From d01249139fac19b58d9d8d943f91103bee72e2cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim Rühsen?= <address@hidden>
Date: Mon, 10 Nov 2014 11:59:26 +0100
Subject: [PATCH 2/2] Added new test Test--https-crl.py to check --crl-file

For this test, a proper CA and server key/cert infrastructure
was needed. E.g. without CN being 127.0.0.1 a matching CRL file
couldn't be generated.
---
 testenv/ChangeLog                  |  11 +++
 testenv/Makefile.am                |   1 +
 testenv/Test--https-crl.py         |  50 +++++++++++++
 testenv/Test--https.py             |   4 +-
 testenv/certs/README               |  81 +++++++++++++++++++++
 testenv/certs/ca-cert.pem          |  21 ++++++
 testenv/certs/ca-key.pem           | 144 +++++++++++++++++++++++++++++++++++++
 testenv/certs/server-cert.pem      |  21 ++++++
 testenv/certs/server-crl.pem       |  12 ++++
 testenv/certs/server-key.pem       | 144 +++++++++++++++++++++++++++++++++++++
 testenv/certs/wget-cert.pem        |  30 --------
 testenv/server/http/http_server.py |   4 +-
 12 files changed, 491 insertions(+), 32 deletions(-)
 create mode 100755 testenv/Test--https-crl.py
 create mode 100644 testenv/certs/README
 create mode 100644 testenv/certs/ca-cert.pem
 create mode 100644 testenv/certs/ca-key.pem
 create mode 100644 testenv/certs/server-cert.pem
 create mode 100644 testenv/certs/server-crl.pem
 create mode 100644 testenv/certs/server-key.pem
 delete mode 100644 testenv/certs/wget-cert.pem

diff --git a/testenv/ChangeLog b/testenv/ChangeLog
index c57a431..f743895 100644
--- a/testenv/ChangeLog
+++ b/testenv/ChangeLog
@@ -1,3 +1,14 @@
+2014-11-10  Tim Ruehsen <address@hidden>
+
+	* removed certs/wget-cert.pem
+	* added certs/ca-cert.pem, certs/ca-key.pem, certs/server-cert.pem,
+	  certs/server-key.pem and certs/server-crl.pem
+	* added certs/README for description how to generate the certs and keys
+	* server/http/http_server.py: amended to work with new certs/ files
+	* added Test--https-crl.py to test --crl-file
+	* Makefile.am: added Test--https-crl.py
+	* Test--https.py: use --ca-certificate of --no-check-certificates
+
 2014-10-25  Tim Ruehsen <address@hidden>

 	* test/base_test.py (gen_cmd_line): generate valgrind command line if requested
diff --git a/testenv/Makefile.am b/testenv/Makefile.am
index f745bdb..59dbbf5 100644
--- a/testenv/Makefile.am
+++ b/testenv/Makefile.am
@@ -47,6 +47,7 @@ if HAVE_PYTHON3
     Test-cookie.py                          \
     Test-Head.py                            \
     Test--https.py                          \
+    Test--https-crl.py                      \
     Test-O.py                               \
     Test-Post.py                            \
     Test--spider-r.py
diff --git a/testenv/Test--https-crl.py b/testenv/Test--https-crl.py
new file mode 100755
index 0000000..9330a1e
--- /dev/null
+++ b/testenv/Test--https-crl.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+from sys import exit
+from test.http_test import HTTPTest
+from test.base_test import HTTP, HTTPS
+from misc.wget_file import WgetFile
+import os
+
+"""
+    This test ensures that Wget can download files from HTTPS Servers
+"""
+TEST_NAME = "HTTPS CRL"
+############# File Definitions ###############################################
+File1 = "Would you like some Tea?"
+File2 = "With lemon or cream?"
+
+A_File = WgetFile ("File1", File1)
+B_File = WgetFile ("File2", File2)
+
+CAFILE = os.path.abspath(os.path.join(os.getenv('srcdir', '.'), 'certs', 'ca-cert.pem'))
+CRLFILE = os.path.abspath(os.path.join(os.getenv('srcdir', '.'), 'certs', 'server-crl.pem'))
+WGET_OPTIONS = "--crl-file " + CRLFILE + " --ca-certificate=" + CAFILE
+WGET_URLS = [["File1", "File2"]]
+
+Files = [[A_File, B_File]]
+
+Servers = [HTTPS]
+
+ExpectedReturnCode = 5
+
+################ Pre and Post Test Hooks #####################################
+pre_test = {
+    "ServerFiles"       : Files
+}
+test_options = {
+    "WgetCommands"      : WGET_OPTIONS,
+    "Urls"              : WGET_URLS
+}
+post_test = {
+    "ExpectedRetcode"   : ExpectedReturnCode
+}
+
+err = HTTPTest (
+                name=TEST_NAME,
+                pre_hook=pre_test,
+                test_params=test_options,
+                post_hook=post_test,
+                protocols=Servers
+).begin ()
+
+exit (err)
diff --git a/testenv/Test--https.py b/testenv/Test--https.py
index 17f49d3..b8d4faf 100755
--- a/testenv/Test--https.py
+++ b/testenv/Test--https.py
@@ -3,6 +3,7 @@ from sys import exit
 from test.http_test import HTTPTest
 from test.base_test import HTTP, HTTPS
 from misc.wget_file import WgetFile
+import os

 """
     This test ensures that Wget can download files from HTTPS Servers
@@ -17,7 +18,8 @@ A_File = WgetFile ("File1", File1)
 B_File = WgetFile ("File2", File2)
 C_File = WgetFile ("File3", File3)

-WGET_OPTIONS = "--no-check-certificate"
+CAFILE = os.path.abspath(os.path.join(os.getenv('srcdir', '.'), 'certs', 'ca-cert.pem'))
+WGET_OPTIONS = "--ca-certificate=" + CAFILE
 WGET_URLS = [["File1", "File2"]]

 Files = [[A_File, B_File]]
diff --git a/testenv/certs/README b/testenv/certs/README
new file mode 100644
index 0000000..979a3af
--- /dev/null
+++ b/testenv/certs/README
@@ -0,0 +1,81 @@
+To create the server RSA private key:
+$ certtool --generate-privkey --outfile server-key.pem --rsa
+
+To create a self signed CA certificate:
+$ certtool --generate-privkey --outfile ca-key.pem
+$ certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem
+Common name: GNU Wget
+UID:
+Organizational unit name: Wget
+Organization name: GNU
+Locality name:
+State or province name:
+Country name (2 chars):
+Enter the subject's domain component (DC):
+This field should not be used in new certificates.
