d1:3f:40:32:22:43:2c:8c:b7:8c:89:56:
+                    7c:d0:94:e5:f7:cf:4a:51:3f:60:b2:fe:1f:3b:38:
+                    d6:47:5d:2e:4f:38:75:d9:9b:c8:0f:d1:fd:91:5a:
+                    07:c3:94:95:1f:7b:f1:ae:dc:a1:83:e2:6b:78:05:
+                    34:b3:8b:87:86:31:9f:cc:8b:15:cd:18:2e:06:36:
+                    ca:f8:29:f8:6e:93:60:78:ec:8a:e8:a6:94:ad:24:
+                    a8:e3:d4:ac:42:da:52:0f:34:e8:d0:10:e5:53:db:
+                    f8:3a:56:48:10:33:df:80:70:1c:72:5e:1f:c3:11:
+                    bb:3b:b9:6b:0a:e0:82:eb:67:d4:8f:5c:30:d3:cf:
+                    17:6d:86:01:0e:ae:43:c1:d8:c0:5e:99:ef:fa:60:
+                    0a:f2:62:68:62:8b:05:f3:8b:b1:34:d8:70:78:35:
+                    74:76:c2:46:13:a3:1f:5d:7b:3b:49:20:1e:98:54:
+                    63:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                81:DE:C0:39:F9:8A:57:50:DB:B1:6A:B3:D0:5F:E9:2C:87:5A:1E:3D
+            X509v3 Authority Key Identifier: 
+                keyid:F9:81:BD:90:94:77:57:2D:F5:77:B4:15:CB:14:40:63:22:93:2B:5F
+
+    Signature Algorithm: sha1WithRSAEncryption
+         a3:0a:d7:22:5a:bc:cc:f6:ed:2f:f2:9f:dd:e0:46:02:73:14:
+         dd:a7:f5:39:b9:16:19:16:36:b6:22:5c:66:14:c0:d3:ac:55:
+         fc:52:2d:c3:b2:70:5f:cf:3d:23:71:78:e9:31:88:65:2c:2e:
+         4a:09:6e:4b:97:bb:4d:38:87:d8:25:ed:bb:ed:62:19:08:50:
+         f2:40:cc:39:ee:f9:a8:3a:5d:2b:e7:34:eb:8a:74:c7:c9:bc:
+         88:9b:9b:ca:5b:11:20:ca:53:b2:0b:20:49:fc:b9:f7:ec:03:
+         c9:5d:c1:24:75:27:f8:7c:70:dc:6a:2c:98:48:93:5f:7f:7e:
+         94:a1:cf:79:b3:24:e3:de:9e:f0:0f:d8:d6:3e:c9:52:30:31:
+         87:90:c2:d2:23:be:d8:7a:e9:e6:bb:4b:00:75:30:49:4b:98:
+         d5:f6:7d:b5:83:b5:57:85:20:98:00:51:55:c3:a2:81:ec:6c:
+         11:91:33:60:14:7b:d2:01:ee:5b:bf:5b:68:f5:e0:4e:45:0a:
+         68:cd:33:4f:29:72:fa:fe:6a:19:b6:84:70:90:a4:d5:7a:04:
+         2e:da:5b:98:4f:e4:aa:a6:c4:68:aa:5c:8c:a5:5e:df:20:94:
+         22:f7:37:45:71:a4:bc:72:34:ee:42:cf:9d:0f:fb:4a:39:d1:
+         8e:41:f3:3f
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIJAM7kyjC89QkAMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
