refactor: support TLS private key of RSA format and add the full test certificates generation (#885)

chore: add the full certificate generation

Signed-off-by: zyy17 <zyylsxm@gmail.com>

Signed-off-by: zyy17 <zyylsxm@gmail.com>

src/servers/src/tls.rs

@@ -16,7 +16,7 @@ use std::fs::File;
 use std::io::{BufReader, Error, ErrorKind};
 
 use rustls::{Certificate, PrivateKey, ServerConfig};
-use rustls_pemfile::{certs, pkcs8_private_keys};
+use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
 use serde::{Deserialize, Serialize};
 use strum::EnumString;
 
@@ -80,11 +80,21 @@ impl TlsOption {
             .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid cert"))
             .map(|mut certs| certs.drain(..).map(Certificate).collect())?;
 
-        // TODO(SSebo): support more private key types
-        let key = pkcs8_private_keys(&mut BufReader::new(File::open(&self.key_path)?))
-            .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))
-            .map(|mut keys| keys.drain(..).map(PrivateKey).next())?
-            .ok_or_else(|| Error::new(ErrorKind::InvalidInput, "invalid key"))?;
+        let key = {
+            let mut pkcs8 = pkcs8_private_keys(&mut BufReader::new(File::open(&self.key_path)?))
+                .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))?;
+            if !pkcs8.is_empty() {
+                PrivateKey(pkcs8.remove(0))
+            } else {
+                let mut rsa = rsa_private_keys(&mut BufReader::new(File::open(&self.key_path)?))
+                    .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))?;
+                if !rsa.is_empty() {
+                    PrivateKey(rsa.remove(0))
+                } else {
+                    return Err(Error::new(ErrorKind::InvalidInput, "invalid key"));
+                }
+            }
+        };
 
         // TODO(SSebo): with_client_cert_verifier if TlsMode is Required.
         let config = ServerConfig::builder()

src/servers/tests/mysql/mysql_server_test.rs

@@ -183,40 +183,29 @@ async fn test_query_all_datatypes() -> Result<()> {
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_server_prefer_secure_client_plain() -> Result<()> {
-    let server_tls = TlsOption {
-        mode: servers::tls::TlsMode::Prefer,
-        cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
-    };
-
-    let client_tls = false;
-    do_test_query_all_datatypes(server_tls, client_tls).await?;
+    do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Prefer, false, false)
+        .await?;
     Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_server_prefer_secure_client_secure() -> Result<()> {
-    let server_tls = TlsOption {
-        mode: servers::tls::TlsMode::Prefer,
-        cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
-    };
-
-    let client_tls = true;
-    do_test_query_all_datatypes(server_tls, client_tls).await?;
+async fn test_server_prefer_secure_client_plain_with_pkcs8_priv_key() -> Result<()> {
+    do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Prefer, false, true)
+        .await?;
     Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
 async fn test_server_require_secure_client_secure() -> Result<()> {
-    let server_tls = TlsOption {
-        mode: servers::tls::TlsMode::Require,
-        cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
-    };
+    do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Require, true, false)
+        .await?;
+    Ok(())
+}
 
-    let client_tls = true;
-    do_test_query_all_datatypes(server_tls, client_tls).await?;
+#[tokio::test(flavor = "multi_thread", worker_threads = 4)]
+async fn test_server_require_secure_client_secure_with_pkcs8_priv_key() -> Result<()> {
+    do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Require, true, true)
+        .await?;
     Ok(())
 }
 
@@ -225,7 +214,38 @@ async fn test_server_required_secure_client_plain() -> Result<()> {
     let server_tls = TlsOption {
         mode: servers::tls::TlsMode::Require,
         cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
+        key_path: "tests/ssl/server-rsa.key".to_owned(),
+    };
+
+    let client_tls = false;
+
+    #[allow(unused)]
+    let TestingData {
+        column_schemas,
+        mysql_columns_def,
+        columns,
+        mysql_text_output_rows,
+    } = all_datatype_testing_data();
+    let schema = Arc::new(Schema::new(column_schemas.clone()));
+    let recordbatch = RecordBatch::new(schema, columns).unwrap();
+    let table = MemTable::new("all_datatypes", recordbatch);
+
+    let mysql_server = create_mysql_server(table, server_tls)?;
+
+    let listening = "127.0.0.1:0".parse::<SocketAddr>().unwrap();
+    let server_addr = mysql_server.start(listening).await.unwrap();
+
+    let r = create_connection(server_addr.port(), None, client_tls).await;
+    assert!(r.is_err());
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_server_required_secure_client_plain_with_pkcs8_priv_key() -> Result<()> {
+    let server_tls = TlsOption {
+        mode: servers::tls::TlsMode::Require,
+        cert_path: "tests/ssl/server.crt".to_owned(),
+        key_path: "tests/ssl/server-pkcs8.key".to_owned(),
     };
 
