You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by as...@apache.org on 2019/03/14 20:05:29 UTC
[qpid-proton] branch master updated (dba3586 -> 159fac1)
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git.
from dba3586 PROTON-2013: Updated Travis CI macOS jobs to be xcode8.3 and xcode10.1
new 5af234e NO-JIRA: Remove unused code from example
new 67bed64 PROTON-2019: [Python] Fix the test certificates so that test work on Windows 10 - Had to change the key algorithm to EC because the previous default DSA is insecure and hence not supported by default on Windows
new 87898b3 PROTON-2004: [c] Allow Proton to compile with libressl
new 2e7b402 PROTON-2018: [c] Introduce some ssl protocol tests
new 97c7733 PROTON-2014: [c] Ensure SSL mutual authentication
new 159fac1 PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl - Also make send-ssl tell you the remote peer
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
c/examples/broker.c | 8 +-
c/examples/send-ssl.c | 26 +--
c/src/ssl/openssl.c | 16 +-
c/src/ssl/schannel.c | 5 +
c/tests/CMakeLists.txt | 5 +
c/tests/ssl_proactor_test.cpp | 213 +++++++++++++++++++++
python/tests/proton_tests/ssl.py | 16 +-
python/tests/proton_tests/ssl_db/README.txt | 61 +-----
.../proton_tests/ssl_db/bad-server-certificate.p12 | Bin 1490 -> 887 bytes
.../proton_tests/ssl_db/bad-server-certificate.pem | 31 ++-
.../proton_tests/ssl_db/bad-server-private-key.pem | 15 +-
python/tests/proton_tests/ssl_db/bad-server.pkcs12 | Bin 1524 -> 924 bytes
.../tests/proton_tests/ssl_db/ca-certificate.p12 | Bin 992 -> 664 bytes
.../tests/proton_tests/ssl_db/ca-certificate.pem | 35 ++--
python/tests/proton_tests/ssl_db/ca.pkcs12 | Bin 1572 -> 964 bytes
.../proton_tests/ssl_db/client-certificate.p12 | Bin 1546 -> 951 bytes
.../proton_tests/ssl_db/client-certificate.pem | 25 +--
.../proton_tests/ssl_db/client-certificate1.p12 | Bin 1604 -> 1009 bytes
.../proton_tests/ssl_db/client-certificate1.pem | 27 +--
.../ssl_db/client-private-key-no-password.pem | 11 +-
.../proton_tests/ssl_db/client-private-key.pem | 15 +-
.../proton_tests/ssl_db/client-private-key1.pem | 15 +-
.../tests/proton_tests/ssl_db/client-request.pem | 19 +-
.../tests/proton_tests/ssl_db/client-request1.pem | 21 +-
python/tests/proton_tests/ssl_db/client.pkcs12 | Bin 1532 -> 940 bytes
python/tests/proton_tests/ssl_db/client1.pkcs12 | Bin 1646 -> 1054 bytes
.../tests/proton_tests/ssl_db/mkcerts.sh | 16 +-
.../proton_tests/ssl_db/server-certificate-lh.pem | 33 +---
.../proton_tests/ssl_db/server-certificate.p12 | Bin 1562 -> 967 bytes
.../proton_tests/ssl_db/server-certificate.pem | 25 +--
python/tests/proton_tests/ssl_db/server-lh.pkcs12 | Bin 2199 -> 900 bytes
.../proton_tests/ssl_db/server-private-key-lh.pem | 21 +-
.../proton_tests/ssl_db/server-private-key.pem | 15 +-
.../proton_tests/ssl_db/server-request-lh.pem | 27 +--
.../tests/proton_tests/ssl_db/server-request.pem | 20 +-
.../proton_tests/ssl_db/server-wc-certificate.p12 | Bin 1624 -> 1029 bytes
.../proton_tests/ssl_db/server-wc-certificate.pem | 27 +--
.../proton_tests/ssl_db/server-wc-private-key.pem | 15 +-
.../proton_tests/ssl_db/server-wc-request.pem | 22 +--
python/tests/proton_tests/ssl_db/server-wc.pkcs12 | Bin 1626 -> 1026 bytes
python/tests/proton_tests/ssl_db/server.pkcs12 | Bin 1572 -> 972 bytes
41 files changed, 409 insertions(+), 376 deletions(-)
create mode 100644 c/tests/ssl_proactor_test.cpp
copy cpp/testdata/certs/make_certs.sh => python/tests/proton_tests/ssl_db/mkcerts.sh (89%)
mode change 100755 => 100644
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 06/06: PROTON-2014: [c] Fix example broker to warn
when it fails to set up ssl - Also make send-ssl tell you the remote peer
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 159fac1f90d9b1ace1138d510176e7a5da54e9e9
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Fri Mar 8 13:14:34 2019 -0500
PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl
- Also make send-ssl tell you the remote peer
---
c/examples/broker.c | 8 ++++++--
c/examples/send-ssl.c | 10 +++++++++-
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/c/examples/broker.c b/c/examples/broker.c
index 6ffe8ed..fd6aba2 100644
--- a/c/examples/broker.c
+++ b/c/examples/broker.c
@@ -301,6 +301,7 @@ static bool handle(broker_t* b, pn_event_t* e) {
pn_sasl_allowed_mechs(pn_sasl(t), "ANONYMOUS");
if (b->ssl_domain) {
pn_ssl_init(pn_ssl(t), b->ssl_domain, NULL);
+ pn_transport_require_encryption(t, false); /* Must call this after pn_ssl_init */
}
pn_listener_accept2(pn_event_listener(e), NULL, t);
break;
@@ -443,6 +444,7 @@ static void* broker_thread(void *void_broker) {
int main(int argc, char **argv) {
const char *host = (argc > 1) ? argv[1] : "";
const char *port = (argc > 2) ? argv[2] : "amqp";
+ int err;
broker_t b = {0};
b.proactor = pn_proactor();
@@ -450,8 +452,10 @@ int main(int argc, char **argv) {
b.container_id = argv[0];
b.threads = 4;
b.ssl_domain = pn_ssl_domain(PN_SSL_MODE_SERVER);
- SET_CREDENTIALS(b.ssl_domain, "tserver");
- pn_ssl_domain_allow_unsecured_client(b.ssl_domain); /* Allow SSL and plain connections */
+ err = SET_CREDENTIALS(b.ssl_domain, "tserver");
+ if (err) {
+ printf("Failed to set up server certificate: %s, private key: %s\n", CERTIFICATE("tserver"), SSL_FILE("tserver-private-key.pem"));
+ }
{
/* Listen on addr */
char addr[PN_MAX_ADDR];
diff --git a/c/examples/send-ssl.c b/c/examples/send-ssl.c
index d08622c..1553df2 100644
--- a/c/examples/send-ssl.c
+++ b/c/examples/send-ssl.c
@@ -100,6 +100,7 @@ static bool handle(app_data_t* app, pn_event_t* event) {
pn_connection_t* c = pn_event_connection(event);
pn_session_t* s = pn_session(pn_event_connection(event));
pn_connection_set_container(c, app->container_id);
+ pn_connection_set_hostname(c, app->host);
pn_connection_open(c);
pn_session_open(s);
{
@@ -115,8 +116,15 @@ static bool handle(app_data_t* app, pn_event_t* event) {
if (ssl) {
char name[1024];
pn_ssl_get_protocol_name(ssl, name, sizeof(name));
- printf("secure connection: %s\n", name);
+ {
+ const char *subject = pn_ssl_get_remote_subject(ssl);
+ if (subject) {
+ printf("secure connection: to %s using %s\n", subject, name);
+ } else {
+ printf("anonymous connection: using %s\n", name);
+ }
fflush(stdout);
+ }
}
break;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 03/06: PROTON-2004: [c] Allow Proton to compile with
libressl
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 87898b3d71aea5bfd9e4157d6da04071e1461339
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Mon Mar 4 13:49:53 2019 -0500
PROTON-2004: [c] Allow Proton to compile with libressl
---
c/src/ssl/openssl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c
index c791b73..89cc1aa 100644
--- a/c/src/ssl/openssl.c
+++ b/c/src/ssl/openssl.c
@@ -74,7 +74,7 @@ struct pn_ssl_domain_t {
char *ciphers;
int ref_count;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
int default_seclevel;
#endif
pn_ssl_mode_t mode;
@@ -522,7 +522,7 @@ pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode )
// Mitigate the CRIME vulnerability
SSL_CTX_set_options(domain->ctx, SSL_OP_NO_COMPRESSION);
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
#endif
@@ -719,7 +719,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
case PN_SSL_VERIFY_PEER:
case PN_SSL_VERIFY_PEER_NAME:
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
SSL_CTX_set_security_level(domain->ctx, domain->default_seclevel);
#endif
@@ -759,7 +759,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
break;
case PN_SSL_ANONYMOUS_PEER: // hippie free love mode... :)
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
// Must use lowest OpenSSL security level to enable anonymous ciphers.
SSL_CTX_set_security_level(domain->ctx, 0);
#endif
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 04/06: PROTON-2018: [c] Introduce some ssl protocol
tests
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 2e7b4027ae63471b95d0f2a829a798d3329b395a
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Thu Mar 7 15:50:08 2019 -0500
PROTON-2018: [c] Introduce some ssl protocol tests
---
c/tests/CMakeLists.txt | 5 +
c/tests/ssl_proactor_test.cpp | 213 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 218 insertions(+)
diff --git a/c/tests/CMakeLists.txt b/c/tests/CMakeLists.txt
index 502e9a5..3642112 100644
--- a/c/tests/CMakeLists.txt
+++ b/c/tests/CMakeLists.txt
@@ -42,6 +42,8 @@ if (CMAKE_CXX_COMPILER)
set_target_properties(${exe} PROPERTIES
COMPILE_FLAGS "${CMAKE_CXX_FLAGS} ${CXX_WARNING_FLAGS}")
add_test(NAME ${exe} COMMAND ${test_env} ${TEST_EXE_PREFIX_CMD} $<TARGET_FILE:${exe}>)
+ set_tests_properties(${exe} PROPERTIES
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
endmacro()
## Tests that depend only on qpid-proton-core
@@ -66,6 +68,9 @@ if (CMAKE_CXX_COMPILER)
add_c_test(c-proactor-test pn_test_proactor.cpp proactor_test.cpp)
target_link_libraries(c-proactor-test qpid-proton-core qpid-proton-proactor ${PLATFORM_LIBS})
+ add_c_test(c-ssl-proactor-test pn_test_proactor.cpp ssl_proactor_test.cpp)
+ target_link_libraries(c-ssl-proactor-test qpid-proton-core qpid-proton-proactor ${PLATFORM_LIBS})