+E-mail:
+Enter the certificate's serial number in decimal (default: 6079996172146959675):
+
+Activation/Expiration time.
+The certificate will expire in (days): -1
+
+Extensions.
+Does the certificate belong to an authority? (y/N): y
+Path length constraint (decimal, -1 for no constraint):
+Is this a TLS web client certificate? (y/N):
+Will the certificate be used for IPsec IKE operations? (y/N):
+Is this a TLS web server certificate? (y/N): y
+Enter a dnsName of the subject of the certificate: 127.0.0.1
+Enter a dnsName of the subject of the certificate:
+Enter a URI of the subject of the certificate:
+Enter the IP address of the subject of the certificate:
+Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
+Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
+Will the certificate be used to sign other certificates? (y/N): y
+Will the certificate be used to sign CRLs? (y/N): y
+Will the certificate be used to sign code? (y/N):
+Will the certificate be used to sign OCSP requests? (y/N): y
+Will the certificate be used for time stamping? (y/N):
+Enter the URI of the CRL distribution point:
+
+
+To generate a server certificate using the private key only:
+$ certtool --generate-certificate --load-privkey server-key.pem --outfile server-cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
+Common name: 127.0.0.1
+UID:
+Organizational unit name: Wget
+Organization name: GNU
+Locality name:
+State or province name:
+Country name (2 chars):
+Enter the subject's domain component (DC):
+This field should not be used in new certificates.
+E-mail:
+Enter the certificate's serial number in decimal (default: 6079998890988883856):
+
+Activation/Expiration time.
+The certificate will expire in (days): -1
+
+Extensions.
+Does the certificate belong to an authority? (y/N):
+Is this a TLS web client certificate? (y/N): y
+Will the certificate be used for IPsec IKE operations? (y/N):
+Is this a TLS web server certificate? (y/N):
+Enter a dnsName of the subject of the certificate: localhost
+Enter a dnsName of the subject of the certificate: 127.0.0.1
+Enter a dnsName of the subject of the certificate:
+Enter a URI of the subject of the certificate:
+Enter the IP address of the subject of the certificate:
+Enter the e-mail of the subject of the certificate:
+Will the certificate be used for signing (required for TLS)? (Y/n):
+Will the certificate be used for encryption (not required for TLS)? (Y/n):
+
+
+To create a CRL for the server certificate:
+$ certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca-cert.pem --load-certificate server-cert.pem --outfile server-crl.pem
+Generating a signed CRL...
+Update times.
+The certificate will expire in (days): -1
+CRL Number (default: 6080006793650397145):
+
+
diff --git a/testenv/certs/ca-cert.pem b/testenv/certs/ca-cert.pem
new file mode 100644
index 0000000..61f9318
--- /dev/null
+++ b/testenv/certs/ca-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXjCCAkagAwIBAgIIVGB8TiyN5TswDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
+AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