     let client_tls = false;
@@ -393,3 +413,23 @@ async fn create_connection(
 
     mysql_async::Conn::new(opts).await
 }
+
+async fn do_test_query_all_datatypes_with_secure_server(
+    server_tls_mode: servers::tls::TlsMode,
+    client_tls: bool,
+    is_pkcs8_priv_key: bool,
+) -> Result<()> {
+    let server_tls = TlsOption {
+        mode: server_tls_mode,
+        cert_path: "tests/ssl/server.crt".to_owned(),
+        key_path: {
+            if is_pkcs8_priv_key {
+                "tests/ssl/server-pkcs8.key".to_owned()
+            } else {
+                "tests/ssl/server-rsa.key".to_owned()
+            }
+        },
+    };
+
+    do_test_query_all_datatypes(server_tls, client_tls).await
+}

src/servers/tests/postgres/mod.rs

@@ -235,15 +235,28 @@ async fn test_query_pg_concurrently() -> Result<()> {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_server_secure_prefer_client_plain() -> Result<()> {
     common_telemetry::init_default_ut_logging();
+    do_simple_query_with_secure_server(servers::tls::TlsMode::Prefer, false, false).await?;
+    Ok(())
+}
 
-    let server_tls = TlsOption {
-        mode: servers::tls::TlsMode::Prefer,
-        cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
-    };
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_server_secure_prefer_client_plain_with_pkcs8_priv_key() -> Result<()> {
+    common_telemetry::init_default_ut_logging();
+    do_simple_query_with_secure_server(servers::tls::TlsMode::Prefer, false, true).await?;
+    Ok(())
+}
 
-    let client_tls = false;
-    do_simple_query(server_tls, client_tls).await?;
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_server_secure_require_client_secure() -> Result<()> {
+    common_telemetry::init_default_ut_logging();
+    do_simple_query_with_secure_server(servers::tls::TlsMode::Require, true, false).await?;
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_server_secure_require_client_secure_with_pkcs8_priv_key() -> Result<()> {
+    common_telemetry::init_default_ut_logging();
+    do_simple_query_with_secure_server(servers::tls::TlsMode::Require, true, true).await?;
     Ok(())
 }
 
@@ -254,7 +267,7 @@ async fn test_server_secure_require_client_plain() -> Result<()> {
     let server_tls = TlsOption {
         mode: servers::tls::TlsMode::Require,
         cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
+        key_path: "tests/ssl/server-rsa.key".to_owned(),
     };
     let server_port = start_test_server(server_tls).await?;
     let r = create_plain_connection(server_port, false).await;
@@ -263,17 +276,17 @@ async fn test_server_secure_require_client_plain() -> Result<()> {
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_server_secure_require_client_secure() -> Result<()> {
+async fn test_server_secure_require_client_plain_with_pkcs8_priv_key() -> Result<()> {
     common_telemetry::init_default_ut_logging();
 
     let server_tls = TlsOption {
         mode: servers::tls::TlsMode::Require,
         cert_path: "tests/ssl/server.crt".to_owned(),
-        key_path: "tests/ssl/server.key".to_owned(),
+        key_path: "tests/ssl/server-pkcs8.key".to_owned(),
     };
-
-    let client_tls = true;
-    do_simple_query(server_tls, client_tls).await?;
+    let server_port = start_test_server(server_tls).await?;
+    let r = create_plain_connection(server_port, false).await;
+    assert!(r.is_err());
     Ok(())
 }
 
@@ -434,3 +447,23 @@ impl ServerCertVerifier for AcceptAllVerifier {
         Ok(ServerCertVerified::assertion())
     }
 }
+
+async fn do_simple_query_with_secure_server(
+    server_tls_mode: servers::tls::TlsMode,
+    client_tls: bool,
+    is_pkcs8_priv_key: bool,
+) -> Result<()> {
+    let server_tls = TlsOption {
+        mode: server_tls_mode,
+        cert_path: "tests/ssl/server.crt".to_owned(),
+        key_path: {
+            if is_pkcs8_priv_key {
+                "tests/ssl/server-pkcs8.key".to_owned()
+            } else {
+                "tests/ssl/server-rsa.key".to_owned()
+            }
+        },
+    };
+
+    do_simple_query(server_tls, client_tls).await
+}

src/servers/tests/ssl/cert.conf

@@ -0,0 +1,10 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.greptime.com
+DNS.2 = *.greptime.cloud
+DNS.3 = localhost
+IP.1 = 127.0.0.1

src/servers/tests/ssl/csr.conf

@@ -0,0 +1,23 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[ dn ]
+C = CN
+ST = Hangzhou
+L = Hangzhou
+O = Greptime
+OU = Greptime Developer
+CN = greptime.com
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = *.greptime.com
+DNS.2 = *.greptime.cloud
+DNS.3 = localhost
+IP.1 = 127.0.0.1

