grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

advancedtls: add IPv6 address to certificate SAN names (#4101) 

* advancedtls: add IPv6 address to certificate SAN names
This commit is contained in:
ZhenLian 2020-12-18 11:05:59 -08:00 committed by GitHub
parent 15458d2820
commit 666aea1fb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 244 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
security/advancedtls/advancedtls_integration_test.go
View File

@ -39,10 +39,6 @@ import (
"google.golang.org/grpc/security/advancedtls/testdata"
)
var (
address = "localhost:50051"
)
const (
// Default timeout for normal connections.
defaultTestTimeout = 5 * time.Second
@ -105,7 +101,7 @@ func callAndVerify(msg string, client pb.GreeterClient, shouldFail bool) error {
// TODO(ZhenLian): remove shouldFail and add ...DialOption to the function
// signature to provider cleaner tests.
func callAndVerifyWithClientConn(connCtx context.Context, msg string, creds credentials.TransportCredentials, shouldFail bool) (*grpc.ClientConn, pb.GreeterClient, error) {
func callAndVerifyWithClientConn(connCtx context.Context, address string, msg string, creds credentials.TransportCredentials, shouldFail bool) (*grpc.ClientConn, pb.GreeterClient, error) {
var conn *grpc.ClientConn
var err error
// If we want the test to fail, we establish a non-blocking connection to
@ -362,11 +358,12 @@ func (s) TestEnd2End(t *testing.T) {
}
s := grpc.NewServer(grpc.Creds(serverTLSCreds))
defer s.Stop()
lis, err := net.Listen("tcp", address)
lis, err := net.Listen("tcp", "localhost:0")
if err != nil {
t.Fatalf("failed to listen: %v", err)
}
defer lis.Close()
addr := fmt.Sprintf("localhost:%v", lis.Addr().(*net.TCPAddr).Port)
pb.RegisterGreeterServer(s, greeterServer{})
go s.Serve(lis)
clientOptions := &ClientOptions{
@ -389,7 +386,7 @@ func (s) TestEnd2End(t *testing.T) {
// stage = 0, initial connection should succeed
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
defer cancel()
conn, greetClient, err := callAndVerifyWithClientConn(ctx, "rpc call 1", clientTLSCreds, false)
conn, greetClient, err := callAndVerifyWithClientConn(ctx, addr, "rpc call 1", clientTLSCreds, false)
if err != nil {
t.Fatal(err)
}
@ -406,7 +403,7 @@ func (s) TestEnd2End(t *testing.T) {
// stage = 1, new connection should fail
shortCtx, shortCancel := context.WithTimeout(context.Background(), defaultTestShortTimeout)
defer shortCancel()
conn2, greetClient, err := callAndVerifyWithClientConn(shortCtx, "rpc call 3", clientTLSCreds, true)
conn2, greetClient, err := callAndVerifyWithClientConn(shortCtx, addr, "rpc call 3", clientTLSCreds, true)
if err != nil {
t.Fatal(err)
}
@ -415,7 +412,7 @@ func (s) TestEnd2End(t *testing.T) {
stage.increase()
// ------------------------Scenario 4------------------------------------
// stage = 2, new connection should succeed
conn3, greetClient, err := callAndVerifyWithClientConn(ctx, "rpc call 4", clientTLSCreds, false)
conn3, greetClient, err := callAndVerifyWithClientConn(ctx, addr, "rpc call 4", clientTLSCreds, false)
if err != nil {
t.Fatal(err)
}
@ -651,11 +648,12 @@ func (s) TestPEMFileProviderEnd2End(t *testing.T) {
}
s := grpc.NewServer(grpc.Creds(serverTLSCreds))
defer s.Stop()
lis, err := net.Listen("tcp", address)
lis, err := net.Listen("tcp", "localhost:0")
if err != nil {
t.Fatalf("failed to listen: %v", err)
}
defer lis.Close()
addr := fmt.Sprintf("localhost:%v", lis.Addr().(*net.TCPAddr).Port)
pb.RegisterGreeterServer(s, greeterServer{})
go s.Serve(lis)
clientOptions := &ClientOptions{
@ -678,7 +676,7 @@ func (s) TestPEMFileProviderEnd2End(t *testing.T) {
// At initialization, the connection should be good.
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
defer cancel()
conn, greetClient, err := callAndVerifyWithClientConn(ctx, "rpc call 1", clientTLSCreds, false)
conn, greetClient, err := callAndVerifyWithClientConn(ctx, addr, "rpc call 1", clientTLSCreds, false)
if err != nil {
t.Fatal(err)
}
@ -694,7 +692,7 @@ func (s) TestPEMFileProviderEnd2End(t *testing.T) {
}
// New connections should still be good, because the Provider didn't pick
// up the changes due to key-cert mismatch.
conn2, greetClient, err := callAndVerifyWithClientConn(ctx, "rpc call 3", clientTLSCreds, false)
conn2, greetClient, err := callAndVerifyWithClientConn(ctx, addr, "rpc call 3", clientTLSCreds, false)
if err != nil {
t.Fatal(err)
}
@ -708,7 +706,7 @@ func (s) TestPEMFileProviderEnd2End(t *testing.T) {
// other side.
shortCtx, shortCancel := context.WithTimeout(context.Background(), defaultTestShortTimeout)
defer shortCancel()
conn3, greetClient, err := callAndVerifyWithClientConn(shortCtx, "rpc call 4", clientTLSCreds, true)
conn3, greetClient, err := callAndVerifyWithClientConn(shortCtx, addr, "rpc call 4", clientTLSCreds, true)
if err != nil {
t.Fatal(err)
}
@ -719,7 +717,7 @@ func (s) TestPEMFileProviderEnd2End(t *testing.T) {
time.Sleep(sleepInterval)
// New connections should be good, because the other side is using
// *_trust_cert_2.pem now.
conn4, greetClient, err := callAndVerifyWithClientConn(ctx, "rpc call 5", clientTLSCreds, false)
conn4, greetClient, err := callAndVerifyWithClientConn(ctx, addr, "rpc call 5", clientTLSCreds, false)
if err != nil {
t.Fatal(err)
}
@ -727,3 +725,90 @@ func (s) TestPEMFileProviderEnd2End(t *testing.T) {
})
}
}
func (s) TestDefaultHostNameCheck(t *testing.T) {
cs := &testutils.CertStore{}
if err := cs.LoadCerts(); err != nil {
t.Fatalf("cs.LoadCerts() failed, err: %v", err)
}
for _, test := range []struct {
desc string
clientRoot *x509.CertPool
clientVerifyFunc CustomVerificationFunc
clientVType VerificationType
serverCert []tls.Certificate
serverVType VerificationType
expectError bool
}{
// Client side sets vType to CertAndHostVerification, and will do
// default hostname check. Server uses a cert without "localhost" or
// "127.0.0.1" as common name or SAN names, and will hence fail.