+MTExMDA4NTAyNFoYDzk5OTkxMjMxMjM1OTU5WjAwMREwDwYDVQQDEwhHTlUgV2dl
+dDENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAv2IR1/gsaJsn+egtVFbMMMbivK+eVzPY8wEXb2flpe9a
+Kkwz824nSSrWfRigQmf/ODkNlK2x91kppfPmWkClUREQB3I4d/sHFnzqCkFKmNwt
+VT4DsL47VumgZF6ZjSqTYQD3MDH3VhFj1iKrRMM/aCZXwntD+67sKw6UPXfFbfUO
+Recpb7fCZPZFVFYStxgcF7cyH+DADLX5QCEjiLYH1es6FXrdw+ypgwBl+HuLkQ/4
+gE0JLQK5PAKSYeLy0JEBUPovkMXT+r9aPkQBF/9WD6uUPia0ERHbMIT0My84hBrG
+9d5u5gXPnH1ZxKIr8iJOYCydVjYndn21zs2IExwL6wIDAQABo3gwdjAPBgNVHRMB
+Af8EBTADAQH/MBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAdBgNVHSUEFjAUBggrBgEF
+BQcDAQYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwemADAdBgNVHQ4EFgQU8z5OOIRK
+qb7Bb8dho1DabimL61QwDQYJKoZIhvcNAQELBQADggEBAEyG0E8RrSNfv9ZtqidB
+9j660p8CynFDsX+hjfR1Sy4v5aUxxaA1spj/L5ioQXgjFKfht3zyPQBwLDSWNb41
+1yaGrPjwDfal/CWY1lJHGZGiEuxtZ32mMYNSUNBQk0t2P33NssdjdtJ8Tm9BZwqH
+/NxHTi00MTQlG4L01KSAf7wJtapA1Ad6u6WAU+316EuTQ0eh7owOugaSIpCFgwQA
+hq3SkUW8P2hL9ZYX0lGzaqE9oKm9dIvpfVPrWhbhnGMPR2X/7B8IgK84r3Eb1CF2
+3nysbcWH8BSxpN0d8oYPhUFi3jyV9InqFvEPxyMQ9MmtjDb4JpA6tkL6UwP77br6
+Th0+-----END CERTIFICATE-----
diff --git a/testenv/certs/ca-key.pem b/testenv/certs/ca-key.pem
new file mode 100644
index 0000000..ac51f60
--- /dev/null
+++ b/testenv/certs/ca-key.pem
@@ -0,0 +1,144 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Medium (2048 bits)
+
+modulus:
+	00:bf:62:11:d7:f8:2c:68:9b:27:f9:e8:2d:54:56:
+	cc:30:c6:e2:bc:af:9e:57:33:d8:f3:01:17:6f:67:
+	e5:a5:ef:5a:2a:4c:33:f3:6e:27:49:2a:d6:7d:18:
+	a0:42:67:ff:38:39:0d:94:ad:b1:f7:59:29:a5:f3:
+	e6:5a:40:a5:51:11:10:07:72:38:77:fb:07:16:7c:
+	ea:0a:41:4a:98:dc:2d:55:3e:03:b0:be:3b:56:e9:
+	a0:64:5e:99:8d:2a:93:61:00:f7:30:31:f7:56:11:
+	63:d6:22:ab:44:c3:3f:68:26:57:c2:7b:43:fb:ae:
+	ec:2b:0e:94:3d:77:c5:6d:f5:0e:45:e7:29:6f:b7:
+	c2:64:f6:45:54:56:12:b7:18:1c:17:b7:32:1f:e0:
+	c0:0c:b5:f9:40:21:23:88:b6:07:d5:eb:3a:15:7a:
+	dd:c3:ec:a9:83:00:65:f8:7b:8b:91:0f:f8:80:4d:
+	09:2d:02:b9:3c:02:92:61:e2:f2:d0:91:01:50:fa:
+	2f:90:c5:d3:fa:bf:5a:3e:44:01:17:ff:56:0f:ab:
+	94:3e:26:b4:11:11:db:30:84:f4:33:2f:38:84:1a:
+	c6:f5:de:6e:e6:05:cf:9c:7d:59:c4:a2:2b:f2:22:
+	4e:60:2c:9d:56:36:27:76:7d:b5:ce:cd:88:13:1c:
+	0b:eb:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	45:0c:7f:fd:98:a7:85:12:3d:a9:17:90:8b:36:49:
+	b3:6b:7e:50:af:58:04:84:4b:48:d9:62:f8:29:d7:
+	1c:38:30:22:c4:9d:95:bd:6f:65:21:94:83:4b:c8:
+	3e:4d:41:32:aa:ba:f0:a2:7e:6c:0c:7a:4f:4a:a1:
+	18:7c:ec:68:44:2c:b1:53:0f:76:92:56:2b:51:e4:
+	2a:d1:05:b6:02:f2:44:27:fc:b2:de:df:8f:ea:f8:
+	98:5d:dd:2e:a6:66:c7:ff:ce:2f:50:47:b9:80:ca:
+	b1:6e:8e:b6:5f:6f:58:07:45:70:80:82:b5:a2:95:
+	c8:af:18:e2:d8:7c:9d:bf:c5:a9:da:4f:af:08:37:
+	92:27:94:12:c0:94:70:90:ff:e4:05:8b:ed:18:a9:
+	19:3c:47:3a:7c:fe:4f:9c:15:ab:f6:7e:48:2a:58:
+	d7:14:67:96:bd:e6:fa:9f:3a:51:0c:63:49:14:d5:
+	9d:e9:a8:24:19:2a:83:e4:fe:e2:ec:db:f9:13:33:
+	a6:d3:62:d2:6b:7e:a9:5b:93:73:f5:c9:d0:ad:58:
+	11:cb:77:d3:13:3c:bf:37:f9:64:95:c7:4c:69:f2:
+	6e:b8:36:69:57:93:4a:03:06:58:8a:51:3d:d6:97:
+	61:2f:7c:76:33:14:88:51:45:68:4e:29:fe:12:43:
+	69:
+
+prime1:
+	00:e0:e6:81:38:18:3e:c8:98:51:71:2d:5f:22:8c:
+	93:95:37:17:47:00:4f:6a:87:98:73:8d:f3:c3:02:
+	f7:e1:9d:a0:5c:a5:10:a6:0d:88:5d:e0:72:10:93:
+	24:af:6e:a4:0e:55:5c:03:37:5f:1d:90:41:c2:d6:
+	e3:a6:ba:20:08:0b:01:31:eb:fc:7e:97:66:3c:fe:
+	b5:ab:4c:0b:2f:18:16:f3:28:47:70:41:dc:cf:04:
+	9c:7e:28:78:3b:3f:31:cf:b1:77:2c:6d:c9:bf:ad:
+	19:ff:03:1f:c6:98:9a:60:47:a5:1d:c4:52:c5:9e:
+	77:5a:cc:a4:e3:96:81:d4:4d:
+
+prime2:
+	00:d9:d9:0c:6e:81:bb:0e:5d:c6:92:cc:48:70:b8:
+	da:60:e8:56:e7:2a:20:da:29:0f:c9:f0:9f:b8:9f:
+	df:d9:a1:68:7e:ce:3e:7c:f2:00:66:68:79:c4:01:
+	fa:b9:71:3e:73:06:3f:85:5c:83:33:ee:58:77:50:
+	89:aa:90:33:d0:6c:aa:6f:34:b2:30:8b:e9:a9:82:
+	df:e2:7f:04:09:9f:14:9a:db:c7:cb:e5:85:46:b2:
+	42:d0:a7:fe:7a:e3:ff:1e:84:9c:36:50:e3:de:fb:
+	11:1c:34:09:fe:46:db:45:c3:50:19:f1:25:c0:e3:
+	5c:d5:0d:88:13:e1:9a:5d:17:
+
+coefficient:
+	00:ca:79:cb:79:87:91:9f:9a:99:0b:5d:c5:78:21:
+	a7:60:c6:8a:2d:a5:b5:87:a2:d6:df:b0:17:5f:bf:
+	e1:ce:f0:ca:89:18:0e:e0:4a:7f:00:e5:41:2d:04:
+	5b:05:51:e5:08:89:dd:80:82:c7:94:94:1c:f4:0f:
+	1b:9a:d0:72:83:bb:e9:ca:d5:09:0d:4b:c0:b7:6a:
+	a7:b4:c3:df:4e:f1:7f:0f:57:ad:25:ff:e4:d3:ef:
+	05:95:31:ca:00:54:97:4b:2d:56:aa:1a:89:d8:a0:
+	d6:dc:64:88:88:36:26:92:39:57:8b:da:18:23:77:
+	c3:e3:39:0e:95:f7:3c:77:fe:
+
+exp1:
+	00:99:f2:8f:4f:93:a1:1e:74:cd:82:f8:78:df:d0:
+	74:91:b6:a5:53:6f:cd:ec:f1:26:95:2a:fd:4a:67:
+	34:c1:16:c2:17:c8:d1:ed:a8:e3:c8:c7:03:ad:7e:
+	db:a4:ce:ca:b4:19:10:24:0f:7a:27:65:80:ee:5b:
+	64:77:d3:7e:6b:a3:04:cd:64:69:71:4a:37:ac:d6:
+	fa:0a:68:c2:5b:19:55:54:5b:25:13:9d:b2:05:6f:
+	75:a4:12:15:c3:10:8e:0b:4a:c2:76:02:2d:10:ec:
+	f0:17:94:ce:e2:85:c1:5e:d8:8c:19:25:33:37:9d:
+	32:bc:4f:cb:2b:12:f2:8a:1d:
+
+exp2:
+	3e:53:68:c9:1c:f8:a5:6d:92:e8:60:e5:c0:ca:42:
+	40:43:78:c9:7e:36:13:f4:77:7d:f1:07:e1:4c:6c:
+	40:d9:7b:09:fc:7b:c8:47:7c:71:d0:26:36:3b:d2:
+	bd:c7:76:74:76:2f:2a:3a:83:97:11:f3:e1:7e:fb:
+	43:ff:29:b3:d1:c3:19:39:dc:59:23:4e:60:9e:fe:
+	ea:d0:28:19:90:97:d6:8e:56:a5:31:2f:66:40:8d:
+	f9:20:77:20:35:a6:c1:d6:72:d2:df:65:b2:5f:e6:
+	4f:49:5c:2a:91:9f:1e:60:78:c4:53:47:d7:dd:b4:
+	ab:87:c9:8c:d6:98:d1:55:
+
+
+Public Key ID: F3:3E:4E:38:84:4A:A9:BE:C1:6F:C7:61:A3:50:DA:6E:29:8B:EB:54
+Public key's random art:
++--[ RSA 2048]----+
+|                 |
+|                 |
+|                 |
+|    .. .         |
+|   Eo . S        |
+| .+o..+. +       |
+| .+o.= oo o      |
+|.o.o* o  +.      |
+|+o+*..   .o.     |
++-----------------+
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAv2IR1/gsaJsn+egtVFbMMMbivK+eVzPY8wEXb2flpe9aKkwz
+824nSSrWfRigQmf/ODkNlK2x91kppfPmWkClUREQB3I4d/sHFnzqCkFKmNwtVT4D
+sL47VumgZF6ZjSqTYQD3MDH3VhFj1iKrRMM/aCZXwntD+67sKw6UPXfFbfUORecp
+b7fCZPZFVFYStxgcF7cyH+DADLX5QCEjiLYH1es6FXrdw+ypgwBl+HuLkQ/4gE0J
+LQK5PAKSYeLy0JEBUPovkMXT+r9aPkQBF/9WD6uUPia0ERHbMIT0My84hBrG9d5u
+5gXPnH1ZxKIr8iJOYCydVjYndn21zs2IExwL6wIDAQABAoIBAEUMf/2Yp4USPakX
+kIs2SbNrflCvWASES0jZYvgp1xw4MCLEnZW9b2UhlINLyD5NQTKquvCifmwMek9K
+oRh87GhELLFTD3aSVitR5CrRBbYC8kQn/LLe34/q+Jhd3S6mZsf/zi9QR7mAyrFu
+jrZfb1gHRXCAgrWilcivGOLYfJ2/xanaT68IN5InlBLAlHCQ/+QFi+0YqRk8Rzp8
+/k+cFav2fkgqWNcUZ5a95vqfOlEMY0kU1Z3pqCQZKoPk/uLs2/kTM6bTYtJrfqlb
+k3P1ydCtWBHLd9MTPL83+WSVx0xp8m64NmlXk0oDBliKUT3Wl2EvfHYzFIhRRWhO