src/servers/tests/ssl/gen-certs.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# Create the self-signed CA certificate.
+openssl req -x509 \
+            -sha256 -days 356 \
+            -nodes \
+            -newkey rsa:2048 \
+            -subj "/CN=greptime-ca" \
+            -keyout root-ca.key -out root-ca.crt
+
+# Create the server private key.
+openssl genrsa -out server-rsa.key 2048
+
+# Create the server certificate signing request.
+openssl req -new -key server-rsa.key -out server.csr -config csr.conf
+
+# Create the server certificate.
+openssl x509 -req \
+    -in server.csr \
+    -CA root-ca.crt -CAkey root-ca.key \
+    -CAcreateserial -out server.crt \
+    -days 365 \
+    -sha256 -extfile cert.conf
+
+# Create private key of pkcs8 format from rsa key.
+openssl pkcs8 -topk8 -inform PEM -in ./server-rsa.key -outform pem -nocrypt -out server-pkcs8.key

src/servers/tests/ssl/root-ca.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqDCCAZACCQC7+cxd19y8qjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtn
+cmVwdGltZS1jYTAeFw0yMzAxMTYxMzQ5MzVaFw0yNDAxMDcxMzQ5MzVaMBYxFDAS
+BgNVBAMMC2dyZXB0aW1lLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwzdEpod7Br06SU41onxvspu1WdYIxx0Zybfv4YeaTbtmIAmSaZON237La1P2
+V72S5lcbH+ImuyJwQkGVy1KZBw4waDbc4pfICX2Sm/UoWCwzegITcBzwYW2Exz4C
+skPH09ZU8uHOF4VubJzZwtC3Tx27VUwj+F88/xOD4Ws4btXAPZ+/1Y0CZ8nv5Yjb
+t2r+A2B+6YSrifojdKFttTqM8Y8WXRHqhb+YeO9MdxSiqPAWInmwy1sOOXNATVwC
+k/BFEfpsjqajCy/NNS9NWUcdvDNAz/zRywJDHzwMk+b5KXzvUkNZuf/ZTXl5jL+d
+zzgRmlYKwJylNILH2NsHyERcVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCi+0Uf
+Qd+h2kKo6nm38/RAk6+5sINUzYStoq1C/pNjrYYYz/zVMn4OjBhk5/VtKArSHtEq
+YrZL8X6bXqy9e7gNlrwZ4eVxmiCsif5gQt2/jdFrT7hrTRYdax7tEj6yf9XBgjHv
+/XZ0TLflbhOhNhy9KA0OyRxmNh9SAcT46psNN+t9S18tLORAHuhE2R95C13P7GHa
+HauFFRoG16Wgp1kXXLcrU+mPeJ/+ybWm4OSkyn0ye0wO9XUPfLOLZePTCTeu7xFG
+CwXAD1oGR6ZaglZm+guuTR38qG34pPXGcSzLCsBUuTeiMu5amAMOwMIjAbnnH1qe
+AtvukomW0uRXHUMw
+-----END CERTIFICATE-----

src/servers/tests/ssl/root-ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDN0Smh3sGvTpJ
+TjWifG+ym7VZ1gjHHRnJt+/hh5pNu2YgCZJpk43bfstrU/ZXvZLmVxsf4ia7InBC
+QZXLUpkHDjBoNtzil8gJfZKb9ShYLDN6AhNwHPBhbYTHPgKyQ8fT1lTy4c4XhW5s
+nNnC0LdPHbtVTCP4Xzz/E4Phazhu1cA9n7/VjQJnye/liNu3av4DYH7phKuJ+iN0
+oW21OozxjxZdEeqFv5h470x3FKKo8BYiebDLWw45c0BNXAKT8EUR+myOpqMLL801
+L01ZRx28M0DP/NHLAkMfPAyT5vkpfO9SQ1m5/9lNeXmMv53POBGaVgrAnKU0gsfY
+2wfIRFxXAgMBAAECggEAU1LSzZXEUEMSjtmAESO19XF6vaaaxopISI5nKEdd+FHF
+rGUJhmDByu9a2ivTWO4EtqZ1YG2CBJwVeGJQEqHlyVooFUNdkqYgbtSXcFP67W+o
+ZSpfq5nejGdXpkd0lSxTLbstNSJmeims0VU9qWa252EUZbsDG29jNKjawKuoQb3h
+J/e2RHoAoYcV1G+C/xcryBsKCUppLf0OwDjvsL3XNJq+EI6hViwho0VOIjggwfRn
+4DRPnN+lQA0tVVdhyV4+aUv32nPt9/Ss5WpqFRR0+pL1nnd022MkXZXm5796B/8W
+YKIxRvRWw1fSufsjc9Q8Hzx42k+tBh5UwF4+XGUEwQKBgQDz9Jb23zPkRHKm196K
+U5MQ6Td77TnL2bAuOsjWl8DuBlPoUMi1sH9e30J4q6RWWdjBR0VJKMaYWtvaDRGE
+CjchQ82HDtfD9T0ee3nDBjP7kzKgGpJ/giQ5/Jg/ZUyQOB/YGw5w7cc+j+gJc3iK
+/tznXXD85pTqq6vn/wJBzKd2oQKBgQDM2qXfGTareMZGEK6m4SfpvbF4mZQOM/YM
+bEP6F/FOlNJLpExWVHkoy0vJ0IZMhyAZr2AmyzFWYZ8L9LW5LyrCkFWASXVPKIUe
+tF7xS3JKxml1YXUES6GSofb6BPNLB+KEz0G0SLcHQ5kpSOnSso+kJKMpQ1DBiZYn
+qGZ4qeKH9wKBgF47lXDI6P98nRjre6/M9prqqx74lIG0lcRVuqyBs+l9kj3DrrPX
++GtKLB/2lSUx0XNfN1k6IfRJ7HB+6cwqMf9sdGB+EERGX5R9t5vosn2z7zM+8GXG
+fH3Vn22lkHyI4WwVj295uaPl7IhyDRcLuYK5amKWIuG+7ElSDKokBm/hAoGBAJXb
+JRgtU6bgdPrwXTNK5m3BDMCSaJJzRH0V/ixHs4iuqaAYEpfct7016r05w+TbvInN
+l2MJpY/xXe3bF8zeSkOGXmW4Vw6PL8KkZAfUD0nQF3l8z6NSyGGCBjAjyu6KWBSb
+oQ8HWoz/0F05L4OoiBeljY4z5jGOOr/MGxoN/N9FAoGAIApQmghUZ9+EtqfQcuCe
+KZ8t5ckQYHMvZbgn2sZkZfHtThbkYIRi/E5+2yb9CkY3sBL6OpvYzx3qKLJ7iso/
+RSCEvQEj+bdM9QDBCzznC7zdhRGFEYQ3MLjAXSag41HnsxdF5IXKrHlYvb0Rp/lZ
+l/TLwp65NEuQ4KMFQOVL5Eo=
+-----END PRIVATE KEY-----