{
desc: "Bad default hostname check",
clientRoot: cs.ClientTrust1,
clientVType: CertAndHostVerification,
serverCert: []tls.Certificate{cs.ServerCert1},
serverVType: CertAndHostVerification,
expectError: true,
},
// Client side sets vType to CertAndHostVerification, and will do
// default hostname check. Server uses a certificate with "localhost" as
// common name, and will hence pass the default hostname check.
{
desc: "Good default hostname check",
clientRoot: cs.ClientTrust1,
clientVType: CertAndHostVerification,
serverCert: []tls.Certificate{cs.ServerPeerLocalhost1},
serverVType: CertAndHostVerification,
expectError: false,
},
} {
test := test
t.Run(test.desc, func(t *testing.T) {
// Start a server using ServerOptions in another goroutine.
serverOptions := &ServerOptions{
IdentityOptions: IdentityCertificateOptions{
Certificates: test.serverCert,
},
RequireClientCert: false,
VType: test.serverVType,
}
serverTLSCreds, err := NewServerCreds(serverOptions)
if err != nil {
t.Fatalf("failed to create server creds: %v", err)
}
s := grpc.NewServer(grpc.Creds(serverTLSCreds))
defer s.Stop()
lis, err := net.Listen("tcp", "localhost:0")
if err != nil {
t.Fatalf("failed to listen: %v", err)
}
defer lis.Close()
addr := fmt.Sprintf("localhost:%v", lis.Addr().(*net.TCPAddr).Port)
pb.RegisterGreeterServer(s, greeterServer{})
go s.Serve(lis)
clientOptions := &ClientOptions{
VerifyPeer: test.clientVerifyFunc,
RootOptions: RootCertificateOptions{
RootCACerts: test.clientRoot,
},
VType: test.clientVType,
}
clientTLSCreds, err := NewClientCreds(clientOptions)
if err != nil {
t.Fatalf("clientTLSCreds failed to create")
}
shouldFail := false
if test.expectError {
shouldFail = true
}
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
defer cancel()
conn, _, err := callAndVerifyWithClientConn(ctx, addr, "rpc call 1", clientTLSCreds, shouldFail)
if err != nil {
t.Fatal(err)
}
defer conn.Close()
})
}
}

45
security/advancedtls/advancedtls_test.go
View File

@ -373,51 +373,6 @@ func (s) TestClientServerHandshake(t *testing.T) {
serverCert: []tls.Certificate{cs.ServerCert1},
serverVType: CertAndHostVerification,
},
// Client: only set clientRoot
// Server: only set serverCert with mutual TLS off
// Expected Behavior: server side failure and client handshake failure
// Reason: client side sets vType to CertAndHostVerification, and will do
// default hostname check. Server uses a cert without "localhost" or
// "127.0.0.1" as common name or SAN names, and will hence fail.
{
desc: "Client has root cert; server sends peer cert",
clientRoot: cs.ClientTrust1,
clientVType: CertAndHostVerification,
clientExpectHandshakeError: true,
serverCert: []tls.Certificate{cs.ServerCert1},
serverVType: CertAndHostVerification,
serverExpectError: true,
},
// Client: only set clientGetRoot
// Server: only set serverCert with mutual TLS off
// Expected Behavior: server side failure and client handshake failure
// Reason: client side sets vType to CertAndHostVerification, and will do
// default hostname check. Server uses a cert without "localhost" or
// "127.0.0.1" as common name or SAN names, and will hence fail.
{
desc: "Client sets reload root function; server sends peer cert",
clientGetRoot: getRootCAsForClient,
clientVType: CertAndHostVerification,
clientExpectHandshakeError: true,
serverCert: []tls.Certificate{cs.ServerCert1},
serverVType: CertAndHostVerification,
serverExpectError: true,
},
// Client: only set clientGetRoot and CertAndHostVerification
// Server: only set serverCert with mutual TLS off
// Expected Behavior: success
// Reason: client side sets vType to CertAndHostVerification, and will do
// default hostname check. Server uses a certificate with "localhost" as
// common name, and will hence pass the default hostname check.