+Kf4SQ2kCgYEA4OaBOBg+yJhRcS1fIoyTlTcXRwBPaoeYc43zwwL34Z2gXKUQpg2I
+XeByEJMkr26kDlVcAzdfHZBBwtbjprogCAsBMev8fpdmPP61q0wLLxgW8yhHcEHc
+zwScfih4Oz8xz7F3LG3Jv60Z/wMfxpiaYEelHcRSxZ53Wsyk45aB1E0CgYEA2dkM
+boG7Dl3GksxIcLjaYOhW5yog2ikPyfCfuJ/f2aFofs4+fPIAZmh5xAH6uXE+cwY/
+hVyDM+5Yd1CJqpAz0GyqbzSyMIvpqYLf4n8ECZ8UmtvHy+WFRrJC0Kf+euP/HoSc
+NlDj3vsRHDQJ/kbbRcNQGfElwONc1Q2IE+GaXRcCgYEAmfKPT5OhHnTNgvh439B0
+kbalU2/N7PEmlSr9Smc0wRbCF8jR7ajjyMcDrX7bpM7KtBkQJA96J2WA7ltkd9N+
+a6MEzWRpcUo3rNb6CmjCWxlVVFslE52yBW91pBIVwxCOC0rCdgItEOzwF5TO4oXB
+XtiMGSUzN50yvE/LKxLyih0CgYA+U2jJHPilbZLoYOXAykJAQ3jJfjYT9Hd98Qfh
+TGxA2XsJ/HvIR3xx0CY2O9K9x3Z0di8qOoOXEfPhfvtD/ymz0cMZOdxZI05gnv7q
+0CgZkJfWjlalMS9mQI35IHcgNabB1nLS32WyX+ZPSVwqkZ8eYHjEU0fX3bSrh8mM
+1pjRVQKBgQDKect5h5GfmpkLXcV4IadgxootpbWHotbfsBdfv+HO8MqJGA7gSn8A
+5UEtBFsFUeUIid2AgseUlBz0Dxua0HKDu+nK1QkNS8C3aqe0w99O8X8PV60l/+TT
+7wWVMcoAVJdLLVaqGonYoNbcZIiINiaSOVeL2hgjd8PjOQ6V9zx3/g=+-----END RSA PRIVATE KEY-----
diff --git a/testenv/certs/server-cert.pem b/testenv/certs/server-cert.pem
new file mode 100644
index 0000000..73e9bba
--- /dev/null
+++ b/testenv/certs/server-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIIVGB+xzQpT5AwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
+AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
+MTExMDA5MDA1OVoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w
+LjExDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMjC3Gt55EfStl6mE371+pD3/cpR5MLxkdbBss5MlIP2
+TDhiPOItLXml8oxs4BjUm3wfn3GV9iJLmbzbIWL+0kbRkQ2LCPKUf+Cln3z2ZE+r
+XwdWlT8gVfv51Opfkp2lLDVUqLfNKRGQgivjSCmLqY2LqeB0SaVNvuaD3EpqZyIH
+0E5SZgjqBHgRRtvGkcy0rOmp5SI2NASLugUioXa9OLWjpYDwodsd3ERlL0DJ1aJW
+8TC8Tqix4i0osWzar+LXBIin0Qvar9/uRHN0p1kq3p0XgNHKqWpiTT54+WYx7Pem
+v4qRXz11swiJzUL+Pw1DurQ9smbzDgAsz7V2FJnUeCcCAwEAAaOBmDCBlTAMBgNV
+HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB8GA1UdEQQYMBaCCWxvY2Fs
+aG9zdIIJMTI3LjAuMC4xMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L
+JbKTM/tMKSt0qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tU
+MA0GCSqGSIb3DQEBCwUAA4IBAQBeRV2kMWuksna/E6hqcQ5C76UFq9RDcvxIoJQ/
+2ANywD+EcQYyBNSSL+yyv6/Pp9gXlqjciYdb3OgdPb++3y/UC6IxkeFv1uNDwJfS
+HVX9avm12CXfZt4zMrq1GQX4gjJ9jkItMCY4atdyAQROGnzDWzNuwSWaasL3oUPT
+qDUMHZR2kH2cIr9S07YT/8RslMdlMgeI4Y9JCGuRspgxwnDtM5L3vZEnGsud7DSa
+1/8LGiYydNIpCikwd2Pzdwp9G8mm7AExU3AsXPCyYxDWWjfyhBjTY+5aR57igNeB
+CaP+xoDNilbJ/RM+0Ygv/ue7gY49f8nESQP+0HQVborwl3h2
+-----END CERTIFICATE-----
diff --git a/testenv/certs/server-crl.pem b/testenv/certs/server-crl.pem
new file mode 100644
index 0000000..ee2082c
--- /dev/null
+++ b/testenv/certs/server-crl.pem
@@ -0,0 +1,12 @@
+-----BEGIN X509 CRL-----
+MIIB1DCBvQIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN
+MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMDA5MzUyMVoYDzk5
+OTkxMjMxMjM1OTU5WjAdMBsCCFRgfsc0KU+QGA8yMDE0MTExMDA5MzUyMVqgNjA0
+MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYIba
+N/WqiDANBgkqhkiG9w0BAQsFAAOCAQEALV862K6ErgDdHKVag2mibcyguI83mPUm
+AhkbZ0vUFIjf39kDwXfBdGjQPPRilAM+2nraN7UTZs6y+2UDTbavaOpn5YFEoP5f
+Z6AN+PMEVi8QfkpQHIRJPVg1noJMBU+KgqGvzg7pCpzD8WyrH/4AAmuQoD18YndP
