Merge pull request #7824 from gyuho/certs

*: test expired certs in client

clientv3/integration/dial_test.go

@@ -23,9 +23,49 @@ import (
 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
 	"github.com/coreos/etcd/integration"
 	"github.com/coreos/etcd/pkg/testutil"
+	"github.com/coreos/etcd/pkg/transport"
+
 	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+)
+
+var (
+	testTLSInfo = transport.TLSInfo{
+		KeyFile:        "../../integration/fixtures/server.key.insecure",
+		CertFile:       "../../integration/fixtures/server.crt",
+		TrustedCAFile:  "../../integration/fixtures/ca.crt",
+		ClientCertAuth: true,
+	}
+
+	testTLSInfoExpired = transport.TLSInfo{
+		KeyFile:        "../../integration/fixtures-expired/server-key.pem",
+		CertFile:       "../../integration/fixtures-expired/server.pem",
+		TrustedCAFile:  "../../integration/fixtures-expired/etcd-root-ca.pem",
+		ClientCertAuth: true,
+	}
 )
 
+// TestDialTLSExpired tests client with expired certs fails to dial.
+func TestDialTLSExpired(t *testing.T) {
+	defer testutil.AfterTest(t)
+	clus := integration.NewClusterV3(t, &integration.ClusterConfig{Size: 1, PeerTLS: &testTLSInfo, ClientTLS: &testTLSInfo})
+	defer clus.Terminate(t)
+
+	tls, err := testTLSInfoExpired.ClientConfig()
+	if err != nil {
+		t.Fatal(err)
+	}
+	// expect remote errors 'tls: bad certificate'
+	_, err = clientv3.New(clientv3.Config{
+		Endpoints:   []string{clus.Members[0].GRPCAddr()},
+		DialTimeout: 3 * time.Second,
+		TLS:         tls,
+	})
+	if err != grpc.ErrClientConnTimeout {
+		t.Fatalf("expected %v, got %v", grpc.ErrClientConnTimeout, err)
+	}
+}
+
 // TestDialSetEndpoints ensures SetEndpoints can replace unavailable endpoints with available ones.
 func TestDialSetEndpointsBeforeFail(t *testing.T) {
 	testDialSetEndpoints(t, true)

integration/fixtures-expired/README

@@ -0,0 +1,5 @@
+To generate bad certs
+
+1. Manually set system time back to past
+2. Run ./gencerts.sh
+

integration/fixtures-expired/etcd-root-ca-key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAn/3pG4N9sLWucz5yPVmAuPCuh5tvHs2wRWsBnrTM9qqIpCjR