+BAYTAklUMQ8wDQYDVQQIEwZTaWNpbHkxEDAOBgNVBAcTB0NhdGFuaWExDjAMBgNV
+BAoTBVJlZGlzMREwDwYDVQQLEwhTZWN1cml0eTESMBAGA1UEAxMJMTI3LjAuMC4x
+MCAXDTE2MDQwMjAzMzQ0MloYDzIwNTAwNjIzMDMzNDQyWjBVMQswCQYDVQQGEwJJ
+VDEPMA0GA1UECBMGU2ljaWx5MQ4wDAYDVQQKEwVSZWRpczERMA8GA1UECxMIU2Vj
+dXJpdHkxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKu/rO/cmTX6Bz/VM4bxfZ5Xi9XBEAQMNZV8Yf8FpvnvcVzFg2ii
+rV0PpSu0dp82j991+9ZIAMDwaFb2SYRNTuHK3SSfL158NSZX1tWV0T9AMiJDLIy3
+jIlWfNCU5ffPSlE/YLL+Hzs41kddLk84ddmbyA/R/ZFaB8OUlR978a7coYPia3gF
+NLOLh4Yxn8yLFc0YLgY2yvgp+G6TYHjsiuimlK0kqOPUrELaUg806NAQ5VPb+DpW
+SBAz34BwHHJeH8MRuzu5awrggutn1I9cMNPPF22GAQ6uQ8HYwF6Z7/pgCvJiaGKL
+BfOLsTTYcHg1dHbCRhOjH117O0kgHphUY3cCAwEAAaN7MHkwCQYDVR0TBAIwADAs
+BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFIHewDn5ildQ27Fqs9Bf6SyHWh49MB8GA1UdIwQYMBaAFPmBvZCUd1ct
+9Xe0FcsUQGMikytfMA0GCSqGSIb3DQEBBQUAA4IBAQCjCtciWrzM9u0v8p/d4EYC
+cxTdp/U5uRYZFja2IlxmFMDTrFX8Ui3DsnBfzz0jcXjpMYhlLC5KCW5Ll7tNOIfY
+Je277WIZCFDyQMw57vmoOl0r5zTrinTHybyIm5vKWxEgylOyCyBJ/Ln37APJXcEk
+dSf4fHDcaiyYSJNff36Uoc95syTj3p7wD9jWPslSMDGHkMLSI77Yeunmu0sAdTBJ
+S5jV9n21g7VXhSCYAFFVw6KB7GwRkTNgFHvSAe5bv1to9eBORQpozTNPKXL6/moZ
+toRwkKTVegQu2luYT+SqpsRoqlyMpV7fIJQi9zdFcaS8cjTuQs+dD/tKOdGOQfM/
+-----END CERTIFICATE-----

data/test/support/ssl/trusted-cert.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrv6zv3Jk1+gc/
+1TOG8X2eV4vVwRAEDDWVfGH/Bab573FcxYNooq1dD6UrtHafNo/fdfvWSADA8GhW
+9kmETU7hyt0kny9efDUmV9bVldE/QDIiQyyMt4yJVnzQlOX3z0pRP2Cy/h87ONZH
+XS5POHXZm8gP0f2RWgfDlJUfe/Gu3KGD4mt4BTSzi4eGMZ/MixXNGC4GNsr4Kfhu
+k2B47IroppStJKjj1KxC2lIPNOjQEOVT2/g6VkgQM9+AcBxyXh/DEbs7uWsK4ILr
+Z9SPXDDTzxdthgEOrkPB2MBeme/6YAryYmhiiwXzi7E02HB4NXR2wkYTox9deztJ
+IB6YVGN3AgMBAAECggEASmOxIgtoiQqMzUcpFE/Q2x6MQL9okng/VUoUoALwudzO
+OyKJsm6TrHU0U2PM5VUap+1QcRWqzebTKqduXFGn0wCtHEmemMwvsTXmpYhIo57I
+mDKEP0bZJjtBwI5dtSIhzGMpHR4YpOwPU8W2YzXPRbvFwaRwsd5O8pWOqZ5jphrQ
+DtkLNz4hIFsMihPeYFpuAjsZ2cMIGPtlY2qbfjyno7hd7LxNzL/2vMlDw5MHHtw4
+snxLN92KomC6rSUUydNDyemyMpg8iRwm7gmYzVoZf6aTbI2RdFcv2KZfpUWYdB+I
+yU8ZV1Sch7VQ+xLVy74SuY8AZ2Rq4S3M+EmEa5ghoQKBgQDfgOIyStulfYn6UC1A
+OYwcGoSOaVNfPE/m9BZN58xK0+XnEqQECMsyg/GYS65Zri4+KJYPxqv6f9ljLTGE
