356 files changed, 25329 insertions, 0 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
new file mode 100644
index 0000000..3df4784
--- /dev/null
+++ b/tests/cert-tests/Makefile.am
@@ -0,0 +1,188 @@
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2007-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem \
+	data/template-test.key data/template-test.pem templates/template-test.tmpl \
+	data/funny-spacing.pem data/ca-certs.pem data/dane-test.rr data/cert-ecc256.pem \
+	data/bmpstring.pem data/template-utf8.pem templates/template-utf8.tmpl \
+	templates/template-dn.tmpl data/template-dn.pem data/complex-cert.pem \
+	data/template-overflow.pem templates/template-overflow.tmpl data/template-overflow2.pem \
+	templates/template-overflow2.tmpl data/template-crq.pem data/cert-ecc256-full.pem \
+	templates/template-date.tmpl data/template-date.pem templates/template-dn-err.tmpl \
+	templates/template-nc.tmpl data/template-nc.pem data/xmpp-othername.pem \
+	suppressions.valgrind data/csr-invalid.der data/invalid-sig2.pem data/invalid-sig3.pem \
+	data/invalid-sig.pem email-certs/chain.exclude.test.example.com email-certs/chain.test.example.com \
+	email-certs/chain.invalid.example.com email-certs/chain.test.example.com-2 \
+	data/single-ca.p7b data/single-ca.p7b.out data/full.p7b data/full.p7b.out data/detached.p7b \
+	data/pkcs7-detached.txt data/p7-combined.out data/template-generalized.pem \
+	templates/template-generalized.tmpl data/privkey1.pem data/privkey2.pem data/privkey3.pem \
+	data/name-constraints-ip.pem data/cert-invalid-utf8.der data/very-long-dn.pem \
+	data/provable3072.pem data/provable2048.pem data/provable-dsa2048.pem \
+	data/provable-dsa2048-fips.pem templates/template-crq.tmpl data/invalid-sig5.pem \
+	templates/template-unique.tmpl data/template-unique.pem data/invalid-sig4.pem \
+	templates/template-othername.tmpl data/template-othername.pem \
+	templates/template-othername-xmpp.tmpl data/template-othername-xmpp.pem \
+	templates/template-krb5name.tmpl data/crl-demo1.pem data/crl-demo2.pem data/crl-demo3.pem \
+	data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \
+	data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \
+	data/template-rsa-sha3-384.pem data/long-oids.pem \
+	data/name-constraints-ip2.pem data/chain-md5.pem data/pubkey-ecc256.pem \
+	templates/template-dates-after2038.tmpl data/template-dates-after2038.pem \
+	data/gost-cert.pem data/gost-cert-nogost.pem data/gost94-cert.pem \
+	templates/template-tlsfeature.tmpl data/cert-with-crl.p12 \
+	data/template-tlsfeature.pem data/template-tlsfeature.csr \
+	templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \
+	data/arb-extensions.csr data/pkcs1-pad-ok.pem data/pkcs1-pad-broken.pem \
+	data/pkcs1-pad-ok2.pem data/pkcs1-pad-broken2.pem data/pkcs1-pad-broken3.pem \
+	data/client.p12 data/noclient.p12 data/unclient.p12 data/pkcs12_2certs.p12 \
+	data/pkcs12_5certs.p12 data/test-null.p12 data/cert-ca.p12 data/sha256.p12 \
+	data/key-ca.pem data/key-subca.pem data/key-subsubca.pem data/key-user.pem \
+	data/key-dsa.pem data/key-ca-dsa.pem data/key-subca-dsa.pem \
+	data/ca-public.gpg data/srv-public-all-signed.gpg data/srv-secret.gpg \
+	data/ca-secret.gpg data/srv-public.gpg data/srv-public-127.0.0.1-signed.gpg	\
+	data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \
+	data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \
+	data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \
+	data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \
+	data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \
+	data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \
+	data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem data/x509-v3-with-fractional-time.pem \
+	templates/template-long-dns.tmpl templates/template-long-serial.tmpl \
+	data/key-rsa-pss-raw.pem data/key-rsa-pss.pem data/cve-2019-3829.pem \
+	data/long-dns.pem data/template-long-dns-crq.pem data/chain-with-critical-on-root.pem \
+	data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \
+	templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem \
+	data/key-corpus-rc2-1.p12 data/key-corpus-rc2-2.p12 data/key-corpus-rc2-3.p12 \
+	data/key-corpus-rc2-1.p12.out data/no-salt.p12 data/mac-sha512.p12 data/pbes1-no-salt.p12 \
+	templates/inhibit-anypolicy.tmpl data/inhibit-anypolicy.pem data/aes-128.p12 \
+	data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \
+	data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \
+	data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \
+	data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \
+	data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \
+	data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s \
+	data/key-ca.pem data/key-user.pem data/template-sgenerate.pem \
+	data/ca-gnutls-keyid.pem data/ca-no-keyid.pem data/ca-weird-keyid.pem \
+	data/key-ca-1234.p8 data/key-ca-empty.p8 data/key-ca-null.p8 \
+	data/openssl-key-ecc.p8 data/key-ecc.p8 data/key-ecc.pem suppressions.valgrind \
+	data/encpkcs8.pem data/unencpkcs8.pem data/enc2pkcs8.pem data/dup-exts.pem \
+	data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \
+	data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \
+	data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \
+	data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \
+	data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem data/pkcs8-pbes2-sha256.pem \
+	data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \
+	data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \
+	data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \
+	data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \
+	data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \
+	data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \
+	data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b templates/template-no-ca.tmpl \
+	data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 data/crq-cert-no-ca.pem \
+	data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \
+	data/key-gost12-512.p8 data/grfc.crt data/gost-cert-ca.pem data/gost-cert-new.pem \
+	data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \
+	data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \
+	templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \
+	data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer \
+	templates/simple-policy.tmpl data/simple-policy.pem
+
+dist_check_SCRIPTS = pathlen.sh aki.sh invalid-sig.sh email.sh \
+	pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh name-constraints.sh certtool-long-cn.sh crl.sh provable-privkey.sh \
+	provable-dh.sh sha2-test.sh sha2-dsa-test.sh provable-privkey-dsa2048.sh \
+	provable-privkey-rsa2048.sh provable-privkey-gen-default.sh pkcs7-constraints.sh \
+	pkcs7-constraints2.sh certtool-long-oids.sh pkcs7-cat.sh cert-sanity.sh cert-critical.sh \
+	pkcs12.sh certtool-crl-decoding.sh pkcs12-encode.sh pkcs12-corner-cases.sh inhibit-anypolicy.sh \
+	smime.sh cert-time.sh alt-chain.sh pkcs7-list-sign.sh pkcs7-eddsa.sh certtool-ecdsa.sh \
+	key-id.sh pkcs8.sh pkcs8-decode.sh ecdsa.sh illegal-rsa.sh pkcs8-invalid.sh key-invalid.sh \
+	pkcs8-eddsa.sh certtool-subca.sh certtool-verify-profiles.sh x509-duplicate-ext.sh x25519-and-x448.sh
+
+dist_check_SCRIPTS += key-id.sh ecdsa.sh pkcs8-invalid.sh key-invalid.sh pkcs8-decode.sh pkcs8.sh pkcs8-eddsa.sh \
+	certtool-utf8.sh crq.sh
+
+if STRICT_DER_TIME
+dist_check_SCRIPTS += cert-non-digits-time.sh reject-invalid-time.sh
+else
+dist_check_SCRIPTS += tolerate-invalid-time.sh
+endif
+
+if WANT_TEST_SUITE
+dist_check_SCRIPTS += provable-dh-default.sh
+endif
+
+if !WINDOWS
+dist_check_SCRIPTS += template-test.sh pem-decoding.sh othername-test.sh krb5-test.sh sha3-test.sh md5-test.sh \
+	tlsfeature-test.sh template-exts-test.sh pkcs1-pad.sh pkcs12-utf8.sh rsa-pss-pad.sh dsa.sh certtool.sh \
+	template-policy-test.sh
+endif
+
+if ENABLE_DANE
+dist_check_SCRIPTS += dane.sh
+endif
+
+if ENABLE_GOST
+dist_check_SCRIPTS += gost.sh
+if !WINDOWS
+dist_check_SCRIPTS += pkcs12-gost.sh pkcs8-gost.sh
+endif
+endif
+
+dist_check_SCRIPTS += certtool-rsa-pss.sh certtool-eddsa.sh
+
+TESTS = $(dist_check_SCRIPTS)
+
+# Set detect_leaks=0 to ASAN. It seems it is detecting many leaks in tools
+# which are not trivial, and makes no point to address.
+TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
+	LC_ALL="C"				\
+	VALGRIND='$(LOG_VALGRIND)'		\
+	LIBTOOL="$(LIBTOOL)"			\
+	top_builddir="$(top_builddir)"		\
+	abs_top_builddir="$(abs_top_builddir)"	\
+	ac_cv_sizeof_time_t="$(ac_cv_sizeof_time_t)" \
+	ASAN_OPTIONS="detect_leaks=0:exitcode=6" \
+	GNUTLS_TEST_SUITE_RUN=1			\
+	GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \
+	PKCS12_ITER_COUNT="$(PKCS12_ITER_COUNT)" \
+	srcdir="$(srcdir)"
+
+if ENABLE_FIPS140
+TESTS_ENVIRONMENT += FIPS140=1
+endif
+
+if WINDOWS
+TESTS_ENVIRONMENT += WINDOWS=1
+endif
+
+if ENABLE_GOST
+TESTS_ENVIRONMENT += ENABLE_GOST=1
+else
+TESTS_ENVIRONMENT += ENABLE_GOST=0
+endif
+
+if DISABLE_BASH_TESTS
+TESTS_ENVIRONMENT += DISABLE_BASH_TESTS=1
+endif
+
+AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
+LOG_COMPILER = $(LOG_VALGRIND)
+
+distclean-local:
+	rm -rf tmp-* *.tmp
diff --git a/tests/cert-tests/Makefile.in b/tests/cert-tests/Makefile.in
new file mode 100644
index 0000000..9c89c21
--- /dev/null
+++ b/tests/cert-tests/Makefile.in
@@ -0,0 +1,3256 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2007-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@STRICT_DER_TIME_TRUE@am__append_1 = cert-non-digits-time.sh reject-invalid-time.sh
+@STRICT_DER_TIME_FALSE@am__append_2 = tolerate-invalid-time.sh
+@WANT_TEST_SUITE_TRUE@am__append_3 = provable-dh-default.sh
+@WINDOWS_FALSE@am__append_4 = template-test.sh pem-decoding.sh othername-test.sh krb5-test.sh sha3-test.sh md5-test.sh \
+@WINDOWS_FALSE@	tlsfeature-test.sh template-exts-test.sh pkcs1-pad.sh pkcs12-utf8.sh rsa-pss-pad.sh dsa.sh certtool.sh \
+@WINDOWS_FALSE@	template-policy-test.sh
+
+@ENABLE_DANE_TRUE@am__append_5 = dane.sh
+@ENABLE_GOST_TRUE@am__append_6 = gost.sh
+@ENABLE_GOST_TRUE@@WINDOWS_FALSE@am__append_7 = pkcs12-gost.sh pkcs8-gost.sh
+@ENABLE_FIPS140_TRUE@am__append_8 = FIPS140=1
+@WINDOWS_TRUE@am__append_9 = WINDOWS=1
+@ENABLE_GOST_TRUE@am__append_10 = ENABLE_GOST=1
+@ENABLE_GOST_FALSE@am__append_11 = ENABLE_GOST=0
+@DISABLE_BASH_TESTS_TRUE@am__append_12 = DISABLE_BASH_TESTS=1
+subdir = tests/cert-tests
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
+	$(top_srcdir)/lib/unistring/m4/inline.m4 \
+	$(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \
+	$(top_srcdir)/src/gl/m4/atoll.m4 \
+	$(top_srcdir)/src/gl/m4/bison.m4 \
+	$(top_srcdir)/src/gl/m4/calloc.m4 \
+	$(top_srcdir)/src/gl/m4/clock_time.m4 \
+	$(top_srcdir)/src/gl/m4/codeset.m4 \
+	$(top_srcdir)/src/gl/m4/ctype_h.m4 \
+	$(top_srcdir)/src/gl/m4/environ.m4 \
+	$(top_srcdir)/src/gl/m4/error.m4 \
+	$(top_srcdir)/src/gl/m4/fdopen.m4 \
+	$(top_srcdir)/src/gl/m4/flexmember.m4 \
+	$(top_srcdir)/src/gl/m4/fpending.m4 \
+	$(top_srcdir)/src/gl/m4/fpieee.m4 \
+	$(top_srcdir)/src/gl/m4/fseek.m4 \
+	$(top_srcdir)/src/gl/m4/ftruncate.m4 \
+	$(top_srcdir)/src/gl/m4/getaddrinfo.m4 \
+	$(top_srcdir)/src/gl/m4/getcwd.m4 \
+	$(top_srcdir)/src/gl/m4/getpagesize.m4 \
+	$(top_srcdir)/src/gl/m4/getpass.m4 \
+	$(top_srcdir)/src/gl/m4/getprogname.m4 \
+	$(top_srcdir)/src/gl/m4/gettime.m4 \
+	$(top_srcdir)/src/gl/m4/gnulib-comp.m4 \
+	$(top_srcdir)/src/gl/m4/hostent.m4 \
+	$(top_srcdir)/src/gl/m4/intl-thread-locale.m4 \
+	$(top_srcdir)/src/gl/m4/inttostr.m4 \
+	$(top_srcdir)/src/gl/m4/ioctl.m4 \
+	$(top_srcdir)/src/gl/m4/isblank.m4 \
+	$(top_srcdir)/src/gl/m4/langinfo_h.m4 \
+	$(top_srcdir)/src/gl/m4/lcmessage.m4 \
+	$(top_srcdir)/src/gl/m4/locale-fr.m4 \
+	$(top_srcdir)/src/gl/m4/locale-ja.m4 \
+	$(top_srcdir)/src/gl/m4/locale-tr.m4 \
+	$(top_srcdir)/src/gl/m4/locale-zh.m4 \
+	$(top_srcdir)/src/gl/m4/locale_h.m4 \
+	$(top_srcdir)/src/gl/m4/localename.m4 \
+	$(top_srcdir)/src/gl/m4/lstat.m4 \
+	$(top_srcdir)/src/gl/m4/mktime.m4 \
+	$(top_srcdir)/src/gl/m4/nanosleep.m4 \
+	$(top_srcdir)/src/gl/m4/nstrftime.m4 \
+	$(top_srcdir)/src/gl/m4/parse-datetime.m4 \
+	$(top_srcdir)/src/gl/m4/perror.m4 \
+	$(top_srcdir)/src/gl/m4/pipe.m4 \
+	$(top_srcdir)/src/gl/m4/pthread-thread.m4 \
+	$(top_srcdir)/src/gl/m4/pthread_h.m4 \
+	$(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \
+	$(top_srcdir)/src/gl/m4/putenv.m4 \
+	$(top_srcdir)/src/gl/m4/raise.m4 \
+	$(top_srcdir)/src/gl/m4/reallocarray.m4 \
+	$(top_srcdir)/src/gl/m4/sched_h.m4 \
+	$(top_srcdir)/src/gl/m4/sched_yield.m4 \
+	$(top_srcdir)/src/gl/m4/select.m4 \
+	$(top_srcdir)/src/gl/m4/semaphore.m4 \
+	$(top_srcdir)/src/gl/m4/servent.m4 \
+	$(top_srcdir)/src/gl/m4/setenv.m4 \
+	$(top_srcdir)/src/gl/m4/setlocale.m4 \
+	$(top_srcdir)/src/gl/m4/setlocale_null.m4 \
+	$(top_srcdir)/src/gl/m4/sigaction.m4 \
+	$(top_srcdir)/src/gl/m4/signal_h.m4 \
+	$(top_srcdir)/src/gl/m4/signalblocking.m4 \
+	$(top_srcdir)/src/gl/m4/sleep.m4 \
+	$(top_srcdir)/src/gl/m4/sockets.m4 \
+	$(top_srcdir)/src/gl/m4/strerror.m4 \
+	$(top_srcdir)/src/gl/m4/strerror_r.m4 \
+	$(top_srcdir)/src/gl/m4/strtoll.m4 \
+	$(top_srcdir)/src/gl/m4/symlink.m4 \
+	$(top_srcdir)/src/gl/m4/sys_ioctl_h.m4 \
+	$(top_srcdir)/src/gl/m4/sys_select_h.m4 \
+	$(top_srcdir)/src/gl/m4/thread.m4 \
+	$(top_srcdir)/src/gl/m4/time_rz.m4 \
+	$(top_srcdir)/src/gl/m4/timegm.m4 \
+	$(top_srcdir)/src/gl/m4/timespec.m4 \
+	$(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \
+	$(top_srcdir)/src/gl/m4/tzset.m4 \
+	$(top_srcdir)/src/gl/m4/usleep.m4 \
+	$(top_srcdir)/src/gl/m4/visibility.m4 \
+	$(top_srcdir)/src/gl/m4/xalloc.m4 \
+	$(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \
+	$(top_srcdir)/m4/__inline.m4 \
+	$(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \
+	$(top_srcdir)/m4/arpa_inet_h.m4 \
+	$(top_srcdir)/m4/ax_ac_append_to_file.m4 \
+	$(top_srcdir)/m4/ax_ac_print_to_file.m4 \
+	$(top_srcdir)/m4/ax_add_am_macro_static.m4 \
+	$(top_srcdir)/m4/ax_am_macros_static.m4 \
+	$(top_srcdir)/m4/ax_check_gnu_make.m4 \
+	$(top_srcdir)/m4/ax_code_coverage.m4 \
+	$(top_srcdir)/m4/ax_file_escapes.m4 \
+	$(top_srcdir)/m4/builtin-expect.m4 \
+	$(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \
+	$(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \
+	$(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \
+	$(top_srcdir)/m4/explicit_bzero.m4 \
+	$(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \
+	$(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \
+	$(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \
+	$(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \
+	$(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \
+	$(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \
+	$(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \
+	$(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \
+	$(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/gettimeofday.m4 \
+	$(top_srcdir)/m4/gnulib-common.m4 \
+	$(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \
+	$(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \
+	$(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \
+	$(top_srcdir)/m4/inet_pton.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/intmax_t.m4 $(top_srcdir)/m4/inttypes.m4 \
+	$(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/largefile.m4 \
+	$(top_srcdir)/m4/ld-output-def.m4 \
+	$(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \
+	$(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \
+	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \
+	$(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \
+	$(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \
+	$(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \
+	$(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \
+	$(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \
+	$(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \
+	$(top_srcdir)/m4/open-cloexec.m4 \
+	$(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \
+	$(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \
+	$(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \
+	$(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \
+	$(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \
+	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \
+	$(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \
+	$(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \
+	$(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \
+	$(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \
+	$(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \
+	$(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \
+	$(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \
+	$(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \
+	$(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \
+	$(top_srcdir)/m4/strverscmp.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 \
+	$(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \
+	$(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \
+	$(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \
+	$(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \
+	$(top_srcdir)/m4/unistd_h.m4 \
+	$(top_srcdir)/m4/valgrind-tests.m4 \
+	$(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \
+	$(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \
+	$(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \
+	$(top_srcdir)/m4/xsize.m4 $(top_srcdir)/m4/zzgnulib.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_check_SCRIPTS_DIST) \
+	$(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__dist_check_SCRIPTS_DIST = pathlen.sh aki.sh invalid-sig.sh \
+	email.sh pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh \
+	name-constraints.sh certtool-long-cn.sh crl.sh \
+	provable-privkey.sh provable-dh.sh sha2-test.sh \
+	sha2-dsa-test.sh provable-privkey-dsa2048.sh \
+	provable-privkey-rsa2048.sh provable-privkey-gen-default.sh \
+	pkcs7-constraints.sh pkcs7-constraints2.sh \
+	certtool-long-oids.sh pkcs7-cat.sh cert-sanity.sh \
+	cert-critical.sh pkcs12.sh certtool-crl-decoding.sh \
+	pkcs12-encode.sh pkcs12-corner-cases.sh inhibit-anypolicy.sh \
+	smime.sh cert-time.sh alt-chain.sh pkcs7-list-sign.sh \
+	pkcs7-eddsa.sh certtool-ecdsa.sh key-id.sh pkcs8.sh \
+	pkcs8-decode.sh ecdsa.sh illegal-rsa.sh pkcs8-invalid.sh \
+	key-invalid.sh pkcs8-eddsa.sh certtool-subca.sh \
+	certtool-verify-profiles.sh x509-duplicate-ext.sh \
+	x25519-and-x448.sh certtool-utf8.sh crq.sh \
+	cert-non-digits-time.sh reject-invalid-time.sh \
+	tolerate-invalid-time.sh provable-dh-default.sh \
+	template-test.sh pem-decoding.sh othername-test.sh \
+	krb5-test.sh sha3-test.sh md5-test.sh tlsfeature-test.sh \
+	template-exts-test.sh pkcs1-pad.sh pkcs12-utf8.sh \
+	rsa-pss-pad.sh dsa.sh certtool.sh template-policy-test.sh \
+	dane.sh gost.sh pkcs12-gost.sh pkcs8-gost.sh \
+	certtool-rsa-pss.sh certtool-eddsa.sh
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red='[0;31m'; \
+    grn='[0;32m'; \
+    lgn='[1;32m'; \
+    blu='[1;34m'; \
+    mgn='[0;35m'; \
+    brg='[1m'; \
+    std='[m'; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
+APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@
+AR = @AR@
+ARFLAGS = @ARFLAGS@
+ASN1PARSER = @ASN1PARSER@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BYTESWAP_H = @BYTESWAP_H@
+CC = @CC@
+CCAS = @CCAS@
+CCASDEPMODE = @CCASDEPMODE@
+CCASFLAGS = @CCASFLAGS@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CFLAG_VISIBILITY = @CFLAG_VISIBILITY@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
+CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@
+CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@
+CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@
+CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
+CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@
+CONFIG_INCLUDE = @CONFIG_INCLUDE@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DLL_SSL_VERSION = @DLL_SSL_VERSION@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@
+EMULTIHOP_VALUE = @EMULTIHOP_VALUE@
+ENABLE_PADLOCK = @ENABLE_PADLOCK@
+ENOLINK_HIDDEN = @ENOLINK_HIDDEN@
+ENOLINK_VALUE = @ENOLINK_VALUE@
+EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@
+EOVERFLOW_VALUE = @EOVERFLOW_VALUE@
+ERRNO_H = @ERRNO_H@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+FIPS140_LIBS = @FIPS140_LIBS@
+FLOAT_H = @FLOAT_H@
+GCOV = @GCOV@
+GENHTML = @GENHTML@
+GETADDRINFO_LIB = @GETADDRINFO_LIB@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@
+GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@
+GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@
+GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@
+GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@
+GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@
+GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@
+GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@
+GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@
+GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@
+GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@
+GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@
+GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@
+GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@
+GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@
+GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@
+GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@
+GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@
+GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@
+GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@
+GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@
+GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@
+GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@
+GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@
+GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@
+GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@
+GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@
+GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@
+GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@
+GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@
+GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@
+GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@
+GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@
+GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@
+GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@
+GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@
+GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@
+GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@
+GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@
+GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@
+GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@
+GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@
+GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@
+GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@
+GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@
+GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@
+GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@
+GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@
+GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@
+GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@
+GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@
+GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@
+GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@
+GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@
+GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@
+GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@
+GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@
+GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@
+GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@
+GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@
+GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@
+GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@
+GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@
+GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@
+GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@
+GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@
+GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@
+GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@
+GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@
+GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@
+GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@
+GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@
+GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@
+GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@
+GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@
+GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@
+GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@
+GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@
+GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@
+GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@
+GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@
+GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@
+GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@
+GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@
+GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@
+GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@
+GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@
+GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@
+GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@
+GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@
+GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@
+GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@
+GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@
+GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@
+GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@
+GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@
+GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@
+GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@
+GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@
+GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@
+GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@
+GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@
+GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@
+GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@
+GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@
+GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@
+GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@
+GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@
+GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@
+GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@
+GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@
+GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@
+GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@
+GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@
+GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@
+GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@
+GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@
+GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@
+GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@
+GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@
+GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@
+GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@
+GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@
+GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@
+GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@
+GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@
+GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@
+GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@
+GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@
+GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@
+GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@
+GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@
+GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@
+GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@
+GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@
+GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@
+GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@
+GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@
+GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@
+GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@
+GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@
+GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@
+GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@
+GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@
+GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@
+GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@
+GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@
+GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@
+GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@
+GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@
+GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@
+GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@
+GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@
+GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@
+GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@
+GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@
+GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@
+GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@
+GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@
+GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@
+GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@
+GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@
+GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@
+GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@
+GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@
+GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@
+GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@
+GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@
+GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@
+GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@
+GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@
+GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@
+GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@
+GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@
+GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@
+GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@
+GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@
+GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@
+GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@
+GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@
+GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@
+GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@
+GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@
+GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@
+GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@
+GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@
+GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@
+GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@
+GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@
+GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@
+GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@
+GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@
+GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@
+GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@
+GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@
+GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@
+GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@
+GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@
+GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@
+GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@
+GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@
+GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@
+GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@
+GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@
+GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@
+GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@
+GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@
+GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@
+GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@
+GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@
+GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@
+GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@
+GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@
+GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@
+GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@
+GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@
+GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@
+GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@
+GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@
+GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@
+GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@
+GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@
+GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@
+GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@
+GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@
+GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@
+GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@
+GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@
+GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@
+GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@
+GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@
+GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@
+GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@
+GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@
+GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@
+GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@
+GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@
+GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@
+GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@
+GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@
+GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@
+GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@
+GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@
+GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@
+GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@
+GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@
+GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@
+GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@
+GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@
+GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@
+GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@
+GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@
+GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@
+GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@
+GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@
+GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@
+GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@
+GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@
+GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@
+GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@
+GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@
+GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@
+GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@
+GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@
+GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@
+GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@
+GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@
+GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@
+GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@
+GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@
+GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@
+GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@
+GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@
+GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@
+GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@
+GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@
+GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@
+GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@
+GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@
+GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@
+GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@
+GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@
+GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@
+GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@
+GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@
+GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@
+GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@
+GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@
+GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@
+GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@
+GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@
+GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@
+GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@
+GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@
+GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@
+GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@
+GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@
+GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@
+GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@
+GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@
+GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@
+GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@
+GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@
+GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@
+GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@
+GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@
+GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@
+GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@
+GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@
+GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@
+GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@
+GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@
+GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@
+GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@
+GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@
+GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@
+GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@
+GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@
+GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@
+GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@
+GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@
+GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@
+GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@
+GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@
+GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@
+GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@
+GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@
+GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@
+GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@
+GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@
+GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@
+GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@
+GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@
+GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@
+GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@
+GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@
+GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@
+GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@
+GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@
+GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@
+GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@
+GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@
+GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@
+GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@
+GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@
+GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@
+GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@
+GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@
+GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@
+GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@
+GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@
+GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@
+GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@
+GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@
+GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@
+GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@
+GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@
+GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@
+GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@
+GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@
+GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@
+GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@
+GL_GNULIB_BIND = @GL_GNULIB_BIND@
+GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@
+GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@
+GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@
+GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@
+GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@
+GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@
+GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@
+GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@
+GL_GNULIB_CREAT = @GL_GNULIB_CREAT@
+GL_GNULIB_CTIME = @GL_GNULIB_CTIME@
+GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@
+GL_GNULIB_DUP = @GL_GNULIB_DUP@
+GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@
+GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@
+GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@
+GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@
+GL_GNULIB_EXECL = @GL_GNULIB_EXECL@
+GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@
+GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@
+GL_GNULIB_EXECV = @GL_GNULIB_EXECV@
+GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@
+GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@
+GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@
+GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@
+GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@
+GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@
+GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@
+GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@
+GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@
+GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@
+GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@
+GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@
+GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@
+GL_GNULIB_FFS = @GL_GNULIB_FFS@
+GL_GNULIB_FFSL = @GL_GNULIB_FFSL@
+GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@
+GL_GNULIB_FGETC = @GL_GNULIB_FGETC@
+GL_GNULIB_FGETS = @GL_GNULIB_FGETS@
+GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@
+GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@
+GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@
+GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@
+GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@
+GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@
+GL_GNULIB_FREAD = @GL_GNULIB_FREAD@
+GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@
+GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@
+GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@
+GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@
+GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@
+GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@
+GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@
+GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@
+GL_GNULIB_FTELL = @GL_GNULIB_FTELL@
+GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@
+GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@
+GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@
+GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@
+GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@
+GL_GNULIB_GETC = @GL_GNULIB_GETC@
+GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@
+GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@
+GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@
+GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@
+GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@
+GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@
+GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@
+GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@
+GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@
+GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@
+GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@
+GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@
+GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@
+GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@
+GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@
+GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@
+GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@
+GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@
+GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@
+GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@
+GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@
+GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@
+GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@
+GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@
+GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@
+GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@
+GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@
+GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@
+GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@
+GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@
+GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@
+GL_GNULIB_LINK = @GL_GNULIB_LINK@
+GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@
+GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@
+GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@
+GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@
+GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@
+GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@
+GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@
+GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@
+GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@
+GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@
+GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@
+GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@
+GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@
+GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@
+GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@
+GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@
+GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@
+GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@
+GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@
+GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@
+GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@
+GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@
+GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@
+GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@
+GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@
+GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@
+GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@
+GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@
+GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@
+GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@
+GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@
+GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@
+GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@
+GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@
+GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@
+GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@
+GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@
+GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@
+GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@
+GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@
+GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@
+GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@
+GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@
+GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@
+GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@
+GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@
+GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@
+GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@
+GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@
+GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@
+GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@
+GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@
+GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@
+GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@
+GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@
+GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@
+GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@
+GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@
+GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@
+GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@
+GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@
+GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@
+GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@
+GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@
+GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@
+GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@
+GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@
+GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@
+GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@
+GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@
+GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@
+GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@
+GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@
+GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@
+GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@
+GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@
+GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@
+GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@
+GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@
+GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@
+GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@
+GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@
+GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@
+GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@
+GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@
+GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@
+GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@
+GL_GNULIB_OPEN = @GL_GNULIB_OPEN@
+GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@
+GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@
+GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@
+GL_GNULIB_PERROR = @GL_GNULIB_PERROR@
+GL_GNULIB_PIPE = @GL_GNULIB_PIPE@
+GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@
+GL_GNULIB_POPEN = @GL_GNULIB_POPEN@
+GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@
+GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@
+GL_GNULIB_PREAD = @GL_GNULIB_PREAD@
+GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@
+GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@
+GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@
+GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@
+GL_GNULIB_PUTC = @GL_GNULIB_PUTC@
+GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@
+GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@
+GL_GNULIB_PUTS = @GL_GNULIB_PUTS@
+GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@
+GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@
+GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@
+GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@
+GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@
+GL_GNULIB_READ = @GL_GNULIB_READ@
+GL_GNULIB_READLINK = @GL_GNULIB_READLINK@
+GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@
+GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@
+GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@
+GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@
+GL_GNULIB_RECV = @GL_GNULIB_RECV@
+GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@
+GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@
+GL_GNULIB_RENAME = @GL_GNULIB_RENAME@
+GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@
+GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@
+GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@
+GL_GNULIB_SCANF = @GL_GNULIB_SCANF@
+GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@
+GL_GNULIB_SEND = @GL_GNULIB_SEND@
+GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@
+GL_GNULIB_SETENV = @GL_GNULIB_SETENV@
+GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@
+GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@
+GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@
+GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@
+GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@
+GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@
+GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@
+GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@
+GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@
+GL_GNULIB_STAT = @GL_GNULIB_STAT@
+GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@
+GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@
+GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@
+GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@
+GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@
+GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@
+GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@
+GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@
+GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@
+GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@
+GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@
+GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@
+GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@
+GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@
+GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@
+GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@
+GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@
+GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@
+GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@
+GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@
+GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@
+GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@
+GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@
+GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@
+GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@
+GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@
+GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@
+GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@
+GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@
+GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@
+GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@
+GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@
+GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@
+GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@
+GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@
+GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@
+GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@
+GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@
+GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@
+GL_GNULIB_TZSET = @GL_GNULIB_TZSET@
+GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@
+GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@
+GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@
+GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@
+GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@
+GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@
+GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@
+GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@
+GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@
+GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@
+GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@
+GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@
+GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@
+GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@
+GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@
+GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@
+GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@
+GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@
+GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@
+GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@
+GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@
+GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@
+GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@
+GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@
+GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@
+GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@
+GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@
+GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@
+GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@
+GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@
+GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@
+GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@
+GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@
+GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@
+GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@
+GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@
+GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@
+GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@
+GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@
+GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@
+GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@
+GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@
+GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@
+GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@
+GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@
+GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@
+GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@
+GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@
+GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@
+GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@
+GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@
+GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@
+GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@
+GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@
+GL_GNULIB_WRITE = @GL_GNULIB_WRITE@
+GL_GNULIB__EXIT = @GL_GNULIB__EXIT@
+GMP_CFLAGS = @GMP_CFLAGS@
+GMP_LIBS = @GMP_LIBS@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@
+GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@
+GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GPERF = @GPERF@
+GREP = @GREP@
+GTKDOC_CHECK = @GTKDOC_CHECK@
+GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@
+GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@
+GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@
+GTKDOC_MKPDF = @GTKDOC_MKPDF@
+GTKDOC_REBASE = @GTKDOC_REBASE@
+GUILD = @GUILD@
+GUILE = @GUILE@
+GUILE_CFLAGS = @GUILE_CFLAGS@
+GUILE_CONFIG = @GUILE_CONFIG@
+GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@
+GUILE_EXTENSION = @GUILE_EXTENSION@
+GUILE_LDFLAGS = @GUILE_LDFLAGS@
+GUILE_LIBS = @GUILE_LIBS@
+GUILE_LTLIBS = @GUILE_LTLIBS@
+GUILE_SITE = @GUILE_SITE@
+GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@
+GUILE_TOOLS = @GUILE_TOOLS@
+HAVE_ACCEPT4 = @HAVE_ACCEPT4@
+HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@
+HAVE_ALLOCA_H = @HAVE_ALLOCA_H@
+HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@
+HAVE_ATOLL = @HAVE_ATOLL@
+HAVE_BTOWC = @HAVE_BTOWC@
+HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@
+HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@
+HAVE_CHOWN = @HAVE_CHOWN@
+HAVE_COPY_FILE_RANGE = @HAVE_COPY_FILE_RANGE@
+HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@
+HAVE_DECL_ECVT = @HAVE_DECL_ECVT@
+HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@
+HAVE_DECL_EXECVPE = @HAVE_DECL_EXECVPE@
+HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@
+HAVE_DECL_FCLOSEALL = @HAVE_DECL_FCLOSEALL@
+HAVE_DECL_FCVT = @HAVE_DECL_FCVT@
+HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@
+HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@
+HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@
+HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@
+HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@
+HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@
+HAVE_DECL_GCVT = @HAVE_DECL_GCVT@
+HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@
+HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@
+HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@
+HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@
+HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@
+HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@
+HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@
+HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@
+HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@
+HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@
+HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@
+HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@
+HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@
+HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@
+HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@
+HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@
+HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@
+HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@
+HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@
+HAVE_DECL_SETENV = @HAVE_DECL_SETENV@
+HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@
+HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@
+HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@
+HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@
+HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@
+HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@
+HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@
+HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@
+HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@
+HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@
+HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@
+HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@
+HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@
+HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@
+HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@
+HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@
+HAVE_DECL_WCSDUP = @HAVE_DECL_WCSDUP@
+HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@
+HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@
+HAVE_DPRINTF = @HAVE_DPRINTF@
+HAVE_DUP3 = @HAVE_DUP3@
+HAVE_DUPLOCALE = @HAVE_DUPLOCALE@
+HAVE_EUIDACCESS = @HAVE_EUIDACCESS@
+HAVE_EXECVPE = @HAVE_EXECVPE@
+HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@
+HAVE_FACCESSAT = @HAVE_FACCESSAT@
+HAVE_FCHDIR = @HAVE_FCHDIR@
+HAVE_FCHMODAT = @HAVE_FCHMODAT@
+HAVE_FCHOWNAT = @HAVE_FCHOWNAT@
+HAVE_FCNTL = @HAVE_FCNTL@
+HAVE_FDATASYNC = @HAVE_FDATASYNC@
+HAVE_FEATURES_H = @HAVE_FEATURES_H@
+HAVE_FFS = @HAVE_FFS@
+HAVE_FFSL = @HAVE_FFSL@
+HAVE_FFSLL = @HAVE_FFSLL@
+HAVE_FREELOCALE = @HAVE_FREELOCALE@
+HAVE_FSEEKO = @HAVE_FSEEKO@
+HAVE_FSTATAT = @HAVE_FSTATAT@
+HAVE_FSYNC = @HAVE_FSYNC@
+HAVE_FTELLO = @HAVE_FTELLO@
+HAVE_FTRUNCATE = @HAVE_FTRUNCATE@
+HAVE_FUTIMENS = @HAVE_FUTIMENS@
+HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@
+HAVE_GETENTROPY = @HAVE_GETENTROPY@
+HAVE_GETGROUPS = @HAVE_GETGROUPS@
+HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@
+HAVE_GETLOGIN = @HAVE_GETLOGIN@
+HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@
+HAVE_GETPASS = @HAVE_GETPASS@
+HAVE_GETSUBOPT = @HAVE_GETSUBOPT@
+HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@
+HAVE_GETUMASK = @HAVE_GETUMASK@
+HAVE_GRANTPT = @HAVE_GRANTPT@
+HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@
+HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@
+HAVE_INITSTATE = @HAVE_INITSTATE@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_ISBLANK = @HAVE_ISBLANK@
+HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@
+HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@
+HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@
+HAVE_LANGINFO_H = @HAVE_LANGINFO_H@
+HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@
+HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@
+HAVE_LCHMOD = @HAVE_LCHMOD@
+HAVE_LCHOWN = @HAVE_LCHOWN@
+HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@
+HAVE_LIBDL = @HAVE_LIBDL@
+HAVE_LIBEV = @HAVE_LIBEV@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBRT = @HAVE_LIBRT@
+HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@
+HAVE_LIBZ = @HAVE_LIBZ@
+HAVE_LINK = @HAVE_LINK@
+HAVE_LINKAT = @HAVE_LINKAT@
+HAVE_LSTAT = @HAVE_LSTAT@
+HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@
+HAVE_MBRLEN = @HAVE_MBRLEN@
+HAVE_MBRTOWC = @HAVE_MBRTOWC@
+HAVE_MBSINIT = @HAVE_MBSINIT@
+HAVE_MBSLEN = @HAVE_MBSLEN@
+HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@
+HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@
+HAVE_MBTOWC = @HAVE_MBTOWC@
+HAVE_MEMPCPY = @HAVE_MEMPCPY@
+HAVE_MKDIRAT = @HAVE_MKDIRAT@
+HAVE_MKDTEMP = @HAVE_MKDTEMP@
+HAVE_MKFIFO = @HAVE_MKFIFO@
+HAVE_MKFIFOAT = @HAVE_MKFIFOAT@
+HAVE_MKNOD = @HAVE_MKNOD@
+HAVE_MKNODAT = @HAVE_MKNODAT@
+HAVE_MKOSTEMP = @HAVE_MKOSTEMP@
+HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@
+HAVE_MKSTEMP = @HAVE_MKSTEMP@
+HAVE_MKSTEMPS = @HAVE_MKSTEMPS@
+HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@
+HAVE_NANOSLEEP = @HAVE_NANOSLEEP@
+HAVE_NETDB_H = @HAVE_NETDB_H@
+HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@
+HAVE_NEWLOCALE = @HAVE_NEWLOCALE@
+HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@
+HAVE_OPENAT = @HAVE_OPENAT@
+HAVE_OS_H = @HAVE_OS_H@
+HAVE_PCLOSE = @HAVE_PCLOSE@
+HAVE_PIPE = @HAVE_PIPE@
+HAVE_PIPE2 = @HAVE_PIPE2@
+HAVE_POPEN = @HAVE_POPEN@
+HAVE_POSIX_MEMALIGN = @HAVE_POSIX_MEMALIGN@
+HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@
+HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@
+HAVE_PREAD = @HAVE_PREAD@
+HAVE_PSELECT = @HAVE_PSELECT@
+HAVE_PTHREAD_ATTR_DESTROY = @HAVE_PTHREAD_ATTR_DESTROY@
+HAVE_PTHREAD_ATTR_GETDETACHSTATE = @HAVE_PTHREAD_ATTR_GETDETACHSTATE@
+HAVE_PTHREAD_ATTR_INIT = @HAVE_PTHREAD_ATTR_INIT@
+HAVE_PTHREAD_ATTR_SETDETACHSTATE = @HAVE_PTHREAD_ATTR_SETDETACHSTATE@
+HAVE_PTHREAD_CONDATTR_DESTROY = @HAVE_PTHREAD_CONDATTR_DESTROY@
+HAVE_PTHREAD_CONDATTR_INIT = @HAVE_PTHREAD_CONDATTR_INIT@
+HAVE_PTHREAD_COND_BROADCAST = @HAVE_PTHREAD_COND_BROADCAST@
+HAVE_PTHREAD_COND_DESTROY = @HAVE_PTHREAD_COND_DESTROY@
+HAVE_PTHREAD_COND_INIT = @HAVE_PTHREAD_COND_INIT@
+HAVE_PTHREAD_COND_SIGNAL = @HAVE_PTHREAD_COND_SIGNAL@
+HAVE_PTHREAD_COND_TIMEDWAIT = @HAVE_PTHREAD_COND_TIMEDWAIT@
+HAVE_PTHREAD_COND_WAIT = @HAVE_PTHREAD_COND_WAIT@
+HAVE_PTHREAD_CREATE = @HAVE_PTHREAD_CREATE@
+HAVE_PTHREAD_CREATE_DETACHED = @HAVE_PTHREAD_CREATE_DETACHED@
+HAVE_PTHREAD_DETACH = @HAVE_PTHREAD_DETACH@
+HAVE_PTHREAD_EQUAL = @HAVE_PTHREAD_EQUAL@
+HAVE_PTHREAD_EXIT = @HAVE_PTHREAD_EXIT@
+HAVE_PTHREAD_GETSPECIFIC = @HAVE_PTHREAD_GETSPECIFIC@
+HAVE_PTHREAD_H = @HAVE_PTHREAD_H@
+HAVE_PTHREAD_JOIN = @HAVE_PTHREAD_JOIN@
+HAVE_PTHREAD_KEY_CREATE = @HAVE_PTHREAD_KEY_CREATE@
+HAVE_PTHREAD_KEY_DELETE = @HAVE_PTHREAD_KEY_DELETE@
+HAVE_PTHREAD_MUTEXATTR_DESTROY = @HAVE_PTHREAD_MUTEXATTR_DESTROY@
+HAVE_PTHREAD_MUTEXATTR_GETROBUST = @HAVE_PTHREAD_MUTEXATTR_GETROBUST@
+HAVE_PTHREAD_MUTEXATTR_GETTYPE = @HAVE_PTHREAD_MUTEXATTR_GETTYPE@
+HAVE_PTHREAD_MUTEXATTR_INIT = @HAVE_PTHREAD_MUTEXATTR_INIT@
+HAVE_PTHREAD_MUTEXATTR_SETROBUST = @HAVE_PTHREAD_MUTEXATTR_SETROBUST@
+HAVE_PTHREAD_MUTEXATTR_SETTYPE = @HAVE_PTHREAD_MUTEXATTR_SETTYPE@
+HAVE_PTHREAD_MUTEX_DESTROY = @HAVE_PTHREAD_MUTEX_DESTROY@
+HAVE_PTHREAD_MUTEX_INIT = @HAVE_PTHREAD_MUTEX_INIT@
+HAVE_PTHREAD_MUTEX_LOCK = @HAVE_PTHREAD_MUTEX_LOCK@
+HAVE_PTHREAD_MUTEX_RECURSIVE = @HAVE_PTHREAD_MUTEX_RECURSIVE@
+HAVE_PTHREAD_MUTEX_ROBUST = @HAVE_PTHREAD_MUTEX_ROBUST@
+HAVE_PTHREAD_MUTEX_TIMEDLOCK = @HAVE_PTHREAD_MUTEX_TIMEDLOCK@
+HAVE_PTHREAD_MUTEX_TRYLOCK = @HAVE_PTHREAD_MUTEX_TRYLOCK@
+HAVE_PTHREAD_MUTEX_UNLOCK = @HAVE_PTHREAD_MUTEX_UNLOCK@
+HAVE_PTHREAD_ONCE = @HAVE_PTHREAD_ONCE@
+HAVE_PTHREAD_PROCESS_SHARED = @HAVE_PTHREAD_PROCESS_SHARED@
+HAVE_PTHREAD_RWLOCKATTR_DESTROY = @HAVE_PTHREAD_RWLOCKATTR_DESTROY@
+HAVE_PTHREAD_RWLOCKATTR_INIT = @HAVE_PTHREAD_RWLOCKATTR_INIT@
+HAVE_PTHREAD_RWLOCK_DESTROY = @HAVE_PTHREAD_RWLOCK_DESTROY@
+HAVE_PTHREAD_RWLOCK_INIT = @HAVE_PTHREAD_RWLOCK_INIT@
+HAVE_PTHREAD_RWLOCK_RDLOCK = @HAVE_PTHREAD_RWLOCK_RDLOCK@
+HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK@
+HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK@
+HAVE_PTHREAD_RWLOCK_TRYRDLOCK = @HAVE_PTHREAD_RWLOCK_TRYRDLOCK@
+HAVE_PTHREAD_RWLOCK_TRYWRLOCK = @HAVE_PTHREAD_RWLOCK_TRYWRLOCK@
+HAVE_PTHREAD_RWLOCK_UNLOCK = @HAVE_PTHREAD_RWLOCK_UNLOCK@
+HAVE_PTHREAD_RWLOCK_WRLOCK = @HAVE_PTHREAD_RWLOCK_WRLOCK@
+HAVE_PTHREAD_SELF = @HAVE_PTHREAD_SELF@
+HAVE_PTHREAD_SETSPECIFIC = @HAVE_PTHREAD_SETSPECIFIC@
+HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@
+HAVE_PTHREAD_SPINLOCK_T = @HAVE_PTHREAD_SPINLOCK_T@
+HAVE_PTHREAD_SPIN_DESTROY = @HAVE_PTHREAD_SPIN_DESTROY@
+HAVE_PTHREAD_SPIN_INIT = @HAVE_PTHREAD_SPIN_INIT@
+HAVE_PTHREAD_SPIN_LOCK = @HAVE_PTHREAD_SPIN_LOCK@
+HAVE_PTHREAD_SPIN_TRYLOCK = @HAVE_PTHREAD_SPIN_TRYLOCK@
+HAVE_PTHREAD_SPIN_UNLOCK = @HAVE_PTHREAD_SPIN_UNLOCK@
+HAVE_PTHREAD_T = @HAVE_PTHREAD_T@
+HAVE_PTSNAME = @HAVE_PTSNAME@
+HAVE_PTSNAME_R = @HAVE_PTSNAME_R@
+HAVE_PWRITE = @HAVE_PWRITE@
+HAVE_QSORT_R = @HAVE_QSORT_R@
+HAVE_RAISE = @HAVE_RAISE@
+HAVE_RANDOM = @HAVE_RANDOM@
+HAVE_RANDOM_H = @HAVE_RANDOM_H@
+HAVE_RANDOM_R = @HAVE_RANDOM_R@
+HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@
+HAVE_READLINK = @HAVE_READLINK@
+HAVE_READLINKAT = @HAVE_READLINKAT@
+HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@
+HAVE_REALPATH = @HAVE_REALPATH@
+HAVE_RENAMEAT = @HAVE_RENAMEAT@
+HAVE_RPMATCH = @HAVE_RPMATCH@
+HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@
+HAVE_SCHED_H = @HAVE_SCHED_H@
+HAVE_SCHED_YIELD = @HAVE_SCHED_YIELD@
+HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@
+HAVE_SETENV = @HAVE_SETENV@
+HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@
+HAVE_SETSTATE = @HAVE_SETSTATE@
+HAVE_SIGABBREV_NP = @HAVE_SIGABBREV_NP@
+HAVE_SIGACTION = @HAVE_SIGACTION@
+HAVE_SIGDESCR_NP = @HAVE_SIGDESCR_NP@
+HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@
+HAVE_SIGINFO_T = @HAVE_SIGINFO_T@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_SIGSET_T = @HAVE_SIGSET_T@
+HAVE_SLEEP = @HAVE_SLEEP@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_STPCPY = @HAVE_STPCPY@
+HAVE_STPNCPY = @HAVE_STPNCPY@
+HAVE_STRCASECMP = @HAVE_STRCASECMP@
+HAVE_STRCASESTR = @HAVE_STRCASESTR@
+HAVE_STRCHRNUL = @HAVE_STRCHRNUL@
+HAVE_STRERRORNAME_NP = @HAVE_STRERRORNAME_NP@
+HAVE_STRINGS_H = @HAVE_STRINGS_H@
+HAVE_STRPBRK = @HAVE_STRPBRK@
+HAVE_STRPTIME = @HAVE_STRPTIME@
+HAVE_STRSEP = @HAVE_STRSEP@
+HAVE_STRTOD = @HAVE_STRTOD@
+HAVE_STRTOL = @HAVE_STRTOL@
+HAVE_STRTOLD = @HAVE_STRTOLD@
+HAVE_STRTOLL = @HAVE_STRTOLL@
+HAVE_STRTOUL = @HAVE_STRTOUL@
+HAVE_STRTOULL = @HAVE_STRTOULL@
+HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@
+HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@
+HAVE_STRUCT_SCHED_PARAM = @HAVE_STRUCT_SCHED_PARAM@
+HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@
+HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@
+HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@
+HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@
+HAVE_STRVERSCMP = @HAVE_STRVERSCMP@
+HAVE_SYMLINK = @HAVE_SYMLINK@
+HAVE_SYMLINKAT = @HAVE_SYMLINKAT@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_CDEFS_H = @HAVE_SYS_CDEFS_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@
+HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@
+HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@
+HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@
+HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@
+HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@
+HAVE_TIMEGM = @HAVE_TIMEGM@
+HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@
+HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@
+HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@
+HAVE_UNISTD_H = @HAVE_UNISTD_H@
+HAVE_UNLINKAT = @HAVE_UNLINKAT@
+HAVE_UNLOCKPT = @HAVE_UNLOCKPT@
+HAVE_USLEEP = @HAVE_USLEEP@
+HAVE_UTIMENSAT = @HAVE_UTIMENSAT@
+HAVE_VASPRINTF = @HAVE_VASPRINTF@
+HAVE_VDPRINTF = @HAVE_VDPRINTF@
+HAVE_VISIBILITY = @HAVE_VISIBILITY@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+HAVE_WCHAR_T = @HAVE_WCHAR_T@
+HAVE_WCPCPY = @HAVE_WCPCPY@
+HAVE_WCPNCPY = @HAVE_WCPNCPY@
+HAVE_WCRTOMB = @HAVE_WCRTOMB@
+HAVE_WCSCASECMP = @HAVE_WCSCASECMP@
+HAVE_WCSCAT = @HAVE_WCSCAT@
+HAVE_WCSCHR = @HAVE_WCSCHR@
+HAVE_WCSCMP = @HAVE_WCSCMP@
+HAVE_WCSCOLL = @HAVE_WCSCOLL@
+HAVE_WCSCPY = @HAVE_WCSCPY@
+HAVE_WCSCSPN = @HAVE_WCSCSPN@
+HAVE_WCSDUP = @HAVE_WCSDUP@
+HAVE_WCSFTIME = @HAVE_WCSFTIME@
+HAVE_WCSLEN = @HAVE_WCSLEN@
+HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@
+HAVE_WCSNCAT = @HAVE_WCSNCAT@
+HAVE_WCSNCMP = @HAVE_WCSNCMP@
+HAVE_WCSNCPY = @HAVE_WCSNCPY@
+HAVE_WCSNLEN = @HAVE_WCSNLEN@
+HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@
+HAVE_WCSPBRK = @HAVE_WCSPBRK@
+HAVE_WCSRCHR = @HAVE_WCSRCHR@
+HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@
+HAVE_WCSSPN = @HAVE_WCSSPN@
+HAVE_WCSSTR = @HAVE_WCSSTR@
+HAVE_WCSTOK = @HAVE_WCSTOK@
+HAVE_WCSWIDTH = @HAVE_WCSWIDTH@
+HAVE_WCSXFRM = @HAVE_WCSXFRM@
+HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@
+HAVE_WINT_T = @HAVE_WINT_T@
+HAVE_WMEMCHR = @HAVE_WMEMCHR@
+HAVE_WMEMCMP = @HAVE_WMEMCMP@
+HAVE_WMEMCPY = @HAVE_WMEMCPY@
+HAVE_WMEMMOVE = @HAVE_WMEMMOVE@
+HAVE_WMEMPCPY = @HAVE_WMEMPCPY@
+HAVE_WMEMSET = @HAVE_WMEMSET@
+HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@
+HAVE_XLOCALE_H = @HAVE_XLOCALE_H@
+HAVE__BOOL = @HAVE__BOOL@
+HAVE__EXIT = @HAVE__EXIT@
+HOGWEED_CFLAGS = @HOGWEED_CFLAGS@
+HOGWEED_LIBS = @HOGWEED_LIBS@
+HOSTENT_LIB = @HOSTENT_LIB@
+HTML_DIR = @HTML_DIR@
+INCLUDE_NEXT = @INCLUDE_NEXT@
+INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@
+INET_NTOP_LIB = @INET_NTOP_LIB@
+INET_PTON_LIB = @INET_PTON_LIB@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@
+INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LCOV = @LCOV@
+LD = @LD@
+LDDPOSTPROC = @LDDPOSTPROC@
+LDDPROG = @LDDPROG@
+LDFLAGS = @LDFLAGS@
+LIBATOMIC_LIBS = @LIBATOMIC_LIBS@
+LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@
+LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@
+LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@
+LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@
+LIBCRYPTO = @LIBCRYPTO@
+LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@
+LIBDL = @LIBDL@
+LIBDL_PREFIX = @LIBDL_PREFIX@
+LIBEV = @LIBEV@
+LIBEV_LIBS = @LIBEV_LIBS@
+LIBEV_PREFIX = @LIBEV_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@
+LIBIDN2_LIBS = @LIBIDN2_LIBS@
+LIBINTL = @LIBINTL@
+LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@
+LIBKCAPI_LIBS = @LIBKCAPI_LIBS@
+LIBMULTITHREAD = @LIBMULTITHREAD@
+LIBOBJS = @LIBOBJS@
+LIBPMULTITHREAD = @LIBPMULTITHREAD@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBRT = @LIBRT@
+LIBRT_PREFIX = @LIBRT_PREFIX@
+LIBS = @LIBS@
+LIBSECCOMP = @LIBSECCOMP@
+LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@
+LIBSOCKET = @LIBSOCKET@
+LIBSTDTHREAD = @LIBSTDTHREAD@
+LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@
+LIBTASN1_LIBS = @LIBTASN1_LIBS@
+LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@
+LIBTHREAD = @LIBTHREAD@
+LIBTOOL = @LIBTOOL@
+LIBUNISTRING = @LIBUNISTRING@
+LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@
+LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@
+LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@
+LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@
+LIBZ = @LIBZ@
+LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@
+LIBZSTD_LIBS = @LIBZSTD_LIBS@
+LIBZ_PC = @LIBZ_PC@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@
+LIB_NANOSLEEP = @LIB_NANOSLEEP@
+LIB_PTHREAD = @LIB_PTHREAD@
+LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@
+LIB_SCHED_YIELD = @LIB_SCHED_YIELD@
+LIB_SELECT = @LIB_SELECT@
+LIB_SEMAPHORE = @LIB_SEMAPHORE@
+LIB_SETLOCALE = @LIB_SETLOCALE@
+LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@
+LIMITS_H = @LIMITS_H@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@
+LOCALE_FR = @LOCALE_FR@
+LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@
+LOCALE_JA = @LOCALE_JA@
+LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@
+LOCALE_ZH_CN = @LOCALE_ZH_CN@
+LOG_VALGRIND = @LOG_VALGRIND@
+LTALLOCA = @LTALLOCA@
+LTLIBCRYPTO = @LTLIBCRYPTO@
+LTLIBDL = @LTLIBDL@
+LTLIBEV = @LTLIBEV@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBMULTITHREAD = @LTLIBMULTITHREAD@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBRT = @LTLIBRT@
+LTLIBSECCOMP = @LTLIBSECCOMP@
+LTLIBTHREAD = @LTLIBTHREAD@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_DANE_AGE = @LT_DANE_AGE@
+LT_DANE_CURRENT = @LT_DANE_CURRENT@
+LT_DANE_REVISION = @LT_DANE_REVISION@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+LT_XSSL_AGE = @LT_XSSL_AGE@
+LT_XSSL_CURRENT = @LT_XSSL_CURRENT@
+LT_XSSL_REVISION = @LT_XSSL_REVISION@
+MAINT = @MAINT@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGMERGE = @MSGMERGE@
+MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@
+NETINET_IN_H = @NETINET_IN_H@
+NETTLE_CFLAGS = @NETTLE_CFLAGS@
+NETTLE_LIBS = @NETTLE_LIBS@
+NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@
+NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@
+NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@
+NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@
+NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@
+NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@
+NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@
+NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@
+NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@
+NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@
+NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@
+NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@
+NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H = @NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H@
+NEXT_AS_FIRST_DIRECTIVE_SCHED_H = @NEXT_AS_FIRST_DIRECTIVE_SCHED_H@
+NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@
+NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@
+NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@
+NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@
+NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@
+NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@
+NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@
+NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@
+NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@
+NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@
+NEXT_CTYPE_H = @NEXT_CTYPE_H@
+NEXT_ERRNO_H = @NEXT_ERRNO_H@
+NEXT_FCNTL_H = @NEXT_FCNTL_H@
+NEXT_FLOAT_H = @NEXT_FLOAT_H@
+NEXT_INTTYPES_H = @NEXT_INTTYPES_H@
+NEXT_LANGINFO_H = @NEXT_LANGINFO_H@
+NEXT_LIMITS_H = @NEXT_LIMITS_H@
+NEXT_LOCALE_H = @NEXT_LOCALE_H@
+NEXT_NETDB_H = @NEXT_NETDB_H@
+NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@
+NEXT_PTHREAD_H = @NEXT_PTHREAD_H@
+NEXT_SCHED_H = @NEXT_SCHED_H@
+NEXT_SIGNAL_H = @NEXT_SIGNAL_H@
+NEXT_STDDEF_H = @NEXT_STDDEF_H@
+NEXT_STDINT_H = @NEXT_STDINT_H@
+NEXT_STDIO_H = @NEXT_STDIO_H@
+NEXT_STDLIB_H = @NEXT_STDLIB_H@
+NEXT_STRINGS_H = @NEXT_STRINGS_H@
+NEXT_STRING_H = @NEXT_STRING_H@
+NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@
+NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@
+NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@
+NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@
+NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@
+NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@
+NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@
+NEXT_TIME_H = @NEXT_TIME_H@
+NEXT_UNISTD_H = @NEXT_UNISTD_H@
+NEXT_WCHAR_H = @NEXT_WCHAR_H@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+P11_KIT_CFLAGS = @P11_KIT_CFLAGS@
+P11_KIT_LIBS = @P11_KIT_LIBS@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PMCCABE = @PMCCABE@
+POSUB = @POSUB@
+PRAGMA_COLUMNS = @PRAGMA_COLUMNS@
+PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@
+PRIPTR_PREFIX = @PRIPTR_PREFIX@
+PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+REPLACE_ACCESS = @REPLACE_ACCESS@
+REPLACE_ALIGNED_ALLOC = @REPLACE_ALIGNED_ALLOC@
+REPLACE_BTOWC = @REPLACE_BTOWC@
+REPLACE_CALLOC = @REPLACE_CALLOC@
+REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@
+REPLACE_CHOWN = @REPLACE_CHOWN@
+REPLACE_CLOSE = @REPLACE_CLOSE@
+REPLACE_CREAT = @REPLACE_CREAT@
+REPLACE_CTIME = @REPLACE_CTIME@
+REPLACE_DPRINTF = @REPLACE_DPRINTF@
+REPLACE_DUP = @REPLACE_DUP@
+REPLACE_DUP2 = @REPLACE_DUP2@
+REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@
+REPLACE_EXECL = @REPLACE_EXECL@
+REPLACE_EXECLE = @REPLACE_EXECLE@
+REPLACE_EXECLP = @REPLACE_EXECLP@
+REPLACE_EXECV = @REPLACE_EXECV@
+REPLACE_EXECVE = @REPLACE_EXECVE@
+REPLACE_EXECVP = @REPLACE_EXECVP@
+REPLACE_EXECVPE = @REPLACE_EXECVPE@
+REPLACE_FACCESSAT = @REPLACE_FACCESSAT@
+REPLACE_FCHMODAT = @REPLACE_FCHMODAT@
+REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@
+REPLACE_FCLOSE = @REPLACE_FCLOSE@
+REPLACE_FCNTL = @REPLACE_FCNTL@
+REPLACE_FDOPEN = @REPLACE_FDOPEN@
+REPLACE_FFLUSH = @REPLACE_FFLUSH@
+REPLACE_FFSLL = @REPLACE_FFSLL@
+REPLACE_FOPEN = @REPLACE_FOPEN@
+REPLACE_FPRINTF = @REPLACE_FPRINTF@
+REPLACE_FPURGE = @REPLACE_FPURGE@
+REPLACE_FREE = @REPLACE_FREE@
+REPLACE_FREELOCALE = @REPLACE_FREELOCALE@
+REPLACE_FREOPEN = @REPLACE_FREOPEN@
+REPLACE_FSEEK = @REPLACE_FSEEK@
+REPLACE_FSEEKO = @REPLACE_FSEEKO@
+REPLACE_FSTAT = @REPLACE_FSTAT@
+REPLACE_FSTATAT = @REPLACE_FSTATAT@
+REPLACE_FTELL = @REPLACE_FTELL@
+REPLACE_FTELLO = @REPLACE_FTELLO@
+REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@
+REPLACE_FUTIMENS = @REPLACE_FUTIMENS@
+REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@
+REPLACE_GETADDRINFO = @REPLACE_GETADDRINFO@
+REPLACE_GETCWD = @REPLACE_GETCWD@
+REPLACE_GETDELIM = @REPLACE_GETDELIM@
+REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@
+REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@
+REPLACE_GETGROUPS = @REPLACE_GETGROUPS@
+REPLACE_GETLINE = @REPLACE_GETLINE@
+REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@
+REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@
+REPLACE_GETPASS = @REPLACE_GETPASS@
+REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@
+REPLACE_GMTIME = @REPLACE_GMTIME@
+REPLACE_INET_NTOP = @REPLACE_INET_NTOP@
+REPLACE_INET_PTON = @REPLACE_INET_PTON@
+REPLACE_INITSTATE = @REPLACE_INITSTATE@
+REPLACE_IOCTL = @REPLACE_IOCTL@
+REPLACE_ISATTY = @REPLACE_ISATTY@
+REPLACE_ITOLD = @REPLACE_ITOLD@
+REPLACE_LCHOWN = @REPLACE_LCHOWN@
+REPLACE_LINK = @REPLACE_LINK@
+REPLACE_LINKAT = @REPLACE_LINKAT@
+REPLACE_LOCALECONV = @REPLACE_LOCALECONV@
+REPLACE_LOCALTIME = @REPLACE_LOCALTIME@
+REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@
+REPLACE_LSEEK = @REPLACE_LSEEK@
+REPLACE_LSTAT = @REPLACE_LSTAT@
+REPLACE_MALLOC = @REPLACE_MALLOC@
+REPLACE_MBRLEN = @REPLACE_MBRLEN@
+REPLACE_MBRTOWC = @REPLACE_MBRTOWC@
+REPLACE_MBSINIT = @REPLACE_MBSINIT@
+REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@
+REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@
+REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@
+REPLACE_MBTOWC = @REPLACE_MBTOWC@
+REPLACE_MEMCHR = @REPLACE_MEMCHR@
+REPLACE_MEMMEM = @REPLACE_MEMMEM@
+REPLACE_MKDIR = @REPLACE_MKDIR@
+REPLACE_MKFIFO = @REPLACE_MKFIFO@
+REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@
+REPLACE_MKNOD = @REPLACE_MKNOD@
+REPLACE_MKNODAT = @REPLACE_MKNODAT@
+REPLACE_MKSTEMP = @REPLACE_MKSTEMP@
+REPLACE_MKTIME = @REPLACE_MKTIME@
+REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@
+REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@
+REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@
+REPLACE_NULL = @REPLACE_NULL@
+REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@
+REPLACE_OPEN = @REPLACE_OPEN@
+REPLACE_OPENAT = @REPLACE_OPENAT@
+REPLACE_PERROR = @REPLACE_PERROR@
+REPLACE_POPEN = @REPLACE_POPEN@
+REPLACE_POSIX_MEMALIGN = @REPLACE_POSIX_MEMALIGN@
+REPLACE_PREAD = @REPLACE_PREAD@
+REPLACE_PRINTF = @REPLACE_PRINTF@
+REPLACE_PSELECT = @REPLACE_PSELECT@
+REPLACE_PTHREAD_ATTR_DESTROY = @REPLACE_PTHREAD_ATTR_DESTROY@
+REPLACE_PTHREAD_ATTR_GETDETACHSTATE = @REPLACE_PTHREAD_ATTR_GETDETACHSTATE@
+REPLACE_PTHREAD_ATTR_INIT = @REPLACE_PTHREAD_ATTR_INIT@
+REPLACE_PTHREAD_ATTR_SETDETACHSTATE = @REPLACE_PTHREAD_ATTR_SETDETACHSTATE@
+REPLACE_PTHREAD_CONDATTR_DESTROY = @REPLACE_PTHREAD_CONDATTR_DESTROY@
+REPLACE_PTHREAD_CONDATTR_INIT = @REPLACE_PTHREAD_CONDATTR_INIT@
+REPLACE_PTHREAD_COND_BROADCAST = @REPLACE_PTHREAD_COND_BROADCAST@
+REPLACE_PTHREAD_COND_DESTROY = @REPLACE_PTHREAD_COND_DESTROY@
+REPLACE_PTHREAD_COND_INIT = @REPLACE_PTHREAD_COND_INIT@
+REPLACE_PTHREAD_COND_SIGNAL = @REPLACE_PTHREAD_COND_SIGNAL@
+REPLACE_PTHREAD_COND_TIMEDWAIT = @REPLACE_PTHREAD_COND_TIMEDWAIT@
+REPLACE_PTHREAD_COND_WAIT = @REPLACE_PTHREAD_COND_WAIT@
+REPLACE_PTHREAD_CREATE = @REPLACE_PTHREAD_CREATE@
+REPLACE_PTHREAD_DETACH = @REPLACE_PTHREAD_DETACH@
+REPLACE_PTHREAD_EQUAL = @REPLACE_PTHREAD_EQUAL@
+REPLACE_PTHREAD_EXIT = @REPLACE_PTHREAD_EXIT@
+REPLACE_PTHREAD_GETSPECIFIC = @REPLACE_PTHREAD_GETSPECIFIC@
+REPLACE_PTHREAD_JOIN = @REPLACE_PTHREAD_JOIN@
+REPLACE_PTHREAD_KEY_CREATE = @REPLACE_PTHREAD_KEY_CREATE@
+REPLACE_PTHREAD_KEY_DELETE = @REPLACE_PTHREAD_KEY_DELETE@
+REPLACE_PTHREAD_MUTEXATTR_DESTROY = @REPLACE_PTHREAD_MUTEXATTR_DESTROY@
+REPLACE_PTHREAD_MUTEXATTR_GETROBUST = @REPLACE_PTHREAD_MUTEXATTR_GETROBUST@
+REPLACE_PTHREAD_MUTEXATTR_GETTYPE = @REPLACE_PTHREAD_MUTEXATTR_GETTYPE@
+REPLACE_PTHREAD_MUTEXATTR_INIT = @REPLACE_PTHREAD_MUTEXATTR_INIT@
+REPLACE_PTHREAD_MUTEXATTR_SETROBUST = @REPLACE_PTHREAD_MUTEXATTR_SETROBUST@
+REPLACE_PTHREAD_MUTEXATTR_SETTYPE = @REPLACE_PTHREAD_MUTEXATTR_SETTYPE@
+REPLACE_PTHREAD_MUTEX_DESTROY = @REPLACE_PTHREAD_MUTEX_DESTROY@
+REPLACE_PTHREAD_MUTEX_INIT = @REPLACE_PTHREAD_MUTEX_INIT@
+REPLACE_PTHREAD_MUTEX_LOCK = @REPLACE_PTHREAD_MUTEX_LOCK@
+REPLACE_PTHREAD_MUTEX_TIMEDLOCK = @REPLACE_PTHREAD_MUTEX_TIMEDLOCK@
+REPLACE_PTHREAD_MUTEX_TRYLOCK = @REPLACE_PTHREAD_MUTEX_TRYLOCK@
+REPLACE_PTHREAD_MUTEX_UNLOCK = @REPLACE_PTHREAD_MUTEX_UNLOCK@
+REPLACE_PTHREAD_ONCE = @REPLACE_PTHREAD_ONCE@
+REPLACE_PTHREAD_RWLOCKATTR_DESTROY = @REPLACE_PTHREAD_RWLOCKATTR_DESTROY@
+REPLACE_PTHREAD_RWLOCKATTR_INIT = @REPLACE_PTHREAD_RWLOCKATTR_INIT@
+REPLACE_PTHREAD_RWLOCK_DESTROY = @REPLACE_PTHREAD_RWLOCK_DESTROY@
+REPLACE_PTHREAD_RWLOCK_INIT = @REPLACE_PTHREAD_RWLOCK_INIT@
+REPLACE_PTHREAD_RWLOCK_RDLOCK = @REPLACE_PTHREAD_RWLOCK_RDLOCK@
+REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK@
+REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK@
+REPLACE_PTHREAD_RWLOCK_TRYRDLOCK = @REPLACE_PTHREAD_RWLOCK_TRYRDLOCK@
+REPLACE_PTHREAD_RWLOCK_TRYWRLOCK = @REPLACE_PTHREAD_RWLOCK_TRYWRLOCK@
+REPLACE_PTHREAD_RWLOCK_UNLOCK = @REPLACE_PTHREAD_RWLOCK_UNLOCK@
+REPLACE_PTHREAD_RWLOCK_WRLOCK = @REPLACE_PTHREAD_RWLOCK_WRLOCK@
+REPLACE_PTHREAD_SELF = @REPLACE_PTHREAD_SELF@
+REPLACE_PTHREAD_SETSPECIFIC = @REPLACE_PTHREAD_SETSPECIFIC@
+REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@
+REPLACE_PTHREAD_SPIN_DESTROY = @REPLACE_PTHREAD_SPIN_DESTROY@
+REPLACE_PTHREAD_SPIN_INIT = @REPLACE_PTHREAD_SPIN_INIT@
+REPLACE_PTHREAD_SPIN_LOCK = @REPLACE_PTHREAD_SPIN_LOCK@
+REPLACE_PTHREAD_SPIN_TRYLOCK = @REPLACE_PTHREAD_SPIN_TRYLOCK@
+REPLACE_PTHREAD_SPIN_UNLOCK = @REPLACE_PTHREAD_SPIN_UNLOCK@
+REPLACE_PTSNAME = @REPLACE_PTSNAME@
+REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@
+REPLACE_PUTENV = @REPLACE_PUTENV@
+REPLACE_PWRITE = @REPLACE_PWRITE@
+REPLACE_QSORT_R = @REPLACE_QSORT_R@
+REPLACE_RAISE = @REPLACE_RAISE@
+REPLACE_RANDOM = @REPLACE_RANDOM@
+REPLACE_RANDOM_R = @REPLACE_RANDOM_R@
+REPLACE_READ = @REPLACE_READ@
+REPLACE_READLINK = @REPLACE_READLINK@
+REPLACE_READLINKAT = @REPLACE_READLINKAT@
+REPLACE_REALLOC = @REPLACE_REALLOC@
+REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@
+REPLACE_REALPATH = @REPLACE_REALPATH@
+REPLACE_REMOVE = @REPLACE_REMOVE@
+REPLACE_RENAME = @REPLACE_RENAME@
+REPLACE_RENAMEAT = @REPLACE_RENAMEAT@
+REPLACE_RMDIR = @REPLACE_RMDIR@
+REPLACE_SCHED_YIELD = @REPLACE_SCHED_YIELD@
+REPLACE_SELECT = @REPLACE_SELECT@
+REPLACE_SETENV = @REPLACE_SETENV@
+REPLACE_SETLOCALE = @REPLACE_SETLOCALE@
+REPLACE_SETSTATE = @REPLACE_SETSTATE@
+REPLACE_SLEEP = @REPLACE_SLEEP@
+REPLACE_SNPRINTF = @REPLACE_SNPRINTF@
+REPLACE_SPRINTF = @REPLACE_SPRINTF@
+REPLACE_STAT = @REPLACE_STAT@
+REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@
+REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@
+REPLACE_STPNCPY = @REPLACE_STPNCPY@
+REPLACE_STRCASESTR = @REPLACE_STRCASESTR@
+REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@
+REPLACE_STRDUP = @REPLACE_STRDUP@
+REPLACE_STRERROR = @REPLACE_STRERROR@
+REPLACE_STRERRORNAME_NP = @REPLACE_STRERRORNAME_NP@
+REPLACE_STRERROR_R = @REPLACE_STRERROR_R@
+REPLACE_STRFTIME = @REPLACE_STRFTIME@
+REPLACE_STRNCAT = @REPLACE_STRNCAT@
+REPLACE_STRNDUP = @REPLACE_STRNDUP@
+REPLACE_STRNLEN = @REPLACE_STRNLEN@
+REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@
+REPLACE_STRSTR = @REPLACE_STRSTR@
+REPLACE_STRTOD = @REPLACE_STRTOD@
+REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@
+REPLACE_STRTOK_R = @REPLACE_STRTOK_R@
+REPLACE_STRTOL = @REPLACE_STRTOL@
+REPLACE_STRTOLD = @REPLACE_STRTOLD@
+REPLACE_STRTOLL = @REPLACE_STRTOLL@
+REPLACE_STRTOUL = @REPLACE_STRTOUL@
+REPLACE_STRTOULL = @REPLACE_STRTOULL@
+REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@
+REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@
+REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@
+REPLACE_SYMLINK = @REPLACE_SYMLINK@
+REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@
+REPLACE_TIMEGM = @REPLACE_TIMEGM@
+REPLACE_TMPFILE = @REPLACE_TMPFILE@
+REPLACE_TRUNCATE = @REPLACE_TRUNCATE@
+REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@
+REPLACE_TZSET = @REPLACE_TZSET@
+REPLACE_UNLINK = @REPLACE_UNLINK@
+REPLACE_UNLINKAT = @REPLACE_UNLINKAT@
+REPLACE_UNSETENV = @REPLACE_UNSETENV@
+REPLACE_USLEEP = @REPLACE_USLEEP@
+REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@
+REPLACE_VASPRINTF = @REPLACE_VASPRINTF@
+REPLACE_VDPRINTF = @REPLACE_VDPRINTF@
+REPLACE_VFPRINTF = @REPLACE_VFPRINTF@
+REPLACE_VPRINTF = @REPLACE_VPRINTF@
+REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@
+REPLACE_VSPRINTF = @REPLACE_VSPRINTF@
+REPLACE_WCRTOMB = @REPLACE_WCRTOMB@
+REPLACE_WCSFTIME = @REPLACE_WCSFTIME@
+REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@
+REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@
+REPLACE_WCSTOK = @REPLACE_WCSTOK@
+REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@
+REPLACE_WCTOB = @REPLACE_WCTOB@
+REPLACE_WCTOMB = @REPLACE_WCTOMB@
+REPLACE_WCWIDTH = @REPLACE_WCWIDTH@
+REPLACE_WRITE = @REPLACE_WRITE@
+SED = @SED@
+SERVENT_LIB = @SERVENT_LIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDALIGN_H = @STDALIGN_H@
+STDBOOL_H = @STDBOOL_H@
+STDDEF_H = @STDDEF_H@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@
+SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
+SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@
+TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@
+TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@
+TROUSERS_LIB = @TROUSERS_LIB@
+TSS2_CFLAGS = @TSS2_CFLAGS@
+TSS2_LIBS = @TSS2_LIBS@
+TSS_CFLAGS = @TSS_CFLAGS@
+TSS_LIBS = @TSS_LIBS@
+UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@
+UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@
+UNBOUND_CFLAGS = @UNBOUND_CFLAGS@
+UNBOUND_LIBS = @UNBOUND_LIBS@
+UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@
+UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@
+UNISTD_H_HAVE_SYS_RANDOM_H = @UNISTD_H_HAVE_SYS_RANDOM_H@
+UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@
+UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
+USE_NLS = @USE_NLS@
+VALGRIND = @VALGRIND@
+VALGRINDFLAGS = @VALGRINDFLAGS@
+VALGRIND_PROGRAM = @VALGRIND_PROGRAM@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@
+WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@
+WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@
+WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+YIELD_LIB = @YIELD_LIB@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+ggl_LIBOBJS = @ggl_LIBOBJS@
+ggl_LTLIBOBJS = @ggl_LTLIBOBJS@
+ggltests_LIBOBJS = @ggltests_LIBOBJS@
+ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@
+ggltests_WITNESS = @ggltests_WITNESS@
+gl_LIBOBJS = @gl_LIBOBJS@
+gl_LTLIBOBJS = @gl_LTLIBOBJS@
+gltests_LIBOBJS = @gltests_LIBOBJS@
+gltests_LTLIBOBJS = @gltests_LTLIBOBJS@
+gltests_WITNESS = @gltests_WITNESS@
+gnutls_so = @gnutls_so@
+guile_snarf = @guile_snarf@
+guileextensiondir = @guileextensiondir@
+guilesiteccachedir = @guilesiteccachedir@
+guilesitedir = @guilesitedir@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+ifGNUmake = @ifGNUmake@
+ifnGNUmake = @ifnGNUmake@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+maybe_guileextensiondir = @maybe_guileextensiondir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+unistring_LIBOBJS = @unistring_LIBOBJS@
+unistring_LTLIBOBJS = @unistring_LTLIBOBJS@
+unistringtests_LIBOBJS = @unistringtests_LIBOBJS@
+unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@
+unistringtests_WITNESS = @unistringtests_WITNESS@
+EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem \
+	data/template-test.key data/template-test.pem templates/template-test.tmpl \
+	data/funny-spacing.pem data/ca-certs.pem data/dane-test.rr data/cert-ecc256.pem \
+	data/bmpstring.pem data/template-utf8.pem templates/template-utf8.tmpl \
+	templates/template-dn.tmpl data/template-dn.pem data/complex-cert.pem \
+	data/template-overflow.pem templates/template-overflow.tmpl data/template-overflow2.pem \
+	templates/template-overflow2.tmpl data/template-crq.pem data/cert-ecc256-full.pem \
+	templates/template-date.tmpl data/template-date.pem templates/template-dn-err.tmpl \
+	templates/template-nc.tmpl data/template-nc.pem data/xmpp-othername.pem \
+	suppressions.valgrind data/csr-invalid.der data/invalid-sig2.pem data/invalid-sig3.pem \
+	data/invalid-sig.pem email-certs/chain.exclude.test.example.com email-certs/chain.test.example.com \
+	email-certs/chain.invalid.example.com email-certs/chain.test.example.com-2 \
+	data/single-ca.p7b data/single-ca.p7b.out data/full.p7b data/full.p7b.out data/detached.p7b \
+	data/pkcs7-detached.txt data/p7-combined.out data/template-generalized.pem \
+	templates/template-generalized.tmpl data/privkey1.pem data/privkey2.pem data/privkey3.pem \
+	data/name-constraints-ip.pem data/cert-invalid-utf8.der data/very-long-dn.pem \
+	data/provable3072.pem data/provable2048.pem data/provable-dsa2048.pem \
+	data/provable-dsa2048-fips.pem templates/template-crq.tmpl data/invalid-sig5.pem \
+	templates/template-unique.tmpl data/template-unique.pem data/invalid-sig4.pem \
+	templates/template-othername.tmpl data/template-othername.pem \
+	templates/template-othername-xmpp.tmpl data/template-othername-xmpp.pem \
+	templates/template-krb5name.tmpl data/crl-demo1.pem data/crl-demo2.pem data/crl-demo3.pem \
+	data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \
+	data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \
+	data/template-rsa-sha3-384.pem data/long-oids.pem \
+	data/name-constraints-ip2.pem data/chain-md5.pem data/pubkey-ecc256.pem \
+	templates/template-dates-after2038.tmpl data/template-dates-after2038.pem \
+	data/gost-cert.pem data/gost-cert-nogost.pem data/gost94-cert.pem \
+	templates/template-tlsfeature.tmpl data/cert-with-crl.p12 \
+	data/template-tlsfeature.pem data/template-tlsfeature.csr \
+	templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \
+	data/arb-extensions.csr data/pkcs1-pad-ok.pem data/pkcs1-pad-broken.pem \
+	data/pkcs1-pad-ok2.pem data/pkcs1-pad-broken2.pem data/pkcs1-pad-broken3.pem \
+	data/client.p12 data/noclient.p12 data/unclient.p12 data/pkcs12_2certs.p12 \
+	data/pkcs12_5certs.p12 data/test-null.p12 data/cert-ca.p12 data/sha256.p12 \
+	data/key-ca.pem data/key-subca.pem data/key-subsubca.pem data/key-user.pem \
+	data/key-dsa.pem data/key-ca-dsa.pem data/key-subca-dsa.pem \
+	data/ca-public.gpg data/srv-public-all-signed.gpg data/srv-secret.gpg \
+	data/ca-secret.gpg data/srv-public.gpg data/srv-public-127.0.0.1-signed.gpg	\
+	data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \
+	data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \
+	data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \
+	data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \
+	data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \
+	data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \
+	data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem data/x509-v3-with-fractional-time.pem \
+	templates/template-long-dns.tmpl templates/template-long-serial.tmpl \
+	data/key-rsa-pss-raw.pem data/key-rsa-pss.pem data/cve-2019-3829.pem \
+	data/long-dns.pem data/template-long-dns-crq.pem data/chain-with-critical-on-root.pem \
+	data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \
+	templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem \
+	data/key-corpus-rc2-1.p12 data/key-corpus-rc2-2.p12 data/key-corpus-rc2-3.p12 \
+	data/key-corpus-rc2-1.p12.out data/no-salt.p12 data/mac-sha512.p12 data/pbes1-no-salt.p12 \
+	templates/inhibit-anypolicy.tmpl data/inhibit-anypolicy.pem data/aes-128.p12 \
+	data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \
+	data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \
+	data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \
+	data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \
+	data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \
+	data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s \
+	data/key-ca.pem data/key-user.pem data/template-sgenerate.pem \
+	data/ca-gnutls-keyid.pem data/ca-no-keyid.pem data/ca-weird-keyid.pem \
+	data/key-ca-1234.p8 data/key-ca-empty.p8 data/key-ca-null.p8 \
+	data/openssl-key-ecc.p8 data/key-ecc.p8 data/key-ecc.pem suppressions.valgrind \
+	data/encpkcs8.pem data/unencpkcs8.pem data/enc2pkcs8.pem data/dup-exts.pem \
+	data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \
+	data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \
+	data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \
+	data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \
+	data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem data/pkcs8-pbes2-sha256.pem \
+	data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \
+	data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \
+	data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \
+	data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \
+	data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \
+	data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \
+	data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b templates/template-no-ca.tmpl \
+	data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 data/crq-cert-no-ca.pem \
+	data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \
+	data/key-gost12-512.p8 data/grfc.crt data/gost-cert-ca.pem data/gost-cert-new.pem \
+	data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \
+	data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \
+	templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \
+	data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer \
+	templates/simple-policy.tmpl data/simple-policy.pem
+
+dist_check_SCRIPTS = pathlen.sh aki.sh invalid-sig.sh email.sh \
+	pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh \
+	name-constraints.sh certtool-long-cn.sh crl.sh \
+	provable-privkey.sh provable-dh.sh sha2-test.sh \
+	sha2-dsa-test.sh provable-privkey-dsa2048.sh \
+	provable-privkey-rsa2048.sh provable-privkey-gen-default.sh \
+	pkcs7-constraints.sh pkcs7-constraints2.sh \
+	certtool-long-oids.sh pkcs7-cat.sh cert-sanity.sh \
+	cert-critical.sh pkcs12.sh certtool-crl-decoding.sh \
+	pkcs12-encode.sh pkcs12-corner-cases.sh inhibit-anypolicy.sh \
+	smime.sh cert-time.sh alt-chain.sh pkcs7-list-sign.sh \
+	pkcs7-eddsa.sh certtool-ecdsa.sh key-id.sh pkcs8.sh \
+	pkcs8-decode.sh ecdsa.sh illegal-rsa.sh pkcs8-invalid.sh \
+	key-invalid.sh pkcs8-eddsa.sh certtool-subca.sh \
+	certtool-verify-profiles.sh x509-duplicate-ext.sh \
+	x25519-and-x448.sh key-id.sh ecdsa.sh pkcs8-invalid.sh \
+	key-invalid.sh pkcs8-decode.sh pkcs8.sh pkcs8-eddsa.sh \
+	certtool-utf8.sh crq.sh $(am__append_1) $(am__append_2) \
+	$(am__append_3) $(am__append_4) $(am__append_5) \
+	$(am__append_6) $(am__append_7) certtool-rsa-pss.sh \
+	certtool-eddsa.sh
+TESTS = $(dist_check_SCRIPTS)
+
+# Set detect_leaks=0 to ASAN. It seems it is detecting many leaks in tools
+# which are not trivial, and makes no point to address.
+TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) LC_ALL="C" \
+	VALGRIND='$(LOG_VALGRIND)' LIBTOOL="$(LIBTOOL)" \
+	top_builddir="$(top_builddir)" \
+	abs_top_builddir="$(abs_top_builddir)" \
+	ac_cv_sizeof_time_t="$(ac_cv_sizeof_time_t)" \
+	ASAN_OPTIONS="detect_leaks=0:exitcode=6" \
+	GNUTLS_TEST_SUITE_RUN=1 \
+	GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \
+	PKCS12_ITER_COUNT="$(PKCS12_ITER_COUNT)" srcdir="$(srcdir)" \
+	$(am__append_8) $(am__append_9) $(am__append_10) \
+	$(am__append_11) $(am__append_12)
+LOG_COMPILER = $(LOG_VALGRIND)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .log .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/cert-tests/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/cert-tests/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(dist_check_SCRIPTS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(dist_check_SCRIPTS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+pathlen.sh.log: pathlen.sh
+	@p='pathlen.sh'; \
+	b='pathlen.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+aki.sh.log: aki.sh
+	@p='aki.sh'; \
+	b='aki.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+invalid-sig.sh.log: invalid-sig.sh
+	@p='invalid-sig.sh'; \
+	b='invalid-sig.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+email.sh.log: email.sh
+	@p='email.sh'; \
+	b='email.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7.sh.log: pkcs7.sh
+	@p='pkcs7.sh'; \
+	b='pkcs7.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7-broken-sigs.sh.log: pkcs7-broken-sigs.sh
+	@p='pkcs7-broken-sigs.sh'; \
+	b='pkcs7-broken-sigs.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+privkey-import.sh.log: privkey-import.sh
+	@p='privkey-import.sh'; \
+	b='privkey-import.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+name-constraints.sh.log: name-constraints.sh
+	@p='name-constraints.sh'; \
+	b='name-constraints.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-long-cn.sh.log: certtool-long-cn.sh
+	@p='certtool-long-cn.sh'; \
+	b='certtool-long-cn.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+crl.sh.log: crl.sh
+	@p='crl.sh'; \
+	b='crl.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+provable-privkey.sh.log: provable-privkey.sh
+	@p='provable-privkey.sh'; \
+	b='provable-privkey.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+provable-dh.sh.log: provable-dh.sh
+	@p='provable-dh.sh'; \
+	b='provable-dh.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+sha2-test.sh.log: sha2-test.sh
+	@p='sha2-test.sh'; \
+	b='sha2-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+sha2-dsa-test.sh.log: sha2-dsa-test.sh
+	@p='sha2-dsa-test.sh'; \
+	b='sha2-dsa-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+provable-privkey-dsa2048.sh.log: provable-privkey-dsa2048.sh
+	@p='provable-privkey-dsa2048.sh'; \
+	b='provable-privkey-dsa2048.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+provable-privkey-rsa2048.sh.log: provable-privkey-rsa2048.sh
+	@p='provable-privkey-rsa2048.sh'; \
+	b='provable-privkey-rsa2048.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+provable-privkey-gen-default.sh.log: provable-privkey-gen-default.sh
+	@p='provable-privkey-gen-default.sh'; \
+	b='provable-privkey-gen-default.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7-constraints.sh.log: pkcs7-constraints.sh
+	@p='pkcs7-constraints.sh'; \
+	b='pkcs7-constraints.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7-constraints2.sh.log: pkcs7-constraints2.sh
+	@p='pkcs7-constraints2.sh'; \
+	b='pkcs7-constraints2.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-long-oids.sh.log: certtool-long-oids.sh
+	@p='certtool-long-oids.sh'; \
+	b='certtool-long-oids.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7-cat.sh.log: pkcs7-cat.sh
+	@p='pkcs7-cat.sh'; \
+	b='pkcs7-cat.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+cert-sanity.sh.log: cert-sanity.sh
+	@p='cert-sanity.sh'; \
+	b='cert-sanity.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+cert-critical.sh.log: cert-critical.sh
+	@p='cert-critical.sh'; \
+	b='cert-critical.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs12.sh.log: pkcs12.sh
+	@p='pkcs12.sh'; \
+	b='pkcs12.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-crl-decoding.sh.log: certtool-crl-decoding.sh
+	@p='certtool-crl-decoding.sh'; \
+	b='certtool-crl-decoding.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs12-encode.sh.log: pkcs12-encode.sh
+	@p='pkcs12-encode.sh'; \
+	b='pkcs12-encode.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs12-corner-cases.sh.log: pkcs12-corner-cases.sh
+	@p='pkcs12-corner-cases.sh'; \
+	b='pkcs12-corner-cases.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+inhibit-anypolicy.sh.log: inhibit-anypolicy.sh
+	@p='inhibit-anypolicy.sh'; \
+	b='inhibit-anypolicy.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+smime.sh.log: smime.sh
+	@p='smime.sh'; \
+	b='smime.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+cert-time.sh.log: cert-time.sh
+	@p='cert-time.sh'; \
+	b='cert-time.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+alt-chain.sh.log: alt-chain.sh
+	@p='alt-chain.sh'; \
+	b='alt-chain.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7-list-sign.sh.log: pkcs7-list-sign.sh
+	@p='pkcs7-list-sign.sh'; \
+	b='pkcs7-list-sign.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs7-eddsa.sh.log: pkcs7-eddsa.sh
+	@p='pkcs7-eddsa.sh'; \
+	b='pkcs7-eddsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-ecdsa.sh.log: certtool-ecdsa.sh
+	@p='certtool-ecdsa.sh'; \
+	b='certtool-ecdsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+key-id.sh.log: key-id.sh
+	@p='key-id.sh'; \
+	b='key-id.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs8.sh.log: pkcs8.sh
+	@p='pkcs8.sh'; \
+	b='pkcs8.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs8-decode.sh.log: pkcs8-decode.sh
+	@p='pkcs8-decode.sh'; \
+	b='pkcs8-decode.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+ecdsa.sh.log: ecdsa.sh
+	@p='ecdsa.sh'; \
+	b='ecdsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+illegal-rsa.sh.log: illegal-rsa.sh
+	@p='illegal-rsa.sh'; \
+	b='illegal-rsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs8-invalid.sh.log: pkcs8-invalid.sh
+	@p='pkcs8-invalid.sh'; \
+	b='pkcs8-invalid.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+key-invalid.sh.log: key-invalid.sh
+	@p='key-invalid.sh'; \
+	b='key-invalid.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs8-eddsa.sh.log: pkcs8-eddsa.sh
+	@p='pkcs8-eddsa.sh'; \
+	b='pkcs8-eddsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-subca.sh.log: certtool-subca.sh
+	@p='certtool-subca.sh'; \
+	b='certtool-subca.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-verify-profiles.sh.log: certtool-verify-profiles.sh
+	@p='certtool-verify-profiles.sh'; \
+	b='certtool-verify-profiles.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+x509-duplicate-ext.sh.log: x509-duplicate-ext.sh
+	@p='x509-duplicate-ext.sh'; \
+	b='x509-duplicate-ext.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+x25519-and-x448.sh.log: x25519-and-x448.sh
+	@p='x25519-and-x448.sh'; \
+	b='x25519-and-x448.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-utf8.sh.log: certtool-utf8.sh
+	@p='certtool-utf8.sh'; \
+	b='certtool-utf8.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+crq.sh.log: crq.sh
+	@p='crq.sh'; \
+	b='crq.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+cert-non-digits-time.sh.log: cert-non-digits-time.sh
+	@p='cert-non-digits-time.sh'; \
+	b='cert-non-digits-time.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+reject-invalid-time.sh.log: reject-invalid-time.sh
+	@p='reject-invalid-time.sh'; \
+	b='reject-invalid-time.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tolerate-invalid-time.sh.log: tolerate-invalid-time.sh
+	@p='tolerate-invalid-time.sh'; \
+	b='tolerate-invalid-time.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+provable-dh-default.sh.log: provable-dh-default.sh
+	@p='provable-dh-default.sh'; \
+	b='provable-dh-default.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+template-test.sh.log: template-test.sh
+	@p='template-test.sh'; \
+	b='template-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pem-decoding.sh.log: pem-decoding.sh
+	@p='pem-decoding.sh'; \
+	b='pem-decoding.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+othername-test.sh.log: othername-test.sh
+	@p='othername-test.sh'; \
+	b='othername-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+krb5-test.sh.log: krb5-test.sh
+	@p='krb5-test.sh'; \
+	b='krb5-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+sha3-test.sh.log: sha3-test.sh
+	@p='sha3-test.sh'; \
+	b='sha3-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+md5-test.sh.log: md5-test.sh
+	@p='md5-test.sh'; \
+	b='md5-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tlsfeature-test.sh.log: tlsfeature-test.sh
+	@p='tlsfeature-test.sh'; \
+	b='tlsfeature-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+template-exts-test.sh.log: template-exts-test.sh
+	@p='template-exts-test.sh'; \
+	b='template-exts-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs1-pad.sh.log: pkcs1-pad.sh
+	@p='pkcs1-pad.sh'; \
+	b='pkcs1-pad.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs12-utf8.sh.log: pkcs12-utf8.sh
+	@p='pkcs12-utf8.sh'; \
+	b='pkcs12-utf8.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+rsa-pss-pad.sh.log: rsa-pss-pad.sh
+	@p='rsa-pss-pad.sh'; \
+	b='rsa-pss-pad.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+dsa.sh.log: dsa.sh
+	@p='dsa.sh'; \
+	b='dsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool.sh.log: certtool.sh
+	@p='certtool.sh'; \
+	b='certtool.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+template-policy-test.sh.log: template-policy-test.sh
+	@p='template-policy-test.sh'; \
+	b='template-policy-test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+dane.sh.log: dane.sh
+	@p='dane.sh'; \
+	b='dane.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+gost.sh.log: gost.sh
+	@p='gost.sh'; \
+	b='gost.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs12-gost.sh.log: pkcs12-gost.sh
+	@p='pkcs12-gost.sh'; \
+	b='pkcs12-gost.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+pkcs8-gost.sh.log: pkcs8-gost.sh
+	@p='pkcs8-gost.sh'; \
+	b='pkcs8-gost.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-rsa-pss.sh.log: certtool-rsa-pss.sh
+	@p='certtool-rsa-pss.sh'; \
+	b='certtool-rsa-pss.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+certtool-eddsa.sh.log: certtool-eddsa.sh
+	@p='certtool-eddsa.sh'; \
+	b='certtool-eddsa.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-local
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: all all-am check check-TESTS check-am clean clean-generic \
+	clean-libtool cscopelist-am ctags-am distclean \
+	distclean-generic distclean-libtool distclean-local distdir \
+	dvi dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am recheck tags-am \
+	uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+distclean-local:
+	rm -rf tmp-* *.tmp
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/cert-tests/aki.sh b/tests/cert-tests/aki.sh
new file mode 100755
index 0000000..b7bbe91
--- /dev/null
+++ b/tests/cert-tests/aki.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TMPFILE=aki-$$.tmp
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/aki-cert.pem" \
+	|grep -v "Algorithm Security Level"|grep -v ^warning > $TMPFILE
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "info failed"
+	exit ${rc}
+fi
+
+${DIFF} "${srcdir}/data/aki-cert.pem" $TMPFILE
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	exit ${rc}
+fi
+
+rm -f $TMPFILE
+
+exit 0
diff --git a/tests/cert-tests/alt-chain.sh b/tests/cert-tests/alt-chain.sh
new file mode 100755
index 0000000..d72bfa4
--- /dev/null
+++ b/tests/cert-tests/alt-chain.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem"
+NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem"
+
+echo ""
+datefudge -s "2017-5-10" \
+${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${OLD_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE}
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "alt chain failed verification (1)"
+	cat $OUTFILE
+	exit ${rc}
+fi
+
+echo ""
+datefudge -s "2017-5-10" \
+${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${NEW_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "alt chain failed verification (2)"
+	cat $OUTFILE
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/cert-critical.sh b/tests/cert-tests/cert-critical.sh
new file mode 100755
index 0000000..5734c3f
--- /dev/null
+++ b/tests/cert-tests/cert-critical.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge "2017-2-28" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "There was an issue verifying the chain"
+	exit 1
+fi
+
+datefudge "2017-2-28" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-endcert.pem
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "There was an issue verifying the chain"
+	exit 1
+fi
+
+datefudge "2017-2-28" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-intermediate.pem
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "There was an issue verifying the chain"
+	exit 1
+fi
+
+
+exit 0
diff --git a/tests/cert-tests/cert-non-digits-time.sh b/tests/cert-tests/cert-non-digits-time.sh
new file mode 100755
index 0000000..1c72a9c
--- /dev/null
+++ b/tests/cert-tests/cert-non-digits-time.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+    exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+    VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+skip_if_no_datefudge
+
+# Check whether certificates with non-digits time fields are accepted
+datefudge -s "2019-12-19" \
+${VALGRIND}"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-with-non-digits-time-ca.pem" --infile "${srcdir}/data/cert-with-non-digits-time.pem"
+rc=$?
+
+if test "${rc}" = "0";then
+    echo "certificate whose notbefore field is a non-digits was accepted"
+    exit 1
+fi
+
+exit 0
diff --git a/tests/cert-tests/cert-sanity.sh b/tests/cert-tests/cert-sanity.sh
new file mode 100755
index 0000000..c2d63d9
--- /dev/null
+++ b/tests/cert-tests/cert-sanity.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+# This checks whether invalid certificates are accepted
+
+# x509-v1-with-sid.pem: X509v1 certificate with subject unique ID
+# x509-v1-with-iid.pem: X509v1 certificate with issuer unique ID
+# x509-v3-with-fractional-time.pem: X509v3 certificate with fractional time
+# x509-with-zero-version.pem: X509 certificate with version being zero
+
+for file in x509-v1-with-sid.pem x509-v1-with-iid.pem x509-v3-with-fractional-time.pem \
+	x509-with-zero-version.pem; do
+
+	${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file"
+	rc=$?
+
+	if test "${rc}" != 1; then
+		echo "Illegal X509 certificate was accepted"
+		exit 1
+	fi
+done
+
+exit 0
diff --git a/tests/cert-tests/cert-time.sh b/tests/cert-tests/cert-time.sh
new file mode 100755
index 0000000..3310250
--- /dev/null
+++ b/tests/cert-tests/cert-time.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+# Check whether certificates with invalid time fields are accepted
+for file in invalid-date-hour.der invalid-date-mins.der invalid-date-secs.der invalid-date-month.der invalid-date-day.der;do
+	${VALGRIND} "${CERTTOOL}" --inder -i --infile "${srcdir}/data/$file"
+	rc=$?
+
+	if test "${rc}" = "0";then
+		echo "file $file was accepted"
+		exit 1
+	fi
+done
+
+exit 0
diff --git a/tests/cert-tests/certtool-crl-decoding.sh b/tests/cert-tests/certtool-crl-decoding.sh
new file mode 100755
index 0000000..7480150
--- /dev/null
+++ b/tests/cert-tests/certtool-crl-decoding.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This checks whether OIDs > 2^32 are correctly decoded.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+OUTFILE="crl.$$.pem"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3"
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+# crl-demo1.pem: version 2 CRL with a single extension
+# crl-demo2.pem: version 2 CRL with two extensions (one critical)
+# crl-demo3.pem: version 1 CRL with many revoked certificates
+
+for i in "crl-demo1.pem" "crl-demo2.pem" "crl-demo3.pem";do
+${VALGRIND} "${CERTTOOL}" --crl-info --infile "${srcdir}/data/$i" >$OUTFILE
+if test $? != 0; then
+	echo "Could not read CRL $i"
+	exit 1
+fi
+
+check_if_equal ${OUTFILE} "${srcdir}/data/$i" "warning:"
+if test $? != 0; then
+	echo "Error in parsing cert with long OIDs"
+	exit 1
+fi
+
+done
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/certtool-ecdsa.sh b/tests/cert-tests/certtool-ecdsa.sh
new file mode 100755
index 0000000..885efe2
--- /dev/null
+++ b/tests/cert-tests/certtool-ecdsa.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2018 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+KEYFILE=ecdsa-privkey.$$.tmp
+TMPFILE=ecdsa.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	exit 77
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-ecc256-full.pem" --outfile "${TMPFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "There was an issue parsing the certificate"
+	exit 1
+fi
+
+check_if_equal ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem" "Not After:"
+if test $? != 0;then
+	echo "Error in parsing ECDSA cert"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-ecc256.pem" --outfile "${TMPFILE}"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Could not read an ECDSA public key"
+	exit 1
+fi
+
+check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem"
+if test $? != 0;then
+	echo "Error in parsing ECDSA public key"
+	exit 1
+fi
+
+
+# Create an ECDSA
+${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \
+        --ecdsa --outfile "$KEYFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate an ECDSA key"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" >/dev/null
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Could not read generated an ECDSA key"
+	exit 1
+fi
+
+rm -f "${TMPFILE}" "${KEYFILE}"
+
+exit 0
diff --git a/tests/cert-tests/certtool-eddsa.sh b/tests/cert-tests/certtool-eddsa.sh
new file mode 100755
index 0000000..2fc027a
--- /dev/null
+++ b/tests/cert-tests/certtool-eddsa.sh
@@ -0,0 +1,139 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+KEYFILE=eddsa-privkey.$$.tmp
+TMPFILE=eddsa.$$.tmp
+TMPFILE2=eddsa2.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	exit 77
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+# Test certificate in draft-ietf-curdle-pkix-04
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}"
+
+if test $? != 0; then
+	echo "There was an issue parsing the certificate"
+	exit 1
+fi
+
+check_if_equal ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" "Not After:"
+if test $? != 0;then
+	echo "Error in parsing EdDSA cert"
+	exit 1
+fi
+
+# Test public key in draft-ietf-curdle-pkix-04
+${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-eddsa.pem" --outfile "${TMPFILE}"
+if test $? != 0; then
+	echo "Could not read an EdDSA public key"
+	exit 1
+fi
+
+check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-eddsa.pem"
+if test $? != 0;then
+	echo "Error in parsing EdDSA public key"
+	exit 1
+fi
+
+
+# Create an RSA-PSS private key, restricted to the use with RSA-PSS
+${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \
+        --key-type eddsa --outfile "$KEYFILE"
+
+if test $? != 0; then
+	echo "Could not generate an EdDSA key"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE"
+if test $? != 0; then
+	echo "Could not read generated an EdDSA key"
+	exit 1
+fi
+
+
+# Create an EdDSA certificate from an EdDSA private key
+${VALGRIND} "${CERTTOOL}" --generate-self-signed \
+	--pkcs8 --load-privkey "$KEYFILE" --password '' \
+	--template "${srcdir}/templates/template-test.tmpl" \
+	--outfile "${TMPFILE}"
+
+if test $? != 0; then
+	echo "Could not generate an EdDSA certificate from an EdDSA key"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}"
+if test $? != 0; then
+	echo "There was an issue verifying the generated certificate (1)"
+	exit 1
+fi
+
+# Create an EdDSA certificate from an RSA key
+${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type eddsa \
+	    --load-privkey ${KEYFILE} \
+	    --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+	    --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+	    --template "${srcdir}/templates/template-test.tmpl" \
+	    --outfile "${TMPFILE}" 2>/dev/null
+
+if test $? != 0; then
+	echo "Could not generate an EdDSA certificate $i"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}"
+if test $? != 0; then
+	echo "There was an issue verifying the generated certificate (2)"
+	exit 1
+fi
+
+rm -f "${TMPFILE}" "${TMPFILE2}"
+rm -f "${KEYFILE}"
+
+
+skip_if_no_datefudge
+
+# Test certificate chain using Ed25519
+datefudge "2017-7-6" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem
+
+if test $? != 0; then
+	echo "There was an issue verifying the Ed25519 chain"
+	exit 1
+fi
+
+
+exit 0
diff --git a/tests/cert-tests/certtool-long-cn.sh b/tests/cert-tests/certtool-long-cn.sh
new file mode 100755
index 0000000..9614bdf
--- /dev/null
+++ b/tests/cert-tests/certtool-long-cn.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This checks whether invalid UTF8 strings trigger valgrind warnings.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+outfile="out.$$.pem"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3"
+fi
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/very-long-dn.pem" >$outfile
+rc=$?
+
+if test "${rc}" = 3;then
+	echo "Invalid memory access with cert and long CN"
+	exit 1
+fi
+
+if test "${rc}" != 0;then
+	echo "Could not read cert long CN"
+	exit 1
+fi
+
+$DIFF $outfile "${srcdir}/data/very-long-dn.pem"
+if test $? != 0;then
+	echo "Error in parsing cert with long CN"
+	exit 1
+fi
+
+rm -f "$outfile"
+
+exit 0
diff --git a/tests/cert-tests/certtool-long-oids.sh b/tests/cert-tests/certtool-long-oids.sh
new file mode 100755
index 0000000..7aa0cc9
--- /dev/null
+++ b/tests/cert-tests/certtool-long-oids.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This checks whether OIDs > 2^32 are correctly decoded.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+OUTFILE="long-oids.$$.pem.tmp"
+TMPFILE1="long-oids1.$$.pem.tmp"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3"
+fi
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/long-oids.pem"|grep -v "Not After:"|grep -v ^warning >$OUTFILE
+rc=$?
+
+if test "${rc}" != 0;then
+	echo "Could not read cert with long OIDs"
+	exit 1
+fi
+
+cat "${srcdir}/data/long-oids.pem" |grep -v "Not After:"|grep -v ^warning >${TMPFILE1}
+$DIFF ${TMPFILE1} ${OUTFILE}
+if test $? != 0;then
+	echo "Error in parsing cert with long OIDs"
+	exit 1
+fi
+
+rm -f "$OUTFILE" "${TMPFILE1}" "${TMPFILE2}"
+
+exit 0
diff --git a/tests/cert-tests/certtool-rsa-pss.sh b/tests/cert-tests/certtool-rsa-pss.sh
new file mode 100755
index 0000000..598351d
--- /dev/null
+++ b/tests/cert-tests/certtool-rsa-pss.sh
@@ -0,0 +1,226 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+OUTFILE=cert-pss-privkey.$$.tmp
+TMPFILE=cert-pss.$$.tmp
+TMPFILE2=cert2-pss.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+# Create an RSA-PSS private key, restricted to the use with RSA-PSS
+${VALGRIND} "${CERTTOOL}" --generate-privkey \
+        --key-type rsa-pss --outfile "$OUTFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate an RSA-PSS key"
+	exit 1
+fi
+
+# check whether description is present
+grep 'modulus:' ${OUTFILE}
+if test $? != 0;then
+	cat ${OUTFILE}
+	echo "PKCS#8 file does not contain modulus text"
+	exit 1
+fi
+
+for i in sha256 sha384 sha512;do
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1 && test "$i" != sha384;then
+	continue
+fi
+
+# Create an RSA-PSS private key, restricted to the use with RSA-PSS
+${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \
+        --key-type rsa-pss --hash $i --outfile "$OUTFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate an RSA-PSS key ($i)"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$OUTFILE" >/dev/null
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Could not read generated an RSA-PSS key ($i)"
+	exit 1
+fi
+
+# Create an RSA-PSS certificate from an RSA-PSS private key
+${VALGRIND} "${CERTTOOL}" --generate-self-signed \
+	--pkcs8 --load-privkey "$OUTFILE" --password '' \
+	--template "${srcdir}/templates/template-test.tmpl" \
+	--outfile "${TMPFILE}" --hash $i
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate an RSA-PSS certificate from an RSA-PSS key ($i)"
+	exit 1
+fi
+
+rm -f "${TMPFILE}"
+
+# Create an RSA-PSS certificate from an RSA-PSS private key, with
+# mismatched parameters
+for j in sha256 sha384 sha512;do
+${VALGRIND} "${CERTTOOL}" --generate-self-signed \
+	--pkcs8 --load-privkey "$OUTFILE" --password '' \
+	--template "${srcdir}/templates/template-test.tmpl" \
+	--outfile "${TMPFILE}" --hash $j
+rc=$?
+
+if test "$j" != "$j" && "${rc}" = "0"; then
+	echo "Unexpectedly succeeded to generate an RSA-PSS certificate ($j != $i)"
+	exit 1
+fi
+done
+rm -f "${TMPFILE}"
+
+# Create an RSA-PSS certificate from an RSA key
+${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type rsa-pss \
+	    --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" \
+	    --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+	    --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+	    --template "${srcdir}/templates/template-test.tmpl" \
+	    --outfile "${TMPFILE}" --hash $i
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate an RSA-PSS certificate $i"
+	exit 1
+fi
+
+${CERTTOOL} -i --infile ${TMPFILE}|grep -i "Subject Public Key Algorithm: RSA-PSS"
+if test $? != 0;then
+	echo "Generated certificate is not RSA-PSS"
+	cat ${TMPFILE}
+	exit 1
+fi
+
+rm -f "${TMPFILE}"
+
+# Create an RSA certificate from an RSA key, with wrong key-type, should fail
+${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type ecdsa \
+	    --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" \
+	    --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+	    --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+	    --template "${srcdir}/templates/template-test.tmpl" \
+	    --outfile "${TMPFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "Succeeded with wrong key type"
+	exit 1
+fi
+
+# Create an RSA certificate from an RSA key, and sign it with RSA-PSS
+${VALGRIND} "${CERTTOOL}" --generate-certificate --rsa --sign-params rsa-pss \
+	    --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" \
+	    --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+	    --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+	    --template "${srcdir}/templates/template-test.tmpl" \
+	    --outfile "${TMPFILE}" --hash $i
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate an RSA-PSS certificate"
+	exit 1
+fi
+
+${CERTTOOL} -i --infile ${TMPFILE}|tr -d '\r' > ${TMPFILE2}
+grep -i 'Subject Public Key Algorithm: RSA$' ${TMPFILE2} >/dev/null
+if test $? != 0;then
+	echo "Generated certificate is not RSA"
+	cat ${TMPFILE}
+	exit 1
+fi
+
+grep -i "Signature Algorithm: RSA-PSS" ${TMPFILE2} 
+if test $? != 0;then
+	echo "Generated certificate is not signed with RSA-PSS"
+	cat ${TMPFILE}
+	exit 1
+fi
+
+grep -i "Signature Algorithm: RSA-PSS-${i}" ${TMPFILE2} 
+if test $? != 0;then
+	echo "Generated certificate is not signed with RSA-PSS-${i}"
+	cat ${TMPFILE}
+	exit 1
+fi
+
+rm -f "${TMPFILE}"
+rm -f "${TMPFILE2}"
+
+done
+
+# Convert an RSA-PSS key to an RSA key
+#
+
+${VALGRIND} "${CERTTOOL}" --to-rsa --infile "${srcdir}/data/key-rsa-pss.pem" --outfile ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not convert an RSA-PSS certificate"
+	exit 1
+fi
+
+${DIFF} "${srcdir}/data/key-rsa-pss-raw.pem" ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "RSA-PSS decoding failed"
+	exit ${rc}
+fi
+
+echo "RSA-PSS to RSA conversion was successful"
+
+rm -f "${TMPFILE}"
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge "2012-11-22" \
+${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "There was an issue verifying the certificate"
+	exit 1
+fi
+
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/certtool-subca.sh b/tests/cert-tests/certtool-subca.sh
new file mode 100755
index 0000000..478d1f0
--- /dev/null
+++ b/tests/cert-tests/certtool-subca.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This is a reproducer for #767
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+ROOT_CA_TMPL=root.ca.$$.tmp
+SUB_CA_TMPL=sub.ca.$$.tmp
+ROOT_PRIVKEY=root.key.$$.tmp
+ROOT_CA_CERT=root.ca.cert.$$.tmp
+CSR_FILE=csr.$$.tmp
+OUTFILE=out3.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+cat >${ROOT_CA_TMPL} <<_EOF_
+organization = "Example"
+cn = "Root CA"
+expiration_days = 700
+ca
+cert_signing_key
+crl_signing_key
+_EOF_
+
+cat >${SUB_CA_TMPL} <<_EOF_
+organization = "Example"
+cn = "Example CA"
+expiration_days = 350
+crl_dist_points = "http://crl.example.com/Root_CA.crl"
+ca
+signing_key
+cert_signing_key
+crl_signing_key
+path_len = 0
+_EOF_
+
+${CERTTOOL} --generate-privkey --key-type ecdsa --outfile ${ROOT_PRIVKEY} >/dev/null
+if test $? != 0;then
+	echo "Error generating privkey"
+	exit 1
+fi
+
+${CERTTOOL} --generate-self-signed --load-privkey ${ROOT_PRIVKEY} --template ${ROOT_CA_TMPL} > ${ROOT_CA_CERT} 2>&1
+if test $? != 0;then
+	echo "Error generating root CA"
+	exit 1
+fi
+
+grep "Digital signature" ${ROOT_CA_CERT} >/dev/null
+if test $? = 0;then
+	echo "root CA: found the digital signature flag although not specified!"
+	exit 1
+fi
+
+${CERTTOOL} --generate-request --load-privkey ${ROOT_PRIVKEY} --template ${SUB_CA_TMPL} --outfile ${CSR_FILE}
+if test $? != 0;then
+	cat ${SUB_CA_TMPL}
+	echo "Error generating csr"
+	exit 1
+fi
+
+${CERTTOOL} --generate-certificate --load-ca-privkey ${ROOT_PRIVKEY} --load-ca-certificate ${ROOT_CA_CERT} --load-request ${CSR_FILE} --template ${SUB_CA_TMPL} >${OUTFILE} 2>&1
+if test $? != 0;then
+	echo "Error generating sub CA"
+	exit 1
+fi
+
+grep "Digital signature" ${OUTFILE} >/dev/null
+if test $? != 0;then
+	echo "Cannot find the digital signature flag!"
+	exit 1
+fi
+
+rm -f "${ROOT_PRIVKEY}" "${ROOT_CA_CERT}" "${CSR_FILE}" "${ROOT_CA_TMPL}" "${SUB_CA_TMPL}" "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/certtool-utf8.sh b/tests/cert-tests/certtool-utf8.sh
new file mode 100755
index 0000000..b37b305
--- /dev/null
+++ b/tests/cert-tests/certtool-utf8.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This checks whether invalid UTF8 strings trigger valgrind warnings.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+
+	# Check improper UTF8 errors
+	${VALGRIND} --error-exitcode=3 "${CERTTOOL}" -i --inder --infile "${srcdir}/data/cert-invalid-utf8.der"
+	rc=$?
+
+	if test "${rc}" = 3;then
+		echo "Invalid memory access with invalid UTF8"
+		exit 1
+	fi
+fi
+
+exit 0
diff --git a/tests/cert-tests/certtool-verify-profiles.sh b/tests/cert-tests/certtool-verify-profiles.sh
new file mode 100755
index 0000000..f63ee92
--- /dev/null
+++ b/tests/cert-tests/certtool-verify-profiles.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+echo "Checking chain with insecure leaf"
+datefudge -s "2019-12-19" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-leaf.pem" >${OUTFILE}
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "insecure chain succeeded verification (1)"
+	cat $OUTFILE
+	exit ${rc}
+fi
+
+echo "Checking chain with insecure subca"
+datefudge -s "2019-12-19" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-subca.pem" >${OUTFILE}
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "insecure chain succeeded verification (2)"
+	cat $OUTFILE
+	exit ${rc}
+fi
+
+
+echo "Checking chain with insecure ca"
+datefudge -s "2019-12-19" \
+${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-ca.pem" >${OUTFILE}
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "insecure chain succeeded verification (3)"
+	cat $OUTFILE
+	exit ${rc}
+fi
+
+
+rm -f "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/certtool.sh b/tests/cert-tests/certtool.sh
new file mode 100755
index 0000000..11b8b8f
--- /dev/null
+++ b/tests/cert-tests/certtool.sh
@@ -0,0 +1,185 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2018 Nikos Mavrogiannopoulos
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+TMPFILE1=certtool-file1.$$.tmp
+TMPFILE2=certtool-file2.$$.tmp
+PASS="1234"
+
+if test -n "$DISABLE_BASH_TESTS"; then
+	exit 77
+fi
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+: ${SETSID=setsid}
+if ("$SETSID" --version) >/dev/null 2>&1; then
+	${VALGRIND} "${CERTTOOL}" --generate-privkey --rsa --outfile ${TMPFILE1} --pkcs8 --password ${PASS}
+	if test $? != 0;then
+		echo "private key generation failed"
+		exit 1
+	fi
+
+	grep 'modulus:' ${TMPFILE1}
+	if test $? = 0;then
+		cat ${TMPFILE1}
+		echo "PKCS#8 file contains text modulus"
+		exit 1
+	fi
+
+	#check whether password is being honoured
+	#some CI runners need GNUTLS_PIN (GNUTLS_PIN=${PASS})
+	${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 <<EOF
+$PASS
+EOF
+	if test $? != 0;then
+		cat ${TMPFILE2}
+		echo "cert generation failed"
+		exit 1
+	fi
+
+	grep "Enter password" ${TMPFILE2} >/dev/null 2>&1
+	if test $? != 0;then
+		cat ${TMPFILE2}
+		echo "No password was asked"
+		exit 1
+	fi
+fi
+
+#check whether "funny" spaces can be interpreted
+id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/data/funny-spacing.pem" --hash sha1| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+	echo "Key-ID1 doesn't match the expected: ${id}"
+	exit 1
+fi
+
+id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+	echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}"
+	exit 1
+fi
+
+id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/data/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha1| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+	echo "Key-ID2 doesn't match the expected: ${id}"
+	exit 1
+fi
+
+id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/data/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha256| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d"; then
+	echo "Key-ID3 doesn't match the expected: ${id}"
+	exit 1
+fi
+
+id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/data/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha512| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "5e81ba533b1e7b88b3b0834a392c1cd63f8ccbe45f39edf4cb4b6a3e7700b333cfa386c54b1c5704a2b82a20dc417b347bb8f961c339134a91158a134ca6c478"; then
+	echo "Key-ID4 doesn't match the expected: ${id}"
+	exit 1
+fi
+
+#fingerprint
+id=`${VALGRIND} "${CERTTOOL}" --fingerprint --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f"; then
+	echo "Fingerprint doesn't match the expected: 3"
+	exit 1
+fi
+
+id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha256 --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f"; then
+	echo "Fingerprint doesn't match the expected: 4"
+	exit 1
+fi
+
+id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha512 --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'`
+rc=$?