src/servers/tests/ssl/root-ca.srl

@@ -0,0 +1 @@
+EE4175C4833353A6

src/servers/tests/ssl/server-pkcs8.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNuWUJloRnDJc4
+UvdOqF+YtFdIXn2MPvhzyBdEEqr+vY9nGNnBjBoOhSu6/2yojJpQhFlw8r68p02Q
+SKO6ENHrxeZdgs0hQKAFUZBULgF3O3XHWkQ+6P9ajZw8impeYl4cOjFCzYGBXoP1
+r1wnpWRDtvmq8U2lISky9HflcTJz0wqnW/qqzhLLV/i7tik0ShoWeCdr9CpKK95C
+vyG1NKsOogM3yc5iIkc/zZX82sZ1o8Fsv4oJIpbrePIowZp93T1Vo5iOSSTEzuBY
+DVZhaVkSVLWZtemPOqJs2htKVyIEyTpPsA7ulKhN8mEmbiJyP9Ri+pBkZvjRR3vy
+0nH/B5c9AgMBAAECggEBAJ6ysdqfnivQbqcoeVbYVEZ8eAh/u+IAgbDvXeNJc1dn
+68PgS7se1Mr2uDFc8Plk3XXXYxfaaoElnpP7NTJH32g+FeN1D8DjFY6EyQ3nH4JX
+ABh07ciJ/NJiA3BAZqXAxFCKI44g8hJWUv2n9TMwRxRlhlv0Ia2M0zdXl1YL6Jun
+guUi4B9vTSbD1xDxBHRuB8VRNidIocBhT2rLmpiMougRoc2hBoVM7wSNDracpD9a
+DL3Rm7Ujv0CwbJbTUPxQuaaRNnkIS6TDqsZvj76n2E35aEOIk+116Fl0nRYZ7LHk
+PywnbzLhzVMOQsneiDkEWW7tz735nPNdSIPe96mEeYECgYEA9X9292NW6KR6YpKS
++4IG/TqedKjmwdFPOaEyPj3NoXurVZlM4U+Urgc6M7Lw2m8qM7lcw11Xzhbijz29
+ntjQeMNAOZH0W9/jGjsgkpelO6jF34QRNw2/Cfxl3+nQL14kZjID/7Gw9kyCZa2S
+ChJWluudDHZPpS9PybgtvaoRztUCgYEA1oZaldnpDeLN9ftm17UgMUdl8enta6rQ
+nN95YEu3gyjtWf2ry3pxTQ44/ZqcrRLRj1y+iu0D5qSqkuz14vntzwGxoVQz3gjq
+zdHEkXv9ZpA3M+uMt+dLUbZ9ebpNIGhLf+oxCQxk+v/cEpo2cO5HaZCGiblXQZSr
+S7vuov3IaskCgYEAzYKMxn+ka0/1G7tzy5OH4khGCYay1aEwXx/v/WajUwFB5oBU
+eXCzGBP4xvqO4WyZuX78hpcHQACsXBjlOapqqg1ZIFhsZNTBOl4w4EaODak1K+1U
+s++P8v4VEiKbImv+sIZCDrRjXWui5Rct37yGPAS1DY+lELTQaB8EO3e5PJkCgYBh
+uOY+6PsvJigoa5NXo9y8VgfsgWFz8GYDcBF8ekFocBZfLh06HdbLATWY4PuKI85u
+fhMWeg2S3WQOdf80nCFmcSEXmqHd/TXo+CuREmhGdl+POTfq9mPrHzRdZS6JGrl5
+1ZbsxkahyDfaCYHPQ9woDHwc9N74st6tKzjz6qOHcQKBgQCP6HeweuBLkCsZfaAv
+MUDw1r6MFAosjvAUO+kKtxBSHkxehUwVuhDN/t/nmO2ddetRoQbIDvpTg/3R2obO
+vJOiC+FxV8LX+WA8IaTHpv/5Qjl/FDyjGFHWkN+gY+xQ+BTJsR5MPCq9m6ai+ihF
+1ynlhxQGWqh6cjuGhdSXYZ6WJg==
+-----END PRIVATE KEY-----