{
desc: "Client sets CertAndHostVerification; server uses localhost certs",
clientRoot: cs.ClientTrust1,
clientVType: CertAndHostVerification,
clientExpectHandshakeError: false,
serverCert: []tls.Certificate{cs.ServerPeerLocalhost1},
serverVType: CertAndHostVerification,
serverExpectError: false,
},
// Client: set clientGetRoot and clientVerifyFunc
// Server: only set serverCert with mutual TLS off
// Expected Behavior: success

1
security/advancedtls/testdata/localhost-openssl.cnf vendored
View File

@ -21,4 +21,3 @@ subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = "127.0.0.1"

192
security/advancedtls/testdata/server_cert_localhost_1.pem vendored
View File

@ -1,56 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SVL, O=Internet Widgits Pty Ltd
Validity
Not Before: Dec 2 21:51:53 2020 GMT
Not After : Apr 19 21:51:53 2048 GMT
Not Before: Dec 15 18:05:59 2020 GMT
Not After : May 2 18:05:59 2048 GMT
Subject: C=US, ST=Illinois, L=Chicago, O=Example, Co., CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a0:a1:5e:05:53:c5:a7:71:fb:ff:22:d5:d2:49:
da:14:8b:54:9b:fb:40:3d:33:38:7d:3e:69:16:1c:
1f:c1:88:42:99:d2:ac:8e:3e:60:ca:ac:63:e2:5b:
e8:90:e5:4d:1b:e5:0b:40:6d:7d:90:6a:de:7f:ad:
97:81:ae:38:2c:07:44:ca:ac:54:d7:dd:41:99:36:
ca:38:44:9e:cc:e0:34:c2:44:71:2e:59:60:bf:45:
e5:57:af:7d:d2:ca:c5:53:ff:8a:ab:5f:68:cf:74:
88:29:99:59:fc:25:8c:06:47:26:77:14:1e:10:c1:
78:d6:a1:a5:7f:0d:8d:4a:be:c8:fd:6f:a1:60:3d:
e8:0a:27:f9:fe:e1:45:81:7c:e6:be:65:b8:62:ed:
ca:1f:fb:7f:08:c0:b4:a6:57:f1:56:32:53:bf:d6:
43:75:57:1c:e2:69:8d:96:41:a6:46:a0:49:1d:e8:
ab:0a:92:7b:b8:33:b2:c3:7b:6e:2b:53:13:be:91:
34:71:e3:d9:52:e4:d5:63:64:f8:a7:b0:a0:23:5c:
07:3d:82:9a:6e:bc:0a:95:f1:51:ff:08:75:1c:32:
38:67:9a:98:5c:94:08:90:c2:23:cd:bb:ad:86:10:
4f:34:b2:28:f8:83:0f:c3:cb:3a:80:a9:2e:9a:3e:
45:bf:2c:55:ee:22:d7:e4:a3:d7:b4:0b:7c:fb:30:
fa:a7:02:24:04:ba:60:79:2d:1d:01:6c:b1:17:b9:
b9:f3:4f:c7:20:26:6d:48:31:b2:6d:27:b8:5d:fc:
8a:20:be:29:30:26:18:a4:51:45:3c:47:06:22:fa:
9e:c7:43:ac:34:5b:6e:23:08:c9:ea:93:b7:de:5e:
36:9a:85:51:8a:01:86:c0:47:52:4f:9b:d6:16:ce:
ff:3a:5f:33:ff:f5:24:20:5d:ef:f9:ea:21:fd:05:
04:b9:c6:b5:75:67:67:d5:48:70:d0:e8:53:f2:ff:
f7:a0:8b:1c:09:bf:5d:08:b2:5d:08:34:00:a3:f1:
fc:6d:44:e5:73:eb:6d:24:a2:0f:aa:4a:d1:8f:fe:
40:a4:77:94:63:99:82:26:d0:66:a4:a2:97:59:2b:
30:18:4b:d1:22:a9:99:02:4c:06:50:ff:12:6e:83:
11:ff:08:7f:c2:8e:ae:83:0f:a9:b6:99:3e:cc:8e:
c7:a6:17:65:65:0e:9f:7d:48:28:6d:e7:b6:e5:7a:
b1:36:04:fe:db:0e:62:3a:e2:a1:bf:b9:76:23:bf:
b8:4f:a4:68:bf:03:1c:53:34:55:d0:28:2d:89:10:
28:2d:2c:ca:8b:b9:5a:82:f4:5f:b9:eb:ef:aa:f2:
31:f0:d5
00:d3:4d:01:08:9d:80:de:15:fa:0a:52:ed:2c:f6:
4b:9d:c5:67:2d:b6:41:33:d7:5b:b4:fd:f0:a8:5c:
dd:8a:8d:1f:2d:12:5d:47:88:09:d4:96:ee:63:10:
f9:9d:9a:6c:34:c4:ec:a9:0d:95:6c:48:bc:17:d0:
77:53:93:f8:44:8a:0b:0b:a2:4d:1d:53:f7:55:a7:
ed:6a:35:ad:1d:af:79:bd:d5:c6:5b:96:24:9e:4d:
d8:e9:21:93:e1:93:3b:5d:c4:e3:90:1a:36:d0:f7:
bb:8c:22:e9:d2:f8:29:19:bf:24:c6:52:21:0e:d6:
3a:73:48:ba:e7:81:34:ba:23:21:57:c3:51:0e:59:
51:9f:a6:07:56:17:c4:aa:1b:7b:6c:36:6b:ab:32:
5e:2e:f7:70:dc:eb:f3:da:3b:39:4e:a4:8c:bf:40:
72:ef:00:1e:46:c9:07:6a:93:4c:36:b7:c3:2e:7c:
c5:c1:85:9f:6b:4d:2d:fd:3c:9b:9a:cf:52:b2:fa:
ba:f8:ce:cc:8b:dc:57:7b:ed:37:69:c9:80:dc:a6:
2c:a7:e4:4b:8c:77:cb:2e:28:65:64:61:a4:c8:33:
d9:f8:7d:b7:7c:4f:b7:f4:07:5a:89:ae:2a:59:8c:
ac:00:c7:ce:b0:d0:9b:cd:4d:83:39:55:bb:72:0f:
62:d4:5f:8b:c3:c7:e2:79:95:53:eb:a0:26:0d:52:
7b:4d:40:56:66:2b:55:67:f5:1a:c9:e8:a8:49:bd:
e7:e4:31:9a:e1:8d:80:f2:cc:ab:3d:70:f6:fe:75:
cb:aa:1b:12:d0:6f:d3:c8:df:f1:bd:ce:2b:21:42:
e5:2c:bd:c6:c8:c4:bb:4a:3d:92:48:0d:49:a8:96:
c0:51:ed:30:64:81:dd:ce:05:d4:ff:07:87:59:0b:
13:41:8e:1d:58:e4:47:0c:00:97:12:e4:67:94:24:
67:ef:ed:1e:85:89:df:85:78:10:1f:7f:b2:e8:af:
e7:0f:c7:ec:aa:01:67:b6:0a:9a:23:83:90:1d:0a:
2a:37:80:c3:26:d7:f1:24:29:b3:d8:37:7c:5c:f8:
e3:08:96:1a:34:2d:fa:ff:75:e8:70:25:e2:ab:51:
9d:f7:8a:23:52:89:02:c8:71:ea:cd:a2:89:b6:eb:
6e:c9:fd:fb:dc:63:e8:f9:db:d7:57:d2:0c:fc:56:
9c:16:a8:67:fe:17:88:07:e8:f8:c5:7a:33:72:ad:
b4:5a:43:5b:49:be:79:8b:00:18:83:f7:19:00:07:
94:2c:38:96:61:a7:55:a8:30:db:7e:07:f6:c5:a3:
65:1e:93:2d:6b:5e:d9:a6:0f:fa:c2:19:9b:59:4c:
41:ba:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:87:7F:58:33:AD:24:C6:F2:07:5D:8E:88:18:BE:61:08:20:29:D1
F3:DC:6A:5B:B7:CE:E9:E1:4D:3E:C4:AE:B7:8E:39:E3:6D:CA:AF:C7
X509v3 Authority Key Identifier:
keyid:5A:A5:DA:B1:99:D4:E5:0E:E6:1E:94:EA:FF:FC:62:E2:ED:09:F1:06
@ -59,66 +59,66 @@ Certificate:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
bd:79:29:a5:d1:35:3d:34:61:3e:88:d7:37:66:c0:48:2e:ba:
8f:ed:56:b6:48:3f:1b:7d:eb:b7:91:0f:13:c3:96:d3:bd:82:
0c:00:49:3f:1a:44:12:4c:27:f5:48:39:04:bd:66:d8:64:e1:
5f:c7:01:43:82:38:1e:7f:94:6c:96:00:97:06:b7:d6:d1:0d:
0a:34:a9:f1:3d:ac:0b:4f:0c:2e:ff:69:3d:53:63:9b:c1:22:
e8:5a:b9:cd:00:92:a0:b6:cd:c0:21:b2:fc:2e:70:8e:2d:e3:
ed:4a:f0:84:24:3f:7e:b9:a7:cf:05:1d:15:cc:a3:8a:6e:0d:
44:28:02:bf:03:31:02:00:eb:1d:6c:60:8e:9c:73:0a:b6:f7:
ad:61:c4:a5:60:dc:4e:44:79:3e:95:40:44:5a:9b:58:61:3d:
b6:5f:68:8f:c0:98:3d:a4:b1:41:fb:b4:ad:d3:b6:8b:72:f0:
c2:ec:8a:65:ac:a7:2e:ea:f7:e5:2c:8d:3a:18:36:d2:48:36:
5d:a2:1a:52:22:40:a6:da:7d:52:e5:ba:d7:fd:75:63:8b:9b:
ff:ad:20:bf:a0:f9:d4:e7:f1:b2:cb:a7:09:c7:d0:36:bc:ea:
be:f1:29:08:22:25:2a:16:3f:22:3b:2b:53:47:73:01:68:d2:
1e:3d:87:07:6f:ec:c4:33:3e:44:ec:a3:de:32:7e:12:57:15:
30:d4:6d:be:16:e7:ba:28:0e:8a:79:8a:ab:84:f8:1d:8c:d9:
da:06:1b:7e:37:10:3f:24:7c:1f:74:bc:0e:44:cf:a6:56:97:
02:19:b7:a7:f3:5d:46:c8:56:7b:19:b3:42:17:f2:97:cf:15:
d6:78:8d:90:f9:88:f7:28:71:7d:8d:ff:50:bb:d1:71:bb:23:
da:53:63:92:7c:d4:a8:be:45:17:d4:6a:e7:e3:75:93:b5:bb:
fd:38:30:11:ab:ec:f5:7b:6e:f5:17:0b:cc:69:44:79:3f:95:
85:e8:6b:da:e7:af:b3:f6:e8:73:22:db:75:f8:40:20:fd:cb:
24:b6:49:b6:69:79:12:8e:73:05:75:a0:de:67:5c:29:05:11:
3a:b2:8d:f8:ec:2f:fa:99:5e:3a:2b:df:3b:69:1a:c3:05:6c:
44:3c:a1:12:ab:3c:5b:87:52:a5:44:54:6c:c8:e5:f6:50:dd:
d7:d4:93:15:67:31:66:58:10:c1:23:98:35:08:6b:56:34:5a:
71:db:67:e5:41:a8:60:77:c3:30:2a:09:78:37:83:32:37:b1:
c5:34:b6:54:79:fd:e0:13:a3:16:f5:5f:25:87:8e:5e:c3:93:
f9:1f:4c:79:51:0f:23:e6
54:13:3d:55:d3:4b:d8:85:f0:54:a8:33:5c:a1:9f:87:79:31:
34:7e:52:b9:46:ea:97:43:fd:0a:9b:ae:2c:8b:74:cd:51:d5:
63:b3:b0:b4:19:a1:da:73:b4:e2:47:0c:d9:33:4a:c6:aa:27:
41:bc:4d:15:74:42:59:eb:41:8e:28:49:f0:55:89:13:f8:f0:
35:1f:e9:b2:ae:48:79:e7:15:a2:aa:59:e0:fd:91:c8:7f:ba:
aa:a4:2e:77:2a:e4:62:fe:c2:83:51:dc:58:83:f8:7f:b2:47:
68:8b:1f:9d:9b:12:25:f2:0f:7d:06:a4:9a:be:a3:af:2d:27:
32:4a:20:fe:5f:98:d0:5d:6a:10:c9:04:49:54:26:60:20:6e:
38:f2:91:a4:24:e7:ed:d2:e4:aa:88:7e:9c:6d:0a:1e:30:97:
a9:9c:45:35:09:fc:45:6c:32:d0:db:79:04:fa:03:7c:36:e5:
27:72:1d:77:a1:d4:12:86:53:bf:93:4e:f7:da:7a:a1:4b:5b:
42:e4:6b:9b:a5:58:f2:ef:30:2e:a6:6f:f7:63:fd:16:b0:35:
81:99:3d:41:dc:da:34:46:ea:1f:02:cc:5e:dc:67:1c:62:68:
76:45:5b:ea:f3:2f:a5:0f:2e:b8:d0:df:ad:8f:3b:03:b4:36:
21:d4:4d:99:09:76:22:a4:61:b4:59:ca:8b:42:5d:64:2a:9a:
4f:7f:67:65:38:4a:c6:e7:8b:ff:36:0d:42:4b:60:03:77:99:
71:1f:ac:f4:83:bb:06:5c:22:fa:ed:4c:c5:37:22:22:11:85:
1a:ab:06:e3:14:c8:71:bf:79:1f:b4:22:64:ea:65:5e:99:c5:
ca:3a:1e:d2:22:96:24:df:65:b1:42:7e:72:21:6b:de:49:cd:
09:45:4d:3e:ff:45:22:f4:01:d5:09:5b:dd:22:cc:25:8f:b2:
5e:b3:35:f8:b3:6d:6e:2b:bd:98:f2:eb:5b:0e:58:31:f3:90:
ec:d9:41:9d:e4:4d:e7:6a:ff:32:63:d1:45:f0:fd:a6:7d:34:
16:e4:c8:0c:79:39:5d:46:e1:28:f1:13:49:a6:02:07:a2:ca:
de:ae:4a:3a:f7:0b:e4:27:49:33:c8:29:2f:cd:6f:0e:5a:be:
e0:5d:c0:98:7e:15:97:ea:a5:ba:84:3b:ab:8d:aa:81:d7:7f:
df:7c:b9:e7:11:6b:7f:82:6e:62:57:d9:ba:25:60:1d:93:49:
eb:48:91:88:2c:22:74:dc:50:cf:6c:44:bd:04:84:fb:97:53:
57:62:56:8b:b1:5c:a2:06:ef:c4:01:21:d6:73:4f:58:79:60:
75:09:53:7d:cb:8c:a2:86
-----BEGIN CERTIFICATE-----
MIIFmTCCA4GgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEL
MIIFkzCCA3ugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEL
MAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NWTDEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
Z2l0cyBQdHkgTHRkMB4XDTIwMTIwMjIxNTE1M1oXDTQ4MDQxOTIxNTE1M1owXTEL
Z2l0cyBQdHkgTHRkMB4XDTIwMTIxNTE4MDU1OVoXDTQ4MDUwMjE4MDU1OVowXTEL
MAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdv
MRUwEwYDVQQKDAxFeGFtcGxlLCBDby4xEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKChXgVTxadx+/8i1dJJ2hSLVJv7
QD0zOH0+aRYcH8GIQpnSrI4+YMqsY+Jb6JDlTRvlC0BtfZBq3n+tl4GuOCwHRMqs
VNfdQZk2yjhEnszgNMJEcS5ZYL9F5VevfdLKxVP/iqtfaM90iCmZWfwljAZHJncU
HhDBeNahpX8NjUq+yP1voWA96Aon+f7hRYF85r5luGLtyh/7fwjAtKZX8VYyU7/W
Q3VXHOJpjZZBpkagSR3oqwqSe7gzssN7bitTE76RNHHj2VLk1WNk+KewoCNcBz2C
mm68CpXxUf8IdRwyOGeamFyUCJDCI827rYYQTzSyKPiDD8PLOoCpLpo+Rb8sVe4i
1+Sj17QLfPsw+qcCJAS6YHktHQFssRe5ufNPxyAmbUgxsm0nuF38iiC+KTAmGKRR
RTxHBiL6nsdDrDRbbiMIyeqTt95eNpqFUYoBhsBHUk+b1hbO/zpfM//1JCBd7/nq
If0FBLnGtXVnZ9VIcNDoU/L/96CLHAm/XQiyXQg0AKPx/G1E5XPrbSSiD6pK0Y/+
QKR3lGOZgibQZqSil1krMBhL0SKpmQJMBlD/Em6DEf8If8KOroMPqbaZPsyOx6YX
ZWUOn31IKG3ntuV6sTYE/tsOYjriob+5diO/uE+kaL8DHFM0VdAoLYkQKC0syou5
WoL0X7nr76ryMfDVAgMBAAGjdjB0MB0GA1UdDgQWBBSyh39YM60kxvIHXY6IGL5h