+
+if test "${id}" != "c4880390506a849cd2d8289fb8aea8c189e635aff1054faba58658a0f107472b725672c10d2f7f4ca360528b9433db278f544846e5613f9cd4cb4aa2f56a7894"; then
+	echo "Fingerprint doesn't match the expected: 5"
+	exit 1
+fi
+
+# Test whether certtool --outder doesn't output the informational text data
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/funny-spacing.pem" --outder --outfile ${TMPFILE1}
+if test $? != 0;then
+	echo "cert output to DER failed"
+	exit 1
+fi
+
+grep 'Version:' ${TMPFILE1}
+if test $? = 0;then
+	echo "found text info in DER certificate"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/commonName.cer" | grep -v "Not After:" > ${TMPFILE1}
+if test $? != 0;then
+	echo "commonName cert output failed"
+	exit 1
+fi
+
+${DIFF} "${srcdir}/data/commonName.cer" ${TMPFILE1}
+if test $? != 0;then
+	exit 1
+fi
+
+
+rm -f ${TMPFILE1} ${TMPFILE2}
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \
+${VALGRIND} "${CERTTOOL}" --verify-chain
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "There was an issue verifying the chain"
+	exit 1
+fi
+
+exit 0
diff --git a/tests/cert-tests/crl.sh b/tests/cert-tests/crl.sh
new file mode 100755
index 0000000..56ed5e5
--- /dev/null
+++ b/tests/cert-tests/crl.sh
@@ -0,0 +1,308 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+export TZ="UTC"
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+: ${ac_cv_sizeof_time_t=8}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-crl.$$.tmp
+INFOFILE=out-crl-info.$$.tmp
+OUTFILE2=out2-crl.$$.tmp
+TMPFILE=crl.$$.tmp
+TMP2FILE=crl2.$$.tmp
+
+echo "crl_next_update = 43" >$TMPFILE
+echo "crl_number = 7" >>$TMPFILE
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \
+	"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CRL generation failed"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --crl-info --infile ${OUTFILE} --no-text --outfile ${TMP2FILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text crl info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMP2FILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text crl info failed 2"
+	exit 1
+fi
+
+grep "Revoked certificates (152)" "${INFOFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL generation didn't succeed as expected"
+	exit 1
+fi
+
+sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 07$" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL generation didn't succeed as expected (2)"
+	grep "CRL Number (not critical):" "${INFOFILE}"
+	exit 1
+fi
+
+# check appending a certificate
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-crl "${OUTFILE}" --load-certificate "${srcdir}/data/cert-ecc256.pem" --template \
+	"${TMPFILE}" -d 9 >${OUTFILE2} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CRL appending failed"
+	exit ${rc}
+fi
+
+grep "Revoked certificates (153)" "${INFOFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL appending didn't succeed as expected"
+	exit 1
+fi
+
+grep "Serial Number (hex): 07" "${INFOFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL appending didn't succeed as expected (2)"
+	exit 1
+fi
+
+# check the dates
+
+echo "crl_this_update_date = \"2004-03-29 16:21:42\"" >$TMPFILE
+echo "crl_next_update_date = \"2006-03-29 13:21:42\"" >>$TMPFILE
+echo "crl_number = 8" >>$TMPFILE
+echo "crl_revocation_date = \"2003-02-01 10:00:00\"" >>$TMPFILE
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/cert-ecc256.pem" --template \
+	"${TMPFILE}" -d 9 >${OUTFILE2} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CRL date setting failed"
+	exit ${rc}
+fi
+
+grep "Revoked at: Sat Feb 01 10:00:00 UTC 2003" "${INFOFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL date setting didn't succeed as expected"
+	exit 1
+fi
+
+grep "Issued: Mon Mar 29 16:21:42 UTC 2004" "${INFOFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL date setting didn't succeed as expected (2)"
+	exit 1
+fi
+
+grep "Next at: Wed Mar 29 13:21:42 UTC 2006" "${INFOFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL date setting didn't succeed as expected (3)"
+	exit 1
+fi
+
+# Check hex serial number
+echo "crl_next_update = 43" >$TMPFILE
+echo "crl_number = 0x1234567890abcdef1234567890abcdef12345678" >>$TMPFILE
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \
+	"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CRL hex number failed"
+	exit ${rc}
+fi
+
+sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 1234567890abcdef1234567890abcdef12345678$" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL hex number didn't succeed as expected"
+	grep "CRL Number (not critical):" "${INFOFILE}"
+	exit 1
+fi
+
+# Check default CRL number
+echo "crl_next_update = 43" >$TMPFILE
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \
+	"${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \
+	--load-ca-certificate "${srcdir}/data/template-test.pem" \
+	--load-certificate "${srcdir}/data/ca-certs.pem" --template \
+	"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CRL default number failed"
+	exit ${rc}
+fi
+
+sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 5e257a20[0-9a-f]\{30\}$" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL default number didn't succeed as expected"
+	grep "CRL Number (not critical):" "${INFOFILE}"
+	exit 1
+fi
+
+if test "${ac_cv_sizeof_time_t}" = 8;then
+	# we should test that on systems which have 64-bit time_t
+	datefudge -s "2138-01-20 10:00:00" ${VALGRIND} \
+		"${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \
+		--load-ca-certificate "${srcdir}/data/template-test.pem" \
+		--load-certificate "${srcdir}/data/ca-certs.pem" --template \
+		"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+	rc=$?
+
+	# We're done.
+	if test "${rc}" != "0"; then
+		echo "CRL default number 2 failed"
+		exit ${rc}
+	fi
+
+	sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 013c1972a0[0-9a-f]\{30\}$" >/dev/null 2>&1
+	if test "$?" != "0"; then
+		echo "CRL default number 2 didn't succeed as expected"
+		grep "CRL Number (not critical):" "${INFOFILE}"
+		exit 1
+	fi
+fi
+
+# Check large decimal CRL number
+echo "crl_next_update = 43" >$TMPFILE
+echo "crl_number = 1234567890123456789012345678" >>$TMPFILE
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \
+	"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" = "0"; then
+	echo "CRL large decimal number succeeded when shouldn't"
+	exit ${rc}
+fi
+
+sed 's/\r$//' <"${INFOFILE}" | grep "error parsing number: 1234567890123456789012345678" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL large number didn't fail as expected"
+	exit 1
+fi
+
+# Check invalid hex number
+echo "crl_next_update = 43" >$TMPFILE
+echo "crl_number = 0xsomething" >>$TMPFILE
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \
+	"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" = "0"; then
+	echo "CRL invalid hex number succeeded when shouldn't"
+	exit ${rc}
+fi
+
+sed 's/\r$//' <"${INFOFILE}" | grep "error parsing number: 0xsomething" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL invalid hex number didn't fail as expected"
+	exit 1
+fi
+
+# Check invalid number
+echo "crl_next_update = 43" >$TMPFILE
+echo "crl_number = something" >>$TMPFILE
+
+${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key"  --load-ca-certificate \
+	"${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \
+	"${TMPFILE}" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" = "0"; then
+	echo "CRL invalid number succeeded when shouldn't"
+	exit ${rc}
+fi
+
+sed 's/\r$//' <"${INFOFILE}" | grep "error parsing number: something" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "CRL invalid number didn't fail as expected"
+	exit 1
+fi
+
+# Check CRL verification
+
+## CRL validation is expected to succeed
+${VALGRIND} "${CERTTOOL}" --verify-crl --infile "${srcdir}/data/ca-crl-valid.crl"  --load-ca-certificate \
+	"${srcdir}/data/ca-crl-valid.pem" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+if test "${rc}" != "0"; then
+	echo "CRL verification failed"
+	exit ${rc}
+fi
+
+## CRL validation is expected to fail because the CA doesn't have the CRLSign key usage flag
+${VALGRIND} "${CERTTOOL}" --verify-crl --infile "${srcdir}/data/ca-crl-invalid.crl"  --load-ca-certificate \
+	"${srcdir}/data/ca-crl-invalid.pem" >${OUTFILE} 2>${INFOFILE}
+rc=$?
+if test "${rc}" = "0"; then
+	echo "CRL verification succeeded when shouldn't"
+	exit 1
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${INFOFILE}"
+rm -f "${OUTFILE2}"
+rm -f "${TMPFILE}"
+rm -f "${TMP2FILE}"
+
+exit 0
diff --git a/tests/cert-tests/crq.sh b/tests/cert-tests/crq.sh
new file mode 100755
index 0000000..5350324
--- /dev/null
+++ b/tests/cert-tests/crq.sh
@@ -0,0 +1,243 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+TMPFILE=crq.$$.tmp
+OUTFILE=out.$$.tmp
+OUTFILE2=out2.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+${VALGRIND} "${CERTTOOL}" --inder --crq-info --infile "${srcdir}/data/csr-invalid.der" >"${OUTFILE}" 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Invalid crq decoding failed"
+	exit ${rc}
+fi
+
+grep "error: get_key_id" "${OUTFILE}" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "crq decoding didn't fail as expected"
+	exit 1
+fi
+
+rm -f "${OUTFILE}"
+
+# check whether the honor_crq_extension option works
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-request \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-tlsfeature.tmpl" \
+		--outfile $OUTFILE 2>/dev/null
+
+${CERTTOOL} --crq-info --no-text --infile ${OUTFILE} --outfile ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text crq info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text crq info failed 2"
+	exit 1
+fi
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-certificate \
+		--load-ca-privkey "${srcdir}/data/template-test.key" \
+		--load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \
+		--load-request="$OUTFILE" \
+		--template "${srcdir}/templates/template-crq.tmpl" \
+		--outfile "${OUTFILE2}" 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-crq.pem" "${OUTFILE2}" >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Certificate request generation failed"
+	echo $OUTFILE2
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}" "${OUTFILE2}"
+
+
+# Test interactive CRQ creation with very long input
+cat >$TMPFILE <<__EOF__
+
+
+
+
+
+super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com
+
+
+super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com
+
+
+
+
+
+
+
+
+N
+Y
+N
+Y
+N
+N
+N
+N
+N
+N
+__EOF__
+
+setsid \
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" -q \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--outfile "${OUTFILE}" <$TMPFILE 2>/dev/null
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/template-long-dns-crq.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Certificate request generation with long DNS failed"
+	echo $OUTFILE
+	exit ${rc}
+fi
+
+# check whether the generation with extension works
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-request \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/arb-extensions.tmpl" \
+		--outfile $OUTFILE 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "add_extension crq failed"
+	exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/arb-extensions.csr" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Certificate request generation with explicit extensions failed"
+	exit ${rc}
+fi
+
+# Generate certificate from CRQ with no explicit extensions
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-certificate \
+		--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+		--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+		--load-request "${srcdir}/data/arb-extensions.csr" \
+		--template "${srcdir}/templates/template-no-ca.tmpl" \
+		--outfile "${OUTFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "generate certificate with crq failed"
+	exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Certificate from request generation failed"
+	exit ${rc}
+fi
+
+# Generate certificate from CRQ with CRQ extensions
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-certificate \
+		--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+		--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+		--load-request "${srcdir}/data/arb-extensions.csr" \
+		--template "${srcdir}/templates/template-no-ca-honor.tmpl" \
+		--outfile "${OUTFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "generate certificate with crq failed"
+	exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca-honor.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Certificate from request generation with honor flag failed"
+	exit ${rc}
+fi
+
+# Generate certificate from CRQ with explicit extensions
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-certificate \
+		--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+		--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+		--load-request "${srcdir}/data/arb-extensions.csr" \
+		--template "${srcdir}/templates/template-no-ca-explicit.tmpl" \
+		--outfile "${OUTFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "generate certificate with crq failed"
+	exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca-explicit.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Certificate from request generation with explicit extensions failed"
+	exit ${rc}
+fi
+
+
+rm -f "${OUTFILE}" "${OUTFILE2}" "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/dane.sh b/tests/cert-tests/dane.sh
new file mode 100755
index 0000000..9398c73
--- /dev/null
+++ b/tests/cert-tests/dane.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+: ${srcdir=.}
+: ${DANETOOL=../../src/danetool${EXEEXT}}
+: ${DIFF=diff}
+
+test -e "${DANETOOL}" || exit 77
+
+"${DANETOOL}" --tlsa-rr --load-certificate "${srcdir}/data/cert-ecc256.pem" --host www.example.com --outfile tmp-dane.rr 2>/dev/null
+
+${DIFF} "${srcdir}/data/dane-test.rr" tmp-dane.rr
+rc=$?
+
+rm -f tmp-dane.rr
+
+# We're done.
+if test "${rc}" != "0"; then
+	exit ${rc}
+fi
+
+exit 0
diff --git a/tests/cert-tests/data/aes-128.p12 b/tests/cert-tests/data/aes-128.p12
new file mode 100644
index 0000000..b20fbb2
--- /dev/null
+++ b/tests/cert-tests/data/aes-128.p12
diff --git a/tests/cert-tests/data/aki-cert.pem b/tests/cert-tests/data/aki-cert.pem
new file mode 100644
index 0000000..cb767c6
--- /dev/null
+++ b/tests/cert-tests/data/aki-cert.pem
@@ -0,0 +1,110 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 6e4ffab3c5e669c4d167c992abe858c4
+	Issuer: OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US
+	Validity:
+		Not Before: Wed Mar 25 00:00:00 UTC 2009
+		Not After: Sun Mar 24 23:59:59 UTC 2019
+	Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
+	Subject Public Key Algorithm: RSA
+		Modulus (bits 2048):
+			00:d4:56:8f:57:3b:37:28:a6:40:63:d2:95:d5:05:74
+			da:b5:19:6a:96:d6:71:57:2f:e2:c0:34:8c:a0:95:b3
+			8c:e1:37:24:f3:2e:ed:43:45:05:8e:89:d7:fa:da:4a
+			b5:f8:3e:8d:4e:c7:f9:49:50:45:37:40:9f:74:aa:a0
+			51:55:61:f1:60:84:89:a5:9e:80:8d:2f:b0:21:aa:45
+			82:c4:cf:b4:14:7f:47:15:20:28:82:b0:68:12:c0:ae
+			5c:07:d7:f6:59:cc:cb:62:56:5c:4d:49:ff:26:88:ab
+			54:51:3a:2f:4a:da:0e:98:e2:89:72:b9:fc:f7:68:3c
+			c4:1f:39:7a:cb:17:81:f3:0c:ad:0f:dc:61:62:1b:10
+			0b:04:1e:29:18:71:5e:62:cb:43:de:be:31:ba:71:02
+			19:4e:26:a9:51:da:8c:64:69:03:de:9c:fd:7d:fd:7b
+			61:bc:fc:84:7c:88:5c:b4:c3:7b:ed:5f:2b:46:12:f1
+			fd:00:01:9a:8b:5b:e9:a3:05:2e:8f:2e:5b:de:f3:1b
+			78:f8:66:91:08:c0:5e:ce:d5:b0:36:ca:d4:a8:7b:a0
+			7d:f9:30:7a:bf:f8:dd:19:51:2b:20:ba:fe:a7:cf:a1
+			4e:b0:67:f5:80:aa:2b:83:2e:d2:8e:54:89:8e:1e:29
+			0b
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Authority Information Access (not critical):
+			Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
+			Access Location URI: http://ocsp.verisign.com
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+			Path Length Constraint: 0
+		Certificate Policies (not critical):
+			2.16.840.1.113733.1.7.23.3
+				URI: https://www.verisign.com/cps
+				Note: https://www.verisign.com/rpa
+		CRL Distribution points (not critical):
+			URI: http://crl.verisign.com/pca3-g2.crl
+		Key Usage (critical):
+			Certificate signing.
+			CRL signing.
+		Unknown extension 1.3.6.1.5.5.7.1.12 (not critical):
+			ASCII: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
+			Hexdump: 305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966
+		Subject Alternative Name (not critical):
+			directoryName: CN=Class3CA2048-1-52
+		Subject Key Identifier (not critical):
+			a5ef0b11cec04103a34a659048b21ce0572d7d47
+		Authority Key Identifier (not critical):
+			directoryName: OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US
+			serial: 7dd9fe07cfa81eb7107967fba78934c6
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		63:74:2f:3d:53:aa:2f:97:ec:26:11:66:1a:fe:f1:de
+		41:27:19:d2:7f:d8:c1:1c:f9:e2:38:56:3a:1f:90:ae
+		39:c5:20:75:ab:f8:6c:2d:67:1f:29:c2:21:d7:14:88
+		63:4b:b0:9b:27:63:91:f8:f0:a3:01:24:b6:fb:8f:e3
+		3d:02:0b:6f:54:fe:d4:cc:db:d6:85:bf:7c:95:1e:5e
+		62:11:c1:d9:09:9c:42:b9:b2:d4:aa:2d:98:3a:23:60
+		cc:a2:9a:f1:6e:e8:cf:8e:d1:1a:3c:5e:19:c5:d7:9b
+		35:b0:02:23:24:e5:05:b8:d5:88:e3:e0:fa:b9:f4:5f
+Other Information:
+	Fingerprint:
+		sha1:62f3c89771da4ce01a91fc13e02b6057b4547a1d
+		sha256:50505039f8cbd1d36739bcf80d334f532f6817a332add4352f1f4fee9915cd8a
+	Public Key ID:
+		sha1:df622ed0fe6a65a8df5b62840c826ac5b372235f
+		sha256:a1d7b37438ab0eadc6a9c9c2f3265314e64065b9a3ad937b6ca535b8cb5fe093
+	Public Key PIN:
+		pin-sha256:odezdDirDq3GqcnC8yZTFOZAZbmjrZN7bKU1uMtf4JM=
+
+-----BEGIN CERTIFICATE-----
+MIIGLDCCBZWgAwIBAgIQbk/6s8XmacTRZ8mSq+hYxDANBgkqhkiG9w0BAQUFADCB
+wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
+EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmswHhcNMDkwMzI1MDAwMDAwWhcNMTkwMzI0MjM1OTU5WjCBtTELMAkGA1UEBhMC
+VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
+cnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93
+d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xh
+c3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDUVo9XOzcopkBj0pXVBXTatRlqltZxVy/iwDSMoJWzjOE3JPMu
+7UNFBY6J1/raSrX4Po1Ox/lJUEU3QJ90qqBRVWHxYISJpZ6AjS+wIapFgsTPtBR/
+RxUgKIKwaBLArlwH1/ZZzMtiVlxNSf8miKtUUTovStoOmOKJcrn892g8xB85essX
+gfMMrQ/cYWIbEAsEHikYcV5iy0PevjG6cQIZTiapUdqMZGkD3pz9ff17Ybz8hHyI
+XLTDe+1fK0YS8f0AAZqLW+mjBS6PLlve8xt4+GaRCMBeztWwNsrUqHugffkwer/4
+3RlRKyC6/qfPoU6wZ/WAqiuDLtKOVImOHikLAgMBAAGjggKpMIICpTA0BggrBgEF
+BQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTAS
+BgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAo
+BggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEF
+BQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzIuY3JsMA4GA1Ud
+DwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYw
+ITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9n
+by52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEaMBgGA1UE
+AxMRQ2xhc3MzQ0EyMDQ4LTEtNTIwHQYDVR0OBBYEFKXvCxHOwEEDo0plkEiyHOBX
+LX1HMIHnBgNVHSMEgd8wgdyhgcekgcQwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQK
+Ew5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy
+eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5
+OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD
+VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrghB92f4Hz6getxB5Z/uniTTGMA0G
+CSqGSIb3DQEBBQUAA4GBAGN0Lz1Tqi+X7CYRZhr+8d5BJxnSf9jBHPniOFY6H5Cu
+OcUgdav4bC1nHynCIdcUiGNLsJsnY5H48KMBJLb7j+M9AgtvVP7UzNvWhb98lR5e
+YhHB2QmcQrmy1KotmDojYMyimvFu6M+O0Ro8XhnF15s1sAIjJOUFuNWI4+D6ufRf
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/alt-chain-new-ca.pem b/tests/cert-tests/data/alt-chain-new-ca.pem
new file mode 100644
index 0000000..672e348
--- /dev/null
+++ b/tests/cert-tests/data/alt-chain-new-ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+
+
diff --git a/tests/cert-tests/data/alt-chain-old-ca.pem b/tests/cert-tests/data/alt-chain-old-ca.pem
new file mode 100644
index 0000000..676db97
--- /dev/null
+++ b/tests/cert-tests/data/alt-chain-old-ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/alt-chain.pem b/tests/cert-tests/data/alt-chain.pem
new file mode 100644
index 0000000..59cc72a
--- /dev/null
+++ b/tests/cert-tests/data/alt-chain.pem
@@ -0,0 +1,73 @@
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIIBeZR1CBLghIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
+BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
+cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwNDI3MDkwMDE3WhcNMTcwNzIwMDgzMTAw
+WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
+TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
+Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT9vtv
+qcRXtKxJ0LyilnZKUNTpW42gjICyAU3yyoBrjQTZOmEyeS0xlerW7gy27/1gU2BG
+pXQcNLH4kuvAyC6mCZgbpRapn+0Ki9cQXPiMaed0WMg+QiX7cdAaXSBiw5byc8l7
+BlmtXinYD0kMiVpmhE8wbgcGn/Qm3MoqBp8vPEnRORPDruw+XpJIMuUqvMicEJMd
+8FnTvxKmJVRrDeQ35igsZgHBkww31RFRWdWDZ74n39zdsu6ypMLk7nNRP8UtNB1v
+YG4E5KlXijm2axgkBKVp00V9bdAPka1PzhfOfWpwnaBLfmwHoaWIiGkrwo2jQknM
+dcVWY8yyOadIoN9BAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
+XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
+MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
+A1UdDgQWBBTwkRZeJSFXnSMdT2FcPyy/KHVzyjAMBgNVHRMBAf8EAjAAMB8GA1Ud
+IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
+eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
+bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAP06tD9aipNsw1EJ2
+sY0dNKUUw5eoPLKkFSEQS767VuJXCKpwRoNCwiNggQ2xXM6guIZTqSFLv/RrfE+m
+TDguFX7Uy0LexlJxGMbvcQolSxJVGa/uUc7D3yBiB6dPT+fHzUHgl5tfXzI9UKrU
+MIGXmXIRKMElmSI6mrk400xiKDmxT4T7khyQhucsX/v57lan2ZAqfNX1TJ9ZLCuD
+Hjtm+bh7lLEdxKYdjjfmYAkjROQkFJlQCVZXmDdyx/x0w0LP02DppjzhtghCDLU2
+xUic20XgxZ0XWY9nh1lj/oEW68V8NR7KsrvKU+7btxO8Fsek7IIS44rYxF+2VMdL
+qTKqQw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID8DCCAtigAwIBAgIDAjqSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMTUwNDAxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBJMQswCQYDVQQG
+EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
+bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
+VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
+h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
+ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
+EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
+DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7
+qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD
+VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov
+L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig
+JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ
+MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEACE4Ep4B/EBZDXgKt
+10KA9LCO0q6z6xF9kIQYfeeQFftJf6iZBZG7esnWPDcYCZq2x5IgBzUzCeQoY3IN
+tOAynIeYxBt2iWfBUFiwE6oTGhsypb7qEZVMSGNJ6ZldIDfM/ippURaVS6neSYLA
+EHD0LPPsvCQk0E6spdleHm2SwaesSDWB+eXknGVpzYekQVA/LlelkVESWA6MCaGs
+eqQSpSfzmhCXfVUDBvdmWF9fZOGrXW2lOUh1mEwpWjqN0yvKnFUEv/TmFNWArCbt
+F4mmk2xcpMy48GaOZON9muIAs0nH5Aqq3VuDx3CQRk6+0NtZlmwu9RY23nHMAcIS
+wSHGFg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
+WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
+AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
+OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
+T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
+JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
+Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
+PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
+aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
+TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
+LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
+BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
+dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
+AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
+NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
+b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
+-----END CERTIFICATE-----
+
diff --git a/tests/cert-tests/data/arb-extensions.csr b/tests/cert-tests/data/arb-extensions.csr
new file mode 100644
index 0000000..5014e42
--- /dev/null
+++ b/tests/cert-tests/data/arb-extensions.csr
@@ -0,0 +1,78 @@
+PKCS #10 Certificate Request Information:
+	Version: 1
+	Subject: UID=clauper,CN=Cindy Lauper,OU=sleeping dept.,O=Koko inc.,ST=Attiki,C=GR
+	Subject Public Key Algorithm: RSA
+		Modulus (bits 1024):
+			00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59
+			f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b
+			05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7
+			33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42
+			e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77
+			86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69
+			af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d
+			8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3
+			05
+		Exponent (bits 24):
+			01:00:01
+	Signature Algorithm: RSA-SHA256
+	Attributes:
+		Extensions:
+			Unknown extension 1.2.3.4 (not critical):
+				ASCII: ...........
+				Hexdump: 0001020304050607aaabcd
+			Unknown extension 1.6.7.8 (not critical):
+				ASCII: ...........
+				Hexdump: 0001020304050607aaabcd
+			Unknown extension 1.2.3.4.5.6.7 (not critical):
+				ASCII: .4.Z.e.'.~.G....
+				Hexdump: 1d34cd5ad065dc27c17e9447b0aaaca7
+			Unknown extension 1.2.3.4294967295.7 (not critical):
+				ASCII: ...A?....J.K..l|...4..~.L..&.ap.E........}!'...s.....b=...K..6Sb.4.Z.e.'.~.G....
+				Hexdump: 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7
+			Unknown extension 1.2.6710656.7 (not critical):
+				ASCII: .J.K..l|...4..~.L..&.ap.E........}!'...s.....b=...K..6Sb.4.Z.e.'.~.G....
+				Hexdump: d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7
+			Unknown extension 1.0.1.5 (not critical):
+				ASCII: ......
+				Hexdump: 0404cafebeaf
+			Unknown extension 1.10.11.12.13.14.15.16.17.1.5 (critical):
+				ASCII: ..
+				Hexdump: cafe
+			Unknown extension 1.0.1.5.1 (critical):
+				ASCII: ........
+				Hexdump: 0406beafcafefafa
+			Basic Constraints (critical):
+				Certificate Authority (CA): FALSE
+			Key Purpose (critical):
+				Email protection.
+			Key Usage (critical):
+				Digital signature.
+Other Information:
+	Public Key ID:
+		sha1:5d40adf0ce9440958b7e99941d925422ca72365f
+		sha256:472f7ef457b70a57a585094b285fdaef7ad72553495701ecd4f2a6dcb477b50e
+	Public Key PIN:
+		pin-sha256:Ry9+9Fe3ClelhQlLKF/a73rXJVNJVwHs1PKm3LR3tQ4=
+
+Self signature: verified
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIDOTCCAqICAQAwezELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/Et
+ebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYE
+aIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYh
+f6kA4wUCAwEAAaCCAXwwggF4BgkqhkiG9w0BCQ4xggFpMIIBZTASBgMqAwQECwAB
+AgMEBQYHqqvNMBIGAy4HCAQLAAECAwQFBgeqq80wGgYGKgMEBQYHBBAdNM1a0GXc
+J8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvztmx86sb6NKTXftZM
+losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB
+fpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZMlosmx2FwlEX0DZyg
+oACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfBfpRHsKqspzANBgMo
+AQUEBgQEyv6+rzATBgoyCwwNDg8QEQEFAQH/BALK/jATBgQoAQUBAQH/BAgEBr6v
+yv76+jAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMEMA4GA1Ud
+DwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOBgQBSqqBz/rzAt9wAda9BgZD8fSiz
+kSOQSaSjb+ObIxKneA6rlC8YSq+spzRddXuxcEVqDSzfVyfSXbPvfh5z5BsUmEvk
+AEHACI5icVbFpY4xIV1NaXt+i1Ff2usLknpcLTWhe4o2eZNEP7Qv93uVxW3Ffadd
+ZDRK+SBx5Us1aYJkzA==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/cert-tests/data/arb-extensions.pem b/tests/cert-tests/data/arb-extensions.pem
new file mode 100644
index 0000000..3b79c65
--- /dev/null
+++ b/tests/cert-tests/data/arb-extensions.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4zCCA0ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJHUjEP
+MA0GA1UECBMGQXR0aWtpMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMRUwEwYDVQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/Is
+ZAEBEwdjbGF1cGVyMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEL
+MAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMu
+MRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVy
+MRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY
+HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY
+nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOCAXUw
+ggFxMBIGAyoDBAQLAAECAwQFBgeqq80wEgYDLgcIBAsAAQIDBAUGB6qrzTAaBgYq
+AwQFBgcEEB00zVrQZdwnwX6UR7CqrKcwXAYIKgOP////fwcEUBePDkE/BBzJ1kr2
+S/O2bHzqxvo0pNd+1kyWiybHYXCURfQNnKCgAJGvfSEnicALc4ex0NerYj3UAp1L
+hts2U2IdNM1a0GXcJ8F+lEewqqynMFIGBiqDmcsABwRI1kr2S/O2bHzqxvo0pNd+
+1kyWiybHYXCURfQNnKCgAJGvfSEnicALc4ex0NerYj3UAp1Lhts2U2IdNM1a0GXc
+J8F+lEewqqynMA0GAygBBQQGBATK/r6vMBMGCjILDA0ODxARAQUBAf8EAsr+MBMG
+BCgBBQEBAf8ECAQGvq/K/vr6MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwQwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEB
+CwUAA4GBABVmtCmhkkGelGxK7dQKHuP1x6Zm2O+Q8OSAX5XhQL21yzS7c3wJSAyx
+tLSA93vbhug5xtB3mLGl0JYLP8DkwgevtpnHRPkoSCy2Nn/q6qtgl0CqQwvDBE1s
+TNAMdq5dAQoIBVh29maaVTvYtFldiooQ5sX0AxD519J7luvq8vW1
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/attribute-leak-1.pub b/tests/cert-tests/data/attribute-leak-1.pub
new file mode 100644
index 0000000..6ab4334
--- /dev/null
+++ b/tests/cert-tests/data/attribute-leak-1.pub
diff --git a/tests/cert-tests/data/bad-key.pem b/tests/cert-tests/data/bad-key.pem
new file mode 100644
index 0000000..6dfb622
--- /dev/null
+++ b/tests/cert-tests/data/bad-key.pem
@@ -0,0 +1,25 @@
+Public Key Info:
+	Public Key Algorithm: ECC
+	Key Security Level: High
+
+curve:	SECP256R1
+private key:
+	00:f4:fa:5f:3e:48:39:dd:4c:d1:24:3f:a1:f5:51:
+	49:36:74:c3:2c:ae:ad:d9:96:91:93:da:ec:03:25:
+	1f:aa:0b:
+x:
+	56:d1:7e:b2:c4:f6:bb:02:e2:4a:76:63:14:8c:1a:
+	c1:eb:12:56:bd:3d:08:66:2f:dc:eb:e5:b9:32:15:
+	1e:e7:
+y:
+	00:88:27:c8:52:8f:a5:9a:3a:bb:20:e6:54:ef:a8:
+	7c:50:39:db:af:cf:e4:5e:69:7a:25:20:6d:63:60:
+	af:29:d5:
+
+Public Key ID: 5A:37:9C:B2:B2:BA:33:AC:8E:87:7B:63:18:15:99:3F:DF:3A:F3:A3
+
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEIQCIJ8hSj6WaOrsg5lTvqHxQOduvz+ReaXolIG1jYK8p1aAKBggqhkjO
+PQMBB6FEA0IABFbRfrLE9rsC4kp2YxSMGsHrEla9PQhmL9zr5bkyFR7niCfIUo+l
+mjq7IOZU76h8UDnbr8/kXml6JSBtY2CvKdU=
+-----END EC PRIVATE KEY-----
diff --git a/tests/cert-tests/data/bmpstring.pem b/tests/cert-tests/data/bmpstring.pem
new file mode 100644
index 0000000..553488e
--- /dev/null
+++ b/tests/cert-tests/data/bmpstring.pem
@@ -0,0 +1,157 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 57
+	Issuer: EMAIL=csca@passport.gov.gr,C=GR,OU=Hellenic Police,CN=CSCA-HELLAS,O=Hellenic Republic,serialNumber=1
+	Validity:
+		Not Before: Sun Aug 21 08:00:06 UTC 2011
+		Not After: Wed Nov 23 21:59:59 UTC 2016
+	Subject: EMAIL=csca@passport.gov.gr,C=GR,CN=CSCA-HELLAS,O=Hellenic Republic,serialNumber=3
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: High (4096 bits)
+		Modulus (bits 4096):
+			00:e0:95:b2:04:5a:91:78:1f:7f:1c:33:7f:d0:3a:e1
+			2c:a7:4c:19:be:43:30:c2:8b:b7:1a:1d:9d:80:43:30
+			fe:80:d6:87:ff:f3:f2:43:37:16:c2:1f:0f:50:f4:bf
+			3b:a4:18:c6:d2:da:ab:56:d3:db:99:23:9f:df:3d:dc
+			0a:12:61:1f:ec:e6:9a:64:bf:10:ed:50:60:ee:c9:fa
+			a4:82:22:97:89:d3:c0:d1:d0:ed:68:83:8a:4a:22:3f
+			c8:ee:99:5d:96:81:f1:3f:b2:6e:d3:7e:75:26:06:b4
+			d9:e1:df:a7:55:84:37:45:a9:79:6a:46:37:9f:91:ba
+			95:5f:d2:70:1b:18:34:6a:c0:70:59:57:7a:68:ca:42
+			89:05:4d:40:f7:60:e2:44:a5:29:6a:ac:83:6d:2f:c0
+			2b:3f:4b:34:09:03:31:18:e8:e1:e0:59:37:d4:ca:76
+			87:9b:fb:b3:1c:6d:94:bb:0d:3b:d1:c3:34:de:3b:d3
+			4d:c7:0b:19:fb:49:f8:f0:db:28:45:36:88:af:2e:ae
+			66:01:f6:60:24:ea:99:11:f7:dc:9c:32:84:5e:ee:d0
+			ed:a1:e0:d9:f8:9e:a2:69:ab:a7:e0:7e:a8:78:bc:27
+			73:58:49:03:22:2a:87:e3:06:a5:d2:00:10:ac:34:90
+			8f:0b:09:f2:d2:74:67:b7:da:00:19:47:e6:c6:70:23
+			de:a9:76:72:6e:4c:23:5c:26:66:dd:4c:e1:3b:19:35
+			26:a4:d1:47:de:11:26:78:ad:94:be:71:6d:12:35:62
+			61:e2:99:1e:56:e6:93:f7:e2:f1:82:36:ff:9c:0d:eb
+			f6:2d:5a:2e:ab:63:8c:67:d4:8d:50:7f:65:c8:7f:f6
+			d5:ef:bd:3e:0f:d3:7a:e6:29:c5:04:ea:0c:dc:46:f0
+			4e:3e:3f:9e:e9:6d:66:fd:48:a1:b9:49:11:41:4c:84
+			d4:82:8b:dd:dc:f4:ff:67:1a:8a:d2:ae:42:39:55:73
+			df:59:e8:eb:f2:d7:9e:7f:dd:79:d4:c1:b7:8c:ca:5c
+			fe:20:4e:a2:02:19:28:18:32:b3:ba:20:72:dd:2c:8a
+			82:d0:b3:9e:aa:ed:84:af:4f:f3:7e:01:49:7e:cf:95
+			48:ed:a2:dc:2b:af:ed:a6:8e:97:fb:3b:6c:af:bd:0d
+			b4:7a:13:49:0e:a7:9b:26:cb:16:72:ed:72:49:f6:03
+			28:c8:b6:ae:84:ce:35:0b:a5:42:2e:d4:fd:cd:d1:49
+			0a:8d:4d:2d:c6:5f:e1:53:ec:4e:93:9d:eb:23:4e:14
+			88:b5:4a:d5:3c:51:fd:d8:ff:b8:b5:06:41:62:36:80
+			69
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Private Key Usage Period (not critical):
+			Not Before: Sun Aug 21 08:00:06 UTC 2011
+			Not After: Tue Aug 23 20:59:59 UTC 2011
+		Key Usage (critical):
+			Certificate signing.
+			CRL signing.
+		Subject Key Identifier (not critical):
+			bd20bb15eaa7f91ee490df087a52e7aa08b0d7e6
+		Authority Key Identifier (not critical):
+			ecbcade39b163389122e04667889e156699ccbdf
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+			Path Length Constraint: 0
+		CRL Distribution points (not critical):
+			URI: http://www.passport.gov.gr/csca/csca.crl
+		Certificate Policies (not critical):
+			1.3.6.1.4.1.5484.1.10.99.1.0
+				Note: This Certificate is governed by the referred Policies and the Certification Practice Statement of the Greek Country Signing Certification Authority (CSCA-GREECE), which form an integral part of the Ce
+				URI: http://www.passport.gov.gr/csca/policies/
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		3c:81:d2:be:59:6f:2a:c6:d7:92:79:2a:21:3c:32:72
+		58:24:43:d1:38:59:e8:ec:76:ed:07:4a:c0:82:eb:90
+		8b:2d:62:c4:60:55:ce:1c:a0:dc:c8:93:36:4c:36:72
+		9c:52:46:40:2c:5b:27:29:63:7c:9c:4c:31:e7:20:8e
+		9d:72:f4:8d:de:f9:50:27:57:58:6b:3b:4f:58:3b:59
+		d7:c0:3f:d3:9c:61:2b:2b:04:92:b6:68:1c:42:16:69
+		11:1f:01:41:5a:e6:7d:30:42:a7:2b:f5:a7:15:db:ae
+		0e:54:d2:41:79:3d:c6:c0:23:80:80:9b:9a:11:0d:00
+		2d:66:52:4d:3a:1c:cd:cd:d6:eb:f9:50:b2:e1:9a:00
+		a8:b8:9b:b7:1a:36:0e:5a:12:b0:e1:b1:fd:69:e1:0d
+		dc:22:0d:10:e1:af:f7:0f:82:27:a1:76:7e:37:cd:53
+		69:3c:e0:6b:ee:b1:1a:36:6a:db:cd:fa:e3:92:fb:18
+		1c:23:d5:c2:09:93:eb:5a:dd:2c:cd:95:4a:e5:96:1e
+		44:43:d9:0b:97:11:b7:36:62:64:16:57:84:96:e5:15
+		35:be:10:5a:77:f1:f1:7d:ae:db:76:32:77:82:26:47
+		04:e6:34:d2:82:07:f0:6e:a4:17:12:bc:09:ef:0d:7e
+		00:7a:c6:e4:e9:93:17:aa:8c:25:97:7c:d7:b2:ea:60
+		2a:29:54:f1:0d:c8:fa:e8:91:3d:b0:b3:15:fc:63:cc
+		11:49:40:a7:52:5c:d0:0f:e2:df:13:d3:65:e1:d6:3d
+		f2:c7:6d:7c:19:f0:5d:79:0e:18:22:8b:89:5b:68:26
+		5c:25:5b:0f:e2:9d:f3:50:a1:a0:5d:98:93:ed:45:f0
+		94:e2:6b:51:bc:ca:58:16:f1:e4:37:37:32:d2:7d:c7
+		b2:cb:00:a9:90:45:ad:b4:29:91:dc:6a:1b:19:e7:20
+		df:9e:96:5a:17:4b:8a:e6:fb:3d:11:3b:ed:79:e4:9c
+		55:62:1a:60:e2:d0:97:06:63:ea:9e:48:1e:f3:93:90
+		9b:d4:a4:3e:21:05:97:99:25:6d:27:09:99:34:7b:f2
+		80:a3:04:89:c1:e9:b9:5a:cf:df:39:40:23:e3:8c:22
+		18:d3:d1:71:4e:86:e8:b6:bf:eb:f5:11:97:cf:d7:54
+		65:62:c6:d4:fe:b7:f9:2d:ed:4a:8c:98:d2:96:aa:7f
+		78:32:b6:63:ee:e2:51:64:24:74:9b:de:56:6f:21:45
+		cb:b5:48:a3:1f:33:5a:98:e5:29:5e:9b:e0:1f:fd:46
+		45:eb:4f:34:15:7c:4a:be:a3:07:40:3c:33:3d:34:74
+Other Information:
+	Fingerprint:
+		sha1:8b730ffbd11677aaaf8600b893927d9e402c3f2d
+		sha256:0738e6d0d062fb1f32e5f3a03fde6b3f045838fae7ad3bdd2c26f6003f213295
+	Public Key ID:
+		sha1:3c7fd9a47b17ed6f81ce80c326d147fd3b991444
+		sha256:bb04f2e2a511a183ef195b3581f3e4ec968f742982687bd159f65374eb3d75d8
+	Public Key PIN:
+		pin-sha256:uwTy4qURoYPvGVs1gfPk7JaPdCmCaHvRWfZTdOs9ddg=
+
+-----BEGIN CERTIFICATE-----
+MIIITDCCBjSgAwIBAgIBVzANBgkqhkiG9w0BAQsFADCBijEKMAgGA1UEBRMBMTEa
+MBgGA1UEChMRSGVsbGVuaWMgUmVwdWJsaWMxFDASBgNVBAMTC0NTQ0EtSEVMTEFT
+MRgwFgYDVQQLEw9IZWxsZW5pYyBQb2xpY2UxCzAJBgNVBAYTAkdSMSMwIQYJKoZI
+hvcNAQkBFhRjc2NhQHBhc3Nwb3J0Lmdvdi5ncjAeFw0xMTA4MjEwODAwMDZaFw0x
+NjExMjMyMTU5NTlaMHAxCjAIBgNVBAUTATMxGjAYBgNVBAoTEUhlbGxlbmljIFJl
+cHVibGljMRQwEgYDVQQDEwtDU0NBLUhFTExBUzELMAkGA1UEBhMCR1IxIzAhBgkq
+hkiG9w0BCQEWFGNzY2FAcGFzc3BvcnQuZ292LmdyMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4JWyBFqReB9/HDN/0DrhLKdMGb5DMMKLtxodnYBDMP6A
+1of/8/JDNxbCHw9Q9L87pBjG0tqrVtPbmSOf3z3cChJhH+zmmmS/EO1QYO7J+qSC
+IpeJ08DR0O1og4pKIj/I7pldloHxP7Ju0351Jga02eHfp1WEN0WpeWpGN5+RupVf
+0nAbGDRqwHBZV3poykKJBU1A92DiRKUpaqyDbS/AKz9LNAkDMRjo4eBZN9TKdoeb
++7McbZS7DTvRwzTeO9NNxwsZ+0n48NsoRTaIry6uZgH2YCTqmRH33JwyhF7u0O2h
+4Nn4nqJpq6fgfqh4vCdzWEkDIiqH4wal0gAQrDSQjwsJ8tJ0Z7faABlH5sZwI96p
+dnJuTCNcJmbdTOE7GTUmpNFH3hEmeK2UvnFtEjViYeKZHlbmk/fi8YI2/5wN6/Yt
+Wi6rY4xn1I1Qf2XIf/bV770+D9N65inFBOoM3EbwTj4/nultZv1IoblJEUFMhNSC
+i93c9P9nGorSrkI5VXPfWejr8teef9151MG3jMpc/iBOogIZKBgys7ogct0sioLQ
+s56q7YSvT/N+AUl+z5VI7aLcK6/tpo6X+ztsr70NtHoTSQ6nmybLFnLtckn2AyjI
+tq6EzjULpUIu1P3N0UkKjU0txl/hU+xOk53rI04UiLVK1TxR/dj/uLUGQWI2gGkC
+AwEAAaOCAtQwggLQMCsGA1UdEAQkMCKADzIwMTEwODIxMDgwMDA2WoEPMjAxMTA4
+MjMyMDU5NTlaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUvSC7Feqn+R7kkN8I
+elLnqgiw1+YwHwYDVR0jBBgwFoAU7Lyt45sWM4kSLgRmeInhVmmcy98wEgYDVR0T
+AQH/BAgwBgEB/wIBADA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LnBhc3Nw
+b3J0Lmdvdi5nci9jc2NhL2NzY2EuY3JsMIICAAYDVR0gBIIB9zCCAfMwggHvBgwr
+BgEEAapsAQpjAQAwggHdMIIBogYIKwYBBQUHAgIwggGUHoIBkABUAGgAaQBzACAA
+QwBlAHIAdABpAGYAaQBjAGEAdABlACAAaQBzACAAZwBvAHYAZQByAG4AZQBkACAA
+YgB5ACAAdABoAGUAIAByAGUAZgBlAHIAcgBlAGQAIABQAG8AbABpAGMAaQBlAHMA
+IABhAG4AZAAgAHQAaABlACAAQwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAFAA
+cgBhAGMAdABpAGMAZQAgAFMAdABhAHQAZQBtAGUAbgB0ACAAbwBmACAAdABoAGUA
+IABHAHIAZQBlAGsAIABDAG8AdQBuAHQAcgB5ACAAUwBpAGcAbgBpAG4AZwAgAEMA
+ZQByAHQAaQBmAGkAYwBhAHQAaQBvAG4AIABBAHUAdABoAG8AcgBpAHQAeQAgACgA
+QwBTAEMAQQAtAEcAUgBFAEUAQwBFACkALAAgAHcAaABpAGMAaAAgAGYAbwByAG0A
+IABhAG4AIABpAG4AdABlAGcAcgBhAGwAIABwAGEAcgB0ACAAbwBmACAAdABoAGUA
+IABDAGUwNQYIKwYBBQUHAgEWKWh0dHA6Ly93d3cucGFzc3BvcnQuZ292LmdyL2Nz
+Y2EvcG9saWNpZXMvMA0GCSqGSIb3DQEBCwUAA4ICAQA8gdK+WW8qxteSeSohPDJy
+WCRD0ThZ6Ox27QdKwILrkIstYsRgVc4coNzIkzZMNnKcUkZALFsnKWN8nEwx5yCO
+nXL0jd75UCdXWGs7T1g7WdfAP9OcYSsrBJK2aBxCFmkRHwFBWuZ9MEKnK/WnFduu
+DlTSQXk9xsAjgICbmhENAC1mUk06HM3N1uv5ULLhmgCouJu3GjYOWhKw4bH9aeEN
+3CINEOGv9w+CJ6F2fjfNU2k84GvusRo2atvN+uOS+xgcI9XCCZPrWt0szZVK5ZYe
+REPZC5cRtzZiZBZXhJblFTW+EFp38fF9rtt2MneCJkcE5jTSggfwbqQXErwJ7w1+
+AHrG5OmTF6qMJZd817LqYCopVPENyProkT2wsxX8Y8wRSUCnUlzQD+LfE9Nl4dY9
+8sdtfBnwXXkOGCKLiVtoJlwlWw/infNQoaBdmJPtRfCU4mtRvMpYFvHkNzcy0n3H
+sssAqZBFrbQpkdxqGxnnIN+elloXS4rm+z0RO+155JxVYhpg4tCXBmPqnkge85OQ
+m9SkPiEFl5klbScJmTR78oCjBInB6blaz985QCPjjCIY09FxTobotr/r9RGXz9dU
+ZWLG1P63+S3tSoyY0paqf3gytmPu4lFkJHSb3lZvIUXLtUijHzNamOUpXpvgH/1G
+RetPNBV8Sr6jB0A8Mz00dA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-certs.pem b/tests/cert-tests/data/ca-certs.pem
new file mode 100644
index 0000000..76f1377
--- /dev/null
+++ b/tests/cert-tests/data/ca-certs.pem
@@ -0,0 +1,3832 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIJAJigUTEEXRQpMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZIZXNzZW4xDjAMBgNVBAcTBUZ1bGRhMRAwDgYDVQQK
+EwdEZWJjb25mMRMwEQYDVQQDEwpEZWJjb25mIENBMR8wHQYJKoZIhvcNAQkBFhBq
+b2VyZ0BkZWJpYW4ub3JnMB4XDTA1MTEwNTE3NTUxNFoXDTE1MTEwMzE3NTUxNFow
+djELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEOMAwGA1UEBxMFRnVsZGEx
+EDAOBgNVBAoTB0RlYmNvbmYxEzARBgNVBAMTCkRlYmNvbmYgQ0ExHzAdBgkqhkiG
+9w0BCQEWEGpvZXJnQGRlYmlhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCvbOo0SrIwI5IMlsshH8WF3dHB9r9JlSKhMPaybawa1EyvZspMQ3wa
+F5qxNf3Sj+NElEmjseEqvCZiIIzqwerHu0Qw62cDYCdCd2+Wb5m0bPYB5CGHiyU1
+eNP0je42O0YeXG2BvUujN8AviocVo39X2YwNQ0ryy4OaqYgm2pRlbtT2ESbF+SfV
+Y2iqQj/f8ymF+lHo/pz8tbAqxWcqaSiHFAVQJrdqtFhtoodoNiE3q76zJoUkZTXB
+k60Yc3MJSnatZCpnsSBr/D7zpntl0THrUjjtdRWCjQVhqfhM1yZJV+ApbLdheFh0
+ZWlSxdnp25p0q0XYw/7G92ELyFDfBUUNAgMBAAGjgdswgdgwHQYDVR0OBBYEFMuV
+dFNb4mCWUFbcP5LOtxFLrEVTMIGoBgNVHSMEgaAwgZ2AFMuVdFNb4mCWUFbcP5LO
+txFLrEVToXqkeDB2MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMQ4wDAYD
+VQQHEwVGdWxkYTEQMA4GA1UEChMHRGViY29uZjETMBEGA1UEAxMKRGViY29uZiBD
+QTEfMB0GCSqGSIb3DQEJARYQam9lcmdAZGViaWFuLm9yZ4IJAJigUTEEXRQpMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGZXxHg4mnkvilRIM1EQfGdY
+S5b/WcyF2MYSTeTvK4aIB6VHwpZoZCnDGj2m2D3CkHT0upAD9o0zM1tdsfncLzV+
+mDT/jNmBtYo4QXx5vEPwvEIcgrWjwk7SyaEUhZjtolTkHB7ACl0oD0r71St4iEPR
+qTUCEXk2E47bg1Fz58wNt/yo2+4iqiRjg1XCH4evkQuhpW+dTZnDyFNqwSYZapOE
+TBA+9zBb6xD1KM2DdY7r4GiyYItN0BKLfuWbh9LXGbl1C+f4P11g+m2MPiavIeCe
+1iazG5pcS3KoTLACsYlEX24TINtg4kcuS81XdllcnsV3Kdts0nIqPj6uhTTZD0k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE
+AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x
+CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW
+MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF
+RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7
+09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7
+XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P
+Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK
+t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb
+X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28
+MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU
+fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI
+2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH
+K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae
+ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP
+BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ
+MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw
+RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv
+bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm
+fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3
+gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe
+I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i
+5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi
+ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn
+MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ
+o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6
+zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN
+GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt
+r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK
+Z05phkOTOPu220+DkdRgfks+KzgHVZhepA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx
+CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp
+ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa
+QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw
+NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft
+ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu
+QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG
+qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL
+fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ
+Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4
+Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ
+54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b
+MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j
+ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej
+YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt
+A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF
+rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ
+pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB
+lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy
+YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50
+7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs
+YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6
+xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc
+unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/
+Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp
+ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42
+gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0
+jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+
+XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD
+W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/
+RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r
+MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk
+BYn8eNZcLCZDqQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
+MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
+QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
+VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
+CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
+tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
+dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
+PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
+BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
+ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
+IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
+7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
+43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
+eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
+pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
+WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
+MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
+ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
+BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
+6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
+GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
+dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
+1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
+62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
+BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
+MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
+cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
+b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
+IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
+iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
+GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
+4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
+XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
+MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
+EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
+BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
+xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
+87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
+2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
+WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
+0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
+A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
+pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
+ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
+aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
+hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
+hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
+dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
+P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
+iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
+xqE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
+hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
+1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
+OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
+2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
+O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
+AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
+Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
+LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
+oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
+MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
+sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
+206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
+KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
+JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
+BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
+Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
+PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
+Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
+o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
+FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
+xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
+LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
+CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
+IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
+DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
+AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
+Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
+AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
+Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
+RY8mkaKO/qk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc
+MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp
+b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT
+AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs
+aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H
+j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K
+f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55
+IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw
+FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht
+QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm
+/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ
+k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ
+MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC
+seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ
+hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+
+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U
+DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj
+B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL
+rosot4LKGAfmt1t06SAZf7IbiVQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE
+BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h
+cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy
+MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg
+Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9
+thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM
+cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG
+L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i
+NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h
+X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b
+m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy
+Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja
+EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T
+KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
+6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh
+OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD
+VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv
+ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl
+AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF
+661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9
+am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1
+ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481
+PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS
+3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k
+SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF
+3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM
+ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
+StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz
+Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB
+jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg
+Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL
+MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD
+VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0
+ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX
+l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB
+HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B
+5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3
+WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP
+gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+
+DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu
+BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs
+h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk
+LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg
+Q2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzEL
+MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD
+VQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKxifZg
+isRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//z
+NIqeKNc0n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI
++MkcVyzwPX6UvCWThOiaAJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2R
+hzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+
+mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFP
+Bdy7pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27s
+EzNxZy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2
+mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yC
+e/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4okoyeYZdow
+dXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET
+MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE
+AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw
+CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg
+YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE
+Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX
+mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD
+XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW
+S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp
+FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD
+AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu
+ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z
+ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv
+Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw
+DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6
+yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq
+EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/
+CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB
+EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN
+PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg
+b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa
+MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB
+ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw
+IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb
+unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d
+BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq
+7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3
+0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX
+roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG
+A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j
+aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
+26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA
+BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud
+EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN
+BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
+aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB
+AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd
+p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi
+1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc
+XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0
+eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
+tGWaIZDgqtCYvDi1czyL+Nw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
+YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
+MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
+NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
+A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
+A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
+Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
+QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
+eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
+B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
+z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
+AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
+ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
+TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
+MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
+VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
+VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
+bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
+AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
+bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
+ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
+VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
+ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
+AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
+BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X
+DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ
+BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4
+QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny
+gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw
+zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q
+130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2
+JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw
+ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT
+AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj
+AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG
+9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
+bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc
+fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu
+HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w
+t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
+PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
+cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
+IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
+ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
+VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
+kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
+EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
+H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
+HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
+QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
+Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
+AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
+yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
+FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
+ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
+kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
+l7+ijrRU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT
+AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD
+QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP
+MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do
+0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ
+UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d
+RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ
+OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv
+JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C
+AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O
+BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ
+LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY
+MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ
+44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I
+Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw
+i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN
+9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
+jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
+ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
+ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
+Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
+AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
+HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
+TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
+xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
+CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
+O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
+6GAqm4VKQPNriiTsBhYscw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0
+IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3
+MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz
+IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz
+MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj
+dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw
+EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp
+MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9
+28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq
+VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q
+DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR
+5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL
+ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a
+Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl
+UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s
++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5
+Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
+ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx
+hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV
+HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1
++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN
+YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t
+L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy
+ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt
+IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV
+HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w
+DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW
+PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF
+5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1
+glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH
+FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2
+pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD
+xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG
+tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq
+jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De
+fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
+OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ
+d0jQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD
+TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2
+MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF
+Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh
+IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6
+dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO
+V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC
+GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN
+v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB
+AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB
+Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO
+76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK
+OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH
+ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi
+yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL
+buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj
+2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
+MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
+/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
+PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
+SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
+IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
+zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
+BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
+ZQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
+ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
+fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
+BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
+cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
+HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
+CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
+3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
+6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
+HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
+Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
+DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
+5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
+Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
+gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
+aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
+izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
+aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
+MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
+VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
+fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
+TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
+fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
+1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
+kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
+A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
+ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
+dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
+Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
+HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
+pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
+jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
+dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0
+MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG
+EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT
+CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK
+8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2
+98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb
+2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC
+ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi
+Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB
+o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl
+ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD
+AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL
+AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd
+foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M
+cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq
+8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp
+hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk
+Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U
+AGegcQCCSA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw
+PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu
+MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx
+GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL
+MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf
+HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh
+gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW
+v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue
+Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr
+9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt
+6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7
+MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl
+Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58
+ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq
+hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p
+iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC
+dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL
+kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL
+hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz
+OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
+A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
+bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE
+ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS
+b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5
+7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS
+J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y
+HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP
+t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz
+FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY
+XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw
+hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js
+MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA
+A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
+Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx
+XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o
+omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc
+A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
+IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
+IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
+RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
+U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
+IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
+ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
+QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
+rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
+NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
+QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
+txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
+BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
+tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
+IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
+6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
+Cm26OWMohpLzGITY+9HPBVZkVw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx
+ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w
+MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD
+VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx
+FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu
+ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7
+gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH
+fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a
+ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT
+ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk
+c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto
+dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
+aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI
+hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk
+QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/
+h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
+nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR
+rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2
+9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV
+BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt
+ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4
+MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg
+SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl
+a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h
+4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk
+tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s
+tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL
+dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4
+c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um
+TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z
++kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O
+Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW
+OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW
+fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2
+l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw
+FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+
+8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI
+6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO
+TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME
+wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY
+Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn
+xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q
+DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q
+Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t
+hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4
+7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7
+QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1
+MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp
+Z2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZp
+a2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0OFoXDTE3MDEwNDEx
+MzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kg
+R3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9uaWsg
+U2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdU
+MZTe1RK6UxYC6lhj71vY8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlT
+L/jDj/6z/P2douNffb7tC+Bg62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H
+5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC
+90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1
+c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoE
+VtstxNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP
+qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S
+/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzlvBNbCNvj
+/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4Vwpm+Vganf2X
+KWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq
+fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqX
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy
+MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA
+vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G
+CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA
+WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo
+oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ
+h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18
+f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
+B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
+vUxFnmG6v4SBkgPR0ml8xQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
+Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
+KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
+NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
+NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
+ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
+BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
+Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
+4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
+KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
+rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
+94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
+sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
+gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
+kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
+vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
+O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
+AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
+9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
+eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
+0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe
+MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0
+ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw
+IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL
+SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH
+SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
+ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X
+DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1
+TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ
+fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA
+sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU
+WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS
+nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH
+dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip
+NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
+AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF
+MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB
+uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl
+PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP
+JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/
+gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2
+j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6
+5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
+o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS
+/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z
+Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE
+W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
+hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
+ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw
+MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j
+LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo
+RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu
+WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw
+Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK
+eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM
+zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
+/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj
+dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0
+NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD
+VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G
+vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/
+BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl
+IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw
+NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq
+y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
+0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1
+E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
+ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
+MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
+dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
+c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
+UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
+58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
+o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
+MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
+aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
+A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
+Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
+8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCRVMx
+IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w
+HhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCBnTELMAkGA1UEBhMCRVMx
+IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5u
+Cp4Bx+ow0Syd3Tfom5h5VtP8c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdY
+rv5sp0ovFy3Tc9UTHI9ZpTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3z
+hxAwJkh91/zpnZFx/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPay
+BQC6haD9HThuy1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcL
+iam8NeTvtjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcb
+AgMBAAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv
+bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDExMDI0
+MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
+FgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQADggEBAEdz/o0n
+VPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/GzR0iLjJcG1+p+o1wq
+u00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvXwOaD7FnMP97/T2u3Z36m
+hoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6ntBas3D7Hi05V2Y1Z0jFhyGzfl
+ZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZdBbQ5rQ58SfLyEDW44YQqSMSkuBp
+QWOnryULwMWSyx6Yo1q6xTMPoJcB3X/ge9YGVM+h4k0460tQtcsm9MracEpqoeJ5
+quGnM/b9Sh/22WA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs
+IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A
+PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8
+Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL
+TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL
+5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7
+S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe
+2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap
+EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td
+EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
+/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
+A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
+abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
+I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
+4iIprn2DQKi6bA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9
+AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA
+ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0
+7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W
+kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI
+mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
+6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
+4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
+oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
+UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
+AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
+NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
+BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
+So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
+tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
+CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
+qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
+rD6ogRLQy7rQkgu2npaqBA+K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
+BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
+hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
+5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
+JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
+DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
+huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
+zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
+kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
+SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
+spki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1
+c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81
+WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG
+FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq
+XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL
+se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb
+KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd
+IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73
+y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt
+hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc
+QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
+Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV
+HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ
+KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ
+L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr
+Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo
+ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY
+T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
+GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
+1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
+OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
+6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
+QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0
+IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV
+VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8
+cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT
+QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh
+F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v
+c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w
+mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd
+VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX
+teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ
+f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe
+Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
+nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY
+MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX
+IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn
+ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z
+uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN
+Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
+QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
+koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
+ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
+DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
+bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD
+VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0
+IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3
+MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
+aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx
+MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy
+cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG
+A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl
+BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed
+KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7
+G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2
+zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4
+ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG
+HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2
+Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V
+yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e
+beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r
+6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
+wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog
+zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW
+BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr
+ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp
+ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk
+cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt
+YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC
+CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow
+KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI
+hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ
+UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz
+X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x
+fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz
+a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd
+Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd
+SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O
+AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso
+M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge
+v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
+09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
+A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
+jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
+PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
+ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
+nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
+q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
+MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
+mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
+7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
+oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
+EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
+fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
+AmvZWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT
+AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ
+TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG
+9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw
+MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM
+BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO
+MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2
+LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI
+s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2
+xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4
+u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b
+F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx
+Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd
+PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV
+HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
+NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF
+AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ
+L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY
+YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg
+Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a
+NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R
+0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6
+ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD
+VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j
+b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq
+scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO
+xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H
+LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX
+uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD
+yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+
+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q
+rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN
+BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L
+hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB
+QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+
+HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu
+Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg
+QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB
+BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA
+A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb
+laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56
+awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo
+JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw
+LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT
+VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk
+LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb
+UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/
+QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+
+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls
+QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN
+AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp
+dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw
+MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw
+CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ
+MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB
+SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz
+ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH
+LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP
+PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL
+2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w
+ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC
+MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk
+AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0
+AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz
+AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz
+AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f
+BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE
+FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY
+P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi
+CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g
+kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95
+HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS
+na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q
+qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z
+TbvGRNs2yyqcjg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0
+ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y
+OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx
+FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp
+Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP
+kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc
+cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U
+fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7
+N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC
+xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1
++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM
+Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG
+SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h
+mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk
+ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c
+2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t
+HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw
+cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy
+b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z
+ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4
+NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN
+TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p
+Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u
+uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+
+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA
+vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770
+Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx
+62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB
+AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw
+LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP
+BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB
+AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov
+MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5
+ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn
+AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT
+AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh
+ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo
+AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa
+AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln
+bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p
+Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP
+PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB
+EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu
+w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj
+cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV
+HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI
+VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS
+BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS
+b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS
+8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds
+ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl
+7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a
+86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR
+hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/
+MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG
+EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3
+MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR
+dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB
+pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM
+b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz
+IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT
+lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz
+AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5
+VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG
+ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2
+BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG
+AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M
+U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh
+bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C
++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F
+uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
+XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD
+EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05
+OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l
+dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK
+gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX
+iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc
+Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E
+BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G
+SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu
+b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh
+bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv
+Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln
+aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0
+IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh
+c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph
+biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo
+ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP
+UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj
+YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo
+dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA
+bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06
+sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa
+n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS
+NitjrFgBazMpUIaD8QFI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD
+EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X
+DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw
+DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u
+c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr
+TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA
+OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC
+2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW
+RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P
+AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW
+ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0
+YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz
+b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO
+ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB
+IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs
+b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs
+ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s
+YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg
+a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g
+SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0
+aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg
+YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg
+Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY
+ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g
+pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4
+Fp1hBWeAyNDYpQcCNJgEjTME1A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
+MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
+TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
+dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
+KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
+N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
+dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
+MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
+b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
+zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
+3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
+WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
+Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
+NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
+ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
+QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
+YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
+aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
+IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
+ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
+ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
+amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
+IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
+Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
+ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
+YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
+dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
+b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
+CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
+xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
+0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
+QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
+f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
+8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD
+EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz
+aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w
+MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l
+dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh
+bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq
+eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe
+r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5
+3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd
+vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
+mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC
+wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg
+hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0
+TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh
+biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg
+ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg
+dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6
+b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl
+c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0
+ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3
+dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu
+ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh
+bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo
+ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3
+Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
+ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA
+A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ
+MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+
+NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR
+VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY
+83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3
+macqaJVmlaut74nLYKkGEsaUR+ko
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
+UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
+ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
+c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
+OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
+mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
+BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
+qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
+gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
+bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
+dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
+6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
+h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
+/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
+pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB
+ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly
+aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w
+NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G
+A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX
+SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR
+VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2
+w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF
+mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg
+4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9
+4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw
+EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx
+SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2
+ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8
+vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
+hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi
+Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ
+/L7fCg0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa
+GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg
+Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J
+WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB
+rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp
++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1
+ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i
+Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz
+PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og
+/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH
+oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
+yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2
+A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL
+MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f
+BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn
+g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl
+fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K
+WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha
+B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc
+hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
+TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
+mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
+ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
+4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
+8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM
+V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB
+4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr
+H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv
+vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT
+mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe
+btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc
+T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt
+WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ
+c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
+4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD
+VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0
+aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw
+czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G
+A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg
+Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0
+7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd
++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B
+4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN
+t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
+DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
+k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
+zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
+Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
+mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
+MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
+IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
+dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
+li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
+rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
+WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
+F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
+Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
+dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
+ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
+IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
+c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
+ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
+KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
+y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
+dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
+VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
+fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
+7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
+cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
+mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
+SnQ2+Q==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
+MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
+eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
+/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
+wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
+AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
+PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
+AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
+MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
+HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
+Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
+f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
+rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
+6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
+7CAFYd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
+MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
+Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
+/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
+jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
+HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
+sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
+gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
+H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
+I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
+iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr
+MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG
+A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0
+MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD
+QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz
+i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8
+h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV
+MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9
+UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni
+8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC
+h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm
+KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
+X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr
+QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5
+pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN
+QSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz
+MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N
+IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11
+bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE
+RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO
+zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5
+bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF
+MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1
+VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC
+OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW
+tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ
+q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb
+EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+
+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O
+VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx
+MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG
+29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk
+oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk
+3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL
+qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN
+nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX
+ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H
+DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO
+TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
+kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w
+zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
+MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
+Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
+5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
+3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
+vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
+8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
+zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
+3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
+FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
+Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
+ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
+TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy
+MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk
+ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn
+ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71
+9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO
+hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U
+tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o
+BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh
+SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww
+OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv
+cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA
+7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
+/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm
+eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6
+u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy
+7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
+iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO
+TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX
+DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl
+ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv
+b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291
+qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp
+uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU
+Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE
+pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp
+5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M
+UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN
+GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy
+5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv
+6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK
+eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6
+B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/
+BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov
+L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG
+SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS
+CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen
+5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897
+IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK
+gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL
++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL
+vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm
+bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk
+N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC
+Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z
+ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIQNxkY5lNUfBq1uMtZWts1tzANBgkqhkiG9w0BAQUFADCB
+rjELMAkGA1UEBhMCREUxIDAeBgNVBAgTF0JhZGVuLVd1ZXJ0dGVtYmVyZyAoQlcp
+MRIwEAYDVQQHEwlTdHV0dGdhcnQxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fz
+c2VuIFZlcmxhZyBHbWJIMT4wPAYDVQQDEzVTLVRSVVNUIEF1dGhlbnRpY2F0aW9u
+IGFuZCBFbmNyeXB0aW9uIFJvb3QgQ0EgMjAwNTpQTjAeFw0wNTA2MjIwMDAwMDBa
+Fw0zMDA2MjEyMzU5NTlaMIGuMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4t
+V3VlcnR0ZW1iZXJnIChCVykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMg
+RGV1dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxPjA8BgNVBAMTNVMtVFJV
+U1QgQXV0aGVudGljYXRpb24gYW5kIEVuY3J5cHRpb24gUm9vdCBDQSAyMDA1OlBO
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bVKwdMz6tNGs9HiTNL1
+toPQb9UY6ZOvJ44TzbUlNlA0EmQpoVXhOmCTnijJ4/Ob4QSwI7+Vio5bG0F/WsPo
+TUzVJBY+h0jUJ67m91MduwwA7z5hca2/OnpYH5Q9XIHV1W/fuJvS9eXLg3KSwlOy
+ggLrra1fFi2SU3bxibYs9cEv4KdKb6AwajLrmnQDaHgTncovmwsdvs91DSaXm8f1
+XgqfeN+zvOyauu9VjxuapgdjKRdZYgkqeQd3peDRF2npW932kKvimAoA0SVtnteF
+hy+S8dF2g08LOlk3KC8zpxdQ1iALCvQm+Z845y2kuJuJja2tyWp9iRe79n+Ag3rm
+7QIDAQABo4GSMIGPMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEG
+MCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTVFJvbmxpbmUxLTIwNDgtNTAdBgNV
+HQ4EFgQUD8oeXHngovMpttKFswtKtWXsa1IwHwYDVR0jBBgwFoAUD8oeXHngovMp
+ttKFswtKtWXsa1IwDQYJKoZIhvcNAQEFBQADggEBAK8B8O0ZPCjoTVy7pWMciDMD
+pwCHpB8gq9Yc4wYfl35UvbfRssnV2oDsF9eK9XvCAPbpEW+EoFolMeKJ+aQAPzFo
+LtU96G7m1R08P7K9n3frndOMusDXtk3sU5wPBG7qNWdX4wple5A64U8+wwCSersF
+iXOMy6ZNwPv2AtawB6MDwidAnwzkhYItr5pCHdDHjfhA7p0GVxzZotiAFP7hYy0y
+h9WUUpY6RsZxlj33mA6ykaqP2vROJAA5VeitF7nTNCtKqUDMFypVZUF0Qn71wK/I
+k63yGFs9iQzbRzkk+OBM8h+wPQrKBU6JIRrjKpms/H+h8Q8bHz2eBIPdltkdOpQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk
+MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg
+Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT
+AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp
+Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9
+m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih
+FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/
+TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F
+EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco
+kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu
+HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF
+vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo
+19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
+L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW
+bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX
+JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw
+FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j
+BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc
+K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf
+ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik
+Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB
+sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e
+3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR
+ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip
+mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH
+b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf
+rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms
+hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
+zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6
+MBr1mmz0DlP5OlvRHA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
+biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
+MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8
+76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+
+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c
+6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE
+emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd
+MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt
+MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y
+MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi
+aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
+gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB
+qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7
+lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn
+8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6
+45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO
+UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC
+bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv
+GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a
+77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
+hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
+92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
+Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
+ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
+Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu
+IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw
+WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD
+ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y
+IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn
+IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+
+6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob
+jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw
+izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl
++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY
+zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP
+pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF
+KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
+ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB
+AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0
+ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW
+IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA
+A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0
+uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+
+FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7
+jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/
+u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D
+YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1
+puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa
+icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG
+DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x
+kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
+Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
+IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
+RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
+U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
+Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
+YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
+nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
+6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
+eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
+c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
+MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
+HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
+jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
+5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
+rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
+wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
+AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
+WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
+xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
+2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
+IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
+aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
+em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
+dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
+OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
+tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/
+MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow
+PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR
+IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q
+gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy
+yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts
+F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2
+jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx
+ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC
+VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK
+YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH
+EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
+Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud
+DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE
+MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK
+UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf
+qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK
+ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE
+JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7
+hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1
+EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm
+nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX
+udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz
+ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe
+LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl
+pYYsfPQS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
+BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
+Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQzWhcNMjUxMjMxMjI1
+OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
+SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UEAxMc
+VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jf
+tMjWQ+nEdVl//OEd+DFwIxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKg
+uNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2J
+XjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK
+8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+99
+5OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3
+kUrL84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
+dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6
+Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz
+JTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290
+Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
+TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iS
+GNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprt
+ZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8
+au0WOB9/WIFaGusyiC2y8zl3gK9etmF1KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaV
+hgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeI
+dUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
+BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
+Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1
+OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
+SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc
+VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW
+Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q
+Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2
+1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq
+ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1
+Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX
+XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
+dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6
+Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz
+JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290
+Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
+TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN
+irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8
+TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6
+g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB
+95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj
+S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
+BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1
+c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1NDI4WhcNMjUxMjMx
+MjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIg
+R21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYwJAYD
+VQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSR
+JJZ4Hgmgm5qVSkr1YnwCqMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3T
+fCZdzHd55yx4Oagmcw6iXSVphU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeu
+jRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3z
+wZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQ
+fezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYD
+VR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G
+CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X1
+7caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNerNXxTPqYn
+8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3ghUJGooWMNjs
+ydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT
+ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/
+2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAwezEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
+BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UEAxMfVEMgVHJ1
+c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkwODE1MjdaFw0yOTEy
+MzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRl
+ciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0ExKDAm
+BgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJSUkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2pxisLlxErALyBpXsq6DFJmzNEubkKLF
+5+cvAqBNLaT6hdqbJYUtQCggbergvbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYv
+DIRlzg9uwliT6CwLOunBjvvya8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8v
+zArZQe+f/prhsq75U7Xl6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRT
+yGG299J5KmcYdkhtWyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yj
+dipFtK+/fz6HP3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBh
+MB8GA1UdIwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI
+4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42Fmhfz
+dkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhnYIg5IFHY
+aAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhKBgePxLcHsU0G
+DeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRclkvxOvIAu2y0+pZV
+CIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGGjYnuJ8Tb4rwZjgvDwxPH
+LQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9HKgl8ZS0Zg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE
+SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg
+Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV
+BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl
+cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA
+vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu
+Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a
+0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1
+4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN
+eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD
+R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG
+A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu
+dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME
+Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3
+WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
+HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ
+KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO
+Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX
+wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+
+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89
+9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0
+jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38
+aQNiuJkFBT1reBK9sG9l
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE
+SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw
+ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU
+REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr
+2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s
+2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU
+GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj
+dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r
+TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB
+AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
+c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl
+ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu
+MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
+T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud
+HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD
+VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny
+bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy
+MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ
+J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG
+SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom
+JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO
+inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y
+caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB
+mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ
+YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9
+BKNDLdr8C2LqL19iUw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
+qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
+BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
+NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
+LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
+A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
+W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
+3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
+6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
+Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
+NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
+r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
+DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
+YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
+/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
+LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
+jVaMaA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
+IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
+BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
+MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
+d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
+YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
+dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
+BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
+papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
+DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
+KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
+XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
+Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
+LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
+MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
+gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
+YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
+b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
+9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
+zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
+OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
+2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
+oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
+KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
+m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
+MdRAGmI0Nj81Aa6sY6A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS
+MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp
+bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw
+VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy
+YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy
+dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2
+ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe
+Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx
+GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls
+aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU
+QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh
+xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0
+aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr
+IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h
+gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK
+O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO
+fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw
+lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL
+hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID
+AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP
+NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t
+wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM
+7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh
+gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n
+oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs
+yZyQ2uypQjyttgI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg
+MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8
+dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz
+MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy
+dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD
+VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg
+xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu
+xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7
+XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k
+heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J
+YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C
+urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1
+JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51
+b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV
+9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7
+kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh
+fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy
+B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA
+aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS
+RGQDJereW26fyfJOrN3H
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS
+S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg
+SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3
+WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv
+bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw
+bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe
+LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef
+J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh
+R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ
+Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX
+JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p
+zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S
+Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq
+ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4
+Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz
+gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH
+uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS
+y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB
+kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw
+IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
+VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6
+E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ
+D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK
+4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq
+lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW
+bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB
+o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
+MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js
+LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr
+BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB
+AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft
+Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj
+j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH
+KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv
+2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3
+mfnGV/TJVTl4uix5yaaIK/QI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB
+rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt
+Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa
+Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV
+BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
+dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE
+AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B
+YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9
+hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l
+L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm
+SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM
+1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
+6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw
+Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50
+aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
+AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u
+7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0
+xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ
+rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim
+eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk
+USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
+zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
+TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
+NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
+Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
+VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
+Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J
+h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
+uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68
+DzFc6PLZ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
+nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
+8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
+ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
+PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
+6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
+n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
+qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
+wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
+ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
+pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
+E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
+YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
+aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
+Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
+IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
+KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
+HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
+DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
+nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
+rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
+jBJ7xUS0rg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
+aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
+Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
+J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
+JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
+wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
+koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
+qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
+Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
+xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
+7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
+sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
+sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
+cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
+2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
+2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
+U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
+SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln
+biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
+GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
+fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
+aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
+aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
+kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
+4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
+FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB
+vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W
+ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0
+IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y
+IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh
+bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF
+9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH
+H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H
+LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN
+/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT
+rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw
+WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs
+exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
+DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4
+sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+
+seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz
+4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+
+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR
+lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3
+7M2CYfE45k+XmCpajQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
+MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
+cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
+bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
+CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
+dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
+cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
+2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
+lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
+ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
+299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
+vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
+dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
+AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
+zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
+LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
+7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
+++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
+398znM/jra6O1I7mT1GvFpLgXPYHDw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
+MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
+KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
+A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
+5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
+SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
+JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
+ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
+AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
+AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
+CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
+b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
+7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
+0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
+nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
+x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
+33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx
+IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs
+cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0
+MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl
+bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD
+DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r
+WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU
+Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs
+HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj
+z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf
+SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl
+AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG
+KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
+AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j
+BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC
+VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX
+ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB
+ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd
+/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB
+A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn
+k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9
+iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv
+2G0xffX8oRAHh84vWdw+WNs=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBvjELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UE
+ChMfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9z
+dG1hc3RlcjEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkq
+hkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDMwMTE1MTYyOTE3
+WhcNMDcwMTE0MTYyOTE3WjCBvjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0luZGlh
+bmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdhcmUgaW4g
+dGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEgMB4GA1UE
+AxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkqhkiG9w0BCQEWFmhvc3Rt
+YXN0ZXJAc3BpLWluYy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPB6
+rdoiLR3RodtM22LMcfwfqb5OrJNl7fwmvskgF7yP6sdD2bOfDIXhg9852jhY8/kL
+VOFe1ELAL2OyN4RAxk0rliZQVgeTgqvgkOVIBbNwgnjN6mqtuWzFiPL+NXQExq40
+I3whM+4lEiwSHaV+MYxWanMdhc+kImT50LKfkxcdAgMBAAGjggEfMIIBGzAdBgNV
+HQ4EFgQUB63oQR1/vda/G4F6P4xLiN4E0vowgesGA1UdIwSB4zCB4IAUB63oQR1/
+vda/G4F6P4xLiN4E0vqhgcSkgcEwgb4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJ
+bmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxKDAmBgNVBAoTH1NvZnR3YXJl
+IGluIHRoZSBQdWJsaWMgSW50ZXJlc3QxEzARBgNVBAsTCmhvc3RtYXN0ZXIxIDAe
+BgNVBAMTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo
+b3N0bWFzdGVyQHNwaS1pbmMub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
+AQEEBQADgYEAm/Abn8c2y1nO3fgpAIslxvi9iNBZDhQtJ0VQZY6wgSfANyDOR4DW
+iexO/AlorB49KnkFS7TjCAoLOZhcg5FaNiKnlstMI5krQmau1Qnb/vGSNsE/UGms
+1ts+QYPUs0KmGEAFUri2XzLy+aQo9Kw74VBvqnxvaaMeY5yMcKNOieY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIIDjCCBfagAwIBAgIJAOiOtsn4KhQoMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHSW5kaWFuYTEVMBMGA1UEBxMMSW5kaWFuYXBvbGlz
+MSgwJgYDVQQKEx9Tb2Z0d2FyZSBpbiB0aGUgUHVibGljIEludGVyZXN0MRMwEQYD
+VQQLEwpob3N0bWFzdGVyMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx
+JTAjBgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDgwNTEz
+MDgwNzU2WhcNMTgwNTExMDgwNzU2WjCBvDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdh
+cmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEe
+MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo
+b3N0bWFzdGVyQHNwaS1pbmMub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA3DbmR0LCxFF1KYdAw9iOIQbSGE7r7yC9kDyFEBOMKVuUY/b0LfEGQpG5
+GcRCaQi/izZF6igFM0lIoCdDkzWKQdh4s/Dvs24t3dHLfer0dSbTPpA67tfnLAS1
+fOH1fMVO73e9XKKTM5LOfYFIz2u1IiwIg/3T1c87Lf21SZBb9q1NE8re06adU1Fx
+Y0b4ShZcmO4tbZoWoXaQ4mBDmdaJ1mwuepiyCwMs43pPx93jzONKao15Uvr0wa8u
+jyoIyxspgpJyQ7zOiKmqp4pRQ1WFmjcDeJPI8L20QcgHQprLNZd6ioFl3h1UCAHx
+ZFy3FxpRvB7DWYd2GBaY7r/2Z4GLBjXFS21ZGcfSxki+bhQog0oQnBv1b7ypjvVp
+/rLBVcznFMn5WxRTUQfqzj3kTygfPGEJ1zPSbqdu1McTCW9rXRTunYkbpWry9vjQ
+co7qch8vNGopCsUK7BxAhRL3pqXTT63AhYxMfHMgzFMY8bJYTAH1v+pk1Vw5xc5s
+zFNaVrpBDyXfa1C2x4qgvQLCxTtVpbJkIoRRKFauMe5e+wsWTUYFkYBE7axt8Feo
++uthSKDLG7Mfjs3FIXcDhB78rKNDCGOM7fkn77SwXWfWT+3Qiz5dW8mRvZYChD3F
+TbxCP3T9PF2sXEg2XocxLxhsxGjuoYvJWdAY4wCAs1QnLpnwFVMCAwEAAaOCAg8w
+ggILMB0GA1UdDgQWBBQ0cdE41xU2g0dr1zdkQjuOjVKdqzCB8QYDVR0jBIHpMIHm
+gBQ0cdE41xU2g0dr1zdkQjuOjVKdq6GBwqSBvzCBvDELMAkGA1UEBhMCVVMxEDAO
+BgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMf
+U29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1h
+c3RlcjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcN
+AQkBFhZob3N0bWFzdGVyQHNwaS1pbmMub3JnggkA6I62yfgqFCgwDwYDVR0TAQH/
+BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAcwCQYDVR0SBAIwADAuBglghkgBhvhC
+AQ0EIRYfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDAwBglghkgBhvhC
+AQQEIxYhaHR0cHM6Ly9jYS5zcGktaW5jLm9yZy9jYS1jcmwucGVtMDIGCWCGSAGG
++EIBAwQlFiNodHRwczovL2NhLnNwaS1pbmMub3JnL2NlcnQtY3JsLnBlbTAhBgNV
+HREEGjAYgRZob3N0bWFzdGVyQHNwaS1pbmMub3JnMA4GA1UdDwEB/wQEAwIBBjAN
+BgkqhkiG9w0BAQUFAAOCAgEAtM294LnqsgMrfjLp3nI/yUuCXp3ir1UJogxU6M8Y
+PCggHam7AwIvUjki+RfPrWeQswN/2BXja367m1YBrzXU2rnHZxeb1NUON7MgQS4M
+AcRb+WU+wmHo0vBqlXDDxm/VNaSsWXLhid+hoJ0kvSl56WEq2dMeyUakCHhBknIP
+qxR17QnwovBc78MKYiC3wihmrkwvLo9FYyaW8O4x5otVm6o6+YI5HYg84gd1GuEP
+sTC8cTLSOv76oYnzQyzWcsR5pxVIBcDYLXIC48s9Fmq6ybgREOJJhcyWR2AFJS7v
+dVkz9UcZFu/abF8HyKZQth3LZjQl/GaD68W2MEH4RkRiqMEMVObqTFoo5q7Gt/5/
+O5aoLu7HaD7dAD0prypjq1/uSSotxdz70cbT0ZdWUoa2lOvUYFG3/B6bzAKb1B+P
++UqPti4oOxfMxaYF49LTtcYDyeFIQpvLP+QX4P4NAZUJurgNceQJcHdC2E3hQqlg
+g9cXiUPS1N2nGLar1CQlh7XU4vwuImm9rWgs/3K1mKoGnOcqarihk3bOsPN/nOHg
+T7jYhkalMwIsJWE3KpLIrIF0aGOHM3a9BX9e1dUCbb2v/ypaqknsmHlHU5H2DjRa
+yaXG67Ljxay2oHA1u8hRadDytaIybrw/oDc5fHE2pgXfDBLkFqfF1stjo5VwP+YE
+o2A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP
+Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr
+ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL
+MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1
+yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr
+VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/
+nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG
+XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj
+vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt
+Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g
+N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC
+nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y
+YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua
+kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL
+QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp
+6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG
+yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i
+QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO
+tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu
+QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ
+Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u
+olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48
+x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz
+dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG
+A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U
+cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf
+qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ
+JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ
++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS
+s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5
+HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7
+70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG
+V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S
+qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S
+5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia
+C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX
+OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE
+FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2
+KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B
+8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ
+MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc
+0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ
+u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF
+u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH
+YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8
+GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO
+RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e
+KeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ
+cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ
+BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt
+VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D
+0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9
+ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G
+A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs
+aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I
+flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw
+MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG
+KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+
+8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R
+FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS
+mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE
+DNuxUCAKGkq6ahq97BvIxYSazQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET
+MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk
+BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4
+Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl
+cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0
+aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY
+F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N
+8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe
+rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K
+/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu
+7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC
+28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6
+lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E
+nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB
+0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09
+5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj
+WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN
+jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ
+KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s
+ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM
+OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q
+619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn
+2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj
+o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v
+nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG
+5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq
+pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb
+dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0
+BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
+MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
+ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
+cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
+WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
+Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
+IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
+UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
+TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
+BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
+kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
+AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
+sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
+I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
+J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
+VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
+E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
+/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
+DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
+GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
+tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
+WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
+9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
+gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
+2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
+4uJEvlz36hz1
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF
+UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ
+R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN
+MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G
+A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw
+JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+
+WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj
+SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl
+u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy
+A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk
+Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7
+MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr
+aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC
+IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A
+cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA
+YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA
+bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA
+bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA
+aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA
+aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA
+ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA
+YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA
+ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA
+LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6
+Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y
+eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw
+CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G
+A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu
+Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn
+lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt
+b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg
+9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF
+ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC
+IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
+MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
+nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
+HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
+Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
+HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
+CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
+sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
+4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
+8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
+mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES
+MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
+V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz
+WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
+LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE
+AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH
+K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX
+RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z
+rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx
+3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq
+hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC
+MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls
+XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D
+lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn
+aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ
+YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB
+8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy
+dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1
+YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3
+dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh
+IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD
+LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG
+EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g
+KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD
+ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu
+bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg
+ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R
+85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm
+4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV
+HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd
+QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t
+lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB
+o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4
+opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo
+dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW
+ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN
+AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y
+/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k
+SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy
+Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS
+Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl
+nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix
+RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1
+dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p
+YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw
+NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK
+EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl
+cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
+c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz
+dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ
+fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns
+bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD
+75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP
+FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp
+5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu
+b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
+A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p
+6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
+TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7
+dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys
+Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI
+l7WdmplNsDz4SgCbZN2fOUvRJ9e4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX
+DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy
+dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj
+YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV
+OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr
+zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM
+VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ
+hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO
+ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
+awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs
+OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF
+coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc
+okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8
+t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
+1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/
+SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-crl-invalid.crl b/tests/cert-tests/data/ca-crl-invalid.crl
new file mode 100644
index 0000000..68b7c11
--- /dev/null
+++ b/tests/cert-tests/data/ca-crl-invalid.crl
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICJjCB3wIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgGiAwIBQDAPMQ0wCwYDVQQDEwRDQS0wFw0xODA5
+MTYxMzM1NDJaGA85OTk5MTIzMTIzNTk1OVowJzAlAhQocdck3Pu5MeIpUpjb4Fis
++aYhsRcNMTgwOTE2MTMzNTQyWqBBMD8wHwYDVR0jBBgwFoAUpNhDUvJwLqnKF+mm
+w5aF/wgkSEowHAYDVR0UBBUCE1ueXC860KlshpgThgNNyWGQU8QwPQYJKoZIhvcN
+AQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIB
+ogMCAUADggEBAElYoCVyM5W5vTfMeC7tI8WUqC3lIEXG+85AmY949KLvcx65ZAlX
+fLXxx+nj0fMmL/efQEHCbpK8MfZmdesuazELePLs+e94ESZbRD4IAg2S7jCqmQ6j
+Pr5vB/5A8xAIkUg+SDoPVX5VTH5UsVYhJmEfWnvkZehMst38CUqeyLJ5gp83d9nz
+IuaDaHL1EOh/F+Ul/PANnyot2tHh02WBRbLI0c0Sr7nsVvHwIMfNtB0kXFKg5fmJ
+puwhtNJGinWXpEgoMls7KXf+HOhiOwrMyTLxjhkawVRpjpdlMDPFp4sB0NdcIfr1
+HocKGTK84068uzN8Sk1QSuXpccL4YCr/fNo=
+-----END X509 CRL-----
diff --git a/tests/cert-tests/data/ca-crl-invalid.pem b/tests/cert-tests/data/ca-crl-invalid.pem
new file mode 100644
index 0000000..24adf40
--- /dev/null
+++ b/tests/cert-tests/data/ca-crl-invalid.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAjmgAwIBAgIUYrdL5TzzAJamxI3rTXeNdP+1SrUwPQYJKoZIhvcNAQEK
+MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
+AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTYxMzIzNTNaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg
+hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC
+AQoCggEBAK4RFQTNLU6aXid/ji3MU6W4iAYfFHGyxOgd/69wJ/yFu/gfBqJ3lNVy
++FvQvWtqq1N+mPixWjNIjPrHHsfEWhfNXEi3tSbcNwBFxMJ5Wc07BrYdrpQqfNb/
+Qb3cZbmWmmWp/A+BBFD09sI2imjVvJstjCUux6xxGG4jgXAdGkcAXH7ehi+D7nXQ
+yuIlfAv0QH2gWtHJ1wc3tMHghxSpBhS+KU2QxuRlQPlQrFfTSzjjQSYJ8qqFvYDN
+4emSFKEc5iJSRPrleTNDtSf5BQ7JVBmvBOCkUvlkVV6QjU+zMaJbwqaQuE7mOHbo
+myUCujP/k6eKv+P3l6OI+zu7+zBaebkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB
+/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSk2ENS8nAuqcoX6abDloX/CCRI
+SjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
+BglghkgBZQMEAgGiAwIBQAOCAQEAkGJ1suWS6LS7NcYk37KmfREcOMmh9lQdi4re
+tycRwn2tDaaRvRaiHAGndxZAPTfF9yBJ5LOzcSvSGsCOa2GE5Y3WtIVInadSudli
+o8pxSoWon0vF7dBzZGbC+/iSbKoF7bwF4WTE9dqEdMWOE/+eHT3RsJqtk0PdbBqD
+nqjQyb6QdrKPveoDVyfxszLA2gdJoTA6J+DJ5s8j197Hp9zXoPoIWY5/JDKpQweD
+mGAS9Efhx5UPbnluqlj/HzG0U43gLajYcSenG35uszF+muS9FrsYZb0qtl9vQ5zJ
+zmSAnjFYa8/p/zmcZKmZf0GIrxUQzn1lddy0Ys42cF22gc3sSg==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-crl-valid.crl b/tests/cert-tests/data/ca-crl-valid.crl
new file mode 100644
index 0000000..d8d8ba8
--- /dev/null
+++ b/tests/cert-tests/data/ca-crl-valid.crl
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICJjCB3wIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgGiAwIBQDAPMQ0wCwYDVQQDEwRDQS0wFw0xODA5
+MTYxMzQ4MjBaGA85OTk5MTIzMTIzNTk1OVowJzAlAhQYv9ruS7EaM2V7tn8kz3Rh
+vQxmhxcNMTgwOTE2MTM0ODIwWqBBMD8wHwYDVR0jBBgwFoAUUPN34B1PsHCSBKfl
+DvkuCvTuz+QwHAYDVR0UBBUCE1ueXyYRxCO5zh+eeQTS31LHIvMwPQYJKoZIhvcN
+AQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIB
+ogMCAUADggEBAH+J2DiyaZ+qKWKnrRluWQK/KSJ/a+Do7ox18swNg3VMtEP360TB
+vh0/ctrbeb/H12YmwvrQdMPSIAcDiyBGannqG3L2mijDXZq3F2azL0WZiKAsDsBi
+a3DW28F9KDPBQYuiUVYCn/C3r0CtDJuv1eARZtyc2BLujRgXUibVJej6U26mtPjs
+DcDsXIWmBqRquMXhj0TY0MvkbNvT1XhDBBmSlQo+EC5zz5FZ4e9DvWiPcJqgkx4X
+S58Xh+tpQR9IyyO8OLkNpMy5Zy1J6o3rTO5ZScEzjaO45YmN7BFoMljOdD1W2ID5
+MHVXfLRltra7qiZLXKhZ0aHfkzD3Xdu74JQ=
+-----END X509 CRL-----
diff --git a/tests/cert-tests/data/ca-crl-valid.pem b/tests/cert-tests/data/ca-crl-valid.pem
new file mode 100644
index 0000000..53dab80
--- /dev/null
+++ b/tests/cert-tests/data/ca-crl-valid.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAjmgAwIBAgIUIhM6Lo4vY8WseBrZi5UmDsqK3AAwPQYJKoZIhvcNAQEK
+MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
+AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTYxMzQ4MDVaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg
+hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC
+AQoCggEBANPX6SGS5KZmUtn1ZT5CtvcMv3hKLosvLEYzpvbjjprFdL3UmBlWSu9f
+u/0az9kT6D0maWKmtiF0AT4dD5CL/8391l2ZhiG9wxopBXAnxBRkO2+YZcaNY+ty
+4PqZauWc2InZ0rMYI8rfSbUREgWO+d8SBBbU2wACzh1AZwMbtjEc2aGP+PXiC4m0
+axxRk0lD4ZpklA8oVMIwUNS09NQcbn7YqlnxCVxd22Z40XspeCsihXkI2d1OXWmG
+J3HtEi3Ors1jyeGF3B68TplPJ3I1buuVTVJv32mVj4elQr78kTRtxyWoxL+pDt3y
+o95W+VOvuAfULQWNuk49w901t4mimEcCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB
+/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRQ83fgHU+wcJIEp+UO+S4K9O7P
+5DA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
+BglghkgBZQMEAgGiAwIBQAOCAQEAluZhfkQIDnSj+uQJpb0hTNW4cMqQXSM0khAe
+LYunzXvksXFnRz5w/qLNcvQQ94s1ej8RAXJQXG63x51eAlpwqLffcXA1rGCpUBwM
+9NsiNVkh/wMyZ0LcoyztvFRI/9JR40HzUWvp4k/SxLT25BQavlwborEO45HxHk1Q
+hEeWyuxNt/V9QKQ/DKtPQbbObT4gfg+mwWNntRS8VKqd1PsFr4oxmFXgGkpu04uW
+QV63kq7b54RzgYIPssm2Vr9JvLoZ+1q9VhZT08wx6NDxPIe70HydqTcfsOA8p84o
+MvcleJjNs4+1RPmNVhnnZDPYtBNnudn8NtMaN5AzZWa3Y41boA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-gnutls-keyid.pem b/tests/cert-tests/data/ca-gnutls-keyid.pem
new file mode 100644
index 0000000..fdb7520
--- /dev/null
+++ b/tests/cert-tests/data/ca-gnutls-keyid.pem
@@ -0,0 +1,43 @@
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00
+Subject: C=SE,CN=GnuTLS Test
+Issuer: C=SE,CN=GnuTLS Test
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Wed Jan 31 10:23:47 2007
+	Not After: Wed Mar 14 10:23:51 2007
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	c6:94:06:28:a7:51:24:39:b1:5a:01:54:9b:50:d4:
+	17:0c:4d:df:ac:42:00:07:e5:72:30:dc:88:2d:82:
+	16:80:da:23:47:a8:46:7c:c8:88:4f:0f:6a:d2:b4:
+	86:97:db:94:87:85:35:2f:51:e7:1c:33:7e:6b:1c:
+	00:07:1b:bb:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints: (critical)
+		CA:TRUE
+	Subject Key ID: 
+		BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41
+
+Other information:
+	MD5 Fingerprint: 49:4C:5E:02:10:16:82:5E:18:86:74:DF:51:56:EF:CC
+	SHA1 Fingerprint: B9:29:A0:CD:D1:B2:8F:C8:89:EB:87:E6:B5:9B:13:62:1C:D4:36:BF
+	Public Key ID: BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41
+
+
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQ6gAwIBAgIBADALBgkqhkiG9w0BAQUwIzELMAkGA1UEBhMCU0UxFDAS
+BgNVBAMTC0dudVRMUyBUZXN0MB4XDTA3MDEzMTA5MjM0N1oXDTA3MDMxNDA5MjM1
+MVowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMTC0dudVRMUyBUZXN0MFkwCwYJKoZI
+hvcNAQEBA0oAMEcCQMaUBiinUSQ5sVoBVJtQ1BcMTd+sQgAH5XIw3IgtghaA2iNH
+qEZ8yIhPD2rStIaX25SHhTUvUeccM35rHAAHG7sCAwEAAaMyMDAwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUuuRvY1GQbDgb39qJtZKH0ynn10EwCwYJKoZIhvcN
+AQEFA0EAMIM/ZIai49eKHg/Hb/LoKPtY8bLIf+oRw+0ifZghudZPokwIukVRoRw3
+rvJSTitBJGH9uyNWn8bbackkkg4otA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-no-keyid.pem b/tests/cert-tests/data/ca-no-keyid.pem
new file mode 100644
index 0000000..50675e4
--- /dev/null
+++ b/tests/cert-tests/data/ca-no-keyid.pem
@@ -0,0 +1,40 @@
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 2A
+Subject: CN=GnuTLS test2
+Issuer: CN=GnuTLS test2
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Wed Jan 31 10:34:15 2007
+	Not After: Wed Mar 14 10:34:18 2007
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	c6:94:06:28:a7:51:24:39:b1:5a:01:54:9b:50:d4:
+	17:0c:4d:df:ac:42:00:07:e5:72:30:dc:88:2d:82:
+	16:80:da:23:47:a8:46:7c:c8:88:4f:0f:6a:d2:b4:
+	86:97:db:94:87:85:35:2f:51:e7:1c:33:7e:6b:1c:
+	00:07:1b:bb:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints: (critical)
+		CA:TRUE
+
+Other information:
+	MD5 Fingerprint: 0F:AF:52:29:F4:17:B4:28:8E:FA:7D:F1:76:F3:81:FF
+	SHA1 Fingerprint: 93:8D:80:22:77:17:0D:12:51:56:32:61:9F:12:BA:B7:66:D9:38:77
+	Public Key ID: BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41
+
+
+-----BEGIN CERTIFICATE-----
+MIIBKjCB16ADAgECAgEqMAsGCSqGSIb3DQEBBTAXMRUwEwYDVQQDEwxHbnVUTFMg
+dGVzdDIwHhcNMDcwMTMxMDkzNDE1WhcNMDcwMzE0MDkzNDE4WjAXMRUwEwYDVQQD
+EwxHbnVUTFMgdGVzdDIwWTALBgkqhkiG9w0BAQEDSgAwRwJAxpQGKKdRJDmxWgFU
+m1DUFwxN36xCAAflcjDciC2CFoDaI0eoRnzIiE8PatK0hpfblIeFNS9R5xwzfmsc
+AAcbuwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBBQNBAI6O
+9GReGvX7vMcZxjMOua6mIOViqOPeMzJRNEFqUAo4aHy/ad17nHZhy3WsWm2GkrTk
+AiKsBcgbwyu2d/Fg6js=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-no-pathlen.pem b/tests/cert-tests/data/ca-no-pathlen.pem
new file mode 100644
index 0000000..1f4804f
--- /dev/null
+++ b/tests/cert-tests/data/ca-no-pathlen.pem
@@ -0,0 +1,48 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 00
+	Issuer: O=GnuTLS test certificate
+	Validity:
+		Not Before: Fri Jan 26 10:00:04 UTC 2007
+		Not After: Sat Jan 27 10:00:06 UTC 2007
+	Subject: O=GnuTLS test certificate
+	Subject Public Key Algorithm: RSA
+		Modulus (bits 512):
+			00:a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c
+			11:ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1
+			de:21:41:db:a3:d2:6c:f9:66:87:69:7c:50:07:81:66
+			41:28:c9:99:e2:eb:cc:57:53:9d:0c:b1:94:6f:ef:eb
+			17
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+		Subject Key Identifier (not critical):
+			3f00012df1304b60a3b0306cab0e93fe0158801b
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		9b:c1:b6:d9:df:2c:b1:1d:dd:da:14:19:94:b3:7c:12
+		e9:33:a5:2e:b5:c0:82:1d:45:7a:bf:73:b9:30:74:9d
+		f3:6e:7e:4c:f3:8d:ed:2a:f8:3f:39:04:ef:a4:fd:e3
+		fc:cb:ba:1f:2a:1d:ad:f3:f9:68:39:f4:6d:1f:6a:15
+Other Information:
+	Fingerprint:
+		sha1:f3ddd5478b80b142200b50c9eb2ee37061b09ed6
+		sha256:2a97f5b23c554a847b505429d9660ac2549bee5cc9279cb8c98d4b13729234ba
+	Public Key ID:
+		sha1:f268df0e814c0302ed338e146f57421dba44f06c
+		sha256:aafdaec29861f9d05de1dfdc1c7a64332cedead32fcb790597b4757ea1104815
+	Public Key PIN:
+		pin-sha256:qv2uwphh+dBd4d/cHHpkMyzt6tMvy3kFl7R1fqEQSBU=
+
+-----BEGIN CERTIFICATE-----
+MIIBYDCCAQygAwIBAgIBADALBgkqhkiG9w0BAQUwIjEgMB4GA1UEChMXR251VExT
+IHRlc3QgY2VydGlmaWNhdGUwHhcNMDcwMTI2MTAwMDA0WhcNMDcwMTI3MTAwMDA2
+WjAiMSAwHgYDVQQKExdHbnVUTFMgdGVzdCBjZXJ0aWZpY2F0ZTBZMAsGCSqGSIb3
+DQEBAQNKADBHAkChY1NrVJWsPKRLS2q6wJwRrSjdA6jA9Be/GM2fs1rR3iFB26PS
+bPlmh2l8UAeBZkEoyZni68xXU50MsZRv7+sXAgMBAAGjMjAwMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFD8AAS3xMEtgo7AwbKsOk/4BWIAbMAsGCSqGSIb3DQEB
+BQNBAJvBttnfLLEd3doUGZSzfBLpM6UutcCCHUV6v3O5MHSd825+TPON7Sr4PzkE
+76T94/zLuh8qHa3z+Wg59G0fahU=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/ca-public.gpg b/tests/cert-tests/data/ca-public.gpg
new file mode 100644
index 0000000..b723a56
--- /dev/null
+++ b/tests/cert-tests/data/ca-public.gpg
@@ -0,0 +1,14 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mI0ESCeL9AEEAKkKkm7GHWCDcH8czhIJ/6SlWvVfRkztA4hg3KXLGe4TD9I+yHg6
+XNKuu2tDVJOsLCtpIzqyBz+Ov2nJs893c4aTInxFFXTs99pWxiEl77YegcnC2LNz
+QurUszDYjEm6cU/cI/M4vqLf9CtnnThBsiOvM0YwjuQOviEjVUth/4KVABEBAAG0
+SUNlcnRpZmljYXRlIEF1dGhvcml0eSAoRk9SIFRFU1QgVVNFIE9OTFkgLS0gRE8g
+Tk9UIFVTRSEpIDxjYUBleGFtcGxlLm5ldD6ItgQTAQIAIAUCSCeL9AIbAwYLCQgH
+AwIEFQIIAwQWAgMBAh4BAheAAAoJEFivn820S0CBo/ID/jizo8QzauEbbRitHLjY
+vZhvwbH44m3mNqehxHsPxYJFGvtlzs0kXWcHoO9jL86zPHJRiy+iIEU58HNaH3za
+BqJ4LAqo/yl57uP/RwPP0O+vPYgP0UmfyJX/n9DnTKG1kjA/m/2HmIgSxNx8jBb2
+J0tdVShq6fYGS2dRQRbq6SCi
+=1W5B
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/cert-tests/data/ca-secret.gpg b/tests/cert-tests/data/ca-secret.gpg
new file mode 100644
index 0000000..0534400
--- /dev/null
+++ b/tests/cert-tests/data/ca-secret.gpg
@@ -0,0 +1,21 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+lQHYBEgni/QBBACpCpJuxh1gg3B/HM4SCf+kpVr1X0ZM7QOIYNylyxnuEw/SPsh4
+OlzSrrtrQ1STrCwraSM6sgc/jr9pybPPd3OGkyJ8RRV07PfaVsYhJe+2HoHJwtiz
+c0Lq1LMw2IxJunFP3CPzOL6i3/QrZ504QbIjrzNGMI7kDr4hI1VLYf+ClQARAQAB
+AAP7BCvyxRSTEFKi4b3JSrhf8t7lm07mKksigYjAatmgpdeaSTPYi/nTi7VMgnjN
+wZVn0D9yCazWKts5pC4nFGYY6scTr9tp4k4U/79PXWCmTQjAQeAv/gFn9ZHk+2Js
+c7ScZ4gr/ZtyY7UUUxOrAPA5wCmei7GchD/AgCRs0IF6akECAMz88+bjsFUomHv+
+6gfaNFT3OzZoS8NNM/aBmFKmPrBEUBaRdQ0lcIEsUlK2yGXsAJvQue57lwWNsxN4
+FohDbNUCANMblEVSUOamaFLx+DyxCf1xm2r5n0jkH/nAKEJur0vozcIF6qTgN8vf
+Yj5VfuIFHrQ1LH7SsBpIrAakm3WDnsEB/1AuVFoRuYSS4DH60fWhD01CJaEe8/Qz
+eTRorHpDO8MGVoV5EViNO5vF9u0wkYQS7H4UAlhrUcTJNP9/SBIaF1mhubRJQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5IChGT1IgVEVTVCBVU0UgT05MWSAtLSBETyBOT1Qg
+VVNFISkgPGNhQGV4YW1wbGUubmV0Poi2BBMBAgAgBQJIJ4v0AhsDBgsJCAcDAgQV
+AggDBBYCAwECHgECF4AACgkQWK+fzbRLQIGj8gP+OLOjxDNq4RttGK0cuNi9mG/B
+sfjibeY2p6HEew/FgkUa+2XOzSRdZweg72MvzrM8clGLL6IgRTnwc1offNoGongs
+Cqj/KXnu4/9HA8/Q7689iA/RSZ/Ilf+f0OdMobWSMD+b/YeYiBLE3HyMFvYnS11V
+KGrp9gZLZ1FBFurpIKI=
+=1M8/
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/cert-tests/data/ca-weird-keyid.pem b/tests/cert-tests/data/ca-weird-keyid.pem
new file mode 100644
index 0000000..6ecfef4
--- /dev/null
+++ b/tests/cert-tests/data/ca-weird-keyid.pem
@@ -0,0 +1,49 @@
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00:D2:08:1A:82:A4:27:85:2B
+Subject: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd
+Issuer: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Wed Jan 31 10:23:01 2007
+	Not After: Sat Jan 28 10:23:01 2017
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	c6:94:06:28:a7:51:24:39:b1:5a:01:54:9b:50:d4:
+	17:0c:4d:df:ac:42:00:07:e5:72:30:dc:88:2d:82:
+	16:80:da:23:47:a8:46:7c:c8:88:4f:0f:6a:d2:b4:
+	86:97:db:94:87:85:35:2f:51:e7:1c:33:7e:6b:1c:
+	00:07:1b:bb:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints:
+		CA:TRUE
+	Subject Key ID: 
+		7A:2C:7A:60:97:46:06:03:CB:FB:28:E8:E2:19:DF:18:DE:EB:4E:0D
+	Authority Key ID: 
+		7A:2C:7A:60:97:46:06:03:CB:FB:28:E8:E2:19:DF:18:DE:EB:4E:0D
+
+Other information:
+	MD5 Fingerprint: EF:6B:8B:10:03:E4:5F:5E:76:AA:A9:88:8A:6E:03:14
+	SHA1 Fingerprint: 7C:7C:88:BD:34:5A:EC:F1:3C:6A:70:92:76:73:1B:59:32:DA:5E:74
+	Public Key ID: BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41
+
+
+-----BEGIN CERTIFICATE-----
+MIICKzCCAdWgAwIBAgIJANIIGoKkJ4UrMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDcwMTMxMDkyMzAxWhcNMTcwMTI4MDkyMzAxWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMaU
+BiinUSQ5sVoBVJtQ1BcMTd+sQgAH5XIw3IgtghaA2iNHqEZ8yIhPD2rStIaX25SH
+hTUvUeccM35rHAAHG7sCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUeix6YJdGBgPL+yjo
+4hnfGN7rTg0wdQYDVR0jBG4wbIAUeix6YJdGBgPL+yjo4hnfGN7rTg2hSaRHMEUx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDSCBqCpCeFKzAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA0EAv5CpU4DykkfMcy1BLbsowb/7YritEudYemW3cOMg6q92
+tc8eEDBjIYcVccHJMM27fTKt7AIDUiHUysFFxclcww==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert-ca.p12 b/tests/cert-tests/data/cert-ca.p12
new file mode 100644
index 0000000..cddde70
--- /dev/null
+++ b/tests/cert-tests/data/cert-ca.p12
diff --git a/tests/cert-tests/data/cert-ecc256-full.pem b/tests/cert-tests/data/cert-ecc256-full.pem
new file mode 100644
index 0000000..ab16d16
--- /dev/null
+++ b/tests/cert-tests/data/cert-ecc256-full.pem
@@ -0,0 +1,68 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 07
+	Issuer: CN=GnuTLS certificate authority,ST=Leuven,OU=GnuTLS certificate authority,O=GnuTLS,C=BE
+	Validity:
+		Not Before: Sat Sep 01 09:22:36 UTC 2012
+		Not After: Sat Oct 05 09:22:36 UTC 2019
+	Subject: EMAIL=none@none.org,pseudonym=jackal,title=Dr.,UID=clauper,CN=Cindy Lauper,ST=Attiki,OU=sleeping dept.,O=Koko inc.,C=GR
+	Subject Public Key Algorithm: EC/ECDSA
+	Algorithm Security Level: High (256 bits)
+		Curve:	SECP256R1
+		X:
+			3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30
+			5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33
+		Y:
+			3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa
+			6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Subject Alternative Name (not critical):
+			DNSname: www.none.org
+			DNSname: www.morethanone.org
+			DNSname: localhost
+			IPAddress: 192.168.1.1
+		Key Purpose (not critical):
+			TLS WWW Server.
+		Key Usage (critical):
+			Digital signature.
+		Subject Key Identifier (not critical):
+			acfa4767c61b41791257f7ac05c150e28ed00e5b
+		Authority Key Identifier (not critical):
+			f0b481fe9812bfb528b9644003cbcc1f664e2803
+	Signature Algorithm: ECDSA-SHA256
+	Signature:
+		30:45:02:20:28:2a:e0:24:c8:9e:44:50:d4:36:85:a0
+		8f:30:9a:ed:8a:3f:ce:38:e4:d5:91:5c:aa:2e:6a:0d
+		96:25:21:73:02:21:00:c7:82:b1:6a:86:49:35:57:c1
+		05:27:38:6c:0f:57:4f:3f:f6:3a:7a:60:01:9b:ad:52
+		88:4d:35:bf:ed:99:11
+Other Information:
+	Fingerprint:
+		sha1:8c6802792736a5ce00e75b2095626aa13ca0c0c0
+		sha256:222ddff7f65043153f439d4e2b74b87f9e366d96a1506b5ad3e8e0f1bb95da9e
+	Public Key ID:
+		sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b
+		sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433
+	Public Key PIN:
+		pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM=
+
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx
+ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV
+HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu
+b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G
+A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC
+ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4
+bA9XTz/2OnpgAZutUohNNb/tmRE=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert-ecc256.pem b/tests/cert-tests/data/cert-ecc256.pem
new file mode 100644
index 0000000..3f5cbc1
--- /dev/null
+++ b/tests/cert-tests/data/cert-ecc256.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx
+ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV
+HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu
+b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G
+A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC
+ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4
+bA9XTz/2OnpgAZutUohNNb/tmRE=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert-eddsa.pem b/tests/cert-tests/data/cert-eddsa.pem
new file mode 100644
index 0000000..dd32801
--- /dev/null
+++ b/tests/cert-tests/data/cert-eddsa.pem
@@ -0,0 +1,46 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 5601474a2a8dc330
+	Issuer: CN=IETF Test Demo
+	Validity:
+		Not Before: Mon Aug 01 12:19:24 UTC 2016
+		Not After: Mon Dec 31 23:59:59 UTC 2040
+	Subject: CN=IETF Test Demo
+	Subject Public Key Algorithm: ECDH (X25519)
+	Algorithm Security Level: High (256 bits)
+		Curve:	X25519
+		X:
+			85:20:f0:09:89:30:a7:54:74:8b:7d:dc:b4:3e:f7:5a
+			0d:bf:3a:0d:26:38:1a:f4:eb:a4:a9:8e:aa:9b:4e:6a
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Key Usage (not critical):
+			Key agreement.