+SQGmTvsap3nCQPtCcGnONbdvqlHF47toy9nYz+4auS+RpEPiUa9YT5zNOwQwlQg5
+cgdbkheEqN3SLeTAxvDSVaHbVEr2U7rsR8ckMNXE0xgNuDmvIiTiqps+e2oE88Ii
+421c+VGZE4LE5NeETIk8V4drxbdYZpwRB2/BzmDwKhMAB8WBIH2sFA=+-----END X509 CRL-----
diff --git a/testenv/certs/server-key.pem b/testenv/certs/server-key.pem
new file mode 100644
index 0000000..80d61cc
--- /dev/null
+++ b/testenv/certs/server-key.pem
@@ -0,0 +1,144 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Medium (2048 bits)
+
+modulus:
+	00:c8:c2:dc:6b:79:e4:47:d2:b6:5e:a6:13:7e:f5:
+	fa:90:f7:fd:ca:51:e4:c2:f1:91:d6:c1:b2:ce:4c:
+	94:83:f6:4c:38:62:3c:e2:2d:2d:79:a5:f2:8c:6c:
+	e0:18:d4:9b:7c:1f:9f:71:95:f6:22:4b:99:bc:db:
+	21:62:fe:d2:46:d1:91:0d:8b:08:f2:94:7f:e0:a5:
+	9f:7c:f6:64:4f:ab:5f:07:56:95:3f:20:55:fb:f9:
+	d4:ea:5f:92:9d:a5:2c:35:54:a8:b7:cd:29:11:90:
+	82:2b:e3:48:29:8b:a9:8d:8b:a9:e0:74:49:a5:4d:
+	be:e6:83:dc:4a:6a:67:22:07:d0:4e:52:66:08:ea:
+	04:78:11:46:db:c6:91:cc:b4:ac:e9:a9:e5:22:36:
+	34:04:8b:ba:05:22:a1:76:bd:38:b5:a3:a5:80:f0:
+	a1:db:1d:dc:44:65:2f:40:c9:d5:a2:56:f1:30:bc:
+	4e:a8:b1:e2:2d:28:b1:6c:da:af:e2:d7:04:88:a7:
+	d1:0b:da:af:df:ee:44:73:74:a7:59:2a:de:9d:17:
+	80:d1:ca:a9:6a:62:4d:3e:78:f9:66:31:ec:f7:a6:
+	bf:8a:91:5f:3d:75:b3:08:89:cd:42:fe:3f:0d:43:
+	ba:b4:3d:b2:66:f3:0e:00:2c:cf:b5:76:14:99:d4:
+	78:27:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	00:92:80:1f:f9:0d:e9:d7:bf:9b:f5:55:9b:c4:7a:
+	1b:6e:ce:89:14:aa:ce:14:b3:d3:88:b3:b0:97:7a:
+	aa:a5:e1:85:9d:5f:92:ae:39:e9:85:6b:e3:a3:35:
+	90:12:8e:93:27:f0:ab:99:67:a5:45:41:85:de:9a:
+	c9:b2:43:e1:8e:6c:3f:3d:72:c8:04:bc:f8:d4:26:
+	08:4c:58:40:bb:22:83:26:07:b8:c1:68:07:56:e8:
+	e8:c6:5f:17:ce:92:49:c0:61:16:fd:89:68:fe:b8:
+	45:45:61:85:b7:4b:83:5f:17:1b:cf:ff:0b:fe:e4:
+	cc:f9:ca:1f:66:ee:5e:74:25:94:7a:27:0e:0f:43:
+	50:14:48:ad:c6:8a:e1:ac:ff:8e:10:ed:e6:92:48:
+	c8:94:c1:3a:2c:db:86:71:66:8e:19:93:13:ed:f9:
+	47:06:5e:8b:e2:2e:cb:3a:c2:b3:5e:8d:31:e4:c5:
+	a7:cd:3f:09:70:e4:02:5d:34:2a:4d:b7:f5:06:e2:
+	f5:3b:8f:b6:ad:4a:22:b8:fe:43:a7:4d:67:ef:c3:
+	e1:ed:83:e2:d5:f2:d0:37:0f:56:ab:5b:47:69:0a:
+	14:03:2c:43:a3:73:e9:05:72:5e:df:68:9c:67:4b:
+	08:64:2d:c2:67:23:aa:e5:35:88:56:99:95:17:60:
+	20:01:
+
+prime1:
+	00:ea:ca:12:86:c0:25:b8:ab:fd:44:2c:1a:3f:1b:
+	19:68:d4:26:6e:9c:ad:6d:35:12:29:9f:40:c2:4c:
+	96:ef:8b:08:61:39:08:b7:8a:1f:81:97:71:ff:af:
+	5a:5b:db:9a:2f:2f:29:ab:92:bb:c5:51:a2:84:c5:
+	f4:88:79:ac:a2:b8:17:1e:4a:66:62:be:e5:ab:fd:
+	01:42:6b:16:f9:73:7b:cd:3e:f7:5c:5c:95:dd:79:
+	73:c4:60:a8:cf:95:80:ba:7d:02:14:9c:7e:58:4f:
+	8c:08:2c:b8:46:31:23:b2:1a:c3:38:78:5c:ea:50:
+	9d:42:23:31:30:9a:0f:3f:27:
+
+prime2:
+	00:da:e5:d3:66:0f:34:53:8c:e8:bf:5f:1e:46:93:
+	47:df:30:57:be:1f:30:6a:7e:e9:f0:6b:3f:61:89:
+	51:e2:0b:da:51:09:65:f6:23:3a:61:86:02:46:0a:
+	cf:11:73:7c:2d:65:bd:64:b8:0e:24:d2:b7:51:8f:
+	39:b4:a2:1b:e4:9a:bc:66:31:e2:00:eb:3e:20:06:
+	97:0a:a0:bb:82:da:bf:d5:e9:20:77:a7:55:86:69:
+	ce:eb:38:d3:f4:ad:82:9e:ce:02:05:c5:11:aa:c0:
+	b9:66:6f:e7:f4:26:57:72:fa:50:0b:ad:76:44:86:
+	e0:3e:f7:c0:3e:f3:94:9f:01:
+
+coefficient:
+	00:94:f2:42:a9:1a:62:1c:7a:bf:34:1b:a7:87:ae:
+	bd:3a:d9:f1:8c:4e:f6:f5:27:5a:ae:f1:1e:15:06:
+	a6:d0:e4:e0:ec:3a:40:02:13:b9:31:9a:cd:3a:c6:
+	34:7d:c6:9d:9e:60:5b:ca:03:88:87:56:f0:e1:ea:
+	37:96:2b:53:40:b2:78:4e:80:e2:e0:24:8c:83:0e:
+	f8:77:a4:64:d5:cc:09:6c:d6:52:49:f9:55:61:16:
+	72:b5:d2:ea:e1:61:fb:31:24:f0:30:8c:fe:5c:29:
+	71:06:09:11:4d:ef:51:a6:33:62:54:d2:c7:de:ba:
+	78:17:b1:27:50:f4:ef:c4:3a:
+
+exp1:
+	1f:36:0d:90:6c:2a:97:8a:05:78:f2:83:ea:af:a7:
+	89:0f:ea:ab:f9:97:f4:54:81:bd:96:b5:fd:1e:41:
+	52:46:a1:2e:8b:6e:65:37:af:48:82:e1:5c:a3:ea:
+	d7:1b:32:3b:e3:81:1e:95:ba:f0:58:11:ca:a4:a6:
+	05:1e:67:9c:99:ec:38:d2:9b:19:b5:56:c2:ae:37:
+	64:a4:e7:c0:f1:61:1b:bf:ab:12:54:1c:77:fc:95:
+	2f:1d:ca:53:0e:04:b6:c5:b7:69:16:04:95:a8:bd:
+	6c:b8:c5:26:4f:91:f7:33:27:90:72:2f:a7:d6:5f:
+	91:53:2c:4e:d1:ac:05:31:
+
+exp2:
+	00:83:a4:55:a6:fa:1b:d8:e7:54:0d:ca:f1:55:36:
+	3b:b1:f0:cb:c3:cd:d3:fb:27:ca:1e:c9:10:bb:e2:
+	ae:78:c7:f2:0a:6c:21:82:8e:1b:0d:0d:5f:8e:a9:
+	ef:6f:aa:49:12:b0:2d:df:45:85:54:05:d9:33:56:
+	74:38:ba:89:15:c9:2c:e6:34:b7:9b:1f:de:23:ba:
+	72:d9:74:62:70:46:87:b9:e8:52:9b:42:e9:ff:44:
+	e0:a8:bb:6b:54:a9:88:75:62:a4:fa:bd:52:6b:a3:
+	2d:9c:7a:4e:3f:99:53:5c:15:47:50:4e:88:62:9b:
+	ce:7e:6f:d6:90:c5:42:2b:01:
+
+
+Public Key ID: 97:E6:DF:6D:CB:25:B2:93:33:FB:4C:29:2B:74:AA:55:2A:7B:06:E7
+Public key's random art:
++--[ RSA 2048]----+
+|                 |
+|                 |
+|                 |
+|           .     |
+|        S + .    |
+|        .+oo.  . |
+|        .=+oo.+ .|
+|         +E.=O.oo|
+|        o+ .=*++o|
++-----------------+
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAyMLca3nkR9K2XqYTfvX6kPf9ylHkwvGR1sGyzkyUg/ZMOGI8
+4i0teaXyjGzgGNSbfB+fcZX2IkuZvNshYv7SRtGRDYsI8pR/4KWffPZkT6tfB1aV
+PyBV+/nU6l+SnaUsNVSot80pEZCCK+NIKYupjYup4HRJpU2+5oPcSmpnIgfQTlJm
+COoEeBFG28aRzLSs6anlIjY0BIu6BSKhdr04taOlgPCh2x3cRGUvQMnVolbxMLxO
+qLHiLSixbNqv4tcEiKfRC9qv3+5Ec3SnWSrenReA0cqpamJNPnj5ZjHs96a/ipFf
+PXWzCInNQv4/DUO6tD2yZvMOACzPtXYUmdR4JwIDAQABAoIBAQCSgB/5DenXv5v1
+VZvEehtuzokUqs4Us9OIs7CXeqql4YWdX5KuOemFa+OjNZASjpMn8KuZZ6VFQYXe
+msmyQ+GObD89csgEvPjUJghMWEC7IoMmB7jBaAdW6OjGXxfOkknAYRb9iWj+uEVF
+YYW3S4NfFxvP/wv+5Mz5yh9m7l50JZR6Jw4PQ1AUSK3GiuGs/44Q7eaSSMiUwTos
+24ZxZo4ZkxPt+UcGXoviLss6wrNejTHkxafNPwlw5AJdNCpNt/UG4vU7j7atSiK4
+/kOnTWfvw+Htg+LV8tA3D1arW0dpChQDLEOjc+kFcl7faJxnSwhkLcJnI6rlNYhW
+mZUXYCABAoGBAOrKEobAJbir/UQsGj8bGWjUJm6crW01EimfQMJMlu+LCGE5CLeK
+H4GXcf+vWlvbmi8vKauSu8VRooTF9Ih5rKK4Fx5KZmK+5av9AUJrFvlze80+91xc
+ld15c8RgqM+VgLp9AhScflhPjAgsuEYxI7Iawzh4XOpQnUIjMTCaDz8nAoGBANrl
+02YPNFOM6L9fHkaTR98wV74fMGp+6fBrP2GJUeIL2lEJZfYjOmGGAkYKzxFzfC1l
+vWS4DiTSt1GPObSiG+SavGYx4gDrPiAGlwqgu4Lav9XpIHenVYZpzus40/Stgp7O
+AgXFEarAuWZv5/QmV3L6UAutdkSG4D73wD7zlJ8BAoGAHzYNkGwql4oFePKD6q+n
+iQ/qq/mX9FSBvZa1/R5BUkahLotuZTevSILhXKPq1xsyO+OBHpW68FgRyqSmBR5n
+nJnsONKbGbVWwq43ZKTnwPFhG7+rElQcd/yVLx3KUw4EtsW3aRYElai9bLjFJk+R
+9zMnkHIvp9ZfkVMsTtGsBTECgYEAg6RVpvob2OdUDcrxVTY7sfDLw83T+yfKHskQ
+u+KueMfyCmwhgo4bDQ1fjqnvb6pJErAt30WFVAXZM1Z0OLqJFcks5jS3mx/eI7py
+2XRicEaHuehSm0Lp/0TgqLtrVKmIdWKk+r1Sa6MtnHpOP5lTXBVHUE6IYpvOfm/W
+kMVCKwECgYEAlPJCqRpiHHq/NBunh669OtnxjE729SdarvEeFQam0OTg7DpAAhO5
+MZrNOsY0fcadnmBbygOIh1bw4eo3litTQLJ4ToDi4CSMgw74d6Rk1cwJbNZSSflV