+
# Thread race test.
#
# TODO aconway 2018-11-14: enable by default when races and xcode
diff --git a/c/tests/ssl_proactor_test.cpp b/c/tests/ssl_proactor_test.cpp
new file mode 100644
index 0000000..c9eafc7
--- /dev/null
+++ b/c/tests/ssl_proactor_test.cpp
@@ -0,0 +1,213 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+#include "./pn_test_proactor.hpp"
+
+#include <proton/connection.h>
+#include <proton/condition.h>
+#include <proton/delivery.h>
+#include <proton/link.h>
+#include <proton/listener.h>
+#include <proton/netaddr.h>
+#include <proton/proactor.h>
+#include <proton/session.h>
+#include <proton/sasl.h>
+#include <proton/ssl.h>
+#include <proton/transport.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct app_data_t {
+ const char *amqp_address;
+ const char *container_id;
+
+ pn_ssl_domain_t *server_ssl_domain;
+
+ bool connection_succeeded;
+ bool transport_error;
+} app_data_t;
+
+/* Note must be run in the current directory to find certificate files */
+#define SSL_FILE(NAME) "ssl-certs/" NAME
+#define SSL_PW "tclientpw"
+/* Windows vs. OpenSSL certificates */
+#if defined(_WIN32)
+# define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
+# define SET_CREDENTIALS(DOMAIN, NAME) \
+ pn_ssl_domain_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", SSL_PW)
+#else
+# define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
+# define SET_CREDENTIALS(DOMAIN, NAME) \
+ pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME), SSL_FILE(NAME "-private-key.pem"), SSL_PW)
+#endif
+
+
+/* Returns true to continue, false if finished */
+static bool server_handler(app_data_t* app, pn_event_t* event) {
+ pn_listener_t *l = pn_event_listener(event);
+ switch (pn_event_type(event)) {
+
+ // Server side
+ case PN_LISTENER_ACCEPT: {
+ /* Configure a transport to allow SSL and SASL connections. See ssl_domain setup in main() */
+ pn_transport_t *t = pn_transport();
+ pn_transport_set_server(t); /* Must call before pn_sasl() */
+ pn_sasl_allowed_mechs(pn_sasl(t), "ANONYMOUS");
+ if (app->server_ssl_domain) {
+ pn_ssl_init(pn_ssl(t), app->server_ssl_domain, NULL);
+ }
+ pn_listener_accept2(l, NULL, t);
+
+ /* Accept only one connection */
+ pn_listener_close(l);
+ break;
+ }
+
+ case PN_TRANSPORT_CLOSED:
+ break;
+
+ default: break;
+ }
+ return true;
+}
+
+static bool client_handler(app_data_t* app, pn_event_t* event) {
+ switch (pn_event_type(event)) {
+ // Client side
+ case PN_CONNECTION_INIT: {
+ pn_connection_t* c = pn_event_connection(event);
+ pn_session_t* s = pn_session(pn_event_connection(event));
+ pn_connection_set_container(c, app->container_id);
+ pn_connection_open(c);
+ pn_session_open(s);
+ {
+ pn_link_t* l = pn_sender(s, "my_sender");
+ pn_terminus_set_address(pn_link_target(l), app->amqp_address);
+ pn_link_open(l);
+ break;
+ }
+ }
+
+ case PN_CONNECTION_BOUND: {
+ break;
+ }
+
+ case PN_CONNECTION_REMOTE_OPEN:
+ app->connection_succeeded = true;
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ case PN_TRANSPORT_ERROR:
+ app->transport_error = true;
+ break;
+
+ case PN_CONNECTION_REMOTE_CLOSE:
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ case PN_SESSION_REMOTE_CLOSE:
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ case PN_LINK_REMOTE_CLOSE:
+ case PN_LINK_REMOTE_DETACH:
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ default: break;
+ }
+ return true;
+}
+
+typedef bool handler_t(app_data_t* app, pn_event_t* event);
+void run(pn_proactor_t *p, app_data_t *app, handler_t *shandler, handler_t *chandler) {
+ /* Loop and handle server/client events */
+ do {
+ pn_event_batch_t *events = pn_proactor_wait(p);
+ pn_event_t *e;
+ for (e = pn_event_batch_next(events); e; e = pn_event_batch_next(events)) {
+ if (pn_event_type(e)==PN_PROACTOR_INACTIVE) {
+ return;
+ }
+
+ if (pn_event_listener(e)) {
+ if (!shandler(app, e)) {
+ return;
+ }
+ } else {
+ if (!chandler(app, e)) {
+ return;
+ }
+ }
+ }
+ pn_proactor_done(p, events);
+ } while(true);
+}
+
+TEST_CASE("ssl") {
+ struct app_data_t app = {0};
+
+ app.container_id = "ssl-test";
+ app.amqp_address = "fubar";
+
+ pn_test::auto_free<pn_proactor_t, pn_proactor_free> proactor(pn_proactor());
+
+ /* Configure server for default SSL */
+ pn_test::auto_free<pn_ssl_domain_t, pn_ssl_domain_free>
+ sd(pn_ssl_domain(PN_SSL_MODE_SERVER));
+ app.server_ssl_domain = sd;
+
+ /* Configure a client for SSL */
+ pn_transport_t *t = pn_transport();
+ pn_test::auto_free<pn_ssl_domain_t, pn_ssl_domain_free>
+ cd(pn_ssl_domain(PN_SSL_MODE_CLIENT));
+
+ SECTION("Anonymous connections don't verify") {
+ REQUIRE(pn_ssl_domain_set_trusted_ca_db(cd, CERTIFICATE("tclient")) == 0);
+ REQUIRE(pn_ssl_domain_set_peer_authentication(cd, PN_SSL_VERIFY_PEER_NAME, NULL) == 0);
+ REQUIRE(pn_ssl_init(pn_ssl(t), cd, NULL) == 0);
+
+ pn_proactor_listen(proactor, pn_listener(), "", 16);
+ pn_proactor_connect2(proactor, NULL, t, "");
+
+ run(proactor, &app, server_handler, client_handler);
+ CHECK(app.connection_succeeded==false);
+ CHECK(app.transport_error==true);
+ }
+
+ SECTION("Anonymous connections connect if anonymous allowed") {
+#ifndef _WIN32
+ REQUIRE(pn_ssl_domain_set_peer_authentication(cd, PN_SSL_ANONYMOUS_PEER, NULL) == 0);
+ REQUIRE(pn_ssl_init(pn_ssl(t), cd, NULL) == 0);
+
+ pn_proactor_listen(proactor, pn_listener(), "", 16);
+ pn_proactor_connect2(proactor, NULL, t, "");
+
+ run(proactor, &app, server_handler, client_handler);
+ CHECK(app.connection_succeeded==true);
+ CHECK(app.transport_error==false);
+#else
+ SUCCEED("Skipped: Windows schannel does not support anonymous connections");
+#endif
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 01/06: NO-JIRA: Remove unused code from example
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 5af234e5aa76c670de465155fcc2bc094636f4f7
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Thu Mar 7 02:08:22 2019 -0500
NO-JIRA: Remove unused code from example
---
c/examples/send-ssl.c | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/c/examples/send-ssl.c b/c/examples/send-ssl.c
index c8b9e0c..d08622c 100644
--- a/c/examples/send-ssl.c
+++ b/c/examples/send-ssl.c
@@ -46,22 +46,6 @@ typedef struct app_data_t {
} app_data_t;
static int exit_code = 0;
-
-/* Note must be run in the current directory to find certificate files */
-#define SSL_FILE(NAME) CMAKE_CURRENT_SOURCE_DIR "/ssl-certs/" NAME
-#define SSL_PW "tclientpw"
-/* Windows vs. OpenSSL certificates */
-#if defined(_WIN32)
-# define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
-# define SET_CREDENTIALS(DOMAIN, NAME) \
- pn_ssl_domain_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", SSL_PW)
-#else
-# define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
-# define SET_CREDENTIALS(DOMAIN, NAME) \
- pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME), SSL_FILE(NAME "-private-key.pem"), SSL_PW)
-#endif
-
-
static void check_condition(pn_event_t *e, pn_condition_t *cond) {
if (pn_condition_is_set(cond)) {
fprintf(stderr, "%s: %s: %s\n", pn_event_type_name(pn_event_type(e)),
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 05/06: PROTON-2014: [c] Ensure SSL mutual
authentication
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 97c7733f07712665f3d08091c82c393e4c3adbf7
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Thu Mar 7 15:51:11 2019 -0500
PROTON-2014: [c] Ensure SSL mutual authentication
---
c/src/ssl/openssl.c | 8 ++++++++
c/src/ssl/schannel.c | 5 +++++
2 files changed, 13 insertions(+)
diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c
index 89cc1aa..63d7562 100644
--- a/c/src/ssl/openssl.c
+++ b/c/src/ssl/openssl.c
@@ -756,6 +756,14 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(domain->ctx, 1);
#endif
+
+ // A bit of a hack - If we asked for peer verification then disallow anonymous ciphers
+ // A much more robust thing would be to ensure that we actually have a peer certificate
+ // when we've finished the SSL handshake
+ if (!domain->ciphers && !SSL_CTX_set_cipher_list( domain->ctx, CIPHERS_AUTHENTICATE )) {
+ ssl_log_error("Failed to set cipher list to %s", CIPHERS_AUTHENTICATE);
+ return -1;
+ }
break;
case PN_SSL_ANONYMOUS_PEER: // hippie free love mode... :)
diff --git a/c/src/ssl/schannel.c b/c/src/ssl/schannel.c
index 15e7d8a..bebaf56 100644
--- a/c/src/ssl/schannel.c
+++ b/c/src/ssl/schannel.c
@@ -1354,6 +1354,11 @@ static void server_handshake(pn_transport_t* transport)
ssl_log(transport, "server handshake successful %d max record size", max);
break;
+ case SEC_E_ALGORITHM_MISMATCH:
+ ssl_log(transport, "server handshake failed: no common algorithm");
+ ssl_failed(transport, "server handshake failed: no common algorithm");
+ break;
+
case SEC_I_CONTEXT_EXPIRED:
// ended before we got going
default:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 02/06: PROTON-2019: [Python] Fix the test
certificates so that test work on Windows 10 - Had to change the key
algorithm to EC because the previous default DSA is insecure and hence not
supported by default on Windows
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 67bed640c83d6b9a6816191b61852694ccec1c1f