src/servers/tests/ssl/server-rsa.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzbllCZaEZwyXOFL3TqhfmLRXSF59jD74c8gXRBKq/r2PZxjZ
+wYwaDoUruv9sqIyaUIRZcPK+vKdNkEijuhDR68XmXYLNIUCgBVGQVC4Bdzt1x1pE
+Puj/Wo2cPIpqXmJeHDoxQs2BgV6D9a9cJ6VkQ7b5qvFNpSEpMvR35XEyc9MKp1v6
+qs4Sy1f4u7YpNEoaFngna/QqSiveQr8htTSrDqIDN8nOYiJHP82V/NrGdaPBbL+K
+CSKW63jyKMGafd09VaOYjkkkxM7gWA1WYWlZElS1mbXpjzqibNobSlciBMk6T7AO
+7pSoTfJhJm4icj/UYvqQZGb40Ud78tJx/weXPQIDAQABAoIBAQCesrHan54r0G6n
+KHlW2FRGfHgIf7viAIGw713jSXNXZ+vD4Eu7HtTK9rgxXPD5ZN1112MX2mqBJZ6T
++zUyR99oPhXjdQ/A4xWOhMkN5x+CVwAYdO3IifzSYgNwQGalwMRQiiOOIPISVlL9
+p/UzMEcUZYZb9CGtjNM3V5dWC+ibp4LlIuAfb00mw9cQ8QR0bgfFUTYnSKHAYU9q
+y5qYjKLoEaHNoQaFTO8EjQ62nKQ/Wgy90Zu1I79AsGyW01D8ULmmkTZ5CEukw6rG
+b4++p9hN+WhDiJPtdehZdJ0WGeyx5D8sJ28y4c1TDkLJ3og5BFlu7c+9+ZzzXUiD
+3vephHmBAoGBAPV/dvdjVuikemKSkvuCBv06nnSo5sHRTzmhMj49zaF7q1WZTOFP
+lK4HOjOy8NpvKjO5XMNdV84W4o89vZ7Y0HjDQDmR9Fvf4xo7IJKXpTuoxd+EETcN
+vwn8Zd/p0C9eJGYyA/+xsPZMgmWtkgoSVpbrnQx2T6UvT8m4Lb2qEc7VAoGBANaG
+WpXZ6Q3izfX7Zte1IDFHZfHp7Wuq0JzfeWBLt4Mo7Vn9q8t6cU0OOP2anK0S0Y9c
+vortA+akqpLs9eL57c8BsaFUM94I6s3RxJF7/WaQNzPrjLfnS1G2fXm6TSBoS3/q
+MQkMZPr/3BKaNnDuR2mQhom5V0GUq0u77qL9yGrJAoGBAM2CjMZ/pGtP9Ru7c8uT
+h+JIRgmGstWhMF8f7/1mo1MBQeaAVHlwsxgT+Mb6juFsmbl+/IaXB0AArFwY5Tmq
+aqoNWSBYbGTUwTpeMOBGjg2pNSvtVLPvj/L+FRIimyJr/rCGQg60Y11rouUXLd+8
+hjwEtQ2PpRC00GgfBDt3uTyZAoGAYbjmPuj7LyYoKGuTV6PcvFYH7IFhc/BmA3AR
+fHpBaHAWXy4dOh3WywE1mOD7iiPObn4TFnoNkt1kDnX/NJwhZnEhF5qh3f016Pgr
+kRJoRnZfjzk36vZj6x80XWUuiRq5edWW7MZGocg32gmBz0PcKAx8HPTe+LLerSs4
+8+qjh3ECgYEAj+h3sHrgS5ArGX2gLzFA8Na+jBQKLI7wFDvpCrcQUh5MXoVMFboQ
+zf7f55jtnXXrUaEGyA76U4P90dqGzryTogvhcVfC1/lgPCGkx6b/+UI5fxQ8oxhR
+1pDfoGPsUPgUybEeTDwqvZumovooRdcp5YcUBlqoenI7hoXUl2GeliY=
+-----END RSA PRIVATE KEY-----