+YRZytdLq4WH7MSTwMIz+XClxBgkRTe9RpjNiVNLH3rp4F7EnUPTvxDo+-----END RSA PRIVATE KEY-----
diff --git a/testenv/certs/wget-cert.pem b/testenv/certs/wget-cert.pem
deleted file mode 100644
index b83069e..0000000
--- a/testenv/certs/wget-cert.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMV8qEpuSVUdWaAY
-F2N1ljGEJ/907Og5B0aZLeDskmLAOohKMWTiiSx+lseXVD/Zf/LaFfy/+q0Rk5+o
-pFEPEEjadvdxogb9HPwjfj48ng74yV1c5ZGRx/aIeIJN9cacfs4J5NlT3ZPiV8/2
-mpBurBYvta5tneUl+lx4NHTEBmjTAgMBAAECgYBHlFlDMRovWYYEuvavPA2GQQpm
-UzETMqhqdFbmsZiVZmtQvuOMV3e0wuVPzo/g3Kq9kUJq7AKl/DrvoaZ9IuKZgkDD
-0QEBYo/lcxEA9qcfgVs5XLp9ED1mXzJSZ3bmpCDqa2NjG7yFdWzPxc1DXmT05MrF
-bZbb0Wao0tvMwoeJYQJBAOql5uOyjDHvLLuS0IFKbYz4LQwAp7Gjs0ZS9qLNhQQn
-m5Vr8xS9QwFID693K6aDl3tqSCIwSnyInacj8M8v18sCQQDXdReE2i4LKOVLcQsP
-XabN96fFLlnoIh9MqFza4skjhXJWqjBLgJuFqyT5CTbU9TmaoIPXdo4454P1CCgR
-KEIZAkAZE7nlQ8Ov4nvJYBtgde/XTP6jdb52QaR7M4qgQ46frwv1oB/Oa5upm2Xx
-vq6vkQiza9xhqv+K557RqgmmWtqZAkASoXJmL4OZvXCOZHkDXCLHXqnoOAjYNNMm
-Csz0tHWWF7z6V38TmExac6Ef07clFQtlHoooAH1t2D8l2g205hlJAkBfeghbZDdY
-16NtVnvtzjjhKqZFqwTSANFV8NSzgb/QiNnX0hsMPt9bbc5VCo77Ly2oP5SvixfZ
-kjrIQqDV8MLu
------END PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICODCCAaGgAwIBAgIJAOiSkPuPcAwqMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV
-BAYTAklOMRMwEQYDVQQIDApTb21lLVN0YXRlMREwDwYDVQQKDAhHTlUgV2dldDAe
-Fw0xMzEyMDcwNTA3NTRaFw0xNDEyMDcwNTA3NTRaMDUxCzAJBgNVBAYTAklOMRMw
-EQYDVQQIDApTb21lLVN0YXRlMREwDwYDVQQKDAhHTlUgV2dldDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAxXyoSm5JVR1ZoBgXY3WWMYQn/3Ts6DkHRpkt4OyS
-YsA6iEoxZOKJLH6Wx5dUP9l/8toV/L/6rRGTn6ikUQ8QSNp293GiBv0c/CN+Pjye
-DvjJXVzlkZHH9oh4gk31xpx+zgnk2VPdk+JXz/aakG6sFi+1rm2d5SX6XHg0dMQG
-aNMCAwEAAaNQME4wHQYDVR0OBBYEFLhtTG9a6v3ihL5DeWKfq6doYI42MB8GA1Ud
-IwQYMBaAFLhtTG9a6v3ihL5DeWKfq6doYI42MAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEApTEZX3cgmgdXDJsu7wtkejtq3vuyi6NXBUlHzoYzWaS5wn8P
-uDG4G9zd1cwmwrbYA8lS+ANWvkcqjM68gMs1ARMZRS0IrYMCN8bokQw+16sqImZO
-THX50Sb5U+9e1IotDWyRBNO10znsoh569BxhJ5WZdIaoKHOJdXEYV+3Y/hg------END CERTIFICATE-----
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
index 6ace8e2..1b67bfc 100644
--- a/testenv/server/http/http_server.py
+++ b/testenv/server/http/http_server.py
@@ -38,13 +38,15 @@ class HTTPSServer (StoppableHTTPServer):
         import ssl
         BaseServer.__init__ (self, address, handler)
         # step one up because test suite change directory away from $srcdir (don't do that !!!)
-        CERTFILE = os.path.abspath(os.path.join('..', os.getenv('srcdir', '.'), 'certs', 'wget-cert.pem'))
+        CERTFILE = os.path.abspath(os.path.join('..', os.getenv('srcdir', '.'), 'certs', 'server-cert.pem'))
+        KEYFILE = os.path.abspath(os.path.join('..', os.getenv('srcdir', '.'), 'certs', 'server-key.pem'))
         fop = open (CERTFILE)
         print (fop.readline())
         self.socket = ssl.wrap_socket (
             sock = socket.socket (self.address_family, self.socket_type),
             ssl_version = ssl.PROTOCOL_TLSv1,
             certfile = CERTFILE,
+            keyfile = KEYFILE,
             server_side = True
         )
         self.server_bind()
--
2.1.3