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Thu Mar 14 02:08:11 2019 -0400
PROTON-2019: [Python] Fix the test certificates so that test work on Windows 10
- Had to change the key algorithm to EC because the previous default DSA
is insecure and hence not supported by default on Windows
---
python/tests/proton_tests/ssl.py | 16 +++---
python/tests/proton_tests/ssl_db/README.txt | 61 +--------------------
.../proton_tests/ssl_db/bad-server-certificate.p12 | Bin 1490 -> 887 bytes
.../proton_tests/ssl_db/bad-server-certificate.pem | 31 +++++------
.../proton_tests/ssl_db/bad-server-private-key.pem | 15 ++---
python/tests/proton_tests/ssl_db/bad-server.pkcs12 | Bin 1524 -> 924 bytes
.../tests/proton_tests/ssl_db/ca-certificate.p12 | Bin 992 -> 664 bytes
.../tests/proton_tests/ssl_db/ca-certificate.pem | 35 +++++-------
python/tests/proton_tests/ssl_db/ca.pkcs12 | Bin 1572 -> 964 bytes
.../proton_tests/ssl_db/client-certificate.p12 | Bin 1546 -> 951 bytes
.../proton_tests/ssl_db/client-certificate.pem | 25 +++------
.../proton_tests/ssl_db/client-certificate1.p12 | Bin 1604 -> 1009 bytes
.../proton_tests/ssl_db/client-certificate1.pem | 27 ++++-----
.../ssl_db/client-private-key-no-password.pem | 11 +---
.../proton_tests/ssl_db/client-private-key.pem | 15 ++---
.../proton_tests/ssl_db/client-private-key1.pem | 15 ++---
.../tests/proton_tests/ssl_db/client-request.pem | 19 ++-----
.../tests/proton_tests/ssl_db/client-request1.pem | 21 +++----
python/tests/proton_tests/ssl_db/client.pkcs12 | Bin 1532 -> 940 bytes
python/tests/proton_tests/ssl_db/client1.pkcs12 | Bin 1646 -> 1054 bytes
.../proton_tests/ssl_db/{README.txt => mkcerts.sh} | 43 +++------------
.../proton_tests/ssl_db/server-certificate-lh.pem | 33 +++--------
.../proton_tests/ssl_db/server-certificate.p12 | Bin 1562 -> 967 bytes
.../proton_tests/ssl_db/server-certificate.pem | 25 +++------
python/tests/proton_tests/ssl_db/server-lh.pkcs12 | Bin 2199 -> 900 bytes
.../proton_tests/ssl_db/server-private-key-lh.pem | 21 ++-----
.../proton_tests/ssl_db/server-private-key.pem | 15 ++---
.../proton_tests/ssl_db/server-request-lh.pem | 27 ++-------
.../tests/proton_tests/ssl_db/server-request.pem | 20 +++----
.../proton_tests/ssl_db/server-wc-certificate.p12 | Bin 1624 -> 1029 bytes
.../proton_tests/ssl_db/server-wc-certificate.pem | 27 ++++-----
.../proton_tests/ssl_db/server-wc-private-key.pem | 15 ++---
.../proton_tests/ssl_db/server-wc-request.pem | 22 +++-----
python/tests/proton_tests/ssl_db/server-wc.pkcs12 | Bin 1626 -> 1026 bytes
python/tests/proton_tests/ssl_db/server.pkcs12 | Bin 1572 -> 972 bytes
35 files changed, 158 insertions(+), 381 deletions(-)
diff --git a/python/tests/proton_tests/ssl.py b/python/tests/proton_tests/ssl.py
index 9419292..b33dae1 100644
--- a/python/tests/proton_tests/ssl.py
+++ b/python/tests/proton_tests/ssl.py
@@ -216,18 +216,18 @@ class SslTest(common.Test):
self.assertEqual("O=Server,CN=A1.Good.Server.domain.com", client.ssl.get_cert_subject())
self.assertEqual("O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev", server.ssl.get_cert_subject())
- self.assertEqual("f78f03ec31317c213dcf607c095242adbf067824", server.ssl.get_cert_fingerprint_sha1())
- self.assertEqual("3836fd0d7bbc155158997ff336de29545cc1ce4137f8419062ceb8b50fd7a6f9", server.ssl.get_cert_fingerprint_sha256())
- self.assertEqual("a8390634eb10c7a12ba3ce0837001bc6ae78c7690984f4788cf4430acdb496d5d9e02c8ec39219f5c4dcd908c34861d09481c2faf53b4ccc95dac60e623165c4",
+ self.assertEqual("1762688fb3c1c7908690efa158e89924a8e739b6", server.ssl.get_cert_fingerprint_sha1())
+ self.assertEqual("f5890052d5ad3f38f68eae9027b30fc4c3f09758d59d8f19e3f192e29e41708d", server.ssl.get_cert_fingerprint_sha256())
+ self.assertEqual("5d2b1bff39df99d101040348be015970e3da1d0ad610902dc78bba24555aae16395fd1342e26b89b422c304c32b48913000b485933720773d033aaffc561b3e9",
server.ssl.get_cert_fingerprint_sha512())
- self.assertEqual("32b7bc119f61c71d368caaf9a6bf58b2", server.ssl.get_cert_fingerprint_md5())
+ self.assertEqual("246ea13c8a549e8c0b0cc6490d81b34b", server.ssl.get_cert_fingerprint_md5())
# Test the various fingerprint algorithms
- self.assertEqual("0aab5922c8657a7fb78402b79379506d3d7806ce", client.ssl.get_cert_fingerprint_sha1())
- self.assertEqual("de5e0c4097f841815a769ce1a30dbe912b83711438a5aaf50001da23cee5a8a8", client.ssl.get_cert_fingerprint_sha256())
- self.assertEqual("d0aceeb68ab9de57c9e1c21a43a4511c54ec94011e770a523a6352b1374f59c8b58adc93d5cad6f25aa125b5934309a61a25e74a5d5e0cb40b07c7468615944c",
+ self.assertEqual("d28c0ae17c370c269bd680ea3bcc523ea5da544e", client.ssl.get_cert_fingerprint_sha1())
+ self.assertEqual("c460a601f77b77ec59480955574a227c309805dd36dbf866f42d2dce3fd4757c", client.ssl.get_cert_fingerprint_sha256())
+ self.assertEqual("37c28f451105b1979e2ea62d4a38c86e158ad345894b5016662bdd1913f48764bd71deb4b4de4ce22559828634357dcaea1832dd58327dfe5b0bc368ecbeee4c",
client.ssl.get_cert_fingerprint_sha512())
- self.assertEqual("ae0ebcebc1f970fb696ef9f56e3235da", client.ssl.get_cert_fingerprint_md5())
+ self.assertEqual("16b075688b82c40ce5b03c984f20286b", client.ssl.get_cert_fingerprint_md5())
self.assertEqual(None, client.ssl.get_cert_fingerprint(21, SSL.SHA1)) # Should be at least 41
self.assertEqual(None, client.ssl.get_cert_fingerprint(50, SSL.SHA256)) # Should be at least 65
diff --git a/python/tests/proton_tests/ssl_db/README.txt b/python/tests/proton_tests/ssl_db/README.txt
index 8a6bd6a..6e0acc3 100644
--- a/python/tests/proton_tests/ssl_db/README.txt
+++ b/python/tests/proton_tests/ssl_db/README.txt
@@ -24,63 +24,4 @@ entries, and a wildcard CommonName. Used for certificate name checking tests.
These certificates have been created using the OpenSSL tool.
-The following bash script can be used to create these certificates (requires keytool from Java 1.7, and openssl):
-
---8<--
-#!/bin/bash
-#set -x
-
-rm -f *.pem *.pkcs12
-
-# Create a self-signed certificate for the CA, and a private key to sign certificate requests:
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth
-openssl pkcs12 -nokeys -passin pass:ca-password -in ca.pkcs12 -passout pass:ca-password -out ca-certificate.pem
-
-# Create a certificate request for the server certificate. Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999
-keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request.pem -outfile server-certificate.pem
-openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-private-key.pem
-
-# Create a certificate request for a server certificate using localhost. Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey -dname "CN=localhost" -validity 99999
-keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request-lh.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request-lh.pem -outfile server-certificate-lh.pem
-openssl pkcs12 -nocerts -passin pass:server-password -in server-lh.pkcs12 -passout pass:server-password -out server-private-key-lh.pem
-
-# Create a certificate request for the client certificate. Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1" -validity 99999
-keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -certreq -file client-request.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request.pem -outfile client-certificate.pem
-openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -passout pass:client-password -out client-private-key.pem
-openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -nodes -out client-private-key-no-password.pem
-
-# Create another client certificate with a different subject line
-keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999
-keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -certreq -file client-request1.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request1.pem -outfile client-certificate1.pem
-openssl pkcs12 -nocerts -passin pass:client-password -in client1.pkcs12 -passout pass:client-password -out client-private-key1.pem
-
-# Create a "bad" certificate - not signed by a trusted authority
-keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999
-openssl pkcs12 -nocerts -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-private-key.pem
-openssl pkcs12 -nokeys -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-certificate.pem
-
-# Create a server certificate with several alternate names, including a wildcarded common name:
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -certreq -file server-wc-request.pem
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem
-openssl pkcs12 -nocerts -passin pass:server-password -in server-wc.pkcs12 -passout pass:server-password -out server-wc-private-key.pem
-
-# Create pkcs12 versions of the above certificates (for Windows SChannel)
-# The CA certificate store/DB is created without public keys.
-# Give the "p12" files the same base name so the tests can just change the extension to switch between platforms.
-# These certificates might work for OpenSSL <-> SChannel interop tests, but note that the DH cypher suite
-# overlap is poor between platforms especially for older Windows versions. RSA certificates are better for
-# interop (or PFS-friendly certificates on newer platforms).