src/servers/tests/ssl/server.crt

@@ -1,77 +1,22 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            1e:a1:44:88:27:3d:5c:c8:ff:ef:06:2e:da:21:05:29:30:a5:ce:2c
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN = localhost
-        Validity
-            Not Before: Oct 11 07:36:01 2022 GMT
-            Not After : Oct  8 07:36:01 2032 GMT
-        Subject: CN = localhost
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
-                Modulus:
-                    00:d5:b0:29:38:63:13:5e:1e:1d:ae:1f:47:88:b4:
-                    44:96:21:d8:d7:03:a3:d8:f9:03:2f:4e:79:66:e6:
-                    db:19:55:1d:85:9b:f1:78:2d:87:f3:72:91:13:dc:
-                    ff:00:cb:ab:fd:a1:c8:3a:56:26:e3:88:1d:ec:98:
-                    4a:af:eb:f9:60:80:27:e1:06:ba:c0:0d:c3:09:0e:
-                    fe:d8:86:1e:25:b4:04:62:a5:75:46:8e:11:e8:61:
-                    59:aa:97:17:ea:c7:4c:c6:13:8c:6d:54:2a:b9:78:
-                    86:54:a9:6f:d6:31:96:c6:41:76:a3:c7:67:40:6f:
-                    f2:1a:4c:0d:77:05:bb:3d:0b:16:f8:c7:de:6c:de:
-                    7b:2e:b6:29:85:4b:a8:36:d3:f2:84:75:e0:85:17:
-                    ce:22:84:4b:94:02:17:8a:36:2b:13:ee:2f:aa:55:
-                    6b:ff:8b:df:d3:e0:23:8d:fd:c3:f8:e2:c8:a7:d5:
-                    76:a6:73:7d:a8:5f:6a:49:02:78:a2:c5:66:14:ee:
-                    86:50:3b:d1:67:7f:1b:0c:27:0d:84:ec:44:0d:39:
-                    08:ba:69:65:e0:35:a4:67:aa:19:e7:fe:0e:4b:9f:
-                    23:1e:4e:38:ed:d7:93:57:6e:94:31:05:d3:ae:f7:
-                    6c:01:3c:30:69:19:f4:7b:b5:48:95:71:c9:9c:30:
-                    43:9d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                8E:81:0B:60:B1:F9:7D:D8:64:91:BB:30:86:E5:3D:CD:B7:82:D8:31
-            X509v3 Authority Key Identifier: 
-                keyid:8E:81:0B:60:B1:F9:7D:D8:64:91:BB:30:86:E5:3D:CD:B7:82:D8:31
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         6c:ae:ee:3e:e3:d4:5d:29:37:62:b0:32:ce:a4:36:c7:25:b4:
-         6a:9f:ba:b4:f0:2f:0a:96:2f:dc:6d:df:7d:92:e7:f0:ee:f7:
-         de:44:9d:52:36:ff:0c:98:ef:8b:7f:27:df:6e:fe:64:11:7c:
-         01:5d:7f:c8:73:a3:24:24:ba:81:fd:a8:ae:28:4f:93:bb:92:
-         ff:86:d6:48:a2:ca:a5:1f:ea:1c:0d:02:22:e8:71:23:27:22:
-         4f:0f:37:58:9a:d9:fd:70:c5:4c:93:7d:47:1c:b6:ea:1b:4f:
-         4e:7c:eb:9d:9a:d3:28:78:67:27:e9:b1:ea:f6:93:68:76:e5:
-         2e:52:c6:29:91:ba:0a:96:2e:14:33:69:35:d7:b5:e0:c0:ef:
-         05:77:09:9b:a1:cc:7b:b2:f0:6a:cb:5c:5f:a1:27:69:b0:2c:
-         6e:93:eb:37:98:cd:97:8d:9e:78:a8:f5:99:12:66:86:48:cf:
-         b2:e0:68:6f:77:98:06:13:24:55:d1:c3:80:1d:59:53:1f:44:
-         85:bc:5d:29:aa:2a:a1:06:17:6b:e7:2b:11:0b:fd:e3:f8:88:
-         89:32:57:a3:70:f7:1b:6c:c1:66:c7:3c:a4:2d:e8:5f:00:1c:
-         55:2f:72:ed:d4:3a:3f:d0:95:de:6c:a4:96:6e:b4:63:0e:80:
-         08:b2:25:d5
 -----BEGIN CERTIFICATE-----
-MIIDCTCCAfGgAwIBAgIUHqFEiCc9XMj/7wYu2iEFKTClziwwDQYJKoZIhvcNAQEL
-BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMTAxMTA3MzYwMVoXDTMyMTAw
-ODA3MzYwMVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA1bApOGMTXh4drh9HiLREliHY1wOj2PkDL055ZubbGVUd
-hZvxeC2H83KRE9z/AMur/aHIOlYm44gd7JhKr+v5YIAn4Qa6wA3DCQ7+2IYeJbQE
-YqV1Ro4R6GFZqpcX6sdMxhOMbVQquXiGVKlv1jGWxkF2o8dnQG/yGkwNdwW7PQsW
-+MfebN57LrYphUuoNtPyhHXghRfOIoRLlAIXijYrE+4vqlVr/4vf0+Ajjf3D+OLI
-p9V2pnN9qF9qSQJ4osVmFO6GUDvRZ38bDCcNhOxEDTkIumll4DWkZ6oZ5/4OS58j
-Hk447deTV26UMQXTrvdsATwwaRn0e7VIlXHJnDBDnQIDAQABo1MwUTAdBgNVHQ4E
-FgQUjoELYLH5fdhkkbswhuU9zbeC2DEwHwYDVR0jBBgwFoAUjoELYLH5fdhkkbsw
-huU9zbeC2DEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAbK7u
-PuPUXSk3YrAyzqQ2xyW0ap+6tPAvCpYv3G3ffZLn8O733kSdUjb/DJjvi38n327+
-ZBF8AV1/yHOjJCS6gf2orihPk7uS/4bWSKLKpR/qHA0CIuhxIyciTw83WJrZ/XDF
-TJN9Rxy26htPTnzrnZrTKHhnJ+mx6vaTaHblLlLGKZG6CpYuFDNpNde14MDvBXcJ
-m6HMe7LwastcX6EnabAsbpPrN5jNl42eeKj1mRJmhkjPsuBob3eYBhMkVdHDgB1Z
-Ux9EhbxdKaoqoQYXa+crEQv94/iIiTJXo3D3G2zBZsc8pC3oXwAcVS9y7dQ6P9CV
-3myklm60Yw6ACLIl1Q==
+MIIDnzCCAoegAwIBAgIJAO5BdcSDM1OmMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC2dyZXB0aW1lLWNhMB4XDTIzMDExNjEzNDkzNVoXDTI0MDExNjEzNDkzNVow
+ejELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhhbmd6aG91MREwDwYDVQQHDAhIYW5n
+emhvdTERMA8GA1UECgwIR3JlcHRpbWUxGzAZBgNVBAsMEkdyZXB0aW1lIERldmVs
+b3BlcjEVMBMGA1UEAwwMZ3JlcHRpbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAzbllCZaEZwyXOFL3TqhfmLRXSF59jD74c8gXRBKq/r2PZxjZ
+wYwaDoUruv9sqIyaUIRZcPK+vKdNkEijuhDR68XmXYLNIUCgBVGQVC4Bdzt1x1pE
+Puj/Wo2cPIpqXmJeHDoxQs2BgV6D9a9cJ6VkQ7b5qvFNpSEpMvR35XEyc9MKp1v6
+qs4Sy1f4u7YpNEoaFngna/QqSiveQr8htTSrDqIDN8nOYiJHP82V/NrGdaPBbL+K
+CSKW63jyKMGafd09VaOYjkkkxM7gWA1WYWlZElS1mbXpjzqibNobSlciBMk6T7AO
+7pSoTfJhJm4icj/UYvqQZGb40Ud78tJx/weXPQIDAQABo4GLMIGIMDAGA1UdIwQp
+MCehGqQYMBYxFDASBgNVBAMMC2dyZXB0aW1lLWNhggkAu/nMXdfcvKowCQYDVR0T
+BAIwADALBgNVHQ8EBAMCBPAwPAYDVR0RBDUwM4IOKi5ncmVwdGltZS5jb22CECou
+Z3JlcHRpbWUuY2xvdWSCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOC
+AQEAXiy7KEFEuxsWzEkY59C2TMPjtUL3vrceExyvsguZDZ2DeGSraq5CWH9f6vD8
+fjJhehSYFC7Y0YZlJOo9b0kh7yAvN5T6US0+wzFOr8RMVmCWJhVAiC3weT5YyDMK
+V3dfJZtCej/E0Vd5tAR+lArV/FqTsoMR4k9g+8IXwlJVzQ4eX1GAIOEocAHmw/Et
+HIQlUAZZTXBWMFDWl9Z+Ro0jPjNS5cvqZxBV27NoIM/3Y5PoqTQ7NSw1CTqLjZoR
+J30GrrF3oXtIqgNAPUefCdwa+QJ9Td4n6NvFsNVl6tIodCN10wjqwWpAnadePYmx
+tPqVZk/RXHRBC5Z3jsH5jmnLBw==
 -----END CERTIFICATE-----