+0PxiA7wq+QWnv4EM+3aGShxwyVlmgJZyyBfJtAMr1iDm4JsidTT5GMdfxRICPGZY
+WVggcz/cVu39OxRrumREuTWAzwKBgQDEuGheZv68cYt5EkzOWxeFQyt1bzXn1CJg
+IXnIFZIekJhVGpBG+zMAYri9+hSheiDrwfIcSfTq9LxF6JNUvaU4qMrkwvW21jKs
+n7ofcA+VYq2mggoIuuvKVqXemLHorC0U/zCMnM6rycaa9sB5tsF+Js93uvf1TEJt
+veV0yCeM2QKBgF1M0iAoe7SDyXuCyMEMxN5ee4NvmGwjIz/IGR+Aahm6hziE4Y8F
+lL2LsujefvPU8FzmWG5Rgy1Y/YiXLxrAmvrXkE9oEOJL4TVoK7w3Z9P1Waqedy+H
+M9bxnHlKNAXtMRWbU/fATko+XBwu1pJ/CXjSY5A5gbO6W/X0ozLFFf6lAoGABRZ7
+5I0nY3pQUCZQBDpI5nJxSk1BCKjs5q2W97zPFalJt1HDj4JptEXZX1h7dh2xgkd2
+2pJzGiyQPgKg5N0uy8NZ1AbS0hLCJsLOzodYb9Wohhjw537mIEqTaalrWIgzdkqP
+V+OqWLkUQOfG3J8EbB3W2dLlHNwHD82MhLO0iikCgYEAvdK5LmpUdZXMVtiOMZO5
+t3M0vwi6vPhW7DV1QET51x/U+SyH4rvZGeqRl+gcKrZ8SreOlyICvsPgVmvLCrHE
+gJLPWJIzI8Mg6u91/KpiVmRahnJjOn3oHNuLSqFjn9lIhmA5dN7zQDXzPdYrWPNR
+u1QX+JLhlP33ejgdkdLsNiM=
+-----END PRIVATE KEY-----

data/test/support/ssl/untrusted-ca.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIJAIgFm03l5AJkMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
+BAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxEjAQBgNVBAcTCUV2aWx2aWxsZTEU
+MBIGA1UEChMLRXZpbCBIYWNrZXIxGjAYBgNVBAsTEUF0dGFjayBEZXBhcnRtZW50
+MRIwEAYDVQQDEwkxMjcuMC4wLjEwIBcNMTYwNDAyMDMzNDUxWhgPMjA1MDA2MjMw
+MzM0NTFaMHsxCzAJBgNVBAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxEjAQBgNV
+BAcTCUV2aWx2aWxsZTEUMBIGA1UEChMLRXZpbCBIYWNrZXIxGjAYBgNVBAsTEUF0
+dGFjayBEZXBhcnRtZW50MRIwEAYDVQQDEwkxMjcuMC4wLjEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCtXxcEGUrGqAqlBK94B8IwSkB8OnLYC/c/6Tde
+WG46pzmZWZvffi0akcKKubRNcfoavOuqLuNnpQDkIlnJ37K/LZk8Q5+aMoUGBiQ2
+jSN1707sFqH3eTFvXOUzlDEcsBa7Y7RuaI8SXg1UGsnnCcj6H3BW2xKcXPN6/s30
+vhNw2CPqtXm4NOD3Zb5FkB9epAEejRg0OPn5DJ3mESVp/H2EqkptMZ+6cOk2/CMc
+e8AAfcxBGwKuOMXNODszTNxN+OuGCHOxx8+vR/eV35tonISwbkmO9WI6DC+pWT2s
+PvDhuQtqsrVofCP/pireb5Ce/7bP/FsZcNSMMfV5dponcYrrAgMBAAGjgeAwgd0w
+HQYDVR0OBBYEFLeDNvKpJKmuyPsamax2AZTijdkwMIGtBgNVHSMEgaUwgaKAFLeD
+NvKpJKmuyPsamax2AZTijdkwoX+kfTB7MQswCQYDVQQGEwJYWDESMBAGA1UECBMJ
+VW50cnVzdGVkMRIwEAYDVQQHEwlFdmlsdmlsbGUxFDASBgNVBAoTC0V2aWwgSGFj
+a2VyMRowGAYDVQQLExFBdHRhY2sgRGVwYXJ0bWVudDESMBAGA1UEAxMJMTI3LjAu
+MC4xggkAiAWbTeXkAmQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA
+FWYTrxi/h7PYIpp09QsbDiGdC7gmp04HTx82NvBaUFaLk8ygz4DUz5u7QyTDdAga
+yWviHghuyZ6vv5Ubaj7XLOzLM6rYsQjkVq5ltwP+9V/U/b5jOHvZdYqdatVXUXxR
+SO+e3QYiMpM4Vs/NNXhpUp6apD7VcoB2LgK3vGDJ526PBJjgw24311t8O7kDTwkt
+AwX56/KTolMI+k9rT8Ee6aucT6gBNf0judhNkPVo+6CYgjmEVRrN/xaFCUNSpv5E
+O6uIcxSSX6a5iOZ/EH+GyHb6kDmztn/Hes+UN9+gMuAK7+LgsD2mYbxn9Pnaerrs
+2nER8XurylLxi0GLvNWNdQ==
+-----END CERTIFICATE-----

data/test/support/ssl/untrusted-ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArV8XBBlKxqgKpQSveAfCMEpAfDpy2Av3P+k3XlhuOqc5mVmb
+334tGpHCirm0TXH6Grzrqi7jZ6UA5CJZyd+yvy2ZPEOfmjKFBgYkNo0jde9O7Bah
+93kxb1zlM5QxHLAWu2O0bmiPEl4NVBrJ5wnI+h9wVtsSnFzzev7N9L4TcNgj6rV5
+uDTg92W+RZAfXqQBHo0YNDj5+Qyd5hElafx9hKpKbTGfunDpNvwjHHvAAH3MQRsC
+rjjFzTg7M0zcTfjrhghzscfPr0f3ld+baJyEsG5JjvViOgwvqVk9rD7w4bkLarK1
+aHwj/6Yq3m+Qnv+2z/xbGXDUjDH1eXaaJ3GK6wIDAQABAoIBAQCeC0QxAVlwNTnW
+6qmGsxPr75RPavzMREQ1p8VIpTZ/E3hneg+lMiGtydhdnCJoQxGrFDOFJU86aWmh
+jkrpw5nvu4KoNEEnUQyAzFJwxELiPLBmec9WiM1u5nEujtYif8eJNcACsiBSrxhZ
+Zj5N9laW5NgE5ZpWnkl7AxL/G9MfFvifr9KtyDcs+wnYD6ffz/bRwS54veMccj/q
+SkVQRL7FM4NJczG0TTp+LT/1R3s8YVv9GHnJ6K7Gol3E0PbFS1HztDuMVonhWiac
+9Rjt7w0rNgeH6ZbCMXrUd+8I8amazA78p1ky0Mh8d6UUVFU1jjtyxlgDh06IPsnE
++exeAClxAoGBAOMZ7LEFr3VcFwym7RvgckeQhd6Rmz8Bh7kGfB9pDsHFprGJ0rm4
+XgNETJXOky5wUCPZmMBN1iAU/ehyyXqPykXiKjAQLxQNHR9/Z6P58PsHs2Uw8VZa
+XdZwlBME5+/yl5DiirO5rCt804DdCQgSu7denudwWbbtzAsodSKj5zEJAoGBAMNu
+21hZnsvhtZlvQVHZ4sQttrv9e5VpWWHkDPRN3sdLZPfK/+3L0BmUrGotgNWpTZwR
+8YvKRT2Xn1unzpKlkHtIVuHU7khOj+tYHLIx3rezVanw9QzbIANMel6STlUr3jwX
+fjnibgkJixxHTOBs8/zm219Q1sNTos9GUOAZQb1TAoGALwGFsVpo59TI3JCMkXGS
+led/HgNra84oRo7mECZRrJ/5kdPiLxjPNMPlSji41CrhG5qFeIBj6r4NlBh2RY0P
+pAldDBe9dtwEBCn9zL4GOB9u7WoE+ge4VpN0wr8INu0ynAWYCf1LerDaolid7vLZ
+sem+4E6r8yYjTsfv/tyIFOkCgYEAlCZobxxZLbNn5+2X9cWXiyIgYXgyBDy9fmDT
+lSum0yuLWfDwfELB+XJkFYVzIgVbCRHtKwxl2uAi9OdLyI1r7pkTC9VP4U50+XJt
+JoR5koaHTPGVwm4mYXnLVf/RE+3SZXllvdmxknZCl2hRldviRfh3mlT8yUuQo1Jp
+oshitnMCgYAXTQLA7B5YLmhCG8HRM/h/xM55ObdDX1SIWUbk3p1uxak1W0abfvpi
+FPBy2riOdSDA6Uv7V8y1j4tENGVMyyMsEpFdLDX4Lkbh9niOoPeHCWdO0boPk0Fw
+aPXtT7gdTPWJulKOxtLuGqBjZZ77TO49uqWlEMaerulWyjhRm8zzvA==
+-----END RSA PRIVATE KEY-----