-openssl pkcs12 -export -out ca-certificate.p12 -in ca-certificate.pem -name ca-certificate -nokeys -passout pass:
-openssl pkcs12 -export -out server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-private-key.pem -in server-certificate.pem -name server-certificate
-openssl pkcs12 -export -out client-certificate.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key.pem -in client-certificate.pem -name client-certificate
-openssl pkcs12 -export -out client-certificate1.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key1.pem -in client-certificate1.pem -name client-certificate1
-openssl pkcs12 -export -out bad-server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey bad-server-private-key.pem -in bad-server-certificate.pem -name bad-server
-openssl pkcs12 -export -out server-wc-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-wc-private-key.pem -in server-wc-certificate.pem -name server-wc-certificate
+The mkcerts.sh script in this directory can be used to create these certificates (requires keytool from Java 1.7, and openssl):
diff --git a/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 b/python/tests/proton_tests/ssl_db/bad-server-certificate.p12
index 7906831..5284915 100644
Binary files a/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 and b/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/bad-server-certificate.pem b/python/tests/proton_tests/ssl_db/bad-server-certificate.pem
index 1dc288b..20a338e 100644
--- a/python/tests/proton_tests/ssl_db/bad-server-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/bad-server-certificate.pem
@@ -1,22 +1,17 @@
Bag Attributes
friendlyName: bad-server
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 32 39 36
-subject=/CN=127.0.0.1/O=Not Trusted Inc
-issuer=/CN=127.0.0.1/O=Not Trusted Inc
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 32 37 33 33
+subject=CN = 127.0.0.1, O = Not Trusted Inc
+
+issuer=CN = 127.0.0.1, O = Not Trusted Inc
+
-----BEGIN CERTIFICATE-----
-MIICuzCCAnmgAwIBAgIELMpW4jALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJMTI3
-LjAuMC4xMRgwFgYDVQQKEw9Ob3QgVHJ1c3RlZCBJbmMwIBcNMTcwODAyMjE1MzM4
-WhgPMjI5MTA1MTcyMTUzMzhaMC4xEjAQBgNVBAMTCTEyNy4wLjAuMTEYMBYGA1UE
-ChMPTm90IFRydXN0ZWQgSW5jMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4Ed
-dRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs
-14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
-wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BY
-HPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx
-BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx
-+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAK3E
-5j/UaiVHJYAf3DAIl5hjTZcChTp57GjODdfDteHeDh85HFyW0kxmXyhpUdODzAgG
-THhpxy/+Kkd8jmUBVFnU1EXByvGORBfnJkMTkuhmk9veytxlskQ0tQV8gmRNb0Xe
-hie7T9UT8TQJy9mPS74pSuviFSx0Hz0dKGi0eVUYoyEwHzAdBgNVHQ4EFgQUg2PE
-qycdV1oxVaA33ULDrVdSjhkwCwYHKoZIzjgEAwUAAy8AMCwCFGybqSwG3TauRJVw
-XA/xeSxpYbcBAhQ6ylf9XZAvM7tMyQQTcDAkmt+YWQ==
+MIIBdDCCARmgAwIBAgIEOYKHWjAMBggqhkjOPQQDAgUAMC4xEjAQBgNVBAMTCTEy
+Ny4wLjAuMTEYMBYGA1UEChMPTm90IFRydXN0ZWQgSW5jMCAXDTE5MDMxNDA0NDU1
+MloYDzIyOTIxMjI2MDQ0NTUyWjAuMRIwEAYDVQQDEwkxMjcuMC4wLjExGDAWBgNV
+BAoTD05vdCBUcnVzdGVkIEluYzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH0j
+wk2Vo1ArWrqrivUXOKj3DAUvbwVl2INC9XV56YR1eXK3UWf6dXDTsD943e7+Q1g/
++Xs6mnFzuTsg7pvmqlijITAfMB0GA1UdDgQWBBRHko8UA3o3XnC5LlOnRfTIcKdX
+djAMBggqhkjOPQQDAgUAA0cAMEQCIDiMfWK893Jt1hnuzSq+TzAZm+IaRVDmXSEU
+/xRgKdCNAiB3LVoii0X619W5H+ueGeiWUUqsi3sNPdYlUS3aarloMA==
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/bad-server-private-key.pem b/python/tests/proton_tests/ssl_db/bad-server-private-key.pem
index 331ade0..9b0d1ae 100644
--- a/python/tests/proton_tests/ssl_db/bad-server-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/bad-server-private-key.pem
@@ -1,15 +1,10 @@
Bag Attributes
friendlyName: bad-server
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 32 39 36
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 32 37 33 33
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqgLLe7iT+1wCAggA
-MBQGCCqGSIb3DQMHBAhg98ZJQMtngwSCAVCdhdOMr+VVTNaIPSy4nSwdRTlXIuRa
-4wPi+07mToJmEtGfpJ4MPjDF9yRptVQI4RoN/RrLl0WX/HNZ5U4JluL0j68+JB1d
-MoeSRiRc+Yd2vxey8reBrvx1m1mB3LXvm38oZVDFrQ9FNGK09EtTLN1rqckr1fxQ
-Imcvb63nu5UZB8WMCVfKqe9Zm9dQlsSlp3M5OCRm296Xsr0eWwe2W1/rJiKMZN7x
-eJMf4pWVrBHoi6VJHAEA7ZvhRfcHkSbyze5ouDpKbMZS9gq38Hs4d+wkxe9x3emx
-6OvppcpBolZhntF1vJXUXMc6D5Pw3mGEsRGwcMJqWCc8XJTkyP0ylNFNyaHaz0oC
-jSWmUu0s5628K+m8nGY4X7msfOddTA16W6mODjE2ddlTqwTFu2CYBk3WbprBRXo0
-ionZQTPTqcM0UR3KyF9CHRZbnQ/d7bk57/w=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAg7Gy4GHk0q2QICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI/hgn/VXHUKcESAxFPuVRqKtDnlRi
+VnBDcpPQgglazLR1oifNk0D5Q1ouNcHrhwpFblfr3k6vDwfvrcm+9wscbjh34Gcd
+1Epfnje7TcUwlbAOQA==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/bad-server.pkcs12 b/python/tests/proton_tests/ssl_db/bad-server.pkcs12
index dea2143..16fff19 100644
Binary files a/python/tests/proton_tests/ssl_db/bad-server.pkcs12 and b/python/tests/proton_tests/ssl_db/bad-server.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/ca-certificate.p12 b/python/tests/proton_tests/ssl_db/ca-certificate.p12
index 767b24d..f0085e7 100644
Binary files a/python/tests/proton_tests/ssl_db/ca-certificate.p12 and b/python/tests/proton_tests/ssl_db/ca-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/ca-certificate.pem b/python/tests/proton_tests/ssl_db/ca-certificate.pem
index 6d27395..4a04348 100644
--- a/python/tests/proton_tests/ssl_db/ca-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/ca-certificate.pem
@@ -1,24 +1,19 @@
Bag Attributes
friendlyName: ca
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 36 34 37 32
-subject=/CN=Trusted.CA.com/O=Trust Me Inc.
-issuer=/CN=Trusted.CA.com/O=Trust Me Inc.
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 34 38 33 36 36
+subject=CN = Trusted.CA.com, O = Trust Me Inc.
+
+issuer=CN = Trusted.CA.com, O = Trust Me Inc.
+
-----BEGIN CERTIFICATE-----
-MIIDBDCCAsKgAwIBAgIEBGGY1zALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM2WhgPMjI5MTA1MTcyMTUzMzZaMDExFzAVBgNVBAMTDlRydXN0ZWQuQ0EuY29t
-MRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMIIBuDCCASwGByqGSM44BAEwggEfAoGB
-AP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6
-MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E
-+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
-ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeO
-utRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/
-C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUA
-AoGBALsRT+tH1c+TC78EYtPh+KQ0DosKKtxeSRos4eQ49erdI+tYhzeqN3Ebmeky
-TWfGjjU64PGRFDNGjpf9l7Yo22jk9U5zIFkFp5gP9DVBHrOrh8mdT+/oBhhVHxI5
-rWLqSjI/zXhRzRwueR81p0D3XJlV3g/xlOlWALoRnUWpDAo3o2QwYjASBgNVHRMB
-Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV
-HQ8BAf8EBAMCAoQwHQYDVR0OBBYEFLI2ezwilYHGS5MRPMWlifHH+Y5qMAsGByqG
-SM44BAMFAAMvADAsAhRxomjEvDfhe1p+D6KLc0IGjDNgtgIUIZXb0/Fpzy6dpCwe
-Ay+soxvpfMU=
+MIIBvjCCAWKgAwIBAgIEKf+gPDAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU0OFoYDzIyOTIxMjI2MDQ0NTQ4WjAxMRcwFQYDVQQDEw5UcnVzdGVkLkNBLmNv
+bTEWMBQGA1UEChMNVHJ1c3QgTWUgSW5jLjBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABNR8m25EBo4Gz9kJDzEFfhbJSVlIBNvkA4ptboCI7KtvlMFIngctZ57j0nQg
+zFRm4+7JvhG47emOKFnKTTi+ajujZDBiMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIChDAdBgNV
+HQ4EFgQUpc3FsKH3CFshhQ//NGv22VnJClUwDAYIKoZIzj0EAwIFAANIADBFAiEA
+yp0ubNbuHni42G9015G+5BN0JcrQR9+cXnPMmAbu+pICICHM/4bARj6MgMMjkNDw
+fAUY/tsPIf2bThlTne+dYswg
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/ca.pkcs12 b/python/tests/proton_tests/ssl_db/ca.pkcs12
index d9ca00c..ae14dc7 100644
Binary files a/python/tests/proton_tests/ssl_db/ca.pkcs12 and b/python/tests/proton_tests/ssl_db/ca.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/client-certificate.p12 b/python/tests/proton_tests/ssl_db/client-certificate.p12
index 82271f9..fbb9b76 100644
Binary files a/python/tests/proton_tests/ssl_db/client-certificate.p12 and b/python/tests/proton_tests/ssl_db/client-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/client-certificate.pem b/python/tests/proton_tests/ssl_db/client-certificate.pem
index 4c0d4d4..e79f9c8 100644
--- a/python/tests/proton_tests/ssl_db/client-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/client-certificate.pem
@@ -1,18 +1,11 @@
-----BEGIN CERTIFICATE-----
-MIIC1jCCApOgAwIBAgIEeg2f8DALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM3WhgPMjI5MTA1MTcyMTUzMzdaMCUxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0G
-A1UEChMGQ2xpZW50MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9K
-nC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00
-b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNa
-FpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA
-9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ
-FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7
-zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAJ3g1ohpHgoxH
-3Yj0SIfiPcUaM5FIszemFwQ2FZoG/J7MiVIw442JheTR/iEB3LYheHBp7ToqhaMY
-NYidcxxUzgZJs3worXqAuUgDdbDcW6AjQ4olyGVt7sX9OL2amMq9BFCIt7SlyDKW
-8Accx46H+8BffMdCu56yw5WQtZ3cPD2jQjBAMB8GA1UdIwQYMBaAFLI2ezwilYHG
-S5MRPMWlifHH+Y5qMB0GA1UdDgQWBBQg7FbClmtrSAHA9lR8E7uexl5p1jALBgcq
-hkjOOAQDBQADMAAwLQIVAIpUbUYyA3DisZyENQwcN0rDQ+FyAhRPcfg9Slb6MfO4
-SBFqOiesk+cpqw==
+MIIBkTCCATSgAwIBAgIEI9nW7zAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1MVoYDzIyOTIxMjI2MDQ0NTUxWjAlMRIwEAYDVQQDEwkxMjcuMC4wLjExDzAN
+BgNVBAoTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOhYajwUumZV
+KBln2HTYEa02R/tRJLUlsaXTNF0UWZsW1CusUHLUl8gCQzZ86gre37f9axOqTuKa
+X8S8X1e8kDajQjBAMB8GA1UdIwQYMBaAFKXNxbCh9whbIYUP/zRr9tlZyQpVMB0G
+A1UdDgQWBBTRne32fYHdf10kgqOReaM+Xggz+jAMBggqhkjOPQQDAgUAA0kAMEYC
+IQDNcLox96KCz9+uMpNnZBwCWaPnZAhLKSL4VAgRzsmguwIhALKsrrYmiHfADqL1
+NIPjXFqjVAr822FFDsNuPhImyb0I
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/client-certificate1.p12 b/python/tests/proton_tests/ssl_db/client-certificate1.p12
index d35f88f..49dfee1 100644