+7rNJzZSy3bAMxX+u1JXUK/Nt3lT87zrIkkC4En74avJSxt+cQlSs54sHFsRo/Idl
+b/6b/dEeS4bko7xlymzX5WDSZJ9Aj69wNZx73TGsHiZDBnQziyE1lPPs38qYcJtc
+kZKGgsTwJ0e1gvBE+k8KdhTSBX1jYPiycOpibajEERa6dMNZHIJRElJAQejgFDzE
+VRLCZBddT0kwVx1ttqYCtYDGlqg2Th2J5n1GAddQLffz8/8ZOuJsCYYgA+8LY55f
+x7H392msdTWnaLVW3VYE9j5lf69/pJlVThP46kjuwtX9hfEkoLRjXBF98TibnQXQ
+E+LVUNv3ezR/W+lntJOxg7Pka+5OjG/S9Kgj/QOA4nAkoPeQ/NXosBX8d/Z8qHi3
+f5YRtmT5NLwAgaSBg2lty8B20o9a63prwhEOmk++ENh8UmexUJ+Amy8lGyB/0fRC
+2YFnC5sJJETjDjyrPrWJA8760Eq0TffRYYgcKyJJtioduyPncLxGY7CkT/tsh6oy
+IY+RndKOfHdD67yqLZyuwdz/LsaxABELEbbFekE6mlQ/OclZzce5m8+bDZ4W3nRt
+S/GygXhWNj6XxKyk8RQNB6p2a5gRIxEAadHuUJd0fFZht+xNlOEuB6n7CPkCAwEA
+AQKCAgBILiZ/2jfXhG/64D5r/Tg8t6EV3wMn84ZGGzu03T7nPhK9dQkZVtvCGwcD
+SwzIAY3frOT3GzEDMHaYe33HtdkVxyDOJxs/S9zUdB05rRh6pgvzeiZCe6zmuvSf
+AHGgiTunMqnIe4EQEmTvLihCl6GuLl3HkF2GyOAEMexZkh7Y7C8QBpehuWhkEPOD
+1S9HrpyADS7cDRKflW1Db5AZrzTO4mfqicV/Li7C1Ow8hs0kryqBFtVAyGDZBU18
+mrlrZAR+dbEdL8boa2Vsopj3Wqc952TuCEKQXxOD5Gj3dwJ0o+EQhYASuPD1N0Ct
+9JHdhIp2+vrsGURzcbr1iJPa0NnoKk1HHee5LI8PnjOIsy/KaNBM4PWvmP+sWbUC
+Ej6JTiyZklHztRCq6EkXhUU2D1PplkqBtAM9DnubkuHvqrPa+BDEI1OZABxJHblA
+FvSB5D8bLx7rFZD7H2UvDG+e/Y7STNSo178qY2X6e5GRxoaB+/m9XU/P0+nSA+U1
+QtR00b95WSw6rn3hdgLXf5pxpmCoQqndkQzT8Xx/iY53s8Lr020c84tp6eMp4rsJ
+t145eLi+RnJLGDnXeb0I5/sEJE9SUyR7L/AARB0ewgrTsr2Cy2zpDCDh2s6oWTcS
+46XqU/yPcEf5NnPC7YLVjF8zWa6qO6VsBadntW6PmUbxQqehXQKCAQEAwdJGyX6w
+F8WrUv3nxP1GOAB1z86/6HS/+2znmDAqlIFqMikIcUHsMfRMeBga/M+pvSRajmG3
+MUWIoRZhgyDMMtdMGOqv8bAvaHqR7UlFymeU4m/kIRmJaU81167KKF0eFc4akf6G
+bzIbkGkZVAlnLWGBaloYj6vz8NWw6gJkTT+vH+Cz9g0hJ+bnNHuttxLKkDW2Fc87
+Mt8KFI14xK/tJiPktSCfVxjyVj16tn63lLQFKo5bOqsTUSxkFTPtIhGm2YGTk0Dv
+/hM9x7GhMPnQ2o0lK6FhCHzAnQkoD5ld8KL5hV3iP7Jg0+H9c9c8e+gHum0n+vxo
+WolOFsrd26ocEwKCAQEA01FbcKfz85qCP6336oVhr/Kl4TE2V+kWRbOpg48EVkJ+
+uJrqLoA/OSCYjmmh7ly5fjTpE1Juvhbuo54MoGLxQ954H47Hux+0daoX9hAEcOK5
+AiWINC7Gqi1rzQ3b9Vp2PxbiR6JcDqiy6UoK81uP6N6PgpUuu+EV74asP5SWGx/u
+BhScd5QLjjtf77n0Zn5aoNSuHt3JOzjToMl4WCtaP+/t0edkBsfcU/grNs85B/wN
+6A5uJR8T52wVWw5xQYbblU92JeDSgfQr1LD5VVOr8hQzVxDoOI8SL2dx68OEMw9v