+		Subject Key Identifier (not critical):
+			9b1f5eeded043385e4f7bc623c5975b90bc8bb3b
+	Signature Algorithm: EdDSA-Ed25519
+	Signature:
+		af:23:01:fe:dd:c9:e6:ff:c1:cc:a7:3d:74:d6:48:a4
+		39:80:82:cd:db:69:b1:4e:4d:06:ec:f8:1a:25:ce:50
+		d4:c2:c3:eb:74:6c:4e:dd:83:46:85:6e:c8:6f:3d:ce
+		1a:18:65:c5:7a:c2:7b:50:a0:c3:50:07:f5:e7:d9:07
+Other Information:
+	Fingerprint:
+		sha1:8b011a41d9b72f9848b1dcbd3a038fa8c9d0a536
+		sha256:180516f0a03e4893d234a28f3ad28921bc35d1b12bd35134847240dafb715a11
+	Public Key ID:
+		sha1:fa752c35cb9a51d2069147e6e682155aaf2e5836
+		sha256:291c5293e030452a599851a7c7298f3f16c3ff1bdfafcb598927f2631f9fa641
+	Public Key PIN:
+		pin-sha256:KRxSk+AwRSpZmFGnxymPPxbD/xvfr8tZiSfyYx+fpkE=
+
+-----BEGIN CERTIFICATE-----
+MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBU
+ZXN0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYD
+VQQDDA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oN
+vzoNJjga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQE
+AwIDCDAgBgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EA
+ryMB/t3J5v/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3O
+GhhlxXrCe1Cgw1AH9efZBw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert-invalid-utf8.der b/tests/cert-tests/data/cert-invalid-utf8.der
new file mode 100644
index 0000000..b6b45e3
--- /dev/null
+++ b/tests/cert-tests/data/cert-invalid-utf8.der
diff --git a/tests/cert-tests/data/cert-rsa-pss.pem b/tests/cert-tests/data/cert-rsa-pss.pem
new file mode 100644
index 0000000..ffaee16
--- /dev/null
+++ b/tests/cert-tests/data/cert-rsa-pss.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE8jCCAyagAwIBAgIBdDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwVzELMAkGA1UEBhMC
+Q1oxFzAVBgNVBAoMDkN6ZWNoIFJlcHVibGljMR0wGwYDVQQLDBRNaW5pc3RyeSBv
+ZiBJbnRlcmlvcjEQMA4GA1UEAwwHQ1NDQV9DWjAeFw0xMTAzMjUwMDAwMDBaFw0y
+NjA2MjUwMDAwMDBaMFcxCzAJBgNVBAYTAkNaMRcwFQYDVQQKDA5DemVjaCBSZXB1
+YmxpYzEdMBsGA1UECwwUTWluaXN0cnkgb2YgSW50ZXJpb3IxEDAOBgNVBAMMB0NT
+Q0FfQ1owggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCdFhq+ScQXepAA
+0kp0IwF/nEv+Md3Wx41Y6WRJkTVVyU6CFPlvr/F6XLGX/ILJtM8QL97CgojDVQbE
+ccNxUsZ+yjtB4n52ttWYLBN5nktJksP2aBVMu1fqoyTqBhaf0JtkpQjWKNVJYbUH
+k2pXkzGUJ+YHG04jOEYIKNclY82f1Ho1Wd7di4gZ1LCBRTzIU9JVPEMOZdmLx1qQ
+InOWf8deZ4Gmkj5UqzXt7vGQF/TbIedhmfnbulvyHN3UEDMZgVgzkF2fIOaBwu5s
+kfo8e08/J155hZIJtUjXk/moLF8U/4ETo7qER1EkoJ9KIRIvoPwPk2QAI4JP0Hd6
+GgUMEsz0dmTxKHcJZAWXcDaKcwTrG7/xhPTAffdOZnTnOpYQPcKmjUvogqY839VQ
+mwYyo+s51tVrAIe2YcdHhIdBY5SLOhHsDNadpRrBYIa8vzUgtfUH50US7dZuwUu6
+WbUiQu5vmDjvGEUa7F6eehCCf9xXkbPJZoE63t/NJYvHSFa1wDcCAwEAAaNhMF8w
+HQYDVR0OBBYEFOuhT488aYrathCbEjUoztRlSghZMA4GA1UdDwEB/wQEAwIBBjAa
+BgNVHSAEEzARMA8GDSqBS7cYAQEBAYnKmXwwEgYDVR0TAQH/BAgwBgEB/wIBADBB
+BgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0G
+CWCGSAFlAwQCAQUAogMCASADggGBAEcppLLH0xAkWXbBMXDa1hwqOZfKVdoUVDNT
+G20V3VbDT74R2yFCLWBge9rr7S2LfF/w4Xrl3kyZ2Tn0dYoOmBcqVzH6nCYrniGx
+apPmSkAexI/bjW55BOMe6CVI9qdKayqm99om/2+R+VSAKaopwOKn9IQ+4itNA0VI
+0ZDHbI/pdJClRZ0OPA8DREz7+hZWMNb7S4aAYGdd1fLo0uDKf/siFkUUfkpBtkgr
+4Enb1e8NMU0a5abpI25NgURB+OWhfArLB9jFmnlql6TZADLZfw49bEmr4KOddxyk
+toBmFgu4/uQXcukNWB487iREvEPPIL7A90W+W3ymtlol76SChKKBGexaaNA1JW+O
+sRxoN5FnXTBhyRm96lZOfvF7SjCQHMCaIeYaQ4ajjPJgxB0EbyyJMeSrjh4yJPEH
+pKc3AM9MUCxC0LO/qb5oBio8TQqHYnpyvp2CsvPSezPGh/40hxsKTL8GqTxB5m9G
+g6qpdcDQxM6VtrnTh08nMjaKnfXVJQ==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert-with-crl.p12 b/tests/cert-tests/data/cert-with-crl.p12
new file mode 100644
index 0000000..d1fda0e
--- /dev/null
+++ b/tests/cert-tests/data/cert-with-crl.p12
diff --git a/tests/cert-tests/data/cert-with-non-digits-time-ca.pem b/tests/cert-tests/data/cert-with-non-digits-time-ca.pem
new file mode 100644
index 0000000..722a0b6
--- /dev/null
+++ b/tests/cert-tests/data/cert-with-non-digits-time-ca.pem
@@ -0,0 +1,70 @@
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQY8Mi35RmHbQSpWR8XD7V+zANBgkqhkiG9w0BAQsFADBt
+MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDVEo1MQwwCgYDVQQKDANUSlUxFDASBgNV
+BAsMC2JlaXlhbmd5dWFuMQswCQYDVQQDDAJDUzEfMB0GCSqGSIb3DQEJARYQbGpm
+cG93ZXJAMTYzLmNvbTAgFw0wMDAxMDEwMTAwMDFaGA82NTY2MDMyMzEyMTIzM1ow
+ajELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD
+VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEaMBgGCSqGSIb3DQEJARYL
+bGkxQDE2My5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDUWAVE
+VHGqn3tPc+kJTGwXpsiD+pwu287ibcwa7nlcQ8KyrwbS/7dnhK3Mpz3jjkbk9Zqw
+Ju8R5ku9hEsSX3ZW7KQYj+jqVWVnLNlp5j0a1G2fdB7vn0ORtj9GgFAbKn37cXqo
+6G2EyQ0NXhpOiwUtQXSnhbMUUJal2jMSaSGSKyyex9lDrZfSzQ164VIvMKz49kPB
+Z6EupA0E6QkwZ1a8wGthdhQ3tJrHt0jcmBVpJ5mo9zlvX7ErsK4prXgJvBQR/IRc
+YhqYHxsKLq/mgjezNqy/WoPN313HxDG8YETy8m9BKWI5OLBHIr0kahmBFumttlGa
+a4rW+w2NZz8jtrnkM8sFSEoegO7xA8JZdO6O3mSedWOiA2zEuT8hQqkSYDSdZxOd
+J1u/mdyumLErXquenaMTAHb0lviNc7llZqDKMJ8yfROZwv9PDCs3OBGOttr3MMRT
+JHN5f4ZStqx6unV90Rx8QIh8wstG3c/QrJ4lBS+c72A6bMmxLpiTg1+CjG9ntgvC
+mspMbVlu710Y7JHcAuq9RSnR0Nv31AGjOZEpKAGpUfzoVf47GYV38VpLskgy0tiA
+Tesse5g8rUE9ozwgj6B34qfNdPxCmv6UkLYxU/CLpw2cRKT8hShAO8zDfgmU9262
+ctTdrVU3PsSwMs7F8SlG/9kWq6HgqaBPadCsRwIDAQABo4GkMIGhMB0GA1UdDgQW
+BBSSPopRSpZMfPAxCvUPCu4TZmh38DAfBgNVHSMEGDAWgBRyFaB24RFh9c9zf0+D
+YA01twtiWjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjA7BgNV
+HREENDAyggdhYmMuY29tggkqLmFiYy5jb22CB3h5ei5jb22CDXd3dy5iYWlkdS5j
+b22HBH8AAAEwDQYJKoZIhvcNAQELBQADggIBAJwtzZT7z1eImP8a7GTnfbPYu8k4
+kdbGnWSyrEr8x6UjZQLCa1DXdxKkms84yCW1QM5vdKody/Sz1lvETPeTgpXRLlcO
+i/75L+Knz1asfz3D+SO/YCSc/VF27GnkKyjFlt7LUmHuFUQoprpCi12wJ0IJP5D6
+AQarnWuS2AA4op0exLrK1+BonYyqH//QDt5jhUJFEKQVgckHOtVOklHmazplr8bu
+JzHz0+C7mDtZbLXoBSgZIFaVCSk4uxsf98QWOxKQURUv8gAhHLOo/QlkyqiiFCaN
+1Se0Zp16pegTxs0qS8qY1pLgw4AO56ifG+LcOmYminbAZtApmiOvtxf8JAw5Twc8
+6gLRlq2cv/bY55hZde4uvUzC/Te/zENu9rlv7qQqQ9jS5tiWZjZVqhEt275KymBT
+4855pB+8oGb5Xznl6/AzmxUbOmRX1q5bbv+11ZscRtUp3XD3gA5Y5UYBF5UVICcb
+zTVUNDgaUjyuXIiF/ZFtbcxX57PfIqKHP3A2XseUhpN3qFSWb29BsTAa7E59s8pL
+0m/aftSXF1g/8q0IsHFuZRv4l+eyYWJhwtQTY9TTHnjYJbljcwGtVjYuAfMB+eec
+beH0LdKLVbOKlMPySiqy18cKDkwQ1wTPqoZnz5/mKRr5Hpt/RKSe997NjIeuJZl0
+W0ebRMo2T0FNhUhm
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQY8Mi35RmHbQSpWR8XD7V+jANBgkqhkiG9w0BAQsFADBt
+MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDVEo1MQwwCgYDVQQKDANUSlUxFDASBgNV
+BAsMC2JlaXlhbmd5dWFuMQswCQYDVQQDDAJDUzEfMB0GCSqGSIb3DQEJARYQbGpm
+cG93ZXJAMTYzLmNvbTAgFw0wMDAxMDEwMTAwMDBaGA85OTk5MTIyMzExMjMzNFow
+bTELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD
+VQQLDAtiZWl5YW5neXVhbjELMAkGA1UEAwwCQ1MxHzAdBgkqhkiG9w0BCQEWEGxq
+ZnBvd2VyQDE2My5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+
+WcvCnpCA78zG1ZkRhiIPjPEmFx3PHaX5f+KYod68qvCqsRGsB4n7rQS2ljFUZ7MY
+4GNWtiMZANdWMuOrnkT0sNmtQ1aXWh+6lMUKLr/690SkKMbKU1y6OTfGBntau6em
+1djv9Q8fYmapdne3tr5UNTJBvqc5qivWiF98XUQdp8qGKLYfF0NOxkreD6u4Pddo
+/6PR5pn+nbgCHkDFmVGL+0DtZzC+K/NQbKpmP4/Zpolf1C5wPpxWPpjDl/yRSctC
+qX1G0WGyB8/w/IR94Gx3rDmA/NkZMP+4tXBFVSoz0XJpdNqCtwxCkl6NqLpMN0gp
+XrU78ToNnTiUW4zoyIfKBSlXRkPd4srgB8gTO3cHqJkSmzt/gFMnbBP1gNV10R0P
+KzbNuV/uIHx5wGYJIW8w9fL8hKrCYcO5Yfq3VDGy9Lr3/5QFYI36oPLIw0cZS/i+
+NyPLYT1TN/o6E8dtnsz1AY+VQyriW44CB6J3tlfrGLigfP81rsaQpcGd+W+0ntyc
+cWpzRKwwut3I9CJSGjRuwHfz0n6Fk+Hoj+i+Qv6h/y7+KwqjDMMHIrbieBhUwQbm
+Hlyj25IwyvYc6OOBymAyy8pUByAC7QWw4KxogDol6165iAubaupDxkDQXKr/IMmj
+pCcTBDmVwhStVBDCD6Lo4HhxDE5a6IA4DSxdWIV2iQIDAQABo4GhMIGeMB0GA1Ud
+DgQWBBRyFaB24RFh9c9zf0+DYA01twtiWjAfBgNVHSMEGDAWgBRyFaB24RFh9c9z
+f0+DYA01twtiWjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA7BgNV
+HREENDAyggdhYmMuY29tggkqLmFiYy5jb22CB3h5ei5jb22CDXd3dy5iYWlkdS5j
+b22HBH8AAAEwDQYJKoZIhvcNAQELBQADggIBAFYRDs+WyMwr8rPCkzFHnMK0ePfD
+cWc1O1L02foAePXEicrqQwv7JnsikBsx28E0T+mjqFU+7IIq7K+T0ndlEfax96Gi
+j3H8zfwAG10JBFMjsFtdo8Hq6Q4CeMu1D83NPhQacZ1lOdCp/ZUdRvlcveeBx5VX
+hFel6erfsR+6GX6I0b2Z9qIBKwmpxLcsPkY60RuazvkSf7xAd4eNJ18vzdo55J1c
+x6mJK+c5J63a/IW6rjEd2v6URwwlbOyuRSurXoETMxYwuxs7pBnxA3MRU/OWIaCy
+fAO+2ao4qn4WNo4oGo1BJBaX+mQJa+NwCw2F+sRqGZ+3ooSq2bjjXrLxiytr4b+o
+fUBiCzhZLOGaRubJXlWp39dgLf6mo3ajjYPhTUtlqv0ZfX97C7xEXitNY3Dy9aqe
+NnQn2+u2dkzEMTc+zW5i+xkByRhoSXY5AhYDdyd0Qtuk1T8sRs38TJmavr6/H6hv
+6FGrmgqFypmsVy1LdRAn80yVBce1t3eWcgVnTND+wSS8mEj9rHS4th4sZbwwpVWJ
+Z0cJSFnqSLMh7ZrDyzcKFUhgdU7GxuaACxIbBt3f5pCp1QDKffb3kVG333l/OLqN
+2qYOTP6iFf3JpKttNvaSA9Q+GNk4t/8ozZW6lfyz+uDfmQecEgAv/u1s1brMgQo7
+TQ/vJrJvgyxVSgOH
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert-with-non-digits-time.pem b/tests/cert-tests/data/cert-with-non-digits-time.pem
new file mode 100644
index 0000000..9927695
--- /dev/null
+++ b/tests/cert-tests/data/cert-with-non-digits-time.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIFQDCCAyigAwIBAgIRAPABuQ6DmexEq0k9QQaewMUwDQYJKoZIhvcNAQELBQAw
+ajELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD
+VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEaMBgGCSqGSIb3DQEJARYL
+bGkxQDE2My5jb20wHhcNICMwMTAxMDEwSTAwWhcNMzUxMjIzMTEyMzM0WjB7MQsw
+CQYDVQQGEwJDTjEMMAoGA1UECAwDVEo1MQswCQYDVQQHDAJUSjEMMAoGA1UECgwD
+VEpVMRQwEgYDVQQLDAtiZWl5YW5neXVhbjEMMAoGA1UEAwwDTExRMR8wHQYJKoZI
+hvcNAQkBFhBsamZwb3dlckAxNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArXvIlHbQRwFvnLFz2dsnbPBgE8WIDRpIIpRTWJL+pdi/duUcE5Xn
+VRNA0lnlYBOl8igItyFudUC4o45xa0Q9Htd8hisbdaHpRpdTRUUpljH9rOOWOyY0
+aqRJ0RrU2ayhJslTH9OBBg1ZaatMYxI2u8Bz1MJrtsCUcvymScT59QAYI17ZAzI5
+ouqUsn3F5BgiU53kdm4ubfKts2su/sUvM9BN03+/p2o/50FanBVrRMHAUs2p65FM
+yFtNwqT77ZpO9BZdEOV3KSRJRLbZbELoanMQ0txztznWI6PULTenf8eR24dQscqX
+N38Qk+SGwp/lu/6qLN916oY2WFTRGrnCcwIDAQABo4HPMIHMMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFI0Gz1ruYze8+EmA4MZ06BPU0AsiMB8GA1UdIwQYMBaAFJI+ilFK
+lkx88DEK9Q8K7hNmaHfwMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
+BQcDAQYIKwYBBQUHAwQwKAYDVR0RBCEwH4IFYS5jb22CCCouYWMuY29tggZ4ei5j
+b22HBH8AAAEwGAYDVR0SBBEwD4INYWJjZXd3cnd0LmNvbTAMBgNVHSQEBTADgAED
+MA0GCSqGSIb3DQEBCwUAA4ICAQBvx+Z8r/YjdhvkV5XbnRan25H7afvfg3aFHDGW
+q2WxNEKynxvdM9TEQtbQXJrWRj9sXXRohaYxObuAic+gYdTOrsYtk48gENG6GH4s
+fxdX92XeWm2wUr0KXKOu+Mvtj/egk0bEMQloZe/tkjeOLAGzrJetXyGtxgIA+/XI
+E/AyyNULHYFATZWx/XD0Q1s/VOZttPn6FG4qi5UogM/XqqCQbZ8C/DSj9RltQi02
+IGmr+CCS4Y9ACHq3HT9YfSFMPV+7OwC/fegLadsd2Bk6TwAi+WNs/48M/LATAsnH
+MxFV61T/qHuabPNfmlirpe/ooMWEIAoKKvxght4CztYRK5QZA01BBgqePur4wqAw
+JeAp0M+bFWEDvt6xRiijmb261WRTM2C5mqnlQFJSdZ6h9MzerBph4Zvl3USXzEMb
+hXPSeIIA7TwEWeH3whqP6w6NnmcS94jCgXnmvv9uInSc/CAKz5h2HElLQroP1Mmh
++KnKOAiSQrr0vyuGjZyxebu7E5RWWS//G2FJrG+2WyOAq0rml8HcjWtZu0I54xYq
+rk0SKXpUBAvLbXky9rmAM5MinasHDBnUe7zTjlNuathI+5SPJ83PK/d+0HF6zzud
+nvjqR+fWa4N/3jZ0DRquE1gEUWkK7jLegPalIZiLW064nfi6j2q6HP8eiyHarnA0
+Mnwt2Q==
+-----END CERTIFICATE-----
+23sYiex6zj9qXDX7tsiuPs3HIxTXw
+dBVaJ01yeo+BlyX4SaxmBRIvtothzDDdXmQ/9MfS8qW85vQV9AcgGRb8fqxIHhwb
+FgzeYzpehR0pEAss2XZK9Q3hPLKwX8sewiDy+0tLyYayYtOqeSutaNbSMp17zZZu
+x/GScbHUTGEw76nmElECOVw5VQAGpbQSsns0MRp3gtr6XZKA2LUv7eiolwV4i0e5
+zBfb+mUzVBZMVzGJhXyBExl8rx46EkjmfIoblvoipIm0hAN82HE4D6VDb1v695kC
+WR7seI3gUBku6KornLFW4sIwNznvlmbOl3cRtOU=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert.dsa.1024.pem b/tests/cert-tests/data/cert.dsa.1024.pem
new file mode 100644
index 0000000..ffde3b6
--- /dev/null
+++ b/tests/cert-tests/data/cert.dsa.1024.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAxGgAwIBAgIBBzAJBgcqhkjOOAQDMGIxCzAJBgNVBAYTAkdSMRIwEAYD
+VQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQI
+EwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExhdXBlcjAeFw0xMTAzMTkwOTM2NDVa
+Fw0xMzAyMTYwOTM2NDVaMGIxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGlu
+Yy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCHc0on
+PSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXCNjmetDFkPSO2R3MkruD4
+MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6pLU4I1NWlekKUBAjQP2pl
+M3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0sPS7m+gJzXCJ6brM/y4i
+SyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9fztMLhhxLaMvygncP6DOI
+xpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWemWnGgcKSzkMStlGueW1ln
+FkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9IzhQDkxDAADgYQAAoGAD9H2
+GeDcrWnvl5vO9ENTwupJCNwxyi8ZyRLnSqkc7jL2muQ2rlwt9C9iH2/dxgXIkyj3
+fywCuhHFZ14iIKf1NXk6s4DY8ygIyUSEQYO9GtrW2Ce9XURzlhanRsN7iK9R7vSG
+UJNKs8ktFj+wA15oQrAKhzIgoMKx8vwmCKPedBOjWjBYMAwGA1UdEwEB/wQCMAAw
+GAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNVHQ8BAf8EBQMDB4AAMB0GA1Ud
+DgQWBBSnoCL+rwEPOv1vhYgslR+kUMSL+DAJBgcqhkjOOAQDAy8AMCwCFB3lEUnN
+aj8lo32cDbzEpW57/AQoAhRTSD7Wa9deWKRjLgfMlG8C3S9fkw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert.dsa.2048.pem b/tests/cert-tests/data/cert.dsa.2048.pem
new file mode 100644
index 0000000..2fa5a5f
--- /dev/null
+++ b/tests/cert-tests/data/cert.dsa.2048.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE/zCCBKSgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV
+BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5MzY1
+NloXDTEzMDIxNjA5MzY1NlowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g
+aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIDRzCCAjkGByqGSM44BAEwggIsAoIBAQCi
+UUKxOjIvSH80td9feC2nJ4/LHxHRMluH+VVyoNeUV9nNEPw/bXgyb4PurCeeV58U
+NZdgykYpGlQnEuCwysewpUrt+XCbQvfeBAGDCj53Hof+9eHNEpMuS0hC5dzfG8CI
+0aycUPP11Z9GteTPa2Z/c6R6ZviPAhowowNoIoXFcEeX1ga2BZ2nhwDWvNwuMbVB
+4tWXdvDWGc8gD4NZp0UcWu9Wf79VBVdQ/EuItW3qCbsepjSTmMIq3BdQ78GNZVBk
+7TWsDZ03RvWqUU7iSa4gnjEvvckxjaWvLHyR+XmU2QHl0iiG46YgBdOHWh28H71f
+bkOkk18cQhvnI0JeGe6pAiEAo3fbOghNRsds7ncGGUYdO7ZraQI4jaRO4hWUAQXv
+nu8CggEAXVxEUmcY5RbFFraJEnDB8UXZCpT3MTiH+hFMs3gS0uFLRBoB3VPtOWVv
+N2qryoiCJTdfcqe61NYBPsCuHid9Iq50uLW+3Jp/No66usJOAA0moEh2ZvTZD0ge
+uvb+BAKkeC0EuGIdfaPMY2FemZTS5GHD/JemxVC0TeB/1uxqS0dzp0ThCv1hBSQv
+8ZHA7RP7NUV2do5AZouVZCOsbObva2G3L7nDhZ4as5b0r6UFEtljTngLds47otFU
+uXXyS2/9CJQTMRRmqPlJb01QkIKvI/UUS7THcOEZopvcnkGgddEImauqxWmNkEf2
+UwuLug6VCJxDhxbinQgjjqdKbSiKqQOCAQYAAoIBAQCdXxaMhARPsbV2l4tC7hTW
+WFK7bPnWoQ8s8Lj+3qQMbPdoFQ1DFoqvzmHHvrkz4RUVcVvEj7sfOWCJc1Ns9uV9
+rNxLaPD4ws4k12UXc4rTWtTlhE0NNm7yE9bskcMnse2qrfAXUjOGupsSIpfGfD02
+VY61DK1W4fUSiszy1W4aDQFFXM8w2GJXr74ElOqZmfwZr7jZCl/9ngond82NgC8g
+r9Nd6wb1EFogAlFJPyOE9lCbTL2TSfD77Q7odWPvuJzux9sxBeGloT3AZoOPJVbw
+QoOwOztZlkxaQj5TC3DLiOSy/xLXc8KEkYcoKDnpx5O0Hu+y6zfpggEHrgkcCB9t
+o1owWDAMBgNVHRMBAf8EAjAAMBgGA1UdEQQRMA+BDW5vbmVAbm9uZS5vcmcwDwYD
+VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU0yaxv0sPrcQamskx4unRfhuHJl0wCwYJ
+YIZIAWUDBAMCA0gAMEUCIQCZDVfyCOZ/suQ//O05ym+CF8zeeopQzTk8BeRhVsGE
+MwIgHlxKUXTEtVjS9TVQXGAy7udUJM03YP1Bj7eAQXaHiP0=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/cert.dsa.3072.pem b/tests/cert-tests/data/cert.dsa.3072.pem
new file mode 100644
index 0000000..d7f89e6
--- /dev/null
+++ b/tests/cert-tests/data/cert.dsa.3072.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBiOgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV
+BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5Mzcx
+MVoXDTEzMDIxNjA5MzcxMVowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g
+aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIExjCCAzkGByqGSM44BAEwggMsAoIBgQCE
+H2+8EXX8Bs8D50phIndqugwyxZJusN3luAhf7Bkc5YCH8klfBan6zB5c+XC/CCWx
+QpsDE7rhbG/zOXO6Jk2Z9DKSisbheFRW0IpISPXqFrwwXLC1ZRiAfNR0nluLprnN
+6SCWIMV/PyHVHrPOMYMpV03PBkNURU8iwP3mTD06ilI0AQBkcflw709Ljj7V1ayz
+UAvYMTJ8wxsq7OqTKXUr14XaziP+Wbhk5kaj1jDuEbUNpHjdifYkD7IrO7Sxxd1t
+lrOJLJ4U9IFTzQ+CUzBrD5IqC5A4QZlhTfVupe3rxLxtGqu24W+p54AtJrLzOayR
+6invsnNYS7hHxISRZm948d+GcxqXHLhF1dEKKxQiKonW7wzVE/3pHu372czJ8P3V
+/BLCoaRFZKvt061gziluFJU4d8FpO4O3u0aUYqBf99LTImvv7VNaZ/EHHccSUb/S
+Ti/YLrit1848wP89ouDKdJyWWTJLAxuNfc3s4DPkv4xrbpBMMnPX57DkQiGNmhUC
+IQCSfYDnitbQRwMDhEKqqWMc5k364ppkUTGaaeA+o4DMCQKCAYBlbDF8CN9LIO2D
+fVAGBAZeYN4yJZuACJTXD56ZFgRMATXt6vhOIJDEWIo0+9Zl9wIlKOVDQnubzwI2
+li5xSvgmu9/qpksDU3Yd9OAw/Ni5qFelbU7aqfkczAsDPZkWleo1zNTKX2S64jmn
+jkY/Cxst1VCpmei7kcu1nllxUNCz5dAjHE5vkDNdfXzYU68MpBoEqmkO1jRIRIjk
+cNqMJd2te28pRcLS+uWXaUDYLayOEJNVCUmTo0FaxOvG3rRgQXUtw9BQJrRte6ig
+R3vdOT4WeqlhF0KJKZ46h3Mm6aiDgmQftRl7ml0gjrpOjmbDI/ettbGV3WBJ2ib+
+WDsGmkRjozpj7bwhffwpZEdSD7Wpeqemf8f4KQsacOwnYxqojScZ+g9y1P3TeCyd
+6+TFe7zE/a8a52129Dm85jmUWEkZ+L+3PwE0yccaaNCenK0Yjxv414OM4AMZZ/AN
+vBJK1rX3aFcwWaPvmuyU0j6gu6uhFwlvbw1U2mj8/fTOdO/vhxQDggGFAAKCAYAU
+qnAgGuLNJxfdcIBhP0flKntaaVZdC9BlMUjkU4na0knvxLlGvTFVbre6Pxzh28Er
+Qn0MXkL9Nim1aLoN0Qf2OKKtdPyUqsItKbxp11oJkKdfypFB7hTY31vfzwyJvMY5
+h8bVERDCBbAeIC8K22YhC8Z8beObBO2Cq6akxoOaFMK9CSB1tfD8R1kwWIdAU6XT
+Le6IYlIT+/eO2cgirdKqZAU+wfIYzGOc+ssZlPB8celicXUMWEcNJzyof1UBuJtQ
+nFOHp5jzt3k+L82OgcixJheizkRgIsEFo6whgEAgZgltelkaX34N0U1QOlmaBjk7
+Ra23tSg5IrcxOGojB9AEnLLWbfs+LYOmOugwRNTFTLXHIQaCyI08gs9hOytLrto0
+emzb1u64QmSkpIVl2cESmhqI54dwkFAPnBDSISBfhPw8ya9TPMxZXj60+MNfxN8k
+B4AjS6wwBk6dBkD/dAVVbWksfcvLoR2rVcp6ZLzqJw6NngQPL94++bJ1r2OxzQmj
+WjBYMAwGA1UdEwEB/wQCMAAwGAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNV
+HQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQxegyJIDYgadVaqBrO81tT291/mzALBglg
+hkgBZQMEAwIDRwAwRAIgepYDoITa8WjRzLdTd0TXI+Q3ZXnU4jw41twfr6qrOgsC
+IGhtDkXsPybKVFTuRt1I3b84xbBeDFKj1H6n3UByZx5M
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-512-ca.pem b/tests/cert-tests/data/chain-512-ca.pem
new file mode 100644
index 0000000..57b9850
--- /dev/null
+++ b/tests/cert-tests/data/chain-512-ca.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAbmgAwIBAgIUf62L1YAmuKuNR4Bnwn4FEjFDpOcwPQYJKoZIhvcNAQEK
+MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
+AUAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTEyMTgxMjUyMjZaGA85OTk5MTIzMTIz
+NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwgZswEAYHKoZIzj0CAQYFK4EEACMD
+gYYABAGxhmDvIvu97o66LrAU40sO9Mqh78UpxNpdsDD8tD0aDhOivP2WK/9LqSBJ
+uaIIzY4pQyNAHdp8WFnmwiutiMnXHgGcps4Mw7gEKMlQKDP8zS2GSkJt9r0ct6jY
++39JQ+fM0PPcxlyFMQlLTMwcFKPAH+stA3MqxroPLHpeds9u1HcrXaN3MHUwDAYD
+VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYDVR0PAQH/BAUDAweA
+ADAdBgNVHQ4EFgQUjYaF/lZImEi+LQtLIh9y035UucAwHwYDVR0jBBgwFoAUmoMA
+sMqoL0N4sF0RT5M2mxyQrs8wPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGh
+GjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEBAJ+FXZz9F6ie8EJc
+OMA55zOr+SPgSqf/6E1xLNQqf/s44oyXkl3FfYXYitHc6vAp1LOD3WjXCDgSSM1R
+Vp0qBKDO+7ESYVCIYdzoSC4OFwVSTID+rH1bv0m9ZMiPQB97vAzXJq0bGyijPZGb
+TSUHjFNImGJdZq3B/uB0c/tQBLUi9YrVT1vYZ+lpOyMYaN21zFuDB6lc5sA6/k08
+I9J369z7iVCuibvXBo4roRL7wj+Cww5l6wjeFEo3Oj8wDoRHlxTk9ym40yvZinSY
+PAESEyNkpLo6Ctyjz3HVxLmTZE/TyG/hNXionRXQ1uJZJOtdIMXouGCHStx2iFcL
+2PSL3ng=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICgDCCAiqgAwIBAgIUZ91YTLTnOoGdoBoMZrk6sdNguM0wDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUyMjZaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMTCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg
+hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC
+AQoCggEBALYQaHpuXl4jEi7KpErGCCcQ0c50NuEnUzfU92tGJzXNLnOdKQVxW7ma
+ptJ1Lb+f2D+utL61/eyG32DLosaPiTDi8R7P8O/ivXEhwHe8ScH/B1DAHfbnRNv8
+MC4nTq8MavMIm/9UE7j19C+uhLFFPExnRohaFZXLqKbAiadMYyEqROjibpmBcyxY
+StdQNOQ0qBC/NkPRh+kSA6vN+ZIsqizl/PNfgd7am7c793fAb42U36q3ymUpCtkM
+GhCoVx625sVYOKIHdtzGOwTV277TcVnflg+BwK97p0FRUh0envFENI1uzz4Et5Mn
+swTDE/KoYVM8EIDeQcFAnF5tVxZfSosCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB
+/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBSagwCwyqgvQ3iwXRFPkzabHJCu
+zzAfBgNVHSMEGDAWgBS4/wLP/kals1V+CMMSsHiF9p0QajANBgkqhkiG9w0BAQsF
+AANBAGmYNtQ0MIrtLCUs+WHJUE6nTC4DQHjNJ9eiFDQtDiup7FOZlLPWuxBv8IG+
+zXVfCc9BxrAQSAGiwyx4gKDT95I=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBZzCCARGgAwIBAgIUR3WhmgKRJu05fANwlblt/s9l6jQwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUyMjZaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDK
+s7lICbgRDeRXEPqZagrNUi5TjJkMB4NfU9gb0OUi3Vsna8Vi/2CLqJQ+jttINcS6
+knobMwssEAnkLe+V+KTzAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P
+AQH/BAUDAwcGADAdBgNVHQ4EFgQUuP8Cz/5GpbNVfgjDErB4hfadEGowDQYJKoZI
+hvcNAQELBQADQQAFKda31c8Dsue9JpR4med450ZroHT5WrGkH6T7XwczXfNc8W9w
+nKPMoJLZK47HSWqUdniMRPX9XydqxaVug5Rj
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-512-leaf.pem b/tests/cert-tests/data/chain-512-leaf.pem
new file mode 100644
index 0000000..f8a4ce1
--- /dev/null
+++ b/tests/cert-tests/data/chain-512-leaf.pem
@@ -0,0 +1,52 @@
+-----BEGIN CERTIFICATE-----
+MIICYTCCAUmgAwIBAgIUGaahqSHZnDisEpq7NdDyajix8GgwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTEyMTgxMjU0MzVaGA85OTk5MTIzMTIz
+NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwXDANBgkqhkiG9w0BAQEFAANLADBI
+AkEAmmMomDw6UyEVGsCdhWB3BbgJNP+T4bFMnovfcwl5GBI9htuMataGBWB202Nf
+ICItBqPCI7Mu8kO4xsz44ejRNQIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1Ud
+EQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBSuKggm
+nzHbFCskfAJqxOV+hLlfLDAfBgNVHSMEGDAWgBS0Hn5aBNJdFPII6ad0f/eSfxEL
+MjANBgkqhkiG9w0BAQsFAAOCAQEAQZR/tbDYzzDo3CL/lFmk/dXs6/qMo3B/9xLV
+HGhj2IqjRNY4Qo4V05a+Xw9bUxvmuae+BrNGOK4ouwhsmZerTPIhE6u1PWZclcQm
+Ean6r8uXWKsCdUd1zMP/oZUuWiQga/7+Ej2MT/E7dxhfHoAQin9B6NGIJB8pG0KX
+FU74gSlsA+bQFBEyIYDgJXj6Oht0ggyIzzy6nPzi+7cRgzmqhfCyoZoZd8vn1fi3
+Lvqt3XbfDITTBhr9FtBr0LQNbe5/j74nXKUiIYiu8EkDC0hTMK+s2q9qNi43+naR
+8h0irt/ZBUIJrJWtPSJsVDHKXkEtwYaI+HNNGE/Zjk4wS3ydBg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDEjCCAfqgAwIBAgIUTJoYUgrAGOyE94h5R67I+cbdBtYwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjU0MzRaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAM+nUak8iG8Ff5u08dsTvdQsb+xVnHiL+cPOrAaDN76VpifZKE5fHMcy
+LYJi3cXZHgIUMTTHqU0X9wef5GbRDdmH82073OHE4XTaf0NJckGLegqxt7xRN24b
+bUQquy1Xr1mSBoVGPOZXkS75nZ0vLFXcP4hF8J4M2y8veCnJJZB/y110F+j8g2uJ
+guXozXXk9/64obxycy/k6JSzCr/WjEhg0dL5t/rnpUxxMkqJqd8P5YpCabhP0mjh
+gCb0R0UX5B4R3MqeQ4TwXbf9pI4EtEIGtYBmgWczEV300oe+CixiKABvxF6Q37Eg
+N+c8Yjyod10M55YcOttIYrO/dAGOfOcCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB
+/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBS0Hn5aBNJdFPII6ad0f/eSfxEL
+MjAfBgNVHSMEGDAWgBSCt0sRc+AtcCAfvZZvqd9gBkYnyTANBgkqhkiG9w0BAQsF
+AAOCAQEAKvrBV31kz41qjkk2QQ6DR2COVfOmc9LHbeJMr/s1vFxyNJ1htsfHh2HW
+lvYyqzS0m36RApCJXT1Z1dzvEp45GoCtaISVq9jenKSm7nLCqnhbPWFr3nMDWPPG
+c9lV7PlPB8myeHhZpGK7df1VcTIJN2u/SI7P4RnaUck2176yJVyU4StOUcmbd+Yn
+I7LWpxwVmNkcOwI5IR0zdbVWcLP9+2kL8Kju8koql1lrlqTnucRY+2sD1sjaTTIz
+kQVrELO0l9EAAC5La6u9dACkOhppYFZIw++hbtEXxgkEYnoGzvptsNi3w+CrQ/g8
+7cuIfQFBCX/9C6APbz1o4FHJCKsDVw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIUMPdFIRYbJUlkWLtbOqcbIE9nbkkwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjU0MzRaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALS9CFlh0IrSuEjuiDRnznblJiTWXuojqTp61CZkJzEt3mTAbAuvJGZa
+wG6gQxMIIYwxtbdjC58wP9ZucJgFxVgD4211QBcwACxDCbGyUsxTZZrQkCMun6Y/
+YMUSu8Og6twIx++vAO+N0Eaa/FrUcYa0Hj8XxUgL8/CT40OJC/i49OuA9Bs3L6zj
+aMEADZ/f3/33oo6jgOdRmUmVOuovNg02h4NjBk3OlKD03vZ2ygVzmXme0YBM0o3Z
+SmMqhut96fI8taqcCV5ccNNsp6HHIg0GGuWtBB7rTkEFBhQg53AMrzgOpQ64Pueg
+LXLdRdOVKRkX1lLvboRMbjlM5HtOTX8CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB
+/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBSCt0sRc+AtcCAfvZZvqd9gBkYn
+yTANBgkqhkiG9w0BAQsFAAOCAQEAEjS+iRmeALeQIVvU4VztUmqp7FtkdD1P92xu
+yuvPTKGmhRRwDNB1GleHUt4BFKF9EPTW9PK9VJTjNiivPcm9u6zjRENb95l7NOsY
+5AYMZFyR+jRT7cxbDYGuQ9yc8nRF1mH6L0osfgMIub/Z7noMgSGhzQx5E56Q2CPj
+QVLUH37Hkj0hAWsccFuiicZSeAsxSWAr7+qRKHWJKgJ1sBiDkXlsfuoUYJCFd4Q7
+LQraLxDpVfB44E+rxFRJoLYzExeTXhDvCJYNPd7OUd6WIOeq0yjaj1v8dn5pV6Vh
+kockuY1rAy2fNlOoIEG9qVvWJ/vj+Uq9wUomW3wfyF8es74V2A==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-512-subca.pem b/tests/cert-tests/data/chain-512-subca.pem
new file mode 100644
index 0000000..261137b
--- /dev/null
+++ b/tests/cert-tests/data/chain-512-subca.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAYmgAwIBAgIUJCiWOylfZcYmHICa+LwzULsEY5swDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTEyMTgxMjUzMjdaGA85OTk5MTIzMTIz
+NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwgZswEAYHKoZIzj0CAQYFK4EEACMD
+gYYABAEkG+6EOxALvWgJfPPfTj6aM++G/Clb6qYKb7EKHKArIngKFB9jLmGCC9Nh
++2Fg75z9GjP1UNqdlwcuTYsFzIdFfgD7POQCoU/mQKGHCHrNgTd+yhbpkjIzMf94
+Pd37B3KWoMwpt42vi5oEv1wMaMT/9bgZtiTh5cFdYc53MpVqj9GAiaN3MHUwDAYD
+VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYDVR0PAQH/BAUDAweA
+ADAdBgNVHQ4EFgQUbktH02YQyE/FHx+/fWGUBEXQYxwwHwYDVR0jBBgwFoAUTXqT
+trlGUSx93s8ATWGeoEDKrqcwDQYJKoZIhvcNAQELBQADQQAFHfmevmaYUZcMZLDY
++BrwecSLCxPWHd6T1QDhn6x7P8aVsY/8cLIn7ACURxR+ia2fG/px0o2+wV+bT+A5
+sDIv
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICSjCCATKgAwIBAgIUA6RF1rEvvPbBSliyFqD77roShB0wDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUzMjdaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDl
+cI6PmIU+IFbj7ykZkLWuGIlR8uF3CAyj2fq4iBeEk10hEA+d5Oz2Yp7YwmnTJvb6
+oO2XLPyLyE3htVmbaEj5AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P
+AQH/BAUDAweEADAdBgNVHQ4EFgQUTXqTtrlGUSx93s8ATWGeoEDKrqcwHwYDVR0j
+BBgwFoAUCWYWUmG4wYva7UCkhcdTRTJXTIQwDQYJKoZIhvcNAQELBQADggEBABeg
+Ev6JXb78IRCeK11I/B30HW17ejR+wFBereGpuIxu6HtDHVl2Au1+vJ+ddK7hVvL5
+Z18RozUyvwpCAQ5DqC9SzabAfIszM7PvEZ7/j5xd11L+YEicd9g72jVKwP2VSIJL
+9dfHBFvIlh7NrspwVipPSp5bDCbrTTOpNPHHQuTNO51dw9178UfmQhg4hIrMnGsW
+edT5KswtixFekzW36giJ673tnz/amcDJxJC78sXFnpYsIrTRFqU2/rrd7Yd9Fmwv
+4D2vvBVmRKVYTEz9W5tgMEQWvzSomQj5ejzHzcomXXp/W96XDKWVjHE43EmqquTE
+rlIkVCK/Yf1h99U2+Ag=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIUWV9HK/UEiOT8ZpQq2w2glOshGeUwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUzMjdaGA85OTk5MTIzMTIz
+NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMVYMEUmPcAGVgJkwMSser5bJWUEzD7PtXUzzeu3UAUl5D/B5I7vlZ3A
+1T0ZlSdTB0N73HHg/FFE90jUrVoj/yI6Ml1otPZ1tYjH2eLGN+/NCkFVKSzxuNo3
+DURRRFoWMpk4kpmaCYkWoKMTYZtkcserm+Lv0kpBFT12+iT/GCPBmaqmcbMK8sbS
+Pz45BVdRFwln8oyLKSunXyYrBd2LHlLkhag0YivojAxuE8IyEE2SkndGO1JC8WFB
+DMwGrllrkAiZSZKdTEI4377r5LrgYXv7w9tr5jgkrABUohie8SpJOlJqcjzfaF/1
+QJrxZSwSUvOl4EZVziEBSnlwzrfk6G0CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB
+/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQJZhZSYbjBi9rtQKSFx1NFMldM
+hDANBgkqhkiG9w0BAQsFAAOCAQEAXTYMg/3eQ46E+s6OoZ3wb4diYXfblgvdAlL4
+LYLGeQJ+Jys5iJ6cou+Ck3xsSpXr5+6ElwyP/T8DieHdZHYy/JC/EhU8O+nxsszr
+zjxJGQWVBqlzsVSsELhJcH6OC5xhUw8F1Xpy95trpRTSQB7fkxrqWnEIgacKUuns
+s5ntL3BJzOhNnxZM7dydFL3citM1lrfDLr2pErrXPFpLbul0yCT4sWZeriKbj4vh
+7N/1CQ2cvChOSHAbB9KMUeCBDJgWP7u4zqVLQv/mTfjB0tXRWYMLsr2koyCOhcWj
+MA5NnUuEfXtLLcCUbekk26SgYLKz+AGk6gAMN7ofsYLPOtTShw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-eddsa.pem b/tests/cert-tests/data/chain-eddsa.pem
new file mode 100644
index 0000000..7ec3c7d
--- /dev/null
+++ b/tests/cert-tests/data/chain-eddsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIBVTCCAQegAwIBAgIMWTey0hmzf1cwE8cgMAUGAytlcDAPMQ0wCwYDVQQDEwRD
+QS0wMCAXDTE3MDYwNzA4MDEyMloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYDVQQD
+EwhzZXJ2ZXItMTAqMAUGAytlcAMhAF3ZEMxi347Ou63o6HwHrpUhncqfgLzhINGJ
+CnjZaQV0o3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP
+BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBR20C3eeH0drMbAVG6WD7GLs5frmTAf
+BgNVHSMEGDAWgBQAUYZc7T7EeTn8/8kePVPQLtbgnjAFBgMrZXADQQBPnuU/zF0X
+QKj9JXs6+L9Gftp8w6mVIaCGY889MlL0moWofP25xciTRyT+2jK7zLOO7e0JRd05
+ZkncSAOOnPwB
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBHDCBz6ADAgECAgxZN7LSFuPNiCPnfi4wBQYDK2VwMA8xDTALBgNVBAMTBENB
+LTAwIBcNMTcwNjA3MDgwMTIyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT
+BENBLTAwKjAFBgMrZXADIQBSw/TcTaKk/YxoN+9IG7qtBwppX22yPDsjfYgas1x5
+oKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQW
+BBQAUYZc7T7EeTn8/8kePVPQLtbgnjAFBgMrZXADQQDbWwqI9Tz/74Dl7FkpbH/c
+JntRKnYF9KWVuFmLq+5VTmRnEUsKeS/tIZUcSB8xh3yISoMqC87KA2hRQHKmuSQJ
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-md5.pem b/tests/cert-tests/data/chain-md5.pem
new file mode 100644
index 0000000..e5cbd0e
--- /dev/null
+++ b/tests/cert-tests/data/chain-md5.pem
@@ -0,0 +1,73 @@
+-----BEGIN CERTIFICATE-----
+MIIEODCCAqCgAwIBAgIMVv1AJzMmgkNB9tIbMA0GCSqGSIb3DQEBBAUAMA8xDTAL
+BgNVBAMTBENBLTEwIBcNMTYwMzMxMTUyMDA3WhgPOTk5OTEyMzEyMzU5NTlaMBMx
+ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+AYEA33Wt+KGFoXRzH/2eBj/a5tINftSyKmwEa8QlzIhF5hj3TVZHKMGjK6dvfq5Y
+kunQ3/sA3rd30wyCF39wbmtNCZjJBmeLEiaqD2kaV5clVVRDY8LAzbefHKBHBDZ4
+CuDf7+svU5rQTb/nthhBkJp+Fzqo33fsRNWqwjocVJd1iKnN8HV/7SRIIPjJLT+4
+kEOQ08ijdgHFrLwyHUkyekpBtxzvFXuo44UjiS8/Ys6SWORkEON4GTwdXxStkrEz
+vs3FSzqyjV7mTm05xofdsYzVwvksqgj71aUD9NqE9n1yuzpx/KfpxYyw658UFP4K
+QD8aP4aWWJlTkBVYqPFc3XL4C1mvNS0v1g1qxtZ2AwbqZKnG32qv7sKVCYiEIUjX
+hLNeL50kwL6HUWJ5yUIG617ahz5kf2F8AGaXtaXD6BaSjBrZolPjnQ9I5w48KMFX
+9kXzail5ihqYBcrYp7BUCLb9ZmVGetCrHIGJh330L5HAssbi8fGnQnc1wd7pi0Fy
+3dU3AgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhv
+c3QwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4E
+FgQUays9pdr8fiCAITY70bh3HOJWC9MwHwYDVR0jBBgwFoAUd0+eqb7Vqt+5eCwg
+rMXuQAlE2UkwDQYJKoZIhvcNAQEEBQADggGBADkcI1xwoJczkpSBl/4YGWqvahjp
+oG13E/STsUaUAxA/8XypAm3iM7hApBWjxgcCA/z+KX8NdSKhvflVdDamggxrIrMq
+MY8VOsxE1G3t4Kq/yZmyItt3mNFmn+MylGY7xzKGjNCKdLWOUukDOZB33INK20q8
+ijyYt0+qOYjHZRGIg6tOgOlY21aM2vSdzEmBTLjsAx+vdXStWuji3CiBnmjueNbJ
+VRBbHRq0jDkqsbAIvKXdGs/7kN3gm5gt5BVJxtr3EcB6q3t2Ls2sv7qYIzNGcgal
+67DGG0Goj3CcbFhrp+fWeclih/IiJK+JVNuJlKLYMC4+c8H6IG69ISjhVuK6FqFP
+HlWfYhQTB/cZsojOu7Rf0PAptmZVyCL65LtKnN/MDhnoxZTY5wpsGipm5Yec1+XY
+FA+AxeHcKQGz4eLqORBO6Z1Tuu6pCaAFZabACODEwMfc6l71B/FcJGizJh5OixRp
+uT323OMw5DytoNvPZcRpCxJ9aPenB7aQ0SZSsQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE2MDMzMTE1MjAwN1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5fGCxv81yymph2+n
+0oP6BjR8AfCxL75lMGmvwXQbQpfUSff8ZprWKZBaP7I5P/s32UeQcLFy5a1YG6K0
+Fd9ZqB/IOZEjzYjfFW1k1Q0aiSTraZQoM6HLbl1iyO+lk8XPeZ6/EC32FvbBOU+g
+Bc31d4buvZssttZ0poG4/qM9mLIJOyAUIROuhvud9yXSNft9ZqZ1zGf+LDtDOQqH
+6le5P7T536d7Vmb5VwhxN5dfLB/Ykpu9fJAlWzG6VXxWPUqQ6AnY+QeBghH7Qz5y
+A895r+jBOubV+7cZFjkWBGglYosczZK1pQmeSMcD1EGUerF2J+RszNu3kGoe5GML
+GjxkKSuwCVuvWurSQajTrLu9I+yuG+fJQ4LW5DwSGMeKJzMo8KIXT+W3R82U2HDE
+cHUn4irYKgZgCNWbQULqvkgOqFflMAiqyPQdBIB4y62rPhYNE3dm8yx0IryztDhv
+EQUBGn+fkA/XJsEfqyJy8xR9ZexLmXiVz83zji8SuK69gqwFAgMBAAGjeTB3MA8G
+A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD
+AwcEADAdBgNVHQ4EFgQUd0+eqb7Vqt+5eCwgrMXuQAlE2UkwHwYDVR0jBBgwFoAU
+h5L1r6yrnewz6Ew3Ct6AhkXQZA0wDQYJKoZIhvcNAQELBQADggGBACu1ACKa+T90
+SoVYPAY68WLObqm3ZXxu0oegkWhAw9cWn1WDsWfyeRAZtlGBvNF4f51ceYopXW0B
+jdcVrjEGpKwZltS5IoAslLM6AbI2NxNDahxcv/r/v1yBeuANm5fQ4mZkGMSqlydq
+plhW/dkIbnyT3DCEOuBoFpIHbAG1EDBiTuSLLz4Fff9PurZQQTzzktjonOn3BVo5
+z2PcjdGi9BTNTG9Gs4hVN4tsqF4u5k3vLRPpFRwBIccJLxCwogKUcAsZLAal2EKO
+D78necMjNEp8NDKG+Mernt+cLsbA26xujbZd5oR4mmcBHZRkrOBd+hLGDizR9ki2
+JnipyVIySKpy+d3OOgCjJJxRmojjlryRq4VausTU+e0a0smDD+rrfMpSzrJ6IqUI
+SPemzH4ucEPqzcXhsgFz3oDlGBp15tjDcnIWgJnBw9wyXfUAdHQILzngXr+XguhW
+sy6mHb+OCM728vwCDZoe16hzweEMppsN49gESJ2iUAasA/6UsF4NnQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE2MDMzMTE1MjAwN1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA+lAqVJMZm7QF2lzq
+5QTYmcIYCrid9PDC8uqVQLjyCCwCFs56rj0693+YxF0GJSWbknlCXpyWYAbMEOCd
+paZXao7RX9zRpVpjV8zaiFBWkQOtoXsiJ6B5u71K/3EDWn4549A1UeMLXZxJRbMw
+YIozouhUX+5TYxKu9vYZAIOIelN9jLell+taTIKNv3gHnMHMGLEOAPFiRV6hvq6G
+aSPdOvcK1jF/hvYsmqkJgqMJQjibYLUrnvuEySYqCX3y+y5jiFyiXiGu9fevcZSA
+TvIRER6V1mkD6QEyLpY9Zpg7rdYOo+5SOu1phaqmJgJPMCYt5GQm65J6j3EDGkt0
+/re4XbB5z5CGk9TMx7GASHrAAg/9eS1Gd7dh5roODCtlQcm8peaKokqBna8sdEpR
+O5tgYyvF5IkvHyu0DzMpb3dSJwG7QQCt3Frhveaixsd0wfIEy3lDZpmJUjBHi3PE
+Rg8/2raJZkN8dn8p/7L+uWA6m/Ow9Ql0804lu5xE7MiIo32LAgMBAAGjWDBWMA8G
+A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD
+AwcGADAdBgNVHQ4EFgQUh5L1r6yrnewz6Ew3Ct6AhkXQZA0wDQYJKoZIhvcNAQEL
+BQADggGBAAn4Qql0FHTDwDcTTV5uLIFrVP8yFfPN1IxJiBORxl36qNXtk0RdYXBY
+TB7P6R2KOgPV7aEkBponfRl0gimAz5Nln+x/97nFwQXGR01UIXOs8cupj7y5LDFa
+oCaHYzyWUfeppTxwJW57hS4xSwFONFApok8JI17nnniK7ZINtX+gdn368VOrhz4m
+CyJWJ2znsqxesiMbWQjO3HNt6rnG7a4v4q86n7HhR8CIWc4f4WfRDdVHQ92wM0SB
+kSrwWNydxcpkbSCrQTH6kFVDKl5TcnoY/HKMuKQnXNkzCZkTn7UMD287DERfmEV8
+5jxaofQEPMB1Aa6YrSFBAXiZ1OQ1ovN1jqpmR0foI24rgO6+AYx1WSwctPH+Vqdl
+gY3i698HrfbSjDdHj8lRUVFwSl4ZuXeCVdrNm27srWGfxtAOcTfikfhg3d7cTeCu
++aNMnxYSCyt4at9OHu/DRlcWZ3T/DPLXbQ8hLyE7jH9AnKUiunpvMCgjbhg2jQ9w
+7YCdTfS3ug==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-with-critical-on-endcert.pem b/tests/cert-tests/data/chain-with-critical-on-endcert.pem
new file mode 100644
index 0000000..de14b5b
--- /dev/null
+++ b/tests/cert-tests/data/chain-with-critical-on-endcert.pem
@@ -0,0 +1,72 @@
+-----BEGIN CERTIFICATE-----
+MIIENDCCApygAwIBAgIMWLRKXgVfpidUGiL3MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0ODQ2WhgPOTk5OTEyMzEyMzU5NTlaMBMx
+ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+AYEArLFdJ0t8aIAEwXk0+BaXSCWtCrHyotXZxxOImQk48khIB4zQZjdbsbIrE7BK
+RW9h8WpUNUTCMRLrIiAL072YbnCyf/aHoaumOGYpHdqo+nD05RH81x67L82v8o+q
+vw5VeWOfEU+HnAJxazXe3WqvjDvxDLxlvRG7WBECfdmdzdexot9VgLNv1hD3Cam5
+/FBOGwKLkU+cK57BAUcgRqFLFcXZdq/6Joy99O/WVMkYXfDUExRog6EJuzLsQqLZ
+symssmps56OdGNeSwACcRUXYQRI2Fp6kWpQ1kynroSDms4q6hz/oIre47UtmYNsu
+LnUYLNRAbpRuCLs2uKHjXJoQHV5HCGAq9Whtk7vuNDoD28VO9T0CBn1GbXATDmro
+UldPZSFvsW8MUFQcuRbScxrLekbR94GwD8sPdw1siDmI4M1SshS5IyXctK5rfxF3
+9qJ8DxwWI3ZSp/N/2HbAa7KA9RsGe548cjfxMbHBv15vZbW490Jrypbl5zTzHwWB
+W/nRAgMBAAGjgYkwgYYwDwYDzgcIAQH/BAUaqwGs/jAMBgNVHRMBAf8EAjAAMBQG
+A1UdEQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTc
+dq+IHuXY6ZiVq2QRqYMjCWC/wzAfBgNVHSMEGDAWgBT705Z3PM2jlhgsbpzfeFfd
+uTqdMDANBgkqhkiG9w0BAQsFAAOCAYEAiPZuXN7FdUo22v1IKyNmGZ0GOzv9N43X
+OnJkfDAbMjtO6KxCtqACSFh2cJ4NqUV+GqSo0fNgZIBvXVaL5GOGEvStTs8xw8oH
+GIJXQcY3o+6S5/u/6OU8CYnsIqQGGjIhuUzIsrdcFrRrX4nY9v8zr1o8B7MbN0pG
+seh8bLU5ih41OH7wjqx3/nuQLs7aui5sRiS+Ug7lF8N9VeOlDCdCeiWo7jNSbTkV
+Gt5lcAI6W1paOrNaqwDQ0WeNSM+QLyOXWXR9b4Ck7T4Kcx+5ZSYCKul3msyyA4rV
+cAqvaKs/M6IqFHaQGSwgrZFIBcBrViuAWZbdlpaCUNV2bBsxf/ro4Fe5Z3hJz4/r
+4RhJffrzMN1aaINi5rFYgMSSHGSy3O5L1yYMdOa6FiJSzYMmtJDFejNLU+e5vM8V
+wEBzUaG8UCrOaOumcQcdb2J7sjAoQ+Ghn24/4jmW+A2mFCmAvKfBHRH89BUzEKt5
+5IHTMGbPWEe483Nyh3Sx1pXcoQDVgD3l
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArw8KL4omF9ALedLd
+qAgnh+mTAQr1XlAy/1DiwA8yCFIPMucSHyMCJlvmRs/gtgemuU4Bn8NsCu9CcXUI
+s9mMhrmE098HLn/2McNW5wGNVfK3/8+8N0cok01MuWBjCcZ70k0aYEkFVivVdo4z
+CScmZrQYqqtmiTpsJOft+EU479mDaHK0F2caEZqWdyAmpgQ81eMtI/1kFzRbjYCE
+Pgati1YrcbS8QLd6NRA6Lk3WxSZpIFQ5gyhvdR3z3onWZM6Mcqj47ZsVK/nvXUSM
+2I6JACx2AfDWnbO1c2agZlxRvjlcPkrOiIg9KQs13IAAQ/VeB9KI9PrTgLwNhLtw
+gsc8fgn/y4GL2VWolPuNVG0cIP4b4EnPH3ppRfvGe3lkm1zRUkTDht1QRgYMMel0
+HSosbt6zXxMKRF+5tsI2ntnXz1xMVMsE8MEgK58BBOTuJevPLLTnkh9WOih6IfDN
+t99yFt86x7KbRyddivRP60OftilhUaBcKz/vpKpE0xyB/QPDAgMBAAGjZDBiMA8G
+A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU+9OWdzzN
+o5YYLG6c33hX3bk6nTAwHwYDVR0jBBgwFoAUJolqIJH3QVRxmq4o/abMSF3P4REw
+DQYJKoZIhvcNAQELBQADggGBADpJZ6ydM6+kUcoDGgZnycH2+73A7OuIM8nhVnMg
+9+SsiLrjD9rL3gMhlxgvsCGG3So0AeZTJwAQWW/B0vTIoScX1LQ9YuB1vv2l8kkF
+Sr/m9TZcP2KiLCcyzkUQ+NvssL5oVXP4/yZDfPasBR5tTLgKaHEhENKLx+1OW9/j
+SAGtyP1vxnAd/4kPeuS+2L9ehKTQLUhztE9ezguMOEnBmOcn4QujHvOAAJVh2HgU
+MWcIo4MFhpEYo5CobIDJ2+amRW3ywnIGOQfFQOWUfT4XlgoKvirEqWIOKiqmzEZu
+sYKbFPhTrFwZmpEwLEw+8B3iz/hW4c7Dp1/oOdrPSr28iQYfJWMyJTm/F67/wzGZ
+eWYs6Kxc644gtBckJLGjVPHcu4dwpWpKnzK1cwzN8GY16/m/7eA1XsFWThQOR+KH
+tF34Cs3xbu2DBtbMecpeWAOYR1lQg4IRHrCVrB2hxve+/bXrocs7EDlw4rTfqkz6
+WqtmyLapzQDNj/NWymF1+X4c7g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Y2wvebbAVPqOsDr
+1D5yGc7B/TlTvuzwAX6RrR6zwuwr3NkeP172A/S1JMqZgl/MnV+PLaCGQxKgMg3V
+7pIe9qenytKs6QqGTWt3z3C1HerGT9LQ052JclCStmC1jPMwOUXFiUNunvpMPMMB
+97KegAnoYhViQ/IS0iDmHbdEWaFRFcvqVXyaxZP9eW3bkEZ+0pF2yaYZE2NqwEgi
+aSWpG6VStRC86GJCTswnpIEaS3gTGZzqmAw7eHEqz0lhZB6o//Pyl2TvUexwu52X
+McxWflgCTdbZmjnuyA5LZp8GnsQ3TbOzkP6J+BeZDPjSKvNtgZEz7Bt+NXQGxm4k
+9/5813WkA29QEyVHZOQUvxTCyr3B3lgxxvZzXQYcmqpWdDZyZr2jxJaizp5BVKRc
+OxhExiEhOUnwwwwNMj0Wyxz894QFrRqy947+lMWrH/snQ/owZX2IZ918Bm23IpJl
+bUb5Dnyfr3PIa3XfAkJWRCM5xqKb+xOZJaR+1lEbYYqOuQDDAgMBAAGjQzBBMA8G
+A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUJolqIJH3
+QVRxmq4o/abMSF3P4REwDQYJKoZIhvcNAQELBQADggGBAKnD4dpow4u9YpnVZ4tL
+cOrkB/TuSIGbuTG1K3CWvjDNoPwe0AXvhexorVuYMWVtTGz1EY4ugopP7qvMf4Yp
+lcZNamtTDi4Y6zTrcKHe6ckedETi5TD6d7pNIe5wgn2p8hptfcyPwlpPjx01XqFm
+Zg7OcoBwhe6UYsM6C0UpUQTqv80aOhAzB5zHHUAoIVSGQBGgTip5QxTq6cE4OX1I
+eobqAjL/J+1Wnc5tN6ctDaO0HbXxTnPt3FkJlkFmnx46o5n6R3KmyfWs7QSks0PN
+/V3hQ4uV0PagQ+z76As4AsNHNGIKCiZevqOUWoU46PlFOR3W65i6dw2iRLW/qmCQ
+Mn8OIzqvcPOwYS4a9vDAX5TR23gPkUixlPnxo5sTPgpTT3PRhJekIoCgL3ncBs8I
+p4/TbPht4m0L2eCodGkCm1QCbvbhE1JA8ZpSjxjICODHEeD5w0RXT0FWprCMvrO3
+uExu6AxfNhtLsV8E/HXAGTguetUysJgqqXdCUDXTQbrIHw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-with-critical-on-intermediate.pem b/tests/cert-tests/data/chain-with-critical-on-intermediate.pem
new file mode 100644
index 0000000..f5edb37
--- /dev/null
+++ b/tests/cert-tests/data/chain-with-critical-on-intermediate.pem
@@ -0,0 +1,72 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCAomgAwIBAgIMWLRKghUUPjZQy+hWMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTIyWhgPOTk5OTEyMzEyMzU5NTlaMBMx
+ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+AYEA2WRm/jJ2Ul4TynGmCamCsUv2qLvQmFknfg5HEjPGpx/sKnzkkavke3IdltLS
+/UZVw1ZwoMKBh/5C4tG1Y7mKHdmHmuISyfzB/vHBNx212UZJpOiwuHHhV94Nmdbd
+X5sD6aFluJOWRAL8PB2vPJF8q+X1PNDxilDEevar/ULNR4+rHMlqRUtbnpqHXVmd
+eYgUAYRmJatzyqhlGJ3mFZPiOwCxvR4b1RKzFx5zgz1vy+B+0a+h+wRgDZ3iCwMO
+mtAgYQ7z/jBNzdbkVZVMhCQm8UF4Pt2ITtLSfuZ0lDzntfC504TQABaFooAorBMF
+y4+OpIyrAXGAVct90Rtkq2F0sVfGtz81xMUw8iVteURalUM/XH4Owz71BJcOKIDO
+PbWyGTMXzWcdCgEhL3P4QG0HMjyhjyv+BAND7Q0e2KGjfnGmO2tRuR6h6nBUkjiZ
+UicMEAyCxJAuMMBItJTIoXeNFsttlYIuAMHFV6A8ekjWhhZsg7LhlLH+k5/uz3rB
+UPGXAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0
+MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFMBahZT/Z4RDB4CkB5lAxAGSCUcd
+MB8GA1UdIwQYMBaAFAMeecLjN1JGgju+TsSezQDYARdtMA0GCSqGSIb3DQEBCwUA
+A4IBgQBV35WByM7cfucUIIaYgAE7RWI1mVz9QGacEzMX0jtJB3pI78KQ+4i4XRHM
+DqES71RbHUTsrIUUEMvzVcpGSak0cvx+9QC6wkNn8w/SDqkJnF4/72MRGXigHGcI
+L9/dSj0yKUHMzjo621cVlG8AgmCG8MYInTXY5pvqQ59mvD1A0HLUfJmwoCwcLpx0
+JIM7/f9CfK2kHVBIvdhV7cHr+pDPHZ5wjVIqF2WE9TnC05caxm/yR5aauGptM8YN
+nfoOnsqFGK5nmD94tAPzCbPjQQqyRQQALm9/oJPMG0blJPkch/hsJixujM1hcENX
+ylV5Odw2LYGy2qFi1Ku85F/cJFvsF6b215ziQKlXBdwEa9Nno0jjxa+g8zFktUa1
+6Y/W06RqQKKVdn6bfhYmOi5PL+faiA9yrGnBy3i/32Glxs19sSUODa9babAFKTlM
+099jOSh6YDQWOa/z/eQ8ueaL7nfwe9cWBOsjwUUO0BJwx3uNQ70ijf3FBbLe1PKz
+yQNcZEI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4osbQlC5tHJGl+kD
+Of7n3E3DfyF1g1XK7XyYpbjmguAVuxz9K2qVMVYc+GUWUN7CQeCONFBV7+49pDFm
+47jw26fQ/x6tj9Omq0pHqTSEmNpsZTh622PqHulThK1R7R1p2T9vnfXUd/AnqWYa
+ECBp6BSW6WKScL36rqVcKc8I62s4z330rrIEOksWFVSOo52FwSaM2lEH2nj9MGPv
+P387c+J5fG22g6Ho6k/A9YJZgs6bjq+XXgqBAVxYjY++YgjTwmcFq9tMQqmxEOCL
+jF0yGCUnV+oz1J5+WTfhkm+yyq9hDOaf6GoCYVMiIpcpnTtZegMTL06Bd4nawODT
+QCuzg2FOmHzSP6XehGPtHzRTsKDJNjl6Q9xTnoUPOcoECYI1xMHy4lbKH236BY4G
+wjyFpfiplr8p4ZOdlgat/+d/eR0gxJ+A6ZbdUsrjNrMo3Jec9y8ZHKR5OLsQxe4+
+UIYlA8iGce0BVGjLlXyE9jE1i8ku0s8QQo523GB8Va8ljSQJAgMBAAGjdTBzMA8G
+A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
+MB0GA1UdDgQWBBQDHnnC4zdSRoI7vk7Ens0A2AEXbTAfBgNVHSMEGDAWgBQghKJA
+xiymxB9WDU44awpl6BIZ8TANBgkqhkiG9w0BAQsFAAOCAYEABOkLX1UW8oDD7TnZ
+9jtpkkW6CrSBI5aIVcKLNVMrXUGiZ9s0rONFXHLEugIgkjP++zUBnflc4KpwlNnK
+NXp0KtCDhQkIXCWn7RYZ633v0XOrop5VuYV+qtpd2oNDsbCIrkph3llnPjRbhIC9
+FdkPW5ZvfnJuW5WOwVBZKe192XJXBHQNPLuA6GbE1ouyaHKrs71W0UAi3ij//tAk
+okwYcK6Y7fIuVZqsSCK9U1/p40zdLwdoeJz1/3U2lTuZwDlh3f12DTFGBaDYamS8
+4utiRfZPQ0U9t8J8HDj9o+ShX0VMXw116zwiJqw+B86hslT0jAocrJtfGyANsP7h
+p1OtDVfgisJVK4JaPUoVsIkl8+TBV3sy3jFdc1jpqRg7127Z3Q8nHSHX1mHdI/Ra
+M3DUhUuTJpk7/vQgfQ+NsfwdvNHWyb4+zhqJyUuEQS0yQ7SfGznzHQhPYks1RmP3
+afa4/D152QSDszhHvTrXyPiFVRuAGk9lh0h8nw1mwygoL1OI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA8QUnCRcC8HlaTt+z
++ui60g8eRO/NqaJFZ4Q/GL65v8dZKRqH10aWZavLXhryCGr2tH2GX0by7pkZqpoD
+FEuARVoiNuXOVntn+HPlsiRyPCpgisN8tS3cCugvzNrVOlPlfvihX9M3oAYFImc7
+Lpk2K+FW4s8ThJr7YOSg1BmuQiY9vyZ3fgaOBMmMqOke8MEkXc0xoZ4M14ZgbcXA
+FpnPHLQK8HZHq4K1NVzF23gKhtB8lrQBf5O8tpqzIFjyiCYiGLhZi9v3Rv4bMBUS
+1bje2PiZ7QIuA5KzTEG45NDiCv6gl1u+uIuWc2VJpRDyMECgKOwhmQs+lnqt3wdq
+wgtVABAakxPjBRoXv27wNo5nhuQruuESiWQHbly33mMnT9MFkEoeRxJWJpCrgzOY
+wtT2eXJPzd61HQmr99JygQR/roB4B0AAHOUxeSgsjrH8ptzQSeE7Uk2HSyz8YG3a
+NfBvYMCCXZLW422ZG4G1wEjan9to+pDj/a4O51ClCT5B7of7AgMBAAGjQzBBMA8G
+A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUIISiQMYs
+psQfVg1OOGsKZegSGfEwDQYJKoZIhvcNAQELBQADggGBAEO9TkE/bgMkFm37usHr
+d03a67vZahubHweidEDsZwWf9h8PiaAIUth3r0TLR5HFGj5zh73hOWCggMmxJv+V
+8UL1oq2jYAXeDkA7MbjADIP3Yl9C1fS+Bq2Dgqht3pGWq5Uej0wClu75bHEKLZWl
+miKvuFscponO9L68ARPBsZ2woQ9F0+2buV7PizylIZv8BnYAxoHAEHcq2RIqj06L
+si/plPx6UzbfWrfW6H9OqjB5TDJ8hSwLEzUg+RFYH34RZ1D2Thl8GKB62lIpmP9K
+7f2wSE9X6gWivyObhmQyAHiL9rQPQsXrpp7paqeknxEtPITxugOunYLPfuqddkso
+33BGnJ6qVjJ6sTBziQmPcwNInm2/91Iw0BSZP0/mCBot+9rSHD38i/sdHbJWh9WT
+mOVu3yT5v+39mC8Yd0ykgpO1/47jdPr5FyVz7yAfwb3/MHgjx20UQV0fn2R37LAk
+AsKMxlHYGz6LYjxK06ZOT3GbBny23aGoooAPqBZenFWXgA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/chain-with-critical-on-root.pem b/tests/cert-tests/data/chain-with-critical-on-root.pem
new file mode 100644
index 0000000..d153725
--- /dev/null
+++ b/tests/cert-tests/data/chain-with-critical-on-root.pem
@@ -0,0 +1,73 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCAomgAwIBAgIMWLRKjwNqHC0gaxzuMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTM1WhgPOTk5OTEyMzEyMzU5NTlaMBMx
+ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+AYEAqaopWnZqPqFMWM4p62PIxlBCidmiUgefxCphPqq3HX0C5IaHB+xC1a/p51h2
+C6hTzChKpVWCJ2obxt4/EqgJRVA5ujYA5F7Cw65oy3GecHgMzprFiTksRIA/n5SM
+whYQBFy939T2UDCyK5bfQGzDTDXoy4ZKoano5cmD8uuVODLlyyj2cv/XYsDGwAZb
+h4+UGJzld1YYzrKaKb/9kCczsDLR51F40ZbLtWtQ9dvKXcIfhKEaFuWI8MjmJYzJ
+WyKhMVEA3Eat+GnrKTWka5nFPqFha3XbVGb1ASJjdjvUFl6v8RlJ+wqsIni1WaIp
+TZY6BCQmEc83PtvahjImoquFt4cHofrbQPK4A1Kaiw5SJMWJvmaZpiAlDnb8Wl88
+TZBtkg1s/XVdD5GbY7r5FZRh52/9e4L43ZThZAGW91EYoNrVr9713OBfwiDpyGRw
+bba5jmHtpzKU4xYANizc1A+ioaCnMbJM8iq68EUkcP0F/enH+TMRxQRMUQEKd4gx
+mYUHAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0
+MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFAxBxXFjDnXrtfECorTP1cf/us6s
+MB8GA1UdIwQYMBaAFGGzwr5dJM/noimXvK/tlXJzNCQZMA0GCSqGSIb3DQEBCwUA
+A4IBgQCIij2aGijFZxVV2kdzSbEWWVV9hAFHF0azEHTQwmSQ0nO/zVWJV7pTjMMi
+qC2zAyfR/zc8BtxGBF1bh4U3Ke5Jy9cr8CYuS2/mvMERopwiQkUtVTABpvKebGqE
+fkbbDs2Qu87u0RxPVUZqyiPNDtVq6+MM70/QP4FRM5uwOp3nSMDiaajlX8jfnZe4
+A1Wa8yduEygiEAbiu0xn2rwjbfW8430Ep4e0lEIBZfWarL61vQaBBv4UmOcIWfaF
+CVOhJGwuf7DYThUrkcs2mLO84ip7O5HLBpvrqDaymHEZAnidrfoayyRjJaQLvg7y
+4s65ivmTyRpQnXLw/tAbWE6lwN1xKp3Z5ahcCN9wwMmv0kcSDi33rwAJl4l6h/Le
+K5c/qyrGxnQ4AL2s98WUL7NaZyv9kuFsQ90ECjVfwhfUEmFqnWPPusKo+LvK4Un5
+6+uniip3wX/8GCDV+cLQywuDIdo755ZKMaf3UjSfsknWJmpJYl5u0K18uLAzIod0
+PVow3ek=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxIF0pvly30S//JQK
+HGVka0CNqz2KC9oDoy90YBpIxlwdO2qiQyBlEytGXU4omVFGZZdpAwQ0XaMaEVDK
+pmdhYPJAcdCPUVkae/qPNS3FWEdSnFlu2qWhiFLgGOUNYn05zA68otm5ahFeD8oB
+lVv8I/NEU7rQmEHZy4Bg2xTSl/hVVgqbzPtLdAiOzAutWWiQwq4zoVYJVCu6Ut8P
+hzpSYKAO8W81/tAiyfcZeoARA/QF8NGcSuWBto1hCb43GkZGFp5cKxSJklX06D8g
+HkUFWkIavOaetywFv1dnUnVKJ2QEyh+40iwnnw2+HpBO3eVo/qArayBWNb/baNm/
+kYZyIqzFZs2Mf38Uu4MGIJMB9RkcMUuw3o3u1HNMeFIqPeTpvQ8r888uxQTgZcfw
+l1tGijdnNBNzdvIMTTAOZyLpdDxx/WoGA8lz1Ks3auZ+d0dzO/2q2b0fiYBAY58h
+Ou1uRjmFX4YpVGcC9+2zmJGGMlkEu/iiJT8dmZc5ydPujY9BAgMBAAGjZDBiMA8G
+A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUYbPCvl0k
+z+eiKZe8r+2VcnM0JBkwHwYDVR0jBBgwFoAUjdMy0N5jaoCQ6Ucqd269BlwiH/Mw
+DQYJKoZIhvcNAQELBQADggGBABUXMEKzD93AwIJZ0R2n2gJzlc7lnKF8BP70ZP5h
+JTYz+tHymc+Nw6eW7yQ5o9tnJue3Z+ueOzN/+UP7dWH7NRnaJ/BOJuKXcwGrH6tD
+prP2+HR2tPIuEGmOoe9bnFAiX7evTC3wt+AeIGgYSZgPwR7gF69Pudk8ISrMg0oh
+Q4pM9YUj5cIWiBBD20vQj6wJCvzi5tyJjEhjT6fJVlcKFZBveOG5RaPB91GiuJ6s
+JW6z1Q2cCMtvsRZnj7jFDH/m4ZlmK/h9oD1HxCP1rcEmHykOh4RnyyrlT+Vuzw+u
+jtNaz0Fr9y20a39ENrmMI719/vuZxx2eExko/ta0EbirJw2u+Ygjdn6c6Bc+BR/C
+IisDCHVO1U+nk8zLo0Rd1JInJH+3jYzn9OAClqBoKxp4bSIo5z419t2jZTAWUNcQ
+Rj+7s8XN/z7pfNfecZJ/n9KTfqbowqfZaMR/UdmVQZTmN3Xk9CnQsGpotbNDqQfH
+jz5Y36//zejV2aJeOMWZeAw/QA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7zCCAlegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArr1s4R3Fq1St6vdT
+ZLTWWZ40bG72Ue/Z94c+m0dujKk+SnXEOe8sEzZLzizaoBiA8IDc1sFpLHDruWsD
+jLACBOPDahfIGIfeJ1R8L23HEgbg7RXdJ8Bx1YsfaASr8L7AihDBM6BTPfGipf6u
+Ul2oI0vyo8WxW+0BdJ/qTMJwT/vFqn1XBisuvwa23SVAe0UU66kYXmSxUDZv3YWv
+P3vqVBGdbussChIYn5xyfCaaLgC3VQNkhmswSfyFQBJ7VO/nHI1a35E705WSKGys
+IZdg3mA08jLOReCsgAO4vnhubA3jk9/LFFIbJulNQ0j3jcqOyfCtsXEmvgbq2b6D
+ksBg/x1riV/FAW/nRwW/vqaKDtDTx6XcjFnMjfvBzkON8F+M76qTl4lVbv9fUgEE
+hBppfHlvu3sQ7ysVYgTDdCM0neTZ0Gm7dOd/9qnrA7ZzQBLRBQD7+en23jyuX/PT
+TEL2pO3kGo9H9zgTC8TcGyNxhJ9APIu531xkHJyse5IkORYJAgMBAAGjVDBSMA8G
+A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYA
+MB0GA1UdDgQWBBSN0zLQ3mNqgJDpRyp3br0GXCIf8zANBgkqhkiG9w0BAQsFAAOC
+AYEAjPW9Y5HZpXnSpjKPryxWNtQSZVRh1b/dGgKOOqjvlXajU/FbMjXTnpm3wdSO
+PCXGyUkBonuoWlbxcRLsShH8O8LUH50drYnTYiNYqYq3e23u2LrQHbB1YlQnRvdR
+JP2AOl/d8mP9c3GBhu0dxzTiH5zyiCMxOWChdPbpKCTNGD2aZIUoXsUwLv2ICsue
+qQIr4f+pBztpNAJdwfMFtqdB1Aeg0UW3+aCjD4XEjISYd9VfXnPg0OaBqddy/MA3
+Itef4+O7XNQi7w6FWmuZWdEJC2juygybA0jv6fvFKV5HUxxsdMaUwy/Ibt/MOhUd
+e4857GRICFKq8Q8FUbDiuw868aTkKSVqXoZFoTLQsXn53GbSGvNqwpqQXK9JMPCn
+c6XIbeF9zgGWbswgdNhs3u8J9tkIxd03cIqaCjzmsl9TByjg5hGEw4+hXbt9PDFa
+M5avPfGI7g0CdoSKSzAishaYtBn+HCRHyZTpxATrv7/fo0fTSs32EIHmro0Xk5b9
+qFGX
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/client.p12 b/tests/cert-tests/data/client.p12
new file mode 100644
index 0000000..f57ce09
--- /dev/null
+++ b/tests/cert-tests/data/client.p12
diff --git a/tests/cert-tests/data/code-signing-ca.pem b/tests/cert-tests/data/code-signing-ca.pem
new file mode 100644
index 0000000..30d5c8f
--- /dev/null
+++ b/tests/cert-tests/data/code-signing-ca.pem
@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIID4jCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCAXDTEwMDIyNzE1MjE0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD
+QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0QHh//JKi30BDok3
+1lzQFhXhthwyc5aG/O6jW3LfxYD0I6Ubmyryuo+Hss0RSZruSbxrYIMTFTIYtd56
+d4/2CFT7OYsIjaf5vb7oMfITT1epnYnKxuBekfIAHjRlxXf5hddDQ9vsLmkr7wlT
+zVyVX7fUYz1WuEiSVNHui+69idEZHAuwuz0P+kRoHJA8O2D8S71w01V0969yerOo
+Rqq2za9HCWcGrKHSAwY8ce01YsFJj6ozVfrt3khXrLpNosd72oEupC+p4zGABdT9
+6GaMh47yX5jkCeh/ZTz8Ek3S6t5ryRi5UoyrD/bg5VHaW5SF3AUzgUKs9biV/K6R
+OdqO7nk3xf37IQUHG3WZyUYpZ9LZLJZaBu4Tftzn71kYQ0JTBK06QLp43eArSSeo
+IDyR6V7+rsaq23c0l2AFeGzSwCxUpcga4o5FrKLSEcEcgDJ8sxXr8KTjBKVg8k/O
+M4T3xpAp0ZKR4sGJMB7sw8mmXkpICc2ZN+GrueP+xcJojNxJAgMBAAGjRzBFMA8G
+A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFB8W
+FXxAZlq94LBofKwIfsW3krrlMA0GCSqGSIb3DQEBCwUAA4IBgQBPG/pba5oHECfJ
+1Z4q5FSO8AYG+v/KaaP0XSdsQOpxRW0/yYvWdGfGSd8NcFNYwBxDRPF6758cE72E
+uSPF5EDH1rZDHsxQhUl5lwmBcP69hlLCeMzsWHsJmobqpv9hIbi+zb37CGQrOXwq
++0qc3tqQjw7979j1SfifLF/eo5DxWiJFgL7t2IjvJsIUTi5MdYVeiLn0WzVGvQ4h
+yYlvBF/yg1YOvxHunbapL3hCImnzhCFQ/qFe0w+VjgkK9Fuz18lyYfxBoqziyMhR
+9aBAjsHoAqZtnSLLFHYl4wh6dHjxAUr5r1GwO4cQGK7+dP1m8cVQoQfCPeQLE8GZ
+aZwk/of7ywtjSEMJNMKP3NmKkGzoD48iIhtMbfZ+bXG4JWM8VD9bEw0JSf/ymCGV
+Q+S+SiTqWSzb6Eq/rTkHa5IT1pFLySIZcsgjkw82VXSe4PEzlaFKTYePG1NU1Y3n
+nrJ60/+PwcCFh7oVcZ0MTfuZmZxnhdID0cvxFd0VAo22Hxofbnw=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEA0QHh//JKi30BDok31lzQFhXhthwyc5aG/O6jW3LfxYD0I6Ub
+myryuo+Hss0RSZruSbxrYIMTFTIYtd56d4/2CFT7OYsIjaf5vb7oMfITT1epnYnK
+xuBekfIAHjRlxXf5hddDQ9vsLmkr7wlTzVyVX7fUYz1WuEiSVNHui+69idEZHAuw
+uz0P+kRoHJA8O2D8S71w01V0969yerOoRqq2za9HCWcGrKHSAwY8ce01YsFJj6oz
+Vfrt3khXrLpNosd72oEupC+p4zGABdT96GaMh47yX5jkCeh/ZTz8Ek3S6t5ryRi5
+UoyrD/bg5VHaW5SF3AUzgUKs9biV/K6ROdqO7nk3xf37IQUHG3WZyUYpZ9LZLJZa
+Bu4Tftzn71kYQ0JTBK06QLp43eArSSeoIDyR6V7+rsaq23c0l2AFeGzSwCxUpcga
+4o5FrKLSEcEcgDJ8sxXr8KTjBKVg8k/OM4T3xpAp0ZKR4sGJMB7sw8mmXkpICc2Z
+N+GrueP+xcJojNxJAgMBAAECggGBAK4EGEuGSoSKpmeY3bGPgvzwaQW7wlG0oV1T
+vxTzttX1AM/wtuRhRMkJmZzH2j3jTcR8qRYo66l5FVPPET4c0WasgqKtXIi8s1VE
+7oQvHd6wiRsOT5N32aU/zNNZIubfdhP2Xx3PrHwTuq2BoZFZJVEVeDLMLjiuy47t
+XuSI+KwXOQW9wf6S34uqithFSrDRlh3lc1uxSfqyy+jXTiLQHfVwmv98FPWEoZs9
+BPSB4DIB5iJEPgu3KXcp2j2Iu/zsgnPPSxvzYATguVB/zZ5TbsGuxNI519pj/9N2
+q/Y+8/9xJKp9Rmn5rRpDpojhvR5YVqkMo7+2uBcY/X2OfKxf9yNXbsRfV9KxfqDk
+CXHcMx4hP7dgVweAFa3cc4mNSLmExbKEd0RtwZHedyzGG9TE1l6n0rTBrTOAtHda
+EqrI9Q9cGhdQRKzIx4o5c3uD07I2r+1xoPZzCI0eEglzo+oSriJIvr4Mgwla7xWI
+kK74R8W6Wx0QWB/9iHC6GV6kGQDCAQKBwQDu8ecDftQ/Onk6KjbBcm9XfnVM3ER9
+BKkWgmWvl9QOdNBYU2Hd7RrHAhjmILauyUp+62nNnGKxPLujLnVIicLtiGnivqQC
+Sd2wEu1/tw6e4groQUxPD+c6kSXvGKUW+QKOvnGmQ4CkfBIST16TJrEMNvSBr5/B
+A2LlufI5lPT8aMiF/mZfVS5axzOnmR7weggwK3T5kf/nw0JT5b28RuL1ck31Cb75
+EQezK4YkB+n5qgjBHM3bo6tO18s+YIVDlwkCgcEA3+zy8mmRh9SPjmJaM7bxoUHn
+Q5oY1Umd6DH1uGi2qMe9cB1Dfcy8BomhKVrDgU4Hyo0Gc8oPaCsKiPYWy+pbYQ5L
+o5JhsxWXhXfIqumWgvodXE03dLc405tFIyiSoaaCHaKVMotlp2781CBhjxJTfiKu
+IL1i11C4lEpgcoE4uGP57irU7oFAesdM9osGi7UV+op/72mOWRkEEixHOmTIIvyN
+e9MCBIVrmW5GM8Tp0oIwQ5V88nmmNxliZlA8HStBAoHAVxKbxnBPVAMw7fs4HOJg
+pJeWkz2pT42FOIioGYbQZbw3uBgaj865dU/UVvgQ2jzMAtgypBSa+k9RaTOi1Z4u
+BHUzcMdb6OGWAXXESkgg8dEZfG1fK2h2MKd4FVr7vhVb0zyfGaF7nXUA+N8nbaQp
+3HOiQigHpURgo6pRFJ6tb9WXTQzZrV/TFo2Ey0xHNAakOTl81P1ZLdG/t+b+bz+9
+sQfIVMUKbKTCE46GwVaI8sv9iLHAaouH/6EvlTmDFpBRAoHAMHCQiZH+slRwDYwH
+GULM+GZKQdx23MTFDPKpxg+Y2+ABgdxCulbsoblqDIke27zmgJGLQMcIGC+fYsth
+WRFEXTV7dVH4IoZcNboYxagsL/8tFMd7ZJsyBsyC4z0moyNi6EhAYCO5hMPEm5q5
+n/qF5zZXVqvBUvSaSTHhtUNw4qp16WiIkWOScDzm0Dp42wX8UCtfy4mZCnsX31qG
+ugINLUxWyt91g0bdZN5u/0nsjuYszKHs2oMoSqkKGTnoFyNBAoHBALrm0k/JNOWb
+5Z9toqLnpzTM5hJQwQdzQFjuEyQa9DrC15kojjU4rwstVTRxVm+SJMoqWFbxPGe3
+28ijA0q226EdRnOP4d+xvapN5+1cQCAlfYKp7zC58smnC5dsIkVMoRGtMq4upZYH
+rMQUYRcsjnjBf8hi3yyOyj4ENUMjsT4LZntfBKzc6Mv9PhoVWMPjndKxZFUJCwwE
+hvmwhInAUuxIP18v/KkrgsZLva9xp6UARnB6Gpe3bFMLOWNb621Qgw==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/code-signing-cert.pem b/tests/cert-tests/data/code-signing-cert.pem
new file mode 100644
index 0000000..0d04f13
--- /dev/null
+++ b/tests/cert-tests/data/code-signing-cert.pem
@@ -0,0 +1,64 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAoqgAwIBAgIMWAXZ+AOk7Jxgz3G8MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwHhcNMTQwMjI3MTUyMTQyWhcNMTYwMjI3MTUyMTQyWjAXMRUw
+EwYDVQQDEwxjb2RlIHNpZ25pbmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
+AoIBgQDSnOotbRouMDqya42qSS20QLVxRfIfER8RtF/51S75Wxfdx9hgfre0Ldg+
+tNwbo0Je2vVta/OwDO1L/RsAc+//PSeuMVH0wIZZmGR3HpbY13spcwYJEuapIOkJ
+LCy4jhllyTK8h8WI17mMf5WCzcfcH70ISZAUMGqrVOaTuviBcf8S5/sG251R+5ft
+dBzz/sVV8GTSkGmn0LyihwzNyJ+5AhgsoKI5HJXU+ThNvJ0oUTIW/oh1qZMcdZdO
+aCInIgeOLDj9K0CAw/E1Jfe05SccEzMQwY+zFhIUwzzKHPvIfLNkW6eHJca2zNgI
+/CfSNtdwCSFkYykUduQveANM5+7/+jtbbUywfoz/2CY6WYsoarcPec8xlSbNBVmo
+L5sfYoPRn+9MyuozV8UFlPupqc5AKYrMZXkwbud/KT6+Y/vrtU+ktpndJjhEB7Ot
+4Y+WlqKml3QnLJWmyfbzTnXmB4FINMj/2Jl/Ay1BB45CBDpY0Z7uGm08FPi4hNaS
+UTVlihMCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+AzAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQR8od2h7W6lKTua1ZH3WTtTklw
+0jAfBgNVHSMEGDAWgBQfFhV8QGZaveCwaHysCH7Ft5K65TANBgkqhkiG9w0BAQsF
+AAOCAYEAvcUiycPKmDMquWBWw62FZPhA/kjUrIuyGChxxsv+pt4al6SNzcuXGfDJ
+Us4Z0pwnMsvoy69HZFDyhkQ3uclgeYmR4rz0uNLrjvBoPlxK1gYPdqbN/gA8SvTi
+y5yr/XnVriMzs6HpaWh0zGAuzaVbpRo79Ba+VPJsbSHETzM4iKzhxp+8WA2G0yaD
+zw70KL0SzYh6QlhARtSAZ+3VDFFAAYHIpJr1qg5OS6AmPezUhE135iwvIGiBv3sh
+aFIxEVGFIKkzelmpT5lq1qjQocV/KrJzrGYMshhJ847BWMROT1fXq/jL+lg38J0A
+yy8pMCO1eYr9+7Dfea/OubGWcQPIGE+2XzUSPzLXJHrteq7y2dt2NLbto/QVsD41
+hFxvxKwfVSKhrUtuymaBynPfTo9ObFb4Y+BvxDnfYSp+myuNXNWocDGVsc+kFlhs
+syKjkVJhZNTAP7LC8lYRIb42FOsJ6CiRmpXNj5/UIoXgjsMVF/4eIClvbqSui50Q
+vKWlsnP1
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEA0pzqLW0aLjA6smuNqkkttEC1cUXyHxEfEbRf+dUu+VsX3cfY
+YH63tC3YPrTcG6NCXtr1bWvzsAztS/0bAHPv/z0nrjFR9MCGWZhkdx6W2Nd7KXMG
+CRLmqSDpCSwsuI4ZZckyvIfFiNe5jH+Vgs3H3B+9CEmQFDBqq1Tmk7r4gXH/Euf7
+BtudUfuX7XQc8/7FVfBk0pBpp9C8oocMzcifuQIYLKCiORyV1Pk4TbydKFEyFv6I
+damTHHWXTmgiJyIHjiw4/StAgMPxNSX3tOUnHBMzEMGPsxYSFMM8yhz7yHyzZFun
+hyXGtszYCPwn0jbXcAkhZGMpFHbkL3gDTOfu//o7W21MsH6M/9gmOlmLKGq3D3nP
+MZUmzQVZqC+bH2KD0Z/vTMrqM1fFBZT7qanOQCmKzGV5MG7nfyk+vmP767VPpLaZ
+3SY4RAezreGPlpaippd0JyyVpsn280515geBSDTI/9iZfwMtQQeOQgQ6WNGe7hpt
+PBT4uITWklE1ZYoTAgMBAAECggGAOpt5uuxaVbIME2xEfrdgZYGAPCYnqyd7itSz
+xHTjXnZP3OJovulkO1pqi4COo445wOWTWECrDjl6qyOiqOyaQ1+END/7O217tWDn
+zBISDgNgfXdJnarJzxSeZHQLecvpG17ypG3vtRW6x3MVatHSpNmcI7s8wbF7bXPx
+ufhUgMj1HxC41P6194NYkrY1/FvQFAsSM1oGXLGEXIHSOU1zzOrdSUXl/piKxToY
+xeEPppF5q9ZmqL9odYnvcd0ea99W032FM7kkbNT6ycYzRmQEx7c+tAWlx7nqn9it
+5f6oMJJwjSu+ZAm8YgZh4zQogWWL7+YYIrNQNoL74RG4EVPCupvrn/Z13XUK6N0e
+qtCJeam/jsPsANL1rcu1te5wkzGJgs6KHrbrtKthoibJ73ivGxy46zWRJTNjFx9l
+mCM5B5Img1vJizmFeCs2dFHXAi9Lx/t8IKHdydFjAAyZ4a0paz3HfmpHBWKFsm5J
+4DgWU+WXqSsu+uftmiCz9d5e7lJJAoHBAPRyn0vX9a9GpM4olgaEtmBJh/UWA3s3
+otzxwOgeXJgWnWEkccPBMkNXFRO5LPO3oriakidBi3k0Q8rFaYuJ1Vf4v3WHJPZc
+pOBYiTsOeQihjiSQdtrS6syborWGQyFsJnnbpSjoKTfb5RisSTev3Di5u5bqcgU/
+TMOoPvB3rBR92Z6K5n9ZD+XrFJwAIGfFVqRaxLZLItfGRJkBkvvzDZsuGoGOScS5
+FkcpFRSxRHWu2Ifdlz0ARUuV8+5uEVZBTQKBwQDckPPPMS3m0hNbl3D5P4GYn605
+Vxn9njHEAWlCfnGbPhsSTT2nw/jdJp60jHEVlDOAyKpDf3wkz1iQMO9sx9fYASv/
+stY9u/12ERNKkqvmqhsjxTAgFWYeAyoS2N4DIGWQXWWCcOsvPREwb9ym6q29bxtr
+PKs9tTVRsnwrEFRZfsUTWPyV1ngBkVVk5MVGHYjUMM7iEHQsucOnnCDitauGaAx4
+kPSdng9wSelJXw2VJSrlfSOfOIRmQtd8iSn5SN8CgcAtdsgT1hW2xL/QLBJDIhm9
+bM+hkLeTCjT7POdxBHyaONKKh7m0+9C6X47m/TDUH1pfVThLntAu+b6GDxNjRX5t
+fzE0za7dNzvfEfhsCHQQW+PQ/yFr74CGD4hClLcVl0TMs0JTimJoJjjEzv5LIiUm
+U70FA5OzUCOZ3Efgd5GEuidoalMWal0fmQpbPVbJlhVYOh2N/gl78j896eIJhBoK
+u5docytbMEVpdMWb9KBT9vIEyvze9pbsyPX2aXhF/50CgcBWF+pi7HJbT5KoxLMf
+Ry+h0GoAIMSPX2lTda2Ne+eCTjqo6SdwzajdQc7e8JbPcnqsASecky10/M438jHy
+hwr0UHjJJRhFHpTvufiKujeJIMrZKoX/b/rdKiUJGEeIduPN9vbBdKwIU1DbVD6P
+lLjeYXkVYagBvTKjwgR/lq8mA7qPM8PcBMvw6LapXDa4iJy5HpgSW5PNRXFegi2/
+8GOUYhbEFOi2gVTLYr5Bmm2l0s0sqKz34Eql099ix/NvT4cCgcBg1KRXwvz/U8pI
+mP9FcUKCL9CkRiPPzsjGv6qs2nvzUXaR5Bb/sX5cvKHNxlkgxYpvgH0oSJTfk0js
+zceyce2B8VGBNzPW4O9L1JOZXH6vwBWsbEJM04neYQipu8ytZO4zjLWdOHd/9g/v
+x7hmweYs7oL+lVlEPY2QfnqPBG2hlETuccsVgEQ+4i/gDuJIVHFlqgbyHmoKJaN5
+s7oeXUTQfAMXdjKkWGrgS9dbDpTXdcfPeg2cC0K1DvYWpcS9bJ8=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/commonName.cer b/tests/cert-tests/data/commonName.cer
new file mode 100644
index 0000000..91d02fd
--- /dev/null
+++ b/tests/cert-tests/data/commonName.cer
@@ -0,0 +1,52 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 06376c00aa00648a11cfb8d4aa5c35f4
+	Issuer: CN=Root Agency
+	Validity:
+		Not Before: Tue May 28 22:02:59 UTC 1996
+	Subject: CN=Root Agency
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Export (512 bits)
+		Modulus (bits 512):
+			00:81:55:22:b9:8a:a4:6f:ed:d6:e7:d9:66:0f:55:bc
+			d7:cd:d5:bc:4e:40:02:21:a2:b1:f7:87:30:85:5e:d2
+			f2:44:b9:dc:9b:75:b6:fb:46:5f:42:b6:9d:23:36:0b
+			de:54:0f:cd:bd:1f:99:2a:10:58:11:cb:40:cb:b5:a7
+			41
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Common Name (not critical):
+			For Testing Purposes Only Sample Software Publishing Credentials Agency
+		Unknown extension 2.5.29.1 (not critical):
+			ASCII: 0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5.
+			Hexdump: 303e801012e4092d061d1d4f008d6121dc166463a1183016311430120603550403130b526f6f74204167656e6379821006376c00aa00648a11cfb8d4aa5c35f4
+	Signature Algorithm: RSA-MD5
+warning: signed using a broken signature algorithm that can be forged.
+	Signature:
+		2d:2e:3e:7b:89:42:89:3f:a8:21:17:fa:f0:f5:c3:95
+		db:62:69:5b:c9:dc:c1:b3:fa:f0:c4:6f:6f:64:9a:bd
+		e7:1b:25:68:72:83:67:bd:56:b0:8d:01:bd:2a:f7:cc
+		4b:bd:87:a5:ba:87:20:4c:42:11:41:ad:10:17:3b:8c
+Other Information:
+	Fingerprint:
+		sha1:fee449ee0e3965a5246f000e87fde2a065fd89d4
+		sha256:8b13dbb25eb339a630c76c810d14b44b552e68dc10a93e82e754da23f858774a
+	Public Key ID:
+		sha1:38596dac2a46c9002309905e1f02c1fb5df724cd
+		sha256:73a97a992bfd29b91ef23175b367db9c561c516f634f759e3d430230a3d0695c
+	Public Key PIN:
+		pin-sha256:c6l6mSv9Kbke8jF1s2fbnFYcUW9jT3WePUMCMKPQaVw=
+
+-----BEGIN CERTIFICATE-----
+MIIByjCCAXSgAwIBAgIQBjdsAKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFADAW
+MRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw05NjA1MjgyMjAyNTlaFw0zOTEyMzEy
+MzU5NTlaMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MFswDQYJKoZIhvcNAQEBBQAD
+SgAwRwJAgVUiuYqkb+3W59lmD1W8183VvE5AAiGisfeHMIVe0vJEudybdbb7Rl9C
+tp0jNgveVA/NvR+ZKhBYEctAy7WnQQIDAQABo4GeMIGbMFAGA1UEAwRJE0dGb3Ig
+VGVzdGluZyBQdXJwb3NlcyBPbmx5IFNhbXBsZSBTb2Z0d2FyZSBQdWJsaXNoaW5n
+IENyZWRlbnRpYWxzIEFnZW5jeTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRj
+oRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJ
+KoZIhvcNAQEEBQADQQAtLj57iUKJP6ghF/rw9cOV22JpW8ncwbP68MRvb2Savecb
+JWhyg2e9VrCNAb0q98xLvYeluocgTEIRQa0QFzuM
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/complex-cert.pem b/tests/cert-tests/data/complex-cert.pem
new file mode 100644
index 0000000..fae3e48
--- /dev/null
+++ b/tests/cert-tests/data/complex-cert.pem
@@ -0,0 +1,94 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 07
+	Issuer: pseudonym=jackal.,title=Dr.,ST=\#8013\,,O=Koko \,EMAIL=test@me,OU=nounit\,O=org
+	Validity:
+		Not Before: Sat Apr 27 19:04:49 UTC 2013
+		Not After: Tue Sep 11 19:04:49 UTC 2040
+	Subject: pseudonym=jackal.,title=Dr.,ST=\#8013\,,O=Koko \,EMAIL=test@me,OU=nounit\,O=org
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Medium (2432 bits)
+		Modulus (bits 2432):
+			00:ca:a5:55:c5:da:1e:ab:cb:93:df:36:7f:df:21:af
+			5e:84:d0:23:76:69:8c:4f:82:fb:32:07:d9:15:7c:99
+			d3:bb:33:5f:e4:7e:ff:8b:cd:ca:3a:7f:00:c7:52:cc
+			4a:8b:55:ac:af:bd:25:8b:ff:9a:9f:bb:a2:50:db:24
+			28:4f:38:08:cb:6c:bc:64:a0:29:56:72:31:71:53:f1
+			5e:ff:8d:db:97:15:22:16:1e:af:2b:b0:1a:d3:bc:2c
+			ee:4d:4f:f8:50:df:24:a9:a0:51:86:80:d1:8f:57:43
+			bb:31:fb:d0:59:dd:ea:b8:a7:e5:41:0b:61:2b:23:8b
+			e1:76:4c:a5:d1:f8:4d:a9:64:3c:83:84:bd:2e:36:e9
+			59:a7:dc:a4:6f:ff:70:0b:10:02:26:87:18:cf:b4:54
+			de:1c:ed:cd:cc:bf:d7:5b:92:53:bd:de:48:a5:60:07
+			00:58:ba:d7:0d:be:3a:f1:98:1c:90:05:6a:4f:35:c7
+			c3:8a:ee:62:41:6d:49:76:d8:09:64:da:da:26:17:52
+			cf:18:84:76:cb:6d:8d:b0:3f:32:91:11:96:5a:53:d1
+			df:1f:26:2f:db:c0:85:13:bb:88:4e:de:f5:45:45:59
+			ff:c5:a0:d7:4a:05:5b:bd:3f:9e:b0:f5:05:10:dd:af
+			24:e4:01:a4:97:d6:a0:3d:85:e0:83:21:26:6f:de:c8
+			e8:bd:33:2c:32:81:2e:8e:cb:f7:10:71:b8:0c:93:02
+			8c:0b:ca:00:53:88:47:26:bf:ae:a4:a8:b1:e8:94:d8
+			b3
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Key Usage (critical):
+			Digital signature.
+		Subject Key Identifier (not critical):
+			1f1df37c58ffae0157ffccd8aae234092017a090
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		a4:db:8f:4e:d2:47:f7:e6:74:ab:09:2b:49:a9:a0:1b
+		51:28:0f:8e:a5:95:38:55:7a:b3:6a:99:55:cf:b3:51
+		ac:87:84:fc:dd:8d:08:9a:9f:90:4d:bb:62:07:5b:54
+		18:b2:08:fc:a7:18:de:26:80:53:92:63:e0:26:86:b1
+		61:a1:2a:d8:52:e7:ea:ed:ce:9a:3a:f0:81:e0:45:21
+		39:d3:bd:05:4c:ad:a0:ff:83:5e:cd:07:32:ed:a6:c1
+		ea:02:bf:8b:7f:51:76:24:39:51:71:a7:f4:92:1c:7f
+		b3:b0:06:5d:51:3a:18:05:85:1e:a2:f6:ef:9f:2b:dd
+		c5:23:4d:34:8e:c9:0b:cc:6e:66:19:8d:04:86:f1:fc
+		08:1b:2d:f3:31:db:86:72:4c:b9:29:b7:13:46:65:57
+		58:c0:1b:c1:4a:4c:f6:72:d6:5f:29:b4:78:61:17:05
+		fe:94:28:7a:33:c1:b3:df:89:8a:55:d9:6a:68:93:f6
+		cc:18:c5:a9:41:7a:da:6b:90:32:d9:09:de:1c:23:29
+		c8:55:a5:31:11:42:89:97:d5:9b:a5:84:a3:83:f7:ef
+		c3:f7:c6:ee:1c:17:29:f8:59:3b:ca:53:c1:43:6d:4d
+		17:4c:9c:ee:5f:94:31:2c:92:bb:da:ac:3c:6e:7a:b3
+		2a:a9:2b:a7:2a:7b:2b:37:b5:2e:ad:cb:2a:dd:4b:a4
+		f9:e2:ad:9b:18:e9:38:93:44:b6:db:e2:37:c0:9d:e8
+		53:e2:8e:e6:67:ac:3f:61:f7:4e:47:84:5c:f3:d8:44
+Other Information:
+	Fingerprint:
+		sha1:5bf859ec9395b73f5ed5adfdfaa9c1add2ec23ff
+		sha256:3cbe4b0ed00f0b491fd9c7f620f2efe7357e50d9d096fd92c788041bb32e3d1b
+	Public Key ID:
+		sha1:1f1df37c58ffae0157ffccd8aae234092017a090
+		sha256:9a39a13fee4b8f4c589b3934f78632fc4f688f34b7fd36cb17ce841109988f53
+	Public Key PIN:
+		pin-sha256:mjmhP+5Lj0xYmzk094Yy/E9ojzS3/TbLF86EEQmYj1M=
+
+-----BEGIN CERTIFICATE-----
+MIID6zCCAqOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBmMRUwEwYDVQQLEwxub3Vu
+aXQsTz1vcmcxHDAaBgNVBAoME0tva28gLEVNQUlMPXRlc3RAbWUxDzANBgNVBAgM
+BiM4MDEzLDEMMAoGA1UEDBMDRHIuMRAwDgYDVQRBEwdqYWNrYWwuMCIYDzIwMTMw
+NDI3MTkwNDQ5WhgPMjA0MDA5MTExOTA0NDlaMGYxFTATBgNVBAsTDG5vdW5pdCxP
+PW9yZzEcMBoGA1UECgwTS29rbyAsRU1BSUw9dGVzdEBtZTEPMA0GA1UECAwGIzgw
+MTMsMQwwCgYDVQQMEwNEci4xEDAOBgNVBEETB2phY2thbC4wggFSMA0GCSqGSIb3
+DQEBAQUAA4IBPwAwggE6AoIBMQDKpVXF2h6ry5PfNn/fIa9ehNAjdmmMT4L7MgfZ
+FXyZ07szX+R+/4vNyjp/AMdSzEqLVayvvSWL/5qfu6JQ2yQoTzgIy2y8ZKApVnIx
+cVPxXv+N25cVIhYeryuwGtO8LO5NT/hQ3ySpoFGGgNGPV0O7MfvQWd3quKflQQth
+KyOL4XZMpdH4TalkPIOEvS426Vmn3KRv/3ALEAImhxjPtFTeHO3NzL/XW5JTvd5I
+pWAHAFi61w2+OvGYHJAFak81x8OK7mJBbUl22Alk2tomF1LPGIR2y22NsD8ykRGW
+WlPR3x8mL9vAhRO7iE7e9UVFWf/FoNdKBVu9P56w9QUQ3a8k5AGkl9agPYXggyEm
+b97I6L0zLDKBLo7L9xBxuAyTAowLygBTiEcmv66kqLHolNizAgMBAAGjQDA+MAwG
+A1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUHx3zfFj/rgFX
+/8zYquI0CSAXoJAwDQYJKoZIhvcNAQELBQADggExAKTbj07SR/fmdKsJK0mpoBtR
+KA+OpZU4VXqzaplVz7NRrIeE/N2NCJqfkE27YgdbVBiyCPynGN4mgFOSY+AmhrFh
+oSrYUufq7c6aOvCB4EUhOdO9BUytoP+DXs0HMu2mweoCv4t/UXYkOVFxp/SSHH+z
+sAZdUToYBYUeovbvnyvdxSNNNI7JC8xuZhmNBIbx/AgbLfMx24ZyTLkptxNGZVdY
+wBvBSkz2ctZfKbR4YRcF/pQoejPBs9+JilXZamiT9swYxalBetprkDLZCd4cIynI
+VaUxEUKJl9WbpYSjg/fvw/fG7hwXKfhZO8pTwUNtTRdMnO5flDEskrvarDxuerMq
+qSunKnsrN7Uurcsq3Uuk+eKtmxjpOJNEttviN8Cd6FPijuZnrD9h905HhFzz2EQ=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/crit-extensions.pem b/tests/cert-tests/data/crit-extensions.pem
new file mode 100644
index 0000000..a3d5058
--- /dev/null
+++ b/tests/cert-tests/data/crit-extensions.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAi6gAwIBAgIBCTANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJHUjEP
+MA0GA1UECBMGQXR0aWtpMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMRUwEwYDVQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/Is
+ZAEBEwdjbGF1cGVyMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEL
+MAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMu
+MRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVy
+MRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY
+HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY
+nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaNZMFcw
+EwYKMgsMDQ4PEBEBBQEB/wQCyv4wEwYEKgEFAQEB/wQIBAa+r8r++vowDAYDVR0T
+AQH/BAIwADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wDQYJKoZIhvcN
+AQELBQADgYEAhiTH/RZPiwrDdxEV3W2teR0nw2CLIgHVf7SUawNt9t4Ve/jqZoTA
+PhXsthfFK2/N2WCYShL3ahtVuwQ1l81gPLKdHxeih4cF0S+bqFU2a5pFzu7Eo6Mk
+i5PWiFEyWy+WISzTVGAZzYOZUHRmrBeOpZbf/TpsF+uejgkn5AAEYgM=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/crl-demo1.pem b/tests/cert-tests/data/crl-demo1.pem
new file mode 100644
index 0000000..c4fb6f6
--- /dev/null
+++ b/tests/cert-tests/data/crl-demo1.pem
@@ -0,0 +1,45 @@
+X.509 Certificate Revocation List Information:
+	Version: 2
+	Issuer: CN=Trust Anchor,O=Test Certificates 2011,C=US
+	Update dates:
+		Issued: Fri Jan 01 08:30:00 UTC 2010
+		Next at: Tue Dec 31 08:30:00 UTC 2030
+	Extensions:
+		Authority Key Identifier (not critical):
+			e47d5fd15c9586082c05aebe75b665a7d95da866
+		CRL Number (not critical): 01
+	Revoked certificates (1):
+		Serial Number (hex): 68
+		Revoked at: Fri Jan 01 08:30:00 UTC 2010
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		ab:19:1d:b5:bb:21:6b:b6:e1:4c:cd:f0:b7:37:9e:95
+		38:d1:d4:81:90:80:ae:11:f0:fb:1c:d9:fc:36:34:ec
+		9d:96:af:0f:79:27:37:aa:2b:47:57:a9:b8:76:a1:f3
+		72:14:25:ca:d6:29:ac:e2:b8:75:18:ad:12:1f:91:61
+		8e:14:29:43:6e:f8:e4:10:e5:51:4b:4a:fb:82:d1:6b
+		f7:c6:7d:b0:db:d5:6a:a5:0b:5a:bc:11:5f:27:c2:ec
+		b7:de:76:d2:97:9c:7b:ac:7c:e9:f0:7d:2f:a5:4f:e1
+		83:46:22:b2:dc:fb:b8:44:8c:40:c0:2c:9b:3e:b6:d3
+		e8:c4:d3:57:18:c0:29:41:08:b9:c7:26:44:92:c5:d0
+		02:8e:b4:65:d1:ff:af:de:65:75:50:9a:ed:4d:8e:55
+		73:b5:30:2b:99:95:64:11:96:a9:74:06:2d:c2:cc:4d
+		ba:71:6d:63:71:c1:1d:53:ac:90:d0:e3:4a:36:e4:4e
+		47:ee:8d:b1:76:76:42:6d:82:94:71:06:58:52:40:67
+		f0:96:07:b3:63:43:d9:9a:36:4a:22:a1:96:f8:20:1d
+		80:28:f2:81:71:bd:26:4f:74:d8:b2:98:13:f3:37:19
+		48:fe:43:2c:2f:22:54:ea:dc:c7:64:8b:4a:f7:77:e6
+
+-----BEGIN X509 CRL-----
+MIIB4zCBzAIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEfMB0GA1UE
+ChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9y
+Fw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMCIwIAIBaBcNMTAwMTAxMDgz
+MDAwWjAMMAoGA1UdFQQDCgEBoC8wLTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAqxkdtbsha7bh
+TM3wtzeelTjR1IGQgK4R8Psc2fw2NOydlq8PeSc3qitHV6m4dqHzchQlytYprOK4
+dRitEh+RYY4UKUNu+OQQ5VFLSvuC0Wv3xn2w29VqpQtavBFfJ8Lst9520pece6x8
+6fB9L6VP4YNGIrLc+7hEjEDALJs+ttPoxNNXGMApQQi5xyZEksXQAo60ZdH/r95l
+dVCa7U2OVXO1MCuZlWQRlql0Bi3CzE26cW1jccEdU6yQ0ONKNuROR+6NsXZ2Qm2C
+lHEGWFJAZ/CWB7NjQ9maNkoioZb4IB2AKPKBcb0mT3TYspgT8zcZSP5DLC8iVOrc
+x2SLSvd35g==
+-----END X509 CRL-----
diff --git a/tests/cert-tests/data/crl-demo2.pem b/tests/cert-tests/data/crl-demo2.pem
new file mode 100644
index 0000000..9e69263
--- /dev/null
+++ b/tests/cert-tests/data/crl-demo2.pem
@@ -0,0 +1,45 @@
+X.509 Certificate Revocation List Information:
+	Version: 2
+	Issuer: CN=deltaCRL CA3,O=Test Certificates 2011,C=US
+	Update dates:
+		Issued: Tue Jun 01 08:30:00 UTC 2010
+		Next at: Tue Dec 31 08:30:00 UTC 2030
+	Extensions:
+		Authority Key Identifier (not critical):
+			ef63d3a84eb1f9df61e20dc305a39818d29399e7
+		Unknown extension 2.5.29.27 (critical):
+			ASCII: ...
+			Hexdump: 020102
+		CRL Number (not critical): 03
+	No revoked certificates.