Binary files a/python/tests/proton_tests/ssl_db/client-certificate1.p12 and b/python/tests/proton_tests/ssl_db/client-certificate1.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/client-certificate1.pem b/python/tests/proton_tests/ssl_db/client-certificate1.pem
index c63b4f1..b4ba086 100644
--- a/python/tests/proton_tests/ssl_db/client-certificate1.pem
+++ b/python/tests/proton_tests/ssl_db/client-certificate1.pem
@@ -1,19 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIDDDCCAsqgAwIBAgIEBmzTzzALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM4WhgPMjI5MTA1MTcyMTUzMzhaMFwxDDAKBgNVBAsTA0RldjENMAsGA1UEBxME
-Q2l0eTELMAkGA1UECBMCU1QxCzAJBgNVBAYTAlVTMRIwEAYDVQQDEwkxMjcuMC4w
-LjExDzANBgNVBAoTBkNsaWVudDCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB
-HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tV
-bNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF
-HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvw
-WBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/m
-cQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi
-8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgHVu
-urVq1FFws/JN+I3yfA2RVmFwlYJID8yyO9lkHBPBDE0dqfFBF6F3nwsCiZF0n/v4
-od6MuuRSplV4kZH0jOOVw7e9cF2RNd/KahsIpm/Oq5aosm6W7KDK/xIwNyW+3DFt
-TGDTOZ6ejVMgGR2rAD+FEp2yycJACQBP1GtTSFXTo0IwQDAfBgNVHSMEGDAWgBSy
-Nns8IpWBxkuTETzFpYnxx/mOajAdBgNVHQ4EFgQUz4cx+zNqsCmWpBU2dw8GHO33
-+eEwCwYHKoZIzjgEAwUAAy8AMCwCFCsfHJPB4Tq6qX5U+DZBc3jmLBiXAhRF17Dz
-fq+AxqyQ9PvTtH3UbFh1hQ==
+MIIBxzCCAWugAwIBAgIED5w8oDAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1MloYDzIyOTIxMjI2MDQ0NTUyWjBcMQwwCgYDVQQLEwNEZXYxDTALBgNVBAcT
+BENpdHkxCzAJBgNVBAgTAlNUMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJMTI3LjAu
+MC4xMQ8wDQYDVQQKEwZDbGllbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATM
+/ljcSFBD2f5WXXYFfliu7OrnOQ0hYpggD2pi9hpHPCuc4O8qSpMIJD3rRmtZm9A0
+CUuwFO260ZWZ+XyGIL+ao0IwQDAfBgNVHSMEGDAWgBSlzcWwofcIWyGFD/80a/bZ
+WckKVTAdBgNVHQ4EFgQUgzkMJd//VkwkVEdNk8Pctl0CMvkwDAYIKoZIzj0EAwIF
+AANIADBFAiAuDk84/qkREIQuK55deoDN7dTHGrim/1IA7WlcX0WfNwIhAOyKVWAq
+YZjZyehg/4lxKEDnmURqUeZGwmPNX6Ohi0FO
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem b/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem
index 4609e17..f6f01fc 100644
--- a/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem
+++ b/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem
@@ -1,13 +1,8 @@
Bag Attributes
friendlyName: client-certificate
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 32 33 39
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 30 37 31 35
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
-PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
-pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
-1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
-vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
-zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
-g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUagxvW3D50G8WfG2jBtMMVQRYXnY=
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAC7zwZZzLaBk+N55ry
+QzgmInDn9V3/u9sByfzzbAV0Ug==
-----END PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/client-private-key.pem b/python/tests/proton_tests/ssl_db/client-private-key.pem
index bca85eb..b1a0c02 100644
--- a/python/tests/proton_tests/ssl_db/client-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/client-private-key.pem
@@ -1,15 +1,10 @@
Bag Attributes
friendlyName: client-certificate
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 32 33 39
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 30 37 31 35
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHmVKa1dEtm4CAggA
-MBQGCCqGSIb3DQMHBAgpc0Ay33xL9ASCAVBJ8D5DVRd0d6t3gSvTFBAflpUROv2/
-pQlMLGbGlJIoEPyMIc9/GcgS7U19nMdoJjI1TuT/hGwObualnRRjY6KL5cbK2oUQ
-371yUs6jGIQxtCeb1WgKpA/FKw9jRO7Tg5ztObItPiSQvkOcssfdRJYI1+W+ovj+
-j1BKMkJu197twIChYaz+3ppJzrh3qlqFgdRdE9H04ffWpNaZ6aOIIJHPMuZ8FScu
-bQyvD9JjI+JWJUaCyp/3dxxxVrZ3vu8i6LmrL6Nm9IkJtFMZOfgPkoRLML2DWKqB
-1qLk/Z45/THXDAxrPggFfqMvuctwJmtAGvo3MIbfCi+aewJE6/DjlSHDv6wGvOGB
-T5golvZ5siahHqwmufSQG8ZTsGcpu/jCA5ipIvcTVgWIxscNc2Yx9FDNWVNzUcTy
-ctRX6DS+s7rAy9ISjch4BbAtI7yALFt63eU=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAi5hbIRcNMhZwICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIVqW6ysNdlKsESC1xPa25tqkCSYlo
+EvU8CPJ1Z4FZrWg7Tm3TqhjsZzLLNV2ZAXmk66b0DEla4GtuDNX9cQ1mdJVt4cK9
+RRH2ydoTVZwfmGQUvQ==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/client-private-key1.pem b/python/tests/proton_tests/ssl_db/client-private-key1.pem
index bedf540..4b1fa0a 100644
--- a/python/tests/proton_tests/ssl_db/client-private-key1.pem
+++ b/python/tests/proton_tests/ssl_db/client-private-key1.pem
@@ -1,15 +1,10 @@
Bag Attributes
friendlyName: client-certificate1
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 37 37 32
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 31 37 33 33
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIg1n9vdGttqoCAggA
-MBQGCCqGSIb3DQMHBAgRjlrRQfGcLQSCAVChui/M+36/e0WzeM79aJV7YZds/OJY
-gprtJ2g5Cxb1L9hymwgxJtOAaRUqLUcfLHcKSxA+MaB+Ij+/8TH+miq0zZ9q0jZV
-BAm56FNgUjW0nPLueTNhWzVVfQU6H9Tj33OuKm1PQo84Af3OPMtE03pvGDPEAPbH
-a72HUgZyI7WTux4wpxfvUEVkT5OXgBHrFlqXiHHCI+9kqBXMCV3oHgZBcO+dqPKS
-rlaTY7xoQWLenB6EQeYopMA2GNUVtzB3y6/nX2z0Yp5oHqKPBNOyFlVmwCrENN1/
-qnrFfzVbnksWLKhg9O+TPsId1UIZVvBh67y5N5IZRrpuE03qd2BScKM/Tn6vkWNB
-Eus74Vba5vw9prauRC45FVgDe2YYYoULYPfhXWSiiWHDNKOBlz3l3hGlZsC8wKe5
-QlV5bVcOTfGIaBkD7SQyfRjMr8SWj4WMw1M=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjV9ic9LFKc4wICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIZvmbZ2cksUUESDjp49a8ZT4AGeLw
+FCo7HM7oyCMNjBBAYOCphiDwwRECU3K1Gtaelz7bt4GLQvHPEZRCwupmhL0btvuH
+6tJmq3SAllU564IbPg==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/client-request.pem b/python/tests/proton_tests/ssl_db/client-request.pem
index b247aab..ba03fff 100644
--- a/python/tests/proton_tests/ssl_db/client-request.pem
+++ b/python/tests/proton_tests/ssl_db/client-request.pem
@@ -1,15 +1,8 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIICWTCCAhcCAQAwJTESMBAGA1UEAxMJMTI3LjAuMC4xMQ8wDQYDVQQKEwZDbGll
-bnQwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8
-70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWk
-n5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
-Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8
-q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fP
-CTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD
-3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAneDWiGkeCjEfdiPRIh+I9xRoz
-kUizN6YXBDYVmgb8nsyJUjDjjYmF5NH+IQHctiF4cGntOiqFoxg1iJ1zHFTOBkmz
-fCiteoC5SAN1sNxboCNDiiXIZW3uxf04vZqYyr0EUIi3tKXIMpbwBxzHjof7wF98
-x0K7nrLDlZC1ndw8PaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFCDsVsKW
-a2tIAcD2VHwTu57GXmnWMAsGByqGSM44BAMFAAMvADAsAhQY5Zy4fQcy/SZOJ2Ix
-cl3/QfimvQIUVvSdet7NKWzMQoBDhlJTdTzJvE8=
+MIIBEzCBtwIBADAlMRIwEAYDVQQDEwkxMjcuMC4wLjExDzANBgNVBAoTBkNsaWVu
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOhYajwUumZVKBln2HTYEa02R/tR
+JLUlsaXTNF0UWZsW1CusUHLUl8gCQzZ86gre37f9axOqTuKaX8S8X1e8kDagMDAu
+BgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBTRne32fYHdf10kgqOReaM+Xggz+jAM
+BggqhkjOPQQDAgUAA0kAMEYCIQCZHpPOa5wARAM23XE9sOdQ7jYA+PmbtLNcX6jB
+9yVV/QIhAK6x+HRLjP4Yo2oqoDVo8TtHGTxLXOHhLGGnh8T8W0j4
-----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/client-request1.pem b/python/tests/proton_tests/ssl_db/client-request1.pem
index b46eb0a..f781da4 100644
--- a/python/tests/proton_tests/ssl_db/client-request1.pem
+++ b/python/tests/proton_tests/ssl_db/client-request1.pem
@@ -1,16 +1,9 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIICkTCCAk4CAQAwXDEMMAoGA1UECxMDRGV2MQ0wCwYDVQQHEwRDaXR5MQswCQYD
-VQQIEwJTVDELMAkGA1UEBhMCVVMxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0GA1UE
-ChMGQ2xpZW50MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s
-5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/Jm
-YLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy
-9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
-hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj
-6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx
-vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAdW66tWrUUXCz8k34
-jfJ8DZFWYXCVgkgPzLI72WQcE8EMTR2p8UEXoXefCwKJkXSf+/ih3oy65FKmVXiR
-kfSM45XDt71wXZE138pqGwimb86rlqiybpbsoMr/EjA3Jb7cMW1MYNM5np6NUyAZ
-HasAP4USnbLJwkAJAE/Ua1NIVdOgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
-BBTPhzH7M2qwKZakFTZ3DwYc7ff54TALBgcqhkjOOAQDBQADMAAwLQIUFs17HaTm
-vest72/4Caoo1sH39n0CFQCR680PPwr3lZ5jjEOp+n4htQNUvw==
+MIIBSTCB7gIBADBcMQwwCgYDVQQLEwNEZXYxDTALBgNVBAcTBENpdHkxCzAJBgNV
+BAgTAlNUMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJMTI3LjAuMC4xMQ8wDQYDVQQK
+EwZDbGllbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATM/ljcSFBD2f5WXXYF
+fliu7OrnOQ0hYpggD2pi9hpHPCuc4O8qSpMIJD3rRmtZm9A0CUuwFO260ZWZ+XyG
+IL+aoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUgzkMJd//VkwkVEdNk8Pc
+tl0CMvkwDAYIKoZIzj0EAwIFAANIADBFAiEAtxVWNgJy8KBmmlhCI9xsZeo42cGY
+MutsiPg6KxZwsp0CICb+Z+gdXThNC3aJGXYYX4sE2aTSUBnGYmXC2d2cCStD
-----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/client.pkcs12 b/python/tests/proton_tests/ssl_db/client.pkcs12
index 575a551..369c8e6 100644
Binary files a/python/tests/proton_tests/ssl_db/client.pkcs12 and b/python/tests/proton_tests/ssl_db/client.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/client1.pkcs12 b/python/tests/proton_tests/ssl_db/client1.pkcs12
index 0e7c888..2303a96 100644
Binary files a/python/tests/proton_tests/ssl_db/client1.pkcs12 and b/python/tests/proton_tests/ssl_db/client1.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/README.txt b/python/tests/proton_tests/ssl_db/mkcerts.sh
similarity index 75%
copy from python/tests/proton_tests/ssl_db/README.txt
copy to python/tests/proton_tests/ssl_db/mkcerts.sh
index 8a6bd6a..84e64b1 100644
--- a/python/tests/proton_tests/ssl_db/README.txt
+++ b/python/tests/proton_tests/ssl_db/mkcerts.sh
@@ -1,73 +1,44 @@
-The following certificate files are used by the SSL unit tests (ssl.py):
-
-ca-certificate.pem - contains the public certificate identifying a "trusted" Certificate
-Authority. This certificate is used to sign the certificates that identify the SSL
-servers and clients run by the tests.