+hzVfHL79sKCLUAJHGqnBC+zLcVCbDctm7EVxgAmQQwKCAQEArO1Xit8lbZBHUzyG
+VRNEWyLN+iKUxmmkAEciOn5+/xCYFzjU93fBrLAyqdOYAIenAcI1qWM1dxh61n6J
+cd0JUzMUCgcaA6EWKzlwiS0ev3+7Lmx2NbH7D6JEf7LLW0f5V6sTub5FY2Bph2a9
+2mSpUav1M1Y/I7BfbTi7J44Kv4FaVi69YYJFWryA/Cp8yyJQ6GmDk+HZB4JIFB5E
+6festqK/o3r/r03qqVcg7UIRuPMEyPtKGgYYrgvVH7W8lPD61ITvjioZ9a5lKI4r
+Ku84kEXuLAdH87Kah4Fr5L8JOXGu/nbNLdeQ3Hp9D6WxqTtT6dkKGryovl5S9bL6
+TspvUQKCAQEAxAwJmlWnJMymo++BPolqHLMwI+DlOt/bMuVAkfYgHurn59qJAoUm
+ophUEGN9wMczrBvoVG24ohBia1dY/X9tt/pwVU7AjCEY6cTZIAayKAyfeZdaapcu
+5njnN0DxXQoFA/j2C2FcqJjoCzkPOcErnO7GE27WAaYMFMFLkl0GebnAuNFsbB/k
+LJt3IM/TJzd4WxeVRruaUqAg7l2bkaj+vKyaZY+XpBbNmPV3Gg1cKsU0HaMtmrDf
+ZWdH1MdsWU+E7lvfD7spcTkXZOafGwNaVWdaTh84YiiRxXriHMmyHzDl1nm0eNXU
+RIZdWOgUEW+F0stn3wPaJg0bun2elBvLQwKCAQBcTaEhnVOJvBxMtM6G6N/rzBLb
+yQNKPPmMfCK9+TXFMpfsfYqiST/63wRbYIQ0tjiyx+dXb7VawhovCT7AR5Ct+0zW
+iCG9yUNhbFEXUWUbthdrt1Xr3IBw9NCfYHosTjyOHi0eAn1ORFlD6GNzv27zeQHR
+nBJwR6/SJOLYNztJLIyQGrK8fBuqaVFf2zaxDwCiPtIRUudbLJPobEyGfszjpvAR
+nIe1aqh/ONLjBgwkj/6uLI15IDexqoW5j6KyW+MlAqBmqLecOFnfM7ZKW6VHvZpZ
+me+2Zgxulhq9iRyPHcYDhUzIktH6IF4hYITdLS4IbCezcp4LmHgbyDpxu3+J
+-----END RSA PRIVATE KEY-----

integration/fixtures-expired/etcd-root-ca.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF5jCCA86gAwIBAgIUIzbfeuRpE4/TdkmJEYNNOA2VoLgwDQYJKoZIhvcNAQEN
+BQAweTEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
+Y3VyaXR5MRUwEwYDVQQDEwxldGNkLXJvb3QtY2EwHhcNMTcwMTI2MTkxNTAwWhcN
+MTcwMTI2MjAxNTAwWjB5MQwwCgYDVQQGEwNVU0ExEzARBgNVBAgTCkNhbGlmb3Ju
+aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDTALBgNVBAoTBGV0Y2QxFjAUBgNV
+BAsTDWV0Y2QgU2VjdXJpdHkxFTATBgNVBAMTDGV0Y2Qtcm9vdC1jYTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ/96RuDfbC1rnM+cj1ZgLjwroebbx7N
+sEVrAZ60zPaqiKQo0e6zSc2Ust2wDMV/rtSV1Cvzbd5U/O86yJJAuBJ++GryUsbf
+nEJUrOeLBxbEaPyHZW/+m/3RHkuG5KO8Zcps1+Vg0mSfQI+vcDWce90xrB4mQwZ0
+M4shNZTz7N/KmHCbXJGShoLE8CdHtYLwRPpPCnYU0gV9Y2D4snDqYm2oxBEWunTD
+WRyCURJSQEHo4BQ8xFUSwmQXXU9JMFcdbbamArWAxpaoNk4dieZ9RgHXUC338/P/
+GTribAmGIAPvC2OeX8ex9/dprHU1p2i1Vt1WBPY+ZX+vf6SZVU4T+OpI7sLV/YXx
+JKC0Y1wRffE4m50F0BPi1VDb93s0f1vpZ7STsYOz5GvuToxv0vSoI/0DgOJwJKD3