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		cb:bc:a5:6a:ce:79:92:aa:33:9e:5a:96:4b:d7:0e:e9
+		0f:c4:0b:b7:4f:89:92:85:e1:2c:e9:df:6e:8b:a8:2b
+		38:91:dd:7a:55:b8:b7:9a:1c:fb:04:fd:a2:1d:28:ce
+		d0:09:5a:32:79:86:49:83:a5:9f:34:04:b6:e0:fa:36
+		54:01:d5:18:6e:58:7d:64:09:60:1a:40:f5:d4:e0:ae
+		27:30:97:6e:1e:e1:a3:a2:99:08:c6:73:7c:04:63:df
+		5c:66:de:38:97:e5:d0:50:d0:33:ce:2f:91:10:89:e0
+		ec:2a:db:7d:c9:bc:42:03:08:48:5d:91:8b:0e:c1:0a
+		fe:75:4a:8f:36:44:75:97:3e:df:1a:db:24:aa:97:b7
+		6a:8b:64:43:70:eb:4b:fd:70:b8:14:6e:4e:65:cb:28
+		36:72:eb:72:1d:01:ef:93:4e:9f:32:ba:09:e5:f5:01
+		1d:60:45:ef:32:02:c2:84:b7:b9:ed:96:8e:15:50:84
+		f3:7e:3d:ae:48:62:92:f9:c5:58:87:dc:d6:cb:76:12
+		c0:6b:39:a3:b0:a8:55:2b:65:17:95:83:aa:b1:c3:10
+		d2:7f:61:68:20:d6:8b:21:7e:c4:0a:41:01:06:64:21
+		f5:2c:84:cf:c0:57:c1:a6:e8:23:cc:f4:f2:8b:d1:ce
+
+-----BEGIN X509 CRL-----
+MIIBzjCBtwIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEfMB0GA1UE
+ChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFDUkwgQ0Ez
+Fw0xMDA2MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaoD4wPDAfBgNVHSMEGDAWgBTv
+Y9OoTrH532HiDcMFo5gY0pOZ5zANBgNVHRsBAf8EAwIBAjAKBgNVHRQEAwIBAzAN
+BgkqhkiG9w0BAQsFAAOCAQEAy7ylas55kqoznlqWS9cO6Q/EC7dPiZKF4Szp326L
+qCs4kd16Vbi3mhz7BP2iHSjO0AlaMnmGSYOlnzQEtuD6NlQB1RhuWH1kCWAaQPXU
+4K4nMJduHuGjopkIxnN8BGPfXGbeOJfl0FDQM84vkRCJ4Owq233JvEIDCEhdkYsO
+wQr+dUqPNkR1lz7fGtskqpe3aotkQ3DrS/1wuBRuTmXLKDZy63IdAe+TTp8yugnl
+9QEdYEXvMgLChLe57ZaOFVCE8349rkhikvnFWIfc1st2EsBrOaOwqFUrZReVg6qx
+wxDSf2FoINaLIX7ECkEBBmQh9SyEz8BXwaboI8z08ovRzg==
+-----END X509 CRL-----
diff --git a/tests/cert-tests/data/crl-demo3.pem b/tests/cert-tests/data/crl-demo3.pem
new file mode 100644
index 0000000..a91b1f9
--- /dev/null
+++ b/tests/cert-tests/data/crl-demo3.pem
@@ -0,0 +1,600 @@
+X.509 Certificate Revocation List Information:
+	Version: 1
+	Issuer: OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet
+	Update dates:
+		Issued: Wed Mar 08 09:00:11 UTC 2017
+		Next at: Fri Apr 07 09:00:11 UTC 2017
+	Revoked certificates (210):
+		Serial Number (hex): 0122b8b2f37642cc4871b611bfd1cfda
+		Revoked at: Mon Apr 15 15:40:24 UTC 2002
+		Serial Number (hex): 018393fb96de1d894ec3479ce1601363
+		Revoked at: Thu May 09 13:57:58 UTC 2002
+		Serial Number (hex): 01dcdb63d4c99f31b816f92cf5b1088e
+		Revoked at: Thu Apr 18 17:46:14 UTC 2002
+		Serial Number (hex): 021aa6af9471f0076ef117e4d41782db
+		Revoked at: Fri Jul 19 21:28:31 UTC 2002
+		Serial Number (hex): 024ce89dfd5f774d4bf5798bb10867ac
+		Revoked at: Tue Feb 12 06:16:50 UTC 2002
+		Serial Number (hex): 0259ae6c4c21f1594987b095f965f320
+		Revoked at: Thu Jun 19 08:04:47 UTC 2003
+		Serial Number (hex): 033c410e2f425c322cb135fee76197a5
+		Revoked at: Wed Apr 24 19:47:02 UTC 2002
+		Serial Number (hex): 034e68fa8bb28eb972ea72e53b15ac8b
+		Revoked at: Thu Sep 26 21:51:51 UTC 2002
+		Serial Number (hex): 03c9a8e348b05fcf08eeb993f9e9af0c
+		Revoked at: Thu Apr 18 13:49:22 UTC 2002
+		Serial Number (hex): 049b236a375c06980a31c886dc3a95cc
+		Revoked at: Tue Oct 01 22:10:56 UTC 2002
+		Serial Number (hex): 0608bac7acf85a7ca1f42585bb4e8c4f
+		Revoked at: Fri Jan 03 07:57:14 UTC 2003
+		Serial Number (hex): 0766224a4a9dff6eb5110ba994fc6820
+		Revoked at: Thu Aug 22 01:40:12 UTC 2002
+		Serial Number (hex): 078fa14db5fc0cc64272883776294431
+		Revoked at: Fri Mar 15 20:19:49 UTC 2002
+		Serial Number (hex): 07b9d9421981c4fd494f72cef2f86d76
+		Revoked at: Fri Feb 15 15:37:19 UTC 2002
+		Serial Number (hex): 086ef96c7fbfbcc88670623fe9c42f2b
+		Revoked at: Thu Nov 28 00:28:14 UTC 2002
+		Serial Number (hex): 0908e4aaf52d2bc0159e008b3f9793f9
+		Revoked at: Wed Feb 12 22:00:23 UTC 2003
+		Serial Number (hex): 09130a4f0f88e55005c35ff4ff1539dd
+		Revoked at: Wed Mar 06 08:11:30 UTC 2002
+		Serial Number (hex): 098ddd37dae784039d9896f8883a55ca
+		Revoked at: Thu Feb 21 23:35:26 UTC 2002
+		Serial Number (hex): 0a350cd7f453e6c14ef22ad3cef87ce7
+		Revoked at: Fri Aug 02 22:24:28 UTC 2002
+		Serial Number (hex): 0b9cb8f8fb3538f291fda1e9694ab124
+		Revoked at: Tue Apr 08 01:02:22 UTC 2003
+		Serial Number (hex): 0c2f7f3215e02f74fa052267bc8a2dd0
+		Revoked at: Tue Feb 26 19:07:54 UTC 2002
+		Serial Number (hex): 0c325b7832c67cd8dd2591224d840a94
+		Revoked at: Mon Mar 18 12:39:03 UTC 2002
+		Serial Number (hex): 0d7636b91c72b79ddfa53582c5a8f7bb
+		Revoked at: Tue Aug 27 21:42:11 UTC 2002
+		Serial Number (hex): 0f28799856b8a55eeb795f1bed0b8676
+		Revoked at: Wed Mar 13 01:10:47 UTC 2002
+		Serial Number (hex): 0f803c24f4622724be6a749c188e4b3b
+		Revoked at: Wed Nov 20 17:11:35 UTC 2002
+		Serial Number (hex): 0ff2a78c809cbe2fc8a9ebfe94865a5c
+		Revoked at: Thu Jun 20 19:58:45 UTC 2002
+		Serial Number (hex): 1045133545f3c6028d8d18b1c40a7a18
+		Revoked at: Fri Apr 26 17:32:59 UTC 2002
+		Serial Number (hex): 1079b1711b269892081e3ce48b2937f9
+		Revoked at: Thu Mar 28 16:32:55 UTC 2002
+		Serial Number (hex): 11388077cb6be5d6a7f299a1c8e94025
+		Revoked at: Fri Apr 19 12:24:17 UTC 2002
+		Serial Number (hex): 117ac382fe74361121d6928609dfe6f3
+		Revoked at: Tue Feb 19 15:11:36 UTC 2002
+		Serial Number (hex): 11ab8e21287f6df2c1c8403ea5de98d3
+		Revoked at: Thu May 02 18:44:31 UTC 2002
+		Serial Number (hex): 123c38ae3f64533af7bc6c27e29c6575
+		Revoked at: Wed Feb 13 23:08:59 UTC 2002
+		Serial Number (hex): 1288b66c9bcfe75092d287638fb7a6e3
+		Revoked at: Tue Jul 02 20:55:03 UTC 2002
+		Serial Number (hex): 12954eb68f3a196a16734f6e15baa5e7
+		Revoked at: Mon Jun 17 18:56:01 UTC 2002
+		Serial Number (hex): 13370b418c31431c27aae1830f9921cd
+		Revoked at: Mon Jul 22 12:17:16 UTC 2002
+		Serial Number (hex): 147a290a0938f45328336f3707231210
+		Revoked at: Fri Feb 22 02:00:14 UTC 2002
+		Serial Number (hex): 1504811ee26ff0d8dd12550566516e1a
+		Revoked at: Wed Mar 13 10:53:08 UTC 2002
+		Serial Number (hex): 15300d8abd0e890e664f4993a28fbc2e
+		Revoked at: Thu Apr 04 06:42:23 UTC 2002
+		Serial Number (hex): 16be64d64f90f4f72bc8ca675c8213e8
+		Revoked at: Thu Jun 06 19:09:07 UTC 2002
+		Serial Number (hex): 18519ce4486206feb82d93b7c9c91b4e
+		Revoked at: Wed Apr 17 05:00:44 UTC 2002
+		Serial Number (hex): 1982db397400383659f6ccc1238d40e9
+		Revoked at: Wed Mar 06 07:54:54 UTC 2002
+		Serial Number (hex): 1b5190f73724399c9254cd424637996a
+		Revoked at: Tue Jan 30 00:00:00 UTC 2001
+		Serial Number (hex): 1be4b2bbb6745d6b8b04b6a01b35eb29
+		Revoked at: Wed Sep 25 20:14:56 UTC 2002
+		Serial Number (hex): 1c1dd52af6aafdbb47c27336cf53bd81
+		Revoked at: Wed Feb 13 19:03:42 UTC 2002
+		Serial Number (hex): 1cb05a1ffda698f646f932109eef528e
+		Revoked at: Thu Jun 27 13:03:22 UTC 2002
+		Serial Number (hex): 1d01fca7ddb40c64bd6545e6bf1c7e90
+		Revoked at: Thu Feb 21 04:20:06 UTC 2002
+		Serial Number (hex): 1e4dc9c66e57da8a079770faee9cc558
+		Revoked at: Tue Feb 19 22:34:21 UTC 2002
+		Serial Number (hex): 1ebb9b2861507f1230fb02b5e1b07e9d
+		Revoked at: Wed Mar 06 00:04:20 UTC 2002
+		Serial Number (hex): 1f5a64c9a5518ce22d5083c24c7ce785
+		Revoked at: Sat Aug 24 06:31:28 UTC 2002
+		Serial Number (hex): 1fc24ed0ac52d339186dd00f23d74572
+		Revoked at: Thu Feb 28 19:15:42 UTC 2002
+		Serial Number (hex): 24607a8e0e86a48868afd90c6bbaff
+		Revoked at: Thu Feb 28 05:18:24 UTC 2002
+		Serial Number (hex): 204173bb72886e4b1cb6700267aa3b3d
+		Revoked at: Tue Sep 03 17:06:21 UTC 2002
+		Serial Number (hex): 206e0ddc8ca4acf708775c80f9a36892
+		Revoked at: Wed Apr 10 20:57:16 UTC 2002
+		Serial Number (hex): 21e46b984791e602dfb245bc3137a07c
+		Revoked at: Fri Mar 08 23:23:13 UTC 2002
+		Serial Number (hex): 2200957079f99c3491bb84b991de2255
+		Revoked at: Wed Feb 13 06:59:39 UTC 2002
+		Serial Number (hex): 22f9674fcd29c6dcc8226ee90aa1485a
+		Revoked at: Wed Apr 03 00:43:26 UTC 2002
+		Serial Number (hex): 24a3a7d0b81d1cf7e61f6ebac99859ed
+		Revoked at: Thu Jul 24 20:58:02 UTC 2003
+		Serial Number (hex): 24ef89a1304f5163fedbdb646e4c5a81
+		Revoked at: Wed Jul 03 09:21:17 UTC 2002
+		Serial Number (hex): 2508e5acdd6f7444511af5dbf8ba25e0
+		Revoked at: Tue Apr 09 04:16:22 UTC 2002
+		Serial Number (hex): 2581e8186088bc1ae91484edd462f547
+		Revoked at: Fri Aug 23 01:57:19 UTC 2002
+		Serial Number (hex): 26e55cab16ec6138492cd2b14889d547
+		Revoked at: Wed Mar 13 18:00:38 UTC 2002
+		Serial Number (hex): 27beda7f4f1f6c7609c09aafd468e216
+		Revoked at: Fri May 10 18:32:30 UTC 2002
+		Serial Number (hex): 2889d0b3b5c456369b3e811a2156aa42
+		Revoked at: Mon Nov 04 11:03:08 UTC 2002
+		Serial Number (hex): 28ab9306b11e05e0e12575c774cb55a6
+		Revoked at: Fri Jan 24 19:48:23 UTC 2003
+		Serial Number (hex): 29e93b448dc34b8017dae41c43968359
+		Revoked at: Fri Jun 07 21:43:39 UTC 2002
+		Serial Number (hex): 2a08642b48e217896a0cf97e10668fe7
+		Revoked at: Mon Aug 19 18:35:29 UTC 2002
+		Serial Number (hex): 2a44ee915de3a52b09f35659e08f2522
+		Revoked at: Thu Feb 21 19:31:24 UTC 2002
+		Serial Number (hex): 2a8b4ea5b606c8483b0e711e6bf416c1
+		Revoked at: Tue Apr 30 09:21:18 UTC 2002
+		Serial Number (hex): 2b03fc2fc28e38296fa10fe9471b35d7
+		Revoked at: Thu Nov 14 20:18:33 UTC 2002
+		Serial Number (hex): 2c48f7d6d571c0d1bd6a00651d2da9dd
+		Revoked at: Wed Mar 06 17:20:43 UTC 2002
+		Serial Number (hex): 2cbf841de4583279321037ded794ff85
+		Revoked at: Fri Feb 22 19:02:25 UTC 2002
+		Serial Number (hex): 2d03543554452c6d39f01b7468decf93
+		Revoked at: Mon Sep 23 13:23:37 UTC 2002
+		Serial Number (hex): 2d2494341992b1f2379d6ec53593ddf0
+		Revoked at: Fri Mar 15 17:17:27 UTC 2002
+		Serial Number (hex): 2d4724618791ba2ef2f79221f31b8b1e
+		Revoked at: Tue May 14 23:08:22 UTC 2002
+		Serial Number (hex): 2d84c2b101a13a6fb03013765a69ec41
+		Revoked at: Mon Jul 15 17:29:23 UTC 2002
+		Serial Number (hex): 2dd526c3cd01cefd67b808ac5a70c434
+		Revoked at: Wed Feb 27 04:46:14 UTC 2002
+		Serial Number (hex): 2e2b0a944df1a437b7a39b4b9626a8e3
+		Revoked at: Thu Jan 09 06:28:28 UTC 2003
+		Serial Number (hex): 2e3130c12e1631d92b0a70ca3f317362
+		Revoked at: Wed Jan 29 01:49:27 UTC 2003
+		Serial Number (hex): 2ebd6ddfce206fe7a8f4f3259cc3c112
+		Revoked at: Fri Sep 20 13:54:42 UTC 2002
+		Serial Number (hex): 2f561622ba87d5fdffe6b0dd3c08262c
+		Revoked at: Wed Mar 13 17:53:11 UTC 2002
+		Serial Number (hex): 303e777beccb892c15557f20f233c11e
+		Revoked at: Thu Feb 21 23:50:49 UTC 2002
+		Serial Number (hex): 30596caa5fd3ac50862cc4fa3c4850d1
+		Revoked at: Thu Feb 21 04:19:35 UTC 2002
+		Serial Number (hex): 30ce9af1fa17faf54cbc528af4262b7b
+		Revoked at: Fri Mar 01 19:12:39 UTC 2002
+		Serial Number (hex): 31164a6a2e6d344dd240f05f47e65b47
+		Revoked at: Tue Feb 12 17:38:52 UTC 2002
+		Serial Number (hex): 31db975b06630bd8fe06b3f5f9640a59
+		Revoked at: Tue Feb 12 15:59:23 UTC 2002
+		Serial Number (hex): 32bceb0cca65063fa4d54a56467c2209
+		Revoked at: Fri Aug 16 07:33:55 UTC 2002
+		Serial Number (hex): 3317efe189ec1125158f3b677a640b50
+		Revoked at: Wed Sep 18 17:03:46 UTC 2002
+		Serial Number (hex): 3424a0d20061ebd39aa72a66b4822377
+		Revoked at: Fri Mar 15 22:43:39 UTC 2002
+		Serial Number (hex): 34a81667a51ba331115e26c83f2138be
+		Revoked at: Thu Mar 21 21:16:21 UTC 2002
+		Serial Number (hex): 363abe055552934f325f3063c0d450df
+		Revoked at: Fri Mar 08 11:46:14 UTC 2002
+		Serial Number (hex): 3719cca59d850556e163424b0d3cbfd6
+		Revoked at: Wed Jan 08 18:58:24 UTC 2003
+		Serial Number (hex): 372ffd2bec4d943551f4072af50b97c4
+		Revoked at: Wed Feb 13 19:18:01 UTC 2002
+		Serial Number (hex): 3783f51e7ef45fad1f0c5586300254c1
+		Revoked at: Wed Jan 08 20:03:44 UTC 2003
+		Serial Number (hex): 38323e502b369301320a598cceada0eb
+		Revoked at: Tue Apr 30 21:24:08 UTC 2002
+		Serial Number (hex): 3a62d864d385d5611d9d3f6125e93a1d
+		Revoked at: Mon Jun 17 15:19:16 UTC 2002
+		Serial Number (hex): 3a9736b126147350a3cc3fd03b8399c9
+		Revoked at: Wed Sep 11 03:29:30 UTC 2002
+		Serial Number (hex): 3b873e20be97ffa76b2b5fff9a7f4c95
+		Revoked at: Wed Jul 03 00:31:47 UTC 2002
+		Serial Number (hex): 3bbae5f22399c6d7aee2980da4135cd4
+		Revoked at: Fri May 24 19:28:45 UTC 2002
+		Serial Number (hex): 3bc27cf0bdd29a6f97dd76bca96c450d
+		Revoked at: Fri Mar 08 10:42:03 UTC 2002
+		Serial Number (hex): 3bc5da41647a378e9f7f1f9b250ab4da
+		Revoked at: Wed Mar 06 13:24:48 UTC 2002
+		Serial Number (hex): 3c1bf19a48b0b8a045d58f0f5790c2cd
+		Revoked at: Mon Mar 18 06:43:23 UTC 2002
+		Serial Number (hex): 3d154880b4fe517eed46ae51fd4773de
+		Revoked at: Tue Aug 27 09:20:08 UTC 2002
+		Serial Number (hex): 3d614e87ea3902f31e3e565c0e3ba7e3
+		Revoked at: Tue Oct 29 19:54:12 UTC 2002
+		Serial Number (hex): 3ddd619282696b01790eef9612a37680
+		Revoked at: Wed May 01 22:24:16 UTC 2002
+		Serial Number (hex): 3e0e147155f348091b563b917a7decc9
+		Revoked at: Mon Mar 11 21:45:51 UTC 2002
+		Serial Number (hex): 3e23001f9bbde8b1f00667a670422ec3
+		Revoked at: Thu Aug 08 12:21:32 UTC 2002
+		Serial Number (hex): 41911a8cde2db3eb791dc79999be0c0e
+		Revoked at: Mon Feb 25 19:18:54 UTC 2002
+		Serial Number (hex): 41a8d79c105e5aac167f93aad1833455
+		Revoked at: Wed Apr 10 12:53:40 UTC 2002
+		Serial Number (hex): 428896b07b28a2fa2f917358a71e537c
+		Revoked at: Sat Mar 01 09:43:31 UTC 2003
+		Serial Number (hex): 42932fd254d394d0416a2e338b81b43c
+		Revoked at: Thu Aug 08 00:48:46 UTC 2002
+		Serial Number (hex): 4424ddba85fd3eb2b81774fd9d5c0cbd
+		Revoked at: Sat Sep 21 16:09:12 UTC 2002
+		Serial Number (hex): 4502187d399cb914fb103796f4c1dd2f
+		Revoked at: Mon Feb 11 11:11:06 UTC 2002
+		Serial Number (hex): 4516bc310b4e870acce3d51416331183
+		Revoked at: Tue Apr 02 02:20:17 UTC 2002
+		Serial Number (hex): 461636de3fef8cfa675312cc7663d6dd
+		Revoked at: Thu Feb 14 16:59:43 UTC 2002
+		Serial Number (hex): 465f85a3a4983c4063f61cf7c2befd0e
+		Revoked at: Tue Apr 09 15:30:05 UTC 2002
+		Serial Number (hex): 4720c2d885855439cdf210f0a7885275
+		Revoked at: Tue Sep 10 22:25:27 UTC 2002
+		Serial Number (hex): 47426ea2abc5335d50440b889784594c
+		Revoked at: Tue Mar 05 14:05:19 UTC 2002
+		Serial Number (hex): 49203fa86e81c83b2605f4a79b5a8160
+		Revoked at: Thu Jul 11 17:50:48 UTC 2002
+		Serial Number (hex): 498b6f05fbcbf45aaf0947b104c5e351
+		Revoked at: Fri Apr 12 17:48:08 UTC 2002
+		Serial Number (hex): 49b2c37abf752ab313ae53c6cb455a3e
+		Revoked at: Fri Nov 15 21:35:37 UTC 2002
+		Serial Number (hex): 4b232c0ade7a36ebfe893ac7fd274600
+		Revoked at: Thu Mar 01 18:04:00 UTC 2001
+		Serial Number (hex): 4bcac3ab0ac5cd90a2be43fedd06e145
+		Revoked at: Sat Jul 20 17:32:12 UTC 2002
+		Serial Number (hex): 4c00cc73d57461629252ffde5bc155bd
+		Revoked at: Mon Aug 26 14:01:51 UTC 2002
+		Serial Number (hex): 4c59c1c3564027d4220e37f65f2650c5
+		Revoked at: Tue Feb 26 09:57:44 UTC 2002
+		Serial Number (hex): 4cca125946f92bc67d3378402c3b7a0c
+		Revoked at: Thu May 30 20:24:58 UTC 2002
+		Serial Number (hex): 4d5751359be5412c6966c721ecc62932
+		Revoked at: Thu Sep 26 04:35:56 UTC 2002
+		Serial Number (hex): 4e85ab9e1754e7420f8ca16596885354
+		Revoked at: Thu Mar 28 00:18:53 UTC 2002
+		Serial Number (hex): 503dedac2186665da51a13eefca70bc6
+		Revoked at: Mon Feb 18 13:55:49 UTC 2002
+		Serial Number (hex): 50a3819ccb22e40f80cb7aec35f87382
+		Revoked at: Sat Oct 05 16:59:59 UTC 2002
+		Serial Number (hex): 5128732617cf106eeb4a0374a335e560
+		Revoked at: Fri Jun 13 10:09:29 UTC 2003
+		Serial Number (hex): 5152ffdc696b1f1fff7cb17f0390a96b
+		Revoked at: Fri Jun 14 16:04:02 UTC 2002
+		Serial Number (hex): 52d953699fecabdd5d2a2faa5786b91f
+		Revoked at: Fri Aug 30 23:46:43 UTC 2002
+		Serial Number (hex): 5446a88f692e02f4b4b269dabd4002e0
+		Revoked at: Tue Mar 26 01:56:58 UTC 2002
+		Serial Number (hex): 54b58173b57c6dba5c990dff0a4deeef
+		Revoked at: Wed Jul 24 16:39:51 UTC 2002
+		Serial Number (hex): 579141209f576f42534e19cce4c8524a
+		Revoked at: Tue May 28 23:24:00 UTC 2002
+		Serial Number (hex): 57c6dca0edbf77dd7e186883570c2a4f
+		Revoked at: Tue May 21 14:06:11 UTC 2002
+		Serial Number (hex): 57ede25be2623f98e1f54d30a40edfdf
+		Revoked at: Sun Jun 09 01:47:18 UTC 2002
+		Serial Number (hex): 5847d9bd831a636fb7637f4a565e8e4d
+		Revoked at: Mon Apr 15 17:23:03 UTC 2002
+		Serial Number (hex): 58c6629980e60c4f008b253893e61810
+		Revoked at: Thu Jun 06 07:09:47 UTC 2002
+		Serial Number (hex): 5952090e99f3a9e52feda9b2d861e7ea
+		Revoked at: Wed Jun 26 14:18:36 UTC 2002
+		Serial Number (hex): 595caafbbefb73d1f4abc8e33d0104dd
+		Revoked at: Fri Sep 27 22:20:10 UTC 2002
+		Serial Number (hex): 599759a73db0d97eff2acb31cc66f385
+		Revoked at: Thu Aug 22 00:55:58 UTC 2002
+		Serial Number (hex): 59dd453661d93ee9ffbdad2ebf9a5d98
+		Revoked at: Tue Jul 02 20:40:03 UTC 2002
+		Serial Number (hex): 5a4b4818a92a9cd5912f4fa4f8b31b4d
+		Revoked at: Thu Apr 04 23:33:12 UTC 2002
+		Serial Number (hex): 5adf320d64eb9bd211e25850be930c65
+		Revoked at: Fri Apr 05 17:07:21 UTC 2002
+		Serial Number (hex): 5b23bfbbc4b3f402e9cb109eeea53fcd
+		Revoked at: Fri Mar 29 16:26:59 UTC 2002
+		Serial Number (hex): 5b51bc38bfaf9f27a9c7ed25d08dec2e
+		Revoked at: Fri Mar 08 10:25:20 UTC 2002
+		Serial Number (hex): 5c297f4661dd47908291bd79226a9838
+		Revoked at: Fri Nov 08 15:54:26 UTC 2002
+		Serial Number (hex): 5e38f75b00f1ef1cb6ffd55c74fb955d
+		Revoked at: Sat Nov 23 01:49:29 UTC 2002
+		Serial Number (hex): 5e88beb6b4b2aab092f3f6c2bc7221ca
+		Revoked at: Thu Feb 14 07:12:10 UTC 2002
+		Serial Number (hex): 5f59a0bbaf26c8c1b4043abbfc4c75a5
+		Revoked at: Tue Apr 16 15:51:23 UTC 2002
+		Serial Number (hex): 5f81080fa0cd447323588e499fb50835
+		Revoked at: Wed Jun 19 14:17:43 UTC 2002
+		Serial Number (hex): 5fba1f8fb22356ddbca672b09913b5b2
+		Revoked at: Mon May 06 08:47:10 UTC 2002
+		Serial Number (hex): 6009d5b76bf1164afad0a54c8edd02cb
+		Revoked at: Mon Jun 17 16:12:29 UTC 2002
+		Serial Number (hex): 601d19d855d514d5ff030dad5c074ce7
+		Revoked at: Mon Jul 15 23:01:11 UTC 2002
+		Serial Number (hex): 602467c30bad538fce8905b587af7ce4
+		Revoked at: Tue Oct 08 20:38:52 UTC 2002
+		Serial Number (hex): 605cf33d2223393fe62109fddd77c28f
+		Revoked at: Tue Jul 02 17:27:58 UTC 2002
+		Serial Number (hex): 60a25ebf0783a31856184863a7fdc763
+		Revoked at: Thu May 09 19:52:27 UTC 2002
+		Serial Number (hex): 60c2ada80ef99a665da275045e5c71c2
+		Revoked at: Tue Nov 12 13:36:17 UTC 2002
+		Serial Number (hex): 60db1d3734f6029d681b70f113002f80
+		Revoked at: Thu Feb 28 09:55:33 UTC 2002
+		Serial Number (hex): 61f038eabc170d11d289ee875057a0ed
+		Revoked at: Wed Jan 29 17:41:44 UTC 2003
+		Serial Number (hex): 61fa9beb58f9e5a59e79a83d79ac3597
+		Revoked at: Thu Oct 10 20:16:37 UTC 2002
+		Serial Number (hex): 6244572441c0893f5bd2bde72f7541fa
+		Revoked at: Thu Aug 08 18:30:15 UTC 2002
+		Serial Number (hex): 62513a2d8d823965fef68ac84e2991fd
+		Revoked at: Thu Sep 26 00:54:34 UTC 2002
+		Serial Number (hex): 62524949f251677ae2eec90c23113db2
+		Revoked at: Wed Apr 17 18:06:55 UTC 2002
+		Serial Number (hex): 6352bddcb7bfbb906c82eeb5a39fd8c9
+		Revoked at: Thu Feb 21 16:30:58 UTC 2002
+		Serial Number (hex): 635e6be9ea3dd63bc34d09c313dbddbc
+		Revoked at: Mon Jun 02 14:47:36 UTC 2003
+		Serial Number (hex): 63da0bd5131e988332a23a4bdf8c8986
+		Revoked at: Wed Sep 25 08:08:13 UTC 2002
+		Serial Number (hex): 64fef01a3aed89f8b534d31e0fce0dce
+		Revoked at: Mon Apr 08 21:06:24 UTC 2002
+		Serial Number (hex): 65a749d837224b4ae5cfa3fed63bc067
+		Revoked at: Wed Dec 04 17:14:16 UTC 2002
+		Serial Number (hex): 65c99e4776980d9e57e4aec51c3ef2e7
+		Revoked at: Mon Sep 23 14:08:18 UTC 2002
+		Serial Number (hex): 65e07bc574e4ab014fa35ed6ebcdd569
+		Revoked at: Wed Apr 03 17:24:06 UTC 2002
+		Serial Number (hex): 6651b7e562b7e331c0eef2e8fe846a4e
+		Revoked at: Fri Sep 06 13:23:33 UTC 2002
+		Serial Number (hex): 677c76ac665a6b415c078302d6d963c0
+		Revoked at: Mon Feb 18 13:55:10 UTC 2002
+		Serial Number (hex): 6867deb3aa20cf4b34a5e0c8c0c5c9a4
+		Revoked at: Tue Mar 12 01:09:26 UTC 2002
+		Serial Number (hex): 6923345d7504dc99bdce8d21b46b10fc
+		Revoked at: Tue Sep 03 13:19:20 UTC 2002
+		Serial Number (hex): 699f2031d13ffa1e702e37d59a8c0a16
+		Revoked at: Wed Feb 20 09:01:35 UTC 2002
+		Serial Number (hex): 6a94d625d067e44d792bc6d5c94a7fc6
+		Revoked at: Mon Feb 11 19:15:40 UTC 2002
+		Serial Number (hex): 6b5ca4455be9cfe73b29b132d7a1043d
+		Revoked at: Fri Oct 18 15:43:48 UTC 2002
+		Serial Number (hex): 6bc07d4f18feb707e8569a6c400f3653
+		Revoked at: Thu Sep 26 21:01:26 UTC 2002
+		Serial Number (hex): 6be1dd363bece0a9f5927e33bfed4846
+		Revoked at: Wed Apr 17 14:42:31 UTC 2002
+		Serial Number (hex): 6caceb372b6a42e2cac8d2dab8b9826a
+		Revoked at: Fri Mar 01 14:28:34 UTC 2002
+		Serial Number (hex): 6d981bb476d16259a13ceed221d8df4c
+		Revoked at: Tue May 14 17:56:12 UTC 2002
+		Serial Number (hex): 6ddd0b5a3c9cabd33bd916ec6974fb9a
+		Revoked at: Fri Feb 22 12:26:38 UTC 2002
+		Serial Number (hex): 6edefd8936aea0418d5cec2e9031f89a
+		Revoked at: Mon Apr 08 22:36:12 UTC 2002
+		Serial Number (hex): 6fb26b4c48cafee6699a0663c43296c1
+		Revoked at: Fri Jan 17 17:27:25 UTC 2003
+		Serial Number (hex): 700be1ee4489515265272c2d347ce08d
+		Revoked at: Wed Sep 18 00:36:00 UTC 2002
+		Serial Number (hex): 702dc0a6b8a5a0da4859b3963480c825
+		Revoked at: Fri Aug 30 14:01:01 UTC 2002
+		Serial Number (hex): 70e1d992cd764263516ecd8c09291748
+		Revoked at: Fri May 17 11:10:41 UTC 2002
+		Serial Number (hex): 7238e4916a7a8af3bff0d8e0a4708da8
+		Revoked at: Mon Mar 04 19:06:40 UTC 2002
+		Serial Number (hex): 7297a1d89c3b00c2c4262d062b29764e
+		Revoked at: Tue Jun 18 15:09:47 UTC 2002
+		Serial Number (hex): 72d2239bf233e97ccfb6a941d50e5c39
+		Revoked at: Wed Apr 09 17:02:29 UTC 2003
+		Serial Number (hex): 745c9cf9aac3fa943c253965449513f1
+		Revoked at: Tue Jul 09 23:53:20 UTC 2002
+		Serial Number (hex): 74987f68ad179293f265940c33e6bd49
+		Revoked at: Tue Apr 23 07:44:18 UTC 2002
+		Serial Number (hex): 750e40ff97f047edf556c7084eb1abfd
+		Revoked at: Wed Jan 31 00:00:00 UTC 2001
+		Serial Number (hex): 7526515965b733325fe6cdaa306578e0
+		Revoked at: Thu May 16 18:24:56 UTC 2002
+		Serial Number (hex): 76136fbfc8ded9363039cc858f002f19
+		Revoked at: Thu Mar 14 09:48:24 UTC 2002
+		Serial Number (hex): 7652788944fac1b3d7c94cb33295af03
+		Revoked at: Thu Nov 14 19:15:43 UTC 2002
+		Serial Number (hex): 775d4c40d98dfac89a248d4710904a0a
+		Revoked at: Thu May 09 01:13:02 UTC 2002
+		Serial Number (hex): 77e65a4359935d5f7a75801acdadc222
+		Revoked at: Thu Aug 31 18:22:50 UTC 2000
+		Serial Number (hex): 7819f1b68783afdf608d9a640dece051
+		Revoked at: Mon May 20 17:28:16 UTC 2002
+		Serial Number (hex): 7864658f8279dba51c47101d72236652
+		Revoked at: Fri Jan 24 18:45:47 UTC 2003
+		Serial Number (hex): 7864e1c0698f3ac78b23e329b1eea941
+		Revoked at: Wed May 08 17:46:26 UTC 2002
+		Serial Number (hex): 7879896112676414fd08ccb30555c067
+		Revoked at: Tue Apr 02 13:18:53 UTC 2002
+		Serial Number (hex): 788a562208ce42eed1a3791014fd3a36
+		Revoked at: Wed Feb 05 16:53:29 UTC 2003
+		Serial Number (hex): 7aa06cba3302ac5ff50bb67761ef7709
+		Revoked at: Thu Feb 28 17:55:11 UTC 2002
+		Serial Number (hex): 7b9133666cf0d4e39df688299bf7d0ea
+		Revoked at: Wed Nov 20 22:16:49 UTC 2002
+		Serial Number (hex): 7ceff20a08ae10571ededcd66376b05d
+		Revoked at: Tue Feb 26 10:22:30 UTC 2002
+		Serial Number (hex): 7f76ef69ebf53f532eaaa5eddec0b406
+		Revoked at: Wed May 01 03:33:07 UTC 2002
+		Serial Number (hex): 7fcb6b9991d076e13c0e6715c4d44d7b
+		Revoked at: Wed Apr 10 21:18:40 UTC 2002
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		99:30:0e:fe:e6:33:43:cd:43:56:a9:ee:a6:a4:6e:f2
+		1e:48:31:73:70:8d:08:dd:d9:44:33:76:3b:d3:06:6f
+		ed:34:36:35:3a:b0:ea:c2:31:f3:0b:34:b2:02:ed:be
+		e2:76:60:33:91:51:e7:fe:fa:70:04:69:1f:43:ca:70
+		dd:65:e0:ee:03:c7:96:2b:fc:d6:7e:e2:e3:70:7a:15
+		66:e8:9a:8b:d2:19:b3:e5:45:54:e9:7f:98:04:d6:b2
+		3c:21:66:d8:aa:95:d3:ae:72:ea:d6:b6:72:f0:41:08
+		6d:5c:cb:8c:90:90:ba:54:42:39:b0:6c:f5:06:e7:d0
+
+-----BEGIN X509 CRL-----
+MIId4DCCHUkwDQYJKoZIhvcNAQEFBQAwYTERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTMwMQYDVQQLEypWZXJpU2lnbiBDb21tZXJj
+aWFsIFNvZnR3YXJlIFB1Ymxpc2hlcnMgQ0EXDTE3MDMwODA5MDAxMVoXDTE3MDQw
+NzA5MDAxMVowghy1MCECEAEiuLLzdkLMSHG2Eb/Rz9oXDTAyMDQxNTE1NDAyNFow
+IQIQAYOT+5beHYlOw0ec4WATYxcNMDIwNTA5MTM1NzU4WjAhAhAB3Ntj1MmfMbgW
++Sz1sQiOFw0wMjA0MTgxNzQ2MTRaMCECEAIapq+UcfAHbvEX5NQXgtsXDTAyMDcx
+OTIxMjgzMVowIQIQAkzonf1fd01L9XmLsQhnrBcNMDIwMjEyMDYxNjUwWjAhAhAC
+Wa5sTCHxWUmHsJX5ZfMgFw0wMzA2MTkwODA0NDdaMCECEAM8QQ4vQlwyLLE1/udh
+l6UXDTAyMDQyNDE5NDcwMlowIQIQA05o+ouyjrly6nLlOxWsixcNMDIwOTI2MjE1
+MTUxWjAhAhADyajjSLBfzwjuuZP56a8MFw0wMjA0MTgxMzQ5MjJaMCECEASbI2o3
+XAaYCjHIhtw6lcwXDTAyMTAwMTIyMTA1NlowIQIQBgi6x6z4Wnyh9CWFu06MTxcN
+MDMwMTAzMDc1NzE0WjAhAhAHZiJKSp3/brURC6mU/GggFw0wMjA4MjIwMTQwMTJa
+MCECEAePoU21/AzGQnKIN3YpRDEXDTAyMDMxNTIwMTk0OVowIQIQB7nZQhmBxP1J
+T3LO8vhtdhcNMDIwMjE1MTUzNzE5WjAhAhAIbvlsf7+8yIZwYj/pxC8rFw0wMjEx
+MjgwMDI4MTRaMCECEAkI5Kr1LSvAFZ4Aiz+Xk/kXDTAzMDIxMjIyMDAyM1owIQIQ
+CRMKTw+I5VAFw1/0/xU53RcNMDIwMzA2MDgxMTMwWjAhAhAJjd032ueEA52YlviI
+OlXKFw0wMjAyMjEyMzM1MjZaMCECEAo1DNf0U+bBTvIq0874fOcXDTAyMDgwMjIy
+MjQyOFowIQIQC5y4+Ps1OPKR/aHpaUqxJBcNMDMwNDA4MDEwMjIyWjAhAhAML38y
+FeAvdPoFIme8ii3QFw0wMjAyMjYxOTA3NTRaMCECEAwyW3gyxnzY3SWRIk2ECpQX
+DTAyMDMxODEyMzkwM1owIQIQDXY2uRxyt53fpTWCxaj3uxcNMDIwODI3MjE0MjEx
+WjAhAhAPKHmYVrilXut5XxvtC4Z2Fw0wMjAzMTMwMTEwNDdaMCECEA+APCT0Yick
+vmp0nBiOSzsXDTAyMTEyMDE3MTEzNVowIQIQD/KnjICcvi/Iqev+lIZaXBcNMDIw
+NjIwMTk1ODQ1WjAhAhAQRRM1RfPGAo2NGLHECnoYFw0wMjA0MjYxNzMyNTlaMCEC
+EBB5sXEbJpiSCB485IspN/kXDTAyMDMyODE2MzI1NVowIQIQETiAd8tr5dan8pmh
+yOlAJRcNMDIwNDE5MTIyNDE3WjAhAhAResOC/nQ2ESHWkoYJ3+bzFw0wMjAyMTkx
+NTExMzZaMCECEBGrjiEof23ywchAPqXemNMXDTAyMDUwMjE4NDQzMVowIQIQEjw4
+rj9kUzr3vGwn4pxldRcNMDIwMjEzMjMwODU5WjAhAhASiLZsm8/nUJLSh2OPt6bj
+Fw0wMjA3MDIyMDU1MDNaMCECEBKVTraPOhlqFnNPbhW6pecXDTAyMDYxNzE4NTYw
+MVowIQIQEzcLQYwxQxwnquGDD5khzRcNMDIwNzIyMTIxNzE2WjAhAhAUeikKCTj0
+UygzbzcHIxIQFw0wMjAyMjIwMjAwMTRaMCECEBUEgR7ib/DY3RJVBWZRbhoXDTAy
+MDMxMzEwNTMwOFowIQIQFTANir0OiQ5mT0mToo+8LhcNMDIwNDA0MDY0MjIzWjAh
+AhAWvmTWT5D09yvIymdcghPoFw0wMjA2MDYxOTA5MDdaMCECEBhRnORIYgb+uC2T
+t8nJG04XDTAyMDQxNzA1MDA0NFowIQIQGYLbOXQAODZZ9szBI41A6RcNMDIwMzA2
+MDc1NDU0WjAhAhAbUZD3NyQ5nJJUzUJGN5lqFw0wMTAxMzAwMDAwMDBaMCECEBvk
+sru2dF1riwS2oBs16ykXDTAyMDkyNTIwMTQ1NlowIQIQHB3VKvaq/btHwnM2z1O9
+gRcNMDIwMjEzMTkwMzQyWjAhAhAcsFof/aaY9kb5MhCe71KOFw0wMjA2MjcxMzAz
+MjJaMCECEB0B/KfdtAxkvWVF5r8cfpAXDTAyMDIyMTA0MjAwNlowIQIQHk3Jxm5X
+2ooHl3D67pzFWBcNMDIwMjE5MjIzNDIxWjAhAhAeu5soYVB/EjD7ArXhsH6dFw0w
+MjAzMDYwMDA0MjBaMCECEB9aZMmlUYziLVCDwkx854UXDTAyMDgyNDA2MzEyOFow
+IQIQH8JO0KxS0zkYbdAPI9dFchcNMDIwMjI4MTkxNTQyWjAgAg8kYHqODoakiGiv
+2Qxruv8XDTAyMDIyODA1MTgyNFowIQIQIEFzu3KIbksctnACZ6o7PRcNMDIwOTAz
+MTcwNjIxWjAhAhAgbg3cjKSs9wh3XID5o2iSFw0wMjA0MTAyMDU3MTZaMCECECHk
+a5hHkeYC37JFvDE3oHwXDTAyMDMwODIzMjMxM1owIQIQIgCVcHn5nDSRu4S5kd4i
+VRcNMDIwMjEzMDY1OTM5WjAhAhAi+WdPzSnG3MgibukKoUhaFw0wMjA0MDMwMDQz
+MjZaMCECECSjp9C4HRz35h9uusmYWe0XDTAzMDcyNDIwNTgwMlowIQIQJO+JoTBP
+UWP+29tkbkxagRcNMDIwNzAzMDkyMTE3WjAhAhAlCOWs3W90RFEa9dv4uiXgFw0w
+MjA0MDkwNDE2MjJaMCECECWB6BhgiLwa6RSE7dRi9UcXDTAyMDgyMzAxNTcxOVow
+IQIQJuVcqxbsYThJLNKxSInVRxcNMDIwMzEzMTgwMDM4WjAhAhAnvtp/Tx9sdgnA
+mq/UaOIWFw0wMjA1MTAxODMyMzBaMCECECiJ0LO1xFY2mz6BGiFWqkIXDTAyMTEw
+NDExMDMwOFowIQIQKKuTBrEeBeDhJXXHdMtVphcNMDMwMTI0MTk0ODIzWjAhAhAp
+6TtEjcNLgBfa5BxDloNZFw0wMjA2MDcyMTQzMzlaMCECECoIZCtI4heJagz5fhBm
+j+cXDTAyMDgxOTE4MzUyOVowIQIQKkTukV3jpSsJ81ZZ4I8lIhcNMDIwMjIxMTkz
+MTI0WjAhAhAqi06ltgbISDsOcR5r9BbBFw0wMjA0MzAwOTIxMThaMCECECsD/C/C
+jjgpb6EP6UcbNdcXDTAyMTExNDIwMTgzM1owIQIQLEj31tVxwNG9agBlHS2p3RcN
+MDIwMzA2MTcyMDQzWjAhAhAsv4Qd5FgyeTIQN97XlP+FFw0wMjAyMjIxOTAyMjVa
+MCECEC0DVDVURSxtOfAbdGjez5MXDTAyMDkyMzEzMjMzN1owIQIQLSSUNBmSsfI3
+nW7FNZPd8BcNMDIwMzE1MTcxNzI3WjAhAhAtRyRhh5G6LvL3kiHzG4seFw0wMjA1
+MTQyMzA4MjJaMCECEC2EwrEBoTpvsDATdlpp7EEXDTAyMDcxNTE3MjkyM1owIQIQ
+LdUmw80Bzv1nuAisWnDENBcNMDIwMjI3MDQ0NjE0WjAhAhAuKwqUTfGkN7ejm0uW
+JqjjFw0wMzAxMDkwNjI4MjhaMCECEC4xMMEuFjHZKwpwyj8xc2IXDTAzMDEyOTAx
+NDkyN1owIQIQLr1t384gb+eo9PMlnMPBEhcNMDIwOTIwMTM1NDQyWjAhAhAvVhYi
+uofV/f/msN08CCYsFw0wMjAzMTMxNzUzMTFaMCECEDA+d3vsy4ksFVV/IPIzwR4X
+DTAyMDIyMTIzNTA0OVowIQIQMFlsql/TrFCGLMT6PEhQ0RcNMDIwMjIxMDQxOTM1
+WjAhAhAwzprx+hf69Uy8Uor0Jit7Fw0wMjAzMDExOTEyMzlaMCECEDEWSmoubTRN
+0kDwX0fmW0cXDTAyMDIxMjE3Mzg1MlowIQIQMduXWwZjC9j+BrP1+WQKWRcNMDIw
+MjEyMTU1OTIzWjAhAhAyvOsMymUGP6TVSlZGfCIJFw0wMjA4MTYwNzMzNTVaMCEC
+EDMX7+GJ7BElFY87Z3pkC1AXDTAyMDkxODE3MDM0NlowIQIQNCSg0gBh69Oapypm
+tIIjdxcNMDIwMzE1MjI0MzM5WjAhAhA0qBZnpRujMRFeJsg/ITi+Fw0wMjAzMjEy
+MTE2MjFaMCECEDY6vgVVUpNPMl8wY8DUUN8XDTAyMDMwODExNDYxNFowIQIQNxnM
+pZ2FBVbhY0JLDTy/1hcNMDMwMTA4MTg1ODI0WjAhAhA3L/0r7E2UNVH0Byr1C5fE
+Fw0wMjAyMTMxOTE4MDFaMCECEDeD9R5+9F+tHwxVhjACVMEXDTAzMDEwODIwMDM0
+NFowIQIQODI+UCs2kwEyClmMzq2g6xcNMDIwNDMwMjEyNDA4WjAhAhA6Ythk04XV
+YR2dP2El6TodFw0wMjA2MTcxNTE5MTZaMCECEDqXNrEmFHNQo8w/0DuDmckXDTAy
+MDkxMTAzMjkzMFowIQIQO4c+IL6X/6drK1//mn9MlRcNMDIwNzAzMDAzMTQ3WjAh
+AhA7uuXyI5nG167imA2kE1zUFw0wMjA1MjQxOTI4NDVaMCECEDvCfPC90ppvl912
+vKlsRQ0XDTAyMDMwODEwNDIwM1owIQIQO8XaQWR6N46ffx+bJQq02hcNMDIwMzA2
+MTMyNDQ4WjAhAhA8G/GaSLC4oEXVjw9XkMLNFw0wMjAzMTgwNjQzMjNaMCECED0V
+SIC0/lF+7UauUf1Hc94XDTAyMDgyNzA5MjAwOFowIQIQPWFOh+o5AvMePlZcDjun
+4xcNMDIxMDI5MTk1NDEyWjAhAhA93WGSgmlrAXkO75YSo3aAFw0wMjA1MDEyMjI0
+MTZaMCECED4OFHFV80gJG1Y7kXp97MkXDTAyMDMxMTIxNDU1MVowIQIQPiMAH5u9
+6LHwBmemcEIuwxcNMDIwODA4MTIyMTMyWjAhAhBBkRqM3i2z63kdx5mZvgwOFw0w
+MjAyMjUxOTE4NTRaMCECEEGo15wQXlqsFn+TqtGDNFUXDTAyMDQxMDEyNTM0MFow
+IQIQQoiWsHsoovovkXNYpx5TfBcNMDMwMzAxMDk0MzMxWjAhAhBCky/SVNOU0EFq
+LjOLgbQ8Fw0wMjA4MDgwMDQ4NDZaMCECEEQk3bqF/T6yuBd0/Z1cDL0XDTAyMDky
+MTE2MDkxMlowIQIQRQIYfTmcuRT7EDeW9MHdLxcNMDIwMjExMTExMTA2WjAhAhBF
+FrwxC06HCszj1RQWMxGDFw0wMjA0MDIwMjIwMTdaMCECEEYWNt4/74z6Z1MSzHZj
+1t0XDTAyMDIxNDE2NTk0M1owIQIQRl+Fo6SYPEBj9hz3wr79DhcNMDIwNDA5MTUz
+MDA1WjAhAhBHIMLYhYVUOc3yEPCniFJ1Fw0wMjA5MTAyMjI1MjdaMCECEEdCbqKr
+xTNdUEQLiJeEWUwXDTAyMDMwNTE0MDUxOVowIQIQSSA/qG6ByDsmBfSnm1qBYBcN
+MDIwNzExMTc1MDQ4WjAhAhBJi28F+8v0Wq8JR7EExeNRFw0wMjA0MTIxNzQ4MDha
+MCECEEmyw3q/dSqzE65TxstFWj4XDTAyMTExNTIxMzUzN1owIQIQSyMsCt56Nuv+
+iTrH/SdGABcNMDEwMzAxMTgwNDAwWjAhAhBLysOrCsXNkKK+Q/7dBuFFFw0wMjA3
+MjAxNzMyMTJaMCECEEwAzHPVdGFiklL/3lvBVb0XDTAyMDgyNjE0MDE1MVowIQIQ
+TFnBw1ZAJ9QiDjf2XyZQxRcNMDIwMjI2MDk1NzQ0WjAhAhBMyhJZRvkrxn0zeEAs
+O3oMFw0wMjA1MzAyMDI0NThaMCECEE1XUTWb5UEsaWbHIezGKTIXDTAyMDkyNjA0
+MzU1NlowIQIQToWrnhdU50IPjKFllohTVBcNMDIwMzI4MDAxODUzWjAhAhBQPe2s
+IYZmXaUaE+78pwvGFw0wMjAyMTgxMzU1NDlaMCECEFCjgZzLIuQPgMt67DX4c4IX
+DTAyMTAwNTE2NTk1OVowIQIQUShzJhfPEG7rSgN0ozXlYBcNMDMwNjEzMTAwOTI5
+WjAhAhBRUv/caWsfH/98sX8DkKlrFw0wMjA2MTQxNjA0MDJaMCECEFLZU2mf7Kvd
+XSovqleGuR8XDTAyMDgzMDIzNDY0M1owIQIQVEaoj2kuAvS0smnavUAC4BcNMDIw
+MzI2MDE1NjU4WjAhAhBUtYFztXxtulyZDf8KTe7vFw0wMjA3MjQxNjM5NTFaMCEC
+EFeRQSCfV29CU04ZzOTIUkoXDTAyMDUyODIzMjQwMFowIQIQV8bcoO2/d91+GGiD
+VwwqTxcNMDIwNTIxMTQwNjExWjAhAhBX7eJb4mI/mOH1TTCkDt/fFw0wMjA2MDkw
+MTQ3MThaMCECEFhH2b2DGmNvt2N/SlZejk0XDTAyMDQxNTE3MjMwM1owIQIQWMZi
+mYDmDE8AiyU4k+YYEBcNMDIwNjA2MDcwOTQ3WjAhAhBZUgkOmfOp5S/tqbLYYefq
+Fw0wMjA2MjYxNDE4MzZaMCECEFlcqvu++3PR9KvI4z0BBN0XDTAyMDkyNzIyMjAx
+MFowIQIQWZdZpz2w2X7/KssxzGbzhRcNMDIwODIyMDA1NTU4WjAhAhBZ3UU2Ydk+
+6f+9rS6/ml2YFw0wMjA3MDIyMDQwMDNaMCECEFpLSBipKpzVkS9PpPizG00XDTAy
+MDQwNDIzMzMxMlowIQIQWt8yDWTrm9IR4lhQvpMMZRcNMDIwNDA1MTcwNzIxWjAh
+AhBbI7+7xLP0AunLEJ7upT/NFw0wMjAzMjkxNjI2NTlaMCECEFtRvDi/r58nqcft
+JdCN7C4XDTAyMDMwODEwMjUyMFowIQIQXCl/RmHdR5CCkb15ImqYOBcNMDIxMTA4
+MTU1NDI2WjAhAhBeOPdbAPHvHLb/1Vx0+5VdFw0wMjExMjMwMTQ5MjlaMCECEF6I
+vra0sqqwkvP2wrxyIcoXDTAyMDIxNDA3MTIxMFowIQIQX1mgu68myMG0BDq7/Ex1
+pRcNMDIwNDE2MTU1MTIzWjAhAhBfgQgPoM1EcyNYjkmftQg1Fw0wMjA2MTkxNDE3
+NDNaMCECEF+6H4+yI1bdvKZysJkTtbIXDTAyMDUwNjA4NDcxMFowIQIQYAnVt2vx
+Fkr60KVMjt0CyxcNMDIwNjE3MTYxMjI5WjAhAhBgHRnYVdUU1f8DDa1cB0znFw0w
+MjA3MTUyMzAxMTFaMCECEGAkZ8MLrVOPzokFtYevfOQXDTAyMTAwODIwMzg1Mlow
+IQIQYFzzPSIjOT/mIQn93XfCjxcNMDIwNzAyMTcyNzU4WjAhAhBgol6/B4OjGFYY
+SGOn/cdjFw0wMjA1MDkxOTUyMjdaMCECEGDCragO+ZpmXaJ1BF5cccIXDTAyMTEx
+MjEzMzYxN1owIQIQYNsdNzT2Ap1oG3DxEwAvgBcNMDIwMjI4MDk1NTMzWjAhAhBh
+8DjqvBcNEdKJ7odQV6DtFw0wMzAxMjkxNzQxNDRaMCECEGH6m+tY+eWlnnmoPXms
+NZcXDTAyMTAxMDIwMTYzN1owIQIQYkRXJEHAiT9b0r3nL3VB+hcNMDIwODA4MTgz
+MDE1WjAhAhBiUTotjYI5Zf72ishOKZH9Fw0wMjA5MjYwMDU0MzRaMCECEGJSSUny
+UWd64u7JDCMRPbIXDTAyMDQxNzE4MDY1NVowIQIQY1K93Le/u5Bsgu61o5/YyRcN
+MDIwMjIxMTYzMDU4WjAhAhBjXmvp6j3WO8NNCcMT2928Fw0wMzA2MDIxNDQ3MzZa
+MCECEGPaC9UTHpiDMqI6S9+MiYYXDTAyMDkyNTA4MDgxM1owIQIQZP7wGjrtifi1
+NNMeD84NzhcNMDIwNDA4MjEwNjI0WjAhAhBlp0nYNyJLSuXPo/7WO8BnFw0wMjEy
+MDQxNzE0MTZaMCECEGXJnkd2mA2eV+SuxRw+8ucXDTAyMDkyMzE0MDgxOFowIQIQ
+ZeB7xXTkqwFPo17W683VaRcNMDIwNDAzMTcyNDA2WjAhAhBmUbflYrfjMcDu8uj+
+hGpOFw0wMjA5MDYxMzIzMzNaMCECEGd8dqxmWmtBXAeDAtbZY8AXDTAyMDIxODEz
+NTUxMFowIQIQaGfes6ogz0s0peDIwMXJpBcNMDIwMzEyMDEwOTI2WjAhAhBpIzRd
+dQTcmb3OjSG0axD8Fw0wMjA5MDMxMzE5MjBaMCECEGmfIDHRP/oecC431ZqMChYX
+DTAyMDIyMDA5MDEzNVowIQIQapTWJdBn5E15K8bVyUp/xhcNMDIwMjExMTkxNTQw
+WjAhAhBrXKRFW+nP5zspsTLXoQQ9Fw0wMjEwMTgxNTQzNDhaMCECEGvAfU8Y/rcH
+6FaabEAPNlMXDTAyMDkyNjIxMDEyNlowIQIQa+HdNjvs4Kn1kn4zv+1IRhcNMDIw
+NDE3MTQ0MjMxWjAhAhBsrOs3K2pC4srI0tq4uYJqFw0wMjAzMDExNDI4MzRaMCEC
+EG2YG7R20WJZoTzu0iHY30wXDTAyMDUxNDE3NTYxMlowIQIQbd0LWjycq9M72Rbs
+aXT7mhcNMDIwMjIyMTIyNjM4WjAhAhBu3v2JNq6gQY1c7C6QMfiaFw0wMjA0MDgy
+MjM2MTJaMCECEG+ya0xIyv7maZoGY8QylsEXDTAzMDExNzE3MjcyNVowIQIQcAvh
+7kSJUVJlJywtNHzgjRcNMDIwOTE4MDAzNjAwWjAhAhBwLcCmuKWg2khZs5Y0gMgl
+Fw0wMjA4MzAxNDAxMDFaMCECEHDh2ZLNdkJjUW7NjAkpF0gXDTAyMDUxNzExMTA0
+MVowIQIQcjjkkWp6ivO/8NjgpHCNqBcNMDIwMzA0MTkwNjQwWjAhAhByl6HYnDsA
+wsQmLQYrKXZOFw0wMjA2MTgxNTA5NDdaMCECEHLSI5vyM+l8z7apQdUOXDkXDTAz
+MDQwOTE3MDIyOVowIQIQdFyc+arD+pQ8JTllRJUT8RcNMDIwNzA5MjM1MzIwWjAh
+AhB0mH9orReSk/JllAwz5r1JFw0wMjA0MjMwNzQ0MThaMCECEHUOQP+X8Eft9VbH
+CE6xq/0XDTAxMDEzMTAwMDAwMFowIQIQdSZRWWW3MzJf5s2qMGV44BcNMDIwNTE2
+MTgyNDU2WjAhAhB2E2+/yN7ZNjA5zIWPAC8ZFw0wMjAzMTQwOTQ4MjRaMCECEHZS
+eIlE+sGz18lMszKVrwMXDTAyMTExNDE5MTU0M1owIQIQd11MQNmN+siaJI1HEJBK
+ChcNMDIwNTA5MDExMzAyWjAhAhB35lpDWZNdX3p1gBrNrcIiFw0wMDA4MzExODIy
+NTBaMCECEHgZ8baHg6/fYI2aZA3s4FEXDTAyMDUyMDE3MjgxNlowIQIQeGRlj4J5
+26UcRxAdciNmUhcNMDMwMTI0MTg0NTQ3WjAhAhB4ZOHAaY86x4sj4ymx7qlBFw0w
+MjA1MDgxNzQ2MjZaMCECEHh5iWESZ2QU/QjMswVVwGcXDTAyMDQwMjEzMTg1M1ow
+IQIQeIpWIgjOQu7Ro3kQFP06NhcNMDMwMjA1MTY1MzI5WjAhAhB6oGy6MwKsX/UL
+tndh73cJFw0wMjAyMjgxNzU1MTFaMCECEHuRM2Zs8NTjnfaIKZv30OoXDTAyMTEy
+MDIyMTY0OVowIQIQfO/yCgiuEFce3tzWY3awXRcNMDIwMjI2MTAyMjMwWjAhAhB/
+du9p6/U/Uy6qpe3ewLQGFw0wMjA1MDEwMzMzMDdaMCECEH/La5mR0HbhPA5nFcTU
+TXsXDTAyMDQxMDIxMTg0MFowDQYJKoZIhvcNAQEFBQADgYEAmTAO/uYzQ81DVqnu
+pqRu8h5IMXNwjQjd2UQzdjvTBm/tNDY1OrDqwjHzCzSyAu2+4nZgM5FR5/76cARp
+H0PKcN1l4O4Dx5Yr/NZ+4uNwehVm6JqL0hmz5UVU6X+YBNayPCFm2KqV065y6ta2
+cvBBCG1cy4yQkLpUQjmwbPUG59A=
+-----END X509 CRL-----
diff --git a/tests/cert-tests/data/crq-cert-no-ca-explicit.pem b/tests/cert-tests/data/crq-cert-no-ca-explicit.pem
new file mode 100644
index 0000000..60b3799
--- /dev/null
+++ b/tests/cert-tests/data/crq-cert-no-ca-explicit.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAwugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxCzAJ
+BgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEX
+MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEX
+MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c
+Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa
+eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGWMIIB
+kjASBgMqAwQECwABAgMEBQYHqqvNMBIGAy4HCAQLAAECAwQFBgeqq80wGgYGKgME
+BQYHBBAdNM1a0GXcJ8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvz
+tmx86sb6NKTXftZMlosmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bb
+NlNiHTTNWtBl3CfBfpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZM
+losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB
+fpRHsKqspzANBgMoAQUEBgQEyv6+rzATBgoyCwwNDg8QEQEFAQH/BALK/jATBgQo
+AQUBAQH/BAgEBr6vyv76+jAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
+BwMEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAfBgNVHSMEGDAWgBRN
+VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAKxF2fF369dSt
+ZBvKns94o9bvovquGyiFKz0/L9lzdHOxp1+mJuQuGuBz8o7uTOGTaR/bn8qP4xB1
+h4uwHLnj2xpuA9zG4PTPU+2F3hQbcJAHKtfSENnKh3BwNTFbiLJ4yf/OruJ2Rv91
+ApyObpCy/2g1sPm///XqPcTsO9qx2GFFHrMImu0M70VVEzaPfufdLX6aSUPs3Dcn
+vaSpy94TcyPEEXx9hFp9DCPxRSHlA7/GxrWJ7kVl+r0dJ5V1Jt4ZQ99SryAspX7Q
+O8pRWW3+y9IvcCb+1cvpy+bAOl78AndAAq3t0OyYITmgD4CJGjpkdfNgFt8sZo3v
+BXzLvrH6qqKyZfYa1CLcovCPe75qVu3A0lWTHQhf/1EtuZK6O80vPOc1AEAqaDlI
+CQch7G4XUA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/crq-cert-no-ca-honor.pem b/tests/cert-tests/data/crq-cert-no-ca-honor.pem
new file mode 100644
index 0000000..acc10d4
--- /dev/null
+++ b/tests/cert-tests/data/crq-cert-no-ca-honor.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEZjCCAx6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxCzAJ
+BgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEX
+MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEX
+MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c
+Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa
+eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGpMIIB
+pTASBgMqAwQECwABAgMEBQYHqqvNMBIGAy4HCAQLAAECAwQFBgeqq80wGgYGKgME
+BQYHBBAdNM1a0GXcJ8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvz
+tmx86sb6NKTXftZMlosmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bb
+NlNiHTTNWtBl3CfBfpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZM
+losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB
+fpRHsKqspzANBgMoAQUEBgQEyv6+rzATBgoyCwwNDg8QEQEFAQH/BALK/jATBgQo
+AQUBAQH/BAgEBr6vyv76+jAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsG
+AQUFBwMEMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJU
+IspyNl8wHwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcN
+AQELBQADggExABo85KtYsKo4Up53YJvoyW4Tztv1S1zG0PfRlwCJxxWph4rq7A5V
+lGwsekQn2y1GMElpb5YhyUZlIXOxQlA6nYPV/FR9MjDDpAYpkT29Rj2OqADIj9YW
+7wpZStng1CZKQ21OFvlOxHNx68JLxBD3N0cFXyYnqSBMP26jpFLsmK4djyevbump
+ijQv6JeZzp115cR7hwNL3JUXnXLEJYfKLNMY1dSj/NMZz6Gcouo8b9csV+w4gxsf
+AT06av9MhX3lthWFyYrXFWGrIYFxfnljhNEAuNPUoNqOn/LLhxXBgvDSLO6PxUYH
+W4XZwSXlit+jSZfw74jBC+PAZNkyNkQMi3R/5hRvjhtZi8922pppd+rwIvACp001
+tGxeyLIbD+337KcOUrY3n/jo7bOKp8ZgysQ=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/crq-cert-no-ca.pem b/tests/cert-tests/data/crq-cert-no-ca.pem
new file mode 100644
index 0000000..06d7f8e
--- /dev/null
+++ b/tests/cert-tests/data/crq-cert-no-ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAcOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxCzAJ
+BgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEX
+MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEX
+MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c
+Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa
+eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjUDBOMAwG
+A1UdEwEB/wQCMAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMB8GA1Ud
+IwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQCZ
+dIGQzIssipboFrpvepw/mTK6V46AxzRRnedktS6Opb5RRvGrCRLC0fMmbfehCO1J
+W1QhlzvMrXAotOSZMJeJamRpTxX2V9o4R9SQMY8GSI1+v7d+bKgFRvilMlyNCG/X
+i+Y9gg0Y53b81sx+yREeX19TWWH1AMusu3VbD5aJ79FV8mlnG3rng9LBcE56Z+2g
+P51xmjGGyVF6sW1jq7Ce1mur1KqypzQvhcaAl6C7j+cfIl1ptcBDHNGVWTt0BvZL
+lWEmt3643juHm2Epu16rL8noR9ZQCi3qpzE8Ixcf0rFkdlQR1FvQg6KYArPzquiH
+bYPXl7jDlz7/u9Y73rL0PDh/3x1lpAVwoV0q8FyIT//pk1NBt6ej6axVgJ0jgat9
+ZX9lNmg3KA85M5Tk8Ue6
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/csr-invalid.der b/tests/cert-tests/data/csr-invalid.der
new file mode 100644
index 0000000..0c45cff
--- /dev/null
+++ b/tests/cert-tests/data/csr-invalid.der
diff --git a/tests/cert-tests/data/cve-2019-3829.pem b/tests/cert-tests/data/cve-2019-3829.pem
new file mode 100644
index 0000000..c771843
--- /dev/null
+++ b/tests/cert-tests/data/cve-2019-3829.pem
@@ -0,0 +1,66 @@
+-----BEGIN CERTIFICATE-----
+MIIFbjCCBFagAwIBAgIQPBKFvactgik351RXZ5opvTANBgkqhkiG9w0BAQUFADCB
+tDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
+YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMl
+VmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTAeFw0xMjA4MTcw
+MDAwMDBaFw0xNTA5MDkyMzU5NTlaMIGxMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEbMBkGA1UEChQSUk9CTE9Y
+IENvcnBvcmF0aW9uMT4wPAYDVQQLEzVEaWdpdGFsIElEIENsYXNzIDMgLSBNaWNy
+b3NvZnQgU29mdHdhcmUgVmFsaWRhdGlvbiB2MjEbMBkGA1UEAxQSUk9CTE9YIENv
+cnBvcmF0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Vg9Z0ee
+4Tg3pwyw9CcQCINfJEWLhhvrB88pcnyMKxbB7v3qwwfi9VhL0fRM/AusgONWrQuW
+2gftlw9ZtQMAWRkLvPHM3hXz5ch1XpvTmNqPQrSGfn9te7T9018ORa+WVuUCKzhL
+xMSxG+VEpSRZsSdhq/chwA3fqhdUdq7fdxo6H3v/RV8bDUz1vRow+ygtAMneh8/x
+kvnnyGZrW7BzJH6odOq4ASbx08czrKzqxnnoiFDmPuBTjv5wCLz0yHboHRQ/aC25
+GKXNioEVAGY/nWxVetFgJG8SwiIBR9C4KHaUqLHpPDU40WW7jGvybDaEGWXBQfTr
+e1Dj/B3JY6SGhwIDAQABo4IBezCCAXcwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC
+B4AwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NzYzMtMjAxMC1jcmwudmVyaXNp
+Z24uY29tL0NTQzMtMjAxMC5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAq
+MCgGCCsGAQUFBwIBFhybdHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMDMHEGCCsGAQVLBwEBBGUwYzAkBggrBgEFBQcwAYYYaHR0
+cDovL29jc3AudmVyaXNpZ24uY29tMDsGCCsGAQUFBzAChi9odHRwOi8vY3NjMy0y
+MDEwLWFpYS52ZXJpc2lnbnhjb20vQ1NDMy0yMDEwLmNlcjAfBgNVHSMEGDAWgFBt
+48zqeyb0S8mOj9fwBSbv49KnnTARBglgIEgBhvhCAQEEBAMCBBAwFgYKKwYBBAGC
+NwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBeCwxl3jzuZqItKl531TN
+TCCx3yoOfpZnGd7acfLyfeX8xDy7wakiOyC1nxv1FL7+H//Mku+F3Ne/A0HmnHx0
+sD9F1fYxweF8ubSoRqwUCXSMB4YZuwRAfUILon6YvyHU1kgPYwr0bsYu28l0liQY
+YC7ALFbwO2ecxOYgg38mho+XRRXPd/PtOfmZ23yeKvrD0Hm499jC1OloFX+8G4ly
+mz9Y8aoDBzkEYcXWn3Rz1p6EQJnWJzI/jSxMKIuI2/Ge+oIFZpEGK3Hec3sYqLs4
+EUOfWI4bNm1W+eU0E2bwuWmjddgTdOWHaYm7jMlCzkZw9qg2/IE2fTu7P7UuNOvw
+av0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF4jCCBMqgAwIBAgIQJ1P4Bv6RNzIvW0CfHDGHXDANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtDEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
+aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMlVmVy
+aVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAPUjS16l14q7MunUV/fv5Mcmfq0ZmP6onX2U9jZr
+ENd1gTB/BGh/yyt1Hs0dCIzfaZSnN6Oce4DgmeHuN01fzjsU7obU0PUnNbwlCzin
+jGOdF6MIpauw+81qYoJM1SHaG9nx44Q7iipPhVuQAU/Jp3YQfycDfL6ufn3B3fkF
+vBtInGnnwKQ8PEEAPt+W5cXklHHWVQHHACZKQDy1oSapDKdtgI6QJXvPvz8c6y+W
++uWHd8a1VrJ6O1QwUxvfYjT/HtH0WpMoheVMF05+W/2kk5l/383vpHXv7xX2R+f4
+GXLYLjQaprSnTH69u08MPVfxMNamNo7WgHbXGS6lzX40LYkCAwEAAaOCAdYwggHS
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwcAYDVR0gBGkwZzBlBgtghkgBhvhFAQcXAzBW
+MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMCoGCCsG
+AQUFBwICMB4aHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwDgYDVR0PAQH/
+BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8w
+BwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZl
+cmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9j
+cmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMCgGA1UdEQQhMB+kHTAbMRkwFwYD
+VQQDExBWZXJpU2lnbk1QS0ktMi04MB0GA1UdDgQWBBTPmanqeyb0S8mOj9fwBSbv
+49KnnTArBgNVHSUEJDAiBggrBgEFBQcDAgYIKwYBBQUHAwMGDCqGOgABg4+JDQEB
+ATAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQUF
+AAOCAQEAW46f07q+qa8aPmWBt8Fk9qJ460yABjqsIm6MK7xdhX/AjxAqysStliQB
+aP9ltdEULCql2kmWr+nU/3GckwlKamH0S9HLtl8p/GgR5XL/Rg82KZlDnrPZrEeT
+e+/E62aGp9aJVD6Umw2R8NIjasANN85G35WupGXGGL+kaXM/6IXQSH0o7/NfsAG0
+dbTRU0v0b/aki2a273g5xYgrZzIa70DAlPa30ouEoCZvikvF2NxU7uJKVqq8cuWT
+5j+23m1seyVbAexvKWS38y4j9h+uES3GurnrCGCxLRsrnr6FdAodLipSkRgg18my
+l4SPFiwyyhgSqsUgWcr7bTcy48WjhA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/dane-test.rr b/tests/cert-tests/data/dane-test.rr
new file mode 100644
index 0000000..b39b413
--- /dev/null
+++ b/tests/cert-tests/data/dane-test.rr
@@ -0,0 +1 @@
+_443._tcp.www.example.com. IN TLSA ( 03 01 01 5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433 )
diff --git a/tests/cert-tests/data/detached.p7b b/tests/cert-tests/data/detached.p7b
new file mode 100644
index 0000000..d2a5602
--- /dev/null
+++ b/tests/cert-tests/data/detached.p7b
diff --git a/tests/cert-tests/data/dsa-pubkey-1018.pem b/tests/cert-tests/data/dsa-pubkey-1018.pem
new file mode 100644
index 0000000..b0fafd6
--- /dev/null
+++ b/tests/cert-tests/data/dsa-pubkey-1018.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAqSgAwIBAgIBATAJBgcqhkjOOAQDMBExDzANBgNVBAMMBkRTQSBDQTAi
+GA8yMDE1MDcwMTEzMDU0NloYDzIwMTYwNzAxMTMwNTQ2WjAUMRIwEAYDVQQDDAls
+b2NhbGhvc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAm6i5p3hTcFOg+nVQ/7Bc
+HL+UT3FBNlgUZp1Wm1eVyGyMmdFwqcV9oHaUnXUJTTDycmMHneMH311tNlEjn9Z1
+ShzzIkyeL1eDDcFnPaGsJUbSg9qfP1v4en045bAqS/ZdnEctoh8lZoMXWdJ36QbB
+V5zpmVouoUALk9EtGvt/tEsCFQDYWrX1itme+B04lrEBlvH3j9/a5wKBgQCAqU4g
+E+6pMDgrz0p6jvkdhJ4mssWSgwgN8fQ5572f/LciJk+LTwbKfjnTaf51YauYQMD9
+noBz4FBwoKXuhfx6mTGBgHYSaR7H02VS7CloiKBsUeTNV4714fzjPSKNQpGf4bla
+BWVRF7Ywb2GPnanq45sEAtCbNr2/nB+QLB1w9QOBhAACgYADWsX3E/0KCl8mqhBJ
+twjE/Nf/BW97dGqfRVPNmnUaymLpj5rmT5nXG4Z7Q8ZaZhlAcHyUp7UauhBZDtYO
+dHl9o+lFRHV/1gk9MaoQwtQmPtIqWL+1rQG+pQLgqcLaLCYr8RF58ZPjWNW1ryj/
+17b8ttxCkCIW+e1Pw4zJQ+uOmqOBhjCBgzAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFJK96czanXgxIBYP32KJ4ewRWKZiMD0G
+A1UdIwQ2MDSAFNjkn7e/GsLzUAcBBiPuHP53FkocoRmkFzAVMRMwEQYDVQQKDApF
+eGFtcGxlIENBggECMAkGByqGSM44BAMDLwAwLAIUWEXonU0yFwRZlwe+fRO5mdOr
+w8UCFClvc68uKa2bUAcOyuIEgt8x2nv9
+-----END CERTIFICATE-----
+
diff --git a/tests/cert-tests/data/dsa.1024.pem b/tests/cert-tests/data/dsa.1024.pem
new file mode 100644
index 0000000..3e0c103
--- /dev/null
+++ b/tests/cert-tests/data/dsa.1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCHc0onPSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXC
+NjmetDFkPSO2R3MkruD4MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6p
+LU4I1NWlekKUBAjQP2plM3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0
+sPS7m+gJzXCJ6brM/y4iSyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9f
+ztMLhhxLaMvygncP6DOIxpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWem
+WnGgcKSzkMStlGueW1lnFkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9Izh
+QDkxDAACgYAP0fYZ4Nytae+Xm870Q1PC6kkI3DHKLxnJEudKqRzuMvaa5DauXC30
+L2Ifb93GBciTKPd/LAK6EcVnXiIgp/U1eTqzgNjzKAjJRIRBg70a2tbYJ71dRHOW
+FqdGw3uIr1Hu9IZQk0qzyS0WP7ADXmhCsAqHMiCgwrHy/CYIo950EwIUErkN0hjz
+Mf7Jz8+drwf9tboRi44=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/dsa.2048.pem b/tests/cert-tests/data/dsa.2048.pem
new file mode 100644
index 0000000..12d8e0e
--- /dev/null
+++ b/tests/cert-tests/data/dsa.2048.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEAolFCsToyL0h/NLXfX3gtpyePyx8R0TJbh/lVcqDXlFfZzRD8
+P214Mm+D7qwnnlefFDWXYMpGKRpUJxLgsMrHsKVK7flwm0L33gQBgwo+dx6H/vXh
+zRKTLktIQuXc3xvAiNGsnFDz9dWfRrXkz2tmf3Okemb4jwIaMKMDaCKFxXBHl9YG
+tgWdp4cA1rzcLjG1QeLVl3bw1hnPIA+DWadFHFrvVn+/VQVXUPxLiLVt6gm7HqY0
+k5jCKtwXUO/BjWVQZO01rA2dN0b1qlFO4kmuIJ4xL73JMY2lryx8kfl5lNkB5dIo
+huOmIAXTh1odvB+9X25DpJNfHEIb5yNCXhnuqQIhAKN32zoITUbHbO53BhlGHTu2
+a2kCOI2kTuIVlAEF757vAoIBAF1cRFJnGOUWxRa2iRJwwfFF2QqU9zE4h/oRTLN4
+EtLhS0QaAd1T7Tllbzdqq8qIgiU3X3KnutTWAT7Arh4nfSKudLi1vtyafzaOurrC
+TgANJqBIdmb02Q9IHrr2/gQCpHgtBLhiHX2jzGNhXpmU0uRhw/yXpsVQtE3gf9bs
+aktHc6dE4Qr9YQUkL/GRwO0T+zVFdnaOQGaLlWQjrGzm72thty+5w4WeGrOW9K+l
+BRLZY054C3bOO6LRVLl18ktv/QiUEzEUZqj5SW9NUJCCryP1FEu0x3DhGaKb3J5B
+oHXRCJmrqsVpjZBH9lMLi7oOlQicQ4cW4p0II46nSm0oiqkCggEBAJ1fFoyEBE+x
+tXaXi0LuFNZYUrts+dahDyzwuP7epAxs92gVDUMWiq/OYce+uTPhFRVxW8SPux85
+YIlzU2z25X2s3Eto8PjCziTXZRdzitNa1OWETQ02bvIT1uyRwyex7aqt8BdSM4a6
+mxIil8Z8PTZVjrUMrVbh9RKKzPLVbhoNAUVczzDYYlevvgSU6pmZ/BmvuNkKX/2e
+Cid3zY2ALyCv013rBvUQWiACUUk/I4T2UJtMvZNJ8PvtDuh1Y++4nO7H2zEF4aWh
+PcBmg48lVvBCg7A7O1mWTFpCPlMLcMuI5LL/EtdzwoSRhygoOenHk7Qe77LrN+mC
+AQeuCRwIH20CIAXRwOQ8I5w/YrXm/RqrMIKyQVBT7qNtaSs10TDDFMp6
+-----END DSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/dsa.3072.pem b/tests/cert-tests/data/dsa.3072.pem
new file mode 100644
index 0000000..103e4c1
--- /dev/null
+++ b/tests/cert-tests/data/dsa.3072.pem
@@ -0,0 +1,28 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIE1QIBAAKCAYEAhB9vvBF1/AbPA+dKYSJ3aroMMsWSbrDd5bgIX+wZHOWAh/JJ
+XwWp+sweXPlwvwglsUKbAxO64Wxv8zlzuiZNmfQykorG4XhUVtCKSEj16ha8MFyw
+tWUYgHzUdJ5bi6a5zekgliDFfz8h1R6zzjGDKVdNzwZDVEVPIsD95kw9OopSNAEA
+ZHH5cO9PS44+1dWss1AL2DEyfMMbKuzqkyl1K9eF2s4j/lm4ZOZGo9Yw7hG1DaR4
+3Yn2JA+yKzu0scXdbZaziSyeFPSBU80PglMwaw+SKguQOEGZYU31bqXt68S8bRqr
+tuFvqeeALSay8zmskeop77JzWEu4R8SEkWZvePHfhnMalxy4RdXRCisUIiqJ1u8M
+1RP96R7t+9nMyfD91fwSwqGkRWSr7dOtYM4pbhSVOHfBaTuDt7tGlGKgX/fS0yJr
+7+1TWmfxBx3HElG/0k4v2C64rdfOPMD/PaLgynScllkySwMbjX3N7OAz5L+Ma26Q
+TDJz1+ew5EIhjZoVAiEAkn2A54rW0EcDA4RCqqljHOZN+uKaZFExmmngPqOAzAkC
+ggGAZWwxfAjfSyDtg31QBgQGXmDeMiWbgAiU1w+emRYETAE17er4TiCQxFiKNPvW
+ZfcCJSjlQ0J7m88CNpYucUr4Jrvf6qZLA1N2HfTgMPzYuahXpW1O2qn5HMwLAz2Z
+FpXqNczUyl9kuuI5p45GPwsbLdVQqZnou5HLtZ5ZcVDQs+XQIxxOb5AzXX182FOv
+DKQaBKppDtY0SESI5HDajCXdrXtvKUXC0vrll2lA2C2sjhCTVQlJk6NBWsTrxt60
+YEF1LcPQUCa0bXuooEd73Tk+FnqpYRdCiSmeOodzJumog4JkH7UZe5pdII66To5m
+wyP3rbWxld1gSdom/lg7BppEY6M6Y+28IX38KWRHUg+1qXqnpn/H+CkLGnDsJ2Ma
+qI0nGfoPctT903gsnevkxXu8xP2vGudtdvQ5vOY5lFhJGfi/tz8BNMnHGmjQnpyt
+GI8b+NeDjOADGWfwDbwSSta192hXMFmj75rslNI+oLuroRcJb28NVNpo/P30znTv
+74cUAoIBgBSqcCAa4s0nF91wgGE/R+Uqe1ppVl0L0GUxSORTidrSSe/EuUa9MVVu
+t7o/HOHbwStCfQxeQv02KbVoug3RB/Y4oq10/JSqwi0pvGnXWgmQp1/KkUHuFNjf
+W9/PDIm8xjmHxtUREMIFsB4gLwrbZiELxnxt45sE7YKrpqTGg5oUwr0JIHW18PxH
+WTBYh0BTpdMt7ohiUhP7947ZyCKt0qpkBT7B8hjMY5z6yxmU8Hxx6WJxdQxYRw0n
+PKh/VQG4m1CcU4enmPO3eT4vzY6ByLEmF6LORGAiwQWjrCGAQCBmCW16WRpffg3R
+TVA6WZoGOTtFrbe1KDkitzE4aiMH0AScstZt+z4tg6Y66DBE1MVMtcchBoLIjTyC
+z2E7K0uu2jR6bNvW7rhCZKSkhWXZwRKaGojnh3CQUA+cENIhIF+E/DzJr1M8zFle
+PrT4w1/E3yQHgCNLrDAGTp0GQP90BVVtaSx9y8uhHatVynpkvOonDo2eBA8v3j75
+snWvY7HNCQIgZCJrP4CDBTRT9pNL4+Gc/wfiKVEF55YcG09uT77u30M=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/dup-exts.pem b/tests/cert-tests/data/dup-exts.pem
new file mode 100644
index 0000000..9dcf74c
--- /dev/null
+++ b/tests/cert-tests/data/dup-exts.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIRAPABuQ6DmexEq0k9QQaewLcwDQYJKoZIhvcNAQELBQAw
+bzELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD
+VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEfMB0GCSqGSIb3DQEJARYQ
+bGpmcG93ZXJAMTYzLmNvbTAeFw0xOTA1MjkxMTU2NDBaFw0yOTA0MDYxMTU2NDBa
+MHsxCzAJBgNVBAYTAkNOMQwwCgYDVQQIDANUSjUxCzAJBgNVBAcMAlRKMQwwCgYD
+VQQKDANUSlUxFDASBgNVBAsMC2JlaXlhbmd5dWFuMQwwCgYDVQQDDANMUUwxHzAd
+BgkqhkiG9w0BCQEWEGxqZnBvd2VyQDE2My5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDNKbU4xRcAGOyzHWgEQw0/smt+BJaLtbIvKdPKPTDzDxSl
+Rud0rf1GWzG5vKhEzn3ruNwFs23JTu4OcXlkqp4sGqC5SQ06qVhe+eWhK+pjsCll
+AG9ZQ40kNdsE5Bt9gbl38tdykM/a5bU4+h8S9P5XP+Vr/xGuB1aqw07NqaUsOs3+
+McH/ZFZQgSv8NDXl9eok5XEfaDZoRf29nAH/I+Ottbw37oW7omvMaC39CVKKmYMA
+rdRJR/JrICsOKKnmEf6oLNErBGs3TLXo9/CiQJz/KeV9mHT/BfPumAbSlIXo6en8
+AVyA0V+N1bwUiBu58m9B+z0GlaxeQlxSvTn2wUx5AgMBAAGjggERMIIBDTAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBR/7mRMJ+8WoDdxiWO1eCLw0xH+0DAdBgNVHQ4EFgQU
+f+5kTCfvFqA3cYljtXgi8NMR/tAwHwYDVR0jBBgwFoAU7S2I/yNy3nSqhHIFpnM6
+2/XWHHgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDBDAYBgNVHREEETAPgQ1oaEBiYi5hZGRyZXNzMBgGA1UdEgQRMA+CDWFiY2V3
+d3J3dC5jb20wMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzAChhRodHRwOi8vbXku
+Y2EvY2EuaHRtbDAMBgNVHSQEBTADgAEDMA0GCSqGSIb3DQEBCwUAA4ICAQCopPaM
+SMElD42TZYn1+SnACRnH4YWH/gfG3utPeGVPkBmvV5Je7/gNMlhAQJL5YKdDYa4o
+S1zjkNrRSlamH6akX4KyOm19tKRkU7dvtcTRF5CwXGcE2Yte6hc1gWeGzsx5taZL
+y2yan7jhCHMqtN5R8AMTDdK4ORPu+sSrghAwkS6KSR0VlVmgbrJQ0WAxRk5bKm7v
+R402pLhH2MjsJV48XqvaRTjyT96nbAZ4tdSoyJoHXRvUv9QpFtHSddlnPbEgxJWT
+3OLbr+kIpWuaaZNjntLOqe9aPkLEhpw07sGLpT23dYqdehZd12O5+3olULXVBOgg
+h8uF4Q9kRtJDpLCd70hUoiyovCxgPbFYUjvmtpCtmNkSCq/txWc3YqOwR+HPe83j
+aAsIDnEO6cY6M3uqM1xradU5jzDeMKHJV7XDdXsq9nyQoZ8ytKlKcgM5kNoaqAkT
+zeutyjGtQCkJr5V+5Te0JJinVL+xafpwP6749VRUaEWHWk2crkTKxu7/lUK6lgnS
+70gLDO1QEJ/edPDC143eRP+dF/d7bN2UF1l+G0F4AcW7kB5mKgOBIWTZSnTmByz5
++HI1touSh9dDcDDuZ7z6k2Obl0fuPY7ROLZQT3BaYGU4M2FGT4sJa6P6VtfufzEB
+MHcS14u+3EvHBxhcI8N4WTrBE36FBzPk6R0g+A==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/enc2pkcs8.pem b/tests/cert-tests/data/enc2pkcs8.pem
new file mode 100644
index 0000000..4ec8ddc
--- /dev/null
+++ b/tests/cert-tests/data/enc2pkcs8.pem
@@ -0,0 +1,40 @@
+   0  674: SEQUENCE {
+   4   28:   SEQUENCE {
+   6   10:     OBJECT IDENTIFIER
+         :       pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6)
+  18   14:     SEQUENCE {
+  20    8:       OCTET STRING 1F 40 71 AC 00 42 69 77
+  30    2:       INTEGER 484
+         :       }
+         :     }
+  34  640:   OCTET STRING
+         :     FB 8A B3 5D 5F 16 A4 51 52 F4 E6 2E FB CF 19 1C
+         :     A1 14 97 4E 16 1F 33 05 A1 A7 6D 2F 88 78 3E 8C
+         :     E9 FA B4 B4 01 F9 93 83 4A F1 AE 47 6D 62 0C 07
+         :     0A DE 53 DB C5 80 6B 0F 3D E1 BE 00 1C 2C 93 E6
+         :     6D 34 0F AA 67 2F 90 D5 ED 70 DD 9B F3 A3 4C 6A
+         :     53 A6 DB 84 89 CE 32 91 BF 5F FC 81 10 B8 C3 65
+         :     BD 05 8F 4E 39 A8 2E 81 3C EC 95 77 D7 34 47 F6
+         :     79 3C 74 3A 24 D5 D0 DB A0 86 DE 23 E9 5B 78 A4
+         :             [ Another 512 bytes skipped ]
+         :   }
+
+0 warnings, 0 errors.
+
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEGMA4ECB9AcawAQml3AgIB5ASCAoD7irNdXxakUVL0
+5i77zxkcoRSXThYfMwWhp20viHg+jOn6tLQB+ZODSvGuR21iDAcK3lPbxYBrDz3h
+vgAcLJPmbTQPqmcvkNXtcN2b86NMalOm24SJzjKRv1/8gRC4w2W9BY9OOagugTzs
+lXfXNEf2eTx0OiTV0Nught4j6Vt4pEA4ZvLBer6a3k4/BTjm9uvwq4oRGsfeixkn
+VJ27dz5ZyUmwVyzfCQww1gAAMQIX/LAPQKfkAiBuYfHHP3H/tiOIGj7Xmt3Ktknu
+j1uAoNUX6/IYQwrS87HQ1txTl19p6HMqnIBncalVRk1VfkckNCILw3c9P8xzxSB0
+sRep7f0sh/JAai2CF+nSLlLsfRoPNwBO0kvJZDeXRxKCOwmjK3DdwWuKHpar3ccF
+4cgS7dVK0tYur6XoqR/AqfqG8PuP6bbwZWB+i+irmPI24v+177AOYVkrUngeYWOP
+VKkX8Yupl9f3jTBVP1/YSlOaXZ3zXn6BV52mPjJHGY1GkTuWJ7ZCLzSruhBVsauG
+mhoVAp8AaYoIHfJHGvcZHCZvMMjINVjkkpQBq4sl/OQ+K1E30Q4Amfc8s12T+yWJ
+ypn8BhmxeAy4NbAYp4gc/u61rh22nSz8nswPNyR/mMpK60Wp61oFWr7QL9ABAoQJ
+09jPzumO/B9WQ6CQvZ0fNNvBfVSg3/OzhY0quznHGalJqahORtP1lcV1m5mrCd1Z
+8NWf7hIA/paMntlrkgRXAB36K/AqvS563TMDPWn71Jj7bErPw+8WlIeuEs6I8265
+sQpvNvpamuxunxRTnjeXyC1x4ZU+LDZT2ZG1y1G/mGYm9nRVPkvdgn0OHzQEgD9Q
+R1QRZL+9
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/encpkcs8.pem b/tests/cert-tests/data/encpkcs8.pem
new file mode 100644
index 0000000..69417b8
--- /dev/null
+++ b/tests/cert-tests/data/encpkcs8.pem
@@ -0,0 +1,38 @@
+   0  674: SEQUENCE {
+   4   28:   SEQUENCE {
+   6   10:     OBJECT IDENTIFIER
+         :       pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3)
+  18   14:     SEQUENCE {
+  20    8:       OCTET STRING 72 B4 33 4F 90 B8 42 FD
+  30    2:       INTEGER 290
+         :       }
+         :     }
+  34  640:   OCTET STRING
+         :     D1 AB E2 91 63 ED 17 3F 4B 4E 97 00 53 CD 58 A2
+         :     5D 25 E8 C8 D9 CA 01 92 AD E6 BE 4A FD F1 8D 9E
+         :     DB F6 DA 0F F5 B3 F6 4D 09 EB 6B AA C2 43 0B 97
+         :     8C 50 F3 DA 73 3D 3A 8C 5A BF 22 9B 1E A7 8F CE
+         :     82 34 3D 50 03 B3 5C DA D6 12 83 72 AC 79 D6 0E
+         :     8E EE B2 00 F7 09 6D 26 2B 2A 84 47 8F B0 1B 46
+         :     5D 54 C6 ED DC DF 82 24 71 81 F3 98 F3 46 64 13
+         :     7E 47 71 D6 B4 96 79 2C 7E 5F 2B 30 1E 7F 04 47
+         :             [ Another 512 bytes skipped ]
+         :   }
+
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEDMA4ECHK0M0+QuEL9AgIBIgSCAoDRq+KRY+0XP0tO
+lwBTzViiXSXoyNnKAZKt5r5K/fGNntv22g/1s/ZNCetrqsJDC5eMUPPacz06jFq/
+Ipsep4/OgjQ9UAOzXNrWEoNyrHnWDo7usgD3CW0mKyqER4+wG0ZdVMbt3N+CJHGB
+85jzRmQTfkdx1rSWeSx+XyswHn8ER4+hQ+omKWMVm7AFkjjmP/KmhUnLT98J8rhU
+ArQoFPHz/6HVkypFccNaPPNg6IA4aS2A+TU9vJYOaXSVfFB2yf99hfYYzC+ukmuU
+5Lun0cysK5s/5uSwDueUmDQKspnaNyiaMGDxvw8hilJc7vg0fGObfnbIpizhxJwq
+gKBfR7Zt0Hv8OYi1He4MehfMGdbHskztF+yQ40LplBGXQrvAqpU4zShga1BoQ98T
+0ekbBmqj7hg47VFsppXR7DKhx7G7rpMmdKbFhAZVCjae7rRGpUtD52cpFdPhMyAX
+huhMkoczwUW8B/rM4272lkHo6Br0yk/TQfTEGkvryflNVu6lniPTV151WV5U1M3o
+3G3a44eDyt7Ln+WSOpWtbPQMTrpKhur6WXgJvrpa/m02oOGdvOlDsoOCgavgQMWg
+7xKKL7620pHl7p7f/8tlE8q6vLXVvyNtAOgt/JAr2rgvrHaZSzDE0DwgCjBXEm+7
+cVMVNkHod7bLQefVanVtWqPzbmr8f7gKeuGwWSG9oew/lN2hxcLEPJHAQlnLgx3P
+0GdGjK9NvwA0EP2gYIeE4+UtSder7xQ7bVh25VB20R4TTIIs4aXXCVOoQPagnzaT
+6JLgl8FrvdfjHwIvmSOO1YMNmILBq000Q8WDqyErBDs4hsvtO6VQ4LeqJj6gClX3
+qeJNaJFu
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/full.p7b b/tests/cert-tests/data/full.p7b
new file mode 100644
index 0000000..5438ca7
--- /dev/null
+++ b/tests/cert-tests/data/full.p7b
diff --git a/tests/cert-tests/data/full.p7b.out b/tests/cert-tests/data/full.p7b.out
new file mode 100644
index 0000000..c4dd043
--- /dev/null
+++ b/tests/cert-tests/data/full.p7b.out
@@ -0,0 +1,115 @@
+Signers:
+	Signer's issuer DN: CN=GnuTLS Test CA
+	Signer's serial: 4de0b4ca
+	Signature Algorithm: RSA-SHA256
+	Signed Attributes:
+		smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+		messageDigest: 0420ca23e4b39a242dcece33fc776b6c9195595700f92201de19426d2d505576210f
+		signingTime: 170d3135303630313139323232325a
+		contentType: 06092a864886f70d010701
+
+Number of certificates: 2
+
+-----BEGIN CERTIFICATE-----
+MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
+bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x
+LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC
+AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D
+hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh
+ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq
+58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB
+VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03
+U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L
+xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC
+AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2
+B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
+AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH
+gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3
+LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE
+/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD
+5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h
+h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc
+w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
+bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x
+LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC
+AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D
+hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh
+ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq
+58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB
+VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03
+U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L
+xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC
+AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2
+B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
+AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH
+gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3
+LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE
+/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD
+5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h
+h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc
+w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==
+-----END CERTIFICATE-----
+
+-----BEGIN PKCS7-----
+MIIKLQYJKoZIhvcNAQcCoIIKHjCCChoCAQExDzANBglghkgBZQMEAgEFADApBgkq
+hkiG9w0BBwGgHAQaSGVsbG8gdGhlcmUuIEhvdyBhcmUgeW91PwqgggdwMIIDtDCC
+AmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVUTFMg
+VGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8xLTArBgNV
+BAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCCAVIwDQYJ
+KoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0
+HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAn
+lBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnV
+x8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8
+LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhf
+Irriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdu
+mzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOB
+jTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE
+DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2B1hM6rUp
+9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45TAQPvzzAN
+BgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nHgMoMFHt0
+yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3LG5jUSCt
+q/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE/wRZT/Xg
+DCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD5joaGBW7
+zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1hh8NJ7YOv
+n323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRcw075D8hd
+QxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXjCCA7QwggJsoAMCAQIC
+BE3gtMowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0Ew
+HhcNMTEwNTI4MDgzOTM5WhcNMzgxMDEyMDgzOTQwWjAvMS0wKwYDVQQDEyRHbnVU
+TFMgVGVzdCBTZXJ2ZXIgKFJTQSBjZXJ0aWZpY2F0ZSkwggFSMA0GCSqGSIb3DQEB
+AQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH702LztQ4ZnVF3atB7CkF+DPAIR
+/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdVNRfzoXJLMMLgJ5QS81YA5s6C
+SxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6ybBw1qufHlD351cfCog1Ls256
+9whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0lYpuZgVQIFxjsfC8IojsoVzKd
+F0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPlGQWdN1PiEZ8YXyK64osNAIye
+L6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3ro22dy8U43sHHbps0FL4wPoKQ
+HrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+Aeap1AgMBAAGjgY0wgYowDAYD
+VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUdgdYTOq1KfUtgAaMg0qC
+DQnsk94wHwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcN
+AQELBQADggExAHTVpk7IebiH54MoTlsJu6Stvr4FDGPJx4DKDBR7dMrsbiJnFDF7
+ty0UtXWUqAiQAgaUxRovw4NlNKrzh0HBJnNzsDahwfdEdyxuY1Egrav22Fu4f+hn
+fSnlgoGXM2h20PSD04yx9XS7MFT7fn1ygehIdIIEqxgExP8EWU/14AwlvLeAvtvk
+5ifGRM71POygD0Pa1AUtfqdxFAEfxXzAKQKbBIoNSGfmQ+Y6GhgVu84dR9AfZhCo
+nUbw+8rkScswHLw9uZ09eTS1tEEd3RHl6LC3O9tMcSZdYYfDSe2Dr599t5jo0fXq
++IuA+oiZV5ifLbzfb2pAmp5Frwc2+6ZRZ9rHzEKiAhaUXMNO+Q/IXUMX6Rn3y9rR
+HikoI8jR10u8d3RYVKTdyEI1ItseH9nv2V4xggJjMIICXwIBATAhMBkxFzAVBgNV
+BAMTDkdudVRMUyBUZXN0IENBAgRN4LTKMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqG
+SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDYwMTE5MjIy
+MlowLwYJKoZIhvcNAQkEMSIEIMoj5LOaJC3OzjP8d2tskZVZVwD5IgHeGUJtLVBV
+diEPMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAL
+BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3
+DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIB
+MBFc74+qXESkg7uaLnUjZFD3pBZcIM+iCbU83wJtexP6wS5QelqUlrlWvHT1edU1
+ygPs3hiidfyFy3uiQ8yIg3FSPHrBPA88HRkMYtlWRYjzGumEdBroDzfqmfLtOJLr
+qDq7sAuh6GB/hNq8QbRe2mdPpUTp8ZGczmyBYadZqDX3LfLLPsIen8Nf0vfd1wDT
+dqaj2jrW3czhNC0MEBmFGLUCvcxPmDDpub+QIxfU07mOUemNlCwtzqAWMbDOSC85
+S8OGwa59bgHIY/1emx4vK0O31afqhc1zhrZI9ZiTUbdklVxiea6VbQei/CwJEMbU
+44xl3JEHplOxryZwsd0dT41H+9fVzq2ERetl8cd+4vnPSAh4dMqlh6eXVnVik9pS
+7bCle+3/mD8ytj5fCFtxm2E=
+-----END PKCS7-----
diff --git a/tests/cert-tests/data/funny-spacing.pem b/tests/cert-tests/data/funny-spacing.pem
new file mode 100644
index 0000000..98e4a75
--- /dev/null
+++ b/tests/cert-tests/data/funny-spacing.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEhDCCA+2gAwIBAgIQLhA3A99GhZ16VQ2mWWGFODANBgkqhkiG9w0BAQQFADCB  
+zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y
+eS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1Zl
+cmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEg
+Tm90IFZhbGlkYXRlZDAeFw0wMDA2MjYwMDAwMDBaFw0wMDA4MjUyMzU5NTlaMIIB
+CDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y
+eS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBl
+cnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAx
+IC0gTmV0c2NhcGUxGDAWBgNVBAMUD1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3	
+DQEJARYTc2ltb25Aam9zZWZzc29uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAyQzOiv5xRpvKHeWQEqURC8YtxDPGGehgWU4/ZD3k93uwvvkQB+l8psZa
+UTMkl3uj4Qi0UrYGEH1l325SvYE/Oa2zrRcTiCLnQ4w5t8LEukqLVBVJVaRNzABW
+e8hjTjfe+3kPRdzpXM1w8GRCNYTb5lmky0v+D0coDDURqUD8uqUCAwEAAaOCASYw
+ggEiMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBCDAqMCgGCCsG
+AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBEGCWCGSAGG+EIB
+AQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2
+M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVkNWU0
+MTQxYmVhZGIyYmQyZTg4MzE3YWY3YmY1ZDUxMTQ5OTdhM2JmNDVmOGYzZWE0NTBj
+MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNz
+MS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACTgvV56RpNJC2ddEwdgXFEkAaZ9r5JWT
+Nf2Wdv+Lv57dBWuCsvOvD/igL41lCCdU1I9Hecm+2fnOr38qBhcm87nmdLq5NT42
+Vl1BnM5o/NvFMUIJMjfnty6kxVHl/uVFWQxEys6tdyRStHhfzE8Vp48ggVZlCFA3
+dbyiEYJySHY=
+-----END CERTIFICATE-----
+	 
+\ No newline at end of file
diff --git a/tests/cert-tests/data/gost-cert-ca.pem b/tests/cert-tests/data/gost-cert-ca.pem
new file mode 100644
index 0000000..b29e1bd
--- /dev/null
+++ b/tests/cert-tests/data/gost-cert-ca.pem
@@ -0,0 +1,65 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 2b929d27439e7b085b2226481fe25b6a6bc7f7ee
+	Issuer: CN=Test CA
+	Validity:
+		Not Before: Mon Oct 07 18:51:37 UTC 2019
+		Not After: Fri Oct 02 18:51:42 UTC 2037
+	Subject: CN=Test CA
+	Subject Public Key Algorithm: GOST R 34.10-2012-512
+	Algorithm Security Level: Future (512 bits)
+		Curve:	TC26-512-A
+		Digest:	STREEBOG-512
+		ParamSet: TC26-Z
+		X:
+			b1:17:9e:1f:55:64:01:dd:03:09:12:17:8f:4a:38:e8
+			21:37:b9:50:d8:ff:0a:59:89:a0:0e:af:a3:cb:dc:67
+			f9:b8:4e:7f:b6:61:f0:7b:30:7b:39:53:f2:16:dd:ca
+			87:9b:c9:c1:fe:76:72:a8:6c:8f:a9:2c:02:e7:6a:5c
+		Y:
+			46:20:fd:e0:95:ae:b1:ba:82:c0:9f:d5:a2:3d:f7:af
+			cc:79:84:e9:08:37:41:f0:84:d4:be:22:e1:0d:81:7b
+			4b:c9:82:e6:8f:f9:4c:0f:dd:d6:a8:20:aa:d8:ad:c0
+			49:3c:11:4c:0e:a6:8d:e5:7b:5c:28:f8:d5:6d:0c:0b
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+		Key Usage (critical):
+			Digital signature.
+			Certificate signing.
+			CRL signing.
+		Subject Key Identifier (not critical):
+			74cf59b3e174a809e4debf3b7ad63094343e5a4a
+	Signature Algorithm: GOSTR341012-512
+	Signature:
+		dc:07:df:59:f7:0c:84:1a:4d:88:3d:95:74:9e:60:d5
+		af:cf:23:7e:46:4b:1b:4f:be:f0:2c:da:8a:4b:eb:6c
+		f3:46:bc:62:02:55:f2:39:43:d5:9a:45:e7:f9:70:41
+		2c:1b:12:63:34:5a:19:20:65:31:29:33:b1:0c:f5:49
+		7d:12:67:a9:f8:e9:f3:fd:c5:2b:11:08:9f:b2:d7:0a
+		4f:3a:5c:a6:9d:30:7c:f0:7b:e7:2b:72:a7:e2:04:d2
+		9b:a7:f4:40:31:d2:ad:73:90:2d:60:80:2b:c3:da:c3
+		89:4d:dc:00:a9:01:5d:26:71:ff:1a:ac:80:3c:57:5b
+Other Information:
+	Fingerprint:
+		sha1:652264ab8efad9f4e17b41f84e52d5244c2752ab
+		sha256:47f73d42e8b14f5c940dbfaaa4f13a6f7e64c26d72c0aa094885c55eb53fb06e
+	Public Key ID:
+		sha1:a60d930b427a73b45a8d8bc3f1b184d651f48239
+		sha256:38c9e68a183c9e53f31550ca25f18eac10e14018e978844548667c033c69d68d
+	Public Key PIN:
+		pin-sha256:OMnmihg8nlPzFVDKJfGOrBDhQBjpeIRFSGZ8Azxp1o0=
+
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAVegAwIBAgIUK5KdJ0OeewhbIiZIH+JbamvH9+4wCgYIKoUDBwEBAwMw
+EjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0xOTEwMDcxODUxMzdaFw0zNzEwMDIxODUx
+NDJaMBIxEDAOBgNVBAMTB1Rlc3QgQ0EwgaAwFwYIKoUDBwEBAQIwCwYJKoUDBwEC
+AQIBA4GEAASBgFxq5wIsqY9sqHJ2/sHJm4fK3RbyUzl7MHvwYbZ/Trj5Z9zLo68O
+oIlZCv/YULk3Ieg4So8XEgkD3QFkVR+eF7ELDG3V+Chce+WNpg5METxJwK3YqiCo
+1t0PTPmP5oLJS3uBDeEivtSE8EE3COmEecyv9z2i1Z/AgrqxrpXg/SBGo0MwQTAP
+BgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHhgAwHQYDVR0OBBYEFHTPWbPh
+dKgJ5N6/O3rWMJQ0PlpKMAoGCCqFAwcBAQMDA4GBANwH31n3DIQaTYg9lXSeYNWv
+zyN+RksbT77wLNqKS+ts80a8YgJV8jlD1ZpF5/lwQSwbEmM0WhkgZTEpM7EM9Ul9
+Emep+Onz/cUrEQifstcKTzpcpp0wfPB75ytyp+IE0pun9EAx0q1zkC1ggCvD2sOJ
+TdwAqQFdJnH/GqyAPFdb
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/gost-cert-new.pem b/tests/cert-tests/data/gost-cert-new.pem
new file mode 100644
index 0000000..e700dcf
--- /dev/null
+++ b/tests/cert-tests/data/gost-cert-new.pem
@@ -0,0 +1,70 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 335ae5d57d3e9438e00c7a73e4cf38331345bfee
+	Issuer: CN=Test CA
+	Validity:
+		Not Before: Mon Oct 07 20:37:12 UTC 2019
+		Not After: Thu Oct 01 20:37:15 UTC 2037
+	Subject: CN=Test Server
+	Subject Public Key Algorithm: GOST R 34.10-2012-512
+	Algorithm Security Level: Future (512 bits)
+		Curve:	TC26-512-A
+		Digest:	STREEBOG-512
+		ParamSet: TC26-Z
+		X:
+			64:13:c4:c7:fc:9d:b1:20:7a:8a:f0:50:9e:c6:5f:72
+			01:35:e0:fd:98:db:48:33:c0:96:a0:57:51:ea:09:c2
+			14:f5:d1:90:d2:19:52:42:b9:b3:b1:cb:7d:94:b7:0b
+			00:fa:4e:e0:bc:67:20:96:63:96:de:e8:89:66:f6:50
+		Y:
+			6e:7b:a4:9f:0b:17:d1:ce:f9:ee:e2:e7:b4:4f:0e:ce
+			6d:06:15:31:1f:05:69:da:bd:25:89:99:45:2a:32:d3
+			55:81:e5:96:25:73:ab:6b:43:0c:84:70:9e:65:97:05
+			1a:23:1f:a4:97:2e:0c:4f:15:cb:3a:1e:d2:95:46:4f
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Subject Alternative Name (not critical):
+			DNSname: localhost
+		Key Purpose (not critical):
+			TLS WWW Server.
+		Key Usage (critical):
+			Digital signature.
+		Subject Key Identifier (not critical):
+			04e41e66a4bf78e63e28bb34eed6956a20d47616
+		Authority Key Identifier (not critical):
+			74cf59b3e174a809e4debf3b7ad63094343e5a4a
+	Signature Algorithm: GOSTR341012-512
+	Signature:
+		d2:3b:41:c0:58:3d:4b:4f:91:ca:e3:68:37:34:c7:bf
+		bd:4b:af:6d:40:ec:53:6f:73:a2:f2:ef:ad:bb:c2:c2
+		10:7e:39:a7:75:e3:1a:23:9c:b1:2e:ca:8e:04:34:22
+		94:0b:24:dc:d0:c8:a1:ec:3a:23:59:bb:0f:f4:87:e9
+		24:64:34:42:4e:8f:76:e8:c2:d4:b2:b7:4c:7d:b5:51
+		41:65:4d:6e:f3:29:89:8f:aa:76:b0:bc:a7:7d:56:21
+		88:46:b1:42:83:9a:7d:2c:45:c0:1c:bc:6a:0e:43:3d
+		09:6a:0e:3d:11:10:ce:ee:4c:3d:cc:d6:81:42:08:b9
+Other Information:
+	Fingerprint:
+		sha1:087e529deb0bc108e536c79fbaf6d9a67655caac
+		sha256:3ec70a1ba9610ef92429681a82f3d8da299dce0a54b9ecbabbe618de4bd79d3e
+	Public Key ID:
+		sha1:817128c34ab7d8f90b2498e56735c9dee8b4cc44
+		sha256:7e1c1612baf3fa9fbdf653456639b59124e462a6599ece01c2a64b902847755b
+	Public Key PIN:
+		pin-sha256:fhwWErrz+p+99lNFZjm1kSTkYqZZns4BwqZLkChHdVs=
+
+-----BEGIN CERTIFICATE-----
+MIICOjCCAaagAwIBAgIUM1rl1X0+lDjgDHpz5M84MxNFv+4wCgYIKoUDBwEBAwMw
+EjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0xOTEwMDcyMDM3MTJaFw0zNzEwMDEyMDM3
+MTVaMBYxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGgMBcGCCqFAwcBAQECMAsGCSqF
+AwcBAgECAQOBhAAEgYBQ9maJ6N6WY5YgZ7zgTvoAC7eUfcuxs7lCUhnSkNH1FMIJ
+6lFXoJbAM0jbmP3gNQFyX8aeUPCKeiCxnfzHxBNkT0aV0h46yxVPDC6XpB8jGgWX
+ZZ5whAxDa6tzJZblgVXTMipFmYklvdppBR8xFQZtzg5PtOfi7vnO0RcLn6R7bqOB
+jTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE
+DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQE5B5mpL94
+5j4ouzTu1pVqINR2FjAfBgNVHSMEGDAWgBR0z1mz4XSoCeTevzt61jCUND5aSjAK
+BggqhQMHAQEDAwOBgQDSO0HAWD1LT5HK42g3NMe/vUuvbUDsU29zovLvrbvCwhB+
+Oad14xojnLEuyo4ENCKUCyTc0Mih7DojWbsP9IfpJGQ0Qk6PdujC1LK3TH21UUFl
+TW7zKYmPqnawvKd9ViGIRrFCg5p9LEXAHLxqDkM9CWoOPREQzu5MPczWgUIIuQ==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/gost-cert-nogost.pem b/tests/cert-tests/data/gost-cert-nogost.pem
new file mode 100644
index 0000000..d393374
--- /dev/null
+++ b/tests/cert-tests/data/gost-cert-nogost.pem
@@ -0,0 +1,47 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 011f
+	Issuer: CN=SuperPlat CA 01,OU=SuperPlat CA,O=SuperPlat,L=Moscow,ST=Russia,C=RU
+	Validity:
+		Not Before: Fri Aug 17 06:47:36 UTC 2012
+		Not After: Sat Aug 17 06:47:36 UTC 2013
+	Subject: CN=SuperTerm0000001,OU=SuperPlat Terminals,O=SuperPlat,L=Moscow,ST=Russia,C=RU
+error importing public key: The curve is unsupported
+	Subject Public Key Algorithm: GOST R 34.10-2001
+	Extensions:
+		Basic Constraints (not critical):
+			Certificate Authority (CA): FALSE
+		Unknown extension 2.16.840.1.113730.1.13 (not critical):
+			ASCII: ..OpenSSL Generated Certificate
+			Hexdump: 161d4f70656e53534c2047656e657261746564204365727469666963617465
+		Subject Key Identifier (not critical):
+			43fe227895724f4e3a74f264e4fd0b800c082e03
+		Authority Key Identifier (not critical):
+			9875a3b785c1641b23344d9bfbae0c2a256b44eb
+	Signature Algorithm: GOSTR341001
+warning: signed using a broken signature algorithm that can be forged.
+	Signature:
+		8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35
+		61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35
+		b2:43:1d:ed:b5:15:45:c7:10:38:41:28:68:29:62:20
+		e6:92:8a:64:34:87:b8:b9:9f:ab:c8:04:6d:26:55:99
+Other Information:
+	Fingerprint:
+		sha1:621f34c4fdd7e93f9b8f18224ba0bcd1c63a4771
+		sha256:ac6ecf4e7a876edf3e61f538d6061353c2015bfbdf60370492f7404d7f09e13a
+
+-----BEGIN CERTIFICATE-----
+MIICXjCCAgugAwIBAgICAR8wCgYGKoUDAgIDBQAwdDELMAkGA1UEBhMCUlUxDzAN
+BgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlTdXBlclBs
+YXQxFTATBgNVBAsMDFN1cGVyUGxhdCBDQTEYMBYGA1UEAwwPU3VwZXJQbGF0IENB
+IDAxMB4XDTEyMDgxNzA2NDczNloXDTEzMDgxNzA2NDczNlowfDELMAkGA1UEBhMC
+UlUxDzANBgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlT
+dXBlclBsYXQxHDAaBgNVBAsME1N1cGVyUGxhdCBUZXJtaW5hbHMxGTAXBgNVBAMM
+EFN1cGVyVGVybTAwMDAwMDEwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIe
+AQNDAARA69rbaWL2GSV1NVaWMSrWRX8d/frrwbVjJerPQKjyNeDYZxgSjTTp3dck
+6fQLx2OjQsu6n+vdyBPQex/iwbJBV6N7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEP+
+IniVck9OOnTyZOT9C4AMCC4DMB8GA1UdIwQYMBaAFJh1o7eFwWQbIzRNm/uuDCol
+a0TrMAoGBiqFAwICAwUAA0EAjzck/b7wN9nzGlwxXjPvNWGTBwM9TegsGzmibNQv
+hTWyQx3ttRVFxxA4QShoKWIg5pKKZDSHuLmfq8gEbSZVmQ==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/gost-cert.pem b/tests/cert-tests/data/gost-cert.pem
new file mode 100644
index 0000000..cd9459f
--- /dev/null
+++ b/tests/cert-tests/data/gost-cert.pem
@@ -0,0 +1,61 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 011f
+	Issuer: CN=SuperPlat CA 01,OU=SuperPlat CA,O=SuperPlat,L=Moscow,ST=Russia,C=RU
+	Validity:
+		Not Before: Fri Aug 17 06:47:36 UTC 2012
+		Not After: Sat Aug 17 06:47:36 UTC 2013
+	Subject: CN=SuperTerm0000001,OU=SuperPlat Terminals,O=SuperPlat,L=Moscow,ST=Russia,C=RU
+	Subject Public Key Algorithm: GOST R 34.10-2001
+	Algorithm Security Level: High (256 bits)
+		Curve:	CryptoPro-A
+		Digest:	GOSTR341194
+		ParamSet: CryptoPro-A
+		X:
+			e0:35:f2:a8:40:cf:ea:25:63:b5:c1:eb:fa:fd:1d:7f
+			45:d6:2a:31:96:56:35:75:25:19:f6:62:69:db:da:eb
+		Y:
+			57:41:b2:c1:e2:1f:7b:d0:13:c8:dd:eb:9f:ba:cb:42
+			a3:63:c7:0b:f4:e9:24:d7:dd:e9:34:8d:12:18:67:d8
+	Extensions:
+		Basic Constraints (not critical):
+			Certificate Authority (CA): FALSE
+		Unknown extension 2.16.840.1.113730.1.13 (not critical):
+			ASCII: ..OpenSSL Generated Certificate
+			Hexdump: 161d4f70656e53534c2047656e657261746564204365727469666963617465
+		Subject Key Identifier (not critical):
+			43fe227895724f4e3a74f264e4fd0b800c082e03
+		Authority Key Identifier (not critical):
+			9875a3b785c1641b23344d9bfbae0c2a256b44eb
+	Signature Algorithm: GOSTR341001
+warning: signed using a broken signature algorithm that can be forged.
+	Signature:
+		8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35
+		61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35
+		b2:43:1d:ed:b5:15:45:c7:10:38:41:28:68:29:62:20
+		e6:92:8a:64:34:87:b8:b9:9f:ab:c8:04:6d:26:55:99
+Other Information:
+	Fingerprint:
+		sha1:621f34c4fdd7e93f9b8f18224ba0bcd1c63a4771
+		sha256:ac6ecf4e7a876edf3e61f538d6061353c2015bfbdf60370492f7404d7f09e13a
+	Public Key ID:
+		sha1:43757042dae9e9f5fa92cc2d2cbf4950f28a7bd0
+		sha256:cee4a59e7803bafb101af8e39e5355d7895e3b85e7616fe624d48f2c51e8bdbf
+	Public Key PIN:
+		pin-sha256:zuSlnngDuvsQGvjjnlNV14leO4XnYW/mJNSPLFHovb8=
+
+-----BEGIN CERTIFICATE-----
+MIICXjCCAgugAwIBAgICAR8wCgYGKoUDAgIDBQAwdDELMAkGA1UEBhMCUlUxDzAN
+BgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlTdXBlclBs
+YXQxFTATBgNVBAsMDFN1cGVyUGxhdCBDQTEYMBYGA1UEAwwPU3VwZXJQbGF0IENB
+IDAxMB4XDTEyMDgxNzA2NDczNloXDTEzMDgxNzA2NDczNlowfDELMAkGA1UEBhMC
+UlUxDzANBgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlT
+dXBlclBsYXQxHDAaBgNVBAsME1N1cGVyUGxhdCBUZXJtaW5hbHMxGTAXBgNVBAMM
+EFN1cGVyVGVybTAwMDAwMDEwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIe
+AQNDAARA69rbaWL2GSV1NVaWMSrWRX8d/frrwbVjJerPQKjyNeDYZxgSjTTp3dck
+6fQLx2OjQsu6n+vdyBPQex/iwbJBV6N7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEP+
+IniVck9OOnTyZOT9C4AMCC4DMB8GA1UdIwQYMBaAFJh1o7eFwWQbIzRNm/uuDCol
+a0TrMAoGBiqFAwICAwUAA0EAjzck/b7wN9nzGlwxXjPvNWGTBwM9TegsGzmibNQv
+hTWyQx3ttRVFxxA4QShoKWIg5pKKZDSHuLmfq8gEbSZVmQ==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/gost01.p12 b/tests/cert-tests/data/gost01.p12
new file mode 100644
index 0000000..1420fbc
--- /dev/null
+++ b/tests/cert-tests/data/gost01.p12
diff --git a/tests/cert-tests/data/gost12-2.p12 b/tests/cert-tests/data/gost12-2.p12
new file mode 100644
index 0000000..d7b7a62
--- /dev/null
+++ b/tests/cert-tests/data/gost12-2.p12
diff --git a/tests/cert-tests/data/gost12.p12 b/tests/cert-tests/data/gost12.p12
new file mode 100644
index 0000000..d7b7a62
--- /dev/null
+++ b/tests/cert-tests/data/gost12.p12
diff --git a/tests/cert-tests/data/gost94-cert.pem b/tests/cert-tests/data/gost94-cert.pem
new file mode 100644
index 0000000..f4d63fb
--- /dev/null
+++ b/tests/cert-tests/data/gost94-cert.pem
@@ -0,0 +1,33 @@
+X.509 Certificate Information:
+	Version: 1
+	Serial Number (hex): 230ee360469524cec70be494182e7eeb
+	Issuer: EMAIL=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example
+	Validity:
+		Not Before: Tue Aug 16 12:32:50 UTC 2005
+		Not After: Sun Aug 16 12:32:50 UTC 2015
+	Subject: EMAIL=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example
+	Subject Public Key Algorithm: 1.2.643.2.2.20
+	Signature Algorithm: 1.2.643.2.2.4
+	Signature:
+		11:c7:08:7e:12:dc:02:f1:02:23:29:47:76:8f:47:2a
+		81:83:50:e3:07:cc:f2:e4:31:23:89:42:c8:73:e1:de
+		22:f7:85:f3:55:bd:94:ec:46:91:9c:67:ac:58:d7:05
+		2a:a7:8c:b7:85:2a:01:75:85:f7:d7:38:03:fb:cd:43
+Other Information:
+	Fingerprint:
+		sha1:d43782a1f943a966f4ea1ac96bd048fe68d4d951
+		sha256:19260c765a2c820be3612dc0431c045d37570f8e4de58ba218f10a8eeb0d42d7
+
+-----BEGIN CERTIFICATE-----
+MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM
+FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV
+BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w
+HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0
+UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS
+VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG
+BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo
+GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo
+v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+
+eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB
+g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/grfc.crt b/tests/cert-tests/data/grfc.crt
new file mode 100644
index 0000000..fe7700e
--- /dev/null
+++ b/tests/cert-tests/data/grfc.crt
@@ -0,0 +1,89 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 0c8c4093bbe693bd430bf51826031d05
+	Issuer: CN=УЦ ФГУП \"ГРЧЦ\",O=ФГУП \"ГРЧЦ\",L=Москва,ST=77 г. Москва,C=RU,EMAIL=pki-grfc@grfc.ru,street=Дербеневская наб. д. 7 стр. 15,INN=007706228218,OGRN=1027739334479
+	Validity:
+		Not Before: Tue Mar 12 07:38:26 UTC 2013
+		Not After: Sun Mar 12 07:46:00 UTC 2028
+	Subject: CN=УЦ ФГУП \"ГРЧЦ\",O=ФГУП \"ГРЧЦ\",L=Москва,ST=77 г. Москва,C=RU,EMAIL=pki-grfc@grfc.ru,street=Дербеневская наб. д. 7 стр. 15,INN=007706228218,OGRN=1027739334479
+	Subject Public Key Algorithm: GOST R 34.10-2001
+	Algorithm Security Level: High (256 bits)
+		Curve:	CryptoPro-A
+		Digest:	GOSTR341194
+		ParamSet: CryptoPro-A
+		X:
+			3c:be:60:cc:c2:77:02:f6:ef:c0:fc:2c:71:69:99:61
+			c0:55:d0:b9:e8:27:1d:4b:7f:1f:98:90:27:b6:53:96
+		Y:
+			f5:df:19:10:28:26:33:cf:0c:ad:a4:f7:5c:e4:22:f0
+			45:78:d6:de:78:3d:c2:bf:9c:c5:30:8a:63:34:ff:c8
+	Extensions:
+		Subject Signing Tool(not critical):
+			"КриптоПро CSP" (версия 3.6)
+		Issuer Signing Tool(not critical):
+			SignTool: "КриптоПро CSP" (версия 3.6)
+			CATool: "Удостоверяющий центр "КриптоПро УЦ" версии 1.5
+			SignToolCert: Сертификат соответствия № СФ/121-1859 от 17.06.2012
+			CAToolCert: Сертификат соответствия № СФ/128-1822 от 01.06.2012
+		Key Usage (not critical):
+			Digital signature.
+			Certificate signing.
+			CRL signing.
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+		Subject Key Identifier (not critical):
+			6b00868389d200cf56b86be4e336101e1f72aec3
+		Unknown extension 1.3.6.1.4.1.311.21.1 (not critical):
+			ASCII: ...
+			Hexdump: 020100
+		Certificate Policies (not critical):
+			1.2.643.100.113.1 (Russian security class KC1)
+			1.2.643.100.113.2 (Russian security class KC2)
+			2.5.29.32.0 (anyPolicy)
+	Signature Algorithm: GOSTR341001
+warning: signed using a broken signature algorithm that can be forged.