-
-client-certificate.pem - the public certificate used to identify the client. Signed by
-the CA.
-
-client-private-key.pem - encrypted key used to create client-certificate.pem. Password is
-"client-password"
-
-server-certificate.pem - the public certificate used to identify the server. Signed by
-the CA. The CommonName is "A1.Good.Server.domain.com", and is checked by some unit tests.
-
-server-private-key.pem - encrypted key used to create server-certificate.pem. Password is
-"server-password"
-
-bad-server-certificate.pem, bad-server-private-key.pem - a certificate/key that is not trusted by the client, for negative test.
-
-server-wc-certificate.pem and server-wc-private-key.pem - similar to
-server-certificate.pem and server-private-key.pem, but contains Subject Alternate Name
-entries, and a wildcard CommonName. Used for certificate name checking tests.
-
-These certificates have been created using the OpenSSL tool.
-
-The following bash script can be used to create these certificates (requires keytool from Java 1.7, and openssl):
-
---8<--
#!/bin/bash
#set -x
rm -f *.pem *.pkcs12
# Create a self-signed certificate for the CA, and a private key to sign certificate requests:
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth
+keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -keyalg EC -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth
openssl pkcs12 -nokeys -passin pass:ca-password -in ca.pkcs12 -passout pass:ca-password -out ca-certificate.pem
# Create a certificate request for the server certificate. Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999
+keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -keyalg EC -genkey -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999
keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request.pem
keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request.pem -outfile server-certificate.pem
openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-private-key.pem
# Create a certificate request for a server certificate using localhost. Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey -dname "CN=localhost" -validity 99999
+keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -keyalg EC -genkey -dname "CN=localhost" -validity 99999
keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request-lh.pem
keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request-lh.pem -outfile server-certificate-lh.pem
openssl pkcs12 -nocerts -passin pass:server-password -in server-lh.pkcs12 -passout pass:server-password -out server-private-key-lh.pem
# Create a certificate request for the client certificate. Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1" -validity 99999
+keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -keyalg EC -genkey -dname "O=Client,CN=127.0.0.1" -validity 99999
keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -certreq -file client-request.pem
keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request.pem -outfile client-certificate.pem
openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -passout pass:client-password -out client-private-key.pem
openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -nodes -out client-private-key-no-password.pem
# Create another client certificate with a different subject line
-keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999
+keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -keyalg EC -genkey -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999
keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -certreq -file client-request1.pem
keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request1.pem -outfile client-certificate1.pem
openssl pkcs12 -nocerts -passin pass:client-password -in client1.pkcs12 -passout pass:client-password -out client-private-key1.pem
# Create a "bad" certificate - not signed by a trusted authority
-keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999
+keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -keyalg EC -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999
openssl pkcs12 -nocerts -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-private-key.pem
openssl pkcs12 -nokeys -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-certificate.pem
# Create a server certificate with several alternate names, including a wildcarded common name:
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999
+keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -keyalg EC -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999
keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -certreq -file server-wc-request.pem
keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem
openssl pkcs12 -nocerts -passin pass:server-password -in server-wc.pkcs12 -passout pass:server-password -out server-wc-private-key.pem
diff --git a/python/tests/proton_tests/ssl_db/server-certificate-lh.pem b/python/tests/proton_tests/ssl_db/server-certificate-lh.pem
index 6c9c7ff..362f734 100644
--- a/python/tests/proton_tests/ssl_db/server-certificate-lh.pem
+++ b/python/tests/proton_tests/ssl_db/server-certificate-lh.pem
@@ -1,26 +1,11 @@
-----BEGIN CERTIFICATE-----
-MIIEUzCCBA+gAwIBAgIEHgDMyTANBglghkgBZQMEAwIFADAxMRcwFQYDVQQDEw5U
-cnVzdGVkLkNBLmNvbTEWMBQGA1UEChMNVHJ1c3QgTWUgSW5jLjAgFw0xODA5MjUy
-MDM4MzFaGA8yMjkyMDcwOTIwMzgzMVowFDESMBAGA1UEAxMJbG9jYWxob3N0MIID
-QjCCAjUGByqGSM44BAEwggIoAoIBAQCPeTXZuarpv6vtiHrPSVG28y7FnjuvNxjo
-6sSWHz79NgbnQ1GpxBgzObgJ58KuHFObp0dbhdARrbi0eYd1SYRpXKwOjxSzNggo
-oi/6JxEKPWKpk0U0CaD+aWxGWPhL3SCBnDcJoBBXsZWtzQAjPbpUhLYpH51kjviD
-RIZ3l5zsBLQ0pqwudemYXeI9sCkvwRGMn/qdgYHnM423krcw17njSVkvaAmYchU5
-Feo9a4tGU8YzRY+AOzKkwuDycpAlbk4/ijsIOKHEUOThjBopo33fXqFD3ktm/wSQ
-PtXPFiPhWNSHxgjpfyEc2B3KI8tuOAdl+CLjQr5ITAV2OTlgHNZnAh0AuvaWpoV4
-99/e5/pnyXfHhe8ysjO65YDAvNVpXQKCAQAWplxYIEhQcE51AqOXVwQNNNo6NHjB
-VNTkpcAtJC7gT5bmHkvQkEq9rI837rHgnzGC0jyQQ8tkL4gAQWDt+coJsyB2p5wy
-pifyRz6Rh5uixOdEvSCBVEy1W4AsNo0fqD7UielOD6BojjJCilx4xHjGjQUntxya
-OrsLC+EsRGiWOefTznTbEBplqiuH9kxoJts+xy9LVZmDS7TtsC98kOmkltOlXVNb
-6/xF1PYZ9j897buHOSXC8iTgdzEpbaiH7B5HSPh++1/et1SEMWsiMt7lU92vAhEr
-DR8C2jCXMiT+J67ai51LKSLZuovjntnhA6Y8UoELxoi34u1DFuHvF9veA4IBBQAC
-ggEAdVroB0ANoeIKYkkbTwxY8B1eIHDUX1Xa1tFCzfTBIzeP4K+5a2Km5UqkIDje
-a9p3MtJgSZMAW9iJ1EDLBFH+75JirTtiYmt78vx9gIhSZkE2l/oKoVKrG3W1AJpX
-b95RnfivKIETioLGSJWNuGk2X2T1u1w0xePMGRi+dmcsCa/2ci3bMNnkkHzqNtv9
-zqWJPtjcJaGjRn0ttzXdulpdRgNndSddjBhBbFGJc8wQzqnL0aHby8tgXYcAlKiG
-tgcwZGTTrpg27bHyt6sMuANJZmd8hdgQ1MrFzw07EOoLa+I+7VNAsyF32gzTH1vy
-wGXmCLHGOZLOGI3rBHVE55+2IaNCMEAwHwYDVR0jBBgwFoAUsjZ7PCKVgcZLkxE8
-xaWJ8cf5jmowHQYDVR0OBBYEFO4pNMdb7FfaJo8k5NZGlEGO0PnDMA0GCWCGSAFl
-AwQDAgUAAy8AMCwCFB9MMOywXxzgX/OYImNrAJvR2sWLAhRMlioucHg/hFw456Y/
-fgaL4qbZfA==
+MIIBgDCCASOgAwIBAgIEZFrS+zAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1MFoYDzIyOTIxMjI2MDQ0NTUwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAARs4JYixuZKWrhNEUQX7JmrkbgHsNTSXSpw
+ucydDB364DcDastzs/67lNfcxygPIfApqocj3BPkIBtc+1hza7aso0IwQDAfBgNV
+HSMEGDAWgBSlzcWwofcIWyGFD/80a/bZWckKVTAdBgNVHQ4EFgQUfjC6oteX4u/7
+QxVHHqbWJVjK6r0wDAYIKoZIzj0EAwIFAANJADBGAiEAiIOCktPgM9pKL0aob/5j
+xNX224xo9ZNvhzSbThhHADACIQCkulC7slU+O5NjXoGraWIkLEdYL1nHKS9dix35
+D+u0ng==
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/server-certificate.p12 b/python/tests/proton_tests/ssl_db/server-certificate.p12
index cacfa89..821e40b 100644