CCAp0TAfBgNVHSMEGDAWgBRapdqxmdTlDuYelOr//GLi7QnxBjAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIFoDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZI
hvcNAQELBQADggIBAL15KaXRNT00YT6I1zdmwEguuo/tVrZIPxt967eRDxPDltO9
ggwAST8aRBJMJ/VIOQS9Zthk4V/HAUOCOB5/lGyWAJcGt9bRDQo0qfE9rAtPDC7/
aT1TY5vBIuhauc0AkqC2zcAhsvwucI4t4+1K8IQkP365p88FHRXMo4puDUQoAr8D
MQIA6x1sYI6ccwq2961hxKVg3E5EeT6VQERam1hhPbZfaI/AmD2ksUH7tK3Ttoty
8MLsimWspy7q9+UsjToYNtJINl2iGlIiQKbafVLlutf9dWOLm/+tIL+g+dTn8bLL
pwnH0Da86r7xKQgiJSoWPyI7K1NHcwFo0h49hwdv7MQzPkTso94yfhJXFTDUbb4W
57ooDop5iquE+B2M2doGG343ED8kfB90vA5Ez6ZWlwIZt6fzXUbIVnsZs0IX8pfP
FdZ4jZD5iPcocX2N/1C70XG7I9pTY5J81Ki+RRfUaufjdZO1u/04MBGr7PV7bvUX
C8xpRHk/lYXoa9rnr7P26HMi23X4QCD9yyS2SbZpeRKOcwV1oN5nXCkFETqyjfjs
L/qZXjor3ztpGsMFbEQ8oRKrPFuHUqVEVGzI5fZQ3dfUkxVnMWZYEMEjmDUIa1Y0
WnHbZ+VBqGB3wzAqCXg3gzI3scU0tlR5/eAToxb1XyWHjl7Dk/kfTHlRDyPm
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANNNAQidgN4V+gpS7Sz2S53FZy22
QTPXW7T98Khc3YqNHy0SXUeICdSW7mMQ+Z2abDTE7KkNlWxIvBfQd1OT+ESKCwui
TR1T91Wn7Wo1rR2veb3VxluWJJ5N2Okhk+GTO13E45AaNtD3u4wi6dL4KRm/JMZS
IQ7WOnNIuueBNLojIVfDUQ5ZUZ+mB1YXxKobe2w2a6syXi73cNzr89o7OU6kjL9A
cu8AHkbJB2qTTDa3wy58xcGFn2tNLf08m5rPUrL6uvjOzIvcV3vtN2nJgNymLKfk
S4x3yy4oZWRhpMgz2fh9t3xPt/QHWomuKlmMrADHzrDQm81NgzlVu3IPYtRfi8PH
4nmVU+ugJg1Se01AVmYrVWf1GsnoqEm95+QxmuGNgPLMqz1w9v51y6obEtBv08jf
8b3OKyFC5Sy9xsjEu0o9kkgNSaiWwFHtMGSB3c4F1P8Hh1kLE0GOHVjkRwwAlxLk
Z5QkZ+/tHoWJ34V4EB9/suiv5w/H7KoBZ7YKmiODkB0KKjeAwybX8SQps9g3fFz4
4wiWGjQt+v916HAl4qtRnfeKI1KJAshx6s2iibbrbsn9+9xj6Pnb11fSDPxWnBao
Z/4XiAfo+MV6M3KttFpDW0m+eYsAGIP3GQAHlCw4lmGnVagw234H9sWjZR6TLWte
2aYP+sIZm1lMQboHAgMBAAGjcDBuMB0GA1UdDgQWBBTz3Gpbt87p4U0+xK63jjnj
bcqvxzAfBgNVHSMEGDAWgBRapdqxmdTlDuYelOr//GLi7QnxBjAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIFoDAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL
BQADggIBAFQTPVXTS9iF8FSoM1yhn4d5MTR+UrlG6pdD/QqbriyLdM1R1WOzsLQZ
odpztOJHDNkzSsaqJ0G8TRV0QlnrQY4oSfBViRP48DUf6bKuSHnnFaKqWeD9kch/
uqqkLncq5GL+woNR3FiD+H+yR2iLH52bEiXyD30GpJq+o68tJzJKIP5fmNBdahDJ
BElUJmAgbjjykaQk5+3S5KqIfpxtCh4wl6mcRTUJ/EVsMtDbeQT6A3w25SdyHXeh
1BKGU7+TTvfaeqFLW0Lka5ulWPLvMC6mb/dj/RawNYGZPUHc2jRG6h8CzF7cZxxi
aHZFW+rzL6UPLrjQ362POwO0NiHUTZkJdiKkYbRZyotCXWQqmk9/Z2U4Ssbni/82
DUJLYAN3mXEfrPSDuwZcIvrtTMU3IiIRhRqrBuMUyHG/eR+0ImTqZV6Zxco6HtIi
liTfZbFCfnIha95JzQlFTT7/RSL0AdUJW90izCWPsl6zNfizbW4rvZjy61sOWDHz
kOzZQZ3kTedq/zJj0UXw/aZ9NBbkyAx5OV1G4SjxE0mmAgeiyt6uSjr3C+QnSTPI
KS/Nbw5avuBdwJh+FZfqpbqEO6uNqoHXf998uecRa3+CbmJX2bolYB2TSetIkYgs
InTcUM9sRL0EhPuXU1diVouxXKIG78QBIdZzT1h5YHUJU33LjKKG
-----END CERTIFICATE-----

98
security/advancedtls/testdata/server_key_localhost_1.pem vendored
View File

@ -1,51 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAoKFeBVPFp3H7/yLV0knaFItUm/tAPTM4fT5pFhwfwYhCmdKs
jj5gyqxj4lvokOVNG+ULQG19kGref62Xga44LAdEyqxU191BmTbKOESezOA0wkRx
Lllgv0XlV6990srFU/+Kq19oz3SIKZlZ/CWMBkcmdxQeEMF41qGlfw2NSr7I/W+h
YD3oCif5/uFFgXzmvmW4Yu3KH/t/CMC0plfxVjJTv9ZDdVcc4mmNlkGmRqBJHeir
CpJ7uDOyw3tuK1MTvpE0cePZUuTVY2T4p7CgI1wHPYKabrwKlfFR/wh1HDI4Z5qY
XJQIkMIjzbuthhBPNLIo+IMPw8s6gKkumj5FvyxV7iLX5KPXtAt8+zD6pwIkBLpg