src/servers/tests/ssl/server.csr

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDDjCCAfYCAQAwejELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhhbmd6aG91MREw
+DwYDVQQHDAhIYW5nemhvdTERMA8GA1UECgwIR3JlcHRpbWUxGzAZBgNVBAsMEkdy
+ZXB0aW1lIERldmVsb3BlcjEVMBMGA1UEAwwMZ3JlcHRpbWUuY29tMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbllCZaEZwyXOFL3TqhfmLRXSF59jD74
+c8gXRBKq/r2PZxjZwYwaDoUruv9sqIyaUIRZcPK+vKdNkEijuhDR68XmXYLNIUCg
+BVGQVC4Bdzt1x1pEPuj/Wo2cPIpqXmJeHDoxQs2BgV6D9a9cJ6VkQ7b5qvFNpSEp
+MvR35XEyc9MKp1v6qs4Sy1f4u7YpNEoaFngna/QqSiveQr8htTSrDqIDN8nOYiJH
+P82V/NrGdaPBbL+KCSKW63jyKMGafd09VaOYjkkkxM7gWA1WYWlZElS1mbXpjzqi
+bNobSlciBMk6T7AO7pSoTfJhJm4icj/UYvqQZGb40Ud78tJx/weXPQIDAQABoE8w
+TQYJKoZIhvcNAQkOMUAwPjA8BgNVHREENTAzgg4qLmdyZXB0aW1lLmNvbYIQKi5n
+cmVwdGltZS5jbG91ZIIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IB
+AQAEL6seksdR8Y2BBuyglesooQmZ7gslbMFz6SAf116c6pg7Jmfm4s+X9bNkIR1F
+hJenBoFFVLYTcIOQsmyS8xbEd9Mu39VkCT6vZwE1hUq3SC2z6r5/CflMY12EjWmn
+DpNEY7GtyB6jFXmeIMsI+BLt57QuDnA8uP9/dGMO0bb43RVucLwqoaBZPfeO6KYz
+kXcQUCzdXzYmRC3FDmfST+LbAC6ZAh7orFQR7RxjgQcVk0cLGqrgNkq/E8BLDumH
+c1TeHjMVy2EmM+rMXa7bF12SoZjaBcH/o0O8HjelY1SSqJ4hvzMRH6EiVEdxYU3I
+zs5tbOAAnMKrJ6PKkzNDA0vq
+-----END CERTIFICATE REQUEST-----