Binary files a/python/tests/proton_tests/ssl_db/server-certificate.p12 and b/python/tests/proton_tests/ssl_db/server-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/server-certificate.pem b/python/tests/proton_tests/ssl_db/server-certificate.pem
index 462f3a5..fe66215 100644
--- a/python/tests/proton_tests/ssl_db/server-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/server-certificate.pem
@@ -1,18 +1,11 @@
-----BEGIN CERTIFICATE-----
-MIIC5jCCAqSgAwIBAgIEX8z6MDALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM3WhgPMjI5MTA1MTcyMTUzMzdaMDUxIjAgBgNVBAMTGUExLkdvb2QuU2VydmVy
-LmRvbWFpbi5jb20xDzANBgNVBAoTBlNlcnZlcjCCAbgwggEsBgcqhkjOOAQBMIIB
-HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6
-v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58ao
-phUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM
-spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4Jn
-UVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1
-kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq
-A4GFAAKBgQCERpy6RrkNHpgXT/uL9gN/IgwY7kp3Iwzr1lrqo+HqmydE+Cz9uqPH
-VyxjX7nHVrdwl7xgsoki3QyoKcrZfTL1oS79kodWG7t6CyOtj2L3KGMUdIlqWepZ
-wzCKTWrb07VjpqhMh0Qh8+IqEmvfC/4UVOec9alX0NO/ckDbIBhITqNCMEAwHwYD
-VR0jBBgwFoAUsjZ7PCKVgcZLkxE8xaWJ8cf5jmowHQYDVR0OBBYEFBhEDdcBRqn5
-wFEbAad559yrQPE7MAsGByqGSM44BAMFAAMvADAsAhRuMRxWMKxy3USjfSFn47H4
-Z5VIHgIUB2i6+RQi7dHOEQYKKmxdQvAPA9M=
+MIIBnzCCAUSgAwIBAgIEBv2/XzAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU0OVoYDzIyOTIxMjI2MDQ0NTQ5WjA1MSIwIAYDVQQDExlBMS5Hb29kLlNlcnZl
+ci5kb21haW4uY29tMQ8wDQYDVQQKEwZTZXJ2ZXIwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAASdmRnKMipY+B3VYHlddupOrzLtFN5vzn68cdoKWvrBgAmuFh8buYlN
+VLJkbsahTiklmMOjxv05DJJIX1gHdZFQo0IwQDAfBgNVHSMEGDAWgBSlzcWwofcI
+WyGFD/80a/bZWckKVTAdBgNVHQ4EFgQU5QX4K0PyMOOP1NCsNk9gN92eIpswDAYI
+KoZIzj0EAwIFAANHADBEAiAurMJBspkc6iRaeWz58AAaM32Hueml/6vm48VRlcJd
+EgIgLjThjB/bA/keP25no5IuXmtng++LdXRwT6n260Eb4n4=
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/server-lh.pkcs12 b/python/tests/proton_tests/ssl_db/server-lh.pkcs12
index 6d4c34f..930ea95 100644
Binary files a/python/tests/proton_tests/ssl_db/server-lh.pkcs12 and b/python/tests/proton_tests/ssl_db/server-lh.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/server-private-key-lh.pem b/python/tests/proton_tests/ssl_db/server-private-key-lh.pem
index 44279a6..ecb76af 100644
--- a/python/tests/proton_tests/ssl_db/server-private-key-lh.pem
+++ b/python/tests/proton_tests/ssl_db/server-private-key-lh.pem
@@ -1,21 +1,10 @@
Bag Attributes
friendlyName: server-certificate
- localKeyID: 54 69 6D 65 20 31 35 33 37 39 30 37 39 31 30 32 39 39
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 34 39 36 39 30
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInDWm8BaYfdQCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM0p5kC5QUKFBIICaJUTK4ZRiUBt
-g0YgRnrH1HE5f1h0tOHvnCND0wJmOmcwStqVtjIqVa5bkU4ZEEOOwWwO8n682Idd
-xc7c3Tfu86nGOFSNH3PpM5Urp8eb5yg3c+rrxdjbRfWKmFtup5CnmyIUHRwvpwKo
-4iBSyMTLuwB149OA10i7soB2xPH+5ZoutKIEG7HmSKBxAIYnt7awty3uQide+CKw
-PPcm+P4fGeNAKoZ0QLQFuTF8ZDOzWFv6+LJuIIlHNiRwCKGLVglFpysd22PFJ7GX
-nVjJ1wfdXyqixoFGSCa25e2VIwVL3OnMyzAsNKMzAoDc0kzs1wbnAAeGSO8mJsMp
-ea4KHu08YFuhI99FAOHvOh1UGDBdtQ5VLBoLD+K26FCIIb45IYxbpBNXvy8N+tdW
-1YrqlpjGrV0mr7mG7QTSlewowJF9KKj+YKDYjENJTjDf64S3xacNmRUbBrewGD4B
-6YJyyREhj8o/kl5IuLQtLoDx6t6zr80y45LG1zarzEn3ncwAMnOApQiYLO4R/K8Y
-T3jgQmZ2vqArr2dWyYN+fqoouEHr6MRbKiOhruimFC3+zVtKfNI0flHPxX4T74Xr
-gETirpfZandMcqsZb6DDvXmY230IUR17NiruyLX2269LfmyT4Q5nlbURgqBYQ7zI
-niM1EbTSzXVspE3x/HijJuR2nPX3k8VOmY/l87bHi9hOVen3SPt5lOYHnIhQ26jx
-c+/0c7vOONxnYnl9ucB9Kgk5ku+wqPbR/olsiB36Rsf7VjZtQlwibaY2Dtb/zt7C
-VvW+geNsIkbM/qlBh5isl8diuwx75e+tyLsnXRcQ8z8=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAg+gAOWJWbkqAICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIync649PXgawESPAAwfJDNqASiPcS
+sMi6VmT+9m0tqrq+MS6KEhrlMcPyfF7SeoiMg/BUZ+tream5UV4/W9P0ylqE3QBs
+LmXJ5bfPOif2OK6jXQ==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/server-private-key.pem b/python/tests/proton_tests/ssl_db/server-private-key.pem
index 3ae25f8..f3eb80c 100644
--- a/python/tests/proton_tests/ssl_db/server-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/server-private-key.pem
@@ -1,15 +1,10 @@
Bag Attributes
friendlyName: server-certificate
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 36 36 35 36
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 34 38 37 30 37
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6jwDH/9bZYMCAggA
-MBQGCCqGSIb3DQMHBAgbIQ8UrRfmAgSCAVDejPh9sT2PMvDjjzXG6xpSmBPNZRiz
-f2k2a9EaI8L4xadveiZTzOpk2C/nltMCNY2Vwf/LMtbvcLiadBRWM/4Uf5fvL/94
-zlKE77wPSWK1R+btZm0KIaA+EPAvnIGcjHlcSU58eQexwVlMXJ9pdeHm9KWbV1D+
-PjrlJ+SDq7OSGprTCz9r+gQ7Fy2Oe9OKc92tE29QD2AZXtSodvY9CosXCx4cqXr3
-ey+HXmVXJohsL89NycL80TvkxppqZ1hT3DZMkrFg2jFPz505rzE48y62FMoKNCjQ
-6HXvsniWYXf7ipr+A4/diSSMBr/zmA+H+ZHKlNO8FJqZ8eI1eqRO+PjO1VV9bbG0
-lYoeoFu0Y1xw6V2jLYnFF1mTCC6kegl6kruvnwO7Oy+6kPEvDrejuI6uozW2etej
-cBq1lUK5QNKSoaB7Qw+2qlyFg/KFwXXDBqk=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAiQSBndpcIYvwICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIYeRON3+pm0UESAqbxM4OytHjivFH
+dyedXWqkwZT0nDmfnAhBfiI0YsjYhU6QsMASQZ+N09gnG3zYjvbjTkiIGeNZXojO
+v4Iw3Fm6liQFu26G1w==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/server-request-lh.pem b/python/tests/proton_tests/ssl_db/server-request-lh.pem
index 14072f8..b902c4d 100644
--- a/python/tests/proton_tests/ssl_db/server-request-lh.pem
+++ b/python/tests/proton_tests/ssl_db/server-request-lh.pem
@@ -1,23 +1,8 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIID5zCCA5ECAQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MIIDQjCCAjUGByqGSM44
-BAEwggIoAoIBAQCPeTXZuarpv6vtiHrPSVG28y7FnjuvNxjo6sSWHz79NgbnQ1Gp
-xBgzObgJ58KuHFObp0dbhdARrbi0eYd1SYRpXKwOjxSzNggooi/6JxEKPWKpk0U0
-CaD+aWxGWPhL3SCBnDcJoBBXsZWtzQAjPbpUhLYpH51kjviDRIZ3l5zsBLQ0pqwu
-demYXeI9sCkvwRGMn/qdgYHnM423krcw17njSVkvaAmYchU5Feo9a4tGU8YzRY+A
-OzKkwuDycpAlbk4/ijsIOKHEUOThjBopo33fXqFD3ktm/wSQPtXPFiPhWNSHxgjp
-fyEc2B3KI8tuOAdl+CLjQr5ITAV2OTlgHNZnAh0AuvaWpoV499/e5/pnyXfHhe8y
-sjO65YDAvNVpXQKCAQAWplxYIEhQcE51AqOXVwQNNNo6NHjBVNTkpcAtJC7gT5bm
-HkvQkEq9rI837rHgnzGC0jyQQ8tkL4gAQWDt+coJsyB2p5wypifyRz6Rh5uixOdE
-vSCBVEy1W4AsNo0fqD7UielOD6BojjJCilx4xHjGjQUntxyaOrsLC+EsRGiWOefT
-znTbEBplqiuH9kxoJts+xy9LVZmDS7TtsC98kOmkltOlXVNb6/xF1PYZ9j897buH
-OSXC8iTgdzEpbaiH7B5HSPh++1/et1SEMWsiMt7lU92vAhErDR8C2jCXMiT+J67a
-i51LKSLZuovjntnhA6Y8UoELxoi34u1DFuHvF9veA4IBBQACggEAdVroB0ANoeIK
-YkkbTwxY8B1eIHDUX1Xa1tFCzfTBIzeP4K+5a2Km5UqkIDjea9p3MtJgSZMAW9iJ
-1EDLBFH+75JirTtiYmt78vx9gIhSZkE2l/oKoVKrG3W1AJpXb95RnfivKIETioLG
-SJWNuGk2X2T1u1w0xePMGRi+dmcsCa/2ci3bMNnkkHzqNtv9zqWJPtjcJaGjRn0t
-tzXdulpdRgNndSddjBhBbFGJc8wQzqnL0aHby8tgXYcAlKiGtgcwZGTTrpg27bHy
-t6sMuANJZmd8hdgQ1MrFzw07EOoLa+I+7VNAsyF32gzTH1vywGXmCLHGOZLOGI3r
-BHVE55+2IaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFO4pNMdb7FfaJo8k
-5NZGlEGO0PnDMA0GCWCGSAFlAwQDAgUAA0EAMD4CHQCdi9BZ+4bJSteebZbHHIdV
-rsazxRXT3Jdq+JCZAh0AmqErYresnNvzucEWlQ2WcSHUvMc66e2DfIWplg==
+MIIBADCBpgIBADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAARs4JYixuZKWrhNEUQX7JmrkbgHsNTSXSpwucydDB364DcDastz
+s/67lNfcxygPIfApqocj3BPkIBtc+1hza7asoDAwLgYJKoZIhvcNAQkOMSEwHzAd
+BgNVHQ4EFgQUfjC6oteX4u/7QxVHHqbWJVjK6r0wDAYIKoZIzj0EAwIFAANHADBE
+AiBXR+XS4/Y/Yc3x3lcRW+hXMQsCE9V6WtoB/sAbgZk1uwIgGRge5kpyYK3R/SFm
+zYXcQpPH4mOXfHT6gdAKIpfIAiY=
-----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/server-request.pem b/python/tests/proton_tests/ssl_db/server-request.pem