eS0dAWyxF7m580/HICZtSDGybSe4XfyKIL4pMCYYpFFFPEcGIvqex0OsNFtuIwjJ
6pO33l42moVRigGGwEdST5vWFs7/Ol8z//UkIF3v+eoh/QUEuca1dWdn1Uhw0OhT
8v/3oIscCb9dCLJdCDQAo/H8bUTlc+ttJKIPqkrRj/5ApHeUY5mCJtBmpKKXWSsw
GEvRIqmZAkwGUP8SboMR/wh/wo6ugw+ptpk+zI7HphdlZQ6ffUgobee25XqxNgT+
2w5iOuKhv7l2I7+4T6RovwMcUzRV0CgtiRAoLSzKi7lagvRfuevvqvIx8NUCAwEA
AQKCAgBnlCagoMhPlTy95KSkmWK65K2Gd5mQ3TqL6Hay/yerEEaCEkua3bZkeo1e
JY3uAS6b0jJTNUdGnOMkybdss/8cxQMi/cUn/VCTj7UOW5Fa4yiiLKgfDxtHu7aL
uGoWRxK/e4TbxQY84BP9Xxmbckq8sZyoJJzOiTN2k324U/DMRgItCpKxELpT8jtO
k8zSFsxj8gvYHyW7Qd1Es57JtOO2hXVjurJ9M9M4XIAkZ+jkme8MDkBc7OBCg3O+
ghUkcsnElLWQyzAUN+Mx2KZO26InquwwSctzpGXfEmGhZr69k9SzWgjtibeMQOP9
ggv+6v1oKYop1bmQs7fhxzZ517X47wKJMx740OcM2oXNVqHwGmRvQxX10I4iopej
c23hj1HYjXVnX8q6md636Pe1CO33NQhoxGsIEeZYwCBRI7w2CYZoejaHMAoAAOyS
eDmNLGyX2cO0lxY5ru996gzS2NzIcuPG+XkXdsaxMuYYp6GpjBxhs414UeJ1dLL5
tviBmO9WI2votjMglcU2/cqv2yr4w1azIrSSu4vebuYVhMkAYcvauBc2A2egRUIF
RP2zBl55ZefapuPqHJdHyv9JWngrl5xWEoaOTUt8crzvRKxrnkLSBJ3rcZwhnsyr
ZjuxsuiJ7AA/E6vOcOrmGixhFIA3B9oUOwPqNJN9hB1Ld50ZAQKCAQEAy9+C+fHn
JklMsmWMqfyVFS9sPOuRM0NS1cAQ6U5RJdreiyq3pUbghDhYxiRTHWkoLE3IEYKE
mPoMKwhu06qIQSKl/G7QKHEY9gwDW9/9pqvDnDbH7xaCTmsgXIcMdu+YisNqlufx
yy7Q+oLdqbqBLio+CqJcWOwcasTGPdQlR4bnAxCRguCki9MeQTEnkPOff2KIZQci
2Lv2s2yrf+8Lw+mDB43/clMFcpjdIR4ezaf9QLkJ2mWsKDBHt7Hl+WgY0Y/r2F5G
MTotqYEqXKsBNPqy6LprYb/bDDhYHsnRAzyfRpKZ+6nwgdy4VjKOs0jduIewznTW
P1iTJudf0eC3UQKCAQEAybNoGLw9mzc7/UOtpXSEwQuztE7h4Pcm1+pHLVy/6X8S
h6toLCl7NoaHF6BuFNi+8yGYo8NSAEvyIm0rXh2sKjZAAbl5ab4h7VxEgVpynBMO
RR9FgeQXakEzzpxlXkVjKlsMOmO9WTOcUKwpgP0dKQt81ygHt9H4uxO93EpYRkQr
AyD+VXLtCill23YiAf8cX1GGj2mxZzg4+rOJpERLDBxTlUn005g2e3zShZXiKGSO
QuWwDomkBvdcKasSydiOLrdE4NzO7YXRgiY/AJGGC8935RgFQT7KMZQ1HRC8leTY
opc/Joq5j4xQatBu1ewbbg0idwYcy+p5Ot/tXwYIRQKCAQBDuB2genrGW+ivBU5B
FJZMsDDq13Cmr4EvYRn89Te9NENhxLG1o6JmKPVL87rr9QcUGE4RiuISklRCYw21
H1sdD65E+GYKWO7qo7jl5rQxjbJvDD9DKp3kAG+CbJV2WEW6KgkY0TievhFKdPe+
LiZEuGFdVOsJ2nvh9zTGStaLOMM5YGKFL6tYiqrtCq/S1SmwvYEC1ej8Rws+NCWP
XE7zJ3iPpNoqFmuj0iT5oDCpLVjRC+W69rTFsKvR17TFMI+15HF5sG7uYR3TxQTW
PTMsbu3IokuS75CKMZkLuQvFYHijj4S4dI1gBXnxn9+Iq/aCGghfu62C4yAV9xr7
8wHRAoIBAGIpfRTkr/rVU827XUwzu9QTtN6gsU+CGRZlv0Q1anTh0gvTALzVZ1Cv
AhoeitR8c9nx1M6GZWcdjvbwOHXybPKSOm5cbNlonixdhj2J3lNU9tHvGS3Q6xBc
MTFxbegGTu+zJe1Y0zMRahbc4soS5VkvbQ9tPOxaNPoe7nzCddmknWZFbWH6r6AN
a7P19zEPjihZjepH3v3EH/7q16bpUbjQJGF4f71my8Unh3FZ85oC7jVigV9h30FA
q0rgJiGz0easbMoezFpOkRsNMAY/zIP88XW+Tfhl7ZNZdMvzdERi/oeKokJIq2xQ
Nmb1j6tu4B6cJ9TTVbpsH5nmlyhy0B0CggEBAJPicCHPN828eVLp0kCOY3akPfLc
M88O/3XN4rf8btM2wSJdKANcF88WYh6wmMR4RF26/GIn/LfVRz/y23hj+KGPW2Nz
4anf4+iLqIoI0QuIHAzV6/WdukBhkjfXJlHESlNp9vsdDQymT+NookXfXVvQQxHm
21x41hlvKe0Ldd7MWj/JNow4sLfiyGntsaCYZBL6SBBrL4D42AmXFiftLQ4Tx9wl
YY/37p9hid5/PrF67Qk1jhQj1Z5cs2I+rsCo7FqDDnbbYDE69R/q9yTRDLBnEr93
ce3EAO6RL5tKGQqc+m8gl/7eyJ5kriySBibaiZifJA4KFMwFCgwvxmsHJgA=
MIIJKAIBAAKCAgEA000BCJ2A3hX6ClLtLPZLncVnLbZBM9dbtP3wqFzdio0fLRJd
R4gJ1JbuYxD5nZpsNMTsqQ2VbEi8F9B3U5P4RIoLC6JNHVP3VaftajWtHa95vdXG
W5Yknk3Y6SGT4ZM7XcTjkBo20Pe7jCLp0vgpGb8kxlIhDtY6c0i654E0uiMhV8NR