+	Signature:
+		bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0
+		13:1a:21:f5:4a:d6:2e:b1:3f:f5:50:e9:96:a0:a2:c9
+		79:09:15:a2:41:c0:60:e1:1d:3f:25:8d:88:f4:4c:60
+		f3:0f:4e:e3:29:6e:b8:6e:01:b4:03:2c:07:8f:27:37
+Other Information:
+	Fingerprint:
+		sha1:c2040cc02f1d7e50abfdd1b597213579be2d0573
+		sha256:d9e6a4abdce8ac2ca7d394be7dce745e0565f0da1de382538ccc32b21a86d73c
+	Public Key ID:
+		sha1:6b00868389d200cf56b86be4e336101e1f72aec3
+		sha256:1e6b34a93b04a67bfb05270b3f26b9c945f095f24ab7fc2fe8ca4cce01a45682
+	Public Key PIN:
+		pin-sha256:Hms0qTsEpnv7BScLPya5yUXwlfJKt/wv6MpMzgGkVoI=
+
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/inhibit-anypolicy.pem b/tests/cert-tests/data/inhibit-anypolicy.pem
new file mode 100644
index 0000000..b2778c9
--- /dev/null
+++ b/tests/cert-tests/data/inhibit-anypolicy.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELzCCA5igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMTcwNDIyMDAwMDAwWhcNMjQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMAPzTo0+1jP5iqvrVIf
+z7OH5NTe9yufEyVcwT5b90WN0P+1uZVzevBl2p3cjRfQxFZkXVMc0W0pbmO8ec6Q
+dvgzzlE+78v9rX+S266TbE+TfwOASfk0TBJP+QNou2nnoe5lOvJS9Ht0N9cEunlu
+LL7L+JnX+yvGuzn1R8ZV5YR7AgMBAAGjggFFMIIBQTAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMA0GA1UdNgEB/wQDAgEDMBMGA1UdJQQMMAoGCCsGAQUFBwMJ
+MA4GA1UdDwEB/wQEAwIChDAdBgNVHQ4EFgQUdTq3/HNkKRRJYRH9zpDL9j0cihMw
+bwYDVR0fBGgwZjBkoGKgYIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEv
+hh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0
+Y3JsLmNybC9nZXRjcmwzLzANBgkqhkiG9w0BAQsFAAOBgQApkDINv157fSOu6frn
+uEGqK9EvX5t48v8oEAhgbWxcHYJ9d7C6WFUvkji3iMW6LeZDN1zmW8k47BKVNbq0
+dwWLWzo7q78nbfLE+0Me9+O4DY8c6bPSXoXW93YE40qpIoaCqXMmDHXEwX0EYYsW
+6nVPtCld0MKrQym2hGoSY/odfw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/invalid-date-day.der b/tests/cert-tests/data/invalid-date-day.der
new file mode 100644
index 0000000..76e7ec1
--- /dev/null
+++ b/tests/cert-tests/data/invalid-date-day.der
diff --git a/tests/cert-tests/data/invalid-date-hour.der b/tests/cert-tests/data/invalid-date-hour.der
new file mode 100644
index 0000000..5bdf8eb
--- /dev/null
+++ b/tests/cert-tests/data/invalid-date-hour.der
diff --git a/tests/cert-tests/data/invalid-date-mins.der b/tests/cert-tests/data/invalid-date-mins.der
new file mode 100644
index 0000000..47054dd
--- /dev/null
+++ b/tests/cert-tests/data/invalid-date-mins.der
diff --git a/tests/cert-tests/data/invalid-date-month.der b/tests/cert-tests/data/invalid-date-month.der
new file mode 100644
index 0000000..e3cbf73
--- /dev/null
+++ b/tests/cert-tests/data/invalid-date-month.der
diff --git a/tests/cert-tests/data/invalid-date-secs.der b/tests/cert-tests/data/invalid-date-secs.der
new file mode 100644
index 0000000..f796a30
--- /dev/null
+++ b/tests/cert-tests/data/invalid-date-secs.der
diff --git a/tests/cert-tests/data/invalid-sig.pem b/tests/cert-tests/data/invalid-sig.pem
new file mode 100644
index 0000000..bfc5941
--- /dev/null
+++ b/tests/cert-tests/data/invalid-sig.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAYegAwIBAgIIVOekqzUa8EgwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTE4MzVaGA85OTk5MTIzMTIz
+NTk1OVowIzEhMB8GA1UEAwwYRGlmZmVyZW50IHNpZyBpbiBQS0NTICMxMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u
+69yFXFg2Z/AepUU+IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14E
+Na/ZcF2MrhSM8WZ1NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8W
+F1JnlSlKuQIDAQABo2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAw
+HQYDVR0OBBYEFK9VbbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oA
+WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQADwDKSAp8T4qJ8VtDC
+c/eSP0UX0vO5mKrjUr6Vi45Ojf/0+WoFivK7fXtuK6R9vNVUo4u8kI50S1O58tRF
+3/W03bydy2ptE8vKC1pRGR1fB0AuUYa+mLa96ueQ4Q8sbOHwcG59St1N/qQLhzty
+vLlmCsrKwHi/tM1kysstvMOK4f9K47vPtSv8sh26+4bzwJ3jMMOLh1mB7dSbrdbd
+YVjq7ltBbM2C7XdNPMKrDZ0bKll6AhkVkM6zSF7DHp4DnVFeVmTE4CkXMFYqp4EC
+HHM/OLS6EqBGfVSSfezgr5kLPijdVYx8ZG53Sdkjcim+1p3GMlUMPC5DFd1kLZc1
+yCgpH9a/Vn7eu4hydDoxVGawMRm2iM3JaB7+Hsbr07Td5ni2/nXtCFRGgurTbITm
+1k19
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/invalid-sig2.pem b/tests/cert-tests/data/invalid-sig2.pem
new file mode 100644
index 0000000..69163e2
--- /dev/null
+++ b/tests/cert-tests/data/invalid-sig2.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIICwzCCAXugAwIBAgIIVOei+gI+zMYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTExMjJaGA85OTk5MTIzMTIz
+NTk1OVowFzEVMBMGA1UEAxMMV3Jvbmcgc2lnYWxnMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u69yFXFg2Z/AepUU+
+IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14ENa/ZcF2MrhSM8WZ1
+NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8WF1JnlSlKuQIDAQAB
+o2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFK9V
+bbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMB
+A+/PMA0GCSqGSIb3DQEBBAUAA4IBMQCT2A88WEahnJgfXTjLbThqc/ICOg4dnk61
+zhaTkgK3is7T8gQrTqEbaVF4qu5gOLN6Z+xluii+ApZKKpKSyYLXS6MS3nJ6xGTi
+SOqixmPv7qfQnkUvUTagZymnWQ3GxRxjAv65YpmGyti+/TdkYWDQ9R/D/sWPJO8o
+YrFNw1ZXAaNMg4EhhGZ4likMlww+e5NPfJsJ32AovveTFKqSrvabb4UtrUJTwsC4
+Bd018g2MEhTkxeTQTqzIL98CoSBJjbbZD/YW13J/3xU590QpHTgni5hAni27IFLr
+1V+UJAglBs8qYiUzv/GjwbRt8TDzYVjvc+5MvPaGpoTcmdQyi9/L+3s8J6dX3i93
+TneIXeExwjTmXKL7NG+KQz9/F4FJChRXR6X1zsSB45DzoCoGMmzD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/invalid-sig3.pem b/tests/cert-tests/data/invalid-sig3.pem
new file mode 100644
index 0000000..40c610f
--- /dev/null
+++ b/tests/cert-tests/data/invalid-sig3.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAYygAwIBAgIIVOem0AaBE/EwDQYJKoZIhvcNAQEEBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTI3NDRaGA85OTk5MTIzMTIz
+NTk1OVowKDEmMCQGA1UEAxMdSW52YWxpZCB0YnNDZXJ0aWZpY2F0ZSBzaWdhbGcw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqK+Mul6aXYYg2wCKYLrHBPGPji
+YtzFL67r3IVcWDZn8B6lRT4i9+pU55FWCDVYeuH4Nku6gLqTCftrZp9RPPK2shMq
+eL4nXgQ1r9lwXYyuFIzxZnU1aua9SW2ORslAjDJU+4jB5EfUQKpIXFWoFPxHBhnb
+sXNMvxYXUmeVKUq5AgMBAAGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD
+AwegADAdBgNVHQ4EFgQUr1VttKipsdaBnCTM3nuduYDLJPAwHwYDVR0jBBgwFoAU
+TVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAEsjzyOB8ntk
+1BW4UhHdDSOZNrR4Ep0y2B3tjoOlXmcQD50WQb7NF/vYGeZN/y+WHEF9OAnneEIi
+5wRHLnm1jP/bXd5Po3EsaTLmpE7rW99DYlHaNRcF5z+a+qTdj7mRsnUtv6o2ItNT
+m81yQr0Lw0D31agU9IAzeXZy+Dm6dQnO1GAaHlOJQR1PZIOzOtYxqodla0qxuvga
+nL+quIR29t8nb7j+n8l1+2WxCUoxEO0wv37t3MQxjXUxzGfo5NDcXqH1364UBzdM
+rOBPX50B4LUyV5gNdWMIGVSMX3fTE+j3b+60w6NALXDzGoSGLQH48hpi/Mxzqctt
+gl58/RqS+nTNQ7c6QMhTj+dgaCE/DUGJJf0354dYp7p43nabr+ZtaMPUaGUQ/1UC
+C5/QFweC23w=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/invalid-sig4.pem b/tests/cert-tests/data/invalid-sig4.pem
new file mode 100644
index 0000000..f039e3c
--- /dev/null
+++ b/tests/cert-tests/data/invalid-sig4.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1jCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
+EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
+l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
+6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
+ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
+N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
+HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
+gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
+St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
+EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
+Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
+JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTAOBgkqhkiG9w0B
+AQUEAUEDggEBAKu8vApdGJTjwbHDqExV1r60mPHuPBzNz/MkJFyWAydY/Dauoi+P
+8f7aKwLDM73I3UgiK2APpQMQ/Xf40O2WZ0/96kcgcFTcqQxVfuGWJYrZtdpXSr6N
+jklDY6VsTieHJetbbf6ifzgo4DarrTmlpWLEt1xYLKpdAWCmYmejwMdiI/TnbEbu
+tdOAaiIT0i0/dE/qr4xftDic267Or4QepvY0UVl50+N13LzX83PfkuzSIFlvnPuV
++JJ2GAp8Dyymyt6KYnvY885faL2PPsF0uxVyOhaDqQvmTZmc2FfsqAFRx29XNF6r
+SixC9k8ciXjeJk71b5NMFWsnVk0AVGx6t7c=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/invalid-sig5.pem b/tests/cert-tests/data/invalid-sig5.pem
new file mode 100644
index 0000000..f7a148c
--- /dev/null
+++ b/tests/cert-tests/data/invalid-sig5.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAlKgAwIBAgIMWXnRYyHbNWzuFxmzMD0GCSqGSIb3DQEBCjAwoA0wCwYJ
+YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNzI3MTE0MTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTEwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB
+oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEKAoIBAQDB
+uQ2UwKWT1BfN6H2B3svKL34aPW/+MTfN8McvExZsZYuQyRxeG8SV4uJ+GAtJ/Ml/
+eaUqiKG0pNCna846FUtAax/0quuVSaZ2xOVA3lMKj2frtRLJ3W6ZaglCHkZUHhII
+JEtE1s0F8aaaZ6X4/57OAi6uyFNuBSBsp3giQS6SrtFMbhq7OuSSt2T14XlVGvAI
+TiO7t21+Eukq2jDGOerUax4Yxki4l8589uXu5IQzZalj42hr9YKbNb75RAICNnY8
+jxCezc0o8KNoDF0IAK7UERz6uUQElUh/bdm0k3UV+uVA6t0disZ4gdenPuLsGSVD
+9fcbh/zFlv2V3A9HLJB3AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P
+AQH/BAUDAwcEADAdBgNVHQ4EFgQU6h4fxmpkIoNy/qx6u4Z13H7WN+QwHwYDVR0j
+BBgwFoAUZ97LfvATPRiWxwNOO+sxC5ig8VkwPQYJKoZIhvcNAQEKMDCgDTALBglg
+hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBAFGH
+zxWW8R95wmmuDecuKf31LEKPubtaeqMRqt2Vk2mGCQOxcerl6MMGyl3w46hEkAjU
+jAPwmNnB9xyEyqR5w2TYrpzsrnUcZn+6HzSiPTEJ0jhY2S8N2V+Bch1QgMwlgeaD
+bZrY6qAG6PeqoQ8XhZ8+1sI/IpQKJHmmBN+qYbLFxEPjE4QnBahPbKfbpMY0MMX0
+uuI2nSBKcYmkYiWBYdydpP24VfeoUP0V6bXc5rrDdCNGp+AxUID51GT0AoMf2FGK
+LeOLJtPqH7raz44pa1qezHq4gPeXC0Ende9j7IimpsdB6eDVle8UZipfeASq9XVL
+F430KTcS7x42r71NZUU=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/key-ca-1234.p8 b/tests/cert-tests/data/key-ca-1234.p8
new file mode 100644
index 0000000..dc6b1da
--- /dev/null
+++ b/tests/cert-tests/data/key-ca-1234.p8
@@ -0,0 +1,10 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBfDAcBgoqhkiG9w0BDAEBMA4ECPvbksad11k/AgIBYASCAVqpBTCoK88VT4i2
+SP14VJrMGLz/QfnwH0MYpfPqCfYKy7GF7mF0LOV4KIG98J0l14R0sgS7666CAxvV
+ByvdGafE77C2NdxoIzVwdC+wXISj8weztvOu8rkHizzouw0UYeoZgvcRg1TO1EUq
+CnFRf4Ksmo47n6Pkz0OsyNFqXZEgC0E5ymu8frQtTlV30UPgzSMiPbP1aK45H7uc
+7ccpXL+bZ1ycYyyVv1WLxHl8G65CUtEcDMMGSnSbSkId4EE2Obmwhy00FfvS4w8o
+BugeBJhFpF8TnyyChoBDzXKerpiY934zNhUuk3B3Ayz2JHLJ6tSCwvdMEKaLDLl5
+4iLxuVNPpavBlIvsq9zHELfVjuYV4ZPEv2eHzEzgyUgtGRdmuL1TvsM3kOG4Beo3
+/9MAiJDmvY3CuzkqfFqdeJd6VzO3Z66Cqydvy3NnlmfpQarE2+6qi7CcQ5tvhW/I
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-ca-dsa.pem b/tests/cert-tests/data/key-ca-dsa.pem
new file mode 100644
index 0000000..3510e95
--- /dev/null
+++ b/tests/cert-tests/data/key-ca-dsa.pem
@@ -0,0 +1,29 @@
+Setting log level to 2
+-----BEGIN DSA PRIVATE KEY-----
+MIIE1wIBAAKCAYEAxNL8GlkBTtfIl06DRrANFXvHHwkNKPezAMORJphd0OaEU497
+W6ymgQJXo3eoXZJBoyHrwOMOFx0Y65ii1oRYbZT1eztDAkVk40FKmNQNWHCsq4Zj
+LiMqXlAxhseGtval5AfeXWHEvGdHoiLzALLLZuXMYBRqh8rIgVHUb613aBdN2JhG
+tAl1RHvXbZJwvnaCzRZuTy04Z90afaz52pJE3ASUsfvKGKVmkfdmluOlU7RhAEW0
+uW8SeDwfcBGpSME97WcbelRcuRHDkHaDv8QvtU0WtF9ig5LAi4amZ4KJk7B3CZoH
+8v/zyDR6zCDevYf8rM9HTf2To1U5I8i+1TKJ8EAwNRLNoNPUh4YXgCjY8r5Q3NPt
+MqEZJztKyDOR6o5x0AULXpjflE0LrjyHp1NtqzSfFcqUQoDyPsFuLTnkQYJzlfPE
+X5TNCLHDByQw2TiDYlJdTp+YOWLDfAJ4dLL1cNHlsIWcsZLcMVnEz8sbWfJAk3sv
+jsahYhZhTwqR5OizAiEA0TMc2t7JeZOgtHJeboc5CToKPmNB0uYx5A4a3K1UEk0C
+ggGBAMC35py7lqAViVx3hQkro1GDSTaoCHpseOzmbHivF5Zx3ARkLkJywgd/8zjR
+ghQQVGOYOw4btdJOaqNENtpvDM+FITuJD1ecNrBxEqfNXDhTsVQ8S0eC0LXxwG0u
+k9qUEkljPhT1a+7CO+lbeVCpLfy6akK+9B4pnBCXdfQDkZA0FylXCxtX165Iuto8
+miJo2SI/qnK+P8E0KC3pY/ij3HH9aTJGVRDyq2XcD41H5hGNA0gFWwzha+vD0MVx
+Yw/wuQXmUTBR42Y8o33HZdQkDz55ZdKRxk6v9CzSnzP0rvYQUxSzTZD9wfnPnHys
+UJJvqz0jFaf3K+yEyo2SLP3w0vgEuRpNeyJ+2QcXC5ARv4JSFr52UOuTEo5UZxAb
+ail8TMhB1EJEO7rm5499Vd8oTuohfHQudU0L6Br6AEy9vGJZd1lCyidcZJ0Bqj+y
+zzUxGpQpgmrrfYYtuY5KXKz4HbHniwWwW4LGbNW2Ypks/C4nLjnfl56ElbBj26jG
+VyDMigKCAYBEjw3ptLcuVYNAS53dtkP1uku/O+bfUh25oPVSnx1cd6YT8u0opvFA
+HRK6U/fb8yvpxV7ILfJ4jC8FuWNal5ISdzmw4tddRvwmtT7AzuKvPhzum6TTpSiN
+7CKjoGZ+nowuF2nKoUS6NMScP+LPnMvrgAQOcJZ0aGR3Ds8Ax5X9fkT5zalSIWlw
+yzQPFwEvz0RozD/SGM0DRZ1ovyQGtFnVkPaDUCv1Zld31tdPTOusF/Ie1QOpJ4jd
+SirVEF3K9e5qyGBM366a94CEl+GZywV1n+6IEfF6sGyee4JHeIO0IaQQKDRHisXi
+iYTd7Cr3CS6oKK1EMDWbVuKeqzod+Tvk8+ExoarLcIaN2MIUfLA2PLlkhGdk9DIj
+uJ2QG+qm8o3bGP43vtKEz93xgWH5uyPjT3Ff5OHQ7tp5k3E3XAWE3wJvTbp3nqVh
+AW1+96xesu2j4LUQATtjEEXysbaOZKfmceP3L6DVwWgpMRY0PwpWVbVdlHIK+/73
+f5KeFIUPX44CIQCgUxkzi+BY/Xw8H1a0ebDANAuoH3zKJxPLt8Vm+b0JNA==
+-----END DSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-ca-empty.p8 b/tests/cert-tests/data/key-ca-empty.p8
new file mode 100644
index 0000000..f86433f
--- /dev/null
+++ b/tests/cert-tests/data/key-ca-empty.p8
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAxpQGKKdRJDmxWgFU
+m1DUFwxN36xCAAflcjDciC2CFoDaI0eoRnzIiE8PatK0hpfblIeFNS9R5xwzfmsc
+AAcbuwIDAQABAkA/9SUWqu0jccGBb7REYgAtfDUIuX54bBKmeL5Ozfl8LWoRgKyN
+LADN425xXm6tedNOaxugc0iKDngyfBsvVKdhAiEAy12kK1sWKVx2J1gF6AJrcAyu
+TFB82yLyTV+6FhcRhmUCIQD5+SyPI0fK26dGOfBboQhE0JZ+LKd89aiJmFtg4Kpn
+nwIhAKQL+5xFs9DVlzIRnWIUYZpXgFprKuySeibUK4YaQbbJAiEAqdMq/qPNZngM
+EJ3UOawRXg8H7viPYUnUEoa7rfl0S6kCIQC2sU2pHtU6b2S36aNyx6dTMldpqsWd
+GiD8T2oCOC5T9Q==
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-ca-null.p8 b/tests/cert-tests/data/key-ca-null.p8
new file mode 100644
index 0000000..e58483e
--- /dev/null
+++ b/tests/cert-tests/data/key-ca-null.p8
@@ -0,0 +1,10 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBfDAcBgoqhkiG9w0BDAEBMA4ECOxO+XewS2/+AgIBBQSCAVqE1UFN8VmjMRbS
+BNL/J+bUCtOy/4i14m5MBzCTlPqx/Fs2ecD1VoaLJof0qO/v6YBhGEJeTi2v9Xld
+5mXzUBjCKC7ETdfWkUhzdX2rGc1pe9sMMpNFD3UK92QG5KUBFZ32MBdBmb/RGmNW
+Z3zM6JEZwkTP9drrZRyQSsCTkjRcRODsv6sS+ftWljDteeQaWFDQhxz+kKN7BDpa
+jxYLBoM330OB8wwa4NxPNa9GhtASpxgHuE0crViXh3rR30VF5HNcyQwT3jZW69CB
+szFuV2n53WowjhgkUAXx+EQCxlTREoIX7FxZofl/IVtZNkfzXTZ9MT3yZxW1EDkO
+B2RhEDbEEv1A4k073xmmFZMEP0lDgy+ufLFfDjJZoacq1lcWpySQBbIDCta3s1Tz
+GbPRkJGGAIVa8O+T6O++rcI7o/kRZMr9B3/hvOemFcWxx0RZzMP870x83xLBmcyM
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-ca.pem b/tests/cert-tests/data/key-ca.pem
new file mode 100644
index 0000000..885c32c
--- /dev/null
+++ b/tests/cert-tests/data/key-ca.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDAD806NPtYz+Yqr61SH8+zh+TU3vcrnxMlXME+W/dFjdD/tbmV
+c3rwZdqd3I0X0MRWZF1THNFtKW5jvHnOkHb4M85RPu/L/a1/ktuuk2xPk38DgEn5
+NEwST/kDaLtp56HuZTryUvR7dDfXBLp5biy+y/iZ1/srxrs59UfGVeWEewIDAQAB
+AoGAASQ25okpE0KNDiTkJVBOFjWRDRjUJDy6SucNuPan9hBdNR/Z3gMFMIeScIy+
+g+04NYE8MsHBluH/p3UXzjv6kQVuUzSx2Tqu8KjUjbWoAlhusxr9vqJGPPMoC8A8
+8Ubbl4TJFoZXEWmlGZPe00zSJhtYmwY4fYvZkohLyu1LYA0CQQDTozWT5yZ1jRd9
+cDJQ29bdaEPA8UFnLwqkuWL1iRNfeFFICW3wPQPukX6ImIszWsn7aXvtmT2qsu3e
+XQlUiZFnAkEA6FIf7WFs/K19mGbbwJz1TJH1hErVXXbtHplnFRUUm/dqQe3x3Y/d
+lb6EilPFDikW/sF7XBPexN5PdlVlNG0jzQJALaBlH6LY3sTxSIDUyCvtEcS1vrYE
+hKtWnxa8p/TKcW2uEFrAEegFnfxODELe18599y7RofLEobV7pNHn/gq+hwJAZdrj
+rpKBUwLJRtEJ1Ze7IDf5+WdJxnGGolzFSgP1BjBiQMeOvAIAN0/REkiJ45x2PXkc
+mZEIoS2Kjyn/dg3HnQJARXgQ+9fs/UemybHUzl/ywIyYgODebSaV+gOKs41QJtM4
+eP8ajeKtIn3jLsODnlEqkD9Dl2pOHtpz6T/PJM7kMA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-corpus-rc2-1.p12 b/tests/cert-tests/data/key-corpus-rc2-1.p12
new file mode 100644
index 0000000..6934671
--- /dev/null
+++ b/tests/cert-tests/data/key-corpus-rc2-1.p12
diff --git a/tests/cert-tests/data/key-corpus-rc2-1.p12.out b/tests/cert-tests/data/key-corpus-rc2-1.p12.out
new file mode 100644
index 0000000..1781059
--- /dev/null
+++ b/tests/cert-tests/data/key-corpus-rc2-1.p12.out
@@ -0,0 +1,49 @@
+MAC info:
+	MAC: SHA1 (1.3.14.3.2.26)
+	Salt: 15abd4aae92cfbb3
+	Salt size: 8
+	Iteration count: 2048
+
+BAG #0
+	Type: Encrypted
+	Schema: unsupported (1.2.840.113549.1.5.13)
+
+	Decrypting...
+
+BAG #1
+	Elements: 1
+	Type: PKCS #8 Encrypted key
+PKCS #8 information:
+	Schema: unsupported (1.2.840.113549.1.5.13/1.2.840.113549.3.2)
+	Friendly name: localhost
+	Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFFjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIdEQTzibS3T4CAggA
+AgEQMBkGCCqGSIb3DQMCMA0CAToECIsUAMlY1UYWBIIEyL3UIAopSHJrUxiQECqc
+LgvJS44aldUGZqdY/DalYH4O15IjMsYKPlfi7Nk0sAR7svlojH/LGq4oZ0jvmzJr
+RjbNrKOheKb716qXvTg8KA5hlEALMB5+P1N040VYo+cB2lrPGuoAgfEDz9XHgZ9e
+cVUrFRW+mzKogL6B/KrIBQ7cFXYPJAlvueRuGMByFgi/Mb4CK7yj8wTAwofHHKST
+uMLNKxfopn8VkcWky2xPS/7s90ZfT+qZITae/g08a7fMWG94nbrD1dvnZkvR+tjK
+9nggB/p7bugqe4sztsQ4+oNyA9LNH7WTLjYWFZ+pNBghAxDqtCWK4VN7kMwMYj8U
+36zJ46eZiMw+zQuU//jA5Y/heT+/HV2oF7teqK2qbtafjyxMhXW8yl1NlTVTTpoO
+VqbgUfm0dMH6NoYbAVZOab3mm/ZcIpGV9iUm457vASdi3H5KrkETiBoWXLFYfn73
+cp8WpeDuCG/4TzXy+oeyLjq03KHyRX5uBAYbGIhGiAjtpaB+p07XQRSxS38NO8/4
+8pYHfux3CLU5o3DfjkIsTP/YTTjrpzvF8oT+VKfCw3U2Da3R4zZpGEcDeMhaGhcF
+W0N6AFJVNhFRJgmj8GH7hh5zFf83Ir15RhRowX03QkL5LPTLhw73bjjIMA59EQxS
+KI2u4QwnbjnPc0XQqwuAYAlnIwKWtpMIl8oeAIj0kM0D1IqehG3ZdPqOdXCeKqrC
+dX2KJHzsVCHInvtKvnFglFEFdKAIktbchjdJEZQkflTF71W0xfqTG/Ubj1ammMpA
+erfKfdIFjK6Q8JWCZrhXwU+vQ+xocyWr5yuTxLelLj+cGCu4x+AorH5H5+v9PWRG
+jiMrfwTyR9c5fdgpyTNvYLpRerNnz/l8oVb0snSA4d3BBvXx75H+O5M96k6E6XPa
+gWtamTjxadqGZ4chw/QB2dGxz4fBgfBQ0osHKLT3PO/XHbs4EBdODCwa1m92//fw
+7d0SUx+PYAksZ/6e7j226KQAdMmAifmo0uJj8y3brq3rocrMlHAkeK3FCyRSDwuH
+16ozDlOaQP1Le7Sn9PX3Puv182silzuazrl6EchujVm7hKiYwxPTsCqSb+es1Q+l
+oKpAmHJJcLIjSZU9SKXP2JkRVZBt7IHUFiu9QjEkE52rj/Y8okylHlOig11S8BAF
+uiPpcENMsValy++IbCD8HDZOKM4jqaReAw0uiFGqk10DXWXCQpKBgs7J0B/QBCzE
+cCqQGFaUlPe+SPg9xNBoP7CNPgfOpIs3Y0BJ1xOpilLVz8h8aJ6xvlzlUE92zM1x
+nucPQzEb6k3doIWKUzQ9G9TESvJ5vBU58NVfB1SIy/eq7TnUsp96PGQf7u/aWoMM
+8C/zZatcQ3PyYgMeuOjsWMpyLEECzi/zMsjbnknxZNm+cqUm2C+b1ZPD2AtWuz5u
+m1azJNv73RdEB+eoc5yNCtm2qFnO7Givr4bfwU5bRfh+atyoNDUpY/pGQtj9UJ6+
+XPvobYe2HqIYKwkDOpP9wX7ClCiPoOlt7VKMuBJQy/1JFC6DRA7oBYmcZbZxw2uo
+j/dC2cK5jsPC75a5+8HqySwQGlBGxlMOeyi/pKzSdWOdZ9NEshvTje/mnme3Hx05
+JWamOc7reYsFpA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-corpus-rc2-2.p12 b/tests/cert-tests/data/key-corpus-rc2-2.p12
new file mode 100644
index 0000000..77789fb
--- /dev/null
+++ b/tests/cert-tests/data/key-corpus-rc2-2.p12
diff --git a/tests/cert-tests/data/key-corpus-rc2-3.p12 b/tests/cert-tests/data/key-corpus-rc2-3.p12
new file mode 100644
index 0000000..5f5a7b9
--- /dev/null
+++ b/tests/cert-tests/data/key-corpus-rc2-3.p12
diff --git a/tests/cert-tests/data/key-dsa.pem b/tests/cert-tests/data/key-dsa.pem
new file mode 100644
index 0000000..dcb30ea
--- /dev/null
+++ b/tests/cert-tests/data/key-dsa.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPQIBAAKCAQEAid7TwoSUalI4pnqpO0zaVF+xZY0jigJeR5ZkaytzNNzhHQVz
+ssSvu9cYt59IY5n1KJ0u6EqGpxNjis9O5/EOFn+obhgbeUQlQ8KLLCTMEEy9FWIb
+Ww7NuGvjt3SbpotqbLX5e2Qd3ygISP8AIdTeR0+D8XjuxJyeRRemo1g7hOVVoyOk
+EA6t7xypsYosBj18iq4ZETTHZc14NIJpLLasINgzdhoHIfWcXj0aUu5cd/Hube2d
+z+6EdIL3SayEhsYiUaRN7i/DNQmDrNYiWXrCYjP+YWVxZ1RAOK/35hD/b2B15/uR
+naDljvdOScUB5k7ebfUpGtRBbysh9BSudPh55QIVAOSh70VzAvVEPY/Mc+gShMy1
+PiNBAoIBABI72+KLTlLnmKJJmr6aMKqC6bmjF0Tetm2vqgsQXchuqZrIsqY0b41m
+l16DuoT22BhmmW1sK5oB44049iiVVoDrB6eU0aSMuuXb5Fj6f3suDAuLEqch+F75
+7IvH5AnzLFQpSo7/hWzeB8Y6tjqMp8JtWLmgfBg0ZG9WXfmTCLFYcYO2jEBdeuVC
+ANCer22nvWV50fRtMppZ/JVDtkewxqwTpY5QZ/s20z4vJ++fkUUxJLLvfvzpWV1+
+W/sDpEJU24DRPgFF2cOCFOLcjysJeH5dkflapM1MDdVCrrwN/SEI7IInjA0tmWBq
+CcUTxAi26ik7udH/EunQHIgTwB5uEvYCggEAeB9voN2lfVTNvGLxNeX9pOOXTPW6
+kJX62TAL1v0LlfoM3GCRjBNfm1i+iTTMzfqUZMRcL+xtxudoOJZxTgpx2ckwIoOE
+pCzY2C6wW24hMNnoHADGFu+ufby+2ufcILLuoeSBb0shkThl1u/CQKGpG5ds4aIH
++8p8qM5jpIZM2mQEa6rYRLnjJJspAFHg3ERDoOeJIGU9GRskoauMyacXGHv4rvGt
+yYXYuBpKKy69WWD17F8Y/mjDX0qxSj4rNnneBxvwCQ3Bz8lsDIA5Q6NyphhcT70A
+lOhAf/n9Mm2xAmuFSY4W9HI23YB/n4zTBqhXfRhmNMP4q3l0ZoWm4OsLOgIUZQeD
+EyFUllnkdimZ5ulEfOvi5/I=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-ecc.p8 b/tests/cert-tests/data/key-ecc.p8
new file mode 100644
index 0000000..189ab01
--- /dev/null
+++ b/tests/cert-tests/data/key-ecc.p8
@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIH3AgEAMBAGByqGSM49AgEGBSuBBAAjBIHfMIHcAgEBBEIB0Q4ImmR/QzaLTcoL
+uzq0vVA28hRlQKGLWq9g6yJgG7dCSWiCHFEiJTWjost5d/FeH32SsIUv/3b23sf6
+JObBbdmgBwYFK4EEACOhgYkDgYYABAFnPgQpDICaoXXeWB2Fh3QOiwm4BQSkZzC5
+JKwwbfTDIX+rS1TyZVjgZtt+twmmL+nOxMtpdsW+9OFmy2kVjy1a3gGIZjei/XsK
+d84XH/9pdIdyUaaaevaFL3Hnjgw+nsPK40Ii0j2b91oZ6+qnIV7hkA4g+pCL33h7
+AZtfTYAktAKdyw==
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-ecc.pem b/tests/cert-tests/data/key-ecc.pem
new file mode 100644
index 0000000..57e40c7
--- /dev/null
+++ b/tests/cert-tests/data/key-ecc.pem
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIB0Q4ImmR/QzaLTcoLuzq0vVA28hRlQKGLWq9g6yJgG7dCSWiCHFEi
+JTWjost5d/FeH32SsIUv/3b23sf6JObBbdmgBwYFK4EEACOhgYkDgYYABAFnPgQp
+DICaoXXeWB2Fh3QOiwm4BQSkZzC5JKwwbfTDIX+rS1TyZVjgZtt+twmmL+nOxMtp
+dsW+9OFmy2kVjy1a3gGIZjei/XsKd84XH/9pdIdyUaaaevaFL3Hnjgw+nsPK40Ii
+0j2b91oZ6+qnIV7hkA4g+pCL33h7AZtfTYAktAKdyw==
+-----END EC PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8 b/tests/cert-tests/data/key-gost01-2-enc.p8
new file mode 100644
index 0000000..81d8347
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2-enc.p8
@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIG4MG0GCSqGSIb3DQEFDTBgMD8GCSqGSIb3DQEFDDAyBCC6bhoitdzE02HJYwrv
+t6fS+JQ/UFHInX9LqJgR/KdF+AICB9AwCgYGKoUDAgIKBQAwHQYGKoUDAgIVMBME
+CJYqb3jDyCMsBgcqhQMCAh8BBEdzhSi7v1vL7sUZpcQSmmpzTCj+Tgkff4uLp6hH
+lHc23xJOF6dcPvVlXPtiRUmNpl56BquVRo7Gb0vx6pKLgR8eJNmbWdoGtA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8.txt b/tests/cert-tests/data/key-gost01-2-enc.p8.txt
new file mode 100644
index 0000000..e979dd6
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2-enc.p8.txt
@@ -0,0 +1,40 @@
+PKCS #8 information:
+	Cipher: GOST28147-CPA-CFB
+	Schema: PBES2-GOST28147-89-CPA (1.2.643.2.2.31.1)
+	Salt: ba6e1a22b5dcc4d361c9630aefb7a7d2f8943f5051c89d7f4ba89811fca745f8
+	Salt size: 32
+	Iteration count: 2000
+
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2001
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	GOSTR341194
+paramset:	CryptoPro-A
+private key:
+	c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c
+	ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16
+	
+
+x:
+	da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0
+	a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79
+	
+
+y:
+	92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9
+	1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b
+	
+
+
+Public Key PIN:
+	pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0=
+Public Key ID:
+	sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd
+	sha1:56f0aab16eb873a50453b5209b65fe31e6493317
+
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ
+kQMtUnRz72zwNOLV8bHd+W5LdGBKDck=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2.p8 b/tests/cert-tests/data/key-gost01-2.p8
new file mode 100644
index 0000000..88d397e
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ
+kQMtUnRz72zwNOLV8bHd+W5LdGBKDck=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2.p8.txt b/tests/cert-tests/data/key-gost01-2.p8.txt
new file mode 100644
index 0000000..54c5626
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2001
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	GOSTR341194
+paramset:	CryptoPro-A
+private key:
+	c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c
+	ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16
+	
+
+x:
+	da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0
+	a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79
+	
+
+y:
+	92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9
+	1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b
+	
+
+
+Public Key PIN:
+	pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0=
+Public Key ID:
+	sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd
+	sha1:56f0aab16eb873a50453b5209b65fe31e6493317
+
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ
+kQMtUnRz72zwNOLV8bHd+W5LdGBKDck=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01.p8 b/tests/cert-tests/data/key-gost01.p8
new file mode 100644
index 0000000..0e4afab
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgIgCyk74FDQCCva
+54VjGmuraPNbQnhtbdpWr68WmJEED3c=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01.p8.txt b/tests/cert-tests/data/key-gost01.p8.txt
new file mode 100644
index 0000000..d0d1323
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2001
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-XchA
+digest:	GOSTR341194
+paramset:	CryptoPro-A
+private key:
+	0b:29:3b:e0:50:d0:08:2b:da:e7:85:63:1a:6b:ab:68
+	f3:5b:42:78:6d:6d:da:56:af:af:16:98:91:04:0f:77
+	
+
+x:
+	57:7e:32:4f:e7:0f:2b:6d:f4:5c:43:7a:03:05:e5:fd
+	2c:89:31:8c:13:cd:08:75:40:1a:02:60:75:68:95:84
+	
+
+y:
+	60:1a:ea:ca:bc:66:0f:df:b0:cb:c7:56:7e:bb:a6:ea
+	8d:e4:0f:ae:85:7c:9a:d0:03:88:95:b9:16:cc:eb:8f
+	
+
+
+Public Key PIN:
+	pin-sha256:zO1bMbwojs1uE302Tl1uAkcXYVw9AW8b3EauBIKNpM4=
+Public Key ID:
+	sha256:cced5b31bc288ecd6e137d364e5d6e024717615c3d016f1bdc46ae04828da4ce
+	sha1:1a0442de4518bb407e6ed5690046839a13fec03d
+
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgdw8EkZgWr69W
+2m1teEJb82iraxpjhefaKwjQUOA7KQs=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8 b/tests/cert-tests/data/key-gost12-256-2-enc.p8
new file mode 100644
index 0000000..204cce8
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHdMHEGCSqGSIb3DQEFDTBkMEEGCSqGSIb3DQEFDDA0BCD5qZr0TTIsBvdgUoq/
+zFwOzdyJohj6/4Wiyccgj9AK/QICB9AwDAYIKoUDBwEBBAIFADAfBgYqhQMCAhUw
+FQQI3Ip/Vp0IsyIGCSqFAwcBAgUBAQRoSfLhgx9s/zn+BjnhT0ror07vS55Ys5hg
+vVpWDx4mXGWWyez/2sMcaFgSr4H4UTGGwoMynGLpF1IOVo+bGJ0ePqHB+gS5OL9o
+V+PUmZ/ELrRENKlCDqfYWvpSystX29CvCFrnTnDsbBY=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt
new file mode 100644
index 0000000..949917a
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt
@@ -0,0 +1,40 @@
+PKCS #8 information:
+	Cipher: GOST28147-TC26Z-CFB
+	Schema: PBES2-GOST28147-89-TC26Z (1.2.643.7.1.2.5.1.1)
+	Salt: f9a99af44d322c06f760528abfcc5c0ecddc89a218faff85a2c9c7208fd00afd
+	Salt size: 32
+	Iteration count: 2000
+
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2012-256
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	STREEBOG-256
+paramset:	TC26-Z
+private key:
+	2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08
+	23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52
+	
+
+x:
+	62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df
+	0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7
+	
+
+y:
+	95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2
+	46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c
+	
+
+
+Public Key PIN:
+	pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y=
+Public Key ID:
+	sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366
+	sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6
+
+-----BEGIN PRIVATE KEY-----
+MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi
+tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2.p8 b/tests/cert-tests/data/key-gost12-256-2.p8
new file mode 100644
index 0000000..421422b
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEQEYbRu86z+1JFKDcPDN9UbTG
+G2ki9enTqos4KpUU0j9IDpl1UXiaA1YDIwUjlAp+81GkLmyt8Fw6Gt/X5JZySAY=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2.p8.txt b/tests/cert-tests/data/key-gost12-256-2.p8.txt
new file mode 100644
index 0000000..cb9c684
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2012-256
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	STREEBOG-256
+paramset:	TC26-Z
+private key:
+	2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08
+	23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52
+	
+
+x:
+	62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df
+	0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7
+	
+
+y:
+	95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2
+	46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c
+	
+
+
+Public Key PIN:
+	pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y=
+Public Key ID:
+	sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366
+	sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6
+
+-----BEGIN PRIVATE KEY-----
+MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi
+tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256.p8 b/tests/cert-tests/data/key-gost12-256.p8
new file mode 100644
index 0000000..df1b555
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEkCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIwIhAL/PHWI+
+XN0wMqfG6rtKkjxG5D1kD/6q8sPtOaj6OZkk
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256.p8.txt b/tests/cert-tests/data/key-gost12-256.p8.txt
new file mode 100644
index 0000000..1f45736
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2012-256
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-XchA
+digest:	STREEBOG-256
+paramset:	TC26-Z
+private key:
+	bf:cf:1d:62:3e:5c:dd:30:32:a7:c6:ea:bb:4a:92:3c
+	46:e4:3d:64:0f:fe:aa:f2:c3:ed:39:a8:fa:39:99:24
+	
+
+x:
+	97:15:66:ce:da:43:6e:e7:67:8f:7e:07:e8:4e:bb:72
+	17:40:6c:0b:47:47:aa:8f:d2:ab:14:53:c3:d0:df:ba
+	
+
+y:
+	ad:58:73:69:65:94:9f:8e:59:83:0f:8d:e2:0f:c6:c0
+	d1:77:f6:ab:59:98:74:f1:e2:e2:4f:f7:1f:9c:e6:43
+	
+
+
+Public Key PIN:
+	pin-sha256:T1yRU6smDaTNkinx7qvQTgdlWn3wf+NBoRSN0P+kZLU=
+Public Key ID:
+	sha256:4f5c9153ab260da4cd9229f1eeabd04e07655a7df07fe341a1148dd0ffa464b5
+	sha1:6af61bb89223c1fed11cd7cca8afce63112679ae
+
+-----BEGIN PRIVATE KEY-----
+MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgJJk5+qg5
+7cPyqv4PZD3kRjySSrvqxqcyMN1cPmIdz78=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-512.p8 b/tests/cert-tests/data/key-gost12-512.p8
new file mode 100644
index 0000000..6c73a4e
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-512.p8
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQICBggqhQMHAQECAwRCAkA/wBzc
+1Oxfly60gndMQeZtt/OAUo3+nmeZK6Ba7kYkNXV1MOZBB3zlh7l2yO60jEj9M/0X
+Xwx95qROAU5rywdL
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-illegal-rsa-pss.pem b/tests/cert-tests/data/key-illegal-rsa-pss.pem
new file mode 100644
index 0000000..7fe2f1c
--- /dev/null
+++ b/tests/cert-tests/data/key-illegal-rsa-pss.pem
@@ -0,0 +1,138 @@
+Public Key Info:
+	Public Key Algorithm: RSA-PSS
+		Hash Algorithm: SHA256
+		Salt Length: 1024
+	Key Security Level: Medium (2048 bits)
+
+modulus:
+	00:bc:84:37:48:41:7e:20:3b:4c:c5:ce:2a:f4:40:cc
+	d0:83:04:5a:00:e6:fa:b4:dd:a2:6f:36:c4:f9:8d:ab
+	03:52:f5:b1:e6:2c:7d:26:2d:8a:39:ce:28:9a:c9:80
+	0a:d1:b8:a3:c3:ac:64:e5:f8:5d:5a:dd:06:5d:59:15
+	e2:d1:e8:5a:e9:46:b8:67:82:27:4e:d5:26:25:58:f3
+	38:a5:25:6a:8f:be:a2:ff:37:aa:5c:8b:e4:74:ea:70
+	bc:88:e8:9a:d4:ea:be:cf:fb:78:7c:89:4b:8d:7c:cf
+	6c:0b:a9:da:2a:53:21:1b:f6:81:29:36:af:5a:90:4c
+	40:a0:0b:fa:b0:1e:a1:76:7a:15:96:31:64:9b:4a:df
+	48:71:ff:f5:e4:e0:31:98:3a:49:68:a9:a6:22:34:25
+	43:18:c0:5f:2c:b9:16:8e:14:5c:19:4e:0e:fe:17:c5
+	f5:bc:f1:ca:67:ff:76:97:0e:98:3e:e3:08:09:79:a8
+	77:84:fe:92:a4:8f:8e:ed:b2:38:e1:f6:08:40:c4:db
+	8e:a6:d5:e2:4e:4f:25:10:df:e4:0e:82:56:93:3c:de
+	72:e2:da:20:2d:5b:36:f2:93:97:58:88:c0:b5:8f:d3
+	4d:f7:0d:bf:b5:33:65:bb:bb:83:e9:d5:24:2c:94:f2
+	5d:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	4d:19:f6:52:43:17:06:af:ba:32:9c:a3:cc:ca:43:fa
+	73:db:6f:c4:36:b4:0b:0d:2a:c6:39:ac:4e:34:b6:e0
+	e1:29:43:dd:54:0c:cb:74:8c:b8:1f:ad:53:c1:5d:f1
+	0e:dd:69:7d:3a:20:fa:3d:9e:50:ef:5d:0f:08:c4:7e
+	c4:43:38:0b:78:b5:2b:00:7c:7b:2d:8a:30:74:34:e5
+	d2:05:7f:93:d2:f0:6f:59:a0:ff:c0:e7:6b:3a:07:69
+	d4:c4:ed:ae:6f:64:23:44:42:7f:0c:d8:2d:c2:02:43
+	ba:71:79:9d:1d:ea:c8:b9:05:12:8a:1f:25:f7:26:78
+	04:11:7c:ed:26:ab:71:37:f2:ca:19:fa:d2:24:df:91
+	75:35:8f:da:00:41:79:4f:4d:ba:2f:f2:66:a9:83:51
+	43:ac:bf:b1:26:e4:16:d7:a2:56:9f:57:19:ce:26:a1
+	80:e2:b8:f5:b9:af:ee:e2:ec:3b:04:0f:8b:87:a1:41
+	bb:58:d0:28:a7:ef:05:48:83:29:2d:b4:f9:e3:b7:e3
+	36:5c:e4:df:42:43:19:2d:2b:f8:87:64:2b:00:90:42
+	1b:9c:5e:7a:ac:82:b1:5b:95:de:0a:35:43:83:77:fd
+	3a:4f:9d:49:55:0c:56:c1:9d:79:08:a3:86:28:e5:31
+	
+
+prime1:
+	00:d1:01:9c:e2:64:8a:cf:58:46:e9:21:2f:e1:20:20
+	d5:98:24:5c:31:8e:5f:1f:cf:83:52:da:67:d5:60:1e
+	a0:52:b9:03:10:a3:27:95:23:bd:8e:d9:49:5e:4f:fa
+	51:28:13:cd:bb:07:8a:34:fd:5a:8e:fd:cf:19:79:48
+	c0:a4:52:4d:c0:b0:2c:8d:03:3b:2d:fa:51:e9:61:dc
+	66:fe:b5:5f:d5:dd:f3:51:5a:ca:3f:3c:84:79:cf:c4
+	ab:82:63:2c:ba:94:ff:8d:c0:04:33:64:14:4c:6b:e1
+	88:74:2f:83:78:75:2e:be:ac:86:f6:fb:b6:b7:5a:30
+	6f:
+
+prime2:
+	00:e6:e7:35:bd:cc:cd:6b:15:15:e7:d0:04:04:52:89
+	0e:72:07:de:2a:35:05:9c:0d:a4:b8:32:11:ce:7d:aa
+	eb:e7:79:bf:13:80:e4:07:9c:d4:0a:c3:cc:4c:7c:43
+	73:9c:0c:14:a9:bb:ed:ad:2f:95:31:35:eb:e2:ad:28
+	e1:33:79:28:6a:27:f9:3b:0e:cc:f0:86:f1:4a:f6:c9
+	c1:c9:0e:a3:49:1d:d9:bb:b2:6f:e7:4f:05:62:28:7e
+	a5:e9:79:df:66:98:db:27:42:5f:22:8b:72:66:d7:5a
+	05:84:94:47:13:f5:36:26:60:34:bd:00:32:d3:d1:17
+	f3:
+
+coefficient:
+	2b:01:49:bd:b6:77:88:06:c8:71:79:44:b5:8b:5c:4f
+	7b:42:95:be:e9:2a:65:3b:f3:0b:7b:85:43:4f:df:c0
+	9d:96:41:a8:d7:34:e6:74:39:1b:af:54:2d:6a:37:a9
+	5b:e6:ab:9c:39:52:d3:4a:95:19:7b:80:b6:fa:a6:ff
+	12:10:17:a1:10:8c:da:dc:b6:e1:b7:d9:03:77:97:a3
+	bf:28:a6:ff:34:04:53:15:5c:da:25:5d:49:0b:84:2a
+	e6:18:19:50:73:0a:53:53:6e:cb:bc:21:08:06:b1:11
+	be:bf:6d:c9:12:ad:fe:a6:8a:5b:87:72:f7:92:d0:94
+	
+
+exp1:
+	00:96:67:ec:b8:56:d6:35:a4:37:53:69:58:85:4f:93
+	91:62:2d:38:53:49:3b:57:2f:04:38:49:87:d3:5b:9a
+	6e:91:59:26:c5:80:43:e9:e5:90:72:0e:17:e8:50:f1
+	b8:19:79:36:e1:d2:e9:38:7c:e2:00:68:d1:f2:68:ff
+	5b:f2:64:70:23:ac:24:43:4e:01:f6:72:5f:23:ee:12
+	a7:e3:c0:2e:39:3f:c1:eb:d7:c4:17:81:bb:6b:d5:82
+	98:51:fa:80:a3:bc:b9:b3:0e:6d:77:76:1b:cd:6b:0d
+	20:1f:4c:59:f6:03:8e:22:15:12:03:06:dd:54:51:08
+	ed:
+
+exp2:
+	00:e3:3d:2e:1d:81:5d:b4:01:c7:52:20:dc:a3:28:5a
+	eb:d5:7b:3a:c0:4c:f8:1d:51:2c:07:7e:77:19:c1:81
+	21:b2:e7:95:0d:6b:ae:7e:73:70:16:bc:04:e6:4c:f0
+	d0:e9:04:d6:9d:08:6e:eb:1e:c5:f3:ed:3e:1d:12:0f
+	06:3a:73:05:3c:1b:e4:e2:a3:39:3b:89:82:14:25:75
+	ff:79:90:27:50:40:c9:54:38:52:7a:d0:c0:da:8e:41
+	bd:a4:5d:a5:67:42:0d:83:c0:85:01:e9:3c:88:4b:6d
+	b3:ba:7b:76:cc:04:69:eb:30:89:16:6c:08:99:7e:d0
+	d3:
+
+
+Public Key PIN:
+	pin-sha256:PpGrje0ZA5tMhx/WQRCuwVH5n+yaVcAvC5Ddg7J5Gl4=
+Public Key ID:
+	sha256:3e91ab8ded19039b4c871fd64110aec151f99fec9a55c02f0b90dd83b2791a5e
+	sha1:c9fdf3e23c095aed38a2a48da03657dc1374ac91
+
+-----BEGIN PRIVATE KEY-----
+MIIE7wIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
+DQEBCDALBglghkgBZQMEAgGiBAICBAAEggSoMIIEpAIBAAKCAQEAvIQ3SEF+IDtM
+xc4q9EDM0IMEWgDm+rTdom82xPmNqwNS9bHmLH0mLYo5ziiayYAK0bijw6xk5fhd
+Wt0GXVkV4tHoWulGuGeCJ07VJiVY8zilJWqPvqL/N6pci+R06nC8iOia1Oq+z/t4
+fIlLjXzPbAup2ipTIRv2gSk2r1qQTECgC/qwHqF2ehWWMWSbSt9Icf/15OAxmDpJ
+aKmmIjQlQxjAXyy5Fo4UXBlODv4XxfW88cpn/3aXDpg+4wgJeah3hP6SpI+O7bI4
+4fYIQMTbjqbV4k5PJRDf5A6CVpM83nLi2iAtWzbyk5dYiMC1j9NN9w2/tTNlu7uD
+6dUkLJTyXQIDAQABAoIBAE0Z9lJDFwavujKco8zKQ/pz22/ENrQLDSrGOaxONLbg
+4SlD3VQMy3SMuB+tU8Fd8Q7daX06IPo9nlDvXQ8IxH7EQzgLeLUrAHx7LYowdDTl
+0gV/k9Lwb1mg/8DnazoHadTE7a5vZCNEQn8M2C3CAkO6cXmdHerIuQUSih8l9yZ4
+BBF87SarcTfyyhn60iTfkXU1j9oAQXlPTbov8mapg1FDrL+xJuQW16JWn1cZziah
+gOK49bmv7uLsOwQPi4ehQbtY0Cin7wVIgykttPnjt+M2XOTfQkMZLSv4h2QrAJBC
+G5xeeqyCsVuV3go1Q4N3/TpPnUlVDFbBnXkIo4Yo5TECgYEA0QGc4mSKz1hG6SEv
+4SAg1ZgkXDGOXx/Pg1LaZ9VgHqBSuQMQoyeVI72O2UleT/pRKBPNuweKNP1ajv3P
+GXlIwKRSTcCwLI0DOy36Uelh3Gb+tV/V3fNRWso/PIR5z8SrgmMsupT/jcAEM2QU
+TGvhiHQvg3h1Lr6shvb7trdaMG8CgYEA5uc1vczNaxUV59AEBFKJDnIH3io1BZwN
+pLgyEc59quvneb8TgOQHnNQKw8xMfENznAwUqbvtrS+VMTXr4q0o4TN5KGon+TsO
+zPCG8Ur2ycHJDqNJHdm7sm/nTwViKH6l6XnfZpjbJ0JfIotyZtdaBYSURxP1NiZg
+NL0AMtPRF/MCgYEAlmfsuFbWNaQ3U2lYhU+TkWItOFNJO1cvBDhJh9Nbmm6RWSbF
+gEPp5ZByDhfoUPG4GXk24dLpOHziAGjR8mj/W/JkcCOsJENOAfZyXyPuEqfjwC45
+P8Hr18QXgbtr1YKYUfqAo7y5sw5td3YbzWsNIB9MWfYDjiIVEgMG3VRRCO0CgYEA
+4z0uHYFdtAHHUiDcoyha69V7OsBM+B1RLAd+dxnBgSGy55UNa65+c3AWvATmTPDQ
+6QTWnQhu6x7F8+0+HRIPBjpzBTwb5OKjOTuJghQldf95kCdQQMlUOFJ60MDajkG9
+pF2lZ0INg8CFAek8iEtts7p7dswEaeswiRZsCJl+0NMCgYArAUm9tneIBshxeUS1
+i1xPe0KVvukqZTvzC3uFQ0/fwJ2WQajXNOZ0ORuvVC1qN6lb5qucOVLTSpUZe4C2
++qb/EhAXoRCM2ty24bfZA3eXo78opv80BFMVXNolXUkLhCrmGBlQcwpTU27LvCEI
+BrERvr9tyRKt/qaKW4dy95LQlA==
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-illegal.pem b/tests/cert-tests/data/key-illegal.pem
new file mode 100644
index 0000000..75c7679
--- /dev/null
+++ b/tests/cert-tests/data/key-illegal.pem
@@ -0,0 +1,97 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Low (1024 bits)
+
+modulus:
+	00:a9:4e:b1:2b:17:a2:9e:1d:f6:92:05:f4:17:2e:4c
+	36:02:4a:ed:78:41:5c:6b:f8:db:5a:4d:92:d1:d7:f9
+	71:1a:ec:b8:2f:91:9e:ba:47:9e:4e:29:ac:92:12:55
+	06:73:17:eb:39:aa:0c:ee:96:f4:5a:30:3d:2f:9e:50
+	83:28:f8:c3:81:12:e4:17:28:93:de:95:b9:25:92:6a
+	4c:a8:88:2d:00:70:cf:aa:ea:95:03:bb:51:65:aa:7a
+	d7:3f:82:5f:52:1d:3a:bf:bd:7e:42:0d:b0:39:37:17
+	3d:1c:92:e4:3d:7e:57:97:7c:00:d7:63:c0:62:6a:da
+	ba:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	04:c8:d0:80:e3:3e:19:31:c7:92:00:d1:11:06:a1:e8
+	b4:cf:e1:3e:10:ba:c7:e2:54:70:8c:d8:a5:4d:71:23
+	1d:1b:ab:68:cc:b8:ab:92:f2:8a:4a:eb:31:85:8b:19
+	8f:8f:11:7a:a3:af:91:de:7a:31:42:43:b8:60:c4:ed
+	a4:2a:86:ca:c3:9d:38:13:9e:86:07:ed:d1:52:63:a6
+	9c:52:e7:23:e4:5e:b2:7a:2a:dc:16:d8:78:95:19:28
+	d3:d1:ca:67:91:5d:d6:78:2c:b4:f5:37:e4:6b:1e:91
+	43:2a:f2:f6:87:0e:b4:73:95:ec:9d:a7:e6:79:94:c1
+	
+
+prime1:
+	00:cf:fd:cc:ba:f0:9b:7b:b4:c6:53:a1:04:0b:86:c7
+	5d:ca:84:06:fb:62:62:5b:3d:cf:4f:d3:fd:77:95:9d
+	90:ca:b3:39:8b:7a:00:36:76:9b:c1:e9:98:c7:2f:df
+	62:d0:1e:da:e2:4b:1c:bb:26:a5:d6:de:e4:a7:a3:09
+	04:
+
+prime2:
+	00:d0:63:0e:5e:f5:7f:f1:09:d6:29:4d:bf:6f:2a:77
+	1d:50:d0:3f:9e:d5:ab:f3:37:ec:18:4c:6f:1a:19:0c
+	01:c2:68:8c:fb:bf:c9:36:0f:b5:01:41:d4:de:89:4b
+	26:ea:01:49:d7:e1:3a:60:29:e6:4f:17:4f:45:5b:8d
+	e9:
+
+coefficient:
+	12:67:c7:6f:f1:53:5c:46:de:2b:a8:5e:cb:99:0e:43
+	c6:b2:ec:bc:73:0a:f1:0c:7e:8a:80:ba:47:05:0a:a7
+	2f:aa:2f:8e:41:0a:bb:8c:f8:da:4b:bd:ea:21:56:6d
+	3d:0a:06:b5:78:fc:44:53:00:ef:8e:6d:f2:f6:b1:51
+	
+
+exp1:
+	00:ac:e7:b2:47:95:ef:f9:1e:d5:28:e1:f5:d4:4e:8b
+	c3:93:6b:b2:cc:8b:5f:bb:9d:e9:15:75:9c:7d:3c:39
+	e8:ce:2c:40:d2:81:09:54:25:1d:f4:69:93:24:c5:50
+	25:c2:bf:b2:15:19:bd:31:b0:c3:46:c3:5d:e8:67:92
+	d4:
+
+exp2:
+	1b:45:ab:7e:d0:00:63:8a:57:05:e6:cf:f3:fb:89:c5
+	43:6b:4d:b8:3a:dc:9b:23:29:79:f0:9e:e5:ba:7b:70
+	cb:81:a5:59:d9:3a:bb:21:89:1d:d6:00:c6:f3:0e:eb
+	d3:da:41:50:c8:80:3c:4f:9f:7d:a0:5e:56:84:69:e9
+	
+
+
+Public Key ID: 23:91:CE:75:3C:67:B5:29:2B:D9:F4:4E:3B:0A:40:4B:61:1D:2C:1A
+Public key's random art:
++--[ RSA 1024]----+
+|        oo..  .  |
+|      Eo.oo  . o |
+|      oo+.+ = o  |
+|     o.= o B +   |
+|      + S o o o  |
+|       . o . o . |
+|          .   +  |
+|           . . . |
+|            .    |
++-----------------+
+
+
+** Private key parameters validation failed **
+
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCpTrErF6KeHfaSBfQXLkw2AkrteEFca/jbWk2S0df5cRrsuC+R
+nrpHnk4prJISVQZzF+s5qgzulvRaMD0vnlCDKPjDgRLkFyiT3pW5JZJqTKiILQBw
+z6rqlQO7UWWqetc/gl9SHTq/vX5CDbA5Nxc9HJLkPX5Xl3wA12PAYmraugIDAQAB
+AoGABMjQgOM+GTHHkgDREQah6LTP4T4QusfiVHCM2KVNcSMdG6tozLirkvKKSusx
+hYsZj48ReqOvkd56MUJDuGDE7aQqhsrDnTgTnoYH7dFSY6acUucj5F6yeircFth4
+lRko09HKZ5Fd1ngstPU35GsekUMq8vaHDrRzleydp+Z5lMECQQDP/cy68Jt7tMZT
+oQQLhsddyoQG+2JiWz3PT9P9d5WdkMqzOYt6ADZ2m8HpmMcv32LQHtriSxy7JqXW
+3uSnowkEAkEA0GMOXvV/8QnWKU2/byp3HVDQP57Vq/M37BhMbxoZDAHCaIz7v8k2
+D7UBQdTeiUsm6gFJ1+E6YCnmTxdPRVuN6QJBALLLOQAGL5Jy/v4K7yA9dwpgOYiK
+9rMYPhUFSXWdI+cz/Zt9vzFcF3V0RYhaRfgYLqg7retTqFoVSgBg0OxuUSMCQBtF
+q37QAGOKVwXmz/P7icVDa024OtybIyl58J7luntwy4GlWdk6uyGJHdYAxvMO69Pa
+QVDIgDxPn32gXlaEaekCQQCVhXc3zc+VX3nM4iCpXhlET2N75ULzsR+r6CdvtwSB
+vXMBcuCE1aJHZDxqRx8XFZDZl+Ij/jrBMmtI15ebDuzH
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-invalid1.der b/tests/cert-tests/data/key-invalid1.der
new file mode 100644
index 0000000..909ee82
--- /dev/null
+++ b/tests/cert-tests/data/key-invalid1.der
diff --git a/tests/cert-tests/data/key-invalid2.der b/tests/cert-tests/data/key-invalid2.der
new file mode 100644
index 0000000..c4e90e2
--- /dev/null
+++ b/tests/cert-tests/data/key-invalid2.der
diff --git a/tests/cert-tests/data/key-invalid3.der b/tests/cert-tests/data/key-invalid3.der
new file mode 100644
index 0000000..2700ef0
--- /dev/null
+++ b/tests/cert-tests/data/key-invalid3.der
diff --git a/tests/cert-tests/data/key-invalid4.der b/tests/cert-tests/data/key-invalid4.der
new file mode 100644
index 0000000..e66c74d
--- /dev/null
+++ b/tests/cert-tests/data/key-invalid4.der
@@ -0,0 +1 @@
+0D 0+ep8                                         � �� ��      
+\ No newline at end of file
diff --git a/tests/cert-tests/data/key-invalid5.der b/tests/cert-tests/data/key-invalid5.der
new file mode 100644
index 0000000..e03829c
--- /dev/null
+++ b/tests/cert-tests/data/key-invalid5.der
diff --git a/tests/cert-tests/data/key-invalid6.der b/tests/cert-tests/data/key-invalid6.der
new file mode 100644
index 0000000..d4efbcb
--- /dev/null
+++ b/tests/cert-tests/data/key-invalid6.der
diff --git a/tests/cert-tests/data/key-rsa-pss-raw.pem b/tests/cert-tests/data/key-rsa-pss-raw.pem
new file mode 100644
index 0000000..6ef9e8b
--- /dev/null
+++ b/tests/cert-tests/data/key-rsa-pss-raw.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAndjwZ1p/m9BbCDGxvn/yvqINoivwaCwrCQ94/ckTUhw+sE4n
+2MDU23tSxf/Ac8XMFUQg9M6W6RUGsG48W5gUs616kJVBRRtdQ7zQWsOfK4BxqN02
+Aq7RSAXy284sgdcP71nl9MR77/DDCdYkUnWPu2N+mtnFfrPOT3TuAU6WZS38vCzz
++qevnYFaAvvbU7th9cAEWDlaIPo7fQNx8dC9ccVVk3nRaIitrFaLs3y0Y36eXDsL
+kR0g9qm6RjgHjVVWjhPPAb96SBj4LjMNKgHRA6NtIUWB9tyyMrwcAaAp8hTZwFYj
+LS2tkJV0pYlfWvQSjl2I1swHrKNkheKXR3L3eQIDAQABAoIBAAKf1QzSR52AQCPH
+RbwBjMqaYaQA7af9KNwnYeFpcZmKa5sdTGUV/RZG8gOcgrBw7bBQHI4ERNtntI1f
+dPbMvi1euUD7WJMRdN3A6G0xUcj5MRzcXqyxPpgD2ZcAmxELI+2lx/LedP5XFM1X
+mbZaivL4c1PO1N+nld0QinEwelYlW3slHPT2ogpx2MuA9vcmgHjwooblZOwZFVrf
+43GZ2JGwoqpSeKJP0VeKGrgjrHRlkaR3jBNZ9wj/Kq4pkW8a3pxL/sbwAxvqbNcd
+vjaolnXv7rOy2DcxyN4CZ6SXJGWn8DC5SCbF5UnoUY5I3Kvd3CKFbGuV9z4z+g5B
+XMJ90EECgYEAtsIcY/YrAHdDn9BrOp0FhdYdalBN1GXqx0o8euCjtVeh3nh9ZAj7
+q3xYJiv8seLe8kucGLeJ/cwx/pBFZ8VbJEuadKHrFJL3ibdhBXt74T6pIk9aUUTo
+6psn8Fv10WDf9fBwnK1WIxPNRVJwW/CDTdmRcRnAUoj7R55LdA4sw1kCgYEA3Rsg
+zwhRQGVCLU5rsq9vScPljXZfPjDvce0GTyqVMviz7LCKK1qPpi417zFmeqlMLmKO
+W6sjVEdgpEO6895LCNyKeFIZ6fUt37c34tFzfYu1lFpR2UKt+jzvM62rqGvOBw7c
+TKoSLefiXWrHkG5Vv8ZuApuZ1yZw8tpz3egf8SECgYEAoJr7ChmV9qXYhsRIx0yg
+QtpEJV6G1wXtic9CURXCqCVnubMXNmbyi+QNLxZuzgC6viEV/16j5KaitLwiUixM
+iRvrk12L0hvJb3v4xjGbTvma9uzXSR4OtcU+FuspniPNDTuMKxPk45SOSsJEvXci
+XLK7LrJboeyBLpH8avPeAJkCgYEAgwJ//iw/eJiHDbFZvxaUKnEYoylwZbk5J5f6
+FQ52OS2D7srsE6QlWaIn8wKiZivKJ/HdyBMva9CfQrWfIMCmVSnYIlMDZ80O0XAO
+fSb993XAsZaSyNjpnUxdr5FIFRNLkIMNpZ9gBjNPvWp3tOyrgmZg6Mqp7QGqCzvF
+S8cupgECgYBLM3bufFd34WvIIduXO3bGeJJSLBBKIkVFl0je37ywpNLryC3M9t8T
+O2l5zgh3fLtAMvgmT2Z8RCl0MO2jIZunpJ9rHrFGv2eemhWjZrJ764fMvCZwcRYG
+jmt6rS9kYu++P/oa5a8Ha1rk4vjyfkqcZST4CHitTJLQgNwQUPMRkg==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-rsa-pss.pem b/tests/cert-tests/data/key-rsa-pss.pem
new file mode 100644
index 0000000..1339318
--- /dev/null
+++ b/tests/cert-tests/data/key-rsa-pss.pem
@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIE/QIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAndjwZ1p/m9BbCDGx
+vn/yvqINoivwaCwrCQ94/ckTUhw+sE4n2MDU23tSxf/Ac8XMFUQg9M6W6RUGsG48
+W5gUs616kJVBRRtdQ7zQWsOfK4BxqN02Aq7RSAXy284sgdcP71nl9MR77/DDCdYk
+UnWPu2N+mtnFfrPOT3TuAU6WZS38vCzz+qevnYFaAvvbU7th9cAEWDlaIPo7fQNx
+8dC9ccVVk3nRaIitrFaLs3y0Y36eXDsLkR0g9qm6RjgHjVVWjhPPAb96SBj4LjMN
+KgHRA6NtIUWB9tyyMrwcAaAp8hTZwFYjLS2tkJV0pYlfWvQSjl2I1swHrKNkheKX
+R3L3eQIDAQABAoIBAAKf1QzSR52AQCPHRbwBjMqaYaQA7af9KNwnYeFpcZmKa5sd
+TGUV/RZG8gOcgrBw7bBQHI4ERNtntI1fdPbMvi1euUD7WJMRdN3A6G0xUcj5MRzc
+XqyxPpgD2ZcAmxELI+2lx/LedP5XFM1XmbZaivL4c1PO1N+nld0QinEwelYlW3sl
+HPT2ogpx2MuA9vcmgHjwooblZOwZFVrf43GZ2JGwoqpSeKJP0VeKGrgjrHRlkaR3
+jBNZ9wj/Kq4pkW8a3pxL/sbwAxvqbNcdvjaolnXv7rOy2DcxyN4CZ6SXJGWn8DC5
+SCbF5UnoUY5I3Kvd3CKFbGuV9z4z+g5BXMJ90EECgYEAtsIcY/YrAHdDn9BrOp0F
+hdYdalBN1GXqx0o8euCjtVeh3nh9ZAj7q3xYJiv8seLe8kucGLeJ/cwx/pBFZ8Vb
+JEuadKHrFJL3ibdhBXt74T6pIk9aUUTo6psn8Fv10WDf9fBwnK1WIxPNRVJwW/CD
+TdmRcRnAUoj7R55LdA4sw1kCgYEA3RsgzwhRQGVCLU5rsq9vScPljXZfPjDvce0G
+TyqVMviz7LCKK1qPpi417zFmeqlMLmKOW6sjVEdgpEO6895LCNyKeFIZ6fUt37c3
+4tFzfYu1lFpR2UKt+jzvM62rqGvOBw7cTKoSLefiXWrHkG5Vv8ZuApuZ1yZw8tpz
+3egf8SECgYEAoJr7ChmV9qXYhsRIx0ygQtpEJV6G1wXtic9CURXCqCVnubMXNmby
+i+QNLxZuzgC6viEV/16j5KaitLwiUixMiRvrk12L0hvJb3v4xjGbTvma9uzXSR4O
+tcU+FuspniPNDTuMKxPk45SOSsJEvXciXLK7LrJboeyBLpH8avPeAJkCgYEAgwJ/
+/iw/eJiHDbFZvxaUKnEYoylwZbk5J5f6FQ52OS2D7srsE6QlWaIn8wKiZivKJ/Hd
+yBMva9CfQrWfIMCmVSnYIlMDZ80O0XAOfSb993XAsZaSyNjpnUxdr5FIFRNLkIMN
+pZ9gBjNPvWp3tOyrgmZg6Mqp7QGqCzvFS8cupgECgYBLM3bufFd34WvIIduXO3bG
+eJJSLBBKIkVFl0je37ywpNLryC3M9t8TO2l5zgh3fLtAMvgmT2Z8RCl0MO2jIZun
+pJ9rHrFGv2eemhWjZrJ764fMvCZwcRYGjmt6rS9kYu++P/oa5a8Ha1rk4vjyfkqc
+ZST4CHitTJLQgNwQUPMRkqA/MD0GCisGAQQBkggSCAExLzAtBglghkgBZQMEAgIE
+ILWm/DHKGyMQovHstoEtkzhztk8rmVuJOkhzfJf+y/a3
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-subca-dsa.pem b/tests/cert-tests/data/key-subca-dsa.pem
new file mode 100644
index 0000000..98f74e3
--- /dev/null
+++ b/tests/cert-tests/data/key-subca-dsa.pem
@@ -0,0 +1,21 @@
+Setting log level to 2
+-----BEGIN DSA PRIVATE KEY-----
+MIIDTwIBAAKCAQEA4S+RSYF4Ofkhh9CiEug5GaopwisjrRbUd/C4TVbFyG3Q7H6B
+aFRag96a3JSd2BKeBqtgl2xx2gXQO1oxxDnkqYyv4j8WSI1R0RIXBeO9izeFeAWl
+LQzMeRn7me3JAaVYbgrFgVb0BY/Ob6cZtkV5LRNSKkHre+YWY7tzzQDqGz/H+d1o
+7UILiqTryIyYX6+0rHjxTxmxKF3xOkGFJYvBZtzZa7aCqpNeqnMLMdku2SbHNpyu
+7yBFA9GY0zNMe8jwBjEuoZIkF9MVY9sopCLR1YW3GvtMOTvsnDV3VpS28MTQkEyz
+syYyqONK3Em0UUhjYehSSp/n15EgVYhKrJioVwIdAIXSpNyteqPR2NrFg7QLTD5v
+HK3O/fd9xT6YlT0CggEBANhamrmZUys+YHUsM95BhbSHCcgItme7euBSCiP8DL++
+0vaPLXNmv21DqP5aYAowUVBL86jJe1NoK+Cs65pjUzGvXVbeW1pptA1pkMXlw8VR
+MdczJleTwHevrk389UrSXXs4Jd7KfO52y5Aw7FLhTt1ggZH+sDaTO2NdlqOk6t/s
++6lsbtI1iMXWytDiuG5U2mRY7w8hkIneEST/BElA4quUaDHNd/99IkvhUuqJK2pb
+TwNrNnBEr34IMlR9gYloc0AoZ9mi9127xEdi59dZ0hdPWhqX/DJXMOXoT39j8Z4h
+av0sCloW6m5oPY2LUjl11n1hHoS/CqZWWvNkJ4jLjaMCggEBAK4fM+fc8iuowcuT
+nmunkNr08VzCtcOZeo7cqP09VjyRQBk69ZSSFa0CiKRuTexrzwP9zXGgabCklfK/
+y07OX5/EVQOGeDWCz6KNY7xqME20yOLerDOIDZLE8wkDaxJuuyGa7rEtD76rk+D3
+usYc83aK9fA8tkegei/Kt/o4dGlunpl9bWWRLxVVEdBIJe4Pst775tD1MNwr8uFY
+0v0HHdDvPhrD+GWtK+2Mlg8tT50mNsJZFdiqYR76+WgPaPweY1zZ7aK294Qcmn7G
+m94kJ3UusICP0iVlhqXF4lVmOXp1+Ido77OOnRBGNfZes7IM1+icyM+ZoKyCLRDZ
+TL1zYHECHADNHOMk9jl5zXkL4sIi+LX7Hvav8/CtwdW2aVs=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-subca.pem b/tests/cert-tests/data/key-subca.pem
new file mode 100644
index 0000000..bf782b5
--- /dev/null
+++ b/tests/cert-tests/data/key-subca.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCs10rMBAozD8bi/KN5HG1HfD5SDePcffzzQAqnw/RdCOOtTDk5
+CfuJOu0xvtxSBj1LnF4F5lQYFKdIn59+efk2V1iCmpmtONzNMUdOxStIYbMH1zfo
+8G5Q+jdEqA3GpqnZHTfKYQRtqce2NfUSL5EjOdcQeW9TF4i3+hhyf7+OFwIDAQAB
+AoGAAyaBAi7BHNa1VeYPaoViA6aNiupz5gX4FrBOek13SgNG6Va8cvIKoq8oK2y7
+gjkDjwEl3SQcLkraFNgE4hssmx9nnzjS0PL+SSVxaUssQEOLfqwRL7DjSVuqN3lG
++DwA88o2jZcUeYk0KMfPh4BXndRoxSl+NLIXqUM0mDKAD/kCQQDPdoC/Na3hb3dR
+783T6Dv/Wip3FJOTgQW00JPo7z/VRWD26O4Gcu7QyWp7cE1jTJBmmFGk99UwhaQj
+dqorPuYbAkEA1UcxH4IAVbW9p4zsFtC62VCOOVTXnwJi2ukyV98sSpoQ8BxHd1fD
+TcimvlVjUP44elisS69KNvFnkLQmfDZntQJAZYhvliTlRnFRCi68ozsDMgOkyMav
+Ov9oFYgG+3cr3Gqp++0foNRbAJ+yl1rs5O4xtaRSQNRx599f52NKAQQ1hQJAOtTe
+ihB0QzBU1oka/tgpEpUUBmCO8f/YgQZeqrqXHyUMkw9Z72O4LhaxWEN5l/foYGdh
+b6c0058XsGThUNY5GQJBAIqgWAWIayeIOdIRY4jVGjbCeF3TK+KkBE9i+wPXPg/r
+togrwce4wYHadBHNeyYnKiIikqc7Lp9dMcvITWyCk2s=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-subsubca.pem b/tests/cert-tests/data/key-subsubca.pem
new file mode 100644
index 0000000..fca7c9d
--- /dev/null
+++ b/tests/cert-tests/data/key-subsubca.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBALsQ5pEpMchi/O8d7+qvAwH19OcTzvszd29dbva83gcydAMAh243
+a6d+6NsakKliKqsNpPvhg3o7/J9vnGWJq7UCAwEAAQJAGKXpL3LNWbE7URlxeYt+
+WrWJA6KPSPeW0uBthMrNeYaRXU8W17aYQ99yYe5K4fRrBA0B92XAlTn8alrxrPXk
+UQIhANH6YN5FXdj2tqdayyoF1ExXuedwLxOUF8cwEfZxH44RAiEA5BD0nxuoyKtZ
+y4OYfbfjyIHL4UljLeZ+wgzkxB1pr2UCIDm6nps9cvnNipYkTir1g1Kh48iPfUHi
+u07WFnosy8IhAiAtdIus4pBjXnOJMnNEK1CE+AmwnzXbQiNlfbhithIIWQIgJNOP
+k0WdX6yK471z5Sfl3T+9fsA5p0qgyNVF0qf18TY=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-user.pem b/tests/cert-tests/data/key-user.pem
new file mode 100644
index 0000000..6b3b30d
--- /dev/null
+++ b/tests/cert-tests/data/key-user.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC88r7u5NXiSE352QYT9V9FjaLHtr22D9o+Yp+U7QFs453YBCS8
+zJOTnTONQGr74YWDbYvTPc/biFtTeGaV0tRdIdqYCi7v21koCE7Wx2ZLQRckFt7z
+ks5e+AaKuPVfiE5Hxpg8TQdGruaIZ56+p/fboFv4M52r+iWjhvhn7zOQ5QIDAQAB
+AoGAAtx1W7S6ls41fN6pouYiTTFTd7OJGxd39iqtwL/3nfVMaWSWq20406sCIgkJ
+r0q/Wzm7b+inTx6F4E7m1S0q6tkK19SktgIuza4ZyMoKvGwG8I2Y/PkHBqV0kSg5
+WQZDqoIrPdWvAgZxpfJaCcLsJ1xTG+A7JsCyerDpWw+lm/kCQQDO6vRLy/4cTjvR
+7E8dCwf4mzOzGyx8pTPRXEFdjtqrUODmr/C5XfQXKmAxMMYU8WQT9UBP5PmgKv7x
+EOGS9CLTAkEA6cSXzblzbLLWuSd8Qb87WPOwe7f4gf0XAldFiqG79eKvJWo0BL2E
+x0iyRek/NszrnEYPdPI53xQUspPZeXt6ZwJAUkp+/eYTGY7Dm6kvjY1ljimrVf/o
+oWnSQeE+3caCkL+JsjUmt5H2EYB44RdUr9+QvZ88BIo7/MccvSLJk3gkoQJAdTes
+3u1k4VZzsPgJqHYZbisTjZXcOGIODZBxQGiE9XCrXll4p//X+o2LRt8EYZgzdHL1
+ATEMr71D+5+DZxTxdQJAHN+23/N2giXF1Ls3w4uetxRwLmkNGnpgD0/o+9Kh56xO
+hd6hDqJLqGixQFVpF13l1vEg8R/r5JjhYt8E3JMtlA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-utf8-1.p12 b/tests/cert-tests/data/key-utf8-1.p12
new file mode 100644
index 0000000..d57d12c
--- /dev/null
+++ b/tests/cert-tests/data/key-utf8-1.p12
diff --git a/tests/cert-tests/data/key-utf8-2.p12 b/tests/cert-tests/data/key-utf8-2.p12
new file mode 100644
index 0000000..40f2db6
--- /dev/null
+++ b/tests/cert-tests/data/key-utf8-2.p12
diff --git a/tests/cert-tests/data/long-dns.pem b/tests/cert-tests/data/long-dns.pem
new file mode 100644
index 0000000..fde11e4
--- /dev/null
+++ b/tests/cert-tests/data/long-dns.pem
@@ -0,0 +1,51 @@
+-----BEGIN CERTIFICATE-----
+MIIJKTCCCJKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCCAvgxgfowgfcGA1UEAxOB
+73N1cGVyLXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LWxvbmcuY29t
+MYH6MIH3BgNVBAoTge9zdXBlci12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS1sb25nIG9yZzGB+zCB+AYDVQQLE4Hwc3VwZXItdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktbG9uZyBkZXB0MB4XDTA3MDQyMjAwMDAwMFoXDTE0
+MDUyNTAwMDAwMFowggL4MYH6MIH3BgNVBAMTge9zdXBlci12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LXZlcnktdmVyeS1sb25nLmNvbTGB+jCB9wYDVQQKE4Hvc3VwZXIt
+dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktbG9uZyBvcmcxgfswgfgG
+A1UECxOB8HN1cGVyLXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LWxv
+bmcgZGVwdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT
+8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdw
+EPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQw
+UZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOCAb0wggG5MAwGA1UdEwEB/wQCMAAw
+ggEzBgNVHREEggEqMIIBJoKB73N1cGVyLXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LWxvbmcuY29tghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZl
+bm1vcmV0aGFub25lLm9yZ4cEwKgBATATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNV
+HQ8BAf8EBAMCB4AwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMC4GA1Ud
+HwQnMCUwI6AhoB+GHWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwvMA0GCSqG
+SIb3DQEBCwUAA4GBAHjr0dEvjOx+BOIfe0e5lihH0qunfQ/yp5+I5c4GEoZj+uAB
+hX2LSE9K2/qbuHTkqMz0j+fSsh4iitDGzOpkh8JP67v/8ldnGOv0DUJ1vGTmVdLb
+EcPM28Iw1imbUny7q6KV/AnNbXUW9ox24HP0taIf5oUjaZG09B/bAIrbl+CV
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/long-oids.pem b/tests/cert-tests/data/long-oids.pem
new file mode 100644
index 0000000..15e8b3e
--- /dev/null
+++ b/tests/cert-tests/data/long-oids.pem
@@ -0,0 +1,175 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 35738caf21eabd2d
+	Issuer: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US
+	Validity:
+		Not Before: Fri Jul 01 18:54:17 UTC 2016
+	Subject: CN=8a88801755a7c9070155a7cfbe360004
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Medium (2048 bits)
+		Modulus (bits 2048):
+			00:dc:70:8b:9c:84:e9:3e:79:8f:03:e5:5f:21:f0:29
+			9e:d9:94:4e:0f:37:45:47:42:da:2a:e0:da:f5:8b:fa
+			e1:f8:62:51:14:9d:9e:e0:c7:69:d0:3d:fc:25:2f:b6
+			10:45:bd:0d:bc:92:86:54:bb:4e:7d:d4:92:75:65:ba
+			48:a4:64:a1:eb:f7:e7:dc:c0:d7:0a:5e:36:13:0e:4e
+			35:cc:2c:c6:f3:e7:e7:e5:32:8a:0c:f7:47:28:7a:02
+			c2:68:66:19:3a:ba:ca:31:e2:dd:43:be:26:4c:80:12
+			0c:ae:44:40:eb:69:7d:9e:58:d3:ab:af:69:e6:54:ae
+			7d:80:ee:2c:10:e9:bb:5e:6b:89:15:2e:2c:72:26:ba
+			7f:e5:a3:66:c5:98:c6:57:bf:05:1e:55:93:a6:16:83
+			a6:88:79:8f:4e:b5:7e:70:eb:f0:a9:a6:d5:f9:1f:e6
+			ab:70:06:43:e0:de:82:ad:0e:04:17:2b:69:82:40:98
+			84:14:00:2a:a2:da:61:7b:35:ac:71:05:43:6f:55:3a
+			28:4b:d1:a4:eb:3b:f5:03:c2:f8:3c:fd:0a:c4:99:1d
+			a7:7d:08:5c:d1:15:70:73:b9:dc:5c:f2:fe:2c:c6:21
+			8a:be:bd:52:37:64:04:e5:06:3e:c6:62:a1:e9:8e:cb
+			c1
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Unknown extension 2.16.840.1.113730.1.1 (not critical):
+			ASCII: ....
+			Hexdump: 030205a0
+		Key Usage (not critical):
+			Digital signature.
+			Key encipherment.
+			Data encipherment.
+		Authority Key Identifier (not critical):
+			directoryName: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US
+			serial: 00a4e7caebbe435dcc
+			caca62860405f0f59b38d22c3c8c650fc6baa53c
+		Subject Key Identifier (not critical):
+			0e8d7b53ba5a9e9244e56458a1db8347053e32d3
+		Key Purpose (not critical):
+			TLS WWW Client.
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.1 (not critical):
+			ASCII: ..mordor_ueber_product
+			Hexdump: 0c146d6f72646f725f75656265725f70726f64756374
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.3 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.2 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.5 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1 (not critical):
+			ASCII: ..yum
+			Hexdump: 0c0379756d
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.1 (not critical):
+			ASCII: ..ueber_content
+			Hexdump: 0c0d75656265725f636f6e74656e74
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.2 (not critical):
+			ASCII: ..1467399257435_ueber_content
+			Hexdump: 0c1b313436373339393235373433355f75656265725f636f6e74656e74
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.5 (not critical):
+			ASCII: ..Custom
+			Hexdump: 0c06437573746f6d
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.6 (not critical):
+			ASCII: ../mordor
+			Hexdump: 0c072f6d6f72646f72
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.7 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.8 (not critical):
+			ASCII: ..1
+			Hexdump: 0c0131
+		Unknown extension 1.3.6.1.4.1.2312.9.4.1 (not critical):
+			ASCII: ..mordor_ueber_product
+			Hexdump: 0c146d6f72646f725f75656265725f70726f64756374
+		Unknown extension 1.3.6.1.4.1.2312.9.4.2 (not critical):
+			ASCII: ..
+			Hexdump: 0c00
+		Unknown extension 1.3.6.1.4.1.2312.9.4.3 (not critical):
+			ASCII: ..1467399257435
+			Hexdump: 0c0d31343637333939323537343335
+		Unknown extension 1.3.6.1.4.1.2312.9.4.5 (not critical):
+			ASCII: ..1
+			Hexdump: 0c0131
+		Unknown extension 1.3.6.1.4.1.2312.9.4.6 (not critical):
+			ASCII: ..2016-07-01T18:54:17Z
+			Hexdump: 0c14323031362d30372d30315431383a35343a31375a
+		Unknown extension 1.3.6.1.4.1.2312.9.4.7 (not critical):
+			ASCII: ..2049-12-01T13:00:00Z
+			Hexdump: 0c14323034392d31322d30315431333a30303a30305a
+		Unknown extension 1.3.6.1.4.1.2312.9.4.12 (not critical):
+			ASCII: ..0
+			Hexdump: 0c0130
+		Unknown extension 1.3.6.1.4.1.2312.9.4.14 (not critical):
+			ASCII: ..0
+			Hexdump: 0c0130
+		Unknown extension 1.3.6.1.4.1.2312.9.4.11 (not critical):
+			ASCII: ..1
+			Hexdump: 0c0131
+		Unknown extension 1.3.6.1.4.1.2312.9.5.1 (not critical):
+			ASCII: .$9453f8e6-84b2-482e-a3ea-01c3b3e266a5
+			Hexdump: 0c2439343533663865362d383462322d343832652d613365612d303163336233653236366135
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		f7:4d:f3:30:53:cd:35:bf:49:07:29:9b:f0:7a:aa:49
+		60:da:ce:14:45:b5:32:8f:da:c3:ce:6b:ec:bf:20:c0
+		05:a3:3a:89:c4:7d:66:34:fc:f3:16:b8:f3:03:da:fc
+		82:4a:b8:97:f8:67:3d:c2:8c:78:b4:6d:b8:bb:18:ec
+		36:ee:c4:28:79:da:fe:a1:1f:af:0b:3f:e4:75:de:83
+		ff:6b:f9:11:60:09:57:ea:85:34:ed:60:e2:94:8b:d6
+		f2:21:9b:da:97:99:f3:0d:a9:0f:b5:3b:3a:8f:96:8d
+		0b:df:30:17:03:e6:47:c3:71:32:09:18:bc:c0:a9:83
+		7e:b7:5f:5c:bb:eb:0a:18:3f:a9:40:98:ae:57:ab:99
+		3d:47:1b:98:8a:dc:6e:85:a2:ea:5e:21:80:a9:b5:48
+		c9:1d:63:c1:1b:e6:01:a1:bd:84:38:7f:1a:43:a5:d4
+		7f:41:5b:f6:88:33:b0:f1:b8:8f:e1:39:69:6f:60:13
+		d3:5d:70:de:95:0d:2f:a9:89:6c:d4:3a:eb:22:59:e6
+		31:67:71:a5:ed:fb:cb:20:11:0c:31:2e:e0:98:9a:3b
+		9c:7b:a2:74:6f:87:97:a1:d9:82:7f:7d:62:6b:45:6c
+		0b:5e:25:43:8a:20:16:7d:e5:84:18:3f:7c:da:fc:f9
+Other Information:
+	Fingerprint:
+		sha1:562de99ca9cd44ea93399ddfe902189f54fc1a4e
+		sha256:2c17e1d8f33d7d4f6737978f74338b6f5007247a6c1dfdc2336095837979a130
+	Public Key ID:
+		sha1:d2e82f7dcb5150dd512201753aa90bec77b39a7d
+		sha256:01c62db2e09e811cd9c52b041c67be79fc665b86a1ca62ce8028e3b19ede89d8
+	Public Key PIN:
+		pin-sha256:AcYtsuCegRzZxSsEHGe+efxmW4ahymLOgCjjsZ7eidg=
+
+-----BEGIN CERTIFICATE-----
+MIIG3DCCBcSgAwIBAgIINXOMryHqvS0wDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWln
+aDEQMA4GA1UEChMHS2F0ZWxsbzEUMBIGA1UECxMLU29tZU9yZ1VuaXQxLDAqBgNV
+BAMTI3NhdC1yMjIwLTEwLmxhYi5lbmcucmR1Mi5yZWRoYXQuY29tMB4XDTE2MDcw
+MTE4NTQxN1oXDTQ5MTIwMTEzMDAwMFowKzEpMCcGA1UEAxMgOGE4ODgwMTc1NWE3
+YzkwNzAxNTVhN2NmYmUzNjAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDccIuchOk+eY8D5V8h8Cme2ZRODzdFR0LaKuDa9Yv64fhiURSdnuDHadA9
+/CUvthBFvQ28koZUu0591JJ1ZbpIpGSh6/fn3MDXCl42Ew5ONcwsxvPn5+Uyigz3
+Ryh6AsJoZhk6usox4t1DviZMgBIMrkRA62l9nljTq69p5lSufYDuLBDpu15riRUu
+LHImun/lo2bFmMZXvwUeVZOmFoOmiHmPTrV+cOvwqabV+R/mq3AGQ+Degq0OBBcr
+aYJAmIQUACqi2mF7NaxxBUNvVTooS9Gk6zv1A8L4PP0KxJkdp30IXNEVcHO53Fzy
+/izGIYq+vVI3ZATlBj7GYqHpjsvBAgMBAAGjggOeMIIDmjARBglghkgBhvhCAQEE
+BAMCBaAwCwYDVR0PBAQDAgSwMIHDBgNVHSMEgbswgbiAFMrKYoYEBfD1mzjSLDyM
+ZQ/GuqU8oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fy
+b2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB0thdGVsbG8xFDASBgNV
+BAsTC1NvbWVPcmdVbml0MSwwKgYDVQQDEyNzYXQtcjIyMC0xMC5sYWIuZW5nLnJk
+dTIucmVkaGF0LmNvbYIJAKTnyuu+Q13MMB0GA1UdDgQWBBQOjXtTulqekkTlZFih
+24NHBT4y0zATBgNVHSUEDDAKBggrBgEFBQcDAjAqBhArBgEEAZIICQGq2r6++lsB
+BBYMFG1vcmRvcl91ZWJlcl9wcm9kdWN0MBYGECsGAQQBkggJAaravr76WwMEAgwA
+MBYGECsGAQQBkggJAaravr76WwIEAgwAMBYGECsGAQQBkggJAaravr76WwUEAgwA
+MBkGECsGAQQBkggJAqravr76cgEEBQwDeXVtMCQGESsGAQQBkggJAqravr76cgEB
+BA8MDXVlYmVyX2NvbnRlbnQwMgYRKwYBBAGSCAkCqtq+vvpyAQIEHQwbMTQ2NzM5
+OTI1NzQzNV91ZWJlcl9jb250ZW50MB0GESsGAQQBkggJAqravr76cgEFBAgMBkN1
+c3RvbTAeBhErBgEEAZIICQKq2r6++nIBBgQJDAcvbW9yZG9yMBcGESsGAQQBkggJ
+Aqravr76cgEHBAIMADAYBhErBgEEAZIICQKq2r6++nIBCAQDDAExMCQGCisGAQQB
+kggJBAEEFgwUbW9yZG9yX3VlYmVyX3Byb2R1Y3QwEAYKKwYBBAGSCAkEAgQCDAAw
+HQYKKwYBBAGSCAkEAwQPDA0xNDY3Mzk5MjU3NDM1MBEGCisGAQQBkggJBAUEAwwB
+MTAkBgorBgEEAZIICQQGBBYMFDIwMTYtMDctMDFUMTg6NTQ6MTdaMCQGCisGAQQB
+kggJBAcEFgwUMjA0OS0xMi0wMVQxMzowMDowMFowEQYKKwYBBAGSCAkEDAQDDAEw
+MBEGCisGAQQBkggJBA4EAwwBMDARBgorBgEEAZIICQQLBAMMATEwNAYKKwYBBAGS
+CAkFAQQmDCQ5NDUzZjhlNi04NGIyLTQ4MmUtYTNlYS0wMWMzYjNlMjY2YTUwDQYJ
+KoZIhvcNAQEFBQADggEBAPdN8zBTzTW/SQcpm/B6qklg2s4URbUyj9rDzmvsvyDA
+BaM6icR9ZjT88xa48wPa/IJKuJf4Zz3CjHi0bbi7GOw27sQoedr+oR+vCz/kdd6D
+/2v5EWAJV+qFNO1g4pSL1vIhm9qXmfMNqQ+1OzqPlo0L3zAXA+ZHw3EyCRi8wKmD
+frdfXLvrChg/qUCYrlermT1HG5iK3G6FoupeIYCptUjJHWPBG+YBob2EOH8aQ6XU
+f0Fb9ogzsPG4j+E5aW9gE9NdcN6VDS+piWzUOusiWeYxZ3Gl7fvLIBEMMS7gmJo7
+nHuidG+Hl6HZgn99YmtFbAteJUOKIBZ95YQYP3za/Pk=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/long-serial.pem b/tests/cert-tests/data/long-serial.pem
new file mode 100644
index 0000000..3d86aab
--- /dev/null
+++ b/tests/cert-tests/data/long-serial.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMzCCA5ygAwIBAgIUEjRWeJCrze/+3LoJh2VDIavN7xIwDQYJKoZIhvcNAQEL
+BQAwgbgxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtv
+a28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5
+IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEP
+MA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4X
+DTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowgbgxCzAJBgNVBAYTAkdSMQ8w
+DQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xl
+ZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixk
+AQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJ
+KoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5ge
+HEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+Mxic
+Gnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBNjCC
+ATIwDwYDVR0TAQH/BAUwAwEB/zBqBgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3
+dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEB
+gQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEF
+BQcDCTAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLK
+cjZfMG8GA1UdHwRoMGYwZKBioGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRj
+cmwxL4YeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3
+LmdldGNybC5jcmwvZ2V0Y3JsMy8wDQYJKoZIhvcNAQELBQADgYEAecQIu9BfIWdu
+KBlYZYKNtc+7m/9z7LRykpRc4dOZ/OzrZ+aVHqjAWyIxHMhDLqGhV0kHmLFQdrfs
+pvIbHZ7e2FB+u5kQK+I0wYM7m2IJGV56Fvjxeedhc+AWOBihGOBX7kkCD1v5iX2U
+mJlAAVQFAG0UpjeJEDKvuLxkmQFX2Fw=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/mac-sha512.p12 b/tests/cert-tests/data/mac-sha512.p12
new file mode 100644
index 0000000..6a5a7f0
--- /dev/null
+++ b/tests/cert-tests/data/mac-sha512.p12
diff --git a/tests/cert-tests/data/mem-leak.p12 b/tests/cert-tests/data/mem-leak.p12
new file mode 100644
index 0000000..e4eaff3
--- /dev/null
+++ b/tests/cert-tests/data/mem-leak.p12
diff --git a/tests/cert-tests/data/multi-value-dn.pem b/tests/cert-tests/data/multi-value-dn.pem
new file mode 100644
index 0000000..fe8c530
--- /dev/null
+++ b/tests/cert-tests/data/multi-value-dn.pem
@@ -0,0 +1,65 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 09
+	Issuer: C=CZ,O=corp+O=big corp+O=another corp,OU=arbitrary,UID=user,CN=unknown+CN=multi-test+CN=multi-test
+	Validity:
+		Not Before: Mon Oct 31 15:53:52 UTC 2016
+		Not After: Tue Oct 31 15:53:52 UTC 2017
+	Subject: C=CZ,O=corp+O=big corp+O=another corp,OU=arbitrary,UID=user,CN=unknown+CN=multi-test+CN=multi-test
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Low (1024 bits)
+		Modulus (bits 1024):
+			00:c0:0f:cd:3a:34:fb:58:cf:e6:2a:af:ad:52:1f:cf
+			b3:87:e4:d4:de:f7:2b:9f:13:25:5c:c1:3e:5b:f7:45
+			8d:d0:ff:b5:b9:95:73:7a:f0:65:da:9d:dc:8d:17:d0
+			c4:56:64:5d:53:1c:d1:6d:29:6e:63:bc:79:ce:90:76
+			f8:33:ce:51:3e:ef:cb:fd:ad:7f:92:db:ae:93:6c:4f
+			93:7f:03:80:49:f9:34:4c:12:4f:f9:03:68:bb:69:e7
+			a1:ee:65:3a:f2:52:f4:7b:74:37:d7:04:ba:79:6e:2c
+			be:cb:f8:99:d7:fb:2b:c6:bb:39:f5:47:c6:55:e5:84
+			7b
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Subject Key Identifier (not critical):
+			753ab7fc73642914496111fdce90cbf63d1c8a13
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		a3:42:6f:c5:b0:1a:5d:5e:ef:91:17:c0:64:0c:84:c3
+		53:33:23:e1:6f:83:21:0e:7f:0c:25:08:fa:0c:83:55
+		d5:58:bc:cf:59:2a:d3:23:fa:f0:31:f8:3b:6a:3a:55
+		32:8b:38:a3:f2:1d:ee:be:ad:bd:d6:d7:26:c0:fc:d5
+		33:cf:3a:f1:3a:57:43:d9:a2:1f:39:c5:2c:07:00:65
+		7f:e5:08:53:bf:42:8f:dd:c2:69:39:c3:e6:92:49:bb
+		63:ce:99:58:38:13:5b:15:c2:bd:27:ea:fd:7b:0e:30
+		e7:37:c6:47:ce:03:e7:5a:19:2a:90:a8:93:89:e9:9d
+Other Information:
+	Fingerprint:
+		sha1:3cd23994f8e12b98462899fd30d6750f153dba7f
+		sha256:9442533a526ab64a4fb32b87898fae2d6dd7e85730926a58ff5f5cb9fd810b0e
+	Public Key ID:
+		sha1:753ab7fc73642914496111fdce90cbf63d1c8a13
+		sha256:0ffb94e70ee41e39af7547fb6eeead068e23a97e2d188521c471b75d772ff51b
+	Public Key PIN:
+		pin-sha256:D/uU5w7kHjmvdUf7bu6tBo4jqX4tGIUhxHG3XXcv9Rs=
+
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAligAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpDE2MA4GA1UEAxMHdW5r
+bm93bjARBgNVBAMTCm11bHRpLXRlc3QwEQYDVQQDEwptdWx0aS10ZXN0MRQwEgYK
+CZImiZPyLGQBARMEdXNlcjESMBAGA1UECxMJYXJiaXRyYXJ5MTMwCwYDVQQKEwRj
+b3JwMA8GA1UEChMIYmlnIGNvcnAwEwYDVQQKEwxhbm90aGVyIGNvcnAxCzAJBgNV
+BAYTAkNaMB4XDTE2MTAzMTE1NTM1MloXDTE3MTAzMTE1NTM1MlowgaQxNjAOBgNV
+BAMTB3Vua25vd24wEQYDVQQDEwptdWx0aS10ZXN0MBEGA1UEAxMKbXVsdGktdGVz
+dDEUMBIGCgmSJomT8ixkAQETBHVzZXIxEjAQBgNVBAsTCWFyYml0cmFyeTEzMAsG
+A1UEChMEY29ycDAPBgNVBAoTCGJpZyBjb3JwMBMGA1UEChMMYW5vdGhlciBjb3Jw
+MQswCQYDVQQGEwJDWjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwA/NOjT7
+WM/mKq+tUh/Ps4fk1N73K58TJVzBPlv3RY3Q/7W5lXN68GXandyNF9DEVmRdUxzR
+bSluY7x5zpB2+DPOUT7vy/2tf5LbrpNsT5N/A4BJ+TRMEk/5A2i7aeeh7mU68lL0
+e3Q31wS6eW4svsv4mdf7K8a7OfVHxlXlhHsCAwEAAaMvMC0wDAYDVR0TAQH/BAIw
+ADAdBgNVHQ4EFgQUdTq3/HNkKRRJYRH9zpDL9j0cihMwDQYJKoZIhvcNAQELBQAD
+gYEAo0JvxbAaXV7vkRfAZAyEw1MzI+FvgyEOfwwlCPoMg1XVWLzPWSrTI/rwMfg7
+ajpVMos4o/Id7r6tvdbXJsD81TPPOvE6V0PZoh85xSwHAGV/5QhTv0KP3cJpOcPm
+kkm7Y86ZWDgTWxXCvSfq/XsOMOc3xkfOA+daGSqQqJOJ6Z0=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/name-constraints-ip.pem b/tests/cert-tests/data/name-constraints-ip.pem
new file mode 100644
index 0000000..0201035
--- /dev/null
+++ b/tests/cert-tests/data/name-constraints-ip.pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAnCgAwIBAgIQOsmz/d7cf+WhNKylxDbm1zANBgkqhkiG9w0BAQUFADBj
+MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRkwFwYDVQQDDBBG
+b28gQmFyIFN1YiBDQSAxMSIwIAYDVQQLDBlQdWJsaWMgS2V5IEluZnJhc3RydWN0
+dXJlMB4XDTE1MDYzMDEyMzUzMVoXDTE2MDYyOTEyMzUzMVowPjELMAkGA1UEBhMC
+VVMxFTATBgNVBAoMDEZvbyBCYXIgSW5jLjEYMBYGA1UEAwwPYmF6ei5mb29iYXIu
+Y29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANr+wWT56hU7b5ftwyXueAA8FSEi
+Fk9jkWuPciwZvpyGbJ2+TpVKrDB6ba2BKU86V1HZ/p6kuo8j0zpYKlNRZj0CAwEA
+AaOCASMwggEfMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL4ylKjM+AApHAF8Gfys
+rJygnvK9MD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL2NhMS5w
+a2kuZm9vYmFyLmNvbS9jYTEuY3J0MB8GA1UdIwQYMBaAFPncgjKS65+7jLsJYWtU
++W7ykYN4MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYTEucGtpLmZvb2Jhci5j
+b20vY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
+CCsGAQUFBwMBMC0GA1UdEQQmMCSCEXVwZGF0ZS5mb29iYXIuY29tgg9teC5mb29i
+YXIuZW1haWwwDQYJKoZIhvcNAQEFBQADQQBdSaiErl6zvgmWqjHKhHhfEkpFgkan
+k5iydgbkmq0bJmjGZNuWgWeVwmj78ZUseCJ2Y99Wa6kd16tpeaxNV72I
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPTCCAeegAwIBAgIQVoZzMQsSdNz+dz6vSFdYNTANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9G
+b28gQmFyIFJvb3QgQ0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1
+cmUwHhcNMTUwNjMwMTIzMDU0WhcNMjUwNjI3MTIzMDU0WjBiMQswCQYDVQQGEwJV
+UzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9Gb28gQmFyIFJvb3Qg
+Q0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUwXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEAvLHbrZg3Td1Jn3OjQJrIK55w4s94oR4jsJ+J9L+axDM1
+zHe2Uz43mzkB3x3sBqtQfEcYjHIDglDoV49N4qQZ+wIDAQABo3kwdzAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzDdTJbyDAsAqhkaC
+YKCAf305/uMwNQYDVR0eBC4wLKAqMCikJjAkMQswCQYDVQQGEwJVUzEVMBMGA1UE
+CgwMRm9vIEJhciBJbmMuMA0GCSqGSIb3DQEBBQUAA0EAQhDKO09nYdp782z3M/4Q
+2M4iXaLJlJ86h1kDzawl9n+y8cvrSEH4lx+5kBizXSzCorTtu53EAI/0HuJ0Q4I1
+9A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDcTCCAxugAwIBAgIQVoZzMQsSdNz+dz6vSFdYNjANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9G
+b28gQmFyIFJvb3QgQ0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1
+cmUwHhcNMTUwNjMwMTIzMTEyWhcNMjUwNjI3MTIzMTEyWjBjMQswCQYDVQQGEwJV
+UzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRkwFwYDVQQDDBBGb28gQmFyIFN1YiBD
+QSAxMSIwIAYDVQQLDBlQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJlMFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBALrV5pk76M4Pc72m1N1xmlTXN3BD0hTV+AgO106NWx6e
+t07sCG1OgJ7pfjF+/nLenOcH3rYOkPzGRAUmvPgc3ocCAwEAAaOCAaowggGmMBIG
+A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFPncgjKS65+7jLsJYWtU+W7ykYN4
+MD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3BraS5mb29iYXIu
+Y29tL3Jvb3QtY2EuY3J0MB8GA1UdIwQYMBaAFMw3UyW8gwLAKoZGgmCggH99Of7j
+MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9wa2kuZm9vYmFyLmNvbS9yb290LWNh
+LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF
+BwMBMIGtBgNVHR4EgaUwgaKgSDAMggpmb29iYXIuY29tMA6CDGZvb2Jhci5lbWFp
+bDAopCYwJDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDEZvbyBCYXIgSW5jLqFWMBCC
+Dnd3dy5mb29iYXIuY29tMBKCEHd3dy5mb29iYXIuZW1haWwwCocIAAAAAAAAAAAw
+IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEF
+BQADQQABhwF9me3nTbl8WwZnTrrjv8jK6Axqow6L2c506lASXVgOvsX/rM7aA8s5
+aynkhFxFYr3O/tRqwU1M9OMUwZ1h
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/name-constraints-ip2.pem b/tests/cert-tests/data/name-constraints-ip2.pem
new file mode 100644
index 0000000..f9a4e56
--- /dev/null
+++ b/tests/cert-tests/data/name-constraints-ip2.pem
@@ -0,0 +1,90 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 00ab812be4100cc51f
+	Issuer: O=Default Company Ltd,L=Default City,C=CZ
+	Validity:
+		Not Before: Tue Mar 29 13:27:19 UTC 2016
+		Not After: Fri Mar 27 13:27:19 UTC 2026
+	Subject: O=Default Company Ltd,L=Default City,C=CZ
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Medium (2048 bits)
+		Modulus (bits 2048):
+			00:bd:f5:71:49:57:0e:17:96:4d:2c:12:b5:bb:72:58
+			18:13:98:79:09:4d:e4:71:cb:da:a5:19:6d:75:ee:b4
+			d7:2d:cb:a5:6b:4c:3b:d8:59:7c:fe:41:7d:07:bb:b7
+			83:6e:5f:05:ca:fb:b8:24:d8:f1:c0:21:d7:04:29:ca
+			99:90:67:2a:5b:21:00:c3:c4:dd:4f:a7:c6:5e:6c:b5
+			c3:9b:a4:b0:3c:fc:4f:0e:ae:fc:9f:70:81:a8:f6:f1
+			f3:b8:d9:db:2d:88:b4:86:2d:26:d8:65:85:e9:86:ed
+			be:a8:12:5b:bb:8d:38:7f:05:82:71:b5:37:8c:46:e3
+			26:09:4d:db:ec:23:cb:63:e4:f3:a8:5c:50:a2:f8:6a
+			4b:b8:ff:8b:11:68:28:9c:a7:2b:6e:08:0f:22:29:66
+			47:a8:ac:2d:10:60:53:da:e0:bf:e5:71:10:88:c8:b0
+			bb:5d:32:bd:3c:77:50:7a:e3:83:7c:69:58:af:b5:05
+			49:61:e2:78:6f:88:fb:7a:e1:10:f3:c4:1e:da:17:12
+			85:bf:4c:53:4d:10:cd:b4:36:c3:7f:2e:ff:58:ef:6a
+			19:68:1e:ad:77:80:e5:1e:d8:06:41:d3:2f:dd:6d:54
+			c2:13:77:1b:dc:d9:2a:bb:37:c7:06:9d:ac:76:76:12
+			63
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (not critical):
+			Certificate Authority (CA): TRUE
+		Name Constraints (not critical):
+			Permitted:
+				IPAddress: 192.168.0.0/16
+				IPAddress: 193.92.150.0/24
+				IPAddress: fc7b:9a2a:3f0f:fec2::/64
+				IPAddress: fca7:ac56:cffc:c34b:529:c15::/96
+				IPAddress: fd2a:9d37:63de:cf00:66b3:63b9:74e6:0/112
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		6c:ba:1d:b6:8d:46:ef:e1:57:b1:db:99:05:f2:48:ea
+		0c:d5:73:2f:e3:5a:c4:4c:19:3a:be:89:fe:75:b5:aa
+		42:92:0c:a0:96:bd:62:6f:c7:2e:fa:31:f4:9d:b5:7f
+		d4:ff:8c:27:64:3a:56:a5:b7:84:0e:fc:59:f7:01:fa
+		05:63:75:0d:31:e1:d6:8c:62:7e:6a:b5:0c:bb:ef:c9
+		b8:ea:46:2a:9d:fd:72:ad:58:d3:8e:eb:0a:f0:7e:54
+		4a:97:0a:51:2b:36:bb:21:65:fe:22:10:17:6f:c7:ea
+		7b:27:63:9b:54:32:56:a0:bf:36:ac:67:16:d1:19:ba
+		31:10:61:64:ac:bf:c7:8a:ad:45:a0:79:11:28:2b:98
+		47:05:c0:3b:60:91:6b:1c:27:e1:04:fb:e0:4e:6a:95
+		67:0a:f4:58:9e:bd:db:df:28:a6:59:10:36:32:09:29
+		87:7e:29:b1:f3:9e:f7:ee:3c:4b:5a:f0:b6:06:98:e4
+		7f:9d:9d:e5:df:89:51:bd:cf:55:6c:b8:9e:30:c8:a2
+		00:3c:92:dc:ae:2c:6f:9f:1f:c5:6a:b2:90:9b:26:63
+		12:7f:10:02:39:ea:0f:e9:35:66:1c:bc:76:06:dc:6f
+		ea:7d:cb:38:06:3e:0e:d3:fe:9e:21:14:d5:56:23:98
+Other Information:
+	Fingerprint:
+		sha1:9d38c87dafe2a22e0a816bdad933261a1eb36843
+		sha256:fa9a75cd439042b406a229276ee2c313cc758f95a9f729549a44bb4bd897f863
+	Public Key ID:
+		sha1:6eb4659b8f1d564e7c09551636eb4c1f6db1c00b
+		sha256:feb180a57b0adeda7b9e29902b7cb0d9818eee8e53fdec881159cc2c73f575c7
+	Public Key PIN:
+		pin-sha256:/rGApXsK3tp7nimQK3yw2YGO7o5T/eyIEVnMLHP1dcc=
+
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIJAKuBK+QQDMUfMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
+BAYTAkNaMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
+Q29tcGFueSBMdGQwHhcNMTYwMzI5MTMyNzE5WhcNMjYwMzI3MTMyNzE5WjBCMQsw
+CQYDVQQGEwJDWjEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
+dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+vfVxSVcOF5ZNLBK1u3JYGBOYeQlN5HHL2qUZbXXutNcty6VrTDvYWXz+QX0Hu7eD
+bl8Fyvu4JNjxwCHXBCnKmZBnKlshAMPE3U+nxl5stcObpLA8/E8OrvyfcIGo9vHz
+uNnbLYi0hi0m2GWF6YbtvqgSW7uNOH8FgnG1N4xG4yYJTdvsI8tj5POoXFCi+GpL
+uP+LEWgonKcrbggPIilmR6isLRBgU9rgv+VxEIjIsLtdMr08d1B644N8aVivtQVJ
+YeJ4b4j7euEQ88Qe2hcShb9MU00QzbQ2w38u/1jvahloHq13gOUe2AZB0y/dbVTC
+E3cb3NkquzfHBp2sdnYSYwIDAQABo4GmMIGjMAwGA1UdEwQFMAMBAf8wgZIGA1Ud
+HgSBijCBh6CBhDAKhwjAqAAA//8AADAKhwjBXJYA////ADAihyD8e5oqPw/+wgAA
+AAAAAAAA//////////8AAAAAAAAAADAihyD8p6xWz/zDSwUpDBUAAAAA////////
+////////AAAAADAihyD9Kp03Y97PAGazY7l05gAA//////////////////8AADAN
+BgkqhkiG9w0BAQsFAAOCAQEAbLodto1G7+FXsduZBfJI6gzVcy/jWsRMGTq+if51
+tapCkgyglr1ib8cu+jH0nbV/1P+MJ2Q6VqW3hA78WfcB+gVjdQ0x4daMYn5qtQy7
+78m46kYqnf1yrVjTjusK8H5USpcKUSs2uyFl/iIQF2/H6nsnY5tUMlagvzasZxbR
+GboxEGFkrL/Hiq1FoHkRKCuYRwXAO2CRaxwn4QT74E5qlWcK9FievdvfKKZZEDYy
+CSmHfimx85737jxLWvC2Bpjkf52d5d+JUb3PVWy4njDIogA8ktyuLG+fH8VqspCb
+JmMSfxACOeoP6TVmHLx2Btxv6n3LOAY+DtP+niEU1VYjmA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/no-ca-or-pathlen.pem b/tests/cert-tests/data/no-ca-or-pathlen.pem
new file mode 100644
index 0000000..a9bf091
--- /dev/null
+++ b/tests/cert-tests/data/no-ca-or-pathlen.pem
@@ -0,0 +1,83 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 2e103703df46859d7a550da659618538
+	Issuer: CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated,OU=www.verisign.com/repository/RPA Incorp. By Ref.\,LIAB.LTD(c)98,OU=VeriSign Trust Network,O=VeriSign\, Inc.
+	Validity:
+		Not Before: Mon Jun 26 00:00:00 UTC 2000
+		Not After: Fri Aug 25 23:59:59 UTC 2000
+	Subject: EMAIL=simon@josefsson.org,CN=Simon Josefsson,OU=Digital ID Class 1 - Netscape,OU=Persona Not Validated,OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,OU=VeriSign Trust Network,O=VeriSign\, Inc.
+	Subject Public Key Algorithm: RSA
+		Modulus (bits 1024):
+			00:c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11
+			0b:c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7
+			7b:b0:be:f9:10:07:e9:7c:a6:c6:5a:51:33:24:97:7b
+			a3:e1:08:b4:52:b6:06:10:7d:65:df:6e:52:bd:81:3f
+			39:ad:b3:ad:17:13:88:22:e7:43:8c:39:b7:c2:c4:ba
+			4a:8b:54:15:49:55:a4:4d:cc:00:56:7b:c8:63:4e:37
+			de:fb:79:0f:45:dc:e9:5c:cd:70:f0:64:42:35:84:db
+			e6:59:a4:cb:4b:fe:0f:47:28:0c:35:11:a9:40:fc:ba
+			a5
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (not critical):
+			Certificate Authority (CA): FALSE
+		Certificate Policies (not critical):
+			2.16.840.1.113733.1.7.1.8
+				URI: https://www.verisign.com/rpa
+		Unknown extension 2.16.840.1.113730.1.1 (not critical):
+			ASCII: ....
+			Hexdump: 03020780
+		Unknown extension 2.16.840.1.113733.1.6.3 (not critical):
+			ASCII: .vd4652bd63f2047029298763c9d2f275069c7359bed1b059da75bc4bc9701747da5d5e4141beadb2bd2e88317af7bf5d5114997a3bf45f8f3ea450c
+			Hexdump: 167664343635326264363366323034373032393239383736336339643266323735303639633733353962656431623035396461373562633462633937303137343764613564356534313431626561646232626432653838333137616637626635643531313439393761336266343566386633656134353063
+		CRL Distribution points (not critical):
+			URI: http://crl.verisign.com/class1.crl
+	Signature Algorithm: RSA-MD5
+warning: signed using a broken signature algorithm that can be forged.