+kPzV6LAV/Hf2fKh4t3+WEbZk+TS8AIGkgYNpbcvAdtKPWut6a8IRDppPvhDYfFJn
+sVCfgJsvJRsgf9H0QtmBZwubCSRE4w48qz61iQPO+tBKtE330WGIHCsiSbYqHbsj
+53C8RmOwpE/7bIeqMiGPkZ3Sjnx3Q+u8qi2crsHc/y7GsQARCxG2xXpBOppUPznJ
+Wc3HuZvPmw2eFt50bUvxsoF4VjY+l8SspPEUDQeqdmuYESMRAGnR7lCXdHxWYbfs
+TZThLgep+wj5AgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
+AQH/AgECMB0GA1UdDgQWBBRnbPUmgSmUC3API24MQ5x/Xh08xzAfBgNVHSMEGDAW
+gBRnbPUmgSmUC3API24MQ5x/Xh08xzANBgkqhkiG9w0BAQ0FAAOCAgEAFPoCwCcw
+ecCkvFTxjJnMI9v+i0VlqgKH5Q8ZAxwsPI+bck5KdUbi7aWTwvlZxM/2WT0NsWGO
+hKZhsJnOZsRaEmeKV5TD1Ua2urQSXWztjGDn/+6JR47FYIP57d3+w5wYuwwzy2ne
+4oY4OIOmot9Wqgc1D5yOo9D81Udq6DOfb9DeXqa+UuQGoYu1hLQrgUQATxiYsu8T
+FNoG7EQihNuIMlBhU/H1rCKtX4aeRXRRl7Rr/p/+AYqNUblnjwowvBGyYEfzO9ag
+ixO+li3SbpD4SfZwX1T3SQukoOq2iSCnrWDdP9yvx04X8oPxhbAncjxASDfy4l2S
+vhaks6L10qZkLjWNGA65UVDPgzAWTi/7XCZZ37bP2poLbg+/VbKVvN4PII81NB54
+Ew9mkS9NwcjWQvjkhVPVGtk/fiYtkl5yrrWswJMW/fQJvipveMZbEW0jLVx28f7n
+t+hvaKMy1QBr1HG3bVtty/izDVTsHJLbki07NRNkJM8M7zv960/rL8SK4J300Zm1
+DjxeyipcX1IGnIeBzNT2ASu1cD40T+qwG7hYtSCpGAkBVq4ZnFSGb3yICv5TvUE4
+WItEf4eaV/dK0f7yu02u+TS22LiFiWU1d1/wL8HX9n8utS2w3g/YXy8GNWahcjiM
+AlehNnzoyVafYDVvMKNHBfJuaxa5qTQrctY=
+-----END CERTIFICATE-----

integration/fixtures-expired/gencerts.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -e
+
+if which cfssl >/dev/null; then
+    echo "cfssl is installed; generating certs"
+else
+    echo "cfssl is not installed; exiting"
+    exit 255
+fi
+
+cat > ./etcd-root-ca-csr.json <<EOF
+{
+  "key": {
+    "algo": "rsa",
+    "size": 4096
+  },
+  "names": [
+    {
+      "O": "etcd",
+      "OU": "etcd Security",
+      "L": "San Francisco",
+      "ST": "California",
+      "C": "USA"
+    }
+  ],
+  "CN": "etcd-root-ca",
+  "ca": {
+    "expiry": "1h"
+  }
+}
+EOF
+
+cfssl gencert --initca=true ./etcd-root-ca-csr.json | cfssljson --bare ./etcd-root-ca
+
+cat > ./etcd-gencert.json <<EOF
+{
+  "signing": {
+    "default": {
+        "usages": [
+          "signing",
+          "key encipherment",
+          "server auth",
+          "client auth"
+        ],