DllRn6YHVhfEqht7bDZrqzJeLvdw3Ovz2js5TqSMv0By7wAeRskHapNMNrfDLnzF
wYWfa00t/Tybms9Ssvq6+M7Mi9xXe+03acmA3KYsp+RLjHfLLihlZGGkyDPZ+H23
fE+39Adaia4qWYysAMfOsNCbzU2DOVW7cg9i1F+Lw8fieZVT66AmDVJ7TUBWZitV
Z/UayeioSb3n5DGa4Y2A8syrPXD2/nXLqhsS0G/TyN/xvc4rIULlLL3GyMS7Sj2S
SA1JqJbAUe0wZIHdzgXU/weHWQsTQY4dWORHDACXEuRnlCRn7+0ehYnfhXgQH3+y
6K/nD8fsqgFntgqaI4OQHQoqN4DDJtfxJCmz2Dd8XPjjCJYaNC36/3XocCXiq1Gd
94ojUokCyHHqzaKJtutuyf373GPo+dvXV9IM/FacFqhn/heIB+j4xXozcq20WkNb
Sb55iwAYg/cZAAeULDiWYadVqDDbfgf2xaNlHpMta17Zpg/6whmbWUxBugcCAwEA
AQKCAgBswO5uQ7qnE8Kc+6+M+7tRmd+QHIUUrJxL3IO39AwmmpnYNeKCxZbhr0lE
/eCr6GYXBuAT5qTolcsRqr8v6jHW/QHQXBm6pZPgp0y/5J6Ub9OGDHhKfU2dmM2y
uBCIAqKEkajaa1OZXFhQOUwFxKpK0SGZXX4cR9DPszhXnR3JS/mGVUXrz7b+J5MR
EaysLPbqbFwgQg1NuReC7YKV6POG8ZRrfz1om7P5lNBXXzbT1uMDkz6pax/xN0kb
VM118Y1MB1aiZrXKqn7wjth9fzPu3SyQwSTNSH7v4+TDtKn+TQm8JuCAf/tbA0nr
IRQ1AP0qbayJPuVh1qpaoTCX9SlU29QwahuXmjqZzbtXlre64Psfmx6fGpTrFVY4
Irhd4If/VwtbHCK6hU4c8GsIori+5rgquKBQgawQgDXCcF4671RJlwQnYm9YT5cb
q84wgBfGbXODHV1A+qJL3J+K/YzwxZKi7w9hXE+MsBoDiiUPekTBZA3GkFRCXwpN
nnb/BpnHnf3Fvy+BcmjzlzaPJZ1mwLJJEH0/R820U59S5m2fh7Gwy9+ZZsSNsJVW
fGaMZBGhOgAiBLd7zl7If4Eza14U499P8Rl8+4RiaMjnQC8xyI5eb49DtKcPdDp9
d+ZQiXTQeFWriCeXTQlEV8uUCpRosfUtJC7xjljQWHeNeMpnAQKCAQEA7u13pfYd
XH4BpO+wlRwjb4ADc6wLWFOm0nySNB3fzDrOix0vAGvm7sjtIGVYjcHAbjG2oflH
siqgFaT5iQUdvo5AGZU9rp6f4qctJQuSuti4eXE1P+YSGyNALISE49lpi/z3lwJ7
K3zxT0FywS2pvHEMc3+s+T0otik285/TJ7yg9d5UTS3TAgLzkan6wzGCAos935Ok
0/pJXWk3jjmc7q9cMGPDbX2kb67j4BuqbDbiCNTdfL2BOErwZw6+lissp8TPVNf2
03Hj24GQGO/A9H8U47M2bcY63UgcflmBwKvXVSnCVpYl9UjY/A4j45w2zjAX/lm1
3mjTBiwQGVR1hwKCAQEA4mYt2SuyS6AkdpANUrzISS0FvLTy/Qb3iU7iBkSBqShe
XV/a520uTJ+5v0m6ifGsafrjKJ0Rb3GYAug/mzWItTuRArIH5hTNd+FaAeC9XBEv
dvUnAnffvocvAnmpQdO/kJLY54rA1KnuIJ30Xy5653LgQLur/b2EG7Fljc9vHqI8
Emp7sLwPPFzelR+ryTak8GimUHm7psPJryvAeB8ak68TAmlBkLKrdO6oE3O1fJoO
cFbZG3r2KdRPZgBpegskOOgk0GQIG7z3G0auZpiwViRJLTBda1lLLYnVBcT2Qq10
AQebj1pDC7Op33kZMNtQtrb6bvEdPhEsaWqcfZm3gQKCAQAvgcojlq8539gl2n7q
9yBYoESPcGsFEgT+n0RW1oXUTvEYmiHpXIsbeZokseIMtbS0dHAS/sTxuSYBh78S
LpE+fXxjWdhc6y9xWrpQPl/bhRIRG6Bx5yY8fSLadzMRNv6UliUIwraI7BvzHVla
7eBtFrFaGc3j9PQuXD2P7XyHzyrWGHH8sprdMIcLtJemziZCqTsRRIMmnwKNb0lb
nzsD/pw/Bucp0yyqBEVNH1Mglz0Ucnbjwa566fOpGjZtF4KWjTyIazSp0GB1Gerz
+mAMfWRC7jRpWVwE+byoptV04PY8+cOpgctkXSq/23PpYvtGvitXKLFP2tnyxToi
PzfrAoIBAGk9+HgosOQo2GppAliAu1YQ4MbdEst+bplcmwMw21lIE72yLm9AOLKT
2WPLoTQ4rN5DK0+Y3B8DHhfT4KWE2DzvKLSpD7Tr3KuqjQ2sbDodHwRcZ7rlAJRw
APFUntKj3TwWl0/jF0qEh9aPtqZ8U9O9efN9ijEU5RF+gGfQkqYZ4nTpHQCGG0sD
HNETfOa3SSscapukSw/1mY6ddwYf51nZm6uWRE1AUSW1P1pzgl0evDGKnbgBi+bb
8+DFtkJuZXMyrtJUfdRvHiuGytGUjvwsN/wSrIqXYrQTi3v4GEXcnb1QzQZxfhM1
fHUOtSAaA0Y8fuQNn3tXvl5umbplN4ECggEBAIPDR2/Igmze9sCqZF06fexBZUcB
j6gsjY7zJYppAO6tniyLkQaOHoCZGvMA2xxcR1+4F+QQvLOkRTPxXHqZgNwze9oK
Y9QLkhsu0Q3A0+C/YC3HGL90HKndRx6pLHVhrBg3vxoTjQpPkpVT6UYnMGnRr5D5
qluURPPYR56WX76rMud0yDTB/MeNsNjdBn8ukr1LwR40ircFgmy/O+FdR9mpPOVY
3DIDysyzug3IeIoa0QSy7aKHHGd9pTHJ3EA/tfoTCmr9iywKxsgPp1fcSjt8Nfg7
mVo2qbVoqchrp0tFG2/MoxqiOlRMtWX6N37btlMxifj28BDE63hG53W4bGA=
-----END RSA PRIVATE KEY-----