+	Signature:
+		09:38:2f:57:9e:91:a4:d2:42:d9:d7:44:c1:d8:17:14
+		49:00:69:9f:6b:e4:95:93:35:fd:96:76:ff:8b:bf:9e
+		dd:05:6b:82:b2:f3:af:0f:f8:a0:2f:8d:65:08:27:54
+		d4:8f:47:79:c9:be:d9:f9:ce:af:7f:2a:06:17:26:f3
+		b9:e6:74:ba:b9:35:3e:36:56:5d:41:9c:ce:68:fc:db
+		c5:31:42:09:32:37:e7:b7:2e:a4:c5:51:e5:fe:e5:45
+		59:0c:44:ca:ce:ad:77:24:52:b4:78:5f:cc:4f:15:a7
+		8f:20:81:56:65:08:50:37:75:bc:a2:11:82:72:48:76
+Other Information:
+	Fingerprint:
+		sha1:8f735c5ddefd723f59b6a3bb2ac0522470c0182f
+		sha256:fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f
+	Public Key ID:
+		sha1:1e09d707d4e3651b84dcb6c68a828d2affef7ec3
+		sha256:118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d
+	Public Key PIN:
+		pin-sha256:EY5y42VRUMiV7L0Zs2NBeftKh8eiWr78sR9dZmYdWk0=
+
+-----BEGIN CERTIFICATE-----
+MIIEhDCCA+2gAwIBAgIQLhA3A99GhZ16VQ2mWWGFODANBgkqhkiG9w0BAQQFADCB
+zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y
+eS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1Zl
+cmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEg
+Tm90IFZhbGlkYXRlZDAeFw0wMDA2MjYwMDAwMDBaFw0wMDA4MjUyMzU5NTlaMIIB
+CDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y
+eS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBl
+cnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAx
+IC0gTmV0c2NhcGUxGDAWBgNVBAMUD1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3
+DQEJARYTc2ltb25Aam9zZWZzc29uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAyQzOiv5xRpvKHeWQEqURC8YtxDPGGehgWU4/ZD3k93uwvvkQB+l8psZa
+UTMkl3uj4Qi0UrYGEH1l325SvYE/Oa2zrRcTiCLnQ4w5t8LEukqLVBVJVaRNzABW
+e8hjTjfe+3kPRdzpXM1w8GRCNYTb5lmky0v+D0coDDURqUD8uqUCAwEAAaOCASYw
+ggEiMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBCDAqMCgGCCsG
+AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBEGCWCGSAGG+EIB
+AQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2
+M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVkNWU0
+MTQxYmVhZGIyYmQyZTg4MzE3YWY3YmY1ZDUxMTQ5OTdhM2JmNDVmOGYzZWE0NTBj
+MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNz
+MS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACTgvV56RpNJC2ddEwdgXFEkAaZ9r5JWT
+Nf2Wdv+Lv57dBWuCsvOvD/igL41lCCdU1I9Hecm+2fnOr38qBhcm87nmdLq5NT42
+Vl1BnM5o/NvFMUIJMjfnty6kxVHl/uVFWQxEys6tdyRStHhfzE8Vp48ggVZlCFA3
+dbyiEYJySHY=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/no-salt.p12 b/tests/cert-tests/data/no-salt.p12
new file mode 100644
index 0000000..37d2eb9
--- /dev/null
+++ b/tests/cert-tests/data/no-salt.p12
diff --git a/tests/cert-tests/data/noclient.p12 b/tests/cert-tests/data/noclient.p12
new file mode 100644
index 0000000..80f3940
--- /dev/null
+++ b/tests/cert-tests/data/noclient.p12
diff --git a/tests/cert-tests/data/openpgp-invalid10.pub b/tests/cert-tests/data/openpgp-invalid10.pub
new file mode 100644
index 0000000..f1cd353
--- /dev/null
+++ b/tests/cert-tests/data/openpgp-invalid10.pub
diff --git a/tests/cert-tests/data/openpgp-invalid11.pub b/tests/cert-tests/data/openpgp-invalid11.pub
new file mode 100644
index 0000000..cfdd992
--- /dev/null
+++ b/tests/cert-tests/data/openpgp-invalid11.pub
diff --git a/tests/cert-tests/data/openpgp-invalid9.pub b/tests/cert-tests/data/openpgp-invalid9.pub
new file mode 100644
index 0000000..5fbab2a
--- /dev/null
+++ b/tests/cert-tests/data/openpgp-invalid9.pub
diff --git a/tests/cert-tests/data/openssl-3des.p8 b/tests/cert-tests/data/openssl-3des.p8
new file mode 100644
index 0000000..4fdca7f
--- /dev/null
+++ b/tests/cert-tests/data/openssl-3des.p8
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI74Maa7sl7SwCAggA
+MBQGCCqGSIb3DQMHBAiR/iOu5enQugSCAoAS8YqajT0ONExxCTJHFp0jnsGwC+mK
+jEJF5lJoGxKv3fXyrN3RRz57ka5R47dDF5cFy2qVY60xX6TxYzr4xsSrCpYyWtvM
+EGqWrfamAk6cy/yC7J6PENfR0VZCrRPZjmX9zquuu8Xy/ucFGV+vkuttKW9kBBT+
+XBPgPAXuR60b5ZEZ7XY8FfiILxMjKsm0dklb119vebvr4RjZ3sIt1iELnyjr22Hp
+/L7PLJ4yAzPJzvn3i8pIBMG8bWEisvbagWZlnMRX3y33uOJJu2UU0bCzBoQxHTSY
+C9KeToPfYDCFwiG5BKqj8+vLWSqH5jWBJf5h8ZJzEYifY0QJTuZDpEMVJ7qkaBLg
+7jJ3I2H3sr6S95bYz+azH9ypQYB4tQH9+RXoBvWOvcnSiW52iZBiBdA7N4X6AcNs
+l0IVPSA2dif29wAMWfOAOsgHSKmaWKeOhQsqZlYd0pcSMfFL35EZoSeheBQgly6L
++usuT/3PkhXr06G5fUKxi8nuM1qTnO52TJpX+XPduJ/Shc9tGZsI/YuXzjqAbXID
+iRDuh5YJ2dfIbOqAz1UglsBsOoTcahjwlkcf3clniS0iTq4VcMmrxv0hGrE+EKsb
+/i8SmNZxL6TbYxwzl8Xd3O/7CvzZhjtVWJcgK8cBecEXaRwwAUKPQHAC6K6Q9lmm
+5woEQ+QWvwEn5JbKXkLoQpcjrFcdC9MrIedvvwrGdm6FmW2D0UXQkWxQrE9pQDtA
+24V5gSI4yBqyVSNU4HS5Vva5bAjnyoxSGM6flqFFx+cInrC1YB6Xhp6hsi7gwlKP
+jhPSj6dYTgkCdS83ulNeQeuM5HE9mcEoeNtA8EK3J6s4KkGyA+4Gw0Jm
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/openssl-3des.p8.txt b/tests/cert-tests/data/openssl-3des.p8.txt
new file mode 100644
index 0000000..b2f20fa
--- /dev/null
+++ b/tests/cert-tests/data/openssl-3des.p8.txt
@@ -0,0 +1,7 @@
+PKCS #8 information:
+	Cipher: 3DES-CBC
+	Schema: PBES2-3DES-CBC (1.2.840.113549.3.7)
+	Salt: ef831a6bbb25ed2c
+	Salt size: 8
+	Iteration count: 2048
+
diff --git a/tests/cert-tests/data/openssl-aes128.p8 b/tests/cert-tests/data/openssl-aes128.p8
new file mode 100644
index 0000000..b138daa
--- /dev/null
+++ b/tests/cert-tests/data/openssl-aes128.p8
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIL+FZy8sFCGcCAggA
+MB0GCWCGSAFlAwQBAgQQNC7dlN7aA9H4Y+Prjc39dQSCAoCR4ka+Lp4AT9To4wlz
+4YEVcyRvhunU/kPLIxknIjDZv3FLBLNnEZA9cLH9yxYu8rGkwdFqyrurKo5s57YT
+cl7z8xnt/mZttn3muJXYyRs84qQEphbqQuKZZNVZitqawmE7A9UERsnFN1oxffQx
+v0hqwJc0qu8j1grTkY/HqvKSyR0aBwA9fGBS0imDnCyLVAjBSPBrENc4q61GwDu9
+jjJTu7kz3N7nHfnHjAiOvdmBcGKHiruPGiXAQROGmG2cT1N6cZdrYjYjZ6C0s993
+YXLcCBSkQraZPA5kYnOumHviDES/Bp5qG2LMkY8i6eirHbiSvA3G2w54AmwpeUEU
+0JRjtMCvbPw4cEshLCCKRhKXdjGDggCXZp1MJsVRU49aVc/j+WekQiLk6i23+dSR
+kiWqc8DR97IwPNMnDBvKvT3PBAspE+kZDXb5V+nozOyoiua298UwGkG/Xq2hbHqY
+8at6JG/vmf4OXN7XFUGFhHB/tToK1J31RZu9Woi9FC7n4u1pEfd4s5ciI+JheH6R
+cpyAxEnPx3SXoetGSXhbT/HhG4/JXq2EApamBLqdYmnFSFURGkzgEiENqAmOT9QV
+GlthuZOPGqVGPKXV02bmlBUSt3CoxM1zW0kUgjkKDiusF8Ycj8qdXiDPIEJ2N9mj
+X9zsneio14Qq+Rwq6slfqUci2aV9jjA9Nrm2V1J2cof0Jit1xedGbuqtRNup9nYF
+oGPvzubfl2KQ3jvSAqrvS5lj0FJErcey/3w+t7NBzn0aN/QDZUxnw9w+8QbZHxcC
+RGLmjrVPSunpuinB3nPOAey/6HxQ2ugZZuHX7EkgzUbIsG/ILuinCqZBPHRtIeHh
+Id06
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/openssl-aes128.p8.txt b/tests/cert-tests/data/openssl-aes128.p8.txt
new file mode 100644
index 0000000..a7fa89c
--- /dev/null
+++ b/tests/cert-tests/data/openssl-aes128.p8.txt
@@ -0,0 +1,7 @@
+PKCS #8 information:
+	Cipher: AES-128-CBC
+	Schema: PBES2-AES128-CBC (2.16.840.1.101.3.4.1.2)
+	Salt: 2fe159cbcb050867
+	Salt size: 8
+	Iteration count: 2048
+
diff --git a/tests/cert-tests/data/openssl-aes256.p8 b/tests/cert-tests/data/openssl-aes256.p8
new file mode 100644
index 0000000..7365395
--- /dev/null
+++ b/tests/cert-tests/data/openssl-aes256.p8
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIiup1leqIYL0CAggA
+MB0GCWCGSAFlAwQBKgQQ7B20TiMFCbS9lAIOWDrz7gSCAoAxOlP1fSvar8ZuFlRG
+wuub8W9tOkTqUf79r2f2CR72N3o63yIxt1bjxBzF+w0hjLK+4O/Ph09NR9ml2cPo
+1AOXNfEzBDx0SYg04XTS9r96o+nQOZmMPbk1xBHmp3UU3FoAYdrBPSEOh73gN0IJ
+X72YVhNPGCZa7Aw9ngMZ4p8fMSeOghviOOUoUefr5k18ySHRzhJT947CFziF3qro
+w/O+Ze0DG6fbEQawb+5Knlk2fMxO8YldsO7cux0/fFOJ05snj4RCqI3ffPAUSE+A
+lx1aVRQDHzuZtaR1uMpIxrwoj2feu0X19TLXFQwRJcR7vQ5/2sWc1KaHOdlinfrC
+AIMWunqgS7O2Va4etY7NqqSzh28FeNAle4KGW2a4HEWgEhh2ASe/8eFTgl0MzWu4
+9bWL6SuL5TpaGJsxszp0ua6hazU33V3VSvYl1B4NNTQMB3G9dkASfocW3E6bu0Eh
+nXvw1utWZsnA3pxmsOwhipwP3yIwfyCuVcpkq15XNDDKOy3SvGNsurZW5xaj1cUs
+tqFtxjpKFcgniP16DV9st2HeeqpjOPTSUFgYAtJ+mORn+h1JgW7bh5AMr5h6Ol/7
+ewxUDHXH7uwMeESPE2TJa478Ayq0eSmcJKgVfzy2u1d2cNSaDGlj4B74HBaAc4j+
+MJ0ELepFKrbalIvicQNt+O1E0D9GoJVVMAnKzAFZd1s6tX5rZLOWeMIfHKeYjzQ/
+zIsKimsejvwgxfNe7IhsAjHQs9FaJ6Hq7FcMaV+vFaIcCt1SAdLJYA49qkYhE1Qf
+z2J64iP5TY5MJqbQ3X0fd5/cgRvoy8x2B58rDAF6F/5JTue+5vREd9qGjwA4KliR
++pQQ
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/openssl-aes256.p8.txt b/tests/cert-tests/data/openssl-aes256.p8.txt
new file mode 100644
index 0000000..5a1d380
--- /dev/null
+++ b/tests/cert-tests/data/openssl-aes256.p8.txt
@@ -0,0 +1,7 @@
+PKCS #8 information:
+	Cipher: AES-256-CBC
+	Schema: PBES2-AES256-CBC (2.16.840.1.101.3.4.1.42)
+	Salt: 8aea7595ea8860bd
+	Salt size: 8
+	Iteration count: 2048
+
diff --git a/tests/cert-tests/data/openssl-invalid-time-format.pem b/tests/cert-tests/data/openssl-invalid-time-format.pem
new file mode 100644
index 0000000..7a55b47
--- /dev/null
+++ b/tests/cert-tests/data/openssl-invalid-time-format.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDyjCCArKgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DWlpb3JkYW5vdi5jb20xIjAgBgNVBAMTGW92aXJ0Lmlpb3JkYW5vdi5jb20uNzE5NzUwIhcRMTQw
+NjE2MjIxMTA1KzAwMDAXDTI0MDYxNDIyMTEwNVowSTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDWlp
+b3JkYW5vdi5jb20xIjAgBgNVBAMTGW92aXJ0Lmlpb3JkYW5vdi5jb20uNzE5NzUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1gS9aSehHWenPdIAayB8eovfVe3h9vqwlTzfOZaiJK56f
+P1shhwu/shML9g9xADBtJ2MyXhgY+V20mJ2oOivqotTeIcHc0vs5fJcBuwWXxFt8ISDkFXhnsX+9
+8MP1Fhc3PEIxlhMitFK7+7d6JxSd6lQsIgeruyf2A+aSLD02QUpNdnhxJ48FMncJUrFycTDZtnb2
+REJWgl1cRa8MMtiLKoMYdC+t3P9Am27vOpRmh0U6rB4qym1wYj9JbEES4mbS/u1JQgKv+AXgS1QD
+5ZFpTXPDeOs2QPJtrwD2nu5Sd2aCMAv8MHqeR8nfaixkpKC4JxF6fnR+Ynn4wzKOdpOhAgMBAAGj
+gbcwgbQwHQYDVR0OBBYEFEhIahZoIh8Wzfpi/nbPJ81SQwFkMHIGA1UdIwRrMGmAFEhIahZoIh8W
+zfpi/nbPJ81SQwFkoU2kSzBJMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNaWlvcmRhbm92LmNvbTEi
+MCAGA1UEAxMZb3ZpcnQuaWlvcmRhbm92LmNvbS43MTk3NYICEAAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAAYMFGll2Ib7wpitipon6S9C25A8fnx7
+wLXKY3fUBJmtpLxTjSZfPbhmNkCvwGbmjG78AFbl+dY1+PDmEK1w2DgNWw2I9WcY4ULJoINo3YZv
+p2s53iYW3U+Syz+WLrIW0om5bM1Y0fw8KbuAuWsJzJfbd1hMGeMV6axKx7FbECuN0a02sCo2kIxk
+ckg/aGgshQ4EkqP79j7O25WaZdcBZDpYsqSDvcG6Oy4qM3dde/EBZiflPu4mvIwL15ilGXfO/zPk
+p49fcKm5YE8LC9PvsS+NSnD9avxRQq8bY4an2FUxoh5mSh+UY2rpd9yX7WCBtZ9TwHkkaeNehgRz
+7crbZrA=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/openssl-key-ecc.p8 b/tests/cert-tests/data/openssl-key-ecc.p8
new file mode 100644
index 0000000..4fc966f
--- /dev/null
+++ b/tests/cert-tests/data/openssl-key-ecc.p8
@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBVy6SYAmhmSrS0E/0
+xhNiUAEFOz9dtEv0PTzP6H5aGBBBGOFi6304ubHZC95yWW/yXPPG9P81DLZFRePd
+JPNM3T+hgYkDgYYABAG3MNeg0jYQ0CNREIKTMo8v1AICBp25hpMK9UTFnUD6frEo
+jSfm1WR+ItaEDmP9pGOmIqOuSlBIIKGnMFj4Ye5MDACHdTwTV0K7uJ/Ls4j+yNKX
+8ATcC2dvM7+ihkHf/uZxP7N18bDVcfmJAJzZvu6/XiRI09XhXxd0fQ9RTh2IZeKz
+EQ==
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/openssl-keyid.p7b b/tests/cert-tests/data/openssl-keyid.p7b
new file mode 100644
index 0000000..8561475
--- /dev/null
+++ b/tests/cert-tests/data/openssl-keyid.p7b
diff --git a/tests/cert-tests/data/openssl-keyid.p7b.out b/tests/cert-tests/data/openssl-keyid.p7b.out
new file mode 100644
index 0000000..de622ea
--- /dev/null
+++ b/tests/cert-tests/data/openssl-keyid.p7b.out
@@ -0,0 +1,103 @@
+Signers:
+	Signer's issuer key ID: 7607584ceab529f52d80068c834a820d09ec93de
+	Signature Algorithm: RSA-SHA256
+	Signed Attributes:
+		smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+		messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
+		signingTime: 170d3136313132343135353132375a
+		contentType: 06092a864886f70d010701
+
+Number of certificates: 2
+
+-----BEGIN CERTIFICATE-----
+MIICpjCCAV6gAwIBAgIIU2YrORG+GMswDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNDA1MDQxMTU3NDZaGA85OTk5MTIzMTIz
+NTk1OVowFDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAETFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgz
+vRfi/kOLSJlgJFectyVucUo/A2TcsaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1Ud
+EQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E
+BQMDB4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAW
+gBRNVrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAY82vpv/M
+eEflAONp+MUZR6DXCpWVXMeIHAoqlxx+wA69Pf+avBcO2bgw3oRfE6ejxKM/AU9I
+u4rSWU8Xa5nX1yb3+/urj3lFHGxG00qzOXDiQBICYMrpbtsTyCRGOKtKvM7/PC2Z
+3FP1wi1COqi2PU0cHX3zOInA3suQAFpauKU8dtcdYOkSMSuM06Cga2cX6K1Qh8ok
+dP1O7SEQwXBZfiudiw7LA+zldcgetKofgZMbjXevloO9A+xoTeUafjJ4hQ00vGDi
+3C9DQh3lZtJFqoaEQbMxqcgvpnnGort+CIRDFLy5MMqkRlH6QPQJrAPgvM4ss7RV
+xyBP6KzElYFrSxwCErekGmlp8X2XVbRTQJUQOiPpQ9Nitwev4PaBR5NVHuEKZKpi
+HYvq+scVoI+I4A==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
+bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x
+LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC
+AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D
+hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh
+ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq
+58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB
+VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03
+U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L
+xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC
+AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT
+BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2
+B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
+AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH
+gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3
+LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE
+/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD
+5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h
+h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc
+w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==
+-----END CERTIFICATE-----
+
+-----BEGIN PKCS7-----
+MIIJDwYJKoZIhvcNAQcCoIIJADCCCPwCAQMxDTALBglghkgBZQMEAgEwKgYJKoZI
+hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBmIwggKmMIIB
+XqADAgECAghTZis5Eb4YyzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAiGA8yMDE0MDUwNDExNTc0NloYDzk5OTkxMjMxMjM1OTU5WjAU
+MRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARM
+VEawgjAvCBa3nyP/z7oFDYttGFisRrnQnqtydvfICzvXb23El/sNiDO9F+L+Q4tI
+mWAkV5y3JW5xSj8DZNyxo4GNMIGKMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
+bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAw
+HQYDVR0OBBYEFL72AMYka2DqtfgTyaXV4Mkp1dczMB8GA1UdIwQYMBaAFE1Wt2oA
+WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQBjza+m/8x4R+UA42n4
+xRlHoNcKlZVcx4gcCiqXHH7ADr09/5q8Fw7ZuDDehF8Tp6PEoz8BT0i7itJZTxdr
+mdfXJvf7+6uPeUUcbEbTSrM5cOJAEgJgyulu2xPIJEY4q0q8zv88LZncU/XCLUI6
+qLY9TRwdffM4icDey5AAWlq4pTx21x1g6RIxK4zToKBrZxforVCHyiR0/U7tIRDB
+cFl+K52LDssD7OV1yB60qh+BkxuNd6+Wg70D7GhN5Rp+MniFDTS8YOLcL0NCHeVm
+0kWqhoRBszGpyC+mecaiu34IhEMUvLkwyqRGUfpA9AmsA+C8ziyztFXHIE/orMSV
+gWtLHAISt6QaaWnxfZdVtFNAlRA6I+lD02K3B6/g9oFHk1Ue4QpkqmIdi+r6xxWg
+j4jgMIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQD
+Ew5HbnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBa
+MC8xLTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRl
+KTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTY
+vO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1
+F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJs
+HDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVi
+m5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZ
+BZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7euj
+bZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5
+qnUCAwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9z
+dDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW
+BBR2B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVV
+G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUM
+Y8nHgMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB
+90R3LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSr
+GATE/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1I
+Z+ZD5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xx
+Jl1hh8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqIC
+FpRcw075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXjGCAlQw
+ggJQAgEDgBR2B1hM6rUp9S2ABoyDSoINCeyT3jALBglghkgBZQMEAgGggeQwGAYJ
+KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMTI0MTU1
+MTI3WjAvBgkqhkiG9w0BCQQxIgQgcovlH3tj3Pc/KLqA0nfOR/jPWnWgLU5ncOGb
+qlenZ6QweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEW
+MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
+hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE
+ggEwZipmEe80zsCiguPQfFwXZCge06TvncC/R8vkk6BV2crwrdVbvvw0XKtRs0Wx
+ixxQdBqz3urp1ZLt3ds9RCGrS0GVC+rMZH0gOkGAhvX1Y8tnfz3Bu9DbcHhkiz58
+El8eKmqpOUuxhy8MDHNULNKyqAfcnyvWpPPW/4HGgxvkvzfvUOYAPBxP61moey8E
+ILN/+3IWc4WpAGoZsX0gwyOwWRLM47a7XejUOFZbWrwwp1mFigHGx6VoSedigqX0
+J/Fx0sIJPddTyIeIpZRvk73qz2zK/fHPC7Fl1s4ZXA/yi2DxjSM1X4YA+3HZvAq4
+Ma+HEAPAEajgZVl5b2Lq8+brb2hIIszdcYTNqxqhFAgOjTIF5ulz5hILV0o8uEx8
+VZUL/6DDsLaSE8OVo0aHALHXzg==
+-----END PKCS7-----
diff --git a/tests/cert-tests/data/openssl.p12 b/tests/cert-tests/data/openssl.p12
new file mode 100644
index 0000000..b791588
--- /dev/null
+++ b/tests/cert-tests/data/openssl.p12
diff --git a/tests/cert-tests/data/openssl.p7b b/tests/cert-tests/data/openssl.p7b
new file mode 100644
index 0000000..9506d8b
--- /dev/null
+++ b/tests/cert-tests/data/openssl.p7b
diff --git a/tests/cert-tests/data/openssl.p7b.out b/tests/cert-tests/data/openssl.p7b.out
new file mode 100644
index 0000000..6d2e69d
--- /dev/null
+++ b/tests/cert-tests/data/openssl.p7b.out
@@ -0,0 +1,93 @@
+Signers:
+	Signer's issuer DN: CN=GnuTLS Test CA
+	Signer's serial: 5838027a15510d5a
+	Signature Algorithm: ECDSA-SHA256
+	Signed Attributes:
+		smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+		messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
+		signingTime: 170d3136313132353039333233305a
+		contentType: 06092a864886f70d010701
+
+Number of certificates: 2
+
+-----BEGIN CERTIFICATE-----
+MIICejCCATKgAwIBAgIIWDgCehVRDVowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI1MDkyMDU5WhgPOTk5OTEyMzEyMzU5
+NTlaMBcxFTATBgNVBAMTDFNpZ25pbmcgY2VydDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABExURrCCMC8IFrefI//PugUNi20YWKxGudCeq3J298gLO9dvbcSX+w2I
+M70X4v5Di0iZYCRXnLclbnFKPwNk3LGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0P
+AQH/BAUDAweAADAdBgNVHQ4EFgQUvvYAxiRrYOq1+BPJpdXgySnV1zMwHwYDVR0j
+BBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAGRN
+PybhFeWRXUFteKH3pUpCIS/qWQHIcmHiSIw4S8Nh26pEleH5Ni99wf/DvYheONy4
+044YdIlDLFyXD5Ny469aEPkQm4VmgM+o7mG2dwg4om8KRTFL8G6JmVmT48s/1lD8
+sWzvz8gAegyPDh+CaPbO9XaLrFVhDdpO/IORPeMtvkVQY/Z1tVO3JgXvkAdrdJkK
+uF8LFcVwHvjZIVoNdkk5J+VrKP0nWcmlEkLsL+OHUmf2drQneJ2fPsdjGGn9Vj0d
+9l/mn/9dtEEMGasPJhj4y7oVJ7CC8Qu4ksFng5dW6x5bmVZpn15ruzJc21SkEWPU
+D4N6LsdWC2+w4k2o3fV3b+FlHvswlAsgU0eMq9WHnVbSdWSsEUgGk8E8nhTLdQ82
+DUgMweNWlGd7k/VI06w=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
+
+-----BEGIN PKCS7-----
+MIIHogYJKoZIhvcNAQcCoIIHkzCCB48CAQExDTALBglghkgBZQMEAgEwKgYJKoZI
+hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBdIwggJ6MIIB
+MqADAgECAghYOAJ6FVENWjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAgFw0xNjExMjUwOTIwNTlaGA85OTk5MTIzMTIzNTk1OVowFzEV
+MBMGA1UEAxMMU2lnbmluZyBjZXJ0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+TFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgzvRfi/kOL
+SJlgJFectyVucUo/A2TcsaNhMF8wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMD
+B4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAWgBRN
+VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAZE0/JuEV5ZFd
+QW14ofelSkIhL+pZAchyYeJIjDhLw2HbqkSV4fk2L33B/8O9iF443LjTjhh0iUMs
+XJcPk3Ljr1oQ+RCbhWaAz6juYbZ3CDiibwpFMUvwbomZWZPjyz/WUPyxbO/PyAB6
+DI8OH4Jo9s71dousVWEN2k78g5E94y2+RVBj9nW1U7cmBe+QB2t0mQq4XwsVxXAe
++NkhWg12STkn5Wso/SdZyaUSQuwv44dSZ/Z2tCd4nZ8+x2MYaf1WPR32X+af/120
+QQwZqw8mGPjLuhUnsILxC7iSwWeDl1brHluZVmmfXmu7MlzbVKQRY9QPg3oux1YL
+b7DiTajd9Xdv4WUe+zCUCyBTR4yr1YedVtJ1ZKwRSAaTwTyeFMt1DzYNSAzB41aU
+Z3uT9UjTrDCCA1AwggIIoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwHhcNMTEwNTI4MDgzNjMwWhcNMzgxMDEyMDgzNjMz
+WjAZMRcwFQYDVQQDEw5HbnVUTFMgVGVzdCBDQTCCAVIwDQYJKoZIhvcNAQEBBQAD
+ggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQWk9x3GuuUhKA8IdC
+oj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPeb+E0HQuDizIhOeni
+BqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxRrPEs318Ot/jCOhau
+ojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQfdTPf5ceYBR+ZPf4
+j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB4oFzBGQthXs5cCB2
+mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQPUQo3jt21CKGGiHVU
+1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaNDMEEwDwYDVR0TAQH/
+BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRNVrdqAFjxZ5L0pnVV
+G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAHrDoIxhYtczmKQPzd4JFFUXARw8Z
+je4NsjnKh1X4RXPnuM4TnoUddVgrdkYMzZZ2FZlecwZkAXUwLfD6PzFYSwg1tQVC
+x5S7y9AxXOLAdUZXBnkHAikGuG/kPVVn+H+k37hFmUAuY+bLYl41YDqqzjK8ymdn
+ilgOCbC/bFfuwDUmRPoTrdV9ZgPJqMqnveVNhHIofpxSUlkgXdVhYhM1Z17+BVVj
+12x/RxEQylW2rI6H1lpkDtWJUD4rIS4JtSG8KjpDpOLA4KC7lGeBoD9Aw3jehJkQ
+zswcq7/vbn+OQZfSEH+CCTTy1PZRKo8jDsnak+pAYu341eSArkGeBHlSbDhrl+z6
+jcqA8yRy733q0XzS6+nkEh0sQYUtHFcg42+YAmsCuru8U1Pm+8YpBInvZDGCAXcw
+ggFzAgEBMCUwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0ECCFg4AnoVUQ1aMAsG
+CWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
+DQEJBTEPFw0xNjExMjUwOTMyMzBaMC8GCSqGSIb3DQEJBDEiBCByi+Ufe2Pc9z8o
+uoDSd85H+M9adaAtTmdw4ZuqV6dnpDB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFl
+AwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqG
+SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB
+KDAKBggqhkjOPQQDAgRHMEUCIHwo+5MOxoznE73+I4XdD1Nm/3yJ9RRapS1ie5b2
+moBYAiEAt1jLVaEosn+jdpoWY49YdlqBN+ot/nvj1eq0bJyO2uk=
+-----END PKCS7-----
diff --git a/tests/cert-tests/data/p7-combined.out b/tests/cert-tests/data/p7-combined.out
new file mode 100644
index 0000000..0b1fcad
--- /dev/null
+++ b/tests/cert-tests/data/p7-combined.out
@@ -0,0 +1,82 @@
+-----BEGIN PKCS7-----
+MIIO0gYJKoZIhvcNAQcCoIIOwzCCDr8CAQExADALBgkqhkiG9w0BBwWggg6nMIIB
++jCCAaGgAwIBAgIETd4LiTAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwHhcNMTEwNTI2MDgxMjU4WhcNMTIxMjI0MTkxNjI5WjAhMQsw
+CQYDVQQGEwJCRTESMBAGA1UEAxMJbG9jYWxob3N0ME4wEAYHKoZIzj0CAQYFK4EE
+ACEDOgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpGEjz2
+W69GUXtw8vMbZmULNjyjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUm+S0YAc8Me/osocfUaYG
+4uYxpwkwHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZOKAMwCgYIKoZIzj0E
+AwIDRwAwRAIgTqvgggIh57TVhSKXRie+XDhndnCUeNTE7qx2VO5CgfACIAwAOLnO
+Yanr1sWQVKxSACU1wnNZ6UsuWSMr/uDlKJfZMIIC4DCCAoagAwIBAgIBBzAKBggq
+hkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQL
+ExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4x
+JTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwIhgPMjAxMjA5
+MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlowgbgxCzAJBgNVBAYTAkdSMRIwEAYD
+VQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQI
+EwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQET
+B2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZI
+hvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+PBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJxksH4xjM9BC7IwQ/AUAR7n8lItUD6
+b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNVHRMBAf8EAjAAMD0GA1UdEQQ2MDSC
+DHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IJbG9jYWxob3N0hwTA
+qAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0O
+BBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8GA1UdIwQYMBaAFPC0gf6YEr+1KLlk
+QAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUCICgq4CTInkRQ1DaFoI8wmu2KP844
+5NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4bA9XTz/2OnpgAZutUohNNb/tmREw
+ggL+MIICo6ADAgECAgEHMAoGCCqGSM49BAMCMH0xCzAJBgNVBAYTAkJFMQ8wDQYD
+VQQKEwZHbnVUTFMxJTAjBgNVBAsTHEdudVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3Jp
+dHkxDzANBgNVBAgTBkxldXZlbjElMCMGA1UEAxMcR251VExTIGNlcnRpZmljYXRl
+IGF1dGhvcml0eTAiGA8yMDEyMDkwMTA5MjIzMVoYDzIwMTkxMDA1MDkyMjMxWjCB
+uDELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xl
+ZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1
+cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYD
+VQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAQF0WntVb9rDAsepo5PqrOto7XZJhI+8he7/hHSgEDK
+BqaAfX/Se5b9ko1Bh+aI+2cuJyQ+lUZpEG+hMTICrznwWa5MIUTYp+3T8Sf4OmTq
+Z3rJ37sSqrO1y9jYbDjM83CjgbYwgbMwDAYDVR0TAQH/BAIwADA9BgNVHREENjA0
+ggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCCWxvY2FsaG9zdIcE
+wKgBATATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1Ud
+DgQWBBRHosKrcZuKKXhdGSBvqB1KyTBAhDAfBgNVHSMEGDAWgBTwtIH+mBK/tSi5
+ZEADy8wfZk4oAzAKBggqhkjOPQQDAgNJADBGAiEAvgWY0KCdQSeR8kDKw4sClVNs
+5hcfV2cnqPcUrExcz6MCIQC1xZZXvKq+KHPGm1R1YxyDWS5lqd/1Ue5aZQy5Rxw2
+eTCCAyQwggLJoAMCAQICAQcwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMCQkUxDzAN
+BgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRlIGF1dGhv
+cml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2VydGlmaWNh
+dGUgYXV0aG9yaXR5MCIYDzIwMTIwOTAxMDkyMjI0WhgPMjAxOTEwMDUwOTIyMjRa
+MIG4MQswCQYDVQQGEwJHUjESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEPMA0GA1UECBMGQXR0aWtpMRUwEwYDVQQDEwxDaW5keSBM
+YXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMQwwCgYDVQQMEwNEci4xDzAN
+BgNVBEETBmphY2thbDEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25lLm9yZzCBmzAQ
+BgcqhkjOPQIBBgUrgQQAIwOBhgAEAKGqQPWy0B0IiPFdpiM7PbKvNFUeBQQdEwTk
+sRqgThNxUsxwHo0JCCnP9aVtL9MCr2qWDKv0a34TycT5I0z7c7VLAJFP//RNP2qB
+FlQukan/lV98CIXu/kUvCV3QYfUjNPmfTAkVIjPCvajzLaTYAdpLO0+QRhR0jJTS
+pri1tWoFj8uQo4G2MIGzMAwGA1UdEwEB/wQCMAAwPQYDVR0RBDYwNIIMd3d3Lm5v
+bmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jngglsb2NhbGhvc3SHBMCoAQEwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU2oCj
+FpGMqkyZP0UY4PvoKs+sV+swHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZO
+KAMwCgYIKoZIzj0EAwIDSQAwRgIhAKI/2QffHBvxWgO1VVPkevk094nBfg3uta34
+pkeN1TJVAiEAl4xvYEadMfv/LwkS9P569Gt9kkT67ilQ6mx5zYlnIbIwggOXMIIC
+T6ADAgECAgRNp1QhMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAkJFMQ8wDQYD
+VQQKEwZHbnVUTFMxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMTA0MTQyMDA4MDJa
+Fw0zODA4MjkyMDA4MDRaMDIxCzAJBgNVBAYTAkJFMQ8wDQYDVQQKEwZHbnVUTFMx
+EjAQBgNVBAMTCWxvY2FsaG9zdDCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToC
+ggExAN3Pl9KlHZXdhhjYxLmtpgy0nbbc+twh4TpiNAfoM7Lol+4sQdIS8V/t5Hb/
+ZSYeDMdBFWlfDfmtiRSN6tcWUppHwbsAAuSIRXN4pK7bOMPGB9JkDoftdIxrxMAC
+UHxOptFY6eUTCanbWurrDwaAXAnvlMjp+zcudeGsk62bNxNLZjp2M9jE10z7YciS
+IQf836mIVOSjqUfSbLjjOYkRiDgtotw+XkqppI7VH7LQ3UE82hBonkcbZQKixShz
+AoMDCf31KX6X3CpOS6p5RkZwhhubuPaKvimHfV/apZdr78hDCUPiH4oWfh1QXfXa
+Au7ywypI5msw6gLX76yLDLjBhdi/fIWoHoO+XCYueXtH9Uo/ZmKS/UEgtiwA8FLK
+JgYtfM96UH0Py92XIMhv5OBQ9OMCAwEAAaNVMFMwDAYDVR0TAQH/BAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBSSU9Zx
+ufhoqrNT9o31OUVmnKflMTANBgkqhkiG9w0BAQsFAAOCATEAmL9IicHm5hUTzPy6
+7aCJ5YZFMHNosnkfiAKA+y3JuCFVjcW3VhvPw3bu0PDZIjpjksUEhnAeQjMqO8QU
+CMVCknN8PjnA7jTHMxZfk67PH5owCVH+LZScKK0qfuQUgUVrDdcRIfzbJxd0tMyU
+Gm6ee1ip4AaN2l9g4bhvKGi2WL7FrDZHN/aoOHQjgfMivmH/CAiH68KPKSV1XUzr
+1Qkoq3uZ+WkIosYC0i7N+vEZzj9EaqFLqFbVEa5E42gFUFeNcg/HIduPo1B4XVo5
+y5A9UkMzv+qJBxqSzIUnqD00uFtS7u8gubb/6sWQ00fFUZDi5j5SuR55GL794iS+
+RzJasANrqtvD2/ZgRAi2LBlHovBDf/AHl1er7KC4aknOCObDTfKk6bhD5/CE1xpy
+FF2CGjEA
+-----END PKCS7-----
diff --git a/tests/cert-tests/data/p8key-illegal.pem b/tests/cert-tests/data/p8key-illegal.pem
new file mode 100644
index 0000000..a247c3c
--- /dev/null
+++ b/tests/cert-tests/data/p8key-illegal.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEDMA4ECDxZ1/EW+8XWAgIUYASCAoBR6R3Z341vSRvs
+/LMErKcKkAQ3THTZBpmYgR2mrJUjJBivzOuRTCRpgtjuQ4ht2Q7KV943mJXsqAFI
+Jly5fuVQ5YmRGLW+LE5sv+AGwmsii/PvGfGa9al56tHLDSeXV2VH4fly45bQ7ipr
+PZBiEgBToF/jqDFWleH2GTCnSLpc4B2cKkMO2c5RYrCCGNRK/jr1xVUDVzeiXZwE
+dbdDaV2UG/Oeo7F48UmvuWgS9YSFSUJ4fKG1KLlAQMKtAQKX+B4oL6Jbeb1jwSCX
+Q1H9hHXHTXbPGaIncPugotZNArwwrhesTszFE4NFMbg3QNKL1fabJJFIcOYIktwL
+7HG3pSiU2rqUZgS59OMJgL4jJm1lipo8ruNIl/YCpZTombOAV2Wbvq/I0SbRRXbX
+12lco8bQO1dgSkhhe58Vrs+ChaNajtNi8SjLS+Pi1tYYAVQjcQdxCGh4q8aZUhDv
+5yRp/TUOMaZqkY6YzRAlERb9jzVeh97EsOURzLu8pQgVjcNDOUAZF67KSqlSGMh7
+PdqknM/j8KaWmVMAUn4+PuWohkyjd1/1QhCnEtFZ1lbIfWrKXV76U7zyy0OTvFKw
+qemHUbryOJu0dQHziWmdtJpS7abSuhoMnrByZD+jDfQoSX7BzmdmCQGinltITYY1
+3iChqWC7jY02CiKZqTcdwkImvmDtDYOBr0uQSgBa4eh7nYmmcpdY4I6V5qAdo30w
+oXNEMqM53Syx36Fp70/Vmy0KmK8+2T4UgxGVJEgTDsEhiwJtTXxdzgxc5npbTePa
+abhFyIXIpqoUYZ9GPU8UjNEuF//wPY6klBp6VP0ixO6RqQKzbwr85EXbzoceBrLo
+eng1/Czj
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pbes1-no-salt.p12 b/tests/cert-tests/data/pbes1-no-salt.p12
new file mode 100644
index 0000000..0124062
--- /dev/null
+++ b/tests/cert-tests/data/pbes1-no-salt.p12
diff --git a/tests/cert-tests/data/pkcs1-pad-broken.pem b/tests/cert-tests/data/pkcs1-pad-broken.pem
new file mode 100644
index 0000000..62cb076
--- /dev/null
+++ b/tests/cert-tests/data/pkcs1-pad-broken.pem
@@ -0,0 +1,118 @@
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FF
+Subject: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp
+Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Thu Sep  7 18:40:37 2006
+	Not After: Fri Sep  7 18:40:37 2007
+Subject Public Key Info:
+	Public Key Algorithm: RSA (1024 bits)
+modulus:
+	bd:2a:59:ea:28:3d:0e:97:8a:07:ad:21:ee:28:b5:
+	46:2b:4d:ba:f9:27:e0:83:4e:7c:45:e3:0a:33:d2:
+	17:09:88:6c:62:6a:9f:25:af:29:38:8c:2b:38:2e:
+	11:89:06:e8:26:40:6e:cc:78:e2:dd:e4:be:c5:43:
+	79:47:79:59:90:51:80:ca:1e:41:dd:6d:34:90:54:
+	e0:15:f1:38:0f:1b:57:37:70:b2:dc:da:3d:e7:ae:
+	7d:0b:59:0e:f2:9f:33:87:a3:f9:fa:3f:8f:d9:58:
+	1f:db:9d:0a:e8:35:86:e6:8d:c9:b7:02:b6:28:f3:
+	1a:89:e4:75:d5:f8:24:45:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints:
+		CA:FALSE
+	Subject Key ID: 
+		2B:40:D9:B5:DF:0A:D4:FD:A2:8F:D8:15:29:43:5C:1E:5C:7B:B8:22
+	Authority Key ID: 
+		DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8
+	2.16.840.1.113730.1.13: 
+		DER Data: 161d4f70656e53534c2047656e657261746564204365727469666963617465
+		ASCII: ..OpenSSL Generated Certificate
+
+Other information:
+	MD5 Fingerprint: D6:44:CE:F7:04:D3:24:3D:D5:14:54:AE:5D:88:C3:FA
+	SHA1 Fingerprint: FB:86:09:B7:E3:5C:D5:EF:D3:75:8B:84:82:A4:22:28:B5:16:72:2A
+	Public Key ID: 05:95:E0:8F:69:A2:59:92:3D:6B:2B:32:0C:88:C7:12:A1:09:16:8F
+
+
+-----BEGIN CERTIFICATE-----
+MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
+UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
+BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
+6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
+M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
+340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
+EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
+BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O
+Kw==
+-----END CERTIFICATE-----
+
+
+
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FE
+Subject: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
+Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Thu Sep  7 18:33:18 2006
+	Not After: Sat Oct  7 18:33:18 2006
+Subject Public Key Info:
+	Public Key Algorithm: RSA (1024 bits)
+modulus:
+	d9:7c:58:e4:3c:36:5e:a2:bc:56:aa:4e:ff:0c:a3:
+	36:77:ff:4d:6a:8d:bc:74:ce:93:e6:c6:f9:2f:8d:
+	61:0f:90:b5:91:75:7a:30:97:af:e4:02:c0:49:2c:
+	6d:23:a3:95:3a:66:4e:e2:07:ee:6e:7b:2f:72:3d:
+	0d:4d:93:b8:49:e1:75:c8:bd:6b:54:33:dd:c7:b8:
+	ee:40:8d:5c:6c:38:86:fc:4c:08:31:6d:bd:50:87:
+	63:f6:1d:39:d8:94:e6:11:ba:53:d1:1b:8f:ff:82:
+	56:98:05:ab:74:ee:54:13:8d:31:b9:ae:d2:cf:6f:
+	fa:f8:30:76:66:49:45:a1:
+public exponent:
+	03:
+
+X.509 Extensions:
+	Basic Constraints:
+		CA:TRUE
+	Subject Key ID: 
+		DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8
+	Authority Key ID: 
+		DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8
+
+Other information:
+	MD5 Fingerprint: CA:33:DC:62:CB:54:8E:59:DD:D2:E8:9D:F6:BA:90:5B
+	SHA1 Fingerprint: A4:E8:7D:0A:7D:D2:15:10:B0:AE:F7:24:58:F4:BE:AF:80:48:FE:AD
+	Public Key ID: E5:D1:FC:26:A8:4C:FC:15:59:AD:06:F1:46:D8:40:31:C0:49:4D:1F
+
+
+-----BEGIN CERTIFICATE-----
+MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
+UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
+MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
+dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
+VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
+z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
+tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
+aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
+y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
+uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs1-pad-broken2.pem b/tests/cert-tests/data/pkcs1-pad-broken2.pem
new file mode 100644
index 0000000..b13cdf5
--- /dev/null
+++ b/tests/cert-tests/data/pkcs1-pad-broken2.pem
@@ -0,0 +1,39 @@
+X.509 certificate info:
+
+Version: 1
+Serial Number (hex): 06
+Subject: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit)
+Issuer: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit)
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Tue Sep 12 01:58:55 2006
+	Not After: Thu Oct 12 01:58:55 2006
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	9f:b3:c3:84:27:95:ff:12:31:52:0f:15:ef:46:11:
+	c4:ad:80:e6:36:5b:0f:dd:80:d7:61:8d:e0:fc:72:
+	45:09:34:fe:55:66:45:43:4c:68:97:6a:fe:a8:a0:
+	a5:df:5f:78:ff:ee:d7:64:b8:3f:04:cb:6f:ff:2a:
+	fe:fe:b9:ed:
+public exponent:
+	01:00:01:
+
+Other information:
+	MD5 Fingerprint: B1:E2:B9:E7:00:7A:3D:29:B9:86:F8:EB:93:2D:B6:EF
+	SHA1 Fingerprint: 91:8F:41:F0:D0:E9:55:3B:AA:97:4B:93:BA:0D:B6:60:86:B9:5A:84
+	Public Key ID: 77:47:AD:43:02:5B:06:6E:B4:EF:29:DB:B2:AA:36:5D:01:7C:68:A1
+
+
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa
+Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
+YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
+IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
+hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
+12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU
+DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ
+e20sRA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs1-pad-broken3.pem b/tests/cert-tests/data/pkcs1-pad-broken3.pem
new file mode 100644
index 0000000..9c1d39d
--- /dev/null
+++ b/tests/cert-tests/data/pkcs1-pad-broken3.pem
@@ -0,0 +1,126 @@
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 17
+Subject: CN=Hacker
+Issuer: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Sat Aug 19 18:51:30 2006
+	Not After: Wed Oct 18 18:51:30 2006
+Subject Public Key Info:
+	Public Key Algorithm: RSA (1024 bits)
+modulus:
+	a4:ae:e8:28:56:b6:d0:6c:3a:96:81:ad:87:f8:3f:
+	3c:82:18:d7:ba:0e:e1:3b:ae:6a:b8:08:cb:24:77:
+	3f:2e:88:02:77:c1:57:7c:8c:6b:23:75:e6:38:63:
+	3a:17:49:5a:7e:f6:61:05:e9:7a:8d:83:20:df:f1:
+	46:f7:90:d8:0f:63:1b:c9:db:c9:60:41:5a:5d:e5:
+	17:46:59:71:e8:d7:82:d6:05:30:f5:9a:d1:64:0a:
+	20:21:56:50:13:b1:53:48:fe:d8:ef:da:db:fb:26:
+	9f:04:b3:29:5b:0c:77:bb:86:c9:40:d2:b9:ec:46:
+	bd:9c:4b:d6:ef:a4:cd:37:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints: (critical)
+		CA:TRUE
+
+Other information:
+	MD5 Fingerprint: 46:54:EC:0F:EF:70:BE:BE:22:57:90:BC:A1:FD:B8:AA
+	SHA1 Fingerprint: 73:FA:53:71:4A:F1:AB:C6:31:82:B5:4D:59:3C:BC:B6:36:87:0D:55
+	Public Key ID: 9E:A1:D8:56:93:79:0C:B3:E3:0B:D3:F4:A5:40:C8:7C:78:A8:49:82
+
+
+-----BEGIN CERTIFICATE-----
+MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw
+ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7
+rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg
+QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns
+Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
+BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW
+Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed
+ST8AUooI0ey599t84P20gGRuOYIjr7c=
+-----END CERTIFICATE-----
+
+
+
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00
+Subject: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority
+Issuer: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Tue Jun 29 19:39:16 2004
+	Not After: Thu Jun 29 19:39:16 2034
+Subject Public Key Info:
+	Public Key Algorithm: RSA (2048 bits)
+modulus:
+	b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:ce:
+	4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:c3:
+	a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:9e:
+	e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:f0:
+	c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:a7:
+	4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:4a:
+	99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:af:
+	b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:d4:
+	f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:b8:
+	b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:9b:
+	19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:b2:
+	5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:b3:
+	e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:b3:
+	bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:5e:
+	4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:23:
+	5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:0d:
+	1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:01:
+	ab:
+public exponent:
+	03:
+
+X.509 Extensions:
+	Basic Constraints:
+		CA:TRUE
+	Subject Key ID: 
+		BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
+	Authority Key ID: 
+		BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
+
+Other information:
+	MD5 Fingerprint: 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+	SHA1 Fingerprint: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
+	Public Key ID: 8D:C9:49:57:76:CC:19:71:BC:E5:EA:17:70:0A:83:61:9D:C9:27:A7
+
+
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs1-pad-ok.pem b/tests/cert-tests/data/pkcs1-pad-ok.pem
new file mode 100644
index 0000000..ff19cb4
--- /dev/null
+++ b/tests/cert-tests/data/pkcs1-pad-ok.pem
@@ -0,0 +1,118 @@
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FF
+Subject: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp
+Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Thu Sep  7 18:40:37 2006
+	Not After: Fri Sep  7 18:40:37 2007
+Subject Public Key Info:
+	Public Key Algorithm: RSA (1024 bits)
+modulus:
+	bd:2a:59:ea:28:3d:0e:97:8a:07:ad:21:ee:28:b5:
+	46:2b:4d:ba:f9:27:e0:83:4e:7c:45:e3:0a:33:d2:
+	17:09:88:6c:62:6a:9f:25:af:29:38:8c:2b:38:2e:
+	11:89:06:e8:26:40:6e:cc:78:e2:dd:e4:be:c5:43:
+	79:47:79:59:90:51:80:ca:1e:41:dd:6d:34:90:54:
+	e0:15:f1:38:0f:1b:57:37:70:b2:dc:da:3d:e7:ae:
+	7d:0b:59:0e:f2:9f:33:87:a3:f9:fa:3f:8f:d9:58:
+	1f:db:9d:0a:e8:35:86:e6:8d:c9:b7:02:b6:28:f3:
+	1a:89:e4:75:d5:f8:24:45:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints:
+		CA:FALSE
+	Subject Key ID: 
+		2B:40:D9:B5:DF:0A:D4:FD:A2:8F:D8:15:29:43:5C:1E:5C:7B:B8:22
+	Authority Key ID: 
+		DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8
+	2.16.840.1.113730.1.13: 
+		DER Data: 161d4f70656e53534c2047656e657261746564204365727469666963617465
+		ASCII: ..OpenSSL Generated Certificate
+
+Other information:
+	MD5 Fingerprint: 8C:D7:69:6A:E6:75:BD:E9:77:A7:86:43:F5:D1:89:C1
+	SHA1 Fingerprint: F5:EC:64:57:BD:BB:00:A1:45:26:ED:3B:FD:4D:8B:CA:FD:F1:1D:41
+	Public Key ID: 05:95:E0:8F:69:A2:59:92:3D:6B:2B:32:0C:88:C7:12:A1:09:16:8F
+
+
+-----BEGIN CERTIFICATE-----
+MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
+UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
+BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
+6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
+M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
+340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
+EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
+BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU
+cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7
+Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg
+Dw==
+-----END CERTIFICATE-----
+
+
+
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FE
+Subject: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
+Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Thu Sep  7 18:33:18 2006
+	Not After: Sat Oct  7 18:33:18 2006
+Subject Public Key Info:
+	Public Key Algorithm: RSA (1024 bits)
+modulus:
+	d9:7c:58:e4:3c:36:5e:a2:bc:56:aa:4e:ff:0c:a3:
+	36:77:ff:4d:6a:8d:bc:74:ce:93:e6:c6:f9:2f:8d:
+	61:0f:90:b5:91:75:7a:30:97:af:e4:02:c0:49:2c:
+	6d:23:a3:95:3a:66:4e:e2:07:ee:6e:7b:2f:72:3d:
+	0d:4d:93:b8:49:e1:75:c8:bd:6b:54:33:dd:c7:b8:
+	ee:40:8d:5c:6c:38:86:fc:4c:08:31:6d:bd:50:87:
+	63:f6:1d:39:d8:94:e6:11:ba:53:d1:1b:8f:ff:82:
+	56:98:05:ab:74:ee:54:13:8d:31:b9:ae:d2:cf:6f:
+	fa:f8:30:76:66:49:45:a1:
+public exponent:
+	03:
+
+X.509 Extensions:
+	Basic Constraints:
+		CA:TRUE
+	Subject Key ID: 
+		DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8
+	Authority Key ID: 
+		DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8
+
+Other information:
+	MD5 Fingerprint: CA:33:DC:62:CB:54:8E:59:DD:D2:E8:9D:F6:BA:90:5B
+	SHA1 Fingerprint: A4:E8:7D:0A:7D:D2:15:10:B0:AE:F7:24:58:F4:BE:AF:80:48:FE:AD
+	Public Key ID: E5:D1:FC:26:A8:4C:FC:15:59:AD:06:F1:46:D8:40:31:C0:49:4D:1F
+
+
+-----BEGIN CERTIFICATE-----
+MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
+UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
+MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
+dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
+VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
+z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
+tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
+aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
+y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
+uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs1-pad-ok2.pem b/tests/cert-tests/data/pkcs1-pad-ok2.pem
new file mode 100644
index 0000000..36548fa
--- /dev/null
+++ b/tests/cert-tests/data/pkcs1-pad-ok2.pem
@@ -0,0 +1,39 @@
+X.509 certificate info:
+
+Version: 1
+Serial Number (hex): 06
+Subject: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit)
+Issuer: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit)
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Tue Sep 12 01:59:02 2006
+	Not After: Thu Oct 12 01:59:02 2006
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	9f:b3:c3:84:27:95:ff:12:31:52:0f:15:ef:46:11:
+	c4:ad:80:e6:36:5b:0f:dd:80:d7:61:8d:e0:fc:72:
+	45:09:34:fe:55:66:45:43:4c:68:97:6a:fe:a8:a0:
+	a5:df:5f:78:ff:ee:d7:64:b8:3f:04:cb:6f:ff:2a:
+	fe:fe:b9:ed:
+public exponent:
+	01:00:01:
+
+Other information:
+	MD5 Fingerprint: A3:EB:02:BD:45:54:AD:A3:74:FC:CA:BE:31:A3:41:0A
+	SHA1 Fingerprint: FA:E0:71:22:53:6D:9E:F5:01:EF:89:93:1D:3B:A9:17:29:75:2C:F8
+	Public Key ID: 77:47:AD:43:02:5B:06:6E:B4:EF:29:DB:B2:AA:36:5D:01:7C:68:A1
+
+
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa
+Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
+YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
+IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
+hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
+12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2
+4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z
+rHX/kw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs12_2certs.p12 b/tests/cert-tests/data/pkcs12_2certs.p12
new file mode 100644
index 0000000..bcbf48b
--- /dev/null
+++ b/tests/cert-tests/data/pkcs12_2certs.p12
diff --git a/tests/cert-tests/data/pkcs12_5certs.p12 b/tests/cert-tests/data/pkcs12_5certs.p12
new file mode 100644
index 0000000..5fc9cd3
--- /dev/null
+++ b/tests/cert-tests/data/pkcs12_5certs.p12
diff --git a/tests/cert-tests/data/pkcs7-cat-ca.pem b/tests/cert-tests/data/pkcs7-cat-ca.pem
new file mode 100644
index 0000000..742d80f
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-cat-ca.pem
@@ -0,0 +1,145 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 79ad16a14aa0a5ad4c7358f407132e65
+	Issuer: DC=com,DC=microsoft,CN=Microsoft Root Certificate Authority
+	Validity:
+		Not Before: Wed May 09 23:19:22 UTC 2001
+		Not After: Sun May 09 23:28:13 UTC 2021
+	Subject: DC=com,DC=microsoft,CN=Microsoft Root Certificate Authority
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: High (4096 bits)
+		Modulus (bits 4096):
+			00:f3:5d:fa:80:67:d4:5a:a7:a9:0c:2c:90:20:d0:35
+			08:3c:75:84:cd:b7:07:89:9c:89:da:de:ce:c3:60:fa
+			91:68:5a:9e:94:71:29:18:76:7c:c2:e0:c8:25:76:94
+			0e:58:fa:04:34:36:e6:df:af:f7:80:ba:e9:58:0b:2b
+			93:e5:9d:05:e3:77:22:91:f7:34:64:3c:22:91:1d:5e
+			e1:09:90:bc:14:fe:fc:75:58:19:e1:79:b7:07:92:a3
+			ae:88:59:08:d8:9f:07:ca:03:58:fc:68:29:6d:32:d7
+			d2:a8:cb:4b:fc:e1:0b:48:32:4f:e6:eb:b8:ad:4f:e4
+			5c:6f:13:94:99:db:95:d5:75:db:a8:1a:b7:94:91:b4
+			77:5b:f5:48:0c:8f:6a:79:7d:14:70:04:7d:6d:af:90
+			f5:da:70:d8:47:b7:bf:9b:2f:6c:e7:05:b7:e1:11:60
+			ac:79:91:14:7c:c5:d6:a6:e4:e1:7e:d5:c3:7e:e5:92
+			d2:3c:00:b5:36:82:de:79:e1:6d:f3:b5:6e:f8:9f:33
+			c9:cb:52:7d:73:98:36:db:8b:a1:6b:a2:95:97:9b:a3
+			de:c2:4d:26:ff:06:96:67:25:06:c8:e7:ac:e4:ee:12
+			33:95:31:99:c8:35:08:4e:34:ca:79:53:d5:b5:be:63
+			32:59:40:36:c0:a5:4e:04:4d:3d:db:5b:07:33:e4:58
+			bf:ef:3f:53:64:d8:42:59:35:57:fd:0f:45:7c:24:04
+			4d:9e:d6:38:74:11:97:22:90:ce:68:44:74:92:6f:d5
+			4b:6f:b0:86:e3:c7:36:42:a0:d0:fc:c1:c0:5a:f9:a3
+			61:b9:30:47:71:96:0a:16:b0:91:c0:42:95:ef:10:7f
+			28:6a:e3:2a:1f:b1:e4:cd:03:3f:77:71:04:c7:20:fc
+			49:0f:1d:45:88:a4:d7:cb:7e:88:ad:8e:2d:ec:45:db
+			c4:51:04:c9:2a:fc:ec:86:9e:9a:11:97:5b:de:ce:53
+			88:e6:e2:b7:fd:ac:95:c2:28:40:db:ef:04:90:df:81
+			33:39:d9:b2:45:a5:23:87:06:a5:55:89:31:bb:06:2d
+			60:0e:41:18:7d:1f:2e:b5:97:cb:11:eb:15:d5:24:a5
+			94:ef:15:14:89:fd:4b:73:fa:32:5b:fc:d1:33:00:f9
+			59:62:70:07:32:ea:2e:ab:40:2d:7b:ca:dd:21:67:1b
+			30:99:8f:16:aa:23:a8:41:d1:b0:6e:11:9b:36:c4:de
+			40:74:9c:e1:58:65:c1:60:1e:7a:5b:38:c8:8f:bb:04
+			26:7c:d4:16:40:e5:b6:6b:6c:aa:86:fd:00:bf:ce:c1
+			35
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Key Usage (not critical):
+			Digital signature.
+			Non repudiation.
+			Certificate signing.
+			CRL signing.
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+		Subject Key Identifier (not critical):
+			0eac826040562797e52513fc2ae10a539559e4a4
+		Unknown extension 1.3.6.1.4.1.311.21.1 (not critical):
+			ASCII: ...
+			Hexdump: 020100
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		c5:11:4d:03:3a:60:dd:5d:52:11:77:8f:b2:bb:36:c8
+		b2:05:bf:b4:b7:a8:d8:20:9d:5c:13:03:b6:1c:22:fa
+		06:13:35:b6:c8:63:d4:9a:47:6f:26:57:d2:55:f1:04
+		b1:26:5f:d6:a9:50:68:a0:bc:d2:b8:6e:cc:c3:e9:ac
+		df:19:cd:78:ac:59:74:ac:66:34:36:c4:1b:3e:6c:38
+		4c:33:0e:30:12:0d:a3:26:fe:51:53:00:ff:af:5a:4e
+		84:0d:0f:1f:e4:6d:05:2e:4e:85:4b:8d:6c:33:6f:54
+		d2:64:ab:bf:50:af:7d:7a:39:a0:37:ed:63:03:0f:fc
+		13:06:ce:16:36:d4:54:3b:95:1b:51:62:3a:e5:4d:17
+		d4:05:39:92:9a:27:a8:5b:aa:bd:ec:bb:be:e3:20:89
+		60:71:6c:56:b3:a5:13:d0:6d:0e:23:7e:95:03:ed:68
+		3d:f2:d8:63:b8:6b:4d:b6:e8:30:b5:e1:ca:94:4b:f7
+		a2:aa:5d:99:30:b2:3d:a7:c2:51:6c:28:20:01:24:27
+		2b:4b:00:b7:9d:11:6b:70:be:b2:10:82:bc:0c:9b:68
+		d0:8d:3b:24:87:aa:99:28:72:9d:33:5f:59:90:bd:f5
+		de:93:9e:3a:62:5a:34:39:e2:88:55:1d:b9:06:b0:c1
+		89:6b:2d:d7:69:c3:19:12:36:84:d0:c9:a0:da:ff:2f
+		69:78:b2:e5:7a:da:eb:d7:0c:c0:f7:bd:63:17:b8:39
+		13:38:a2:36:5b:7b:f2:85:56:6a:1d:64:62:c1:38:e2
+		aa:bf:51:66:a2:94:f5:12:9c:66:22:10:6b:f2:b7:30
+		92:2d:f2:29:f0:3d:3b:14:43:68:a2:f1:9c:29:37:cb
+		ce:38:20:25:6d:7c:67:f3:7e:24:12:24:03:08:81:47
+		ec:a5:9e:97:f5:18:d7:cf:bb:d5:ef:76:96:ef:fd:ce
+		db:56:9d:95:a0:42:f9:97:58:e1:d7:31:22:d3:5f:59
+		e6:3e:6e:22:00:ea:43:84:b6:25:db:d9:f3:08:56:68
+		c0:64:6b:1d:7c:ec:b6:93:a2:62:57:6e:2e:d8:e7:58
+		8f:c4:31:49:26:dd:de:29:35:87:f5:30:71:70:5b:14
+		3c:69:bd:89:12:7d:eb:2e:a3:fe:d8:7f:9e:82:5a:52
+		0a:2b:c1:43:2b:d9:30:88:9f:c8:10:fb:89:8d:e6:a1
+		85:75:33:7e:6c:9e:db:73:13:64:62:69:a5:2f:7d:ca
+		96:6d:9f:f8:04:4d:30:92:3d:6e:21:14:21:c9:3d:e0
+		c3:fd:8a:6b:9d:4a:fd:d1:a1:9d:99:43:77:3f:b0:da
+Other Information:
+	SHA1 fingerprint:
+		cdd4eeae6000ac7f40c3802c171e30148030c072
+	SHA256 fingerprint:
+		885de64c340e3ea70658f01e1145f957fcda27aabeea1ab9faa9fdb0102d4077
+	Public Key ID:
+		0eac826040562797e52513fc2ae10a539559e4a4
+	Public key's random art:
+		+--[ RSA 4096]----+
+		| o.o oOO..       |
+		|o   +==.+        |
+		|.   .E o.        |
+		|.  . o   .       |
+		|... . + S        |
+		|o+   + +         |
+		|. + o . .        |
+		|   o             |
+		|                 |
+		+-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIFmTCCA4GgAwIBAgIQea0WoUqgpa1Mc1j0BxMuZTANBgkqhkiG9w0BAQUFADBf
+MRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0
+MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+HhcNMDEwNTA5MjMxOTIyWhcNMjEwNTA5MjMyODEzWjBfMRMwEQYKCZImiZPyLGQB
+GRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNy
+b3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDzXfqAZ9Rap6kMLJAg0DUIPHWEzbcHiZyJ2t7Ow2D6
+kWhanpRxKRh2fMLgyCV2lA5Y+gQ0Nubfr/eAuulYCyuT5Z0F43cikfc0ZDwikR1e
+4QmQvBT+/HVYGeF5tweSo66IWQjYnwfKA1j8aCltMtfSqMtL/OELSDJP5uu4rU/k
+XG8TlJnbldV126gat5SRtHdb9UgMj2p5fRRwBH1tr5D12nDYR7e/my9s5wW34RFg
+rHmRFHzF1qbk4X7Vw37lktI8ALU2gt554W3ztW74nzPJy1J9c5g224uha6KVl5uj
+3sJNJv8GlmclBsjnrOTuEjOVMZnINQhONMp5U9W1vmMyWUA2wKVOBE0921sHM+RY
+v+8/U2TYQlk1V/0PRXwkBE2e1jh0EZcikM5oRHSSb9VLb7CG48c2QqDQ/MHAWvmj
+YbkwR3GWChawkcBCle8Qfyhq4yofseTNAz93cQTHIPxJDx1FiKTXy36IrY4t7EXb
+xFEEySr87IaemhGXW97OU4jm4rf9rJXCKEDb7wSQ34EzOdmyRaUjhwalVYkxuwYt
+YA5BGH0fLrWXyxHrFdUkpZTvFRSJ/Utz+jJb/NEzAPlZYnAHMuouq0Ate8rdIWcb
+MJmPFqojqEHRsG4RmzbE3kB0nOFYZcFgHnpbOMiPuwQmfNQWQOW2a2yqhv0Av87B
+NQIDAQABo1EwTzALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUDqyCYEBWJ5flJRP8KuEKU5VZ5KQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
+hvcNAQEFBQADggIBAMURTQM6YN1dUhF3j7K7NsiyBb+0t6jYIJ1cEwO2HCL6BhM1
+tshj1JpHbyZX0lXxBLEmX9apUGigvNK4bszD6azfGc14rFl0rGY0NsQbPmw4TDMO
+MBINoyb+UVMA/69aToQNDx/kbQUuToVLjWwzb1TSZKu/UK99ejmgN+1jAw/8EwbO
+FjbUVDuVG1FiOuVNF9QFOZKaJ6hbqr3su77jIIlgcWxWs6UT0G0OI36VA+1oPfLY
+Y7hrTbboMLXhypRL96KqXZkwsj2nwlFsKCABJCcrSwC3nRFrcL6yEIK8DJto0I07
+JIeqmShynTNfWZC99d6TnjpiWjQ54ohVHbkGsMGJay3XacMZEjaE0Mmg2v8vaXiy
+5Xra69cMwPe9Yxe4ORM4ojZbe/KFVmodZGLBOOKqv1FmopT1EpxmIhBr8rcwki3y
+KfA9OxRDaKLxnCk3y844ICVtfGfzfiQSJAMIgUfspZ6X9RjXz7vV73aW7/3O21ad
+laBC+ZdY4dcxItNfWeY+biIA6kOEtiXb2fMIVmjAZGsdfOy2k6JiV24u2OdYj8Qx
+SSbd3ik1h/UwcXBbFDxpvYkSfesuo/7Yf56CWlIKK8FDK9kwiJ/IEPuJjeahhXUz
+fmye23MTZGJppS99ypZtn/gETTCSPW4hFCHJPeDD/YprnUr90aGdmUN3P7Da
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs7-cat.p7 b/tests/cert-tests/data/pkcs7-cat.p7
new file mode 100644
index 0000000..ec91399
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-cat.p7
diff --git a/tests/cert-tests/data/pkcs7-chain-endcert-key.pem b/tests/cert-tests/data/pkcs7-chain-endcert-key.pem
new file mode 100644
index 0000000..c684645
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-chain-endcert-key.pem
@@ -0,0 +1,182 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: High (3072 bits)
+
+modulus:
+	00:cf:4d:4a:09:00:a6:0d:58:ac:03:1d:60:d5:fc:5e
+	b7:e7:04:42:09:27:eb:01:f3:a5:52:6d:1d:d9:2b:87
+	2e:d2:7f:58:f9:d9:8e:34:51:a7:cd:82:80:d9:ae:a2
+	e8:5c:61:7c:d1:e6:1e:ee:21:3d:1f:8f:5f:03:1d:d9
+	50:03:2e:d9:92:fb:fc:db:3d:38:c0:68:de:a0:4e:7a
+	88:12:3f:e2:50:5a:97:ab:1b:bc:ab:37:b8:8c:dc:03
+	7f:b3:44:53:0e:59:da:81:7a:6b:3f:fb:48:6a:cb:06
+	53:7d:49:41:60:69:2d:0b:3c:fb:85:28:c6:0a:3e:f9
+	94:f6:b1:05:c9:9b:87:ce:e0:8b:d1:bd:d4:10:ff:ab
+	a0:22:dd:c4:c9:62:eb:09:8d:4b:30:03:3c:e8:96:d3
+	bc:cf:40:6d:e2:d3:c6:15:97:57:61:b6:9c:01:d4:60
+	1c:23:a8:f7:18:82:a4:41:86:5d:3e:1c:b8:e2:6b:e4
+	a5:ca:83:40:14:a3:8a:ea:7e:21:c0:85:3b:0d:b0:b0
+	6e:00:d9:fc:53:34:c5:b9:ab:3b:18:89:5c:4d:3b:6b
+	91:0b:6d:57:d6:58:e2:08:6d:eb:74:9b:bf:c1:01:89
+	a2:f5:f3:32:5e:86:6e:9d:26:21:3b:b5:36:b1:e5:f8
+	68:d2:df:12:4a:5b:4d:7f:71:b7:4c:04:cf:b2:17:fa
+	cf:b7:4b:9f:fb:59:01:60:ee:93:6f:c8:20:df:ad:d0
+	17:0c:e6:03:90:10:5c:26:dc:33:a0:15:ac:1d:49:1c
+	63:03:36:fd:b5:d7:36:10:a0:57:3f:dd:64:22:22:37
+	fb:bd:8c:2a:b7:12:bf:b5:9b:3c:ac:5c:9d:a9:b9:f1
+	ae:ae:a1:12:e7:af:5f:c4:c7:f2:66:cf:b5:a9:f2:74
+	1c:26:f7:bb:44:85:00:d1:8e:35:73:27:98:05:cd:97
+	b8:4e:fb:f7:3c:56:49:de:e2:3b:18:62:0c:34:b7:b8
+	0d:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	00:c2:c9:10:e3:dc:a4:2a:ae:43:12:ba:2c:1f:65:7f
+	6a:b5:bb:9e:81:13:ed:12:6c:69:cf:45:90:62:5b:30
+	2e:a2:c3:de:4b:06:4d:44:83:e5:74:89:47:a1:43:22
+	f7:ca:b6:1f:9e:ea:e7:ed:41:76:39:8d:71:ed:6f:c2
+	9e:18:1f:91:79:37:25:a4:ab:a6:03:c5:86:4a:82:f3
+	47:a0:3e:3e:dc:da:02:e1:58:b2:b2:ff:2c:7d:ce:cd
+	ca:d4:1b:43:1f:9c:f6:5f:eb:33:93:6e:fd:e0:ba:dc
+	3a:de:e2:52:77:d0:db:ee:4f:62:d7:00:34:f5:b3:ae
+	b8:76:04:68:37:c3:d8:9c:5f:09:82:0f:28:90:c0:6b
+	f7:90:4b:69:79:01:65:70:18:3f:a9:e1:a0:fd:bb:9b
+	41:32:4c:8b:f4:32:a1:51:f0:5e:bf:05:e3:19:25:01
+	19:ef:b7:f8:56:23:8b:4b:b6:81:2e:b7:b6:51:aa:a7
+	b0:1e:c6:7c:01:b6:3f:93:37:e2:87:7f:45:57:46:7a
+	4f:a9:d3:3c:8b:fc:27:34:79:bd:60:da:0d:f8:c6:2a
+	a8:95:5e:62:51:ea:40:95:0f:da:18:02:0c:91:0a:0d
+	fd:dd:13:36:36:45:d7:f6:bb:db:f6:54:fb:f6:31:b4
+	8f:1f:a5:65:70:bf:60:12:b2:bb:a4:9c:d0:a5:9d:70
+	2f:e9:22:f3:83:e3:4c:4d:5a:50:d3:37:ce:77:4b:9b
+	98:4c:8d:7b:48:85:01:2c:48:eb:cd:6d:80:1b:26:b5
+	bc:9f:a9:ae:df:36:a8:f6:ad:31:7f:9f:f5:cf:7a:fb
+	d3:99:5d:97:f7:37:ba:4b:df:89:e4:1f:57:a1:f5:dc
+	f0:7a:44:48:4b:2a:c9:b7:f5:96:4a:85:f2:5a:be:f8
+	b1:9b:c9:da:1c:e8:65:54:7a:66:e4:68:33:f8:be:1f
+	4e:17:b1:2d:b7:1c:63:ac:cf:7a:a3:4b:5c:57:3c:b7
+	51:
+
+prime1:
+	00:f7:ab:33:e9:01:38:02:87:49:0c:56:8f:8e:f7:35
+	e5:88:97:cf:7b:d0:2b:84:28:b4:4f:b3:17:fd:b2:27
+	1c:10:7b:1e:0b:bb:3a:ac:4d:de:87:fe:e1:0e:f3:33
+	3c:28:3d:f5:be:a1:ee:be:51:09:2f:d7:91:80:07:6c
+	c9:82:cd:91:26:73:0a:3f:3c:e8:01:8c:89:fb:60:9e
+	67:c0:6d:84:3d:25:2a:88:0d:1a:b1:c0:6b:26:81:13
+	10:2e:01:85:75:70:de:01:0f:47:49:b0:d7:3c:e0:e9
+	cf:1e:de:a8:bb:67:4f:26:ec:c3:5e:f2:90:28:1c:8b
+	43:f5:33:0e:f3:a2:92:3c:e3:5e:ca:94:a6:4d:f7:a9
+	84:7b:11:03:cb:34:1a:d9:c1:54:37:d3:a3:06:49:bd
+	43:16:52:6d:c5:44:db:e4:cf:90:48:13:7d:18:cd:f6
+	db:1c:80:95:0a:b4:bf:ff:78:ef:c0:66:69:0e:c9:4e
+	7f:
+
+prime2:
+	00:d6:46:77:b9:7c:1b:06:fe:eb:ba:cf:48:a4:9b:0a
+	98:8c:99:9d:b4:40:e3:1b:61:d3:9d:85:78:f6:56:c0
+	65:7b:6c:a5:e9:18:10:7d:65:c7:48:95:ff:f4:f5:94
+	cf:49:38:d7:04:3f:3b:c1:ae:d1:e5:a6:20:ff:dc:12
+	a9:41:84:1a:ff:56:53:3d:33:91:c8:a5:a5:a2:91:f4
+	92:07:95:92:29:4b:f7:80:de:d1:91:1c:f8:97:64:a1
+	df:57:ed:0e:9d:ca:23:77:30:8b:bb:2c:eb:52:9e:4d
+	cd:41:63:dc:9d:8f:1d:0c:f6:4e:e6:26:38:55:69:1e
+	1d:8b:b6:f0:68:a9:b9:38:b0:97:b5:be:34:c7:9b:60
+	08:b6:e0:83:d8:f8:f6:62:b4:be:be:01:fd:2f:6f:5d
+	2a:a0:8d:aa:52:f5:2c:23:56:8d:3a:50:73:0d:ea:31
+	95:59:32:60:9c:e9:3f:34:5a:c7:99:57:a5:55:16:0b
+	73:
+
+coefficient:
+	00:88:98:51:9a:a6:1c:ce:44:54:5d:c7:f5:df:a7:0a
+	db:39:c3:d8:6b:ec:5d:ee:89:64:bf:25:2e:9a:25:a6
+	ee:dc:e5:cb:01:13:9a:19:9f:7f:24:52:b6:e7:40:e1
+	21:8d:8f:9f:69:92:e4:3d:a4:25:db:2d:0a:74:bc:ea
+	44:d6:81:90:d5:59:3f:6a:63:cd:2c:0e:7f:83:ce:0c
+	e7:7b:bb:22:c8:6d:f8:15:5d:7b:52:be:e1:c6:1f:c5
+	55:5a:76:8a:b4:ae:18:29:55:86:e0:a7:40:23:28:c0
+	c7:6d:dc:a3:a8:6b:56:97:b4:64:88:a1:7b:f1:5f:b4
+	f0:bf:1b:9e:b3:b7:db:59:a3:01:49:40:2d:df:2b:bb
+	f4:e3:84:e8:b9:0c:c5:31:f6:05:38:4c:7f:8e:b6:2e
+	8b:7f:fc:69:c2:57:e5:f5:10:3e:4e:47:3a:3d:d2:57
+	a7:5f:73:54:8d:9a:60:90:d6:10:b7:e3:31:57:83:40
+	87:
+
+exp1:
+	00:f4:cd:e1:da:9f:5c:c8:8b:06:76:4e:9d:49:d8:2b
+	0a:fd:cf:e8:c3:5e:49:95:31:52:c1:30:aa:37:16:c0
+	37:aa:46:b7:b5:2a:d4:dc:f9:7f:4b:77:70:e8:01:16
+	14:91:46:65:40:8f:f9:57:5e:ec:30:c0:e8:4d:df:88
+	f5:49:f8:7d:4f:bf:08:52:e7:95:ff:e9:f5:7d:66:cc
+	4c:8b:54:f5:10:27:4b:79:fd:51:f4:7e:d8:aa:cf:8c
+	93:42:96:38:5f:94:37:ac:5e:78:bd:6b:31:e5:37:ff
+	83:bd:e4:a2:6d:d2:b8:d7:25:d2:1b:68:b1:7b:24:73
+	b7:b1:87:4d:71:1e:b1:63:c3:ee:af:58:ed:65:45:b6
+	e6:7f:6a:9b:10:61:29:65:32:06:57:c4:36:71:01:b4
+	34:ba:bc:b1:49:fb:3d:4b:56:ab:2b:c3:2f:b4:b3:e9
+	1c:3d:79:0f:58:ec:be:96:fb:e8:27:8a:52:af:cd:e5
+	6b:
+
+exp2:
+	50:8c:54:dd:49:25:ef:cf:4c:56:01:2d:d1:92:e6:bc
+	c9:bd:c5:66:c9:2d:96:51:83:f7:27:01:7d:b8:c6:c2
+	5f:4f:4c:5e:ff:48:d3:9a:ba:fb:32:47:f1:91:8f:cb
+	0c:3f:6d:b4:8f:00:ab:a2:48:0d:08:12:47:9c:36:f7
+	a1:45:43:d0:d0:66:a2:0f:0c:b2:5c:72:93:56:42:95
+	d2:7c:0b:61:b2:c8:eb:8c:d7:42:b1:9d:51:6b:e6:dd
+	ca:73:b6:96:e2:31:ca:d0:58:f6:97:c0:2e:62:8b:e4
+	a8:bc:1d:66:ad:31:c2:79:a4:d7:27:6e:ed:cc:82:21
+	a1:2f:b7:d7:e0:55:5c:56:25:f1:8f:fa:cf:3e:3d:2f
+	89:6f:84:a0:bf:95:ff:2c:ea:b7:0a:90:5e:90:82:79
+	4f:b9:71:59:96:08:6d:90:4f:ae:a8:27:58:07:bd:73
+	e2:ff:e9:09:93:34:cb:3d:84:e2:c3:eb:c6:bc:6e:b9
+	
+
+
+Public Key PIN:
+	pin-sha256:bQF0mUATY710KqQP8ajdnqREqJUPc/Z4II4Fn33CZL8=
+Public Key ID:
+	sha256:6d017499401363bd742aa40ff1a8dd9ea444a8950f73f678208e059f7dc264bf
+	sha1:9612983dbe342ee129ce2aaa5be249c695676212
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5QIBAAKCAYEAz01KCQCmDVisAx1g1fxet+cEQgkn6wHzpVJtHdkrhy7Sf1j5
+2Y40UafNgoDZrqLoXGF80eYe7iE9H49fAx3ZUAMu2ZL7/Ns9OMBo3qBOeogSP+JQ
+WperG7yrN7iM3AN/s0RTDlnagXprP/tIassGU31JQWBpLQs8+4Uoxgo++ZT2sQXJ
+m4fO4IvRvdQQ/6ugIt3EyWLrCY1LMAM86JbTvM9AbeLTxhWXV2G2nAHUYBwjqPcY
+gqRBhl0+HLjia+SlyoNAFKOK6n4hwIU7DbCwbgDZ/FM0xbmrOxiJXE07a5ELbVfW
+WOIIbet0m7/BAYmi9fMyXoZunSYhO7U2seX4aNLfEkpbTX9xt0wEz7IX+s+3S5/7
+WQFg7pNvyCDfrdAXDOYDkBBcJtwzoBWsHUkcYwM2/bXXNhCgVz/dZCIiN/u9jCq3
+Er+1mzysXJ2pufGurqES569fxMfyZs+1qfJ0HCb3u0SFANGONXMnmAXNl7hO+/c8
+Vkne4jsYYgw0t7gNAgMBAAECggGBAMLJEOPcpCquQxK6LB9lf2q1u56BE+0SbGnP
+RZBiWzAuosPeSwZNRIPldIlHoUMi98q2H57q5+1BdjmNce1vwp4YH5F5NyWkq6YD
+xYZKgvNHoD4+3NoC4Viysv8sfc7NytQbQx+c9l/rM5Nu/eC63Dre4lJ30NvuT2LX
+ADT1s664dgRoN8PYnF8Jgg8okMBr95BLaXkBZXAYP6nhoP27m0EyTIv0MqFR8F6/
+BeMZJQEZ77f4ViOLS7aBLre2UaqnsB7GfAG2P5M34od/RVdGek+p0zyL/Cc0eb1g
+2g34xiqolV5iUepAlQ/aGAIMkQoN/d0TNjZF1/a72/ZU+/YxtI8fpWVwv2ASsruk
+nNClnXAv6SLzg+NMTVpQ0zfOd0ubmEyNe0iFASxI681tgBsmtbyfqa7fNqj2rTF/
+n/XPevvTmV2X9ze6S9+J5B9XofXc8HpESEsqybf1lkqF8lq++LGbydoc6GVUembk
+aDP4vh9OF7EttxxjrM96o0tcVzy3UQKBwQD3qzPpATgCh0kMVo+O9zXliJfPe9Ar
+hCi0T7MX/bInHBB7Hgu7OqxN3of+4Q7zMzwoPfW+oe6+UQkv15GAB2zJgs2RJnMK
+PzzoAYyJ+2CeZ8BthD0lKogNGrHAayaBExAuAYV1cN4BD0dJsNc84OnPHt6ou2dP
+JuzDXvKQKByLQ/UzDvOikjzjXsqUpk33qYR7EQPLNBrZwVQ306MGSb1DFlJtxUTb
+5M+QSBN9GM322xyAlQq0v/9478BmaQ7JTn8CgcEA1kZ3uXwbBv7rus9IpJsKmIyZ
+nbRA4xth052FePZWwGV7bKXpGBB9ZcdIlf/09ZTPSTjXBD87wa7R5aYg/9wSqUGE
+Gv9WUz0zkcilpaKR9JIHlZIpS/eA3tGRHPiXZKHfV+0OncojdzCLuyzrUp5NzUFj
+3J2PHQz2TuYmOFVpHh2LtvBoqbk4sJe1vjTHm2AItuCD2Pj2YrS+vgH9L29dKqCN
+qlL1LCNWjTpQcw3qMZVZMmCc6T80WseZV6VVFgtzAoHBAPTN4dqfXMiLBnZOnUnY
+Kwr9z+jDXkmVMVLBMKo3FsA3qka3tSrU3Pl/S3dw6AEWFJFGZUCP+Vde7DDA6E3f
+iPVJ+H1PvwhS55X/6fV9ZsxMi1T1ECdLef1R9H7Yqs+Mk0KWOF+UN6xeeL1rMeU3
+/4O95KJt0rjXJdIbaLF7JHO3sYdNcR6xY8Pur1jtZUW25n9qmxBhKWUyBlfENnEB
+tDS6vLFJ+z1LVqsrwy+0s+kcPXkPWOy+lvvoJ4pSr83lawKBwFCMVN1JJe/PTFYB
+LdGS5rzJvcVmyS2WUYP3JwF9uMbCX09MXv9I05q6+zJH8ZGPyww/bbSPAKuiSA0I
+EkecNvehRUPQ0GaiDwyyXHKTVkKV0nwLYbLI64zXQrGdUWvm3cpztpbiMcrQWPaX
+wC5ii+SovB1mrTHCeaTXJ27tzIIhoS+31+BVXFYl8Y/6zz49L4lvhKC/lf8s6rcK
+kF6QgnlPuXFZlghtkE+uqCdYB71z4v/pCZM0yz2E4sPrxrxuuQKBwQCImFGaphzO
+RFRdx/XfpwrbOcPYa+xd7olkvyUumiWm7tzlywETmhmffyRStudA4SGNj59pkuQ9
+pCXbLQp0vOpE1oGQ1Vk/amPNLA5/g84M53u7Isht+BVde1K+4cYfxVVadoq0rhgp
+VYbgp0AjKMDHbdyjqGtWl7RkiKF78V+08L8bnrO321mjAUlALd8ru/TjhOi5DMUx
+9gU4TH+Oti6Lf/xpwlfl9RA+Tkc6PdJXp19zVI2aYJDWELfjMVeDQIc=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pkcs7-chain-root.pem b/tests/cert-tests/data/pkcs7-chain-root.pem
new file mode 100644
index 0000000..3a4be5e
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-chain-root.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6TCCAlGgAwIBAgIMWRVcZxmAWkc1Mhq3MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDk
+fS4dWnVZWp/e3SPUjXDvGmg0c/kcXCAmVq7jqgn18LA7p6Bp+hW79NXYATUz133b
+z7XK8RJWm+XcDB2qVT1HC4bxlRpc2G6nBmc5qyRTOFV2VTHcO8Aqg9C4rkbmsofZ
+ixJ+1HEseTM63yySmP7SiALwj55wvSDbpAcgfU92hC8jjUQNB4fAbc92byg82MPF
+PT+4FBCCBZVGHV6X1t5CBL8n9yq8Z8ufkBI1K6J/dNSXLhja3m5Q3J+WZpv445do
+88U1csw3G38frq6RFVHbb0Pusrdbj6+BAJsF5ZGbacPzcuobosVyb5OmNhpiwSzb
+yxD7rNUsVis8ClDSDTT4EP6Qxs7rnF/5UyWtVEnUg15xEqtj3CFlgY2mkI0v7YIO
+GAf3uo8iXHE0vaQHlQ2DMp8/IL3rRTujxXukjO1SH/4h9VXnNjGMrOpQRSajhMx2
+aHw/tPnNLTMqGfDV/rUFMGzJbhe1ZPH6L9kGFJzwDSd78D6ho/jWa/bH5306L4kC
+AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud
+DgQWBBTZfEXSOVCPbOBHkMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEALDBQ
+V/cMcuhDVChs5JICijycvZpxlxzxY34bQ3dm0NWeMjL+6dIyOQ5ThF6joG3nIScl
+oACurHcrZgrCTbw3LWXll0Hbwb0FRASCKgsg3a5BuRqc33A3vyQAOiyTiN+bje8e
+LpuhJNlAVFYu52+ywObwd1pf6CN4IqbXWlJ6j9rYY6Trquar3uYc1dHLy/RBsatQ
+CqurVTcZ+/2R1itHFfvT2fJ+pOw/kgAg62Tkkj2Ck0PaNcplbgQY0RUALV3V1Db5
+lnNCYcr5Iyl/ag5Unf1QD16Tp0SYI0+670xqq7Q4U6xQroZbMgPTI+DaCUFINOE5
+/2XiHxuWhM8N9fgfw8u9RyMKe7bgiQzeJkb3CKbsf9ytF8yUSK6nJc+/9Lqnh0Z0
+tf2yIpNKC2gc93dM1W1yVSuLLU5jwEkcMwh7JQJLofUgkfenKLOleNQ5UsHuAmy4
+LJS7OTnwtTfqtnszZGGmKqOS6HKE7rP1jI9AZgqRfGLIYoRY0skYtFsgZwzy
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs7-chain.pem b/tests/cert-tests/data/pkcs7-chain.pem
new file mode 100644
index 0000000..4800eb5
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-chain.pem
@@ -0,0 +1,72 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCAomgAwIBAgIMWRVcaAigQxpHMLElMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTEwIBcNMTcwNTEyMDY1NTM2WhgPOTk5OTEyMzEyMzU5NTlaMBMx
+ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+AYEAz01KCQCmDVisAx1g1fxet+cEQgkn6wHzpVJtHdkrhy7Sf1j52Y40UafNgoDZ
+rqLoXGF80eYe7iE9H49fAx3ZUAMu2ZL7/Ns9OMBo3qBOeogSP+JQWperG7yrN7iM
+3AN/s0RTDlnagXprP/tIassGU31JQWBpLQs8+4Uoxgo++ZT2sQXJm4fO4IvRvdQQ
+/6ugIt3EyWLrCY1LMAM86JbTvM9AbeLTxhWXV2G2nAHUYBwjqPcYgqRBhl0+HLji
+a+SlyoNAFKOK6n4hwIU7DbCwbgDZ/FM0xbmrOxiJXE07a5ELbVfWWOIIbet0m7/B
+AYmi9fMyXoZunSYhO7U2seX4aNLfEkpbTX9xt0wEz7IX+s+3S5/7WQFg7pNvyCDf
+rdAXDOYDkBBcJtwzoBWsHUkcYwM2/bXXNhCgVz/dZCIiN/u9jCq3Er+1mzysXJ2p
+ufGurqES569fxMfyZs+1qfJ0HCb3u0SFANGONXMnmAXNl7hO+/c8Vkne4jsYYgw0
+t7gNAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0
+MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJYSmD2+NC7hKc4qqlviScaVZ2IS
+MB8GA1UdIwQYMBaAFFRxDgQyZHU8liZv3WQ/ksokQCSpMA0GCSqGSIb3DQEBCwUA
+A4IBgQAN1f7NR1o0JV2IgEDO+ahN5sx/ad+SYvSaRth8TogKjRMY9C/w13rwzs6M
+Y8qaipz2D5Nso2FHysveW3IoEtqS9UB2wYmfh97P3cePz9FEvmGA+8SdL+rCLTpi
+u6eioKk04C56cMsf7cFls1MZ1iCbbU/HlXoqjg4mJZeVW443MlmT/xyZLuqNhnke
+b5C0MHJ0Y/dBtRzdE1yrphLurpC39RLqAj1K3U/iWt9ZXbIYPioPXKpWcEdXgFsE
+Pboe4Aj1ZweK6siijaEZ1HdyRdEvi77MaMTuL5i42JzV8j9OoKA8IVdf4FJgIGOo
+yHW9oBVzYmEIzQ7+lpp68Fk8w+esk5WafPRdP5AQNRXN4KFJmdYZe2K7BSEArc4c
+iIB+gNjFOiAbXnlW+URHiOMPZCXza7Fxae33B5lMBcpi1yDSa2XOO/xPu5z9vA1L
+9ugcdi3EqBmVEf1h4MQuXP0rKp85L4Bd8qqIbXz6pE85Yz5AjcXU/VD/y4ugJV6V
+oVNlbsQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECjCCAnKgAwIBAgIMWRVcZzdMb3w6rL9cMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDK
+VudX96t79AYqJxe0I9D5d1QAS2UOQ04A/brEmdZ0gMNdXT99cesrPy9dIOq2Vtyq
+dr5HEqCmEGZUnB9882OosNCwM8qMu+xkPlDdApLfM1UV8tyPMTLDyKDYcGxBcx1B
+x/vYDSHQ9OZZaHOkaK8qjWN1G7ZZk+7j+fKsFee+VVaY/LNZVtNjA6PQC8/fQeEF
+6NdKFFNZGA6xOjPAdfcpidJAAqhs0nCwlZocLSTrlAplLtXj3jjIpWZA9pnqZTQB
+dk2dSukhbBqbjOaRcAoS96CNB9BPTfiYoBFIrO18CeDuyqNhriAKS4wLKhUOtB0C
+vkuJC77NLeYFPXLI/8RbUD9M2BBeveswX5S9oEqghrsJuehHPy3Uces6oK9nipIN
+9Uj/mkemgXjZqfIUcLMJisk3WBG4JZEcFCrLRKHbEMhQ1borBexi+y0qE0tKpc6k
+pq6SvSkmyAoy8yURtcyw43AgULp7RaS0F6kLkyuY4WbVDkZHT/6zqD8178kig8EC
+AwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1Ud
+DgQWBBRUcQ4EMmR1PJYmb91kP5LKJEAkqTAfBgNVHSMEGDAWgBTZfEXSOVCPbOBH
+kMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEAD9S9gNKUzT4CpHZ1WZ+TMlJN
+0uVwchW5ivsimghmD3T2e+7rSwpxsvQAKb1ifZS5H4L2We6e4Rq5KjfaZZxBy0F4
+TziK6Vy6KRPqtyH2YZwiqpgoJ/kCzdmiPwIuSagZYkXebgzRESAXJHxmANk8WuBT
+fuTWlN9WhqUsubB/b5CLKwYx99k5W55VKld44bqWWG9b9qma42+7tllKV1ctOHUz
+W/tZDWFDTZlMi4NoDnHlciGuNKM2rN37kwmjE2oVUQc1FVQhmdlbdGj/kO14Ur0u
+dlTWO1ApZ+0bGmcB+QOHbM5wwnH2yyqBf2ipS9jjxqo2Xi2mb8GuSj4zXuB3sbSm
+ms11RUNZdBUe56SO/mflywXfxYBslr56+n4uFtKo/LS/HQbGbURDLxRCbNual8tb
+CqdvPriHx9No3EmZEF9fVLy4PQ1k8oau1eQYgTA14aRkkchCJEnPnzVQgUKuHZTC
+79Ek2RkRK1p2o5rB/C+Bg2IyhQlWSqPjua1dmM54
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID6TCCAlGgAwIBAgIMWRVcZxmAWkc1Mhq3MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDk
+fS4dWnVZWp/e3SPUjXDvGmg0c/kcXCAmVq7jqgn18LA7p6Bp+hW79NXYATUz133b
+z7XK8RJWm+XcDB2qVT1HC4bxlRpc2G6nBmc5qyRTOFV2VTHcO8Aqg9C4rkbmsofZ
+ixJ+1HEseTM63yySmP7SiALwj55wvSDbpAcgfU92hC8jjUQNB4fAbc92byg82MPF
+PT+4FBCCBZVGHV6X1t5CBL8n9yq8Z8ufkBI1K6J/dNSXLhja3m5Q3J+WZpv445do
+88U1csw3G38frq6RFVHbb0Pusrdbj6+BAJsF5ZGbacPzcuobosVyb5OmNhpiwSzb
+yxD7rNUsVis8ClDSDTT4EP6Qxs7rnF/5UyWtVEnUg15xEqtj3CFlgY2mkI0v7YIO
+GAf3uo8iXHE0vaQHlQ2DMp8/IL3rRTujxXukjO1SH/4h9VXnNjGMrOpQRSajhMx2
+aHw/tPnNLTMqGfDV/rUFMGzJbhe1ZPH6L9kGFJzwDSd78D6ho/jWa/bH5306L4kC
+AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud
+DgQWBBTZfEXSOVCPbOBHkMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEALDBQ
+V/cMcuhDVChs5JICijycvZpxlxzxY34bQ3dm0NWeMjL+6dIyOQ5ThF6joG3nIScl
+oACurHcrZgrCTbw3LWXll0Hbwb0FRASCKgsg3a5BuRqc33A3vyQAOiyTiN+bje8e
+LpuhJNlAVFYu52+ywObwd1pf6CN4IqbXWlJ6j9rYY6Trquar3uYc1dHLy/RBsatQ
+CqurVTcZ+/2R1itHFfvT2fJ+pOw/kgAg62Tkkj2Ck0PaNcplbgQY0RUALV3V1Db5
+lnNCYcr5Iyl/ag5Unf1QD16Tp0SYI0+670xqq7Q4U6xQroZbMgPTI+DaCUFINOE5
+/2XiHxuWhM8N9fgfw8u9RyMKe7bgiQzeJkb3CKbsf9ytF8yUSK6nJc+/9Lqnh0Z0
+tf2yIpNKC2gc93dM1W1yVSuLLU5jwEkcMwh7JQJLofUgkfenKLOleNQ5UsHuAmy4
+LJS7OTnwtTfqtnszZGGmKqOS6HKE7rP1jI9AZgqRfGLIYoRY0skYtFsgZwzy
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs7-detached.txt b/tests/cert-tests/data/pkcs7-detached.txt
new file mode 100644
index 0000000..54fb2b8
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-detached.txt
@@ -0,0 +1 @@
+Hello there. How are you?