+        "expiry": "1h"
+    }
+  }
+}
+EOF
+
+cat > ./server-ca-csr.json <<EOF
+{
+  "key": {
+    "algo": "rsa",
+    "size": 4096
+  },
+  "names": [
+    {
+      "O": "etcd",
+      "OU": "etcd Security",
+      "L": "San Francisco",
+      "ST": "California",
+      "C": "USA"
+    }
+  ],
+  "CN": "example.com",
+  "hosts": [
+    "127.0.0.1",
+    "localhost"
+  ]
+}
+EOF
+
+cfssl gencert \
+    --ca ./etcd-root-ca.pem \
+    --ca-key ./etcd-root-ca-key.pem \
+    --config ./etcd-gencert.json \
+    ./server-ca-csr.json | cfssljson --bare ./server
+
+rm -f ./*.json
+rm -f ./*.csr
+
+if which openssl >/dev/null; then
+    openssl x509 -in ./etcd-root-ca.pem -text -noout
+    openssl x509 -in ./server.pem -text -noout
+fi

integration/fixtures-expired/server-key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEArjJG7BkDXGJ7IJeUbt9ilXZl/SqKVYnQQcbAVqKKsZOUTnWl
+jYgslXIVDJAYUCZ2WNzXrHq6XOY4qbfNjDIdq28hlq+EydMOU9T/1WrFASbiJdrC
+mFH1XUX9SImDw9qDit2S4bxW5gs+Q6cSRSGyHf+6/DD24NY2VP3qpjwaEByZGZ7K
+769zRBhoI2sWslilztQKuiVdeTRNqMtCD/Qa4JIiwyzmYOwKEd+kitrsPwUQg/11
+RNbUHZEy51GCzeZ467DcjnXiGHsAF6ZMznDvPY8GU71JYkBN1Tq8IQVe9yemqk6S
+UXYoJJnebX3WMvCZ+XLKYWObANQpXxHsu6t68Hkcg5bDTTbg79JAS8co7wf1S3NA
+3QudhrTf3anvdbtaZFukusQbVnH7qSp5LFTle+Vl7Megy0/juCBL9/xMSpWqUwUl
+7evfrm/JkVmCoGm2+56uCyrVK9uRRraqp7J19RuNmhunOiURN610DjsisI1eqAHS
+naDtMluwBc+HEaJWYzJN1JLvGA3ahOyOcv94FZ1msabq20txvp5oHLd7j9TaVGob
+qSbDGLZGHrm5If/x2+1Dc9O55Om/82Q8r1Qxt+GqVX+TFed7AvBHFTYbBiW5gT8M
+SqMb91t+MYmC9ChFbWepC35I6zoHX1B1CgV20lr5PH1wYO+k0IdO6ufZYBcCAwEA
+AQKCAgAMledX4YrDnv3kYe9Af3VA9TfzLaKnAXkBd5mn6MB6if4aGRfn/OGzvnVU
+3ghTqiO80d/nP0q9sYiAgp4gNfK80x+rIm1Go7ASUH5Xbgpjxepq775FgQ5oOclN
+91mEygHdA5s8If5pSoCqJKUGR6P11Ocul18O6YstYtcUQZ1kcpyBJF7nKFb8oYLM
+pE0Uf6EjK2DHCDITsrq1qlHQk0Np3EUUsubGM+eaWP0rZxvQhc4mqyZQ3fCfXkE+
+Qz5fH/q2lKWqyUuXlzNvgf1koPY4DWBYpoFpztmQwVicTiYJV10MSvb5Wb8WveM7
+J+9U6NtHEYsbtDWbvrhqfQIMoRwVqxryUj1h/GN95oZ80pFkhcLfBeu045Fyc7Aa
+gZT/ugC2Jov/+1uxtLe9ZsZeY+MVBuLrUoG5+Q+Tink+uJ3KYn2TltpdiYmSZ7lY
+s/SnUBGbmSJjpXsbqbcimnsZLX/T8X53UwHRG5eWmGhJBU60kATsFqZmvkYgI3wc