data/test/support/ssl/untrusted-cert.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9801410922913464933 (0x88059b4de5e40265)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=XX, ST=Untrusted, L=Evilville, O=Evil Hacker, OU=Attack Department, CN=127.0.0.1
+        Validity
+            Not Before: Apr  2 03:34:51 2016 GMT
+            Not After : Jun 23 03:34:51 2050 GMT
+        Subject: C=XX, ST=Untrusted, O=Evil Hacker, OU=Attack Department, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:9a:73:e7:45:fc:d3:b5:4a:bd:bd:ad:30:e5:24:
+                    74:38:01:89:8f:a9:90:bf:3c:4a:bf:d1:f1:5e:db:
+                    c8:aa:26:59:e6:ec:b3:a0:0f:4d:74:59:dd:c9:27:
+                    2f:e1:48:7d:30:d9:59:06:2f:29:f0:d1:25:33:79:
+                    5f:58:9d:d7:54:c8:a7:aa:1a:84:00:a2:85:63:32:
+                    cc:ef:73:7d:b0:26:c6:95:f1:86:16:68:38:63:57:
+                    09:0d:6f:6a:70:e8:75:3b:72:b4:b1:4d:01:0e:01:
+                    0e:bf:bf:6a:8c:88:fe:0d:cb:88:43:1b:da:ed:0c:
+                    88:25:33:f7:b9:b1:fc:32:b8:94:c9:20:7c:ac:49:
+                    e4:c1:58:93:69:0e:41:e3:df:96:e3:47:11:14:8c:
+                    e4:4b:b6:56:df:6f:5e:d2:48:dc:a1:8a:98:cc:4b:
+                    02:89:95:ea:f6:de:a5:3a:9c:06:7c:f0:7c:09:6f:
+                    27:11:f2:b1:1b:47:6b:a3:ea:d6:ee:a1:65:91:84:
+                    cf:2e:81:d3:55:4a:e8:01:4e:72:41:ac:92:e0:7d:
+                    7c:fe:85:f0:2e:f1:ee:4a:80:f9:4e:5a:b4:95:6c:
+                    bb:fe:ff:46:58:4a:7b:fc:a0:63:59:5d:01:5b:63:
+                    06:5c:94:83:30:27:81:f0:1a:13:89:5a:5a:a2:e2:
+                    0f:eb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                1B:71:91:99:43:12:0F:D3:59:FC:00:EF:99:F3:42:CF:41:FD:40:1D
+            X509v3 Authority Key Identifier: 
+                keyid:B7:83:36:F2:A9:24:A9:AE:C8:FB:1A:99:AC:76:01:94:E2:8D:D9:30
+
+    Signature Algorithm: sha1WithRSAEncryption
+         a4:cd:88:c3:19:b7:cd:7e:7a:e7:85:1f:fb:3e:31:0b:ff:9d:
+         6f:b1:a2:72:56:4a:b1:ec:6c:f3:99:bd:65:08:0a:e9:47:1d:
+         79:55:5b:29:b1:d4:85:69:85:65:3f:30:37:a1:0e:76:d2:1f:
+         b0:76:2a:23:75:c9:05:a4:89:cf:c1:68:42:16:46:d6:c9:a8:
+         e5:06:5b:52:45:d4:41:5d:f3:c7:00:d1:ca:cc:3e:4c:63:e6:
+         7a:fe:ce:20:a4:df:e3:7c:e3:75:6e:f7:18:84:1c:9b:56:ce:
+         55:fb:04:b9:de:11:6e:7d:5d:47:de:a9:ed:3e:79:48:a5:4f:
+         32:d5:96:8d:ea:e2:a6:8a:c2:e9:f5:b0:8d:da:ef:71:96:60:
+         b0:7e:c3:3d:e9:37:91:27:bf:ae:5c:e8:c0:9a:6f:c8:38:62:
+         90:d0:49:c1:7f:28:13:da:29:bb:5b:d1:72:6f:23:7c:a0:87:
+         44:96:47:53:0e:0d:1d:74:d9:26:6b:b3:01:24:9c:5e:c8:f4:
+         11:fe:35:14:6c:ec:e7:42:5f:32:56:f0:9d:8d:11:02:21:07:
+         cc:ce:7b:f0:e9:bc:83:c8:93:b0:8c:a7:e9:b1:c2:12:6b:30:
+         2b:75:dc:61:b8:d4:87:6b:07:2d:75:b0:7a:18:6e:19:7f:04:
+         78:c6:c7:b7
+-----BEGIN CERTIFICATE-----
+MIID4jCCAsqgAwIBAgIJAIgFm03l5AJlMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+BAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxEjAQBgNVBAcTCUV2aWx2aWxsZTEU
+MBIGA1UEChMLRXZpbCBIYWNrZXIxGjAYBgNVBAsTEUF0dGFjayBEZXBhcnRtZW50
+MRIwEAYDVQQDEwkxMjcuMC4wLjEwIBcNMTYwNDAyMDMzNDUxWhgPMjA1MDA2MjMw
+MzM0NTFaMGcxCzAJBgNVBAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxFDASBgNV
+BAoTC0V2aWwgSGFja2VyMRowGAYDVQQLExFBdHRhY2sgRGVwYXJ0bWVudDESMBAG
+A1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+mnPnRfzTtUq9va0w5SR0OAGJj6mQvzxKv9HxXtvIqiZZ5uyzoA9NdFndyScv4Uh9
+MNlZBi8p8NElM3lfWJ3XVMinqhqEAKKFYzLM73N9sCbGlfGGFmg4Y1cJDW9qcOh1
+O3K0sU0BDgEOv79qjIj+DcuIQxva7QyIJTP3ubH8MriUySB8rEnkwViTaQ5B49+W
+40cRFIzkS7ZW329e0kjcoYqYzEsCiZXq9t6lOpwGfPB8CW8nEfKxG0dro+rW7qFl
+kYTPLoHTVUroAU5yQayS4H18/oXwLvHuSoD5Tlq0lWy7/v9GWEp7/KBjWV0BW2MG
+XJSDMCeB8BoTiVpaouIP6wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
+DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUG3GR
+mUMSD9NZ/ADvmfNCz0H9QB0wHwYDVR0jBBgwFoAUt4M28qkkqa7I+xqZrHYBlOKN
+2TAwDQYJKoZIhvcNAQEFBQADggEBAKTNiMMZt81+eueFH/s+MQv/nW+xonJWSrHs
+bPOZvWUICulHHXlVWymx1IVphWU/MDehDnbSH7B2KiN1yQWkic/BaEIWRtbJqOUG
+W1JF1EFd88cA0crMPkxj5nr+ziCk3+N843Vu9xiEHJtWzlX7BLneEW59XUfeqe0+
+eUilTzLVlo3q4qaKwun1sI3a73GWYLB+wz3pN5Env65c6MCab8g4YpDQScF/KBPa
+Kbtb0XJvI3ygh0SWR1MODR102SZrswEknF7I9BH+NRRs7OdCXzJW8J2NEQIhB8zO
+e/DpvIPIk7CMp+mxwhJrMCt13GG41IdrBy11sHoYbhl/BHjGx7c=
+-----END CERTIFICATE-----