diff --git a/tests/cert-tests/data/pkcs7-eddsa-sig.p7s b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s
new file mode 100644
index 0000000..911b8c1
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s
diff --git a/tests/cert-tests/data/pkcs7.smime b/tests/cert-tests/data/pkcs7.smime
new file mode 100644
index 0000000..9f2d657
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7.smime
@@ -0,0 +1,42 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIIGkgYJKoZIhvcNAQcCoIIGgzCCBn8CAQExDzANBglghkgBZQMEAgEFADBGBgkq
+hkiG9w0BBwGgOQQ3Q29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQoNCkhlbGxvIHRo
+ZXJlLiBIb3cgYXJlIHlvdT8NCqCCA7gwggO0MIICbKADAgECAgRN4LTKMA0GCSqG
+SIb3DQEBCwUAMBkxFzAVBgNVBAMTDkdudVRMUyBUZXN0IENBMB4XDTExMDUyODA4
+MzkzOVoXDTM4MTAxMjA4Mzk0MFowLzEtMCsGA1UEAxMkR251VExTIFRlc3QgU2Vy
+dmVyIChSU0EgY2VydGlmaWNhdGUpMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAtGsnmCWvwf8eyrB+9Ni87UOGZ1Rd2rQewpBfgzwCEfwTcoWyiKRlQQt2
+XyO+ip/+eUtzOy7HSzy/FsmXVTUX86FySzDC4CeUEvNWAObOgksRXaQem/r6uRsq
+TRi1uqXmDMeoqKFtqoiE3JYOsmwcNarnx5Q9+dXHwqINS7NuevcIX8UJzRWTGveY
+3ypMZokk7R/QFmOBZaVYO6HNJWKbmYFUCBcY7HwvCKI7KFcynRdHCob7YrFBmeb7
+3qjqIH7zG+666pohZCmS8q1z5RkFnTdT4hGfGF8iuuKLDQCMni+nhz1AvkqipZII
+DC5hwFh8mpnh1qyDOSXPPhvt66NtncvFON7Bx26bNBS+MD6CkB65Spp25O8zDEai
+MXL2w2EL+KpnifSl5XY3oSmfgHmqdQIDAQABo4GNMIGKMAwGA1UdEwEB/wQCMAAw
+FAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud
+DwEB/wQFAwMHoAAwHQYDVR0OBBYEFHYHWEzqtSn1LYAGjINKgg0J7JPeMB8GA1Ud
+IwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQB0
+1aZOyHm4h+eDKE5bCbukrb6+BQxjyceAygwUe3TK7G4iZxQxe7ctFLV1lKgIkAIG
+lMUaL8ODZTSq84dBwSZzc7A2ocH3RHcsbmNRIK2r9thbuH/oZ30p5YKBlzNodtD0
+g9OMsfV0uzBU+359coHoSHSCBKsYBMT/BFlP9eAMJby3gL7b5OYnxkTO9TzsoA9D
+2tQFLX6ncRQBH8V8wCkCmwSKDUhn5kPmOhoYFbvOHUfQH2YQqJ1G8PvK5EnLMBy8
+PbmdPXk0tbRBHd0R5eiwtzvbTHEmXWGHw0ntg6+ffbeY6NH16viLgPqImVeYny28
+329qQJqeRa8HNvumUWfax8xCogIWlFzDTvkPyF1DF+kZ98va0R4pKCPI0ddLvHd0
+WFSk3chCNSLbHh/Z79leMYICYzCCAl8CAQEwITAZMRcwFQYDVQQDEw5HbnVUTFMg
+VGVzdCBDQQIETeC0yjANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG9w0BCQMxCwYJ
+KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA0MDUxMTUwMzJaMC8GCSqGSIb3
+DQEJBDEiBCAPxNW8sd688/xuhT3eVSckDRNLIIsANJ00vaOH8y2rxTB5BgkqhkiG
+9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAEC
+MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUr
+DgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCATBTDhfI4eA44ENY
+9bQGbPVABFbrdTh9DwfU05Hqam+XlghWefybu4A5Qu3pm2sfiWz2LQLL5/ogYVmv
++wq4vDYkArhHBk1gxVZ5ydZBaMBtne9rYNxNigzE0eziwco/OvyDG1Xg4wKZHNf8
+/PYpe98yJH0BgDWCMMSqsOZEC4q97eDFsIgRuuZm6Rgd+pXIwEWcelTdmJ5nfftP
+e7uWoJZo1eBMsqUUREChw9SnPWCOysONCCTgdfvVOKPb1DZmmzGiK6CS6GfVgrJw
+LvAjaBb3l3B9UssS/w+Sp44BwfCeFkntv8U0FiA/Cgg2sGT3illmguvCzBQon9t5
+c4Eg07LRVt1WP2tt/BbFRVhiHa+8zCOr5bCN1cOs+c17yhYqCYHz3RGGTMWWYAX1
+dFnWPDtb
+
diff --git a/tests/cert-tests/data/pkcs8-eddsa.pem b/tests/cert-tests/data/pkcs8-eddsa.pem
new file mode 100644
index 0000000..e447080
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-eddsa.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pkcs8-eddsa.pem.txt b/tests/cert-tests/data/pkcs8-eddsa.pem.txt
new file mode 100644
index 0000000..665124d
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-eddsa.pem.txt
@@ -0,0 +1,25 @@
+Public Key Info:
+	Public Key Algorithm: EdDSA (Ed25519)
+	Key Security Level: High (256 bits)
+
+curve:	Ed25519
+private key:
+	d4:ee:72:db:f9:13:58:4a:d5:b6:d8:f1:f7:69:f8:ad
+	3a:fe:7c:28:cb:f1:d4:fb:e0:97:a8:8f:44:75:58:42
+	
+
+x:
+	19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b:96
+	c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31:66:e1
+	
+
+
+Public Key PIN:
+	pin-sha256:oekVYFTgT6yJmunydRMs3Ael28TqLCrTof/G4NJTaB8=
+Public Key ID:
+	sha256:a1e9156054e04fac899ae9f275132cdc07a5dbc4ea2c2ad3a1ffc6e0d253681f
+	sha1:3a04967761a552db7e9e18c6dba4bd4aae119908
+
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pkcs8-invalid1.der b/tests/cert-tests/data/pkcs8-invalid1.der
new file mode 100644
index 0000000..8d05984
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid1.der
diff --git a/tests/cert-tests/data/pkcs8-invalid10.der b/tests/cert-tests/data/pkcs8-invalid10.der
new file mode 100644
index 0000000..eb9c173
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid10.der
diff --git a/tests/cert-tests/data/pkcs8-invalid11.der b/tests/cert-tests/data/pkcs8-invalid11.der
new file mode 100644
index 0000000..7f4fda8
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid11.der
diff --git a/tests/cert-tests/data/pkcs8-invalid2.der b/tests/cert-tests/data/pkcs8-invalid2.der
new file mode 100644
index 0000000..086a661
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid2.der
diff --git a/tests/cert-tests/data/pkcs8-invalid3.der b/tests/cert-tests/data/pkcs8-invalid3.der
new file mode 100644
index 0000000..39b821f
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid3.der
diff --git a/tests/cert-tests/data/pkcs8-invalid4.der b/tests/cert-tests/data/pkcs8-invalid4.der
new file mode 100644
index 0000000..c8591a0
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid4.der
diff --git a/tests/cert-tests/data/pkcs8-invalid5.der b/tests/cert-tests/data/pkcs8-invalid5.der
new file mode 100644
index 0000000..3f23459
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid5.der
diff --git a/tests/cert-tests/data/pkcs8-invalid6.der b/tests/cert-tests/data/pkcs8-invalid6.der
new file mode 100644
index 0000000..f1519fe
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid6.der
diff --git a/tests/cert-tests/data/pkcs8-invalid7.der b/tests/cert-tests/data/pkcs8-invalid7.der
new file mode 100644
index 0000000..85e1357
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid7.der
diff --git a/tests/cert-tests/data/pkcs8-invalid8.der b/tests/cert-tests/data/pkcs8-invalid8.der
new file mode 100644
index 0000000..4caa528
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid8.der
diff --git a/tests/cert-tests/data/pkcs8-invalid9.der b/tests/cert-tests/data/pkcs8-invalid9.der
new file mode 100644
index 0000000..ea3c772
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-invalid9.der
diff --git a/tests/cert-tests/data/pkcs8-pbes1-des-md5.pem b/tests/cert-tests/data/pkcs8-pbes1-des-md5.pem
new file mode 100644
index 0000000..b37ea47
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-pbes1-des-md5.pem
@@ -0,0 +1,33 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFwTAbBgkqhkiG9w0BBQMwDgQIj0zLYsYVnewCAggABIIFoNbtBreeQp6iStj1
+h6NXjxaaa+zxpJ2ujFGlkUuYMHYHRHyBRBLPEIBpFK8TeoGz5PtS0TDdV6fNwGmw
+qv4aDSMFLMNPvdhh85mEZXW54rW0h8YOy/dfaueHcAYBlANccpnYs11AJHOul8sz
+X32Q5cDOE2KUqC0DaMu9X1I4YHa2AMrX6Z7/pLx4FN6bAbGNgENrm6j7+53xf7Nw
++rdV9WXm0qXlSJ/yZNnawEdvYgzUM4YC91iIDoFthiQ+VtRy7oTQC3dFCsjT80NL
+2q0X555PfPpuUSOgTKznzZbkUwMWhmzUZZwEly4YXFBBNztaaL2nJeZu+QOZZXlT
+7H7UQvcpgiYszh4WIlm0vEG6CEXm4X/Rdf2q4LMqs4BQGKfMgJbZeq9cF2cIcf5M
+CrKxyW3qOXp+kFQ9LsURxcrgiWhwJlrpg7+NxWVGLstNUU4R5W4lAF9g3/xdo7P9
+w8qjxwp9kcMhOWT62AaTwtLkIMaNJarwViMCluWsnIdaKL4Etb+iC7VzyucAHA59
+5KjHb0S8RlpDe5roSS6GxdxRiztqYn+riW5gA7v8HiyyTiHnF8AjehwNuck94YeP
+lMosUqXYG/BcDsu1ZtFpWmmRqNgss5eQ6bogKqKI0wN6vC1lqVljho0123ae9Jkx
+NzX05s1b4mcBemxpdV9N0tNmZh3gmYn7+7vN7xzzNGsSKtwZWTcM4/ZGlK/uyGmb
+a1xCvRr+5v+fZDpt2l4myfZPUp8UuPRpNVc3FaTl8Btb6jKHJtZnmdKqunVqzOab
+uf6cgLHBbl2Ah+Dd4tv3YMUy6zZ3Bge0HL4vzK+B1svDBOIRMQvI0N7usUndPp2q
+KK100tdMtNF6KTv5VVOApIuu7MuLwN9lqRXKwbyaL1ZEx/Xj5jbXnQJu935/Twpy
+YWZm4Rd/uay1flQXQMjhKXUC32rNAvQUVcFBBoUjGw96yaW1QTaiPYq2bcauH4K3
+rAZrSzDapi0gVoYACD4oqh30aW+aQaKxkRn9ziQLWDyaTU836EYnS071BPq9evth
+iFi2uGnnYmVtF1j1RDDaiC6ip2DxznDuvmM+sz6k6cUIvazqx0bp4ZXcAGAmU4lr
+fHEbw0YZ4NvvejYAApRrqzlWvf9e4icR5UvMe/lUkjIxkde9n/PZKhYLUJxNReUQ
+8ZtGSU8cbYcqr2eZhj71vFJ/cedSrLnLfd8tFXQmkKlb9EOFAYgo02CBdKMNcSl3
+FlVFeFywXljSGwmZv8rr2u7vEUIGlXrEKZnLST76DQpC/Xl5phTrL2Q8JqsHP/OH
+olisadfSEUoB5PEGV3iqQKOvxVxQIE1P0Z85DuBAguOAM2Gfg/FeOmuvTCQY3uDe
+ALZH8KW5cuaDtePXJ2fRJkl5rxrlgYMcxzr2EtQ3VZJ/eGBqUtjewZrAu9POSO74
+7oMTp60ZRxXi3jiUrJZNWtRH//6ezNSMyhWsl6dcyFN96TTzik0uJnlVBEZzF60s
+Uw1NIBdLom8Lccxo0LjKIIxDvLb7e+MG9tuGrXwSyUFDR4pMzC7nR18JE96M34DG
+2/k83qcq74swV+K5xEicsBkpyazbmLYpFpZY8pfI1mUb+ilp3+veMtdduS1GR/RX
+KgXqeUr5toY2L2AIIRasm6j0t9ZZ7vbe+q+dluIkBKaTR1Rc+txjK8jxkdOJGDmz
+f3am49sFNAIstvDzQ+wnxCAmG6mY+pAlQ0P8NnYMu57dxAEQe6PvFjnP2f3aghs7
+m2jXct/WiNQG6aopxEDb9XL8daI7fOHKNGodqRMBC3GsO2sEvii2/Gy5DL4Kiro2
+5UfWTPOCFotMbJYTSp/KKJbk4fMC1xI7lKosYYXbHhg/oV5Cr5zp8DFO+SL4lB7v
+R/VQqKJ4AJpZiz4pNCbwfqNchr3bXe4AosATW1igTDkZf6u6Sw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pkcs8-pbes2-sha256.pem b/tests/cert-tests/data/pkcs8-pbes2-sha256.pem
new file mode 100644
index 0000000..ba88d8e
--- /dev/null
+++ b/tests/cert-tests/data/pkcs8-pbes2-sha256.pem
@@ -0,0 +1,35 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIF/TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI1NhoCmm0bicCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDk8ZQX5/5RSgw6O5zfStl7BIIF
+oBFsReLKYFvjQeo3SPCU4JSlXwjtHdGCCBI6q3+mtMhxk8QJ1GQnGl93zbUNuXlC
+Cthr/X5WJtGdkOGYtAt0pO1bLwL6euvTO7rkU/IwubGF6HH/84gNGNjkL/zJXdDR
+v+FzYIpfmgpkLOEIvN6NvplSS6U0RAb/DOg2tAlI0D3FY7Y5rGiw3aioRG1lg8Wr
+CXRyRiK58XfqcHrkMXdb5f6QGKtoyJZvzAfHjnkVeX5OFeYB0sPHWAtrHQMX+tna
+ddHDQ/p7GPuw0JVR4q75IRs+QQ1GqRTT0PC2LaYzn0uxatPH/Z3nW9CxAa7E5SQK
+VePbvdS5QHwEAITG0VXFowTOuhNYAvacqYaYXpd/gHEa26H3gBMKxfrOfWjXsmcS
+VO72oZCAa2VS8RRQ6AhwmqZ2vmDNvenBPGK/3R+aGX4fFgmN+Uv2CxAu8ZYN1WHt
+BJOdI1hTFrtLCfuU398CPdk8Xc0Y45N29Ao+XW0W8z1hqACpVAy89YYilF4wRRpH
+ZnBKrwvxhfQcqVSuJOOfxmxqQrylzzCF4O6ug+lE+RlZpO5Yvtmqc/i4SzzxAu8x
+XentKLEIPmQaUpWElHriL/YYeDHpj46PAPbyfh2vgxLFGvsf6CHT1PkyNmHGwR6Y
+FmoEQ75i3f9PTnQ/byYODkyiYmNxPnCEOpNZp8qNnAZ8YnkifOmMqYJcaglohdlP
+REIAehmXKgyzDpe1Xi6OQfwDyIB7Dw+oNqajSUyLHqOtRv6ziLxbwpEc1gMETyeP
+yUlQuenAy96n6WvQKPF3boMH0KkrjaPyvBDsawIPBXKlKRPL0d9XQQn7m1mqRUtb
+nVkog2XKXuDAyVDQC07dRhJZ4u/AMX+4KaJ6Y2DhQLYDuKgvHqI1JSJYd6OeSGce
+WsiwkiTS2nEz5WPgHWM1sEPsFwlWnxubou2DPzWugh1IIed68TgyShgTG0yxdz4E
+ICVqdBN6HHHTuMdyQgasxc62QhHo0FgdE3XWaNFJ15edK0aMZbfZaxv5Ab0iZYUI
+lDtrhrenYFr+/davowWJ645S95+bKagSkmPmz1G/orjh86XE93rswhw/0EbxyRSK
+CO4hkOVifdrAw6z6pTfx9OJf7hFtWBQ4wxZTRrzLtWV5qKP2GBDiaewl7R6/eoWs
+TsUNEjhry3jLjqzmTOtZz3ZwvHkCZhNekdKIHSEWEH/uZkQaHIVk20tpqqdL365s
+U2FBNC7/rJXzYbtwRzOhNmswYaKxBmnxOhoWfsCcJZVElB6qDHIQkBFSyQBhQ1ec
+M+hSsAo/3TWM7z63PJNOCPnOr/KspMHCuh6iDy4yd1FN1rGZ0DNbL8QE/9pS8zIw
+fBYi1/7oWIDeAvw5h8CW3p6o4XMCNl+WtWQBaRVkd7LDtRoLczrwRz3eR6vlvPvd
+7gEeqi5O9RIgRkLA6q+j1EwnBdIdcV+OZtmCFMk8CcTQONAFyynLqpq2zGjB/xCH
+yyORpPEHZiJJhcEmWf1eu3BJPnLL9RW8wCTlRwF2nKeYf3fRMjFQDQ5xTuuy1RxT
+uG0l9cWl970+BHoAEohewKcTBYz8s9fHqxm65eI0DW2WVWE99ilm4bhbsnkHRTNa
+uwwH6IxXeZyWH5Bh76aiulbT4qFdQ+4SxbuuGZzRTG0/UPrYe5n9/TuhNT6b6BKv
+Nutu6P3j4oPAuVObNUL7OUKMB7eDzBC4eXpnD6WuHdEAh9EtT0+/7Nzoz7yiwhS3
+v/msCT9IANXsL3kyneKOCyQhyDu90oGxu65CwutOIPZ+lt+0vgYfSpmmZgnSg5a4
+vT3a1rMQvSEntPHSg39BL6xtd7FTrnovckrp74QxNdwRlkTXVLRRaYErBEPhK7+S
+vKuEkoGfO+dPDqMVioxwEQtZJAuhJZRfZjsMorrIanK/XyBGPmXVlMubLwLNsDaq
+1w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/privkey1.pem b/tests/cert-tests/data/privkey1.pem
new file mode 100644
index 0000000..ceaf313
--- /dev/null
+++ b/tests/cert-tests/data/privkey1.pem
@@ -0,0 +1,144 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Medium (2048 bits)
+
+modulus:
+	00:99:a7:ca:d0:a7:03:91:6f:05:c7:55:d7:92:d1:
+	30:34:59:cd:15:8b:7e:17:88:70:4b:cf:fc:34:92:
+	74:b7:80:5e:68:f0:f0:de:9c:2a:18:05:6a:00:d0:
+	3a:3d:f5:e3:ea:11:97:e5:5b:02:98:35:a4:f5:26:
+	0b:af:33:6a:95:41:d0:df:38:34:dc:98:3c:b4:5a:
+	b5:f3:59:e8:f6:ac:17:f3:a4:bf:b4:c8:8a:ea:e4:
+	50:6c:1b:ed:1d:c8:ff:59:ad:d9:72:08:a8:1f:f2:
+	17:34:34:36:5b:af:c6:22:cd:c2:30:8d:7e:93:9e:
+	3b:79:a9:b7:3c:91:0d:9d:fa:1d:ee:f1:d8:c0:2c:
+	b3:cd:3d:f9:79:4b:ad:5c:2f:7d:8c:51:32:42:31:
+	f8:8e:a6:04:e8:5f:45:f7:08:a8:8c:bf:ac:46:8f:
+	b3:d4:83:ed:48:35:34:01:cf:9a:c8:e0:1c:95:9b:
+	99:75:24:91:e5:34:1a:75:9e:fc:9d:04:27:9c:7c:
+	65:53:37:32:ff:ea:03:fc:e3:7b:7c:08:80:a9:b4:
+	97:ec:85:ee:b9:81:df:93:33:e8:da:3e:4a:cf:7d:
+	e6:12:57:6e:c0:22:a9:88:29:e1:64:ad:50:4c:2b:
+	d9:7c:15:09:4d:5f:a9:06:00:db:ee:ab:a6:76:ca:
+	41:2d:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	26:4d:96:98:56:d9:e3:da:2a:35:9b:a7:86:78:d1:
+	2c:6b:aa:5d:11:8d:d8:2d:f1:d8:64:3b:79:9b:7c:
+	ae:f5:b8:13:2e:e4:cc:89:5f:50:e7:a0:9a:1d:4e:
+	37:7d:e1:57:cb:14:f3:5e:b1:91:e1:e5:82:1a:fe:
+	d4:a8:db:8b:e3:81:3e:f3:d2:f1:9e:9d:9b:53:f5:
+	81:79:4b:42:9a:79:ca:09:aa:a4:55:4d:93:ea:60:
+	45:e2:dc:44:0d:83:e2:06:1d:6b:78:ce:f8:4f:b0:
+	0b:1a:6c:e6:84:35:bf:1d:4d:a8:2e:cd:7b:dc:f8:
+	f4:86:23:20:5d:04:68:f9:ba:b4:a3:cb:f6:2f:67:
+	79:7a:59:3f:de:8c:29:5d:51:37:e7:dd:83:83:b4:
+	c6:22:c0:d7:8c:79:93:11:f7:64:33:47:73:d6:1a:
+	06:c5:d4:2c:a7:02:8c:d7:f7:8c:4b:07:8d:95:2e:
+	40:3c:52:64:31:21:85:72:91:b5:13:4d:e5:7c:e3:
+	b3:b1:b2:24:aa:e1:f3:22:fb:96:bb:7a:d5:4f:03:
+	e5:91:cd:50:01:85:52:c7:83:cf:a8:23:e5:10:0e:
+	d5:1c:20:11:e6:d3:65:43:de:b8:dc:dd:07:f6:7b:
+	a5:c2:bf:c9:6a:c4:2b:ac:03:fb:b5:48:32:3f:ff:
+	dd:
+
+prime1:
+	00:c6:f9:eb:a0:38:87:c7:3c:80:06:cd:74:8c:ce:
+	4c:04:43:11:93:88:ac:d2:9f:af:e6:3a:94:10:16:
+	c6:62:4f:4b:1f:22:56:01:33:e9:6c:9d:3c:0b:a5:
+	48:88:82:8d:c0:09:e2:cb:8c:2d:2f:74:6e:18:64:
+	5c:99:93:40:1c:aa:4a:66:9e:1c:81:ea:1f:c4:dd:
+	39:7d:5c:b1:68:9c:70:53:49:ed:51:24:76:30:32:
+	04:3f:0b:a9:59:d4:ba:73:00:a2:40:03:ad:94:6d:
+	a4:4a:e9:9c:53:06:fd:9f:b8:a3:32:89:c0:37:f3:
+	e3:65:b0:fc:ef:64:6b:98:4f:
+
+prime2:
+	00:c5:b0:de:28:b4:18:1a:82:f4:87:d8:84:bf:ef:
+	49:15:93:21:8a:f5:7c:4e:49:3a:4c:d6:7b:d3:15:
+	87:3b:08:8f:05:f8:7f:5e:57:35:2e:78:af:7d:73:
+	99:f2:91:ff:a0:67:1a:fa:ac:2c:72:e6:ce:99:86:
+	2b:e1:e4:58:84:17:fe:9c:36:70:14:71:4d:58:ee:
+	8a:2f:dd:02:1b:60:8e:09:fd:30:59:7b:cd:d0:a0:
+	66:bb:e3:2c:41:e5:5f:ee:67:9c:6f:d8:29:d8:a9:
+	c5:b9:a1:f3:33:d1:ef:89:48:de:3c:2d:6e:ef:18:
+	e9:b5:9d:53:e4:c1:ca:b3:c3:
+
+coefficient:
+	3d:2b:f1:df:96:7e:c8:b8:7f:c5:bb:8b:fe:e9:c2:
+	d6:b0:1e:7e:82:f8:22:91:e9:21:32:16:48:da:06:
+	11:49:b2:6d:4a:26:7c:87:e4:4d:9d:e1:43:9d:36:
+	e3:5e:0c:c6:e0:0c:53:09:71:92:0d:e3:9e:0a:2b:
+	06:a8:86:d3:c3:42:a8:7f:23:c1:db:a9:55:a6:a1:
+	51:3f:99:64:85:50:ac:e2:3a:fb:15:86:39:94:f5:
+	bd:5f:5b:0d:a6:cf:41:c1:f5:9a:13:e7:92:a8:71:
+	92:c7:b5:60:ce:38:9e:7b:39:ef:8a:78:ab:34:2f:
+	9d:8e:54:d8:b5:29:59:f4:
+
+exp1:
+	00:9e:46:40:b2:d3:24:d6:4b:fe:be:ea:81:52:5b:
+	eb:45:dc:9f:c7:8e:89:82:85:39:a3:56:67:5e:a0:
+	ef:2f:56:49:b8:3b:54:d4:62:19:c4:a7:12:13:65:
+	67:5c:07:15:80:73:9c:af:33:12:e2:53:a8:1b:c9:
+	01:8b:bc:00:dc:8c:6c:e0:51:d6:f5:54:69:ee:eb:
+	d6:86:2c:cc:86:1d:22:90:6e:16:d3:5b:c0:93:b7:
+	c5:7e:ec:e4:ca:2b:18:20:d0:99:3f:78:6d:83:ca:
+	ef:4c:13:a5:a0:b9:c7:d7:5c:44:9c:b7:cc:69:f5:
+	9b:a5:d1:72:71:6e:9c:d3:ab:
+
+exp2:
+	45:f2:32:68:8c:70:0a:d1:52:db:cd:cc:0a:6d:0b:
+	9a:ca:98:0f:a6:93:f8:cf:08:05:af:cd:d7:fd:c1:
+	ff:2d:24:0d:a4:c2:cc:0a:67:12:ae:38:c9:56:61:
+	9d:e5:f2:60:3a:9a:dd:1e:96:0b:81:86:8f:e3:5d:
+	1b:6b:c3:b5:d9:17:89:05:e9:da:11:cc:a0:2e:a6:
+	4e:11:10:71:c7:53:fa:4c:cf:12:9a:2f:54:25:ac:
+	b3:c5:c9:1e:f7:9d:5d:a8:e3:3c:df:6a:ce:f2:22:
+	b7:6f:89:b1:48:12:4c:ac:af:94:f3:2e:51:02:ab:
+	8e:4a:c0:28:2c:39:20:29:
+
+
+Public Key ID: C6:19:73:40:BA:1A:D2:11:75:2C:85:3D:1C:80:E0:4C:DE:75:D9:FF
+Public key's random art:
++--[ RSA 2048]----+
+|  o..o+OB+       |
+| = ..oo+*..      |
+|  + o ..o...     |
+|   . . o =  .    |
+|  . o . S    .   |
+|   . o .      E  |
+|    .            |
+|                 |
+|                 |
++-----------------+
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAmafK0KcDkW8Fx1XXktEwNFnNFYt+F4hwS8/8NJJ0t4BeaPDw
+3pwqGAVqANA6PfXj6hGX5VsCmDWk9SYLrzNqlUHQ3zg03Jg8tFq181no9qwX86S/
+tMiK6uRQbBvtHcj/Wa3ZcgioH/IXNDQ2W6/GIs3CMI1+k547eam3PJENnfod7vHY
+wCyzzT35eUutXC99jFEyQjH4jqYE6F9F9wiojL+sRo+z1IPtSDU0Ac+ayOAclZuZ
+dSSR5TQadZ78nQQnnHxlUzcy/+oD/ON7fAiAqbSX7IXuuYHfkzPo2j5Kz33mEldu
+wCKpiCnhZK1QTCvZfBUJTV+pBgDb7qumdspBLQIDAQABAoIBACZNlphW2ePaKjWb
+p4Z40Sxrql0Rjdgt8dhkO3mbfK71uBMu5MyJX1DnoJodTjd94VfLFPNesZHh5YIa
+/tSo24vjgT7z0vGenZtT9YF5S0KaecoJqqRVTZPqYEXi3EQNg+IGHWt4zvhPsAsa
+bOaENb8dTaguzXvc+PSGIyBdBGj5urSjy/YvZ3l6WT/ejCldUTfn3YODtMYiwNeM
+eZMR92QzR3PWGgbF1CynAozX94xLB42VLkA8UmQxIYVykbUTTeV847OxsiSq4fMi
++5a7etVPA+WRzVABhVLHg8+oI+UQDtUcIBHm02VD3rjc3Qf2e6XCv8lqxCusA/u1
+SDI//90CgYEAxvnroDiHxzyABs10jM5MBEMRk4is0p+v5jqUEBbGYk9LHyJWATPp
+bJ08C6VIiIKNwAniy4wtL3RuGGRcmZNAHKpKZp4cgeofxN05fVyxaJxwU0ntUSR2
+MDIEPwupWdS6cwCiQAOtlG2kSumcUwb9n7ijMonAN/PjZbD872RrmE8CgYEAxbDe
+KLQYGoL0h9iEv+9JFZMhivV8Tkk6TNZ70xWHOwiPBfh/Xlc1LnivfXOZ8pH/oGca
++qwscubOmYYr4eRYhBf+nDZwFHFNWO6KL90CG2COCf0wWXvN0KBmu+MsQeVf7mec
+b9gp2KnFuaHzM9HviUjePC1u7xjptZ1T5MHKs8MCgYEAnkZAstMk1kv+vuqBUlvr
+Rdyfx46JgoU5o1ZnXqDvL1ZJuDtU1GIZxKcSE2VnXAcVgHOcrzMS4lOoG8kBi7wA
+3Ixs4FHW9VRp7uvWhizMhh0ikG4W01vAk7fFfuzkyisYINCZP3htg8rvTBOloLnH
+11xEnLfMafWbpdFycW6c06sCgYBF8jJojHAK0VLbzcwKbQuaypgPppP4zwgFr83X
+/cH/LSQNpMLMCmcSrjjJVmGd5fJgOprdHpYLgYaP410ba8O12ReJBenaEcygLqZO
+ERBxx1P6TM8Smi9UJayzxcke951dqOM832rO8iK3b4mxSBJMrK+U8y5RAquOSsAo
+LDkgKQKBgD0r8d+Wfsi4f8W7i/7pwtawHn6C+CKR6SEyFkjaBhFJsm1KJnyH5E2d
+4UOdNuNeDMbgDFMJcZIN454KKwaohtPDQqh/I8HbqVWmoVE/mWSFUKziOvsVhjmU
+9b1fWw2mz0HB9ZoT55KocZLHtWDOOJ57Oe+KeKs0L52OVNi1KVn0
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/privkey2.pem b/tests/cert-tests/data/privkey2.pem
new file mode 100644
index 0000000..f631662
--- /dev/null
+++ b/tests/cert-tests/data/privkey2.pem
@@ -0,0 +1,69 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA7aq1v7GN60st0DPtxSCNMxToNdOGH1SS0Qs/QqC685awthuS
+Zxd5wHV+dYfCMFTFbZhqwtX6MfibOFIRbd8wHrNZdeGv8HZbr2hmoAu3VjhGhwBp
+OHfTlvKqsZ1LnUcSs33Za9vgtp5qYAyxM1z6T0Igr5xE2ieIeZhQlliNhesoCTC+
+KJXiDDbch/2oWTOG6X5gyzlx/eKskmLChkCmL7YR0yrvx6E8B/XqThumQr/rKb59
+YO79TVqcTwoGWmF+QCUsLkd6iBEZTdoeFvj7xSxMeWHF4UfQl5FhAv2lf5nvdla8
+DCrFAH+2ud5CM0Qmd3vCXl5zikHPXtCBL5o+tQIDAQABAoIBAGLGENUDUM0aKIcg
+HdBQb/5r0PoV1+cLeh0BBKCHNktoNDbrDJRl0EbpTc5AxrbZdFfRAYXJ8jp0bOYi
+TXYRTOlldmekjT9toTssM4KOe/qMVttik1hRjJFudvxsN/G8iQwp4IOQFTswaVtT
+yw1itfDctcLmOkNELNcEM3HYibC+to5hEX4z0mHLxhlDYx/tkXW+ZIb5uvdz3Uox
+13kGpy9E3RCaqZNHs4911aGpJqvUy6G12tqM7GhMD/35BpWYNkJjYhIumSQnWT9Z
+BOdVGvTtGXR9h2b+RI9+70nkLClUXZO6kkNo+x0RvrUVmzHZkXRD78DvOy/Hi6o1
+6Iug4CECgYEA+oLKngO0F+4U6JC0/of1wdfQdr5VbVYiJ9OEHmgS80X1EIv3Pdwt
+C1/REwQrDlUcmMO0ioQFLHaJ5tAYZzjGF+qgljRGp5Hr3To1RBh5/9mMJybIyaqn
+SY+P9jxW+jo4VTb5lPGrSVB4cGj0cXE+CiM794FC61quNUjoVptsR30CgYEA8t/f
+ED0LNviLbehwM4JqOSv11Sv4f8VSozKd7D80kUsu7ERbSozg9OC2cJAO6VU/eN+N
+vsnt86Q3VW23IGO9e1gzMh3TaiCr1WyHEFXxrVXS+M20oOzzmY8S2EaV62ep7bWm
+DSJhpVfqEJMF1zEhpZV+RGwCgFjUyf6VKCYaqZkCgYEA9vipDz2xeIIlJN89QU8D
+L9c300l0aTWouMDkGSIbxLEsmOKUnu0Jj5QoSGoslJW+erE+tezQOPSooeB4npMv
+YPbU2SCyo5POCC3Rw8+pv15XuWWYQJG5GWGq2WTFjy6EySZIytmzN7VY9+HRVGID
+evUfsrRCKEwfQbMeM/xItPUCgYAOiNs+i4iqR4GAmFJuorVcqobRtQnwC40Aezz8
+MGQi9c7fENAty/SCcxg38EcUK6fawfYnnsoAtKkjEafN5momgYa+zw4h4camxRHo
+JlyKNQKlJRpULxn87JUCIGdEaTXAJgjD7HTPgk1dpI7K7APJdwLRcW1M5QQG+pdO
+ick6sQKBgH2KmTLtIgnh8C9kSXOsxZNBYneHEWy8eUxJ3nXxFUS8UIQcqeb0HfVs
+V03nz8vMiEPrv4Z0R6QswSKPdByQMsyXvhkAWF48B4DqSfuWcrfd/WlfSkQHJNXu
+Vm+fogqzWlwGWs9LKy2L8epMJ40l5Q4oGeNvBkQYLjYw/QzKs2wK
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/privkey3.pem b/tests/cert-tests/data/privkey3.pem
new file mode 100644
index 0000000..8b49731
--- /dev/null
+++ b/tests/cert-tests/data/privkey3.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEIQDRXYZ6JSa6PL5yDcWzPjH1dxSPTfUrIUXDFqnuPR338KAKBggqhkjO
+PQMBB6FEA0IABLLraqbL3LexfQFoHdW5CQsthbX66pTSklhvjhISpPauH1RPH48f
+49mwiCt59WPSeuUr+PhPBG9ZKQ9z9iz4rJw=
+-----END EC PRIVATE KEY-----
diff --git a/tests/cert-tests/data/provable-dsa2048-fips.pem b/tests/cert-tests/data/provable-dsa2048-fips.pem
new file mode 100644
index 0000000..88d86e0
--- /dev/null
+++ b/tests/cert-tests/data/provable-dsa2048-fips.pem
@@ -0,0 +1,96 @@
+Public Key Info:
+	Public Key Algorithm: DSA
+	Key Security Level: Medium (2048 bits)
+
+private key:
+	67:eb:a2:a2:24:90:88:85:6f:f5:43:f2:fe:bd:ba:eb
+	cd:4d:93:56:ee:b6:a6:d8:09:1b:67:24:
+
+public key:
+	5e:2c:7f:8b:9e:77:c2:e4:c9:48:e2:ec:82:18:d5:a3
+	2b:51:0c:09:c5:13:d6:71:e6:06:ad:e6:fb:a5:8b:62
+	ff:fd:32:b5:cc:10:06:16:f5:c2:14:be:76:0d:85:55
+	4b:6a:76:54:de:02:7f:3c:1a:6f:a3:e7:12:f2:a4:97
+	24:12:ca:f0:92:6d:ba:90:cf:ea:3a:12:e4:f9:d9:83
+	22:6d:b0:3d:97:83:c8:62:94:98:53:64:d0:1a:42:0e
+	e6:3d:01:2f:88:88:5f:38:b5:f3:25:89:c8:77:af:72
+	bb:08:b4:6d:83:d4:4a:ff:69:f8:f8:07:50:5e:1a:45
+	e2:2e:d5:24:bf:a5:78:f7:aa:ea:05:9d:26:ea:58:0e
+	8e:de:85:4d:4f:fe:c4:ef:de:c8:13:66:4b:75:29:ee
+	9c:9c:70:6c:cc:78:d2:14:c1:32:65:1a:3c:a7:39:f3
+	e0:b3:54:0e:a6:96:16:db:a2:6b:de:fe:8c:2b:2c:ab
+	4d:25:95:02:56:72:6d:56:d4:7b:47:a8:cf:ba:ab:46
+	39:6d:2c:c7:a3:22:0b:64:0e:5a:45:39:96:50:7a:23
+	6e:f2:29:4e:45:bb:b1:af:62:65:7c:17:23:03:4e:6b
+	e1:b7:47:1d:89:97:04:47:8a:8c:f7:70:bf:51:1e:f0
+	
+
+p:
+	00:fa:04:df:21:b6:be:54:81:1b:4f:2f:af:32:d0:71
+	6b:ed:51:b7:29:93:fe:00:0f:7f:32:41:7f:1b:99:fa
+	34:a5:99:f8:42:d3:37:d5:be:77:a7:2a:f8:64:ce:a6
+	39:f8:25:8b:2d:0b:0b:4d:7e:c4:4d:f8:4d:60:64:c7
+	ef:cc:4f:1f:13:7a:b7:d5:22:e2:57:55:41:b6:4d:67
+	8f:7f:f5:5a:cb:9e:90:c7:2c:e0:43:1d:99:8d:38:7b
+	35:6d:a7:f1:3c:12:e6:13:13:31:55:da:ed:2a:51:52
+	58:54:be:30:e7:dd:8f:4c:ec:fd:28:af:fa:08:c9:98
+	73:be:14:ce:21:3e:59:7a:76:4e:29:6f:95:92:2a:c1
+	d1:a1:b8:bb:b6:71:d1:2d:df:d0:95:4d:45:26:ed:88
+	ed:aa:ea:fd:2a:83:23:93:b0:87:53:28:8b:03:cf:4d
+	0c:ae:e9:94:22:be:8a:89:86:e6:91:e4:cb:5a:fa:5e
+	0b:b8:f6:0e:fa:33:21:21:91:91:7c:b8:f5:67:15:ac
+	aa:ef:20:82:ef:7f:3b:91:77:9a:af:0b:67:6c:eb:31
+	72:2a:63:77:0c:b7:ea:97:78:c7:ae:d5:2d:50:6d:d3
+	c6:94:a4:c3:64:f8:14:9e:a8:97:a8:87:57:9c:6a:68
+	1f:
+
+q:
+	00:a6:6a:4d:bd:0f:a8:f4:c9:d3:2b:01:d5:df:1d:bd
+	1e:a2:9d:be:d2:6b:9a:92:32:86:02:ae:29:
+
+g:
+	00:d4:69:08:73:de:0a:a4:de:34:43:c6:95:30:bc:cb
+	1b:20:b8:9c:40:db:d3:c7:35:ff:3b:ff:27:2e:bd:87
+	bb:86:c1:ed:24:da:e5:fb:8d:88:a2:12:ad:e0:09:29
+	c3:be:f0:58:79:01:9b:b3:fb:43:4f:66:18:a8:93:cf
+	d8:3c:4e:8a:b2:26:a0:8c:ab:d7:df:17:32:8b:c6:be
+	11:9f:64:99:a2:28:3b:4e:c8:02:e9:c7:17:e2:da:01
+	7d:78:09:9c:64:80:67:44:b0:14:5b:2f:20:39:e3:6d
+	2d:a9:3a:c7:c3:f1:1c:3c:8c:8f:1e:5b:06:cf:c0:27
+	a0:09:3e:36:2d:6a:d0:3b:52:3c:bc:42:4d:71:6c:18
+	56:8f:ce:0d:88:ba:50:84:60:39:67:37:a4:0e:35:0e
+	28:77:fa:04:77:1d:42:b8:8a:b2:fe:26:36:21:fc:24
+	b9:50:78:9e:db:3b:1b:20:ca:09:7e:7b:71:95:8a:ff
+	99:dd:cb:3c:c7:77:85:38:bb:2b:55:22:14:74:b7:95
+	8b:a0:b9:33:99:41:c8:74:8d:36:25:d3:18:33:bd:9e
+	7c:ca:73:d2:bd:af:1e:34:87:3c:b7:31:b0:ec:67:42
+	5f:a6:5a:a1:19:c9:02:c8:74:78:8b:4d:a8:d8:b3:a1
+	15:
+
+Validation parameters:
+	Hash: SHA384
+	Seed: 30ec334f97dbc0ba9c8652a7b5d3f7b2dbbb48a4842e190d210e01dabd535981503755ee96a270a598e9d91b2254669169ebdf4599d9f72aca
+
+Public Key PIN:
+	pin-sha256:kWjJ51vBhVP3rLC/xzEjlOv0GY3HjyC2OalIyP51nBg=
+Public Key ID:
+	sha256:9168c9e75bc18553f7acb0bfc7312394ebf4198dc78f20b639a948c8fe759c18
+	sha1:5a7c13cca977f7aa4c4b45bde5dc4888ef96daf8
+
+-----BEGIN PRIVATE KEY-----
+MIICtwIBADCCAjYGByqGSM44BAEwggIpAoIBAQD6BN8htr5UgRtPL68y0HFr7VG3
+KZP+AA9/MkF/G5n6NKWZ+ELTN9W+d6cq+GTOpjn4JYstCwtNfsRN+E1gZMfvzE8f
+E3q31SLiV1VBtk1nj3/1WsuekMcs4EMdmY04ezVtp/E8EuYTEzFV2u0qUVJYVL4w
+592PTOz9KK/6CMmYc74UziE+WXp2TilvlZIqwdGhuLu2cdEt39CVTUUm7Yjtqur9
+KoMjk7CHUyiLA89NDK7plCK+iomG5pHky1r6Xgu49g76MyEhkZF8uPVnFayq7yCC
+7387kXearwtnbOsxcipjdwy36pd4x67VLVBt08aUpMNk+BSeqJeoh1ecamgfAh0A
+pmpNvQ+o9MnTKwHV3x29HqKdvtJrmpIyhgKuKQKCAQEA1GkIc94KpN40Q8aVMLzL
+GyC4nEDb08c1/zv/Jy69h7uGwe0k2uX7jYiiEq3gCSnDvvBYeQGbs/tDT2YYqJPP
+2DxOirImoIyr198XMovGvhGfZJmiKDtOyALpxxfi2gF9eAmcZIBnRLAUWy8gOeNt
+Lak6x8PxHDyMjx5bBs/AJ6AJPjYtatA7Ujy8Qk1xbBhWj84NiLpQhGA5ZzekDjUO
+KHf6BHcdQriKsv4mNiH8JLlQeJ7bOxsgygl+e3GViv+Z3cs8x3eFOLsrVSIUdLeV
+i6C5M5lByHSNNiXTGDO9nnzKc9K9rx40hzy3MbDsZ0JfplqhGckCyHR4i02o2LOh
+FQQeAhxn66KiJJCIhW/1Q/L+vbrrzU2TVu62ptgJG2ckoFgwVgYKKwYBBAGSCBII
+ATFIMEYGCWCGSAFlAwQCAgQ5MOwzT5fbwLqchlKntdP3stu7SKSELhkNIQ4B2r1T
+WYFQN1XulqJwpZjp2RsiVGaRaevfRZnZ9yrK
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/provable-dsa2048.pem b/tests/cert-tests/data/provable-dsa2048.pem
new file mode 100644
index 0000000..8afbc73
--- /dev/null
+++ b/tests/cert-tests/data/provable-dsa2048.pem
@@ -0,0 +1,98 @@
+Public Key Info:
+	Public Key Algorithm: DSA
+	Key Security Level: Medium (2048 bits)
+
+private key:
+	10:5e:56:a9:c7:6b:39:eb:74:09:e3:25:82:d1:52:4b
+	02:e1:a4:66:8f:31:01:12:40:d8:a5:8c:bb:45:81:ec
+	
+
+public key:
+	35:be:c5:6b:c1:d4:6b:84:d0:e5:1b:cb:96:24:66:de
+	75:d5:1d:b7:9f:4c:99:5c:69:94:85:1c:f5:ad:35:26
+	c0:b6:54:f5:6f:74:8a:40:6b:15:13:90:e6:20:30:62
+	c7:6e:76:95:fa:4c:f6:0f:09:28:14:6f:46:17:6f:c1
+	57:45:6d:96:d6:db:6b:6f:e0:08:c7:4c:73:d2:95:41
+	f1:16:7b:76:b7:ff:74:43:7a:b4:17:d2:69:ed:d0:17
+	a2:7d:94:a4:80:76:90:a8:16:7c:78:2a:bf:0d:ab:94
+	40:5d:c9:5a:00:e0:7b:5d:c8:0d:85:2d:5b:db:8b:66
+	8d:d0:76:15:c7:86:ec:4b:8c:38:2b:4d:5a:6f:af:39
+	24:fe:ea:6b:05:e6:bb:03:89:59:c6:0a:c8:65:05:80
+	d8:18:f7:ca:86:45:4a:96:e3:65:fd:5c:f2:33:18:75
+	e6:14:93:71:e2:71:8b:7a:4f:84:96:18:79:97:48:f4
+	a1:b7:28:4f:70:9d:46:23:34:c0:2c:91:f2:6f:26:e0
+	5a:a5:a8:9c:07:98:73:9d:52:fb:2b:fe:36:03:21:d1
+	49:54:5b:ca:74:77:75:76:e2:51:a9:f5:d8:07:33:ab
+	cb:17:e1:af:10:9f:d6:19:8b:60:86:a2:81:17:08:a4
+	
+
+p:
+	00:d5:14:73:3a:54:d9:a7:56:d8:b3:75:79:3c:ea:7b
+	1a:eb:23:53:6e:1e:50:64:21:34:13:84:ca:2d:dd:4c
+	38:c9:72:a4:99:2d:79:eb:06:59:a8:ab:9b:c2:f4:ba
+	be:51:8f:53:e0:d3:42:f7:5f:19:b8:c8:bb:4c:53:d3
+	02:95:ee:84:c5:e9:b4:0d:93:ff:26:01:d9:61:de:a6
+	28:1c:b8:3c:57:2b:9a:4b:a1:ff:5f:d4:b1:f4:e7:90
+	6c:43:b8:43:ad:3a:c8:7d:59:35:9c:8f:1b:fd:7a:17
+	50:6f:67:6c:46:63:f4:c8:e5:86:28:d6:1b:88:45:aa
+	01:e5:5c:23:19:89:58:d4:f8:03:e5:eb:b0:4d:0f:71
+	81:53:69:40:d3:0a:79:02:5e:76:6e:52:c6:5b:b8:9e
+	f8:23:d1:2a:68:b0:ad:c5:47:50:d8:2a:e8:73:0f:63
+	0c:d0:67:8c:ba:5a:9a:98:5e:96:79:e5:2a:d6:f0:76
+	04:66:55:0f:ee:2d:2d:a7:04:5c:0b:b8:ef:05:a4:c0
+	a8:c3:5d:cd:32:07:ca:ca:1b:2e:6f:8b:da:e6:c6:11
+	33:cf:8a:62:15:51:05:4e:3e:63:1f:71:b7:fb:1e:b3
+	b9:62:3a:dd:15:2a:ba:26:d4:db:e1:f4:d7:90:00:60
+	b7:
+
+q:
+	00:bc:8b:63:e3:5f:ba:ee:3d:24:fa:2f:d9:a1:a7:68
+	32:b2:38:b2:4b:8e:72:09:12:ec:1e:f3:8b:ef:d7:9a
+	df:
+
+g:
+	22:15:6d:4f:b4:54:cb:17:dc:96:ce:4b:34:8d:86:40
+	0c:f5:42:46:7d:5a:2d:68:6a:5d:ca:86:42:de:32:23
+	89:0a:cf:e4:3b:c2:7a:48:77:19:55:88:a1:bd:7b:cb
+	94:3e:44:67:c8:4c:cb:d3:94:d0:ab:f2:b0:2a:e5:60
+	c5:de:fd:b6:68:3d:9c:82:e9:31:11:64:dc:ca:4f:82
+	e8:bc:d9:06:8f:ad:0d:cd:4a:79:b6:02:ea:9b:3e:ad
+	e5:50:7f:e2:d8:0d:ae:3a:c9:09:ca:d1:27:5e:fe:f6
+	33:bb:a1:fb:ba:af:a6:74:56:da:b3:b6:54:38:7d:49
+	82:b0:5d:c8:3a:3a:3f:0f:a8:a9:14:3f:90:da:a7:5c
+	5f:d0:a7:d1:e6:5f:d3:66:19:f1:6b:be:a4:f2:eb:43
+	84:d3:1a:a6:b4:f2:d6:b6:75:a9:dd:21:c5:93:38:09
+	45:d6:4e:30:96:1d:34:d2:55:a7:56:db:3c:94:4a:1e
+	40:e9:4d:b9:45:ce:84:af:e4:92:a8:24:64:56:93:e7
+	7c:37:2c:45:9d:9e:d8:01:da:51:df:dd:60:06:ce:ce
+	78:32:62:c7:22:7b:a5:fb:6f:26:53:bf:d3:ea:6b:25
+	3c:7d:cc:90:2c:7e:a6:51:56:b0:4b:de:57:9c:02:54
+	
+
+Validation parameters:
+	Hash: SHA384
+	Seed: 843121bd89535ee86946d58d246d47a58d1576a8351b4223e1cff369a1266d2b24b0729d7ca56787fde2e3de19b9f2e721ac698a29617732e7756f5ae4580be179
+
+Public Key PIN:
+	pin-sha256:fLWrcO5hPl/jfeKIZJ/+4PaSiFR98j6ayUISi6bmNIA=
+Public Key ID:
+	sha256:7cb5ab70ee613e5fe37de288649ffee0f69288547df23e9ac942128ba6e63480
+	sha1:fa90c4182b6ce9742fa7f5a2394415fd0198e72d
+
+-----BEGIN PRIVATE KEY-----
+MIICxgIBADCCAjkGByqGSM44BAEwggIsAoIBAQDVFHM6VNmnVtizdXk86nsa6yNT
+bh5QZCE0E4TKLd1MOMlypJkteesGWairm8L0ur5Rj1Pg00L3Xxm4yLtMU9MCle6E
+xem0DZP/JgHZYd6mKBy4PFcrmkuh/1/UsfTnkGxDuEOtOsh9WTWcjxv9ehdQb2ds
+RmP0yOWGKNYbiEWqAeVcIxmJWNT4A+XrsE0PcYFTaUDTCnkCXnZuUsZbuJ74I9Eq
+aLCtxUdQ2Crocw9jDNBnjLpamphelnnlKtbwdgRmVQ/uLS2nBFwLuO8FpMCow13N
+MgfKyhsub4va5sYRM8+KYhVRBU4+Yx9xt/ses7liOt0VKrom1Nvh9NeQAGC3AiEA
+vItj41+67j0k+i/ZoadoMrI4skuOcgkS7B7zi+/Xmt8CggEAIhVtT7RUyxfcls5L
+NI2GQAz1QkZ9Wi1oal3KhkLeMiOJCs/kO8J6SHcZVYihvXvLlD5EZ8hMy9OU0Kvy
+sCrlYMXe/bZoPZyC6TERZNzKT4LovNkGj60NzUp5tgLqmz6t5VB/4tgNrjrJCcrR
+J17+9jO7ofu6r6Z0VtqztlQ4fUmCsF3IOjo/D6ipFD+Q2qdcX9Cn0eZf02YZ8Wu+
+pPLrQ4TTGqa08ta2dandIcWTOAlF1k4wlh000lWnVts8lEoeQOlNuUXOhK/kkqgk
+ZFaT53w3LEWdntgB2lHf3WAGzs54MmLHInul+28mU7/T6mslPH3MkCx+plFWsEve
+V5wCVAQiAiAQXlapx2s563QJ4yWC0VJLAuGkZo8xARJA2KWMu0WB7KBgMF4GCisG
+AQQBkggSCAExUDBOBglghkgBZQMEAgIEQYQxIb2JU17oaUbVjSRtR6WNFXaoNRtC
+I+HP82mhJm0rJLBynXylZ4f94uPeGbny5yGsaYopYXcy53VvWuRYC+F5
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/provable2048.pem b/tests/cert-tests/data/provable2048.pem
new file mode 100644
index 0000000..6112e0e
--- /dev/null
+++ b/tests/cert-tests/data/provable2048.pem
@@ -0,0 +1,139 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Medium (2048 bits)
+
+modulus:
+	00:f1:4a:82:ce:1c:c0:3e:58:10:f9:85:ec:d6:6d:6c
+	d5:2f:d4:2d:29:ea:f4:96:55:4f:ad:e2:99:fc:e3:53
+	ec:d3:56:f6:8b:d3:03:1a:e9:c0:22:75:0c:7a:29:21
+	99:34:34:71:cc:6b:4d:a3:60:6b:65:36:6e:85:7f:3b
+	e8:eb:43:ca:08:7e:f3:42:38:2d:1f:c4:5b:3e:36:5b
+	ac:2f:03:aa:49:85:6d:f7:15:73:e0:9a:f8:f3:af:14
+	ea:9d:1a:fe:6c:ef:77:e9:cc:e7:98:ca:2d:c1:1c:27
+	58:0f:51:05:06:8f:17:86:fe:9b:86:ba:2a:bf:57:88
+	73:5b:70:f6:d2:30:2d:7b:26:a2:04:55:9f:9a:2f:fd
+	bf:18:fd:4c:1a:d3:35:78:25:16:1f:f9:cd:0a:7c:b0
+	1a:e5:97:c8:c2:9f:33:50:fa:52:2e:5a:97:05:b3:fe
+	07:9d:09:01:4f:0d:6e:16:0b:5b:c5:7f:7a:b8:8a:ec
+	ad:dd:74:fe:05:db:14:85:8d:de:10:85:c2:c6:fe:ce
+	b7:17:a3:7c:6e:cd:a6:88:d5:67:9c:4c:fb:fc:d5:06
+	20:30:16:87:c3:d6:0b:89:94:0e:6d:7d:eb:a8:a5:a0
+	95:40:fa:3b:68:37:b2:c4:fa:41:d1:2f:ee:81:87:fc
+	57:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	2a:01:4f:ae:34:01:1f:99:53:33:2d:26:62:d9:df:d5
+	69:23:25:cd:a3:52:7b:0d:54:f6:af:79:21:36:2d:f9
+	0f:7d:97:24:16:52:f7:0f:74:5c:4b:46:25:ca:1d:48
+	3f:77:55:cc:41:6d:dd:a0:3e:71:fb:3c:d8:4e:a3:0e
+	54:4e:93:d0:50:d1:66:58:c3:3a:41:83:a4:db:ef:af
+	94:eb:ad:6c:69:27:10:99:92:77:aa:62:e6:81:37:41
+	f4:a1:ab:63:29:79:15:a1:8f:3b:e1:0e:80:0c:b7:a8
+	b3:d9:e5:e7:13:68:04:1f:34:d2:0a:7c:c0:9c:ab:6b
+	1b:15:f7:42:78:96:86:7e:be:0e:8e:9d:f3:c5:f3:61
+	5a:cf:3c:bd:ca:18:fe:d7:0d:eb:91:67:b3:1e:ac:3f
+	81:1e:a7:0c:07:a8:73:3f:91:b2:ae:1f:56:a0:51:e1
+	f9:da:99:26:62:81:50:5b:26:d9:b3:65:2e:f2:c8:d3
+	89:a2:0a:3c:56:be:40:ce:1a:1f:f9:1d:ad:a8:b4:56
+	3c:c9:3d:29:5c:3f:15:b1:89:5a:19:32:80:c0:72:80
+	23:34:85:96:54:36:da:cb:bc:41:7f:9f:f3:a5:ff:00
+	a4:1b:b7:01:53:9c:09:a3:c1:c5:c4:6e:9f:22:fc:79
+	
+
+prime1:
+	00:fd:84:14:7c:60:b7:ca:50:79:3d:08:2f:51:98:85
+	0e:3d:2f:ee:72:aa:40:cd:93:9e:be:0e:3d:17:e2:d7
+	cb:46:bf:1b:f0:80:01:57:68:72:9d:83:77:90:65:f5
+	fa:c6:78:ec:66:9c:53:ed:cd:8a:c7:bd:c2:ce:f7:cc
+	b0:02:34:74:f1:53:76:b0:99:d0:0f:ec:d6:f7:a0:f6
+	de:78:d0:c6:8f:b7:0b:8b:42:2e:5d:71:ee:ec:d1:ad
+	71:c8:2b:c8:43:ad:9d:78:ef:94:b9:42:03:98:5b:b6
+	f8:60:6e:05:58:b3:93:5f:56:ea:30:dc:04:f4:6e:7b
+	bd:
+
+prime2:
+	00:f3:a7:c4:19:d0:3e:c2:77:97:64:ab:a5:68:b4:08
+	38:fc:ff:6f:a1:23:ef:31:55:11:46:11:18:84:c1:aa
+	37:f0:90:48:f4:58:d9:e7:fa:47:cf:22:28:14:89:19
+	b3:da:6e:89:40:68:7e:19:de:d4:73:37:63:5b:50:d8
+	cf:49:52:71:bc:58:e2:ee:0d:d0:c9:e3:16:83:f1:43
+	81:cd:a9:f0:e4:bb:cf:40:3f:86:fa:fd:52:cd:64:fe
+	26:cb:70:65:5e:6a:3c:db:78:fd:13:65:e6:b0:52:1c
+	43:b4:50:46:8d:4a:c8:c7:73:a6:c1:3d:88:50:0d:af
+	a3:
+
+coefficient:
+	1c:c0:b5:70:f2:dd:1e:0b:43:c7:d7:50:00:af:88:e3
+	de:19:43:37:fc:f1:42:f4:4c:74:af:d5:01:fd:26:d1
+	d4:c3:dc:a7:0f:f5:60:cb:c4:cb:66:43:f2:d1:45:3e
+	4f:ff:9d:7a:51:43:14:1f:6c:84:41:81:2b:2d:90:a1
+	14:e4:10:2b:d7:1d:e6:b0:88:5e:d7:3d:33:9d:59:52
+	32:90:87:92:a1:da:97:8f:b9:50:c3:86:5e:0a:8b:91
+	1c:eb:42:76:25:9b:ff:ad:cf:e5:76:03:e4:f2:89:8d
+	76:b3:a4:20:53:53:4a:cf:ff:0f:6e:5a:5d:b1:ee:2d
+	
+
+exp1:
+	31:f8:74:e9:47:4f:32:eb:c5:da:07:e0:fb:de:6a:6b
+	b2:17:de:92:6f:88:b2:7c:e4:8f:65:d3:19:00:37:b4
+	f3:ce:fb:bc:de:1e:65:92:4a:f5:4d:52:a5:fd:d3:0c
+	89:4e:90:9a:71:3a:01:e7:bf:f1:3b:30:49:07:83:2b
+	36:64:0c:a0:fc:e8:aa:4a:c7:3e:3c:5a:eb:18:a9:50
+	94:d3:e2:2f:b5:ce:ea:b6:32:d9:6c:79:c1:e8:5a:9d
+	d0:ed:00:5e:86:bc:41:78:48:02:74:46:ad:23:76:df
+	62:72:8d:4f:3c:a6:51:e6:99:e6:e3:97:7e:6e:c0:a9
+	
+
+exp2:
+	68:2b:7a:b0:9a:92:aa:6b:9c:c3:42:8b:46:57:6a:08
+	8b:49:dd:fc:e3:b3:18:c1:48:d0:4e:f0:cf:99:48:df
+	ff:ae:80:32:4f:66:62:42:63:bf:0f:d8:58:e7:40:a0
+	df:2b:50:ec:c3:7f:de:29:a1:64:dc:f2:52:91:1f:10
+	88:45:82:30:c7:43:c6:09:0c:11:b4:4f:e4:fb:1a:24
+	7d:bc:41:2c:59:8b:42:e9:a6:18:da:83:33:23:11:71
+	9e:9a:a0:0c:1c:99:86:2f:94:eb:5d:2e:a2:85:88:65
+	fd:ca:30:4f:aa:00:6b:1d:6b:d6:c4:2a:ea:26:df:c7
+	
+
+Validation parameters:
+	Hash: SHA384
+	Seed: ab499ea55a5f4cb743434e49ca1ee3a491544309c6f59ab2cd5507de
+
+Public Key PIN:
+	pin-sha256:QD8w4AeBI6O70FX12nxzxcwPapbWFbsUEOI8NgrvR5U=
+Public Key ID:
+	sha256:403f30e0078123a3bbd055f5da7c73c5cc0f6a96d615bb1410e23c360aef4795
+	sha1:f7a841f2261e6c90c5fcfe64cc46688cb9b52b4c
+
+-----BEGIN PRIVATE KEY-----
+MIIE+QIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDxSoLOHMA+WBD5
+hezWbWzVL9QtKer0llVPreKZ/ONT7NNW9ovTAxrpwCJ1DHopIZk0NHHMa02jYGtl
+Nm6Ffzvo60PKCH7zQjgtH8RbPjZbrC8DqkmFbfcVc+Ca+POvFOqdGv5s73fpzOeY
+yi3BHCdYD1EFBo8Xhv6bhroqv1eIc1tw9tIwLXsmogRVn5ov/b8Y/Uwa0zV4JRYf
++c0KfLAa5ZfIwp8zUPpSLlqXBbP+B50JAU8NbhYLW8V/eriK7K3ddP4F2xSFjd4Q
+hcLG/s63F6N8bs2miNVnnEz7/NUGIDAWh8PWC4mUDm1966iloJVA+jtoN7LE+kHR
+L+6Bh/xXAgMBAAECggEAKgFPrjQBH5lTMy0mYtnf1WkjJc2jUnsNVPaveSE2LfkP
+fZckFlL3D3RcS0Ylyh1IP3dVzEFt3aA+cfs82E6jDlROk9BQ0WZYwzpBg6Tb76+U
+661saScQmZJ3qmLmgTdB9KGrYyl5FaGPO+EOgAy3qLPZ5ecTaAQfNNIKfMCcq2sb
+FfdCeJaGfr4Ojp3zxfNhWs88vcoY/tcN65Fnsx6sP4EepwwHqHM/kbKuH1agUeH5
+2pkmYoFQWybZs2Uu8sjTiaIKPFa+QM4aH/kdrai0VjzJPSlcPxWxiVoZMoDAcoAj
+NIWWVDbay7xBf5/zpf8ApBu3AVOcCaPBxcRunyL8eQKBgQD9hBR8YLfKUHk9CC9R
+mIUOPS/ucqpAzZOevg49F+LXy0a/G/CAAVdocp2Dd5Bl9frGeOxmnFPtzYrHvcLO
+98ywAjR08VN2sJnQD+zW96D23njQxo+3C4tCLl1x7uzRrXHIK8hDrZ1475S5QgOY
+W7b4YG4FWLOTX1bqMNwE9G57vQKBgQDzp8QZ0D7Cd5dkq6VotAg4/P9voSPvMVUR
+RhEYhMGqN/CQSPRY2ef6R88iKBSJGbPabolAaH4Z3tRzN2NbUNjPSVJxvFji7g3Q
+yeMWg/FDgc2p8OS7z0A/hvr9Us1k/ibLcGVeajzbeP0TZeawUhxDtFBGjUrIx3Om
+wT2IUA2vowKBgDH4dOlHTzLrxdoH4PveamuyF96Sb4iyfOSPZdMZADe08877vN4e
+ZZJK9U1Spf3TDIlOkJpxOgHnv/E7MEkHgys2ZAyg/OiqSsc+PFrrGKlQlNPiL7XO
+6rYy2Wx5wehandDtAF6GvEF4SAJ0Rq0jdt9ico1PPKZR5pnm45d+bsCpAoGAaCt6
+sJqSqmucw0KLRldqCItJ3fzjsxjBSNBO8M+ZSN//roAyT2ZiQmO/D9hY50Cg3ytQ
+7MN/3imhZNzyUpEfEIhFgjDHQ8YJDBG0T+T7GiR9vEEsWYtC6aYY2oMzIxFxnpqg
+DByZhi+U610uooWIZf3KME+qAGsda9bEKuom38cCgYAcwLVw8t0eC0PH11AAr4jj
+3hlDN/zxQvRMdK/VAf0m0dTD3KcP9WDLxMtmQ/LRRT5P/516UUMUH2yEQYErLZCh
+FOQQK9cd5rCIXtc9M51ZUjKQh5Kh2pePuVDDhl4Ki5Ec60J2JZv/rc/ldgPk8omN
+drOkIFNTSs//D25aXbHuLaA7MDkGCisGAQQBkggSCAExKzApBglghkgBZQMEAgIE
+HKtJnqVaX0y3Q0NOScoe46SRVEMJxvWass1VB94=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/provable3072.pem b/tests/cert-tests/data/provable3072.pem
new file mode 100644
index 0000000..ba5f842
--- /dev/null
+++ b/tests/cert-tests/data/provable3072.pem
@@ -0,0 +1,187 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: High (3072 bits)
+
+modulus:
+	00:a2:d8:85:be:b8:5f:3e:53:ac:5c:56:ac:35:d3:cf
+	0e:a0:75:84:e0:89:9d:af:41:34:d0:26:97:6d:df:14
+	1f:0d:90:8a:ec:3d:02:a3:3a:de:fe:ac:ff:af:c4:d3
+	01:fb:e9:2f:22:f6:e6:89:5e:2a:45:02:af:52:fb:f9
+	05:66:56:f5:d6:3d:aa:e5:de:b5:11:85:b9:f8:65:7d
+	e4:91:b0:4b:69:66:88:df:24:11:b0:6c:44:b4:73:8d
+	fe:91:b5:e6:98:44:36:1c:0a:f4:52:c9:0f:cc:39:9b
+	eb:57:26:43:7f:e7:7e:e5:6e:4c:86:68:9d:66:43:0c
+	4d:d4:9c:dd:79:80:fa:ce:09:43:fa:ac:da:1c:c9:18
+	87:1f:68:2a:0a:d3:be:5a:9f:31:32:30:54:69:16:07
+	11:c5:0c:5a:2b:d5:33:66:b8:b1:23:06:79:56:34:18
+	54:02:6a:85:57:66:1c:bf:cd:ee:d3:dc:bf:5e:d8:fb
+	87:b6:4b:00:04:90:c2:8f:1e:f3:fb:0f:5b:af:0e:17
+	de:ad:3a:30:50:c1:c4:87:11:45:20:f3:de:27:b8:dd
+	90:ee:e0:8f:1e:c6:ba:58:b5:61:37:dc:83:26:d0:0a
+	1b:64:fe:1f:f9:df:e7:c4:ef:08:3e:df:03:22:94:77
+	be:3a:d1:49:ef:e5:3a:b7:a9:87:33:4e:63:b1:51:bc
+	8a:5f:75:63:51:8c:6b:98:06:b8:19:1e:9e:58:5f:d9
+	81:5b:39:4d:27:3f:c1:5d:43:ed:ac:29:c1:5e:34:98
+	55:aa:8c:cf:d0:e0:60:97:26:af:a8:91:c8:d9:f1:54
+	bb:05:b3:22:31:57:22:53:e8:d2:15:9f:17:f9:f6:2b
+	7b:ea:74:a9:5f:c6:08:79:7e:fc:d5:bf:d2:8c:dd:da
+	90:2c:c8:ec:3d:c1:cd:56:52:28:3d:2d:26:6c:8c:44
+	57:7c:b8:13:b3:d3:7b:90:ee:05:8b:a3:db:ea:5b:8f
+	8b:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	0f:98:86:02:94:7c:c6:a6:d3:d0:8a:1a:77:13:40:76
+	c9:a6:47:a2:0b:7b:f7:0f:5b:23:fe:36:2d:77:1a:61
+	b8:f6:59:5f:b3:9e:1f:8c:e1:53:69:b5:19:1b:d4:0b
+	92:19:2c:83:00:3b:66:f7:86:3b:d2:bc:80:c9:91:f9
+	52:ea:4c:24:07:06:e9:79:f1:44:6a:d6:bb:33:d9:21
+	3d:54:b1:7c:38:2e:2e:94:b1:3f:00:b7:79:c2:c1:5c
+	1a:8f:5d:b4:c2:7f:9e:22:ec:70:4b:42:40:90:59:de
+	e9:9b:48:06:a5:60:91:4f:85:73:af:ec:37:21:7f:b9
+	aa:7d:95:76:70:04:55:1c:2d:0f:02:63:e7:32:d9:2f
+	03:b2:81:a8:44:cc:2b:b8:a8:49:02:b8:ea:d1:89:be
+	c9:6c:db:eb:eb:c0:be:fb:3c:37:bb:04:7e:dd:81:60
+	f6:54:46:4d:ef:01:1c:db:77:9e:81:bb:30:35:be:ad
+	02:eb:16:a2:03:8d:35:aa:29:99:87:52:54:40:45:98
+	47:1d:0f:17:38:3e:1b:c0:1c:be:0d:9a:64:e9:f5:f5
+	5a:29:17:a4:78:f3:95:15:74:8a:ee:ba:54:3a:96:58
+	df:cb:80:49:50:68:de:b4:89:c0:b6:5d:4b:46:a9:e1
+	9c:63:8b:e6:23:54:ea:6a:5b:ec:fa:a1:6f:d2:99:fe
+	ef:2c:ae:d8:24:48:4f:51:a7:5d:7b:69:bf:7e:7d:50
+	3a:a1:49:a2:42:f3:76:37:56:f1:95:f7:7d:9c:eb:87
+	40:c8:30:80:c8:6f:ef:2b:0b:b4:e1:c0:01:f5:15:62
+	16:22:11:65:13:6d:11:69:20:8d:34:18:b5:ea:4e:02
+	77:38:8f:67:53:1c:71:51:4b:40:cf:0c:57:44:1a:01
+	26:ef:c6:0a:1c:b8:5d:d0:64:8a:ef:fd:17:58:dc:fc
+	9f:6e:c1:10:64:00:b8:68:2b:2d:68:65:88:fd:5e:7d
+	
+
+prime1:
+	00:bc:48:70:5f:8f:f1:16:7b:21:1f:da:8f:49:c8:10
+	46:01:fc:fb:bc:52:ff:8e:73:23:02:78:01:6d:25:7c
+	ec:20:2f:e0:78:e0:a1:84:3c:1a:44:f7:ef:9d:1a:95
+	90:4a:04:70:ca:28:b5:87:67:19:d3:ed:83:00:ba:7b
+	0b:0c:bb:8a:08:d5:63:66:0b:30:a8:fa:c4:76:ba:91
+	60:9c:fa:3e:c1:ab:50:00:06:65:f6:e9:b0:de:a6:81
+	b5:3d:57:d3:13:ff:7b:e6:5e:6b:da:3d:de:09:3d:3f
+	7d:ac:2a:31:9e:5e:57:c5:25:e4:c2:76:a8:b9:90:25
+	38:d8:de:ad:e8:d9:82:97:c5:fd:cf:15:7a:9d:70:23
+	ac:ae:fa:0b:14:ad:31:4c:b1:7a:1a:dc:53:99:8c:e5
+	8a:ba:6d:d2:8b:18:46:86:83:c3:a4:ae:fe:ed:6c:b2
+	bd:f1:a4:6e:d7:8f:9f:ef:d3:a6:44:13:8a:04:45:49
+	05:
+
+prime2:
+	00:dd:6a:09:2a:59:56:63:30:ef:a4:e6:c7:50:8c:b3
+	15:63:22:5b:f2:c7:ab:fd:47:61:26:13:97:9d:4b:e7
+	44:e4:4a:07:7a:c8:76:84:34:09:33:a6:d5:9d:5f:20
+	57:0e:27:23:60:39:4c:aa:6a:71:a9:09:71:38:05:60
+	cc:f2:48:e2:85:f5:78:56:08:5e:d8:dc:1e:8c:2e:f7
+	0e:62:76:a7:cd:32:8f:c0:4c:e4:1a:df:c6:77:68:eb
+	31:5f:77:37:3e:5c:09:c9:40:f1:f7:92:51:06:84:13
+	b9:15:b7:bf:d3:cd:85:bf:2e:41:3e:d7:09:37:51:92
+	15:7a:18:3d:be:b8:25:c4:92:2d:ee:b2:52:dd:05:c7
+	55:a2:fe:d8:4c:18:80:da:23:5d:52:f8:a8:85:21:e0
+	b8:28:59:cb:d1:d5:55:31:60:f2:5b:a8:58:ea:b3:78
+	2b:6b:e6:69:48:f5:b9:cc:d4:ce:71:0a:8a:69:f4:9b
+	4f:
+
+coefficient:
+	00:94:1f:9e:43:1a:1e:a0:09:72:94:94:2d:71:21:fd
+	a7:19:b4:df:99:47:87:81:34:9f:37:a0:2f:f6:8d:7e
+	ae:cb:36:d8:44:a2:90:21:cf:01:11:f2:52:16:3e:8a
+	a1:9d:3d:e7:14:f9:e8:98:e7:91:cd:72:a2:69:7c:27
+	69:44:bc:da:52:f8:d1:fb:80:ff:7c:3b:9b:e8:9b:0f
+	b9:0e:43:10:5f:c8:78:fb:d9:45:20:d3:ee:7a:5c:cd
+	2e:d9:47:e4:30:a2:58:8d:ff:45:b3:0b:7f:5f:dd:d8
+	5f:e3:f0:43:7b:e9:91:35:17:9f:62:62:c7:08:63:07
+	17:ff:cc:99:0c:d5:84:be:6d:67:03:fb:e1:12:5f:01
+	ab:89:7b:d6:7d:04:5e:a0:29:b0:a1:14:5d:d5:6b:82
+	8e:f2:9e:fd:d1:4c:9e:7f:22:a7:93:a9:d9:15:60:9e
+	3d:66:8f:6f:87:98:1b:e2:a2:64:5e:1c:74:1f:f5:df
+	20:
+
+exp1:
+	00:a5:1b:68:df:84:1c:48:38:85:5d:a7:8d:4b:88:13
+	2d:31:05:25:c3:89:8c:ec:df:ee:6d:75:ca:da:69:ab
+	58:6d:09:4e:f0:f1:1a:f2:18:ba:78:8c:6b:24:fb:70
+	f8:6c:cf:e4:10:83:0e:5c:c4:7e:93:a7:8d:df:8f:a7
+	e2:92:b1:ca:63:e0:ac:1f:89:e4:8b:ea:0b:6a:8a:44
+	7d:d2:6a:67:a9:f1:8e:5f:d7:3c:86:ff:7a:c8:64:7f
+	0d:ed:d3:1c:18:47:4b:e1:42:1f:95:eb:f6:cf:67:54
+	4b:e2:33:c5:fb:38:84:03:30:2d:a0:91:e9:77:7f:fe
+	04:11:b9:84:0b:d2:e1:80:32:71:55:ad:62:2e:b9:6d
+	af:3a:69:ae:59:dd:5e:84:00:86:31:13:d0:83:b0:58
+	82:04:e5:d5:61:80:52:28:17:57:f3:0c:3a:24:fd:d2
+	e8:5a:04:75:e6:b5:dd:ec:b3:4e:f4:17:a6:4a:04:6f
+	f9:
+
+exp2:
+	0a:3a:02:90:5d:2d:fb:48:e0:58:ba:7c:0c:41:63:68
+	22:7b:0c:ca:2a:e4:cb:bf:07:42:ad:f6:fb:c1:ec:bd
+	a6:d9:b0:7c:c0:53:91:09:a2:3f:2b:7e:84:55:47:76
+	1d:e6:3a:e1:0f:e4:75:9e:92:ff:5e:bb:46:fe:20:99
+	76:bb:5d:13:18:e2:64:fe:df:fa:9e:38:1e:fb:70:57
+	ce:be:72:43:ad:09:2c:b5:a0:77:89:4c:6e:69:7f:2b
+	79:a0:55:01:e1:58:66:5e:44:8e:cd:c8:46:47:c5:6d
+	70:0e:5b:a2:d9:c4:4a:af:45:3e:34:ca:6d:2e:ac:53
+	a7:9f:05:03:11:18:55:7a:f6:fa:26:6c:63:5f:07:f4
+	f1:a1:59:b6:32:0f:89:83:c6:a4:b5:6d:7b:30:b4:63
+	6d:21:b0:a3:51:7a:2c:dc:b0:75:01:52:92:0c:96:09
+	53:63:82:0b:67:a6:1c:4a:db:fa:26:a5:7b:fd:5b:4b
+	
+
+Validation parameters:
+	Hash: SHA384
+	Seed: f3090f1bb1c9e0d068ecdadda747231f2e8162dedea3fbe67f2bc48ac9c04c5b
+
+Public Key PIN:
+	pin-sha256:Dh8nXdqKAU6V7dQ1pLFsyNUpzvAMEU5miA+YUIKMEAU=
+Public Key ID:
+	sha256:0e1f275dda8a014e95edd435a4b16cc8d529cef00c114e66880f9850828c1005
+	sha1:0555cbc10dae7aece1addedbac0e62c1bb0c343d
+
+-----BEGIN PRIVATE KEY-----
+MIIHPwIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCi2IW+uF8+U6xc
+Vqw1088OoHWE4Imdr0E00CaXbd8UHw2Qiuw9AqM63v6s/6/E0wH76S8i9uaJXipF
+Aq9S+/kFZlb11j2q5d61EYW5+GV95JGwS2lmiN8kEbBsRLRzjf6RteaYRDYcCvRS
+yQ/MOZvrVyZDf+d+5W5MhmidZkMMTdSc3XmA+s4JQ/qs2hzJGIcfaCoK075anzEy
+MFRpFgcRxQxaK9UzZrixIwZ5VjQYVAJqhVdmHL/N7tPcv17Y+4e2SwAEkMKPHvP7
+D1uvDhferTowUMHEhxFFIPPeJ7jdkO7gjx7Guli1YTfcgybQChtk/h/53+fE7wg+
+3wMilHe+OtFJ7+U6t6mHM05jsVG8il91Y1GMa5gGuBkenlhf2YFbOU0nP8FdQ+2s
+KcFeNJhVqozP0OBglyavqJHI2fFUuwWzIjFXIlPo0hWfF/n2K3vqdKlfxgh5fvzV
+v9KM3dqQLMjsPcHNVlIoPS0mbIxEV3y4E7PTe5DuBYuj2+pbj4sCAwEAAQKCAYAP
+mIYClHzGptPQihp3E0B2yaZHogt79w9bI/42LXcaYbj2WV+znh+M4VNptRkb1AuS
+GSyDADtm94Y70ryAyZH5UupMJAcG6XnxRGrWuzPZIT1UsXw4Li6UsT8At3nCwVwa
+j120wn+eIuxwS0JAkFne6ZtIBqVgkU+Fc6/sNyF/uap9lXZwBFUcLQ8CY+cy2S8D
+soGoRMwruKhJArjq0Ym+yWzb6+vAvvs8N7sEft2BYPZURk3vARzbd56BuzA1vq0C
+6xaiA401qimZh1JUQEWYRx0PFzg+G8Acvg2aZOn19VopF6R485UVdIruulQ6lljf
+y4BJUGjetInAtl1LRqnhnGOL5iNU6mpb7Pqhb9KZ/u8srtgkSE9Rp117ab9+fVA6
+oUmiQvN2N1bxlfd9nOuHQMgwgMhv7ysLtOHAAfUVYhYiEWUTbRFpII00GLXqTgJ3
+OI9nUxxxUUtAzwxXRBoBJu/GChy4XdBkiu/9F1jc/J9uwRBkALhoKy1oZYj9Xn0C
+gcEAvEhwX4/xFnshH9qPScgQRgH8+7xS/45zIwJ4AW0lfOwgL+B44KGEPBpE9++d
+GpWQSgRwyii1h2cZ0+2DALp7Cwy7igjVY2YLMKj6xHa6kWCc+j7Bq1AABmX26bDe
+poG1PVfTE/975l5r2j3eCT0/fawqMZ5eV8Ul5MJ2qLmQJTjY3q3o2YKXxf3PFXqd
+cCOsrvoLFK0xTLF6GtxTmYzlirpt0osYRoaDw6Su/u1ssr3xpG7Xj5/v06ZEE4oE
+RUkFAoHBAN1qCSpZVmMw76Tmx1CMsxVjIlvyx6v9R2EmE5edS+dE5EoHesh2hDQJ
+M6bVnV8gVw4nI2A5TKpqcakJcTgFYMzySOKF9XhWCF7Y3B6MLvcOYnanzTKPwEzk
+Gt/Gd2jrMV93Nz5cCclA8feSUQaEE7kVt7/TzYW/LkE+1wk3UZIVehg9vrglxJIt
+7rJS3QXHVaL+2EwYgNojXVL4qIUh4LgoWcvR1VUxYPJbqFjqs3gra+ZpSPW5zNTO
+cQqKafSbTwKBwQClG2jfhBxIOIVdp41LiBMtMQUlw4mM7N/ubXXK2mmrWG0JTvDx
+GvIYuniMayT7cPhsz+QQgw5cxH6Tp43fj6fikrHKY+CsH4nki+oLaopEfdJqZ6nx
+jl/XPIb/eshkfw3t0xwYR0vhQh+V6/bPZ1RL4jPF+ziEAzAtoJHpd3/+BBG5hAvS
+4YAycVWtYi65ba86aa5Z3V6EAIYxE9CDsFiCBOXVYYBSKBdX8ww6JP3S6FoEdea1
+3eyzTvQXpkoEb/kCgcAKOgKQXS37SOBYunwMQWNoInsMyirky78HQq32+8HsvabZ
+sHzAU5EJoj8rfoRVR3Yd5jrhD+R1npL/XrtG/iCZdrtdExjiZP7f+p44HvtwV86+
+ckOtCSy1oHeJTG5pfyt5oFUB4VhmXkSOzchGR8VtcA5botnESq9FPjTKbS6sU6ef
+BQMRGFV69vombGNfB/TxoVm2Mg+Jg8aktW17MLRjbSGwo1F6LNywdQFSkgyWCVNj
+ggtnphxK2/ompXv9W0sCgcEAlB+eQxoeoAlylJQtcSH9pxm035lHh4E0nzegL/aN
+fq7LNthEopAhzwER8lIWPoqhnT3nFPnomOeRzXKiaXwnaUS82lL40fuA/3w7m+ib
+D7kOQxBfyHj72UUg0+56XM0u2UfkMKJYjf9Fswt/X93YX+PwQ3vpkTUXn2Jixwhj
+Bxf/zJkM1YS+bWcD++ESXwGriXvWfQReoCmwoRRd1WuCjvKe/dFMnn8ip5Op2RVg
+nj1mj2+HmBviomReHHQf9d8goD8wPQYKKwYBBAGSCBIIATEvMC0GCWCGSAFlAwQC
+AgQg8wkPG7HJ4NBo7Nrdp0cjHy6BYt7eo/vmfyvEisnATFs=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pubkey-ecc256.pem b/tests/cert-tests/data/pubkey-ecc256.pem
new file mode 100644
index 0000000..6e0020d
--- /dev/null
+++ b/tests/cert-tests/data/pubkey-ecc256.pem
@@ -0,0 +1,23 @@
+Public Key Information:
+	Public Key Algorithm: EC/ECDSA
+	Algorithm Security Level: High (256 bits)
+		Curve:	SECP256R1
+		X:
+			3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30
+			5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33
+		Y:
+			3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa
+			6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1
+
+Public Key ID:
+	sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b
+	sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433
+Public Key PIN:
+	pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM=
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL
+2RcVRnJxksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwQ==
+-----END PUBLIC KEY-----
+
diff --git a/tests/cert-tests/data/pubkey-eddsa.pem b/tests/cert-tests/data/pubkey-eddsa.pem
new file mode 100644
index 0000000..dbcca22
--- /dev/null
+++ b/tests/cert-tests/data/pubkey-eddsa.pem
@@ -0,0 +1,18 @@
+Public Key Information:
+	Public Key Algorithm: EdDSA (Ed25519)
+	Algorithm Security Level: High (256 bits)
+		Curve:	Ed25519
+		X:
+			19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b:96
+			c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31:66:e1
+
+Public Key ID:
+	sha1:3a04967761a552db7e9e18c6dba4bd4aae119908
+	sha256:a1e9156054e04fac899ae9f275132cdc07a5dbc4ea2c2ad3a1ffc6e0d253681f
+Public Key PIN:
+	pin-sha256:oekVYFTgT6yJmunydRMs3Ael28TqLCrTof/G4NJTaB8=
+
+
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=
+-----END PUBLIC KEY-----
diff --git a/tests/cert-tests/data/rfc4134-4.5.p7b b/tests/cert-tests/data/rfc4134-4.5.p7b
new file mode 100644
index 0000000..6608d9b
--- /dev/null
+++ b/tests/cert-tests/data/rfc4134-4.5.p7b
diff --git a/tests/cert-tests/data/rfc4134-ca-rsa.pem b/tests/cert-tests/data/rfc4134-ca-rsa.pem
new file mode 100644
index 0000000..20580fa
--- /dev/null
+++ b/tests/cert-tests/data/rfc4134-ca-rsa.pem
@@ -0,0 +1,74 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 46346bc7800056bc11d36e2e9ff25020
+	Issuer: CN=CarlRSA
+	Validity:
+		Not Before: Wed Aug 18 07:00:00 UTC 1999
+		Not After: Sat Dec 31 23:59:59 UTC 2039
+	Subject: CN=CarlRSA
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Low (1024 bits)
+		Modulus (bits 1024):
+			00:e4:4b:ff:18:b8:24:57:f4:77:ff:6e:73:7b:93:71
+			5c:bc:33:1a:92:92:72:23:d8:41:46:d0:cd:11:3a:04
+			b3:8e:af:82:9d:bd:51:1e:17:7a:f2:76:2c:2b:86:39
+			a7:bd:d7:8d:1a:53:ec:e4:00:d5:e8:ec:a2:36:b1:ed
+			e2:50:e2:32:09:8a:3f:9f:99:25:8f:b8:4e:ab:b9:7d
+			d5:96:65:da:16:a0:c5:be:0e:ae:44:5b:ef:5e:f4:a7
+			29:cb:82:dd:ac:44:e9:aa:93:94:29:0e:f8:18:d6:c8
+			57:5e:f2:76:c4:f2:11:60:38:b9:1b:3c:1d:97:c9:6a
+			f1
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+		Key Usage (critical):
+			Digital signature.
+			Certificate signing.
+			CRL signing.
+		Subject Key Identifier (not critical):
+			e9e09027ac78207a9ad34cf242374e22ae9e38bb
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		b7:9e:d4:04:d3:ed:29:e4:ff:89:89:15:2e:4c:db:0c
+		f0:48:0f:32:61:ee:c4:04:ec:12:5d:2d:ff:0f:64:59
+		7e:0a:c3:ed:18:fd:e3:56:40:37:a7:07:b5:f0:38:12
+		61:50:ed:ef:dd:3f:e3:0b:b8:61:a5:a4:9b:3c:e6:9e
+		9c:54:9a:b6:95:d6:da:6c:3b:b5:2d:45:35:9d:49:01
+		76:fa:b9:b9:31:f9:f9:6b:12:53:a0:f5:14:60:9b:7d
+		ca:3e:f2:53:6b:b0:37:6f:ad:e6:74:d7:db:fa:5a:ea
+		14:41:63:5d:cd:be:c8:0e:c1:da:6a:8d:53:34:18:02
+Other Information:
+	SHA1 fingerprint:
+		4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
+	SHA256 fingerprint:
+		734c2253ad2d6bfaec981099a152b1ab42216b44cf48dadd306e6221ad824205
+	Public Key ID:
+		e9e09027ac78207a9ad34cf242374e22ae9e38bb
+	Public key's random art:
+		+--[ RSA 1024]----+
+		|                 |
+		|                 |
+		|                 |
+		|   . .   .       |
+		|o   = o S        |
+		|==.= = o         |
+		|**O . . .        |
+		|=*=.             |
+		|EO               |
+		+-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAVSgAwIBAgIQRjRrx4AAVrwR024un/JQIDANBgkqhkiG9w0BAQUFADAS
+MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDgxODA3MDAwMFoXDTM5MTIzMTIzNTk1
+OVowEjEQMA4GA1UEAxMHQ2FybFJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA5Ev/GLgkV/R3/25ze5NxXLwzGpKSciPYQUbQzRE6BLOOr4KdvVEeF3rydiwr
+hjmnvdeNGlPs5ADV6OyiNrHt4lDiMgmKP5+ZJY+4Tqu5fdWWZdoWoMW+Dq5EW+9e
+9Kcpy4LdrETpqpOUKQ74GNbIV17ydsTyEWA4uRs8HZfJavECAwEAAaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOngkCeseCB6
+mtNM8kI3TiKunji7MA0GCSqGSIb3DQEBBQUAA4GBALee1ATT7Snk/4mJFS5M2wzw
+SA8yYe7EBOwSXS3/D2RZfgrD7Rj941ZAN6cHtfA4EmFQ7e/dP+MLuGGlpJs85p6c
+VJq2ldbabDu1LUU1nUkBdvq5uTH5+WsSU6D1FGCbfco+8lNrsDdvreZ019v6WuoU
+QWNdzb7IDsHaao1TNBgC
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/rfc4490.p7b b/tests/cert-tests/data/rfc4490.p7b
new file mode 100644
index 0000000..c697980
--- /dev/null
+++ b/tests/cert-tests/data/rfc4490.p7b
diff --git a/tests/cert-tests/data/rfc4490.p7b.out b/tests/cert-tests/data/rfc4490.p7b.out
new file mode 100644
index 0000000..8237d70
--- /dev/null
+++ b/tests/cert-tests/data/rfc4490.p7b.out
@@ -0,0 +1,14 @@
+Signers:
+	Signer's issuer DN: EMAIL=GostR3410-2001@example.com,C=RU,O=CryptoPro,CN=GostR3410-2001 example
+	Signer's serial: 2bf5c61ec211bd17c7dcd46266b42e21
+	Signature Algorithm: GOSTR341001
+
+-----BEGIN PKCS7-----
+MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
+9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
+c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
+BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
+AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
+P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
+xlHbjbL0jHF+7XKp
+-----END PKCS7-----
diff --git a/tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub b/tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub
new file mode 100644
index 0000000..dd4dab1
--- /dev/null
+++ b/tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub
diff --git a/tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub b/tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub
new file mode 100644
index 0000000..03caa9d
--- /dev/null
+++ b/tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub
diff --git a/tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub b/tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub
new file mode 100644
index 0000000..59f077a
--- /dev/null
+++ b/tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub
diff --git a/tests/cert-tests/data/selfsigs/alice.pub b/tests/cert-tests/data/selfsigs/alice.pub
new file mode 100644
index 0000000..399a0ba
--- /dev/null
+++ b/tests/cert-tests/data/selfsigs/alice.pub
diff --git a/tests/cert-tests/data/sha256.p12 b/tests/cert-tests/data/sha256.p12
new file mode 100644
index 0000000..f6779a1
--- /dev/null
+++ b/tests/cert-tests/data/sha256.p12
diff --git a/tests/cert-tests/data/simple-policy.pem b/tests/cert-tests/data/simple-policy.pem
new file mode 100644
index 0000000..1ee4901
--- /dev/null
+++ b/tests/cert-tests/data/simple-policy.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAh2gAwIBAgIBCjANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJHUjEP
+MA0GA1UECBMGQXR0aWtpMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMRUwEwYDVQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/Is
+ZAEBEwdjbGF1cGVyMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEL
+MAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMu
+MRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVy
+MRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY
+HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY
+nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaNIMEYw
+DAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHQYDVR0OBBYE
+FF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEBCwUAA4GBABt3XKgvd4I9
+b5ADxrKOatW4ERK7w7N4RpDprhFvT672+NnvFgE6UlfeusS71sxKYJVSXI8vih1W
+a4O+kX5ywllmTyKgYtGfOJ/1G4V0kBfOUGDXnvUtsldvPz870Rc2pU5fpyoWKyTr
+vCT9766rAEqIrNazBG/8XYaxtyz0UmDb
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/single-ca.p7b b/tests/cert-tests/data/single-ca.p7b
new file mode 100644
index 0000000..d0508c0
--- /dev/null
+++ b/tests/cert-tests/data/single-ca.p7b
diff --git a/tests/cert-tests/data/single-ca.p7b.out b/tests/cert-tests/data/single-ca.p7b.out
new file mode 100644
index 0000000..bb7425e
--- /dev/null
+++ b/tests/cert-tests/data/single-ca.p7b.out
@@ -0,0 +1,67 @@
+Signers:
+	Signer's issuer DN: CN=GnuTLS Test CA
+	Signer's serial: 00
+	Signature Algorithm: RSA-SHA256
+	Signed Attributes:
+		smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+		messageDigest: 0420aadc1955c030f723e9d89ed9d486b4eef5b0d1c6945be0dd6b7b340d42928ec9
+		signingTime: 170d3135303533313036343633385a
+		contentType: 06092a864886f70d010701
+
+Number of certificates: 1
+
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
+
+-----BEGIN PKCS7-----
+MIIF8AYJKoZIhvcNAQcCoIIF4TCCBd0CAQExDzANBglghkgBZQMEAgEFADALBgkq
+hkiG9w0BBwGgggNUMIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcw
+FQYDVQQDEw5HbnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIw
+ODM2MzNaMBkxFzAVBgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0B
+AQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65S
+EoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OL
+MiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63
++MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5g
+FH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2F
+ezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUI
+oYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNV
+HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFn
+kvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUV
+RcBHDxmN7g2yOcqHVfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhL
+CDW1BULHlLvL0DFc4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrO
+MrzKZ2eKWA4JsL9sV+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVn
+Xv4FVWPXbH9HERDKVbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DD
+eN6EmRDOzByrv+9uf45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJs
+OGuX7PqNyoDzJHLvferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+MYICYDCCAlwCAQEwHjAZMRcwFQYDVQQDEw5HbnVUTFMgVGVzdCBDQQIBADANBglg
+hkgBZQMEAgEFAKCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
+DQEJBTEPFw0xNTA1MzEwNjQ2MzhaMC8GCSqGSIb3DQEJBDEiBCCq3BlVwDD3I+nY
+ntnUhrTu9bDRxpRb4N1rezQNQpKOyTB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFl
+AwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqG
+SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB
+KDANBgkqhkiG9w0BAQEFAASCATBzs7o8JGEHYLfKM/7xek1kHKP5NP18IPdMX8S1
+imBuFBRmP510UbZGzeM/TIQvGeBiFO+6HsrF6LrHSm3vFg/jFSQ6CxfBr5Jt+OsJ
+5emH8cGFHMGjZcyr818fritwwhVYVCRbjaKTPdf/HPeckO/XNCE0vo3lmB9KbwOZ
+oOHchBjgP36AYT3HZdOBjEApK1inpuc81Ix19lMJoXNX8ZnPFAmHsh4vg6nv1eVm
+LQrKnw39MZ7pjooNAD4NUQyw8W+t5K8cIK+5KLlp6FgVML+83kmzryF3CJKgaTmV
+vecMzuA1EDd740y6wFBv7bYoOcfmyRLcRDnqURmsTZyEOdqswfr02FjuR40H1ZoA
+KtarkLh1zxAeR7fMnuqUKGUJS+SB2QyAEGOv2dZMhnDA48i0
+-----END PKCS7-----
diff --git a/tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg b/tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg
new file mode 100644
index 0000000..eae97b3
--- /dev/null
+++ b/tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg
@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY
+mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ
+1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0
+CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC
+F4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqFMqjv
+ljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZdG0x
+c4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYaZLDs
+mfS0CTEyNy4wLjAuMYi2BBMBAgAgBQJIJ40XAhsjBgsJCAcDAgQVAggDBBYCAwEC
+HgECF4AACgkQkfGmlGU5bl3r5wQAgZPFhKacRyLNfSDNIuzWdsPCm2MaHkjPWPY1
+ms+bQPw8Qju2S45QeiIRgyK62LfCMcTdxXAtqvQ45+Zp7TZa8+O10XF8gaQlKjRk
+duUu04XX0eBI20Fzq/OfAb+ECRUaqLYdrfC9zj/f0BZU17xXcJmxKjlsVcffSFJT
+qJG161GInAQQAQIABgUCSCeQtAAKCRBYr5/NtEtAgbPyA/oCvo+Uv2/JO+U3Yvjz
+vZeqE6cpNyYjOVyeh94y6WqIMfb9f7XblBalhm61vtNoQziNmN46W29FHrvvCXdj
+SDbfg6lsNkr1M2j9ppvZnbn9B2MsEbwTLVS8EGB/kvgXzZZEtzgZU8Qf8e9q6xCh
+evUnsgESjY6TTBziLCdos8ooSQ==
+=O699
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/cert-tests/data/srv-public-all-signed.gpg b/tests/cert-tests/data/srv-public-all-signed.gpg
new file mode 100644
index 0000000..f6e7fad
--- /dev/null
+++ b/tests/cert-tests/data/srv-public-all-signed.gpg
@@ -0,0 +1,23 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY
+mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ
+1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0
+CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC
+F4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqFMqjv
+ljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZdG0x
+c4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYaZLDs
+mfSInAQQAQIABgUCSEuWfgAKCRBYr5/NtEtAgQSCBACYAc4TV5/4ttqECCqPdyWY
+LXqcisgqr7Vwyff+1QLELdh5vvyBFc0FD/mvzpgScSiKTP07njw7KgGl2K6mVlPa
+ztdYhfIKUyhLoj9G52dZZNBtUFi9dlNY/vUDCnDKuTV5BqjoznNYZ5Ti9QsD/TEL
+GevqKn8ejNWkd79cOhpSCrQJMTI3LjAuMC4xiLYEEwECACAFAkgnjRcCGyMGCwkI
+BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCR8aaUZTluXevnBACBk8WEppxHIs19IM0i
+7NZ2w8KbYxoeSM9Y9jWaz5tA/DxCO7ZLjlB6IhGDIrrYt8IxxN3FcC2q9Djn5mnt
+Nlrz47XRcXyBpCUqNGR25S7ThdfR4EjbQXOr858Bv4QJFRqoth2t8L3OP9/QFlTX
+vFdwmbEqOWxVx99IUlOokbXrUYicBBABAgAGBQJIJ5C0AAoJEFivn820S0CBs/ID
++gK+j5S/b8k75Tdi+PO9l6oTpyk3JiM5XJ6H3jLpaogx9v1/tduUFqWGbrW+02hD
+OI2Y3jpbb0Ueu+8Jd2NINt+DqWw2SvUzaP2mm9mduf0HYywRvBMtVLwQYH+S+BfN
+lkS3OBlTxB/x72rrEKF69SeyARKNjpNMHOIsJ2izyihJ
+=HB4x
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/cert-tests/data/srv-public-localhost-signed.gpg b/tests/cert-tests/data/srv-public-localhost-signed.gpg
new file mode 100644
index 0000000..40958f6
--- /dev/null
+++ b/tests/cert-tests/data/srv-public-localhost-signed.gpg
@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY
+mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ
+1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0
+CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC
+F4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqFMqjv
+ljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZdG0x
+c4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYaZLDs
+mfSInAQQAQIABgUCSCeQ7gAKCRBYr5/NtEtAgetPA/9uOggR2zLSE2/WyvKUIQO/
+H/V5e7O4dIZMsfiyRwbF0oGXQ2/fM+mehkvAeAsR17vPJ1uVphQ4w1F0inSt0m5f
+L2i2Ci/ZbMtXTP139I/9RPX1yfKKk+b7eYvAvtq3gJ8RuA5QBDQTjy/9pGFDodn7
+1z+5gwJtR6xXxwHOkK8nBbQJMTI3LjAuMC4xiLYEEwECACAFAkgnjRcCGyMGCwkI
+BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCR8aaUZTluXevnBACBk8WEppxHIs19IM0i
+7NZ2w8KbYxoeSM9Y9jWaz5tA/DxCO7ZLjlB6IhGDIrrYt8IxxN3FcC2q9Djn5mnt
+Nlrz47XRcXyBpCUqNGR25S7ThdfR4EjbQXOr858Bv4QJFRqoth2t8L3OP9/QFlTX
+vFdwmbEqOWxVx99IUlOokbXrUQ==
+=ALwQ
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/cert-tests/data/srv-public.gpg b/tests/cert-tests/data/srv-public.gpg
new file mode 100644
index 0000000..f5693d1
--- /dev/null
+++ b/tests/cert-tests/data/srv-public.gpg
@@ -0,0 +1,17 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY
+mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ
+1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0
+CTEyNy4wLjAuMYi2BBMBAgAgBQJIJ40XAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC
+F4AACgkQkfGmlGU5bl3r5wQAgZPFhKacRyLNfSDNIuzWdsPCm2MaHkjPWPY1ms+b
+QPw8Qju2S45QeiIRgyK62LfCMcTdxXAtqvQ45+Zp7TZa8+O10XF8gaQlKjRkduUu
+04XX0eBI20Fzq/OfAb+ECRUaqLYdrfC9zj/f0BZU17xXcJmxKjlsVcffSFJTqJG1
+61G0CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwEC
+HgECF4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqF
+MqjvljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZ
+dG0xc4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYa
+ZLDsmfQ=
+=LSvO
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/cert-tests/data/srv-secret.gpg b/tests/cert-tests/data/srv-secret.gpg
new file mode 100644
index 0000000..7de4ee3
--- /dev/null
+++ b/tests/cert-tests/data/srv-secret.gpg
@@ -0,0 +1,24 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+lQHYBEgnjRcBBADjXF2p/2OTC+SghZVDeZdH8hVK+hoiluIAoMnY7/ZUib5BIbpU
+2JkwLuZkxLscZcKwAjEmkhdCGfTisns2CdTT++5LX4AxL13E66n89kcmzwx1o6P5
+ENS8gnfpeoj4AKcgvr11goWmgX/0U6cMUF9mgp4Mu5oli76d4CUQCWIVCwARAQAB
+AAP+Pl2iz7PfY4GaqDGcXRLoXXLZRmTOcHiE6/kvBRPltRDHoGQZEZcMhjwHNNMG
+JGcBfXhMdTETsi0ekGS3CX6u4ybVoLzsUhcQUcn/+5dzWxdwQRufXhQ1kfFxDI6E
+tjzfVfb5BeJO8lsPYcafjZau3ndRYNjQtctLfnwp6ohxWzkCAO6BrZARpv6BGS8C
+ipbb2soWC2oYWXxYUES6MPbtbIJ9I1pgYAc+wzJMZJXW9Gw6cvPITMTg0JVBgao1
+/BlmZy8CAPQJaNeiKUA4uRcDRll0AR4iezN8iGNuyuWmZR03FQwE1sDemkEmYb/9
+QDkPGqoqQs2fiMPgsq3Q1S8xRYvCuOUCANWQsAX0cxa4oq32BX4w7jkwoTgV5xVU
+qYGDy2JEmRImrcwkq5O89FbsYYf0EVz8wkIhrFJWZg5WtzpPmNPFcbOZDrQJMTI3
+LjAuMC4xiLYEEwECACAFAkgnjRcCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
+CRCR8aaUZTluXevnBACBk8WEppxHIs19IM0i7NZ2w8KbYxoeSM9Y9jWaz5tA/DxC
+O7ZLjlB6IhGDIrrYt8IxxN3FcC2q9Djn5mntNlrz47XRcXyBpCUqNGR25S7ThdfR
+4EjbQXOr858Bv4QJFRqoth2t8L3OP9/QFlTXvFdwmbEqOWxVx99IUlOokbXrUbQJ
+bG9jYWxob3N0iLYEEwECACAFAkgnkFMCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX
+gAAKCRCR8aaUZTluXVCXBACO+hnlRUFjaGXEjkj6N0uZsrFjQwq7cTbuOoUyqO+W
+Mhih1dCYE8ucvT6zGyTn/c9Bopru7ilFupcRWLlRPJILKT36WLlrpLR85hl0bTFz
+g3YzaHJwz+f29LwNvEF12A3IEIcwOn7BQaHJYylMI6OB8Qku/fqhOv/aNhpksOyZ
+9A==
+=OxUt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/cert-tests/data/subpkt-leak.pub b/tests/cert-tests/data/subpkt-leak.pub
new file mode 100644
index 0000000..643c334
--- /dev/null
+++ b/tests/cert-tests/data/subpkt-leak.pub
@@ -0,0 +1 @@
+����������
+\ No newline at end of file
diff --git a/tests/cert-tests/data/template-crq.pem b/tests/cert-tests/data/template-crq.pem
new file mode 100644
index 0000000..4744422
--- /dev/null
+++ b/tests/cert-tests/data/template-crq.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQzCCAqygAwIBAgICAjcwDQYJKoZIhvcNAQELBQAwgbgxCzAJBgNVBAYTAkdS
+MQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMO
+c2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT
+8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRww
+GgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4XDTA3MDQyMjAwMDAwMFoXDTA4
+MDQyMTAwMDAwMFowgZoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNV
+BAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNV
+BAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5ge
+HEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+Mxic
+Gnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo3gwdjAO
+BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/
+BAIwADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wHwYDVR0jBBgwFoAU
+XUCt8M6UQJWLfpmUHZJUIspyNl8wDQYJKoZIhvcNAQELBQADgYEAIi10ViehwFRO
+C0poXR2v3lTj8g/UC2s/2uhOfYQ5AdczhJHtf2PUrvwO2qBSbucJgrXosWVLJX3t
+7eW3ErI8gA99xU21hNGWLEkgKdnxFriRKhaOx5Wxgc7PmnTgRd3jGAvP3EYWPfNl
+VMCAs2u7OVYHP63AaLbZVikfkksjx4g=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-date.pem b/tests/cert-tests/data/template-date.pem
new file mode 100644
index 0000000..a1bb614
--- /dev/null
+++ b/tests/cert-tests/data/template-date.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA0agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMjkwMTEyMTEzNjExWhcNMTUw
+NTI0MTQyOTEyWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjgfQwgfEwDwYDVR0TAQH/BAUwAwEB/zBq
+BgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3
+dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVy
+ZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCAoQw
+HQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMC4GA1UdHwQnMCUwI6AhoB+G
+HWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwvMA0GCSqGSIb3DQEBCwUAA4GB
+AAtuhpeIBu3CEKtw0m3tAa6e6FK2Ww92e/4Eu2SzdVXpM1iSIu7JhmU9Z7hkBiTR
+ojzildOcaja/XtPXaO0zxmaQ9PqEhOve4Zi+Fragkdp9ExOSdJNuMZtF7lk6C9W5
+W1PhIOe4CRJ2lRl6fToABg0a+Cf0+mdcWW6qnQtoWMQy
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-dates-after2038.pem b/tests/cert-tests/data/template-dates-after2038.pem
new file mode 100644
index 0000000..d08d838
--- /dev/null
+++ b/tests/cert-tests/data/template-dates-after2038.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA0agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMzkwMTEyMTEzNjExWhcNNDMw
+NTI0MTQyOTEyWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjgfQwgfEwDwYDVR0TAQH/BAUwAwEB/zBq
+BgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3
+dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVy
+ZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCAoQw
+HQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMC4GA1UdHwQnMCUwI6AhoB+G
+HWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwvMA0GCSqGSIb3DQEBCwUAA4GB
+AH3hlSBum8CPXMLD+l594w4Z3avKByrleD90f9JdCkP029tGF1y4D17YiHquYVUQ
+dWGJFZxd8TTbsUjhbtbpHO7n7nY8AXU58rKPRK9CsSEC9gAw5Xhyt21dzPNqhXcK
+0Gza+jQJEw/A1E93JDmo6lc4dWdt6igMB8HAGQfvzZJb
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-dn.pem b/tests/cert-tests/data/template-dn.pem
new file mode 100644
index 0000000..5b38c7f
--- /dev/null
+++ b/tests/cert-tests/data/template-dn.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H0MIHxMA8GA1UdEwEB/wQFMAMB
+Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn
+ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO
+d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQD
+AgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOg
+IaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsF
+AAOBgQCkSwnFjktb1sFvIXFcKIIb3hJKFQaYSxWvYsGdcWkTmCqLguKVQgKD6EPo
+Idp2jN6bHX9K+5P5KSGDKsPsBfF6Wit/y8dFN9zG1/VvdXDgMZqzxCuiQe+JIYBV
+Er6vj0hwvDd+wl+CsIxlQEfWeLuRSdTZ33yTPq7mJqjDyKfHXw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-generalized.pem b/tests/cert-tests/data/template-generalized.pem
new file mode 100644
index 0000000..09ea7a5
--- /dev/null
+++ b/tests/cert-tests/data/template-generalized.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4TCCA0qgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIhgPMjA1MTAxMTIxMTM2MTFaGA8y
+MDU1MDUyNDE0MjkxMlowgbgxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kx
+EjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAK
+BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l
+QG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H0MIHxMA8GA1UdEwEB/wQFMAMB
+Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn
+ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO
+d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQD
+AgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOg
+IaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsF
+AAOBgQAB8Akf5wROUFTC0bbh8cNBemII0ytuXr/RbEfnGvvswlX4zuW2JfGTw7dh
+JS0PYMeZ+SwE9nSHKyifX8ZQDvfsPdjszM8IVC5WrgSXzWOLFQOOWXAqi4FlVx+6
+wSVUvGBiowYEMcndGRy56mzrOWaCjztPWqNOQgNhybhri5btgQ==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-krb5name-full.pem b/tests/cert-tests/data/template-krb5name-full.pem
new file mode 100644
index 0000000..1d4c036
--- /dev/null
+++ b/tests/cert-tests/data/template-krb5name-full.pem
@@ -0,0 +1,94 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 07
+	Issuer: CN=Nik,ST=Attiki,C=GR,surName=Mavrogiannopoulos,street=Arkadias
+	Validity:
+		Not Before: Sun Apr 22 00:00:00 UTC 2007
+		Not After: Sun May 25 00:00:00 UTC 2014
+	Subject: CN=Nik,ST=Attiki,C=GR,surName=Mavrogiannopoulos,street=Arkadias
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Legacy (1024 bits)
+		Modulus (bits 1024):
+			00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59
+			f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b
+			05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7
+			33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42
+			e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77
+			86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69
+			af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d
+			8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3
+			05
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+		Subject Alternative Name (not critical):
+			DNSname: www.evenmorethanone.org
+			IPAddress: 192.168.1.1
+			KRB5Principal: user@email.domain@KERBEROS.REALM
+			KRB5Principal: user@REALM.COM
+			KRB5Principal: HTTP/user@REALM.COM
+			KRB5Principal: comp1/comp2/user@REALM.COM
+			RFC822Name: none@none.org
+			RFC822Name: where@none.org
+		Key Purpose (not critical):
+			OCSP signing.
+		Key Usage (critical):
+		Subject Key Identifier (not critical):
+			5d40adf0ce9440958b7e99941d925422ca72365f
+		CRL Distribution points (not critical):
+			URI: http://www.getcrl.crl/getcrl/
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		60:4b:8f:6f:70:c9:1f:c0:e0:f7:44:aa:c8:57:ae:72
+		7f:fb:69:f0:ef:40:62:66:5a:0b:88:91:ac:9b:13:20
+		77:1b:41:dd:ca:0e:6e:f6:16:9b:56:6f:f7:58:57:10
+		42:04:72:98:78:03:da:48:c3:0f:9b:fe:9b:3c:54:9c
+		5c:f9:1f:78:32:90:23:04:0f:fd:a0:4d:9e:ff:a2:87
+		58:5c:a0:d5:80:70:e7:d6:a2:ff:21:03:3e:77:57:68
+		ea:a6:21:f7:67:8e:9a:df:63:12:f1:7e:78:7d:ac:6d
+		eb:53:9f:ce:fe:18:61:18:8a:2b:65:35:28:6f:d5:7b
+Other Information:
+	SHA1 fingerprint:
+		113d3560fb087fd7724055192695f0c472e1eec4
+	SHA256 fingerprint:
+		7b2285b7a542e9ca05eae2538196080caf503d47f8a3869454ab1990d8075be8
+	Public Key ID:
+		5d40adf0ce9440958b7e99941d925422ca72365f
+	Public key's random art:
+		+--[ RSA 1024]----+
+		|       .o+*=.    |
+		|     . .o.+oo    |
+		|    . *  =EB..   |
+		|     + o.oO..    |
+		|       .S=.o     |
+		|        . *      |
+		|         .       |
+		|                 |
+		|                 |
+		+-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIID5DCCA02gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw
+AwEB/zCCASkGA1UdEQSCASAwggEcghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE
+wKgBAaA+BgYrBgEFAgKgNDAyoBAbDktFUkJFUk9TLlJFQUxNoR4wHKADAgEKoRUw
+ExsRdXNlckBlbWFpbC5kb21haW6gLAYGKwYBBQICoCIwIKALGwlSRUFMTS5DT02h
+ETAPoAMCAQGhCDAGGwR1c2VyoDIGBisGAQUCAqAoMCagCxsJUkVBTE0uQ09NoRcw
+FaADAgEBoQ4wDBsESFRUUBsEdXNlcqA6BgYrBgEFAgKgMDAuoAsbCVJFQUxNLkNP
+TaEfMB2gAwIBAaEWMBQbBWNvbXAxGwVjb21wMhsEdXNlcoENbm9uZUBub25lLm9y
+Z4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/
+BAQDAgYAMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAl
+MCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0B
+AQsFAAOBgQBgS49vcMkfwOD3RKrIV65yf/tp8O9AYmZaC4iRrJsTIHcbQd3KDm72
+FptWb/dYVxBCBHKYeAPaSMMPm/6bPFScXPkfeDKQIwQP/aBNnv+ih1hcoNWAcOfW
+ov8hAz53V2jqpiH3Z46a32MS8X54faxt61Ofzv4YYRiKK2U1KG/Vew==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-krb5name.pem b/tests/cert-tests/data/template-krb5name.pem
new file mode 100644
index 0000000..7abd1c3
--- /dev/null
+++ b/tests/cert-tests/data/template-krb5name.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5DCCA02gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw
+AwEB/zCCASkGA1UdEQSCASAwggEcghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE
+wKgBAaA+BgYrBgEFAgKgNDAyoBAbDktFUkJFUk9TLlJFQUxNoR4wHKADAgEKoRUw
+ExsRdXNlckBlbWFpbC5kb21haW6gLAYGKwYBBQICoCIwIKALGwlSRUFMTS5DT02h
+ETAPoAMCAQGhCDAGGwR1c2VyoDIGBisGAQUCAqAoMCagCxsJUkVBTE0uQ09NoRcw
+FaADAgEBoQ4wDBsESFRUUBsEdXNlcqA6BgYrBgEFAgKgMDAuoAsbCVJFQUxNLkNP
+TaEfMB2gAwIBAaEWMBQbBWNvbXAxGwVjb21wMhsEdXNlcoENbm9uZUBub25lLm9y
+Z4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/
+BAQDAgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAl
+MCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0B
+AQsFAAOBgQAJNK+h7t8k/1OcmCW+Wp1Bi1aSDKKjO2lTgOscN3lBEc/1oTwIaA3l
+SoN6vqxTV9Y1wk6I8+EHnVY18rsw/BLL4zU0HT6d3LHqcKQcKCygkhlt1Ep6Fd+n
+S84mrNZgtqUb40J6KIolPa25fNTpMnxmwzz7reak87bO+WXnNlTF2g==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-long-dns-crq.pem b/tests/cert-tests/data/template-long-dns-crq.pem
new file mode 100644
index 0000000..411a658
--- /dev/null
+++ b/tests/cert-tests/data/template-long-dns-crq.pem
@@ -0,0 +1,61 @@
+PKCS #10 Certificate Request Information:
+	Version: 1
+	Subject: CN=super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Low (1024 bits)
+		Modulus (bits 1024):
+			00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59
+			f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b
+			05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7
+			33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42
+			e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77
+			86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69
+			af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d
+			8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3
+			05
+		Exponent (bits 24):
+			01:00:01
+	Signature Algorithm: RSA-SHA256
+	Attributes:
+		Extensions:
+			Subject Alternative Name (not critical):
+				DNSname: super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com
+			Basic Constraints (critical):
+				Certificate Authority (CA): FALSE
+			Key Purpose (critical):
+				Time stamping.
+				Ipsec IKE.
+			Key Usage (critical):
+				Digital signature.
+				Key encipherment.
+Other Information:
+	Public Key ID:
+		sha1:5d40adf0ce9440958b7e99941d925422ca72365f
+		sha256:472f7ef457b70a57a585094b285fdaef7ad72553495701ecd4f2a6dcb477b50e
+	Public Key PIN:
+		pin-sha256:Ry9+9Fe3ClelhQlLKF/a73rXJVNJVwHs1PKm3LR3tQ4=
+
+Self signature: verified
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIDlzCCAwACAQAwgf0xgfowgfcGA1UEAxOB73N1cGVyLXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LWxvbmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TP
+E5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+
+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABoIIB
+VzCCAVMGCSqGSIb3DQEJDjGCAUQwggFAMIH9BgNVHREEgfUwgfKCge9zdXBlci12
+ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5
+LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl
+cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt
+dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy
+eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS1sb25nLmNvbTAMBgNVHRMB
+Af8EAjAAMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMIBggrBgEFBQcDETAOBgNVHQ8B
+Af8EBAMCBaAwDQYJKoZIhvcNAQELBQADgYEAayPv5BS2Rqrj7ajEUKz0TH1VZ/cx
+dTxaK4TXj8k6551jk/gyVZz4m0P61UeBL2Weqc2mWDhz6f7TAmUbtd4ZzBv4qn1h
+ses5EzF/1kMgWKzKMwAqT/LirwRMYFfkfAZjAbd71dYUnL+I84e4GaXcchH3hB2d
+sXtj4I9KZ9kWCf4=
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/cert-tests/data/template-nc.pem b/tests/cert-tests/data/template-nc.pem
new file mode 100644
index 0000000..2f5c870
--- /dev/null
+++ b/tests/cert-tests/data/template-nc.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECDCCA3GgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IB2jCCAdYwDwYDVR0TAQH/BAUw
+AwEB/zBkBgNVHREEXTBbggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5v
+cmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JngQ1ub25lQG5vbmUub3JngQ53aGVy
+ZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTCB6AYDVR0eAQH/BIHdMIHa
+oGswCocIwKgFAP///wAwCocICgoAAP//AAAwCocIrBd6AP///gAwIocg/Ez+j3/6
+GL0AAAAAAAAAAP//////////AAAAAAAAAAAwDYILZXhhbXBsZS5jb20wEoEQbm1h
+dkBleGFtcGxlLmNvbaFrMAqHCAoKZAD///8AMAqHCAoKZQD///8AMCKHIPxM/o9/
++hi9cshkuQAAAAD///////////////8AAAAAMAWCA25ldDAFggNvcmcwAoIAMA2B
+C2V4YW1wbGUubmV0MAyBCmV4YW1wbGUubGkwDgYDVR0PAQH/BAQDAgKEMB0GA1Ud
+DgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOgIaAfhh1odHRw
+Oi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQAAuMp9
+FZce8BcY2if70f9oPSoUsScb6ifG0b5TENhLXjJ+VicEPBAcsZ1uuwr2rrQsqHUv
+uGJXeRuJHW9j1DWBNEQJszXvlIamxn1eICMvTBHI3BRsI65w0xxYBURm83M95fkH
+h+OFUsRZl9TDNm0NAtpN2YGGmXbBNPxFZrruYw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-othername-xmpp.pem b/tests/cert-tests/data/template-othername-xmpp.pem
new file mode 100644
index 0000000..18dacc2
--- /dev/null
+++ b/tests/cert-tests/data/template-othername-xmpp.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAtCgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBOTCCATUwDAYDVR0TAQH/BAIw
+ADCBsAYDVR0RBIGoMIGlggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5v
+cmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBoCMGCCsGAQUFBwgFoBcM
+FWp1bGlldEBpbS5leGFtcGxlLmNvbaAdBggrBgEFBQcIBaARDA9oZWxsb0BoZWxs
+by5vcmeBDW5vbmVAbm9uZS5vcmeBDndoZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoG
+CCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmU
+HZJUIspyNl8wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3Js
+L2dldGNybC8wDQYJKoZIhvcNAQELBQADgYEAXJ2uw1jfcZTAcaTN7vsSHcXFi0dc
+3YphVaFWxlaV6tVbBk9+JXg56IC7bC2ebp9ndUOEvJhoXLEIxWg8k05cIZPfBgGN
+m32TPvHLZqMHn1EP4f2bOtCVcWp7NN3Ixc9SlejYXh5uNFOs6kXjC0O7vMGiySoT
+ZJUkIzvz7Nyieg8=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-othername.pem b/tests/cert-tests/data/template-othername.pem
new file mode 100644
index 0000000..598dfcd
--- /dev/null
+++ b/tests/cert-tests/data/template-othername.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAyCgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBiTCCAYUwDwYDVR0TAQH/BAUw
+AwEB/zCB/QYDVR0RBIH1MIHyggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9u
+ZS5vcmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBoDgGBisGAQUCAqAu
+MCygDRsLVkFOUkVJTi5PUkehGzAZoAYCBAAAAAKhDzANGwRyaWNrGwVhZG1pbqAX
+BgQqBAUGoA8EDWEgdGVzdCBzdHJpbmegHQYIKwYBBQUHCAegEQwPbm1hdkBnbnV0
+bHMub3JnoB0GCCsGAQUFBwgFoBEMD25tYXZAZ251dGxzLm9yZ4ENbm9uZUBub25l
+Lm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
+AQH/BAQDAgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8E
+JzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG
+9w0BAQsFAAOBgQBIZiGErDxIVvwcB6he3r28yA6zEtbdayuJVerNs1LArPEQMJ8o
+WGbFeGKIDKLsA3WEv9Gz/JTnTSYOxdqDsnS6CkxpXf7lOGUvd/0poK5wXiStTMki
+eq/GBXBWQifkFUK8NDQXbd+vu6fI0Y2iQCXz91CsEEZI+M43PoBCW6qV1Q==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-overflow.pem b/tests/cert-tests/data/template-overflow.pem
new file mode 100644
index 0000000..acc6214
--- /dev/null
+++ b/tests/cert-tests/data/template-overflow.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3zCCA0igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIBcNMDcwNDIyMDAwMDAwWhgPOTk5
+OTEyMzEyMzU5NTlaMIG4MQswCQYDVQQGEwJHUjEPMA0GA1UECBMGQXR0aWtpMRIw
+EAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRUwEwYD
+VQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMQwwCgYD
+VQQMEwNEci4xDzANBgNVBEETBmphY2thbDEcMBoGCSqGSIb3DQEJARYNbm9uZUBu
+b25lLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT
+8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdw
+EPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQw
+UZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOB9DCB8TAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAjoCGg
+H4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQELBQAD
+gYEAgDFwtZnVDxlkekWL4g332em+UahWRXz8Ta1WghrlbeHuDFQn22NDxEWi1yRB
+8vxrX0ejLHMFHLTOS4WnA+sj2ALdPFCkQXh97MPvXa2VWioSqphnxQX9gDJ0KddI
+rosJhO44Nihmnkh9ac4qrzyRyeAMcrZclK8Jh5RrB7F5hnQ=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-overflow2.pem b/tests/cert-tests/data/template-overflow2.pem
new file mode 100644
index 0000000..5c45093
--- /dev/null
+++ b/tests/cert-tests/data/template-overflow2.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3zCCA0igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIBcNMDcwNDIyMDAwMDAwWhgPMjI4
+MTAyMDMwMDAwMDBaMIG4MQswCQYDVQQGEwJHUjEPMA0GA1UECBMGQXR0aWtpMRIw
+EAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRUwEwYD
+VQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMQwwCgYD
+VQQMEwNEci4xDzANBgNVBEETBmphY2thbDEcMBoGCSqGSIb3DQEJARYNbm9uZUBu
+b25lLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT
+8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdw
+EPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQw
+UZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOB9DCB8TAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAjoCGg
+H4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQELBQAD
+gYEAGg7RvqcoW1e2KxVK4Dxe4c/6X9b6zQ+CEFwEyNr395nVt2qyhrZdGTDDNUE+
+4Wic7aQxJsg/gYOu8QsjLmngmON3cfevKV4SCad9MSn+1EqGqkxzKflwK3sNAkYU
+bfjHZK3Ots/zY4vsW/MNBdZRfcvBt/Ec90TLem0RhcOQRjc=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-rsa-sha3-224.pem b/tests/cert-tests/data/template-rsa-sha3-224.pem
new file mode 100644
index 0000000..218162f
--- /dev/null
+++ b/tests/cert-tests/data/template-rsa-sha3-224.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAw0FADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg
+YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl
+dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz
+LzANBglghkgBZQMEAw0FAAOBgQAdr2yQ0d3cQcRMrXZLw4aFOFMCjllhyD1tvY1P
+QojW8OP3BHCfIApCPrtpbbcGDGUuDIs1kHqCj58w/tnMGzD6jTGofi/MldAeyTg7
+WTA8DO0pO+mIuiMOr88nWAQ+tyV9pCMPiQ3+oNiB2ijlfUX3OY2psuu84i6Fo+ia
+nv3w/w==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-rsa-sha3-256.pem b/tests/cert-tests/data/template-rsa-sha3-256.pem
new file mode 100644
index 0000000..7d13d4c
--- /dev/null
+++ b/tests/cert-tests/data/template-rsa-sha3-256.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAw4FADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg
+YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl
+dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz
+LzANBglghkgBZQMEAw4FAAOBgQCTRxvie4wXDyaeB/2UwaWtqnD7EB8Y9S/eUd2b
+5HbDY746pJJNJACxtPs4oOp2mf0jV5iJFJwyiT2YbzJnRXVP4q/KASp10xaDVgXC
+UzLmnVlmSJ8UPpOqmrlctTpcUUogm56+ulaDBRDYDN6yxWB4787iWcpBRfy7YKR3
+/F3k+g==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-rsa-sha3-384.pem b/tests/cert-tests/data/template-rsa-sha3-384.pem
new file mode 100644
index 0000000..df8c515
--- /dev/null
+++ b/tests/cert-tests/data/template-rsa-sha3-384.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAw8FADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg
+YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl
+dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz
+LzANBglghkgBZQMEAw8FAAOBgQAts2YEtM3uKzfUTpXPouot34aI1IfnrCY9exFw
+TE3HZdU8sY3UZhOXS5rGhpKtSU5Yv1jtb0gFc/JGtaKPLVhTTa+PPIBIpkBFtDBL
+M7iuIWGCBxfp/8tuwlurOOrzHbneUEpDRBRd6J6pQY+VECPMDUmn03E/k/8rAYIf
+cY5rvA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-rsa-sha3-512.pem b/tests/cert-tests/data/template-rsa-sha3-512.pem
new file mode 100644
index 0000000..8d813bf
--- /dev/null
+++ b/tests/cert-tests/data/template-rsa-sha3-512.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAxAFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg
+YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl
+dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz
+LzANBglghkgBZQMEAxAFAAOBgQA2lFC18bQymlgBYyUqN7aLAeH0z4NLxpJOukjy
+2t3Pn5CHbwT31Pqk22uE5o/XMIIrO98coyfR4nz7R5aUL5E366Y7hZEK/0AbD0BA
+z12DZMWmlT6rLKID9rx2vCESqfr3ZPJPcymO1KxrtmB+gxmnV0k50pmYFzw8Hy8q
+pM4TBQ==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-sgenerate.pem b/tests/cert-tests/data/template-sgenerate.pem
new file mode 100644
index 0000000..8fa8188
--- /dev/null
+++ b/tests/cert-tests/data/template-sgenerate.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDszCCAmugAwIBAgIBBzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0xNDA1MjUwMDAwMDBaMFsxDDAK
+BgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEaMBgGA1UE
+BBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkTCEFya2FkaWFzMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15
+uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRo
+gx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/
+qQDjBQIDAQABo4IBFjCCARIwDwYDVR0TAQH/BAUwAwEB/zBqBgNVHREEYzBhggx3
+d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRo
+YW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzAT
+BgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0OBBYEFF1A
+rfDOlECVi36ZlB2SVCLKcjZfMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMB
+A+/PMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRj
+cmwvMA0GCSqGSIb3DQEBCwUAA4IBMQBQhjACri4i6KNQ4y5bUl3FI9RwaeMU/666
+fRWGebU5yiaqgmIKypH80S3zEJEeRff/Ptw0d4eAuHcinpCH+tnRej1MK9qJBRiL
+vjMkDgdT37fnPEK352Bmuzn06ghRSNoxVqvQtY03VYMoNrOm/WNazcyxifhc35m8
+KFdAMTW+l5qwzzxkSqKHl0zH2E6kY5pUUXoZ+OvXVDzKS/e+SQ+6E7wSAKHykiwS
+EKPjNOUCjUDUEdvSAAzQkB1d944F5ocUHQlzy507cJ4kmqp/gxIMZRne43yVXrdp
+jdJo6jRgWLzcKuxhiVsrR7pU3jY6XVT1PZGRVTRl9Ve4FZ89we6klzE/rgou2SiJ
+ba2zZsZD/lJ7WgujgN7L3URPrv40asi5TBVGjaEqr/ddI34ABAA8
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-test-ecc.key b/tests/cert-tests/data/template-test-ecc.key
new file mode 100644
index 0000000..a3cd7c7
--- /dev/null
+++ b/tests/cert-tests/data/template-test-ecc.key
@@ -0,0 +1,40 @@
+Public Key Info:
+	Public Key Algorithm: EC
+	Key Security Level: High (256 bits)
+
+curve:	SECP256R1
+private key:
+	00:88:80:ce:07:cb:70:5b:e7:83:f6:fe:dd:b5:2f:16
+	2d:c1:d3:1d:64:a6:3b:f9:56:92:5d:ad:a0:0a:db:23
+	9b:
+
+x:
+	60:f0:ee:7d:80:10:b9:00:4e:b6:3b:01:35:ea:37:f4
+	35:e0:7e:84:ce:1d:3e:02:bb:e3:4b:b7:63:cf:23:6a
+	
+
+y:
+	00:ce:07:0b:b6:61:44:1e:c7:2b:d6:bb:37:67:43:b8
+	5e:cb:1b:0d:44:64:92:87:2c:b7:08:91:cf:89:e7:04
+	40:
+
+
+Public Key ID: CC:59:3D:71:8E:44:9D:42:A7:B2:B5:86:C5:1F:2B:E3:A9:33:65:E8
+Public key's random art:
++--[SECP256R1]----+
+|           o=.o. |
+|           +.Bo  |
+|          o O.o  |
+|       o o * + o |
+|        S o.= o  |
+|          .oo+   |
+|         . oo    |
+|          E.     |
+|          .o     |
++-----------------+
+
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEIQCIgM4Hy3Bb54P2/t21LxYtwdMdZKY7+VaSXa2gCtsjm6AKBggqhkjO
+PQMBB6FEA0IABGDw7n2AELkATrY7ATXqN/Q14H6Ezh0+ArvjS7djzyNqzgcLtmFE
+Hscr1rs3Z0O4XssbDURkkocstwiRz4nnBEA=
+-----END EC PRIVATE KEY-----
diff --git a/tests/cert-tests/data/template-test.key b/tests/cert-tests/data/template-test.key
new file mode 100644
index 0000000..3b5886d
--- /dev/null
+++ b/tests/cert-tests/data/template-test.key
@@ -0,0 +1,86 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Low
+
+modulus:
+	00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:
+	59:f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:
+	86:8b:05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:
+	4a:38:f7:33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:
+	70:10:fb:42:e9:d8:9d:18:65:7e:19:49:fc:05:96:
+	04:68:83:1e:77:86:bf:ed:f5:e5:12:3b:13:fe:33:
+	18:9c:1a:7a:1d:69:af:47:02:60:7a:1f:b9:e8:cf:
+	db:c8:34:30:51:96:3d:8c:96:5c:00:bc:61:de:08:
+	0f:b1:36:21:7f:a9:00:e3:05:
+public exponent:
+	01:00:01:
+private exponent:
+	00:a0:b7:b2:57:6b:83:1a:4f:01:05:53:3f:79:0c:
+	e7:bf:0e:03:4a:0b:e5:b6:b5:76:9d:bf:c7:77:d8:
+	8f:00:de:ed:77:21:31:3c:4d:77:f3:8e:aa:8e:9e:
+	9c:b2:c7:ae:1d:2c:61:c3:60:ff:59:4e:05:c9:61:
+	56:cb:8f:dd:58:eb:b0:40:f8:dd:8d:02:c5:aa:19:
+	3d:fd:b5:89:6f:f8:88:5a:5d:fd:69:8a:21:76:76:
+	9e:c9:fa:50:5f:95:50:3e:b1:79:0d:ce:40:52:e6:
+	08:83:13:ee:a0:a5:69:8d:4c:3e:43:e5:4e:94:82:
+	a1:10:51:a6:92:fc:d3:f9:ad:
+prime1:
+	00:d3:29:62:57:21:b8:17:ad:3e:22:d1:1c:ce:8f:
+	66:f7:67:8d:fd:47:64:99:96:5f:e0:0f:3c:cf:5d:
+	48:3f:17:94:72:4d:5e:d4:eb:4e:41:41:dd:62:56:
+	13:08:86:e8:94:1e:66:04:18:68:44:39:cc:60:6e:
+	90:b0:b6:cb:07:
+prime2:
+	00:c8:fa:51:7c:f2:60:97:41:5c:d0:9f:b6:55:a7:
+	db:a7:3f:b4:6e:cc:bf:a7:b1:09:3a:bb:55:52:23:
+	57:15:60:32:2a:c4:49:8b:ad:02:12:8d:df:aa:4e:
+	bf:b6:37:b9:41:59:d8:17:f5:08:b2:f9:aa:35:30:
+	b1:55:99:c2:93:
+coefficient:
+	56:f4:fd:a3:36:0a:fc:f8:79:7e:86:84:69:b9:6e:
+	51:6f:11:bb:d7:7e:ba:0a:aa:9a:3f:22:70:5c:42:
+	a4:fe:96:3f:6d:61:db:0e:56:50:a9:ad:53:a5:a8:
+	d4:e2:8f:ca:5c:5d:0c:88:7d:b5:17:7d:58:73:37:
+	7d:1e:1e:04:
+exp1:
+	00:90:ec:5f:3c:f3:bc:78:2b:83:70:bb:da:2c:7e:
+	49:29:d5:9d:a2:ce:43:e2:11:4d:9d:e6:77:52:ce:
+	6f:ce:35:6d:c1:81:0e:6b:cd:4f:39:04:6e:5f:96:
+	39:9b:e9:93:68:4c:f0:b1:30:db:26:b0:10:6f:c2:
+	92:75:66:0f:33:
+exp2:
+	23:54:a5:f8:a2:1f:4a:d7:c9:ba:3f:29:6d:9b:69:
+	a8:d8:31:1e:fd:4d:7f:ec:46:64:15:c4:a5:00:e3:
+	71:35:8c:fc:29:af:88:27:6c:e2:d8:20:06:af:7b:
+	52:4c:2f:7c:06:90:4f:7d:da:fe:a3:97:41:6c:82:
+	f0:3a:6c:93:
+
+Public Key ID: 5D:40:AD:F0:CE:94:40:95:8B:7E:99:94:1D:92:54:22:CA:72:36:5F
+Public key's random art:
++--[ RSA 1032]----+
+|       .o+*=.    |
+|     . .o.+oo    |
+|    . *  =EB..   |
+|     + o.oO..    |
+|       .S=.o     |
+|        . *      |
+|         .       |
+|                 |
+|                 |
++-----------------+
+
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sq
+r4TPE5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUS
+OxP+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQAB
+AoGBAKC3sldrgxpPAQVTP3kM578OA0oL5ba1dp2/x3fYjwDe7XchMTxNd/OOqo6e
+nLLHrh0sYcNg/1lOBclhVsuP3VjrsED43Y0CxaoZPf21iW/4iFpd/WmKIXZ2nsn6
+UF+VUD6xeQ3OQFLmCIMT7qClaY1MPkPlTpSCoRBRppL80/mtAkEA0yliVyG4F60+
+ItEczo9m92eN/UdkmZZf4A88z11IPxeUck1e1OtOQUHdYlYTCIbolB5mBBhoRDnM
+YG6QsLbLBwJBAMj6UXzyYJdBXNCftlWn26c/tG7Mv6exCTq7VVIjVxVgMirESYut
+AhKN36pOv7Y3uUFZ2Bf1CLL5qjUwsVWZwpMCQQCQ7F8887x4K4Nwu9osfkkp1Z2i
+zkPiEU2d5ndSzm/ONW3BgQ5rzU85BG5fljmb6ZNoTPCxMNsmsBBvwpJ1Zg8zAkAj
+VKX4oh9K18m6Pyltm2mo2DEe/U1/7EZkFcSlAONxNYz8Ka+IJ2zi2CAGr3tSTC98
+BpBPfdr+o5dBbILwOmyTAkBW9P2jNgr8+Hl+hoRpuW5RbxG71366CqqaPyJwXEKk
+/pY/bWHbDlZQqa1TpajU4o/KXF0MiH21F31Yczd9Hh4E
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/template-test.pem b/tests/cert-tests/data/template-test.pem
new file mode 100644
index 0000000..98050fb
--- /dev/null
+++ b/tests/cert-tests/data/template-test.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC
+hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg
+YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl
+dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz
+LzANBgkqhkiG9w0BAQsFAAOBgQARxtGtk2+b3NCfus/17o8pZzLwMMP9ZAd9mPm6
+5wNXenFyjKSRgQVQbPHvGPEdDC/NZLQC6AM+GYdwXMvEJDjnA0rC7m1xlgEzTbOB
+vcx+LTnFpjVQOWWSO1QD8ppf90gf/p97CHhURNDoF6W50fbnvkAwz/noZbwiJ/1V
+V2jg6Q==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-tlsfeature.csr b/tests/cert-tests/data/template-tlsfeature.csr
new file mode 100644
index 0000000..8e5d825
--- /dev/null
+++ b/tests/cert-tests/data/template-tlsfeature.csr
@@ -0,0 +1,62 @@
+PKCS #10 Certificate Request Information:
+	Version: 1
+	Subject: pseudonym=jackal,title=Dr.,UID=clauper,CN=Cindy Lauper,OU=sleeping dept.,O=Koko inc.,ST=Attiki,C=GR
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Low (1024 bits)
+		Modulus (bits 1024):
+			00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59
+			f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b
+			05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7
+			33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42
+			e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77
+			86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69
+			af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d
+			8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3
+			05
+		Exponent (bits 24):
+			01:00:01
+	Signature Algorithm: RSA-SHA256
+	Attributes:
+		Extensions:
+			Subject Alternative Name (not critical):
+				DNSname: www.none.org
+				DNSname: www.morethanone.org
+				DNSname: www.evenmorethanone.org
+				IPAddress: 192.168.1.1
+				RFC822Name: none@none.org
+				RFC822Name: where@none.org
+			Basic Constraints (critical):
+				Certificate Authority (CA): FALSE
+			Key Purpose (critical):
+				OCSP signing.
+			Key Usage (critical):
+				Digital signature.
+			TLS Features (not critical):
+				OCSP Status Request(5)
+				17
+Other Information:
+	Public Key ID:
+		sha1:5d40adf0ce9440958b7e99941d925422ca72365f
+		sha256:472f7ef457b70a57a585094b285fdaef7ad72553495701ecd4f2a6dcb477b50e
+	Public Key PIN:
+		pin-sha256:Ry9+9Fe3ClelhQlLKF/a73rXJVNJVwHs1PKm3LR3tQ4=
+
+Self signature: verified
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICqDCCAhECAQAwgZoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNV
+BAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNV
+BAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5ge
+HEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+Mxic
+Gnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABoIHMMIHJ
+BgkqhkiG9w0BCQ4xgbswgbgwagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cu
+bW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYEN
+bm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwDAYDVR0TAQH/BAIwADAWBgNV
+HSUBAf8EDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwFAYIKwYBBQUHARgE
+CDAGAgEFAgERMA0GCSqGSIb3DQEBCwUAA4GBAJVede27qO1+KIeEQSj4RVmu/L4i
+jLEevh7yLp6mO0j90wkUL1/7ylda3qmStXsJxreCiVBPdQUoxzvyNMtoaX2WZ6O5
+fJPB8K+8+2KRVX/qJLP/9GhosIN6DkE9OpoMTEK0ZkXPaK+ckZXtyhkwUf3Xv/rV
+GQAku1457L334BPQ
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/cert-tests/data/template-tlsfeature.pem b/tests/cert-tests/data/template-tlsfeature.pem
new file mode 100644
index 0000000..f3d9d4a
--- /dev/null
+++ b/tests/cert-tests/data/template-tlsfeature.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMzCCA5ygAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z
+bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG
+A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggFJMIIBRTAUBggrBgEFBQcBGAQIMAYC
+AQUCAREwDAYDVR0TAQH/BAIwADBqBgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3
+dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEB
+gQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEF
+BQcDCTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLK
+cjZfMG8GA1UdHwRoMGYwZKBioGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRj
+cmwxL4YeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3
+LmdldGNybC5jcmwvZ2V0Y3JsMy8wDQYJKoZIhvcNAQELBQADgYEACHLRiqdsflQ/
+WYs+JFLe/jSQgGejG9qa0rLsvUp+cjjTZBcdk6jTwHu4IKTVTlgMMg1QvHUvpFQ6
+5ORHyAxXC/QSPemNdoCDJ0CCc89uLEuTvPj4SzCpzU4OZhHqTtkJT3XHdpKP58nq
+zoFAI4bSYmuRrDYIeEs5jf9IfxG4Lrg=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-unique.pem b/tests/cert-tests/data/template-unique.pem
new file mode 100644
index 0000000..71ede4a
--- /dev/null
+++ b/tests/cert-tests/data/template-unique.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCApygAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABgQgAERQjJCUSJIIGAAAVIyQlo4H0
+MIHxMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3
+d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgB
+AYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwkwDgYDVR0PAQH/BAQDAgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQi
+ynI2XzAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0
+Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQAxXXIeP7WgxOzNt67f/vCnqwEvpbrCrRfW
+U1HEvMvzldQwk1x6+AOhxAghb3xtjN5tK+sdOXucylWhVwsGvGAerZMtKhbmbxGE
+Y2QuUZBpdy8Y0ptWMQFuyDPCNQMtT/mXcstfB34RX0IEB6rZrb1s3HYWXHCshED/
+KHhTIMGNGw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/template-utf8.pem b/tests/cert-tests/data/template-utf8.pem
new file mode 100644
index 0000000..9f303b2
--- /dev/null
+++ b/tests/cert-tests/data/template-utf8.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyTCCAzKgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJHUjEV
+MBMGA1UECAwMzpHPhM+EzrnOus6uMSQwIgYDVQQKDBvOnM61zrPOrM67zrcgzrXP
+hM6xzrnPgc6vzrExDTALBgNVBAMMBPCfkKgwHhcNMDcwNDIyMDAwMDAwWhcNMDgw
+NDIxMDAwMDAwWjBZMQswCQYDVQQGEwJHUjEVMBMGA1UECAwMzpHPhM+EzrnOus6u
+MSQwIgYDVQQKDBvOnM61zrPOrM67zrcgzrXPhM6xzrnPgc6vzrExDTALBgNVBAMM
+BPCfkKgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGfMIIBmzAMBgNVHRMBAf8EAjAAMIIB
+agYDVR0gBIIBYTCCAV0wgY8GDCsGAQQBqmwBCmMBADB/MEgGCCsGAQUFBwICMDwM
+Os6czrnOsSDPgM6/zrvOuc+EzrnOus6uIM+Azr/PhSDOuM6tzrvOtc65IM60zrnO
+rM6yzrHPg868zrEwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZXhhbXBsZS5jb20v
+YS1wb2xpY3ktdG8tcmVhZDBpBgwrBgEEAapsAQpjAQEwWTAcBggrBgEFBQcCAjAQ
+DA5Bbm90aGVyIHBvbGljeTA5BggrBgEFBQcCARYtaHR0cDovL3d3dy5leGFtcGxl
+LmNvbS9hbm90aGVyLXBvbGljeS10by1yZWFkMF4GDCsGAQQBqmwBCmMBAjBOMBsG
+CCsGAQUFBwICMA8MDU1vcmUgcG9saWNpZXMwLwYIKwYBBQUHAgEWI2h0dHA6Ly9l
+eGFtcGxlLmNvbS9hLXBvbGljeS10by1yZWFkMB0GA1UdDgQWBBRdQK3wzpRAlYt+
+mZQdklQiynI2XzANBgkqhkiG9w0BAQsFAAOBgQCKO4pK+caD7hYLA6RB3yWN8+t2
+nFi5m+BSyBVn3z4xzvVZOtio7g1ic+uJyLJ2pft7Z+0qVCwTCUrVVzrEMvZyi+/K
++b25BowuzM7YVzcxLsYCcBGhuUkd/uSUdNPOQrwoh6jIBNXf0y5FGPPr03o9VBKJ
+vewp5+e+L+H10b6mCg==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/test-null.p12 b/tests/cert-tests/data/test-null.p12
new file mode 100644
index 0000000..4db0afb
--- /dev/null
+++ b/tests/cert-tests/data/test-null.p12
diff --git a/tests/cert-tests/data/truncated.pub b/tests/cert-tests/data/truncated.pub
new file mode 100644
index 0000000..29e181e
--- /dev/null
+++ b/tests/cert-tests/data/truncated.pub
@@ -0,0 +1 @@
+�
diff --git a/tests/cert-tests/data/unclient.p12 b/tests/cert-tests/data/unclient.p12
new file mode 100644
index 0000000..68ef420
--- /dev/null
+++ b/tests/cert-tests/data/unclient.p12
diff --git a/tests/cert-tests/data/unencpkcs8.pem b/tests/cert-tests/data/unencpkcs8.pem
new file mode 100644
index 0000000..794dfd7
--- /dev/null
+++ b/tests/cert-tests/data/unencpkcs8.pem
@@ -0,0 +1,79 @@
+   0  629: SEQUENCE {
+   4    1:   INTEGER 0
+   7   11:   SEQUENCE {
+   9    9:     OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
+         :     }
+  20  609:   OCTET STRING, encapsulates {
+  24  605:     SEQUENCE {
+  28    1:       INTEGER 0
+  31  129:       INTEGER
+         :         00 BB 24 7A 09 7E 0E B2 37 32 CC 39 67 AD F1 9E
+         :         3D 6B 82 83 D1 D0 AC A4 C0 18 BE 8D 98 00 C0 7B
+         :         FF 07 44 C9 CA 1C BA 36 E1 27 69 FF B1 E3 8D 8B
+         :         EE 57 A9 3A AA 16 43 39 54 19 7C AE 69 24 14 F6
+         :         64 FF BC 74 C6 67 6C 4C F1 02 49 69 C7 2B E1 E1
+         :         A1 A3 43 14 F4 77 8F C8 D0 85 5A 35 95 AC 62 A9
+         :         C1 21 00 77 A0 8B 97 30 B4 5A 2C B8 90 2F 48 A0
+         :         05 28 4B F2 0F 8D EC 8B 4D 03 42 75 D6 AD 81 C0
+         :                 [ Another 1 bytes skipped ]
+ 163    3:       INTEGER 65537
+ 168  128:       INTEGER
+         :         00 FC B9 4A 26 07 89 51 2B 53 72 91 E0 18 3E A6
+         :         5E 31 EF 9C 0C 16 24 42 D0 28 33 F9 FA D0 3C 54
+         :         04 06 C0 15 F5 1B 9A B3 24 31 AB 3C 6B 47 43 B0
+         :         D2 A9 DC 05 E1 81 59 B6 04 E9 66 61 AA D7 0B 00
+         :         8F 3D E5 BF A2 F8 5E 25 6C 1E 22 0F B4 FD 41 E2
+         :         03 31 5F DA 20 C5 C0 F3 55 0E E1 C9 EC D7 3E 2A
+         :         0C 01 CA 7B 22 CB AC F4 2B 27 F0 78 5F B5 C2 F9
+         :         E8 14 5A 6E 7E 86 BD 6A 9B 20 0C BA CC 97 20 11
+ 299   65:       INTEGER
+         :         00 C9 59 9F 29 8A 5B 9F E3 2A D8 7E C2 40 9F A8
+         :         45 E5 3E 11 8D 3C ED 6E AB CE D0 65 46 D8 C7 07
+         :         63 B5 23 34 F4 9F 7E 1C C7 C7 F9 65 D1 F4 04 42
+         :         38 BE 3A 0C 9D 08 25 FC A3 71 D9 AE 0C 39 61 F4
+         :         89
+ 366   65:       INTEGER
+         :         00 ED EF AB A9 D5 39 9C EE 59 1B FF CF 48 44 1B
+         :         B6 32 E7 46 24 F3 04 7F DE 95 08 6D 75 9E 67 17
+         :         BA 5C A4 D4 E2 E2 4D 77 CE EB 66 29 C5 96 E0 62
+         :         BB E5 AC DC 44 62 54 86 ED 64 0C CE D0 60 03 9D
+         :         49
+ 433   64:       INTEGER
+         :         54 D9 18 72 27 E4 BE 76 BB 1A 6A 28 2F 95 58 12
+         :         C4 2C A8 B6 CC E2 FD 0D 17 64 C8 18 D7 C6 DF 3D
+         :         4C 1A 9E F9 2A B0 B9 2E 12 FD EC C3 51 C1 ED A9
+         :         FD B7 76 93 41 D8 C8 22 94 1A 77 F6 9C C3 C3 89
+ 499   65:       INTEGER
+         :         00 8E F9 A7 08 AD B5 2A 04 DB 8D 04 A1 B5 06 20
+         :         34 D2 CF C0 89 B1 72 31 B8 39 8B CF E2 8E A5 DA
+         :         4F 45 1E 53 42 66 C4 30 4B 29 8E C1 69 17 29 8C
+         :         8A E6 0F 82 68 A1 41 B3 B6 70 99 75 A9 27 18 E4
+         :         E9
+ 566   65:       INTEGER
+         :         00 89 EA 6E 6D 70 DF 25 5F 18 3F 48 DA 63 10 8B
+         :         FE A8 0C 94 0F DE 97 56 53 89 94 E2 1E 2C 74 3C
+         :         91 81 34 0B A6 40 F8 CB 2A 60 8C E0 02 B7 89 93
+         :         CF 18 9F 49 54 FD 7D 3F 9A EF D4 A4 4F C1 45 99
+         :         91
+         :       }
+         :     }
+         :   }
+
+0 warnings, 0 errors.