+yenDQaIx93fwsBWEBn/Ms1XHaYvVIpeQ4eRboIzkNq0Aefyat6MIQPj5tf2Hlb93
+bRNxoJaX6oiOtCrqfIdqk688pgjTwV5r4z4R+K4FbVRx0VbU0Dfsa4rVsRFidMdg
+9s+xvS2wYePkjP5m5q574oStRKYuJsaPDJeXLI5XfzKnLa/eUQKCAQEA5bjIhflh
+P/3yL/EEC4Pr9t655mi0qyxNegllfkuhEEdH6u+ygj4MtJikVUatL5XHylo0KGM1
+asdJLlOwFYGsOKLk0Vj2BU1b9PljRYyS+8sZvOQOhDbxkl7zrvaezYPbsVd1IX0v
+Q6fvOh9N5H127LkspHC+G03g6X+nY/+5b5CxaUHke6Cd+fjxiZnAbyzmhgIHohfC
+7HCzmKfyJPIJgVpDAHaEWIpAVYU5qRwgrWWjx2WftFXF7NaI5KIoMgbqWCLp1A/O
+eaO3CB/uRn3l4yjBy+paxpYzkS0LtfHMDk/0tPn8/AFt9L6Pjv+KXYhvpsJAqknQ
+p0RmFEuEh+AQKQKCAQEAwh96H3TdUzRl0TewWL9IbKdeF1IV7PC1dwljevsTYlU5
+kUztebtHA6XWXNwlKr8VQ1PVTsncB4VlX3bIlbg8fVy90Uu7FQ/dhSczyuZANjz/
+ocazZi9wk8OG5k6Sgz/EdevsIPnBfdbPPGgxFkSr1CUEOkRwtI7p/F3gjeJviH7j
+7BYKJje1mln3/r8h3esgeILOmK4/oKpjjRCbhAsU4j8kLFKMgUYdPgpqFzdgzOLO
+EIoDqTl7anQkbJUoSbenoHF0xWmWG5uaOo4/ORuTr+ZoN4nkZ6D8R6ZQlPpIw4oD
+WDeoAcSoFgKoczIlBk4lcz5mbwp2UsiLBYXJFH72PwKCAQEAzBd0R9r8dK74KXG2
+h0iILodIoBTsVpuApeiNPDyS9vRtR6P3c1EPVq+6aGznVrx6iSPE7RDfF2PAd6Ew
+cpsHWDYYlomz4ZgOF8ItWVAAEiYqUrBG2V47FzC2zP4crjf0ykUKMluWz0P2/Sts
+t5BkRQJrUBk+POHe7XRVUjmTFTR2+i3pgZB8aearKPXpipxYnjxVbcQwkIG8febP
+8dT7bumzV0j0YflKGPDI/p6XxZXkgTWfQsdllfowGviaP3/3WaCDH71/UoCKD3TW
+69fUkxHVw4YNahtt6xAbNGWDRj/xB4yGH5phhyx6PLB5zIl3sK8qZmA4OTNCgctq
+DpGZqQKCAQBgc+lnBdcOh4Nrj+MERY7Dxek/Zx7Tysovai/OpD/+ZOAkrPd1u7LO
+QjEflJa3BZiYCmh7LFsyNXqoE0oY8iDEHTeHbbx3+5kSlubqErum92oAxMzQohOq
+p8U4W6P6qM2B1gZOYCpez0PK/O4e5WIHF5lhJi5l2Hi0VyTC+tZ2GK5A2LaURKvs
+FHXfUrKOJEzO9BeYz0N4HhE2vyC2XBc1TzA3AZEkjmTrNZt/C5oCU1MV7q1hANms
+jCao+Pe6oREd7CGcERlvgEIChDkvs98O0EnKBq7BOsD/DMkPLMjIt6Nvyr+kmUT3
+Irz1991jo6KB/2hAFg+ylEhXJyFBGNBbAoIBAFQhMh25emwXX/L0lEqoo1miDl2U
+IYUFLl8sasRyZp7PmGuUSyKLMZwJesPvcXb4OL4h4Q+2Esx4nFhTkHjoo22AJWRK
+ivLiDZHEVN5DKFCfaNoNCMeLi07syLRWl28K5O924lVfsEwISOd5VjuFynNHn5Tu
+pE/VkfwUtY1owak3k737Yum1bBmUHyP6kJyUGQW0E9yhTcau1OnhU8XSvO+6lClK
+wOg3RsP3LF3gslrRVgc+R95KOva7Oc2EuJDqoHJ8877+r68cHdJYe3mmb1pPNqC1
+It+c6mphFAT6frmzkew72FEFzaiSx/Iqiwz4LqoMEnVYN8eVp7hehyGbb8o=
+-----END RSA PRIVATE KEY-----

integration/fixtures-expired/server.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHDCCBASgAwIBAgIUcGlr9BUSOAwUt3SDhav9yWokZDowDQYJKoZIhvcNAQEN
+BQAweTEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
+Y3VyaXR5MRUwEwYDVQQDEwxldGNkLXJvb3QtY2EwHhcNMTcwMTI2MTkxNTAwWhcN
+MTcwMTI2MjAxNTAwWjB4MQwwCgYDVQQGEwNVU0ExEzARBgNVBAgTCkNhbGlmb3Ju
+aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDTALBgNVBAoTBGV0Y2QxFjAUBgNV
+BAsTDWV0Y2QgU2VjdXJpdHkxFDASBgNVBAMTC2V4YW1wbGUuY29tMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArjJG7BkDXGJ7IJeUbt9ilXZl/SqKVYnQ
+QcbAVqKKsZOUTnWljYgslXIVDJAYUCZ2WNzXrHq6XOY4qbfNjDIdq28hlq+EydMO
+U9T/1WrFASbiJdrCmFH1XUX9SImDw9qDit2S4bxW5gs+Q6cSRSGyHf+6/DD24NY2
+VP3qpjwaEByZGZ7K769zRBhoI2sWslilztQKuiVdeTRNqMtCD/Qa4JIiwyzmYOwK
+Ed+kitrsPwUQg/11RNbUHZEy51GCzeZ467DcjnXiGHsAF6ZMznDvPY8GU71JYkBN
+1Tq8IQVe9yemqk6SUXYoJJnebX3WMvCZ+XLKYWObANQpXxHsu6t68Hkcg5bDTTbg
+79JAS8co7wf1S3NA3QudhrTf3anvdbtaZFukusQbVnH7qSp5LFTle+Vl7Megy0/j
+uCBL9/xMSpWqUwUl7evfrm/JkVmCoGm2+56uCyrVK9uRRraqp7J19RuNmhunOiUR
+N610DjsisI1eqAHSnaDtMluwBc+HEaJWYzJN1JLvGA3ahOyOcv94FZ1msabq20tx
+vp5oHLd7j9TaVGobqSbDGLZGHrm5If/x2+1Dc9O55Om/82Q8r1Qxt+GqVX+TFed7
+AvBHFTYbBiW5gT8MSqMb91t+MYmC9ChFbWepC35I6zoHX1B1CgV20lr5PH1wYO+k
+0IdO6ufZYBcCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE7MTPuM
+DNH+edtzjnjB+8Tuwx62MB8GA1UdIwQYMBaAFGds9SaBKZQLcA8jbgxDnH9eHTzH
+MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQ0FAAOCAgEA
+S1Kx/+L5UNAjvXoDWAvFJMIpQcsFhV6vj/sbwxgwXTKjQHOOehEwaaEW735EDmhC
+4CLgyM94i7eFEGwAVwWpnh6XAfqCMGd32T5aRPktiGqnQ+aAVdC/fgmWWKqA7ix5
+Bsjg9WbuBZvI1tAIscq7ajeHFBb/mndgP2kRJf8Rd7NH3VsmLHlK6KKwe/ThKvwZ
+IRTfN7ABWzKq/MmGUOWuBiQaLM7DT05m3ISpN3YCHJL4HRjLz6WZ9vP3GLDcrC8H
+a7TPizjB3/+y++htnDBhVAAVl4GgolRZzjkzERxDZlvyY7T8sfq9a+9GGHgRXB8v
+9wWOYph2r8K1aPaVPw88cri9l993g+vWgKhEse+JoiHgcyCp2VjnM6cpMhCPktBp
+YBZ/jBma5EQoLIdBFmDcH/tVs6l6o/9J3q2x+fPZYZkvyuUbxb+TdRZllCqx1myy
+YxCGTLdjWEHQbdcVc8totLPgJik2LjFoPAvYgrqO0o3vTz1oagLbwie4D2uK9Ats
+pu4KxGCsDtzyf/w9sBZti/ovIgttB7IxeFWZYIWVRCkJkre9rm8qmaCmMY2FvBDY
+nBSTldaLpHAryjleyu/WYdqW8Qc+EqIPCzCvJkrKfhZEN7AT7vFwmvnOjJetFdEL
+UNJ3wyITBZtiMRAInMkRi3zFeHTVqaockL/FoplkY4Q=
+-----END CERTIFICATE-----