src/servers/tests/ssl/server.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDVsCk4YxNeHh2u
-H0eItESWIdjXA6PY+QMvTnlm5tsZVR2Fm/F4LYfzcpET3P8Ay6v9ocg6VibjiB3s
-mEqv6/lggCfhBrrADcMJDv7Yhh4ltARipXVGjhHoYVmqlxfqx0zGE4xtVCq5eIZU
-qW/WMZbGQXajx2dAb/IaTA13Bbs9Cxb4x95s3nsutimFS6g20/KEdeCFF84ihEuU
-AheKNisT7i+qVWv/i9/T4CON/cP44sin1Xamc32oX2pJAniixWYU7oZQO9FnfxsM
-Jw2E7EQNOQi6aWXgNaRnqhnn/g5LnyMeTjjt15NXbpQxBdOu92wBPDBpGfR7tUiV
-ccmcMEOdAgMBAAECggEBAMMCIJv0zpf1o+Bja0S2PmFEQj72c3Buzxk85E2kIA7e
-PjLQPW0PICJrSzp1U8HGHQ85tSCHvrWmYqin0oD5OHt4eOxC1+qspHB/3tJ6ksiV
-n+rmVEAvJuiK7ulfOdRoTQf2jxC23saj1vMsLYOrfY0v8LVGJFQJ1UdqYF9eO6FX
-8i6eQekV0n8u+DMUysYXfePDXEwpunKrlZwZtThgBY31gAIOdNo/FOAFe1yBJdPl
-rUFZes1IrE0c4CNxodajuRNCjtNWoX8TK1cXQVUpPprdFLBcYG2P9mPZ7SkZWJc7
-rkyPX6Wkb7q3laUCBxuKL1iOJIwaVBYaKfv4HS7VuYECgYEA9H7VB8+whWx2cTFb
-9oYbcaU3HtbKRh6KQP8eB4IWeKV/c/ceWVAxtU9Hx2QU1zZ2fLl+KkaOGeECNNqD
-BP1O5qk2qmkjJcP4kzh1K+p7zkqAkrhHqB36y/gwptB8v7JbCchQq9cnBeYsXNIa
-j13KvteprRSnanKu18d2aC43cNMCgYEA3746ITtqy1g6AQ0Q/MXN/axsXixKfVjf
-kgN/lpjy6oeoEIWKqiNrOQpwy4NeBo6ZN+cwjUUr9SY/BKsZqMGErO8Xuu+QtJYD
-ioW/My9rTrTElbpsLpSvZDLc9IRepV4k+5PpXTIRBqp7Q3BZnTjbRMc8x/owG23G
-eXnfVKlWM88CgYEA5HBQuMCrzK3/qFkW9Kpun+tfKfhD++nzATGcrCU2u7jd8cr1
-1zsfhqkxhrIS6tYfNP/XSsarZLCgcCOuAQ5wFwIJaoVbaqDE80Dv8X1f+eoQYYW+
-peyE9OjLBEGOHUoW13gLL9ORyWg7EOraGBPpKBC2n1nJ5qKKjF/4WPS9pjMCgYEA
-3UuUyxGtivn0RN3bk2dBWkmT1YERG/EvD4gORbF5caZDADRU9fqaLoy5C1EfSnT3
-7mbnipKD67CsW72vX04oH7NLUUVpZnOJhRTMC6A3Dl2UolMEdP3yi7QS/nV99ymq
-gnnFMrw2QtWTnRweRnbZyKkW4OP/eOGWkMeNsHrcG9kCgYEAz/09cKumk349AIXV
-g6Jw64gCTjWh157wnD3ZSPPEcr/09/fZwf1W0gkY/tbCVrVPJHWb3K5t2nRXjLlz
-HMnQXmcMxMlY3Ufvm2H3ov1ODPKwpcBWUZqnpFTZX7rC58lO/wvgiKpgtHA3pDdw
-oYDaaozVP4EnnByxhmHaM7ce07U=
------END PRIVATE KEY-----