index bd53fab..6fc9724 100644
--- a/python/tests/proton_tests/ssl_db/server-request.pem
+++ b/python/tests/proton_tests/ssl_db/server-request.pem
@@ -1,15 +1,9 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIICazCCAigCAQAwNTEiMCAGA1UEAxMZQTEuR29vZC5TZXJ2ZXIuZG9tYWluLmNv
-bTEPMA0GA1UEChMGU2VydmVyMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4Ed
-dRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs
-14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
-wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BY
-HPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx
-BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx
-+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAIRG
-nLpGuQ0emBdP+4v2A38iDBjuSncjDOvWWuqj4eqbJ0T4LP26o8dXLGNfucdWt3CX
-vGCyiSLdDKgpytl9MvWhLv2Sh1Ybu3oLI62PYvcoYxR0iWpZ6lnDMIpNatvTtWOm
-qEyHRCHz4ioSa98L/hRU55z1qVfQ079yQNsgGEhOoDAwLgYJKoZIhvcNAQkOMSEw
-HzAdBgNVHQ4EFgQUGEQN1wFGqfnAURsBp3nn3KtA8TswCwYHKoZIzjgEAwUAAzAA
-MC0CFFIXSYKFVq90wR3lH+KCwvL+j0A4AhUAlxeczUtqTQFeGXFsDwIGO+5/uA4=
+MIIBITCBxwIBADA1MSIwIAYDVQQDExlBMS5Hb29kLlNlcnZlci5kb21haW4uY29t
+MQ8wDQYDVQQKEwZTZXJ2ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdmRnK
+MipY+B3VYHlddupOrzLtFN5vzn68cdoKWvrBgAmuFh8buYlNVLJkbsahTiklmMOj
+xv05DJJIX1gHdZFQoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQU5QX4K0Py
+MOOP1NCsNk9gN92eIpswDAYIKoZIzj0EAwIFAANHADBEAiBDXcll5KnA2W0r3TcW
+bA8MlhKj3we0brZleMr6gS+4bAIgVTpVAMdkOBcsXlBQjXIv2PwvnKqjO0w0YFgo
+b+yWheM=
-----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 b/python/tests/proton_tests/ssl_db/server-wc-certificate.p12
index 3f8a53d..b4d3287 100644
Binary files a/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 and b/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/server-wc-certificate.pem b/python/tests/proton_tests/ssl_db/server-wc-certificate.pem
index 4d32b40..b03f992 100644
--- a/python/tests/proton_tests/ssl_db/server-wc-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/server-wc-certificate.pem
@@ -1,19 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIDFTCCAtOgAwIBAgIEVTK/cTALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM4WhgPMjI5MTA1MTcyMTUzMzhaMDAxHTAbBgNVBAMMFCoucHJlZml4Ki5kb21h
-aW4uY29tMQ8wDQYDVQQKEwZTZXJ2ZXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA
-/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow
-9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7
-g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi
-64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466
-1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L
-+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
-gYATsU4dSb5vvYkuhnLJPYpiHOEOagLSwwggm8CD4JqA8CC/lzIJBI3LkR7Ve1Mw
-xYiDbQQPaxGsdCxaDuE+rOHmJcCNxum4gIYxeOOGHLa9eezTXLu2s0kBgsWx3I0U
-98lI4E+gRHiU27NXlNiEKvVq3GhzWvKdUqClbtLZ+67gzqN3MHUwHwYDVR0jBBgw
-FoAUsjZ7PCKVgcZLkxE8xaWJ8cf5jmowMwYDVR0RBCwwKoIWYWx0ZXJuYXRlLm5h
-bWUub25lLmNvbYIQYW5vdGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUas7dEjv/R3ig
-GcCdPRLL5P3HPU8wCwYHKoZIzjgEAwUAAy8AMCwCFFuvuEosI+5a+lSmpEahvhyE
-31WUAhR6+NkSdChlT0v6HmjyhBL1hLZYNA==
+MIIB0TCCAXSgAwIBAgIEL5KM1zAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1M1oYDzIyOTIxMjI2MDQ0NTUzWjAwMR0wGwYDVQQDDBQqLnByZWZpeCouZG9t
+YWluLmNvbTEPMA0GA1UEChMGU2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEH6HU/fmheSsvQmcypcVi5ya6htApdLxyVTnQ5NjuCoXnsr6mm9cPEH19A43+
+JBVWsdHg9sibx1JInh/JU9BYK6N3MHUwHwYDVR0jBBgwFoAUpc3FsKH3CFshhQ//
+NGv22VnJClUwMwYDVR0RBCwwKoIWYWx0ZXJuYXRlLm5hbWUub25lLmNvbYIQYW5v
+dGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUqgEQSNq/wnTz2TXH8tdDCLwnvWUwDAYI
+KoZIzj0EAwIFAANJADBGAiEA2AU1P7pwfO70WFHlEyFTEQ5I5FyctS2vYiJN2rH+
+opYCIQD4niWqR+WA+2bkxDmoRST5A3qGCsAuADU5Br11UU9MHQ==
-----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc-private-key.pem b/python/tests/proton_tests/ssl_db/server-wc-private-key.pem
index 7bae296..c9e0005 100644
--- a/python/tests/proton_tests/ssl_db/server-wc-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/server-wc-private-key.pem
@@ -1,15 +1,10 @@
Bag Attributes
friendlyName: server-wc-certificate
- localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 34 39 33
+ localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 33 31 32 30
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFt9KwMYb/OQCAggA
-MBQGCCqGSIb3DQMHBAjQ+Hr462sAigSCAVAmqByfn+Ujb9TfpEI0d6mlW7Nyko00
-chzSFz61RVA/twfbLImhYvEo7P+UglcqGc1H3DaysDuMjbiNqgP25lDHO6ndhN7r
-XaeNshI8U3RQfUrhTwcA2pGpHQ6t+TGNKifRuJMbcHxWDNr+Tdod8uUADZt8Ywb+
-WQOqIrByNJryx5i2yZT7FphYrz6N0L5cNKVIirNv9/FOlKiyuzzg5c4NmABkpajE
-ZyT2H1p/qFipz8XeQ7BvFVDWSGn6Jb8vRvcc/swoCNSs8Wukr7tbryie2IbgktES
-gw7mVOw/Wdw6u26Q8Dz1c+eyy1WPuCiubFKUK12Ul0X9KKYCufVvQPoQBsMGikRM
-JcvrMd1cZ60pANJhnrogE6VEYE3NQrPC6SNao0NB+g4CW3tOH6m80H5+yHrMdvjo
-MQNXdlwdNWrCEH6hXJxzuE1qM5Ajc82bfwo=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAio8aayQeHaFAICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIiuo/t9M71U0ESFOz+aKK6gyX/QY9
+2aypHy3FSj/7jJxqmCRf6B0yStOsfJElYkuqRWaElLboXuY6QCNDEldnl9RA1GmT
+2i25//LzKqGngQYIAg==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc-request.pem b/python/tests/proton_tests/ssl_db/server-wc-request.pem
index f6f13bd..8eae46c 100644
--- a/python/tests/proton_tests/ssl_db/server-wc-request.pem
+++ b/python/tests/proton_tests/ssl_db/server-wc-request.pem
@@ -1,16 +1,10 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIICmTCCAlcCAQAwMDEdMBsGA1UEAwwUKi5wcmVmaXgqLmRvbWFpbi5jb20xDzAN
-BgNVBAoTBlNlcnZlcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLf
-Spwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4Ad
-NG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT
-WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGB
-APfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0
-SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEk
-O8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgBOxTh1Jvm+9
-iS6Gcsk9imIc4Q5qAtLDCCCbwIPgmoDwIL+XMgkEjcuRHtV7UzDFiINtBA9rEax0
-LFoO4T6s4eYlwI3G6biAhjF444Yctr157NNcu7azSQGCxbHcjRT3yUjgT6BEeJTb
-s1eU2IQq9WrcaHNa8p1SoKVu0tn7ruDOoGUwYwYJKoZIhvcNAQkOMVYwVDAzBgNV
-HREELDAqghZhbHRlcm5hdGUubmFtZS5vbmUuY29tghBhbm90aGVyLm5hbWUuY29t
-MB0GA1UdDgQWBBRqzt0SO/9HeKAZwJ09Esvk/cc9TzALBgcqhkjOOAQDBQADLwAw
-LAIUNn3ravBNvEsgZRjQd4EPPvQ1k9wCFEuakAyAzmt2ZfIKX3ZmTIgNKsvy
+MIIBUjCB9wIBADAwMR0wGwYDVQQDDBQqLnByZWZpeCouZG9tYWluLmNvbTEPMA0G
+A1UEChMGU2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEH6HU/fmheSsv
+QmcypcVi5ya6htApdLxyVTnQ5NjuCoXnsr6mm9cPEH19A43+JBVWsdHg9sibx1JI
+nh/JU9BYK6BlMGMGCSqGSIb3DQEJDjFWMFQwMwYDVR0RBCwwKoIWYWx0ZXJuYXRl
+Lm5hbWUub25lLmNvbYIQYW5vdGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUqgEQSNq/
+wnTz2TXH8tdDCLwnvWUwDAYIKoZIzj0EAwIFAANIADBFAiEA0tvlq2F+YlaR8zVS
+BpgsSLl1MyoX4ap0hlNw4Ejxm+oCIGIvWIZ2Xh7j8NDBvOJV4q6fubs5+1X3vy34
+6JZIA47d
-----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc.pkcs12 b/python/tests/proton_tests/ssl_db/server-wc.pkcs12
index 0ceccbc..b9936ef 100644
Binary files a/python/tests/proton_tests/ssl_db/server-wc.pkcs12 and b/python/tests/proton_tests/ssl_db/server-wc.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/server.pkcs12 b/python/tests/proton_tests/ssl_db/server.pkcs12
index f3c19e2..14bcf27 100644
Binary files a/python/tests/proton_tests/ssl_db/server.pkcs12 and b/python/tests/proton_tests/ssl_db/server.pkcs12 differ
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org