+
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADALBgkqhkiG9w0BAQEEggJhMIICXQIBAAKBgQC7JHoJfg6yNzLMOWet
+8Z49a4KD0dCspMAYvo2YAMB7/wdEycocujbhJ2n/seONi+5XqTqqFkM5VBl8rmkk
+FPZk/7x0xmdsTPECSWnHK+HhoaNDFPR3j8jQhVo1laxiqcEhAHegi5cwtFosuJAv
+SKAFKEvyD43si00DQnXWrYHAEQIDAQABAoGAAPy5SiYHiVErU3KR4Bg+pl4x75wM
+FiRC0Cgz+frQPFQEBsAV9RuasyQxqzxrR0Ow0qncBeGBWbYE6WZhqtcLAI895b+i
++F4lbB4iD7T9QeIDMV/aIMXA81UO4cns1z4qDAHKeyLLrPQrJ/B4X7XC+egUWm5+
+hr1qmyAMusyXIBECQQDJWZ8piluf4yrYfsJAn6hF5T4RjTztbqvO0GVG2McHY7Uj
+NPSffhzHx/ll0fQEQji+OgydCCX8o3HZrgw5YfSJAkEA7e+rqdU5nO5ZG//PSEQb
+tjLnRiTzBH/elQhtdZ5nF7pcpNTi4k13zutmKcWW4GK75azcRGJUhu1kDM7QYAOd
+SQJAVNkYcifkvna7GmooL5VYEsQsqLbM4v0NF2TIGNfG3z1MGp75KrC5LhL97MNR
+we2p/bd2k0HYyCKUGnf2nMPDiQJBAI75pwittSoE240EobUGIDTSz8CJsXIxuDmL
+z+KOpdpPRR5TQmbEMEspjsFpFymMiuYPgmihQbO2cJl1qScY5OkCQQCJ6m5tcN8l
+Xxg/SNpjEIv+qAyUD96XVlOJlOIeLHQ8kYE0C6ZA+MsqYIzgAreJk88Yn0lU/X0/
+mu/UpE/BRZmR
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/userid.pem b/tests/cert-tests/data/userid.pem
new file mode 100644
index 0000000..2f34747
--- /dev/null
+++ b/tests/cert-tests/data/userid.pem
@@ -0,0 +1,59 @@
+# This file contains a X.509 certificate with a UID field, encoded as
+# an IA5String rather than DirectoryString (i.e., TeletexString,
+# PrintableString, UniversalString, UTF8String, or BMPString) which is
+# the correct approach.  For compatibility, it seems good to make sure
+# that newer versions of GnuTLS continue to be able to read such
+# certificates.
+
+# Thanks to Max Kellermann <max@duempel.org> who reported this problem
+# to gnutls-dev@gnupg.org, see Message-ID:
+# <20061220125309.GA2668@roonstrasse.net>.
+
+# Copyright (C) 2006-2010, 2012 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.
+
+X.509 certificate info:
+
+Version: 3
+Serial Number (hex): 00
+Subject: UID=simon
+Issuer: UID=simon
+Signature Algorithm: RSA-SHA
+Validity:
+	Not Before: Wed Dec 27 10:28:27 2006
+	Not After: Thu Dec 28 10:28:30 2006
+Subject Public Key Info:
+	Public Key Algorithm: RSA (512 bits)
+modulus:
+	bd:a2:fc:48:9e:c0:4c:e9:57:d0:48:17:58:6e:1f:
+	74:e3:15:d5:80:db:9d:31:0b:dd:29:a2:f3:05:45:
+	80:70:78:02:fe:9c:a1:92:f3:86:47:ea:f7:e9:36:
+	8c:28:10:fd:fa:3f:1d:74:7b:bb:f3:0e:8b:99:44:
+	05:0e:11:6f:
+public exponent:
+	01:00:01:
+
+X.509 Extensions:
+	Basic Constraints: (critical)
+		CA:FALSE
+	Subject Key ID: 
+		5E:AE:28:4A:25:2D:BD:EC:74:DC:71:E1:5E:23:9A:96:05:D8:4B:D7
+
+Other information:
+	MD5 Fingerprint: E3:26:D8:E5:5F:54:AA:34:B9:DF:4C:1C:D6:82:CF:F2
+	SHA1 Fingerprint: 5F:6E:FB:6D:B5:85:81:63:A8:1A:DC:9F:50:75:0D:57:56:53:FB:83
+	Public Key ID: 5E:AE:28:4A:25:2D:BD:EC:74:DC:71:E1:5E:23:9A:96:05:D8:4B:D7
+
+
+-----BEGIN CERTIFICATE-----
+MIIBRjCB86ADAgECAgEAMAsGCSqGSIb3DQEBBTAXMRUwEwYKCZImiZPyLGQBARYF
+c2ltb24wHhcNMDYxMjI3MDkyODI3WhcNMDYxMjI4MDkyODMwWjAXMRUwEwYKCZIm
+iZPyLGQBARYFc2ltb24wWTALBgkqhkiG9w0BAQEDSgAwRwJAvaL8SJ7ATOlX0EgX
+WG4fdOMV1YDbnTEL3Smi8wVFgHB4Av6coZLzhkfq9+k2jCgQ/fo/HXR7u/MOi5lE
+BQ4RbwIDAQABoy8wLTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRerihKJS297HTc
+ceFeI5qWBdhL1zALBgkqhkiG9w0BAQUDQQBUuTMcLeWAXr6ihKcEdMm+pIRc5XGb
+5Y7m+47risTzyqpPnDzwXI4vJm4BxHmCQg8oarkBNHaKv7nA6hCFi48w
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/very-long-dn.pem b/tests/cert-tests/data/very-long-dn.pem
new file mode 100644
index 0000000..072726c
--- /dev/null
+++ b/tests/cert-tests/data/very-long-dn.pem
@@ -0,0 +1,340 @@
+X.509 Certificate Information:
+	Version: 1
+	Serial Number (hex): 00c0fac954e19975f3
+	Issuer: EMAIL=webmaster@dip-caceres.es,CN=www.dip-caceres.es,OU=DIPUTACION PROVINCIAL DE CACERES,O=DIPUTACION PROVINCIAL DE CACERES,L=CACERES,ST=CACERES,C=ES
+	Validity:
+		Not Before: Tue Jun 02 09:27:33 UTC 2015
+		Not After: Fri May 30 09:27:33 UTC 2025
+	Subject: 2.5.29.17=#1382304b444e532e313d6162616469612e65732c444e532e323d61626572747572612e65732c444e532e333d616365626f2e65732c444e532e343d61636568756368652e65732c444e532e353d6163656974756e612e65732c444e532e363d61686967616c2e65732c444e532e373d616c61676f6e64656c72696f2e65732c444e532e383d616c636f6c6c6172696e2e65732c444e532e393d6179746f616c62616c612e65732c444e532e31303d6179746f616c63616e746172612e65732c444e532e31313d616c637565736361722e65732c444e532e31323d616c64656163656e74656e6572612e65732c444e532e31333d616c64656164656c63616e6f2e65732c444e532e31343d6c61616c64656164656c6f626973706f2e65732c444e532e31353d616c6465616e7565766164656c61766572612e65732c444e532e31363d616c6465616e7565766164656c63616d696e6f2e65732c444e532e31373d616c64656875656c6164656c6a657274652e65732c444e532e31383d6179746f616c69612e65732c444e532e31393d616c69736564612e65732c444e532e32303d616c6d6172617a2e65732c444e532e32313d616c6d6f686172696e2e65732c444e532e32323d6179746f6172726f796f64656c616c757a2e65732c444e532e32333d6172726f796f6d6f6c696e6f732e65732c444e532e32343d6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e32353d62616e6f7364656d6f6e74656d61796f722e65732c444e532e32363d6261727261646f2e65732c444e532e32373d62656c76697364656d6f6e726f792e65732c444e532e32383d62656e71756572656e6369612e65732c444e532e32393d626572726f63616c656a6f2e65732c444e532e33303d6265727a6f63616e612e65732c444e532e33313d626f686f6e616c646569626f722e65732c444e532e33323d626f74696a612e65732c444e532e33333d62726f7a61732e65732c444e532e33343d636162616e617364656c63617374696c6c6f2e65732c444e532e33353d636162657a6162656c6c6f73612e65732c444e532e33363d636162657a75656c6164656c76616c6c652e65732c444e532e33373d6361627265726f2e65732c444e532e33383d636163686f7272696c6c612e65732c444e532e33393d636164616c736f2e65732c444e532e34303d63616c7a6164696c6c612e65732c444e532e34313d63616d696e6f6d6f726973636f2e65732c444e532e34323d63616d70696c6c6f646564656c6569746f73612e65732c444e532e34333d63616d706f6c756761722e65732c444e532e34343d63616e616d65726f2e65732c444e532e34353d63616e61766572616c2e65732c444e532e34363d63617262616a6f2e65732c444e532e34373d6361726361626f736f2e65732c444e532e34383d63617272617363616c656a6f2e65732c444e532e34393d63617361726465636163657265732e65732c444e532e35303d6361736172646570616c6f6d65726f2e65732c444e532e35313d6361736172657364656c61736875726465732e65732c444e532e35323d63617361736465646f6e616e746f6e696f2e65732c444e532e35333d63617361736465646f6e676f6d657a2e65732c444e532e35343d636173617364656c63617374616e61722e65732c444e532e35353d636173617364656c6d6f6e74652e65732c444e532e35363d636173617364656d696c6c616e2e65732c444e532e35373d636173617364656d697261766574652e65732c444e532e35383d6361736174656a6164612e65732c444e532e35393d636173696c6c61736465636f7269612e65732c444e532e36303d63617374616e6172646569626f722e65732c444e532e36313d6365636c6176696e2e65732c444e532e36323d636564696c6c6f2e65732c444e532e36333d636572657a6f2e65732c444e532e36343d63696c6c65726f732e65732c444e532e36353d636f6c6c61646f2e65732c444e532e36363d636f6e71756973746164656c617369657272612e65732c444e532e36373d636f7269612e65732c444e532e36383d637561636f73646579757374652e65732c444e532e36393d6c6163756d6272652e65732c444e532e37303d64656c6569746f73612e65732c444e532e37313d64657363617267616d617269612e65732c444e532e37323d656c6a61732e65732c444e532e37333d657363757269616c2e65732c444e532e37343d667265736e65646f736f646569626f722e65732c444e532e37353d67616c697374656f2e65732c444e532e37363d6761726369617a2e65732c444e532e37373d6c6167617267616e74612e65732c444e532e37383d67617267616e74616c616f6c6c612e65732c444e532e37393d67617267616e74696c6c612e65732c444e532e38303d67617267756572612e65732c444e532e38313d676172726f76696c6c61736465616c636f6e657461722e65732c444e532e38323d67617276696e2e65732c444e532e38333d676174612e65732c444e532e38343d6179746f656c676f72646f2e65732c444e532e38353d6c616772616e6a612e65732c444e532e38363d6c616772616e6a6164656772616e6164696c6c612e65732c444e532e38373d6179756e74616d69656e746f646567756164616c7570652e65732c444e532e38383d6775696a6f6465636f7269612e65732c444e532e38393d6775696a6f646567616c697374656f2e65732c444e532e39303d6775696a6f64656772616e6164696c6c612e65732c444e532e39313d6775696a6f646573616e7461626172626172612e65732c444e532e39323d6865726775696a75656c612e65732c444e532e39333d6865726e616e706572657a2e65732c444e532e39343d686572726572616465616c63616e746172612e65732c444e532e39353d68657272657275656c612e65732c444e532e39363d6865727661732e65732c444e532e39373d686967756572612e65732c444e532e39383d68696e6f6a616c2e65732c444e532e39393d686f6c67756572612e65732c444e532e3130303d686f796f732e65732c444e532e3130313d6875656c6167612e65732c444e532e3130323d6962616865726e616e646f2e65732c444e532e3130333d6a6172616963656a6f2e65732c444e532e3130343d6a617261697a64656c61766572612e65732c444e532e3130353d6a6172616e64696c6c6164656c61766572612e65732c444e532e3130363d6a6172696c6c612e65732c444e532e3130373d6a657274652e65732c444e532e3130383d6c616472696c6c61722e65732c444e532e3130393d6c6f67726f73616e2e65732c444e532e3131303d6c6f73617264656c61766572612e65732c444e532e3131313d6d6164726967616c656a6f2e65732c444e532e3131323d6d6164726967616c64656c61766572612e65732c444e532e3131333d6d6164726f6e6572612e65732c444e532e3131343d6d616a616461732e65732c444e532e3131353d6d616c706172746964616465636163657265732e65732c444e532e3131363d6d616c706172746964616465706c6173656e6369612e65732c444e532e3131373d6d617263686167617a2e65732c444e532e3131383d6d6174616465616c63616e746172612e65732c444e532e3131393d6d656d6272696f2e65732c444e532e3132303d6d65736173646569626f722e65732c444e532e3132313d6d69616a616461732e65732c444e532e3132323d6d696c6c616e65732e65732c444e532e3132333d6d69726162656c2e65732c444e532e3132343d6d6f686564617364656772616e6164696c6c612e65732c444e532e3132353d6d6f6e726f792e65732c444e532e3132363d6d6f6e74616e6368657a2e65732c444e532e3132373d6d6f6e74656865726d6f736f2e65732c444e532e3132383d6d6f72616c656a612e65732c444e532e3132393d6d6f7263696c6c6f2e65732c444e532e3133303d6e617661636f6e63656a6f2e65732c444e532e3133313d6e6176616c76696c6c6172646569626f722e65732c444e532e3133323d6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3133333d6e6176617364656c6d6164726f6e6f2e65732c444e532e3133343d6e6176617472617369657272612e65732c444e532e3133353d6e6176657a75656c61732e65732c444e532e3133363d6e756e6f6d6f72616c2e65732c444e532e3133373d6f6c6976616465706c6173656e6369612e65732c444e532e3133383d70616c6f6d65726f2e65732c444e532e3133393d70617361726f6e64656c61766572612e65732c444e532e3134303d706564726f736f64656163696d2e65732c444e532e3134313d706572616c65646164656c616d6174612e65732c444e532e3134323d706572616c656461646573616e726f6d616e2e65732c444e532e3134333d706572616c657364656c70756572746f2e65732c444e532e3134343d7065736375657a612e65732c444e532e3134353d6c6170657367612e65732c444e532e3134363d70696564726173616c6261732e65732c444e532e3134373d70696e6f6672616e71756561646f2e65732c444e532e3134383d70696f726e616c2e65732c444e532e3134393d706c6173656e7a75656c612e65732c444e532e3135303d706f7274616a652e65732c444e532e3135313d706f7274657a75656c6f2e65732c444e532e3135323d706f7a75656c6f64657a61727a6f6e2e65732c444e532e3135333d707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3135343d70756572746f646573616e74616372757a2e65732c444e532e3135353d7265626f6c6c61722e65732c444e532e3135363d72696f6c6f626f732e65732c444e532e3135373d726f626c6564696c6c6f6465676174612e65732c444e532e3135383d726f626c6564696c6c6f64656c61766572612e65732c444e532e3135393d726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3136303d726f626c65646f6c6c616e6f2e65732c444e532e3136313d726f6d616e676f72646f2e65732c444e532e3136323d7275616e65732e65732c444e532e3136333d73616c6f72696e6f2e65732c444e532e3136343d73616c7661746965727261646573616e746961676f2e65732c444e532e3136353d73616e6d617274696e646574726576656a6f2e65732c444e532e3136363d6179746f73616e7461616e612e65732c444e532e3136373d73616e74616372757a64656c617369657272612e65732c444e532e3136383d73616e74616372757a646570616e69616775612e65732c444e532e3136393d73616e74616d6172746164656d6167617363612e65732c444e532e3137303d73616e746961676f64656c63616d706f2e65732c444e532e3137313d73616e746962616e657a656c616c746f2e65732c444e532e3137323d73616e746962616e657a656c62616a6f2e65732c444e532e3137333d736175636564696c6c612e65732c444e532e3137343d7365677572616465746f726f2e65732c444e532e3137353d736572726164696c6c612e65732c444e532e3137363d73657272656a6f6e2e65732c444e532e3137373d73696572726164656675656e7465732e65732c444e532e3137383d74616c6176616e2e65732c444e532e3137393d74616c6176657275656c6164656c61766572612e65732c444e532e3138303d74616c617975656c612e65732c444e532e3138313d74656a65646164657469657461722e65732c444e532e3138323d746f72696c2e65732c444e532e3138333d746f726e6176616361732e65732c444e532e3138343d6179746f656c746f726e6f2e65732c444e532e3138353d746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3138363d746f72726563696c6c617364656c6174696573612e65732c444e532e3138373d746f7272656465646f6e6d696775656c2e65732c444e532e3138383d746f727265646573616e74616d617269612e65732c444e532e3138393d746f7272656a6f6e656c727562696f2e65732c444e532e3139303d746f7272656a6f6e63696c6c6f2e65732c444e532e3139313d746f7272656d656e67612e65732c444e532e3139323d746f7272656d6f6368612e65732c444e532e3139333d746f7272656f7267617a2e65732c444e532e3139343d746f7272657175656d6164612e65732c444e532e3139353d76616c64617374696c6c61732e65732c444e532e3139363d76616c646563616e6173646574616a6f2e65732c444e532e3139373d76616c64656675656e7465732e65732c444e532e3139383d76616c646568756e6361722e65732c444e532e3139393d76616c6465696e69676f732e65732c444e532e3230303d76616c64656c6163617361646574616a6f2e65732c444e532e3230313d76616c64656d6f72616c65732e65732c444e532e3230323d76616c64656f626973706f2e65732c444e532e3230333d76616c646573616c6f722e65732c444e532e3230343d76616c72696f2e65732c444e532e3230353d76616c656e6369616465616c63616e746172612e65732c444e532e3230363d76616c766572646564656c61766572612e65732c444e532e3230373d76616c766572646564656c667265736e6f2e65732c444e532e3230383d766567617669616e612e65732c444e532e3230393d7669616e64617264656c61766572612e65732c444e532e3231303d76696c6c6164656c63616d706f2e65732c444e532e3231313d76696c6c6164656c7265792e65732c444e532e3231323d76696c6c616d65736961732e65732c444e532e3231333d76696c6c616d69656c2e65732c444e532e3231343d76696c6c616e7565766164656c617369657272612e65732c444e532e3231353d76696c6c617264656c706564726f736f2e65732c444e532e3231363d76696c6c61726465706c6173656e6369612e65732c444e532e3231373d76696c6c61736275656e61736465676174612e65732c444e532e3231383d7a61727a6164656772616e6164696c6c612e65732c444e532e3231393d7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3232303d7a61727a616c616d61796f722e65732c444e532e3232313d7a6f726974612e65732c444e532e3232323d726f73616c656a6f2e65732c444e532e3232333d766567617669616e612e65732c444e532e3232343d616c61676f6e64656c72696f2e65732c444e532e3232353d7469657461722e65732c444e532e3232363d76616c646573616c6f722e65732c444e532e3232373d6e6176617472617369657272612e65732c444e532e3232383d7269766572616465667265736e65646f73612e65732c444e532e3232393d656c6d73616e67696c2e65732c444e532e3233303d74616a6f73616c6f722e65732c444e532e3233313d76616c6c65616d62726f7a2e65732c444e532e3233323d6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3233333d6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3233343d6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3233353d6d616e636f6d756e6964616464656c61766572612e65732c444e532e3233363d6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3233373d76696c6c7565726361732d69626f7265732d6a6172612e65732c444e532e3233383d7777772e6162616469612e65732c444e532e3233393d7777772e61626572747572612e65732c444e532e3234303d7777772e616365626f2e65732c444e532e3234313d7777772e61636568756368652e65732c444e532e3234323d7777772e6163656974756e612e65732c444e532e3234333d7777772e61686967616c2e65732c444e532e3234343d7777772e616c61676f6e64656c72696f2e65732c444e532e3234353d7777772e616c636f6c6c6172696e2e65732c444e532e3234363d7777772e6179746f616c62616c612e65732c444e532e3234373d7777772e6179746f616c63616e746172612e65732c444e532e3234383d7777772e616c637565736361722e65732c444e532e3234393d7777772e616c64656163656e74656e6572612e65732c444e532e3235303d7777772e616c64656164656c63616e6f2e65732c444e532e3235313d7777772e6c61616c64656164656c6f626973706f2e65732c444e532e3235323d7777772e616c6465616e7565766164656c61766572612e65732c444e532e3235333d7777772e616c6465616e7565766164656c63616d696e6f2e65732c444e532e3235343d7777772e616c64656875656c6164656c6a657274652e65732c444e532e3235353d7777772e6179746f616c69612e65732c444e532e3235363d7777772e616c69736564612e65732c444e532e3235373d7777772e616c6d6172617a2e65732c444e532e3235383d7777772e616c6d6f686172696e2e65732c444e532e3235393d7777772e6179746f6172726f796f64656c616c757a2e65732c444e532e3236303d7777772e6172726f796f6d6f6c696e6f732e65732c444e532e3236313d7777772e6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e3236323d7777772e62616e6f7364656d6f6e74656d61796f722e65732c444e532e3236333d7777772e6261727261646f2e65732c444e532e3236343d7777772e62656c76697364656d6f6e726f792e65732c444e532e3236353d7777772e62656e71756572656e6369612e65732c444e532e3236363d7777772e626572726f63616c656a6f2e65732c444e532e3236373d7777772e6265727a6f63616e612e65732c444e532e3236383d7777772e626f686f6e616c646569626f722e65732c444e532e3236393d7777772e626f74696a612e65732c444e532e3237303d7777772e62726f7a61732e65732c444e532e3237313d7777772e636162616e617364656c63617374696c6c6f2e65732c444e532e3237323d7777772e636162657a6162656c6c6f73612e65732c444e532e3237333d7777772e636162657a75656c6164656c76616c6c652e65732c444e532e3237343d7777772e6361627265726f2e65732c444e532e3237353d7777772e636163686f7272696c6c612e65732c444e532e3237363d7777772e636164616c736f2e65732c444e532e3237373d7777772e63616c7a6164696c6c612e65732c444e532e3237383d7777772e63616d696e6f6d6f726973636f2e65732c444e532e3237393d7777772e63616d70696c6c6f646564656c6569746f73612e65732c444e532e3238303d7777772e63616d706f6c756761722e65732c444e532e3238313d7777772e63616e616d65726f2e65732c444e532e3238323d7777772e63616e61766572616c2e65732c444e532e3238333d7777772e63617262616a6f2e65732c444e532e3238343d7777772e6361726361626f736f2e65732c444e532e3238353d7777772e63617272617363616c656a6f2e65732c444e532e3238363d7777772e63617361726465636163657265732e65732c444e532e3238373d7777772e6361736172646570616c6f6d65726f2e65732c444e532e3238383d7777772e6361736172657364656c61736875726465732e65732c444e532e3238393d7777772e63617361736465646f6e616e746f6e696f2e65732c444e532e3239303d7777772e63617361736465646f6e676f6d657a2e65732c444e532e3239313d7777772e636173617364656c63617374616e61722e65732c444e532e3239323d7777772e636173617364656c6d6f6e74652e65732c444e532e3239333d7777772e636173617364656d696c6c616e2e65732c444e532e3239343d7777772e636173617364656d697261766574652e65732c444e532e3239353d7777772e6361736174656a6164612e65732c444e532e3239363d7777772e636173696c6c61736465636f7269612e65732c444e532e3239373d7777772e63617374616e6172646569626f722e65732c444e532e3239383d7777772e6365636c6176696e2e65732c444e532e3239393d7777772e636564696c6c6f2e65732c444e532e3330303d7777772e636572657a6f2e65732c444e532e3330313d7777772e63696c6c65726f732e65732c444e532e3330323d7777772e636f6c6c61646f2e65732c444e532e3330333d7777772e636f6e71756973746164656c617369657272612e65732c444e532e3330343d7777772e636f7269612e65732c444e532e3330353d7777772e637561636f73646579757374652e65732c444e532e3330363d7777772e6c6163756d6272652e65732c444e532e3330373d7777772e64656c6569746f73612e65732c444e532e3330383d7777772e64657363617267616d617269612e65732c444e532e3330393d7777772e656c6a61732e65732c444e532e3331303d7777772e657363757269616c2e65732c444e532e3331313d7777772e667265736e65646f736f646569626f722e65732c444e532e3331323d7777772e67616c697374656f2e65732c444e532e3331333d7777772e6761726369617a2e65732c444e532e3331343d7777772e6c6167617267616e74612e65732c444e532e3331353d7777772e67617267616e74616c616f6c6c612e65732c444e532e3331363d7777772e67617267616e74696c6c612e65732c444e532e3331373d7777772e67617267756572612e65732c444e532e3331383d7777772e676172726f76696c6c61736465616c636f6e657461722e65732c444e532e3331393d7777772e67617276696e2e65732c444e532e3332303d7777772e676174612e65732c444e532e3332313d7777772e6179746f656c676f72646f2e65732c444e532e3332323d7777772e6c616772616e6a612e65732c444e532e3332333d7777772e6c616772616e6a6164656772616e6164696c6c612e65732c444e532e3332343d7777772e6179756e74616d69656e746f646567756164616c7570652e65732c444e532e3332353d7777772e6775696a6f6465636f7269612e65732c444e532e3332363d7777772e6775696a6f646567616c697374656f2e65732c444e532e3332373d7777772e6775696a6f64656772616e6164696c6c612e65732c444e532e3332383d7777772e6775696a6f646573616e7461626172626172612e65732c444e532e3332393d7777772e6865726775696a75656c612e65732c444e532e3333303d7777772e6865726e616e706572657a2e65732c444e532e3333313d7777772e686572726572616465616c63616e746172612e65732c444e532e3333323d7777772e68657272657275656c612e65732c444e532e3333333d7777772e6865727661732e65732c444e532e3333343d7777772e686967756572612e65732c444e532e3333353d7777772e68696e6f6a616c2e65732c444e532e3333363d7777772e686f6c67756572612e65732c444e532e3333373d7777772e686f796f732e65732c444e532e3333383d7777772e6875656c6167612e65732c444e532e3333393d7777772e6962616865726e616e646f2e65732c444e532e3334303d7777772e6a6172616963656a6f2e65732c444e532e3334313d7777772e6a617261697a64656c61766572612e65732c444e532e3334323d7777772e6a6172616e64696c6c6164656c61766572612e65732c444e532e3334333d7777772e6a6172696c6c612e65732c444e532e3334343d7777772e6a657274652e65732c444e532e3334353d7777772e6c616472696c6c61722e65732c444e532e3334363d7777772e6c6f67726f73616e2e65732c444e532e3334373d7777772e6c6f73617264656c61766572612e65732c444e532e3334383d7777772e6d6164726967616c656a6f2e65732c444e532e3334393d7777772e6d6164726967616c64656c61766572612e65732c444e532e3335303d7777772e6d6164726f6e6572612e65732c444e532e3335313d7777772e6d616a616461732e65732c444e532e3335323d7777772e6d616c706172746964616465636163657265732e65732c444e532e3335333d7777772e6d616c706172746964616465706c6173656e6369612e65732c444e532e3335343d7777772e6d617263686167617a2e65732c444e532e3335353d7777772e6d6174616465616c63616e746172612e65732c444e532e3335363d7777772e6d656d6272696f2e65732c444e532e3335373d7777772e6d65736173646569626f722e65732c444e532e3335383d7777772e6d69616a616461732e65732c444e532e3335393d7777772e6d696c6c616e65732e65732c444e532e3336303d7777772e6d69726162656c2e65732c444e532e3336313d7777772e6d6f686564617364656772616e6164696c6c612e65732c444e532e3336323d7777772e6d6f6e726f792e65732c444e532e3336333d7777772e6d6f6e74616e6368657a2e65732c444e532e3336343d7777772e6d6f6e74656865726d6f736f2e65732c444e532e3336353d7777772e6d6f72616c656a612e65732c444e532e3336363d7777772e6d6f7263696c6c6f2e65732c444e532e3336373d7777772e6e617661636f6e63656a6f2e65732c444e532e3336383d7777772e6e6176616c76696c6c6172646569626f722e65732c444e532e3336393d7777772e6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3337303d7777772e6e6176617364656c6d6164726f6e6f2e65732c444e532e3337313d7777772e6e6176617472617369657272612e65732c444e532e3337323d7777772e6e6176657a75656c61732e65732c444e532e3337333d7777772e6e756e6f6d6f72616c2e65732c444e532e3337343d7777772e6f6c6976616465706c6173656e6369612e65732c444e532e3337353d7777772e70616c6f6d65726f2e65732c444e532e3337363d7777772e70617361726f6e64656c61766572612e65732c444e532e3337373d7777772e706564726f736f64656163696d2e65732c444e532e3337383d7777772e706572616c65646164656c616d6174612e65732c444e532e3337393d7777772e706572616c656461646573616e726f6d616e2e65732c444e532e3338303d7777772e706572616c657364656c70756572746f2e65732c444e532e3338313d7777772e7065736375657a612e65732c444e532e3338323d7777772e6c6170657367612e65732c444e532e3338333d7777772e70696564726173616c6261732e65732c444e532e3338343d7777772e70696e6f6672616e71756561646f2e65732c444e532e3338353d7777772e70696f726e616c2e65732c444e532e3338363d7777772e706c6173656e7a75656c612e65732c444e532e3338373d7777772e706f7274616a652e65732c444e532e3338383d7777772e706f7274657a75656c6f2e65732c444e532e3338393d7777772e706f7a75656c6f64657a61727a6f6e2e65732c444e532e3339303d7777772e707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3339313d7777772e70756572746f646573616e74616372757a2e65732c444e532e3339323d7777772e7265626f6c6c61722e65732c444e532e3339333d7777772e72696f6c6f626f732e65732c444e532e3339343d7777772e726f626c6564696c6c6f6465676174612e65732c444e532e3339353d7777772e726f626c6564696c6c6f64656c61766572612e65732c444e532e3339363d7777772e726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3339373d7777772e726f626c65646f6c6c616e6f2e65732c444e532e3339383d7777772e726f6d616e676f72646f2e65732c444e532e3339393d7777772e7275616e65732e65732c444e532e3430303d7777772e73616c6f72696e6f2e65732c444e532e3430313d7777772e73616c7661746965727261646573616e746961676f2e65732c444e532e3430323d7777772e73616e6d617274696e646574726576656a6f2e65732c444e532e3430333d7777772e6179746f73616e7461616e612e65732c444e532e3430343d7777772e73616e74616372757a64656c617369657272612e65732c444e532e3430353d7777772e73616e74616372757a646570616e69616775612e65732c444e532e3430363d7777772e73616e74616d6172746164656d6167617363612e65732c444e532e3430373d7777772e73616e746961676f64656c63616d706f2e65732c444e532e3430383d7777772e73616e746962616e657a656c616c746f2e65732c444e532e3430393d7777772e73616e746962616e657a656c62616a6f2e65732c444e532e3431303d7777772e736175636564696c6c612e65732c444e532e3431313d7777772e7365677572616465746f726f2e65732c444e532e3431323d7777772e736572726164696c6c612e65732c444e532e3431333d7777772e73657272656a6f6e2e65732c444e532e3431343d7777772e73696572726164656675656e7465732e65732c444e532e3431353d7777772e74616c6176616e2e65732c444e532e3431363d7777772e74616c6176657275656c6164656c61766572612e65732c444e532e3431373d7777772e74616c617975656c612e65732c444e532e3431383d7777772e74656a65646164657469657461722e65732c444e532e3431393d7777772e746f72696c2e65732c444e532e3432303d7777772e746f726e6176616361732e65732c444e532e3432313d7777772e6179746f656c746f726e6f2e65732c444e532e3432323d7777772e746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3432333d7777772e746f72726563696c6c617364656c6174696573612e65732c444e532e3432343d7777772e746f7272656465646f6e6d696775656c2e65732c444e532e3432353d7777772e746f727265646573616e74616d617269612e65732c444e532e3432363d7777772e746f7272656a6f6e656c727562696f2e65732c444e532e3432373d7777772e746f7272656a6f6e63696c6c6f2e65732c444e532e3432383d7777772e746f7272656d656e67612e65732c444e532e3432393d7777772e746f7272656d6f6368612e65732c444e532e3433303d7777772e746f7272656f7267617a2e65732c444e532e3433313d7777772e746f7272657175656d6164612e65732c444e532e3433323d7777772e76616c64617374696c6c61732e65732c444e532e3433333d7777772e76616c646563616e6173646574616a6f2e65732c444e532e3433343d7777772e76616c64656675656e7465732e65732c444e532e3433353d7777772e76616c646568756e6361722e65732c444e532e3433363d7777772e76616c6465696e69676f732e65732c444e532e3433373d7777772e76616c64656c6163617361646574616a6f2e65732c444e532e3433383d7777772e76616c64656d6f72616c65732e65732c444e532e3433393d7777772e76616c64656f626973706f2e65732c444e532e3434303d7777772e76616c646573616c6f722e65732c444e532e3434313d7777772e76616c72696f2e65732c444e532e3434323d7777772e76616c656e6369616465616c63616e746172612e65732c444e532e3434333d7777772e76616c766572646564656c61766572612e65732c444e532e3434343d7777772e76616c766572646564656c667265736e6f2e65732c444e532e3434353d7777772e766567617669616e612e65732c444e532e3434363d7777772e7669616e64617264656c61766572612e65732c444e532e3434373d7777772e76696c6c6164656c63616d706f2e65732c444e532e3434383d7777772e76696c6c6164656c7265792e65732c444e532e3434393d7777772e76696c6c616d65736961732e65732c444e532e3435303d7777772e76696c6c616d69656c2e65732c444e532e3435313d7777772e76696c6c616e7565766164656c617369657272612e65732c444e532e3435323d7777772e76696c6c617264656c706564726f736f2e65732c444e532e3435333d7777772e76696c6c61726465706c6173656e6369612e65732c444e532e3435343d7777772e76696c6c61736275656e61736465676174612e65732c444e532e3435353d7777772e7a61727a6164656772616e6164696c6c612e65732c444e532e3435363d7777772e7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3435373d7777772e7a61727a616c616d61796f722e65732c444e532e3435383d7777772e7a6f726974612e65732c444e532e3435393d7777772e726f73616c656a6f2e65732c444e532e3436303d7777772e766567617669616e612e65732c444e532e3436313d7777772e616c61676f6e64656c72696f2e65732c444e532e3436323d7777772e7469657461722e65732c444e532e3436333d7777772e76616c646573616c6f722e65732c444e532e3436343d7777772e6e6176617472617369657272612e65732c444e532e3436353d7777772e7269766572616465667265736e65646f73612e65732c444e532e3436363d7777772e656c6d73616e67696c2e65732c444e532e3436373d7777772e74616a6f73616c6f722e65732c444e532e3436383d7777772e76616c6c65616d62726f7a2e65732c444e532e3436393d7777772e6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3437303d7777772e6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3437313d7777772e6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3437323d7777772e6d616e636f6d756e6964616464656c61766572612e65732c444e532e3437333d7777772e6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3437343d7777772e76696c6c7565726361732d69626f7265732d6a6172612e6573,EMAIL=webmaster@dip-caceres.es,CN=www.dip-caceres.es,OU=DIPUTACION PROVINCIAL DE CACERES,O=DIPUTACION PROVINCIAL DE CACERES,L=CACERES,ST=CACERES,C=ES
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Medium (2048 bits)
+		Modulus (bits 2048):
+			00:e5:40:1f:09:a6:9e:ee:30:8f:98:40:be:27:fd:36
+			ca:9b:60:c4:2e:9a:75:bf:49:86:3a:6d:d6:d3:02:56
+			95:1e:ac:ed:93:d8:ee:76:ac:37:2d:82:e6:93:1f:9e
+			fb:17:79:67:1a:33:fb:27:ed:05:81:e6:cc:bf:a6:76
+			70:1f:f2:43:4f:4d:a2:f6:c6:7c:a6:87:87:01:9b:e3
+			9e:94:07:e2:18:0b:9d:c5:f4:e2:a0:87:ef:73:58:7e
+			c8:4c:f9:52:cd:8d:91:b7:d1:94:8f:d1:6e:04:2c:28
+			e2:22:ec:e5:30:c3:51:8a:a9:7c:ee:5a:60:0e:55:85
+			39:20:97:5e:08:34:12:78:8b:40:06:36:23:77:f1:14
+			33:d0:30:65:76:2e:8d:b2:da:98:12:2c:58:70:f1:ee
+			7d:e0:fa:9c:34:36:f8:1f:6b:6c:e9:8b:2c:ca:2b:d9
+			f2:17:71:a5:35:32:38:49:94:f8:33:5e:27:34:98:f6
+			7c:97:4d:4d:3d:de:1b:b5:3a:d7:28:5b:51:50:6a:37
+			82:5a:af:12:a9:fc:06:a2:dd:a3:30:45:4c:d1:26:be
+			a8:8a:53:09:61:60:13:31:33:2d:e5:f8:f8:bc:40:5a
+			5e:64:b7:8c:ce:32:61:a3:13:fa:d1:8c:b2:e4:06:88
+			c7
+		Exponent (bits 24):
+			01:00:01
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		06:72:19:1c:fa:0f:48:e6:8f:e2:c4:7f:e8:66:de:10
+		91:03:c7:a7:86:5e:09:52:56:89:62:73:5c:39:53:d1
+		95:b9:aa:39:59:4d:93:45:a8:b1:81:d5:ef:c1:96:6d
+		e2:d6:f4:64:f3:16:c8:ee:d4:73:94:be:f1:62:2c:d4
+		af:a3:c4:5a:09:a8:95:7f:60:ef:a6:7f:72:60:ce:2a
+		83:f3:4f:de:8b:ce:0c:22:2c:23:8a:23:15:7b:9f:e7
+		85:f6:5b:1d:e9:2d:4e:fb:11:30:0a:78:f1:9c:eb:82
+		5a:46:7e:a9:ae:6f:5a:fe:be:47:bf:bb:91:63:5e:6b
+		c5:35:a8:36:50:7a:ee:9f:58:5f:c1:ee:d9:1d:13:39
+		ae:08:3c:ee:7c:49:e4:22:a1:dd:58:62:9e:f5:57:98
+		e5:ed:e9:6c:f1:6e:7c:ab:6c:39:e7:a6:23:80:3a:47
+		de:fe:4f:87:a8:3d:77:d9:bb:df:85:91:d0:80:07:18
+		63:5f:fd:07:d5:30:21:34:ec:62:f0:6f:e0:55:45:19
+		b5:23:21:2c:74:03:2b:02:e3:7f:6f:36:48:4e:cb:21
+		cc:22:9f:43:0a:5a:fe:07:38:ef:d4:26:14:3d:ac:23
+		46:66:78:27:94:c3:b2:8b:35:e2:f9:f2:63:4e:b0:00
+Other Information:
+	Fingerprint:
+		sha1:a8777344231982af097f0d7074ca7d151d819b70
+		sha256:8f54c2adbf5b935c2f4e59dad04fec2d483e051a0740a7380dd70992cb0ba9e8
+	Public Key ID:
+		sha1:914b5c4688e78013a7c1953e7780298ffb2174b9
+		sha256:2ffa41e756b2e63e1f09231b695d42ffaa1e16b143646b46203e364772cd91f8
+	Public Key PIN:
+		pin-sha256:L/pB51ay5j4fCSMbaV1C/6oeFrFDZGtGID42R3LNkfg=
+
+-----BEGIN CERTIFICATE-----
+MII0dTCCM10CCQDA+slU4Zl18zANBgkqhkiG9w0BAQsFADCBzTELMAkGA1UEBhMC
+RVMxEDAOBgNVBAgTB0NBQ0VSRVMxEDAOBgNVBAcTB0NBQ0VSRVMxKTAnBgNVBAoT
+IERJUFVUQUNJT04gUFJPVklOQ0lBTCBERSBDQUNFUkVTMSkwJwYDVQQLEyBESVBV
+VEFDSU9OIFBST1ZJTkNJQUwgREUgQ0FDRVJFUzEbMBkGA1UEAxMSd3d3LmRpcC1j
+YWNlcmVzLmVzMScwJQYJKoZIhvcNAQkBFhh3ZWJtYXN0ZXJAZGlwLWNhY2VyZXMu
+ZXMwHhcNMTUwNjAyMDkyNzMzWhcNMjUwNTMwMDkyNzMzWjCCMSkxCzAJBgNVBAYT
+AkVTMRAwDgYDVQQIEwdDQUNFUkVTMRAwDgYDVQQHEwdDQUNFUkVTMSkwJwYDVQQK
+EyBESVBVVEFDSU9OIFBST1ZJTkNJQUwgREUgQ0FDRVJFUzEpMCcGA1UECxMgRElQ
+VVRBQ0lPTiBQUk9WSU5DSUFMIERFIENBQ0VSRVMxGzAZBgNVBAMTEnd3dy5kaXAt
+Y2FjZXJlcy5lczEnMCUGCSqGSIb3DQEJARYYd2VibWFzdGVyQGRpcC1jYWNlcmVz
+LmVzMYIwWDCCMFQGA1UdEROCMEtETlMuMT1hYmFkaWEuZXMsRE5TLjI9YWJlcnR1
+cmEuZXMsRE5TLjM9YWNlYm8uZXMsRE5TLjQ9YWNlaHVjaGUuZXMsRE5TLjU9YWNl
+aXR1bmEuZXMsRE5TLjY9YWhpZ2FsLmVzLEROUy43PWFsYWdvbmRlbHJpby5lcyxE
+TlMuOD1hbGNvbGxhcmluLmVzLEROUy45PWF5dG9hbGJhbGEuZXMsRE5TLjEwPWF5
+dG9hbGNhbnRhcmEuZXMsRE5TLjExPWFsY3Vlc2Nhci5lcyxETlMuMTI9YWxkZWFj
+ZW50ZW5lcmEuZXMsRE5TLjEzPWFsZGVhZGVsY2Fuby5lcyxETlMuMTQ9bGFhbGRl
+YWRlbG9iaXNwby5lcyxETlMuMTU9YWxkZWFudWV2YWRlbGF2ZXJhLmVzLEROUy4x
+Nj1hbGRlYW51ZXZhZGVsY2FtaW5vLmVzLEROUy4xNz1hbGRlaHVlbGFkZWxqZXJ0
+ZS5lcyxETlMuMTg9YXl0b2FsaWEuZXMsRE5TLjE5PWFsaXNlZGEuZXMsRE5TLjIw
+PWFsbWFyYXouZXMsRE5TLjIxPWFsbW9oYXJpbi5lcyxETlMuMjI9YXl0b2Fycm95
+b2RlbGFsdXouZXMsRE5TLjIzPWFycm95b21vbGlub3MuZXMsRE5TLjI0PWFycm95
+b21vbGlub3NkZWxhdmVyYS5lcyxETlMuMjU9YmFub3NkZW1vbnRlbWF5b3IuZXMs
+RE5TLjI2PWJhcnJhZG8uZXMsRE5TLjI3PWJlbHZpc2RlbW9ucm95LmVzLEROUy4y
+OD1iZW5xdWVyZW5jaWEuZXMsRE5TLjI5PWJlcnJvY2FsZWpvLmVzLEROUy4zMD1i
+ZXJ6b2NhbmEuZXMsRE5TLjMxPWJvaG9uYWxkZWlib3IuZXMsRE5TLjMyPWJvdGlq
+YS5lcyxETlMuMzM9YnJvemFzLmVzLEROUy4zND1jYWJhbmFzZGVsY2FzdGlsbG8u
+ZXMsRE5TLjM1PWNhYmV6YWJlbGxvc2EuZXMsRE5TLjM2PWNhYmV6dWVsYWRlbHZh
+bGxlLmVzLEROUy4zNz1jYWJyZXJvLmVzLEROUy4zOD1jYWNob3JyaWxsYS5lcyxE
+TlMuMzk9Y2FkYWxzby5lcyxETlMuNDA9Y2FsemFkaWxsYS5lcyxETlMuNDE9Y2Ft
+aW5vbW9yaXNjby5lcyxETlMuNDI9Y2FtcGlsbG9kZWRlbGVpdG9zYS5lcyxETlMu
+NDM9Y2FtcG9sdWdhci5lcyxETlMuNDQ9Y2FuYW1lcm8uZXMsRE5TLjQ1PWNhbmF2
+ZXJhbC5lcyxETlMuNDY9Y2FyYmFqby5lcyxETlMuNDc9Y2FyY2Fib3NvLmVzLERO
+Uy40OD1jYXJyYXNjYWxlam8uZXMsRE5TLjQ5PWNhc2FyZGVjYWNlcmVzLmVzLERO
+Uy41MD1jYXNhcmRlcGFsb21lcm8uZXMsRE5TLjUxPWNhc2FyZXNkZWxhc2h1cmRl
+cy5lcyxETlMuNTI9Y2FzYXNkZWRvbmFudG9uaW8uZXMsRE5TLjUzPWNhc2FzZGVk
+b25nb21lei5lcyxETlMuNTQ9Y2FzYXNkZWxjYXN0YW5hci5lcyxETlMuNTU9Y2Fz
+YXNkZWxtb250ZS5lcyxETlMuNTY9Y2FzYXNkZW1pbGxhbi5lcyxETlMuNTc9Y2Fz
+YXNkZW1pcmF2ZXRlLmVzLEROUy41OD1jYXNhdGVqYWRhLmVzLEROUy41OT1jYXNp
+bGxhc2RlY29yaWEuZXMsRE5TLjYwPWNhc3RhbmFyZGVpYm9yLmVzLEROUy42MT1j
+ZWNsYXZpbi5lcyxETlMuNjI9Y2VkaWxsby5lcyxETlMuNjM9Y2VyZXpvLmVzLERO
+Uy42ND1jaWxsZXJvcy5lcyxETlMuNjU9Y29sbGFkby5lcyxETlMuNjY9Y29ucXVp
+c3RhZGVsYXNpZXJyYS5lcyxETlMuNjc9Y29yaWEuZXMsRE5TLjY4PWN1YWNvc2Rl
+eXVzdGUuZXMsRE5TLjY5PWxhY3VtYnJlLmVzLEROUy43MD1kZWxlaXRvc2EuZXMs
+RE5TLjcxPWRlc2NhcmdhbWFyaWEuZXMsRE5TLjcyPWVsamFzLmVzLEROUy43Mz1l
+c2N1cmlhbC5lcyxETlMuNzQ9ZnJlc25lZG9zb2RlaWJvci5lcyxETlMuNzU9Z2Fs
+aXN0ZW8uZXMsRE5TLjc2PWdhcmNpYXouZXMsRE5TLjc3PWxhZ2FyZ2FudGEuZXMs
+RE5TLjc4PWdhcmdhbnRhbGFvbGxhLmVzLEROUy43OT1nYXJnYW50aWxsYS5lcyxE
+TlMuODA9Z2FyZ3VlcmEuZXMsRE5TLjgxPWdhcnJvdmlsbGFzZGVhbGNvbmV0YXIu
+ZXMsRE5TLjgyPWdhcnZpbi5lcyxETlMuODM9Z2F0YS5lcyxETlMuODQ9YXl0b2Vs
+Z29yZG8uZXMsRE5TLjg1PWxhZ3JhbmphLmVzLEROUy44Nj1sYWdyYW5qYWRlZ3Jh
+bmFkaWxsYS5lcyxETlMuODc9YXl1bnRhbWllbnRvZGVndWFkYWx1cGUuZXMsRE5T
+Ljg4PWd1aWpvZGVjb3JpYS5lcyxETlMuODk9Z3Vpam9kZWdhbGlzdGVvLmVzLERO
+Uy45MD1ndWlqb2RlZ3JhbmFkaWxsYS5lcyxETlMuOTE9Z3Vpam9kZXNhbnRhYmFy
+YmFyYS5lcyxETlMuOTI9aGVyZ3VpanVlbGEuZXMsRE5TLjkzPWhlcm5hbnBlcmV6
+LmVzLEROUy45ND1oZXJyZXJhZGVhbGNhbnRhcmEuZXMsRE5TLjk1PWhlcnJlcnVl
+bGEuZXMsRE5TLjk2PWhlcnZhcy5lcyxETlMuOTc9aGlndWVyYS5lcyxETlMuOTg9
+aGlub2phbC5lcyxETlMuOTk9aG9sZ3VlcmEuZXMsRE5TLjEwMD1ob3lvcy5lcyxE
+TlMuMTAxPWh1ZWxhZ2EuZXMsRE5TLjEwMj1pYmFoZXJuYW5kby5lcyxETlMuMTAz
+PWphcmFpY2Vqby5lcyxETlMuMTA0PWphcmFpemRlbGF2ZXJhLmVzLEROUy4xMDU9
+amFyYW5kaWxsYWRlbGF2ZXJhLmVzLEROUy4xMDY9amFyaWxsYS5lcyxETlMuMTA3
+PWplcnRlLmVzLEROUy4xMDg9bGFkcmlsbGFyLmVzLEROUy4xMDk9bG9ncm9zYW4u
+ZXMsRE5TLjExMD1sb3NhcmRlbGF2ZXJhLmVzLEROUy4xMTE9bWFkcmlnYWxlam8u
+ZXMsRE5TLjExMj1tYWRyaWdhbGRlbGF2ZXJhLmVzLEROUy4xMTM9bWFkcm9uZXJh
+LmVzLEROUy4xMTQ9bWFqYWRhcy5lcyxETlMuMTE1PW1hbHBhcnRpZGFkZWNhY2Vy
+ZXMuZXMsRE5TLjExNj1tYWxwYXJ0aWRhZGVwbGFzZW5jaWEuZXMsRE5TLjExNz1t
+YXJjaGFnYXouZXMsRE5TLjExOD1tYXRhZGVhbGNhbnRhcmEuZXMsRE5TLjExOT1t
+ZW1icmlvLmVzLEROUy4xMjA9bWVzYXNkZWlib3IuZXMsRE5TLjEyMT1taWFqYWRh
+cy5lcyxETlMuMTIyPW1pbGxhbmVzLmVzLEROUy4xMjM9bWlyYWJlbC5lcyxETlMu
+MTI0PW1vaGVkYXNkZWdyYW5hZGlsbGEuZXMsRE5TLjEyNT1tb25yb3kuZXMsRE5T
+LjEyNj1tb250YW5jaGV6LmVzLEROUy4xMjc9bW9udGVoZXJtb3NvLmVzLEROUy4x
+Mjg9bW9yYWxlamEuZXMsRE5TLjEyOT1tb3JjaWxsby5lcyxETlMuMTMwPW5hdmFj
+b25jZWpvLmVzLEROUy4xMzE9bmF2YWx2aWxsYXJkZWlib3IuZXMsRE5TLjEzMj1u
+YXZhbG1vcmFsZGVsYW1hdGEuZXMsRE5TLjEzMz1uYXZhc2RlbG1hZHJvbm8uZXMs
+RE5TLjEzND1uYXZhdHJhc2llcnJhLmVzLEROUy4xMzU9bmF2ZXp1ZWxhcy5lcyxE
+TlMuMTM2PW51bm9tb3JhbC5lcyxETlMuMTM3PW9saXZhZGVwbGFzZW5jaWEuZXMs
+RE5TLjEzOD1wYWxvbWVyby5lcyxETlMuMTM5PXBhc2Fyb25kZWxhdmVyYS5lcyxE
+TlMuMTQwPXBlZHJvc29kZWFjaW0uZXMsRE5TLjE0MT1wZXJhbGVkYWRlbGFtYXRh
+LmVzLEROUy4xNDI9cGVyYWxlZGFkZXNhbnJvbWFuLmVzLEROUy4xNDM9cGVyYWxl
+c2RlbHB1ZXJ0by5lcyxETlMuMTQ0PXBlc2N1ZXphLmVzLEROUy4xNDU9bGFwZXNn
+YS5lcyxETlMuMTQ2PXBpZWRyYXNhbGJhcy5lcyxETlMuMTQ3PXBpbm9mcmFucXVl
+YWRvLmVzLEROUy4xNDg9cGlvcm5hbC5lcyxETlMuMTQ5PXBsYXNlbnp1ZWxhLmVz
+LEROUy4xNTA9cG9ydGFqZS5lcyxETlMuMTUxPXBvcnRlenVlbG8uZXMsRE5TLjE1
+Mj1wb3p1ZWxvZGV6YXJ6b24uZXMsRE5TLjE1Mz1wdWVibG9udWV2b2RlbWlyYW1v
+bnRlcy5lcyxETlMuMTU0PXB1ZXJ0b2Rlc2FudGFjcnV6LmVzLEROUy4xNTU9cmVi
+b2xsYXIuZXMsRE5TLjE1Nj1yaW9sb2Jvcy5lcyxETlMuMTU3PXJvYmxlZGlsbG9k
+ZWdhdGEuZXMsRE5TLjE1OD1yb2JsZWRpbGxvZGVsYXZlcmEuZXMsRE5TLjE1OT1y
+b2JsZWRpbGxvZGV0cnVqaWxsbyxETlMuMTYwPXJvYmxlZG9sbGFuby5lcyxETlMu
+MTYxPXJvbWFuZ29yZG8uZXMsRE5TLjE2Mj1ydWFuZXMuZXMsRE5TLjE2Mz1zYWxv
+cmluby5lcyxETlMuMTY0PXNhbHZhdGllcnJhZGVzYW50aWFnby5lcyxETlMuMTY1
+PXNhbm1hcnRpbmRldHJldmVqby5lcyxETlMuMTY2PWF5dG9zYW50YWFuYS5lcyxE
+TlMuMTY3PXNhbnRhY3J1emRlbGFzaWVycmEuZXMsRE5TLjE2OD1zYW50YWNydXpk
+ZXBhbmlhZ3VhLmVzLEROUy4xNjk9c2FudGFtYXJ0YWRlbWFnYXNjYS5lcyxETlMu
+MTcwPXNhbnRpYWdvZGVsY2FtcG8uZXMsRE5TLjE3MT1zYW50aWJhbmV6ZWxhbHRv
+LmVzLEROUy4xNzI9c2FudGliYW5lemVsYmFqby5lcyxETlMuMTczPXNhdWNlZGls
+bGEuZXMsRE5TLjE3ND1zZWd1cmFkZXRvcm8uZXMsRE5TLjE3NT1zZXJyYWRpbGxh
+LmVzLEROUy4xNzY9c2VycmVqb24uZXMsRE5TLjE3Nz1zaWVycmFkZWZ1ZW50ZXMu
+ZXMsRE5TLjE3OD10YWxhdmFuLmVzLEROUy4xNzk9dGFsYXZlcnVlbGFkZWxhdmVy
+YS5lcyxETlMuMTgwPXRhbGF5dWVsYS5lcyxETlMuMTgxPXRlamVkYWRldGlldGFy
+LmVzLEROUy4xODI9dG9yaWwuZXMsRE5TLjE4Mz10b3JuYXZhY2FzLmVzLEROUy4x
+ODQ9YXl0b2VsdG9ybm8uZXMsRE5TLjE4NT10b3JyZWNpbGxhZGVsb3NhbmdlbGVz
+LmVzLEROUy4xODY9dG9ycmVjaWxsYXNkZWxhdGllc2EuZXMsRE5TLjE4Nz10b3Jy
+ZWRlZG9ubWlndWVsLmVzLEROUy4xODg9dG9ycmVkZXNhbnRhbWFyaWEuZXMsRE5T
+LjE4OT10b3JyZWpvbmVscnViaW8uZXMsRE5TLjE5MD10b3JyZWpvbmNpbGxvLmVz
+LEROUy4xOTE9dG9ycmVtZW5nYS5lcyxETlMuMTkyPXRvcnJlbW9jaGEuZXMsRE5T
+LjE5Mz10b3JyZW9yZ2F6LmVzLEROUy4xOTQ9dG9ycmVxdWVtYWRhLmVzLEROUy4x
+OTU9dmFsZGFzdGlsbGFzLmVzLEROUy4xOTY9dmFsZGVjYW5hc2RldGFqby5lcyxE
+TlMuMTk3PXZhbGRlZnVlbnRlcy5lcyxETlMuMTk4PXZhbGRlaHVuY2FyLmVzLERO
+Uy4xOTk9dmFsZGVpbmlnb3MuZXMsRE5TLjIwMD12YWxkZWxhY2FzYWRldGFqby5l
+cyxETlMuMjAxPXZhbGRlbW9yYWxlcy5lcyxETlMuMjAyPXZhbGRlb2Jpc3BvLmVz
+LEROUy4yMDM9dmFsZGVzYWxvci5lcyxETlMuMjA0PXZhbHJpby5lcyxETlMuMjA1
+PXZhbGVuY2lhZGVhbGNhbnRhcmEuZXMsRE5TLjIwNj12YWx2ZXJkZWRlbGF2ZXJh
+LmVzLEROUy4yMDc9dmFsdmVyZGVkZWxmcmVzbm8uZXMsRE5TLjIwOD12ZWdhdmlh
+bmEuZXMsRE5TLjIwOT12aWFuZGFyZGVsYXZlcmEuZXMsRE5TLjIxMD12aWxsYWRl
+bGNhbXBvLmVzLEROUy4yMTE9dmlsbGFkZWxyZXkuZXMsRE5TLjIxMj12aWxsYW1l
+c2lhcy5lcyxETlMuMjEzPXZpbGxhbWllbC5lcyxETlMuMjE0PXZpbGxhbnVldmFk
+ZWxhc2llcnJhLmVzLEROUy4yMTU9dmlsbGFyZGVscGVkcm9zby5lcyxETlMuMjE2
+PXZpbGxhcmRlcGxhc2VuY2lhLmVzLEROUy4yMTc9dmlsbGFzYnVlbmFzZGVnYXRh
+LmVzLEROUy4yMTg9emFyemFkZWdyYW5hZGlsbGEuZXMsRE5TLjIxOT16YXJ6YWRl
+bW9udGFuY2hlei5lcyxETlMuMjIwPXphcnphbGFtYXlvci5lcyxETlMuMjIxPXpv
+cml0YS5lcyxETlMuMjIyPXJvc2FsZWpvLmVzLEROUy4yMjM9dmVnYXZpYW5hLmVz
+LEROUy4yMjQ9YWxhZ29uZGVscmlvLmVzLEROUy4yMjU9dGlldGFyLmVzLEROUy4y
+MjY9dmFsZGVzYWxvci5lcyxETlMuMjI3PW5hdmF0cmFzaWVycmEuZXMsRE5TLjIy
+OD1yaXZlcmFkZWZyZXNuZWRvc2EuZXMsRE5TLjIyOT1lbG1zYW5naWwuZXMsRE5T
+LjIzMD10YWpvc2Fsb3IuZXMsRE5TLjIzMT12YWxsZWFtYnJvei5lcyxETlMuMjMy
+PW1hbmNvbXVuaWRhZHZhbGxlZGVsYWxhZ29uLmVzLEROUy4yMzM9bWFuY29tdW5p
+ZGFkdmFsbGVkZWxqZXJ0ZS5lcyxETlMuMjM0PW1hbmNvbXVuaWRhZHZlZ2FzYWx0
+YXMuZXMsRE5TLjIzNT1tYW5jb211bmlkYWRkZWxhdmVyYS5lcyxETlMuMjM2PW1h
+bmNvbXVuaWRhZHpvbmFjZW50cm8uZXMsRE5TLjIzNz12aWxsdWVyY2FzLWlib3Jl
+cy1qYXJhLmVzLEROUy4yMzg9d3d3LmFiYWRpYS5lcyxETlMuMjM5PXd3dy5hYmVy
+dHVyYS5lcyxETlMuMjQwPXd3dy5hY2Viby5lcyxETlMuMjQxPXd3dy5hY2VodWNo
+ZS5lcyxETlMuMjQyPXd3dy5hY2VpdHVuYS5lcyxETlMuMjQzPXd3dy5haGlnYWwu
+ZXMsRE5TLjI0ND13d3cuYWxhZ29uZGVscmlvLmVzLEROUy4yNDU9d3d3LmFsY29s
+bGFyaW4uZXMsRE5TLjI0Nj13d3cuYXl0b2FsYmFsYS5lcyxETlMuMjQ3PXd3dy5h
+eXRvYWxjYW50YXJhLmVzLEROUy4yNDg9d3d3LmFsY3Vlc2Nhci5lcyxETlMuMjQ5
+PXd3dy5hbGRlYWNlbnRlbmVyYS5lcyxETlMuMjUwPXd3dy5hbGRlYWRlbGNhbm8u
+ZXMsRE5TLjI1MT13d3cubGFhbGRlYWRlbG9iaXNwby5lcyxETlMuMjUyPXd3dy5h
+bGRlYW51ZXZhZGVsYXZlcmEuZXMsRE5TLjI1Mz13d3cuYWxkZWFudWV2YWRlbGNh
+bWluby5lcyxETlMuMjU0PXd3dy5hbGRlaHVlbGFkZWxqZXJ0ZS5lcyxETlMuMjU1
+PXd3dy5heXRvYWxpYS5lcyxETlMuMjU2PXd3dy5hbGlzZWRhLmVzLEROUy4yNTc9
+d3d3LmFsbWFyYXouZXMsRE5TLjI1OD13d3cuYWxtb2hhcmluLmVzLEROUy4yNTk9
+d3d3LmF5dG9hcnJveW9kZWxhbHV6LmVzLEROUy4yNjA9d3d3LmFycm95b21vbGlu
+b3MuZXMsRE5TLjI2MT13d3cuYXJyb3lvbW9saW5vc2RlbGF2ZXJhLmVzLEROUy4y
+NjI9d3d3LmJhbm9zZGVtb250ZW1heW9yLmVzLEROUy4yNjM9d3d3LmJhcnJhZG8u
+ZXMsRE5TLjI2ND13d3cuYmVsdmlzZGVtb25yb3kuZXMsRE5TLjI2NT13d3cuYmVu
+cXVlcmVuY2lhLmVzLEROUy4yNjY9d3d3LmJlcnJvY2FsZWpvLmVzLEROUy4yNjc9
+d3d3LmJlcnpvY2FuYS5lcyxETlMuMjY4PXd3dy5ib2hvbmFsZGVpYm9yLmVzLERO
+Uy4yNjk9d3d3LmJvdGlqYS5lcyxETlMuMjcwPXd3dy5icm96YXMuZXMsRE5TLjI3
+MT13d3cuY2FiYW5hc2RlbGNhc3RpbGxvLmVzLEROUy4yNzI9d3d3LmNhYmV6YWJl
+bGxvc2EuZXMsRE5TLjI3Mz13d3cuY2FiZXp1ZWxhZGVsdmFsbGUuZXMsRE5TLjI3
+ND13d3cuY2FicmVyby5lcyxETlMuMjc1PXd3dy5jYWNob3JyaWxsYS5lcyxETlMu
+Mjc2PXd3dy5jYWRhbHNvLmVzLEROUy4yNzc9d3d3LmNhbHphZGlsbGEuZXMsRE5T
+LjI3OD13d3cuY2FtaW5vbW9yaXNjby5lcyxETlMuMjc5PXd3dy5jYW1waWxsb2Rl
+ZGVsZWl0b3NhLmVzLEROUy4yODA9d3d3LmNhbXBvbHVnYXIuZXMsRE5TLjI4MT13
+d3cuY2FuYW1lcm8uZXMsRE5TLjI4Mj13d3cuY2FuYXZlcmFsLmVzLEROUy4yODM9
+d3d3LmNhcmJham8uZXMsRE5TLjI4ND13d3cuY2FyY2Fib3NvLmVzLEROUy4yODU9
+d3d3LmNhcnJhc2NhbGVqby5lcyxETlMuMjg2PXd3dy5jYXNhcmRlY2FjZXJlcy5l
+cyxETlMuMjg3PXd3dy5jYXNhcmRlcGFsb21lcm8uZXMsRE5TLjI4OD13d3cuY2Fz
+YXJlc2RlbGFzaHVyZGVzLmVzLEROUy4yODk9d3d3LmNhc2FzZGVkb25hbnRvbmlv
+LmVzLEROUy4yOTA9d3d3LmNhc2FzZGVkb25nb21lei5lcyxETlMuMjkxPXd3dy5j
+YXNhc2RlbGNhc3RhbmFyLmVzLEROUy4yOTI9d3d3LmNhc2FzZGVsbW9udGUuZXMs
+RE5TLjI5Mz13d3cuY2FzYXNkZW1pbGxhbi5lcyxETlMuMjk0PXd3dy5jYXNhc2Rl
+bWlyYXZldGUuZXMsRE5TLjI5NT13d3cuY2FzYXRlamFkYS5lcyxETlMuMjk2PXd3
+dy5jYXNpbGxhc2RlY29yaWEuZXMsRE5TLjI5Nz13d3cuY2FzdGFuYXJkZWlib3Iu
+ZXMsRE5TLjI5OD13d3cuY2VjbGF2aW4uZXMsRE5TLjI5OT13d3cuY2VkaWxsby5l
+cyxETlMuMzAwPXd3dy5jZXJlem8uZXMsRE5TLjMwMT13d3cuY2lsbGVyb3MuZXMs
+RE5TLjMwMj13d3cuY29sbGFkby5lcyxETlMuMzAzPXd3dy5jb25xdWlzdGFkZWxh
+c2llcnJhLmVzLEROUy4zMDQ9d3d3LmNvcmlhLmVzLEROUy4zMDU9d3d3LmN1YWNv
+c2RleXVzdGUuZXMsRE5TLjMwNj13d3cubGFjdW1icmUuZXMsRE5TLjMwNz13d3cu
+ZGVsZWl0b3NhLmVzLEROUy4zMDg9d3d3LmRlc2NhcmdhbWFyaWEuZXMsRE5TLjMw
+OT13d3cuZWxqYXMuZXMsRE5TLjMxMD13d3cuZXNjdXJpYWwuZXMsRE5TLjMxMT13
+d3cuZnJlc25lZG9zb2RlaWJvci5lcyxETlMuMzEyPXd3dy5nYWxpc3Rlby5lcyxE
+TlMuMzEzPXd3dy5nYXJjaWF6LmVzLEROUy4zMTQ9d3d3LmxhZ2FyZ2FudGEuZXMs
+RE5TLjMxNT13d3cuZ2FyZ2FudGFsYW9sbGEuZXMsRE5TLjMxNj13d3cuZ2FyZ2Fu
+dGlsbGEuZXMsRE5TLjMxNz13d3cuZ2FyZ3VlcmEuZXMsRE5TLjMxOD13d3cuZ2Fy
+cm92aWxsYXNkZWFsY29uZXRhci5lcyxETlMuMzE5PXd3dy5nYXJ2aW4uZXMsRE5T
+LjMyMD13d3cuZ2F0YS5lcyxETlMuMzIxPXd3dy5heXRvZWxnb3Jkby5lcyxETlMu
+MzIyPXd3dy5sYWdyYW5qYS5lcyxETlMuMzIzPXd3dy5sYWdyYW5qYWRlZ3JhbmFk
+aWxsYS5lcyxETlMuMzI0PXd3dy5heXVudGFtaWVudG9kZWd1YWRhbHVwZS5lcyxE
+TlMuMzI1PXd3dy5ndWlqb2RlY29yaWEuZXMsRE5TLjMyNj13d3cuZ3Vpam9kZWdh
+bGlzdGVvLmVzLEROUy4zMjc9d3d3Lmd1aWpvZGVncmFuYWRpbGxhLmVzLEROUy4z
+Mjg9d3d3Lmd1aWpvZGVzYW50YWJhcmJhcmEuZXMsRE5TLjMyOT13d3cuaGVyZ3Vp
+anVlbGEuZXMsRE5TLjMzMD13d3cuaGVybmFucGVyZXouZXMsRE5TLjMzMT13d3cu
+aGVycmVyYWRlYWxjYW50YXJhLmVzLEROUy4zMzI9d3d3LmhlcnJlcnVlbGEuZXMs
+RE5TLjMzMz13d3cuaGVydmFzLmVzLEROUy4zMzQ9d3d3LmhpZ3VlcmEuZXMsRE5T
+LjMzNT13d3cuaGlub2phbC5lcyxETlMuMzM2PXd3dy5ob2xndWVyYS5lcyxETlMu
+MzM3PXd3dy5ob3lvcy5lcyxETlMuMzM4PXd3dy5odWVsYWdhLmVzLEROUy4zMzk9
+d3d3LmliYWhlcm5hbmRvLmVzLEROUy4zNDA9d3d3LmphcmFpY2Vqby5lcyxETlMu
+MzQxPXd3dy5qYXJhaXpkZWxhdmVyYS5lcyxETlMuMzQyPXd3dy5qYXJhbmRpbGxh
+ZGVsYXZlcmEuZXMsRE5TLjM0Mz13d3cuamFyaWxsYS5lcyxETlMuMzQ0PXd3dy5q
+ZXJ0ZS5lcyxETlMuMzQ1PXd3dy5sYWRyaWxsYXIuZXMsRE5TLjM0Nj13d3cubG9n
+cm9zYW4uZXMsRE5TLjM0Nz13d3cubG9zYXJkZWxhdmVyYS5lcyxETlMuMzQ4PXd3
+dy5tYWRyaWdhbGVqby5lcyxETlMuMzQ5PXd3dy5tYWRyaWdhbGRlbGF2ZXJhLmVz
+LEROUy4zNTA9d3d3Lm1hZHJvbmVyYS5lcyxETlMuMzUxPXd3dy5tYWphZGFzLmVz
+LEROUy4zNTI9d3d3Lm1hbHBhcnRpZGFkZWNhY2VyZXMuZXMsRE5TLjM1Mz13d3cu
+bWFscGFydGlkYWRlcGxhc2VuY2lhLmVzLEROUy4zNTQ9d3d3Lm1hcmNoYWdhei5l
+cyxETlMuMzU1PXd3dy5tYXRhZGVhbGNhbnRhcmEuZXMsRE5TLjM1Nj13d3cubWVt
+YnJpby5lcyxETlMuMzU3PXd3dy5tZXNhc2RlaWJvci5lcyxETlMuMzU4PXd3dy5t
+aWFqYWRhcy5lcyxETlMuMzU5PXd3dy5taWxsYW5lcy5lcyxETlMuMzYwPXd3dy5t
+aXJhYmVsLmVzLEROUy4zNjE9d3d3Lm1vaGVkYXNkZWdyYW5hZGlsbGEuZXMsRE5T
+LjM2Mj13d3cubW9ucm95LmVzLEROUy4zNjM9d3d3Lm1vbnRhbmNoZXouZXMsRE5T
+LjM2ND13d3cubW9udGVoZXJtb3NvLmVzLEROUy4zNjU9d3d3Lm1vcmFsZWphLmVz
+LEROUy4zNjY9d3d3Lm1vcmNpbGxvLmVzLEROUy4zNjc9d3d3Lm5hdmFjb25jZWpv
+LmVzLEROUy4zNjg9d3d3Lm5hdmFsdmlsbGFyZGVpYm9yLmVzLEROUy4zNjk9d3d3
+Lm5hdmFsbW9yYWxkZWxhbWF0YS5lcyxETlMuMzcwPXd3dy5uYXZhc2RlbG1hZHJv
+bm8uZXMsRE5TLjM3MT13d3cubmF2YXRyYXNpZXJyYS5lcyxETlMuMzcyPXd3dy5u
+YXZlenVlbGFzLmVzLEROUy4zNzM9d3d3Lm51bm9tb3JhbC5lcyxETlMuMzc0PXd3
+dy5vbGl2YWRlcGxhc2VuY2lhLmVzLEROUy4zNzU9d3d3LnBhbG9tZXJvLmVzLERO
+Uy4zNzY9d3d3LnBhc2Fyb25kZWxhdmVyYS5lcyxETlMuMzc3PXd3dy5wZWRyb3Nv
+ZGVhY2ltLmVzLEROUy4zNzg9d3d3LnBlcmFsZWRhZGVsYW1hdGEuZXMsRE5TLjM3
+OT13d3cucGVyYWxlZGFkZXNhbnJvbWFuLmVzLEROUy4zODA9d3d3LnBlcmFsZXNk
+ZWxwdWVydG8uZXMsRE5TLjM4MT13d3cucGVzY3VlemEuZXMsRE5TLjM4Mj13d3cu
+bGFwZXNnYS5lcyxETlMuMzgzPXd3dy5waWVkcmFzYWxiYXMuZXMsRE5TLjM4ND13
+d3cucGlub2ZyYW5xdWVhZG8uZXMsRE5TLjM4NT13d3cucGlvcm5hbC5lcyxETlMu
+Mzg2PXd3dy5wbGFzZW56dWVsYS5lcyxETlMuMzg3PXd3dy5wb3J0YWplLmVzLERO
+Uy4zODg9d3d3LnBvcnRlenVlbG8uZXMsRE5TLjM4OT13d3cucG96dWVsb2RlemFy
+em9uLmVzLEROUy4zOTA9d3d3LnB1ZWJsb251ZXZvZGVtaXJhbW9udGVzLmVzLERO
+Uy4zOTE9d3d3LnB1ZXJ0b2Rlc2FudGFjcnV6LmVzLEROUy4zOTI9d3d3LnJlYm9s
+bGFyLmVzLEROUy4zOTM9d3d3LnJpb2xvYm9zLmVzLEROUy4zOTQ9d3d3LnJvYmxl
+ZGlsbG9kZWdhdGEuZXMsRE5TLjM5NT13d3cucm9ibGVkaWxsb2RlbGF2ZXJhLmVz
+LEROUy4zOTY9d3d3LnJvYmxlZGlsbG9kZXRydWppbGxvLEROUy4zOTc9d3d3LnJv
+YmxlZG9sbGFuby5lcyxETlMuMzk4PXd3dy5yb21hbmdvcmRvLmVzLEROUy4zOTk9
+d3d3LnJ1YW5lcy5lcyxETlMuNDAwPXd3dy5zYWxvcmluby5lcyxETlMuNDAxPXd3
+dy5zYWx2YXRpZXJyYWRlc2FudGlhZ28uZXMsRE5TLjQwMj13d3cuc2FubWFydGlu
+ZGV0cmV2ZWpvLmVzLEROUy40MDM9d3d3LmF5dG9zYW50YWFuYS5lcyxETlMuNDA0
+PXd3dy5zYW50YWNydXpkZWxhc2llcnJhLmVzLEROUy40MDU9d3d3LnNhbnRhY3J1
+emRlcGFuaWFndWEuZXMsRE5TLjQwNj13d3cuc2FudGFtYXJ0YWRlbWFnYXNjYS5l
+cyxETlMuNDA3PXd3dy5zYW50aWFnb2RlbGNhbXBvLmVzLEROUy40MDg9d3d3LnNh
+bnRpYmFuZXplbGFsdG8uZXMsRE5TLjQwOT13d3cuc2FudGliYW5lemVsYmFqby5l
+cyxETlMuNDEwPXd3dy5zYXVjZWRpbGxhLmVzLEROUy40MTE9d3d3LnNlZ3VyYWRl
+dG9yby5lcyxETlMuNDEyPXd3dy5zZXJyYWRpbGxhLmVzLEROUy40MTM9d3d3LnNl
+cnJlam9uLmVzLEROUy40MTQ9d3d3LnNpZXJyYWRlZnVlbnRlcy5lcyxETlMuNDE1
+PXd3dy50YWxhdmFuLmVzLEROUy40MTY9d3d3LnRhbGF2ZXJ1ZWxhZGVsYXZlcmEu
+ZXMsRE5TLjQxNz13d3cudGFsYXl1ZWxhLmVzLEROUy40MTg9d3d3LnRlamVkYWRl
+dGlldGFyLmVzLEROUy40MTk9d3d3LnRvcmlsLmVzLEROUy40MjA9d3d3LnRvcm5h
+dmFjYXMuZXMsRE5TLjQyMT13d3cuYXl0b2VsdG9ybm8uZXMsRE5TLjQyMj13d3cu
+dG9ycmVjaWxsYWRlbG9zYW5nZWxlcy5lcyxETlMuNDIzPXd3dy50b3JyZWNpbGxh
+c2RlbGF0aWVzYS5lcyxETlMuNDI0PXd3dy50b3JyZWRlZG9ubWlndWVsLmVzLERO
+Uy40MjU9d3d3LnRvcnJlZGVzYW50YW1hcmlhLmVzLEROUy40MjY9d3d3LnRvcnJl
+am9uZWxydWJpby5lcyxETlMuNDI3PXd3dy50b3JyZWpvbmNpbGxvLmVzLEROUy40
+Mjg9d3d3LnRvcnJlbWVuZ2EuZXMsRE5TLjQyOT13d3cudG9ycmVtb2NoYS5lcyxE
+TlMuNDMwPXd3dy50b3JyZW9yZ2F6LmVzLEROUy40MzE9d3d3LnRvcnJlcXVlbWFk
+YS5lcyxETlMuNDMyPXd3dy52YWxkYXN0aWxsYXMuZXMsRE5TLjQzMz13d3cudmFs
+ZGVjYW5hc2RldGFqby5lcyxETlMuNDM0PXd3dy52YWxkZWZ1ZW50ZXMuZXMsRE5T
+LjQzNT13d3cudmFsZGVodW5jYXIuZXMsRE5TLjQzNj13d3cudmFsZGVpbmlnb3Mu
+ZXMsRE5TLjQzNz13d3cudmFsZGVsYWNhc2FkZXRham8uZXMsRE5TLjQzOD13d3cu
+dmFsZGVtb3JhbGVzLmVzLEROUy40Mzk9d3d3LnZhbGRlb2Jpc3BvLmVzLEROUy40
+NDA9d3d3LnZhbGRlc2Fsb3IuZXMsRE5TLjQ0MT13d3cudmFscmlvLmVzLEROUy40
+NDI9d3d3LnZhbGVuY2lhZGVhbGNhbnRhcmEuZXMsRE5TLjQ0Mz13d3cudmFsdmVy
+ZGVkZWxhdmVyYS5lcyxETlMuNDQ0PXd3dy52YWx2ZXJkZWRlbGZyZXNuby5lcyxE
+TlMuNDQ1PXd3dy52ZWdhdmlhbmEuZXMsRE5TLjQ0Nj13d3cudmlhbmRhcmRlbGF2
+ZXJhLmVzLEROUy40NDc9d3d3LnZpbGxhZGVsY2FtcG8uZXMsRE5TLjQ0OD13d3cu
+dmlsbGFkZWxyZXkuZXMsRE5TLjQ0OT13d3cudmlsbGFtZXNpYXMuZXMsRE5TLjQ1
+MD13d3cudmlsbGFtaWVsLmVzLEROUy40NTE9d3d3LnZpbGxhbnVldmFkZWxhc2ll
+cnJhLmVzLEROUy40NTI9d3d3LnZpbGxhcmRlbHBlZHJvc28uZXMsRE5TLjQ1Mz13
+d3cudmlsbGFyZGVwbGFzZW5jaWEuZXMsRE5TLjQ1ND13d3cudmlsbGFzYnVlbmFz
+ZGVnYXRhLmVzLEROUy40NTU9d3d3LnphcnphZGVncmFuYWRpbGxhLmVzLEROUy40
+NTY9d3d3LnphcnphZGVtb250YW5jaGV6LmVzLEROUy40NTc9d3d3LnphcnphbGFt
+YXlvci5lcyxETlMuNDU4PXd3dy56b3JpdGEuZXMsRE5TLjQ1OT13d3cucm9zYWxl
+am8uZXMsRE5TLjQ2MD13d3cudmVnYXZpYW5hLmVzLEROUy40NjE9d3d3LmFsYWdv
+bmRlbHJpby5lcyxETlMuNDYyPXd3dy50aWV0YXIuZXMsRE5TLjQ2Mz13d3cudmFs
+ZGVzYWxvci5lcyxETlMuNDY0PXd3dy5uYXZhdHJhc2llcnJhLmVzLEROUy40NjU9
+d3d3LnJpdmVyYWRlZnJlc25lZG9zYS5lcyxETlMuNDY2PXd3dy5lbG1zYW5naWwu
+ZXMsRE5TLjQ2Nz13d3cudGFqb3NhbG9yLmVzLEROUy40Njg9d3d3LnZhbGxlYW1i
+cm96LmVzLEROUy40Njk9d3d3Lm1hbmNvbXVuaWRhZHZhbGxlZGVsYWxhZ29uLmVz
+LEROUy40NzA9d3d3Lm1hbmNvbXVuaWRhZHZhbGxlZGVsamVydGUuZXMsRE5TLjQ3
+MT13d3cubWFuY29tdW5pZGFkdmVnYXNhbHRhcy5lcyxETlMuNDcyPXd3dy5tYW5j
+b211bmlkYWRkZWxhdmVyYS5lcyxETlMuNDczPXd3dy5tYW5jb211bmlkYWR6b25h
+Y2VudHJvLmVzLEROUy40NzQ9d3d3LnZpbGx1ZXJjYXMtaWJvcmVzLWphcmEuZXMw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlQB8Jpp7uMI+YQL4n/TbK
+m2DELpp1v0mGOm3W0wJWlR6s7ZPY7nasNy2C5pMfnvsXeWcaM/sn7QWB5sy/pnZw
+H/JDT02i9sZ8poeHAZvjnpQH4hgLncX04qCH73NYfshM+VLNjZG30ZSP0W4ELCji
+IuzlMMNRiql87lpgDlWFOSCXXgg0EniLQAY2I3fxFDPQMGV2Lo2y2pgSLFhw8e59
+4PqcNDb4H2ts6YssyivZ8hdxpTUyOEmU+DNeJzSY9nyXTU093hu1OtcoW1FQajeC
+Wq8SqfwGot2jMEVM0Sa+qIpTCWFgEzEzLeX4+LxAWl5kt4zOMmGjE/rRjLLkBojH
+AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAZyGRz6D0jmj+LEf+hm3hCRA8enhl4J
+UlaJYnNcOVPRlbmqOVlNk0WosYHV78GWbeLW9GTzFsju1HOUvvFiLNSvo8RaCaiV
+f2Dvpn9yYM4qg/NP3ovODCIsI4ojFXuf54X2Wx3pLU77ETAKePGc64JaRn6prm9a
+/r5Hv7uRY15rxTWoNlB67p9YX8Hu2R0TOa4IPO58SeQiod1YYp71V5jl7els8W58
+q2w556YjgDpH3v5Ph6g9d9m734WR0IAHGGNf/QfVMCE07GLwb+BVRRm1IyEsdAMr
+AuN/bzZITsshzCKfQwpa/gc479QmFD2sI0ZmeCeUw7KLNeL58mNOsAA=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/x509-v1-with-iid.pem b/tests/cert-tests/data/x509-v1-with-iid.pem
new file mode 100644
index 0000000..98456eb
--- /dev/null
+++ b/tests/cert-tests/data/x509-v1-with-iid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo8CEAEAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgTB1NoYW5ueGkxDjAMBgNVBAcTBVhpJ2FuMRowGAYDVQQKExFYaWRpYW4gVW5pdmVy
+c2l0eTENMAsGA1UECxMESUNUVDEbMBkGA1UEAxMSaWN0dC54aWRpYW4uZWR1LmNuMB4XDTE2MDky
+ODA4MTg1OFoXDTI0MTIxNTA4MTg1OFowgaQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhp
+MQ4wDAYDVQQHDAVYaSdhbjEaMBgGA1UECgwRWGlkaWFuIFVuaXZlcnNpdHkxDTALBgNVBAsMBFBo
+LkQxGjAYBgNVBAMMEXBoZC54aWRpYW4uZWR1LmNuMSwwKgYJKoZIhvcNAQkBFh1jaGVuY2h1QHN0
+dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIBBvP+5
+LH95Ve5b9F1MkH0+ZVBQocjRlWdjdwhFCwrnh+pQ1Sb4NLuGCeVOrtOiiQDEo2egR1WAaDrBKEW0
+W0diJdSUbGO0ANEaOYH7WSAutMFyQmFD1K3H1zDTJxwrlct7ZwLClmVywfyJdN6yQR3s5+r+KE9L
+ucgv+xOudc+5/Oq+ntLVHjj62UfrJ6cw2MqA0oVZF9WmZeAQ1JNUnIatzo1i2EeLpJKLgf6WfhmR
+XGjm/KTU+e3alHPnpOcGb6FPkJE9mWezaGcIO8jfUjeP/a6L8qksj0vdCEx32g51RcDiUmvWFHpp
+DGPFJkmuZEpw5FMFoPsVmeO2wlBOTPsCAwEAAYEGAAECAwQFMA0GCSqGSIb3DQEBCwUAA4IBAQBk
+Hu9xmv32lFzvqvyzwN9bHxrprROBnKOpCZHTnFTRkZcZS8Ys0pc4uJ/zhLEsECA8bSN9YjhzfeTH
+237ZcTlRetBK7SXm4TCC0J3D4TOc9zyjAqSXga9flUPmK7nbcwznA6V8KtRKRsS95C0fr2VQvsWR
+wiguPKWwvBWWvy30PaYeZPzKTzJLu+g4L4+1jdXWhbdkinfHPXPM732lpd0Zg6FSVQi85K5IeqHI
+F/WzKZEippbCHyQ7jk6I4QSKfK15th9yTGgu3ARXvAFlqqKObuAt57uFI4Wmk4M+vvAMHuoHxMdM
+6V26CKUUV+Qu6rpQQ+guWob2Zyu0CwWA5rw6
+-----END CERTIFICATE-----
+\ No newline at end of file
diff --git a/tests/cert-tests/data/x509-v1-with-sid.pem b/tests/cert-tests/data/x509-v1-with-sid.pem
new file mode 100644
index 0000000..f2127c8
--- /dev/null
+++ b/tests/cert-tests/data/x509-v1-with-sid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAowCEAEAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgTB1NoYW5ueGkxDjAMBgNVBAcTBVhpJ2FuMRowGAYDVQQKExFYaWRpYW4gVW5pdmVy
+c2l0eTENMAsGA1UECxMESUNUVDEbMBkGA1UEAxMSaWN0dC54aWRpYW4uZWR1LmNuMB4XDTE2MDky
+ODA4MTg1OVoXDTI0MTIxNTA4MTg1OVowgaQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhp
+MQ4wDAYDVQQHDAVYaSdhbjEaMBgGA1UECgwRWGlkaWFuIFVuaXZlcnNpdHkxDTALBgNVBAsMBFBo
+LkQxGjAYBgNVBAMMEXBoZC54aWRpYW4uZWR1LmNuMSwwKgYJKoZIhvcNAQkBFh1jaGVuY2h1QHN0
+dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6YuRMn
+V0cOz1rKSrRri1IajVBpJROr+L3N09XcKL1IOTFmV40aZG93v8o5pSIJ4Q/nqzmEqoChYLxnBSAe
+I/3tLrtrYBNBmrJaum7M7fAcBGBvLlKv7hhN8l5ujHkHJwxBdU0Qma9KxUcJft1wlPaEYR/kC9Ls
+jpoz2CW1e5H2CXtxyd5PRgX7FizUwl0myrSnJr1OF/ARjYsW5vFDd8CtPeoD4KFoHLn0d7lqSsl/
+t2g3hoJoe7e9Kkdm40ev7sOSEcJW4VqRplX1KZeuZm+Gmh44aw9QWLHiCtSrddDy36GvdsAeaCvi
+boBIseUoNEtV/4JXTS83m3iIQ4ynyn0CAwEAAYIDAAEGMA0GCSqGSIb3DQEBCwUAA4IBAQAGOv7G
+yuYn3thPJDabruSRDXJWaJHhY5t2PJYNkaoNSCNgJt+3gP4IvNFL3QmM+8Ezy5XpMU7MIrtmrxKp
+MWKE86eY9mn+dP6fG4Ppvo+gSmO1DtofSiFzOA4jMmkVxOYeZyxgw2no+HY3CHZnbK+5wNYn6eP5
+zBtJKp9Uo4zd929wQxNZJR+XKLXF9rdRZOCp6Ez2p6MVTFYAvhILJ3xr0/4YWukqP1rLUDVRU6+F
+xfRl0uGQbyIllsocinCJxy0PlskwqORHSgonefQdCU8Mg0neNJ/+RZ6v7xFz4+k9/QVBu+j8mWeX
+LHCLvuer7Q6zHq+1JHAeuEp48clGUnG7
+-----END CERTIFICATE-----
+\ No newline at end of file
diff --git a/tests/cert-tests/data/x509-v3-with-fractional-time.pem b/tests/cert-tests/data/x509-v3-with-fractional-time.pem
new file mode 100644
index 0000000..42cf06f
--- /dev/null
+++ b/tests/cert-tests/data/x509-v3-with-fractional-time.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZYaWRp
+YW4xGzAZBgNVBAsMElNjaG9vbCBvZiBDb21wdXRlcjENMAsGA1UEAwwESUNUVDEs
+MCoGCSqGSIb3DQEJARYdY2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wJBgR
+MjAwODA4MDExMDMwMjYuNloYDzIwMjgwODAxMTAzMDI2WjCBijELMAkGA1UEBhMC
+Q04xEDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZY
+aWRpYW4xCzAJBgNVBAsMAkNTMQ0wCwYDVQQDDARJQ1RUMSwwKgYJKoZIhvcNAQkB
+Fh1jaGVuY2h1QHN0dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANWYbvE9yJNx5lM+uUl7Tv3ZamqTDc0C4gY+VSrU/tjh
+d12xaMqaJt42F3u7YQ8QzKOB7e6G/IGLCOIBbJ2smFWO31aSLMNgec6cCSGrkteQ
+ehgnKEaLIw6qRjVds7JC0oPbu/Ns54s+ihWX/PqYl40fCEYnR5ONkLyRK4yXs+3T
+XC8g4l0iDMLuBF2QmuXC7WlWVperL/1Mwssd3TWwY0BzoGTQxHn2dqoj8LEG99QG
+5s6STl6zn6UO5GEK+O/5XqzUl7Kr0V1j9nNbiRr6OeJw4FoEZKu6NzTicJ5bdO42
+KpyP7jEQPzq1HKcYIvGqV66OQPxmyDCU4JmwpQ4EgzcCAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAVGVUuR7a8ws0x3ahCLISGdjaB6XgnbU6+sQlQbkc2xYIqYy5YKwu
+Zuo7cNQD3EdDh0NKEvn9bkW+X4u5DdGt6dfQnv26rsJlO/7HRTKNCl1GL9R0vCsF
+bGreIRDczMnUZZhKUtkvUtoy7v78XrmIZ1CLyhoHuDmkYYZa+QAW5ePmf6XYjn/O
+P2LdEcL+rXocjs2av3mAbp+v1HEHmLTWSYcpWLNqI6/f/GamUCaNf0QyPI+kfLAD
+M0utBSP8JixMxyTokmj4eD7LRuicdxLYfiWVoHrhbKVHjYkFQIV2sWOKqjG2TcoD
+ITaPdJKK+bg6tr3jlIlFjdiHy/L+s0svvw==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/x509-with-zero-version.pem b/tests/cert-tests/data/x509-with-zero-version.pem
new file mode 100644
index 0000000..aeccccf
--- /dev/null
+++ b/tests/cert-tests/data/x509-with-zero-version.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIB/wIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZYaWRp
+YW4xGzAZBgNVBAsMElNjaG9vbCBvZiBDb21wdXRlcjENMAsGA1UEAwwESUNUVDEs
+MCoGCSqGSIb3DQEJARYdY2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wIhgP
+MjAwODA4MDExMjEyMTJaGA8yMDE5MDgwMTEyMTIxMlowgYoxCzAJBgNVBAYTAkNO
+MRAwDgYDVQQIDAdTaGFubnhpMQ4wDAYDVQQHDAVYaSdhbjEPMA0GA1UECgwGWGlk
+aWFuMQswCQYDVQQLDAJDUzENMAsGA1UEAwwESUNUVDEsMCoGCSqGSIb3DQEJARYd
+Y2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDVmG7xPciTceZTPrlJe0792Wpqkw3NAuIGPlUq1P7Y4Xdd
+sWjKmibeNhd7u2EPEMyjge3uhvyBiwjiAWydrJhVjt9WkizDYHnOnAkhq5LXkHoY
+JyhGiyMOqkY1XbOyQtKD27vzbOeLPooVl/z6mJeNHwhGJ0eTjZC8kSuMl7Pt01wv
+IOJdIgzC7gRdkJrlwu1pVlaXqy/9TMLLHd01sGNAc6Bk0MR59naqI/CxBvfUBubO
+kk5es5+lDuRhCvjv+V6s1Jeyq9FdY/ZzW4ka+jnicOBaBGSrujc04nCeW3TuNiqc
+j+4xED86tRynGCLxqleujkD8ZsgwlOCZsKUOBIM3AgMBAAGjQjBAMB8GA1UdIwQY
+MBaAFLiJlvm8wCTgT2bfUS74cJukhnONMB0GA1UdDgQWBBRw/ZK3I2z0BHvH5vpd
+btcN2FVX6DANBgkqhkiG9w0BAQsFAAOCAQEAnVzqXDwY0xOZ2XiaEEFsMjN/10ap
+6XH81fwlcww1eIp8rUN1sYYkhGGPKl7i8UsmpBgvmvamgJLi56hdWEEEvGia3XO3
+5fF66DR4XjBRDFUnKi7R/RsRPtW6fhZvqdrlAhb3kh8SuhFHCorcuOY4ZRmqEzXU
+Nl/Ojtgai0dU9RPEu8GDgszAt2Jqhp2kc4WwTMFvkK1ARqdNdiqV4L8B4zHTO+Gv
+CMkmuZ0GfJWaHOse3L1vn/TUI1MbOzn0IgxOKMRrABGweLMXopl0GrT9mxpY+z17
+xVe7os9TYw/JTE+aoeA6c8BzSVLlsxY4d8Re+OHNouDAG5qgt2mzE3nLzg==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/xmpp-othername.pem b/tests/cert-tests/data/xmpp-othername.pem
new file mode 100644
index 0000000..8fa847a
--- /dev/null
+++ b/tests/cert-tests/data/xmpp-othername.pem
@@ -0,0 +1,175 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 012275
+	Issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
+	Validity:
+		Not Before: Wed May 08 17:18:12 UTC 2013
+		Not After: Fri May 08 17:18:12 UTC 2015
+	Subject: CN=corrin.geekwu.org
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: High (4096 bits)
+		Modulus (bits 4096):
+			00:ee:f9:81:39:85:5f:66:bb:9e:4a:27:2a:8c:f2:26
+			f2:a1:7f:ad:8f:6f:3a:ea:11:e9:9a:54:c0:e1:f4:cd
+			b0:01:88:90:23:f8:0d:ec:27:b8:10:8e:16:04:3a:3a
+			80:9e:2d:bc:c7:3b:57:24:a8:89:7b:f7:f8:36:9c:03
+			b5:c7:2e:40:dc:92:cc:cd:c5:fd:ea:d4:8a:73:d7:ef
+			ef:af:dc:8e:0d:17:02:fd:2f:60:23:97:bd:11:68:9c
+			15:54:e6:d5:48:4a:8c:4a:01:31:0f:8a:91:d7:6d:d7
+			a7:d3:01:94:63:91:4d:08:c9:d2:91:1d:0a:9c:77:63
+			1d:81:e7:d4:93:1a:f1:30:58:90:56:a6:7c:43:49:e1
+			57:71:6a:1f:05:41:bc:8b:e8:4c:1a:e8:e0:a1:6e:1e
+			61:9f:f8:b2:c6:f6:30:83:8c:13:41:53:c2:e6:fa:27
+			5c:04:6e:76:58:29:36:03:02:72:1f:a1:c4:24:78:3a
+			73:bf:47:40:b3:d6:b2:68:e6:85:4a:ca:54:c3:e7:04
+			2d:6d:76:39:06:4a:0d:60:4b:5d:88:76:07:79:ee:f5
+			de:b0:dd:0b:6f:a5:eb:3b:1f:ec:81:0b:30:2d:45:52
+			32:ad:2e:31:e9:05:60:b8:27:96:cf:2a:d2:69:2f:17
+			12:39:54:c0:ab:69:3d:34:fb:a0:2b:e6:c1:1e:ab:a1
+			56:8d:01:a9:30:cc:19:a0:77:4b:c7:25:d4:8e:b3:d8
+			0c:7d:e5:97:e1:7e:8d:b7:23:a4:29:54:0b:a0:a4:45
+			31:47:45:d5:84:4b:ee:b6:fc:50:a1:2f:86:8d:92:32
+			00:24:64:9b:9a:93:f2:b1:c5:11:bf:44:79:69:85:e5
+			9a:98:67:24:e9:c1:59:97:dd:18:12:d6:e8:5f:89:62
+			be:b3:68:74:dc:5e:39:6c:5d:c7:07:39:85:14:ce:80
+			71:8b:53:c9:55:81:0e:f0:5b:cf:56:b3:cc:74:e6:1e
+			fe:37:33:dd:6d:b9:c2:dc:3a:24:70:e3:92:12:5c:95
+			87:1e:9f:07:cf:ef:c1:eb:f6:70:9c:25:0c:40:73:4b
+			ac:4e:1a:6a:90:29:f9:68:10:2e:dd:19:06:82:0d:d7
+			7d:c5:5b:76:c4:27:aa:87:2a:8b:db:96:a7:f1:2e:2e
+			08:d1:08:8c:12:ef:70:a9:8b:53:65:b5:c3:2e:ef:97
+			c8:92:3a:bd:23:bf:cf:e8:73:5f:a0:f4:3d:5f:a6:61
+			94:68:c8:f6:18:01:77:09:9c:c4:93:47:db:da:65:68
+			16:0b:72:c8:5b:b8:08:48:7a:6f:07:5f:43:e8:33:ca
+			e5
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Key Usage (critical):
+			Digital signature.
+			Key encipherment.
+			Key agreement.
+		Key Purpose (not critical):
+			TLS WWW Client.
+			TLS WWW Server.
+			2.16.840.1.113730.4.1
+			1.3.6.1.4.1.311.10.3.3
+		Authority Information Access (not critical):
+			Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
+			Access Location URI: http://ocsp.cacert.org/
+		CRL Distribution points (not critical):
+			URI: http://crl.cacert.org/class3-revoke.crl
+		Subject Alternative Name (not critical):
+			DNSname: corrin.geekwu.org
+			XMPP Address: corrin.geekwu.org
+			DNSname: corrin.geekwu.org
+			XMPP Address: corrin.geekwu.org
+			DNSname: www.geekwu.org
+			XMPP Address: www.geekwu.org
+			DNSname: kaitain.geekwu.org
+			XMPP Address: kaitain.geekwu.org
+			DNSname: kaitain.new.geekwu.org
+			XMPP Address: kaitain.new.geekwu.org
+			DNSname: apt.geekwu.org
+			XMPP Address: apt.geekwu.org
+			DNSname: horde.geekwu.org
+			XMPP Address: horde.geekwu.org
+			DNSname: horde.corrin.geekwu.org
+			XMPP Address: horde.corrin.geekwu.org
+			DNSname: horde.durel.org
+			XMPP Address: horde.durel.org
+			DNSname: mail.durel.org
+			XMPP Address: mail.durel.org
+			DNSname: jabber.geekwu.org
+			XMPP Address: jabber.geekwu.org
+	Signature Algorithm: RSA-SHA1
+	Signature:
+		61:e8:de:70:b4:1f:4c:60:8c:c5:18:c1:7d:d9:6c:4e
+		97:e4:d0:f6:c8:79:f9:2b:fe:fb:81:d0:b4:aa:d4:7d
+		79:4d:6e:95:ed:cc:11:8d:fa:8b:66:5c:c2:6b:44:07
+		18:9a:ce:de:42:c0:18:3a:55:91:e9:30:88:83:c7:6b
+		cd:e0:65:b8:fe:19:a4:13:c7:6c:67:22:b3:05:65:6a
+		29:c7:44:45:13:c9:43:ec:2c:3d:a4:f7:9d:4d:5d:32
+		73:de:63:0e:17:9d:b8:21:aa:d7:d5:16:70:f4:1f:79
+		55:07:6d:3f:f3:0e:e4:e3:a2:06:1b:7a:2a:12:57:59
+		4c:65:8d:19:7d:54:9d:15:f8:42:b4:81:1a:ab:99:54
+		fc:6b:10:45:51:04:2e:d2:dd:31:b6:9b:0b:7a:28:22
+		63:b6:9a:7e:62:b6:cf:b9:8f:3b:92:85:6f:03:33:f5
+		4b:96:0e:e6:5b:35:23:d4:e8:2f:4c:61:98:68:c7:61
+		28:78:48:df:df:e0:14:64:86:70:0a:24:b3:6a:19:50
+		77:3d:df:77:51:fe:b9:af:7e:2e:5e:43:54:24:25:5b
+		84:58:a7:b5:53:82:29:0c:1c:29:f7:ae:0b:8a:57:06
+		77:9e:d6:2b:b4:fa:d0:84:f7:78:c0:bc:27:8c:ce:49
+		b3:65:21:9a:f7:7a:20:91:26:74:3c:28:8f:bc:52:07
+		03:1d:d2:d2:75:a4:11:23:d7:5d:af:0c:5b:55:67:0a
+		5a:2d:d3:5c:94:ff:16:cc:7a:f8:11:18:32:cc:08:88
+		2f:6e:5d:f7:17:f2:70:c0:b1:d9:a1:f5:50:a0:75:1e
+		b2:88:bb:3c:1e:7b:ec:ce:d5:d0:f1:d6:dd:8c:c8:f5
+		f5:f1:c4:28:24:1b:fc:a9:63:ea:2c:eb:5b:0f:17:ae
+		7c:73:89:8e:e5:1f:b2:f1:44:15:c2:02:cf:a3:0c:ef
+		10:71:fe:c6:bc:83:03:f6:72:96:a9:e3:7a:d0:d7:15
+		be:e3:e5:d7:27:bc:09:81:11:8c:20:30:b2:d5:d4:14
+		35:77:0f:bf:3a:ed:1d:ae:73:f0:9e:17:e8:7b:05:56
+		fd:3f:ea:d5:33:27:50:12:cd:41:45:7d:ec:38:3c:1f
+		4b:87:ea:6a:38:f7:ba:3d:03:e0:e1:12:5c:d5:80:01
+		3d:e6:c0:f4:af:aa:13:d9:c8:c4:d9:1b:07:07:12:28
+		29:79:6a:ee:93:f9:e5:51:68:47:0c:4e:71:1a:65:0b
+		8e:96:55:5a:b8:aa:9e:f2:d4:2f:75:c8:c3:ed:71:29
+		0d:50:53:12:27:1d:33:9e:88:ad:e8:d7:5c:5c:e6:25
+Other Information:
+	Fingerprint:
+		sha1:76dd3120fa7875c0be1c02e20c011e44376b4a3c
+		sha256:814f39ca12a03cc103ad4ed1ff27e7d5f78f67fd83d5be526c5e5a5b790840b8
+	Public Key ID:
+		sha1:8fade0593f112844029a404634863883e7e0030f
+		sha256:47393632a002ae367305fd8e24e3b8925f9aae5cff75ce182be17deb02043fcc
+	Public Key PIN:
+		pin-sha256:Rzk2MqACrjZzBf2OJOO4kl+arlz/dc4YK+F96wIEP8w=
+
+-----BEGIN CERTIFICATE-----
+MIIIAzCCBeugAwIBAgIDASJ1MA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB
+Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTMwNTA4MTcxODEyWhcNMTUwNTA4
+MTcxODEyWjAcMRowGAYDVQQDExFjb3JyaW4uZ2Vla3d1Lm9yZzCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAO75gTmFX2a7nkonKozyJvKhf62PbzrqEema
+VMDh9M2wAYiQI/gN7Ce4EI4WBDo6gJ4tvMc7VySoiXv3+DacA7XHLkDckszNxf3q
+1Ipz1+/vr9yODRcC/S9gI5e9EWicFVTm1UhKjEoBMQ+Kkddt16fTAZRjkU0IydKR
+HQqcd2MdgefUkxrxMFiQVqZ8Q0nhV3FqHwVBvIvoTBro4KFuHmGf+LLG9jCDjBNB
+U8Lm+idcBG52WCk2AwJyH6HEJHg6c79HQLPWsmjmhUrKVMPnBC1tdjkGSg1gS12I
+dgd57vXesN0Lb6XrOx/sgQswLUVSMq0uMekFYLgnls8q0mkvFxI5VMCraT00+6Ar
+5sEeq6FWjQGpMMwZoHdLxyXUjrPYDH3ll+F+jbcjpClUC6CkRTFHRdWES+62/FCh
+L4aNkjIAJGSbmpPyscURv0R5aYXlmphnJOnBWZfdGBLW6F+JYr6zaHTcXjlsXccH
+OYUUzoBxi1PJVYEO8FvPVrPMdOYe/jcz3W25wtw6JHDjkhJclYcenwfP78Hr9nCc
+JQxAc0usThpqkCn5aBAu3RkGgg3XfcVbdsQnqocqi9uWp/EuLgjRCIwS73Cpi1Nl
+tcMu75fIkjq9I7/P6HNfoPQ9X6ZhlGjI9hgBdwmcxJNH29plaBYLcshbuAhIem8H
+X0PoM8rlAgMBAAGjggMUMIIDEDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwID
+qDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYB
+BAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3Nw
+LmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0
+Lm9yZy9jbGFzczMtcmV2b2tlLmNybDCCAkkGA1UdEQSCAkAwggI8ghFjb3JyaW4u
+Z2Vla3d1Lm9yZ6AfBggrBgEFBQcIBaATDBFjb3JyaW4uZ2Vla3d1Lm9yZ4IRY29y
+cmluLmdlZWt3dS5vcmegHwYIKwYBBQUHCAWgEwwRY29ycmluLmdlZWt3dS5vcmeC
+Dnd3dy5nZWVrd3Uub3JnoBwGCCsGAQUFBwgFoBAMDnd3dy5nZWVrd3Uub3JnghJr
+YWl0YWluLmdlZWt3dS5vcmegIAYIKwYBBQUHCAWgFAwSa2FpdGFpbi5nZWVrd3Uu
+b3JnghZrYWl0YWluLm5ldy5nZWVrd3Uub3JnoCQGCCsGAQUFBwgFoBgMFmthaXRh
+aW4ubmV3LmdlZWt3dS5vcmeCDmFwdC5nZWVrd3Uub3JnoBwGCCsGAQUFBwgFoBAM
+DmFwdC5nZWVrd3Uub3JnghBob3JkZS5nZWVrd3Uub3JnoB4GCCsGAQUFBwgFoBIM
+EGhvcmRlLmdlZWt3dS5vcmeCF2hvcmRlLmNvcnJpbi5nZWVrd3Uub3JnoCUGCCsG
+AQUFBwgFoBkMF2hvcmRlLmNvcnJpbi5nZWVrd3Uub3Jngg9ob3JkZS5kdXJlbC5v
+cmegHQYIKwYBBQUHCAWgEQwPaG9yZGUuZHVyZWwub3Jngg5tYWlsLmR1cmVsLm9y
+Z6AcBggrBgEFBQcIBaAQDA5tYWlsLmR1cmVsLm9yZ4IRamFiYmVyLmdlZWt3dS5v
+cmegHwYIKwYBBQUHCAWgEwwRamFiYmVyLmdlZWt3dS5vcmcwDQYJKoZIhvcNAQEF
+BQADggIBAGHo3nC0H0xgjMUYwX3ZbE6X5ND2yHn5K/77gdC0qtR9eU1ule3MEY36
+i2ZcwmtEBxiazt5CwBg6VZHpMIiDx2vN4GW4/hmkE8dsZyKzBWVqKcdERRPJQ+ws
+PaT3nU1dMnPeYw4XnbghqtfVFnD0H3lVB20/8w7k46IGG3oqEldZTGWNGX1UnRX4
+QrSBGquZVPxrEEVRBC7S3TG2mwt6KCJjtpp+YrbPuY87koVvAzP1S5YO5ls1I9To
+L0xhmGjHYSh4SN/f4BRkhnAKJLNqGVB3Pd93Uf65r34uXkNUJCVbhFintVOCKQwc
+KfeuC4pXBnee1iu0+tCE93jAvCeMzkmzZSGa93ogkSZ0PCiPvFIHAx3S0nWkESPX
+Xa8MW1VnClot01yU/xbMevgRGDLMCIgvbl33F/JwwLHZofVQoHUesoi7PB577M7V
+0PHW3YzI9fXxxCgkG/ypY+os61sPF658c4mO5R+y8UQVwgLPowzvEHH+xryDA/Zy
+lqnjetDXFb7j5dcnvAmBEYwgMLLV1BQ1dw+/Ou0drnPwnhfoewVW/T/q1TMnUBLN
+QUV97Dg8H0uH6mo497o9A+DhElzVgAE95sD0r6oT2cjE2RsHBxIoKXlq7pP55VFo
+RwxOcRplC46WVVq4qp7y1C91yMPtcSkNUFMSJx0znoit6NdcXOYl
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/dsa.sh b/tests/cert-tests/dsa.sh
new file mode 100755
index 0000000..e623a74
--- /dev/null
+++ b/tests/cert-tests/dsa.sh
@@ -0,0 +1,182 @@
+#!/bin/sh
+
+# Copyright (C) 2010-2012 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${SERV=../../src/gnutls-serv${EXEEXT}}
+: ${CLI=../../src/gnutls-cli${EXEEXT}}
+DEBUG=""
+unset RETCODE
+
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${WINDIR}" != ""; then
+	exit 77
+fi 
+
+SERV="${SERV} -q"
+
+. "${srcdir}/../scripts/common.sh"
+
+size=`${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/dsa-pubkey-1018.pem"|grep "Algorithm Secur"|cut -d '(' -f 2|cut -d ' ' -f 1`
+
+if test "${size}" != "1024"; then
+	echo "The prime size (${size}) doesn't match the expected: 1024"
+	exit 1
+fi
+
+
+echo "Checking various DSA key sizes (port ${PORT})"
+
+# DSA 1024 + TLS 1.0
+
+echo "Checking DSA-1024 with TLS 1.0"
+
+eval "${GETPORT}"
+launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem"
+PID=$!
+wait_server "${PID}"
+
+PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1"
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+
+echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"
+
+#try with client key of 1024 bits (should succeed) 
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+
+echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
+
+#try with client key of 2048 bits (should fail) 
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" </dev/null >/dev/null 2>&1 && \
+	fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
+
+echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
+
+#try with client key of 3072 bits (should fail) 
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" </dev/null >/dev/null 2>&1 && \
+	fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
+
+kill "${PID}"
+wait
+
+# DSA 1024 + TLS 1.2
+
+echo "Checking DSA-1024 with TLS 1.2"
+
+eval "${GETPORT}"
+launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem"
+PID=$!
+wait_server "${PID}"
+
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+
+echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"
+
+#try with client key of 1024 bits (should succeed) 
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+
+echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
+
+#try with client key of 2048 bits (should succeed) 
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
+
+echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
+
+#try with client key of 3072 bits (should succeed) 
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
+
+kill "${PID}"
+wait
+
+# DSA 2048 + TLS 1.0
+
+#echo "Checking DSA-2048 with TLS 1.0"
+
+#eval "${GETPORT}"
+#launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem"
+#PID=$!
+#wait_server "${PID}"
+
+#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
+# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
+
+#kill "${PID}"
+#wait
+
+# DSA 2048 + TLS 1.2
+echo "Checking DSA-2048 with TLS 1.2"
+
+eval "${GETPORT}"
+launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem"
+PID=$!
+wait_server "${PID}"
+
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+
+kill "${PID}"
+wait
+
+# DSA 3072 + TLS 1.0
+
+#echo "Checking DSA-3072 with TLS 1.0"
+
+#launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem"
+#PID=$!
+#wait_server "${PID}"
+#
+#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
+#	fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
+#
+#kill "${PID}"
+#wait
+
+# DSA 3072 + TLS 1.2
+
+echo "Checking DSA-3072 with TLS 1.2"
+
+eval "${GETPORT}"
+launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem"
+PID=$!
+wait_server "${PID}"
+
+"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
+	fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+
+kill "${PID}"
+wait
+
+exit 0
diff --git a/tests/cert-tests/ecdsa.sh b/tests/cert-tests/ecdsa.sh
new file mode 100755
index 0000000..431b88f
--- /dev/null
+++ b/tests/cert-tests/ecdsa.sh
@@ -0,0 +1,104 @@
+#!/bin/sh
+
+# Copyright (C) 2011-2012 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TMPFILE=ecdsa.$$.tmp
+TMPCA=ecdsa-ca.$$.tmp
+TMPCAKEY=ecdsa-ca-key.$$.tmp
+TMPSUBCA=ecdsa-subca.$$.tmp
+TMPSUBCAKEY=ecdsa-subca-key.$$.tmp
+TMPKEY=ecdsa-key.$$.tmp
+TMPTEMPL=template.$$.tmp
+TMPUSER=user.$$.tmp
+VERIFYOUT=verify.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+echo ca > $TMPTEMPL
+echo "cn = ECDSA SHA 256 CA" >> $TMPTEMPL
+
+"${CERTTOOL}" --generate-privkey --ecc > $TMPCAKEY 2>/dev/null
+
+"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \
+	--load-privkey $TMPCAKEY \
+	--outfile $TMPCA \
+	--hash sha256 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo ca > $TMPTEMPL
+"${CERTTOOL}" --generate-privkey --ecc > $TMPSUBCAKEY 2>/dev/null
+echo "cn = ECDSA SHA 224 Mid CA" >> $TMPTEMPL
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	--load-ca-privkey $TMPCAKEY \
+	--load-ca-certificate $TMPCA \
+	--load-privkey $TMPSUBCAKEY \
+	--outfile $TMPSUBCA \
+	--hash sha224 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo "cn = End-user" > $TMPTEMPL
+
+"${CERTTOOL}" --generate-privkey --ecc > $TMPKEY 2>/dev/null
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	--load-ca-privkey $TMPSUBCAKEY \
+	--load-ca-certificate $TMPSUBCA \
+	--load-privkey $TMPKEY \
+	--outfile $TMPUSER >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE
+"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT
+
+if [ $? != 0 ]; then
+	cat $VERIFYOUT
+	exit 1
+fi
+
+rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE
+rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY
+
+"${CERTTOOL}" -k < "${srcdir}/data/bad-key.pem" | grep "validation failed" >/dev/null 2>&1
+if [ $? != 0 ]; then
+	echo "certtool didn't detect a bad ECDSA key."
+	exit 1
+fi
+
+exit 0
diff --git a/tests/cert-tests/email-certs/chain.exclude.test.example.com b/tests/cert-tests/email-certs/chain.exclude.test.example.com
new file mode 100644
index 0000000..7226a8a
--- /dev/null
+++ b/tests/cert-tests/email-certs/chain.exclude.test.example.com
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIMVRJ7oiGeLogGT+VcMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTEwNThaGA85OTk5MTIzMTIzNTk1OVow
+HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKVbRP7A9xBHIdw0/XWrGxX4IA5vW3XWBQV+ZOeSQjl2
+plKv6nFrkrnrutZgsj1AJAWWAQGgx450k0OSK4odXya1O9I8gZbJvcL7c/ybim0A
+7y2UIX5o0XnVaBDCCICaHu9tOkP41lGhvlrZG6SIj+uPKuQ/kF/9wgjqWxHWInpK
+5KlWam60F0/zYaW4IZWtn6OUx99oRNL24xQNeNTwgsd+TyB3r+aNtZNJdeyCsoLz
+GyjKzMLKGEnaxYKmejqxUtZU27SNQ0lecnnAA/+g0ZiJFjxcrgE4cEVdZmN5yEp6
+8pUOJOqhnLS4/ZNEwtmHdnhtPC09RPpOfkALQbTZxskCAwEAAaN+MHwwDAYDVR0T
+AQH/BAIwADAbBgNVHREEFDASgRB0ZXN0QGV4YW1wbGUuY29tMA8GA1UdDwEB/wQF
+AwMHoAAwHQYDVR0OBBYEFA4X9XiZH9XRlfBLqJkj5cLTd308MB8GA1UdIwQYMBaA
+FDv0mU9DC+eh9mYCvOz369Zt5r6OMA0GCSqGSIb3DQEBCwUAA4IBAQB3vaplBiV+
+LmX+/i4legZ5/dnq+nqReQY+uV0Oibm860cdv9puxTQpdUM6VLMbq0VHivBpAdtP
+fOhO0zloNtD1Fy6CrKqm+9EVaDlFOZJUvSZou3wlftLD8LmgRQG9Bjn0J0G3I8ih
+g5eoR4sIuwXlACJFWAwq1lSjbO4NYUfUOaxMQqkj17/jwdBzLQVd8jM29UStPUKH
+qGj0poNoLxFihqo7oSuOokrHE6cdMGNOA5KilSTGihRnsRjkJP5ymdhavMHX3M+W
+ZzWBFu3N3T5iNxcH2l5MrHxFZQIfrqxlBl9lYfDnKxth/iTx0GalZU5nlZAZoEHr
+XsQjltZdmjyq
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCIYDzIwMTUwMzI1MDkxMDU4WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT
+BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7v8qv89J0psF6
+lTa1Fm4qMyz2ZByNYRw5yB1MYQu8JGLhrmaBJccUSD5o3chZSuje6Ae2/0UNmdd1
+xBhxfCkoDyjehGT0lwMxbTkiVA1mFpmEEqbilNrR2QszADKpGda4Yvv3k6RnVNEX
+/Je0PxM5Jy9pxzvHS7wf7bAeAeCBdS8ukocbQHPcenTPvK8OWc+TrO9txyEeZTvw
+pNGyjUJUJIsrt7EL1u3U7TpfCHjZaOY+7flyFPT8g55gpBFFB5hYBAlbILEewvMk
+4pjlGjonfEBQk4mC37sWFN019r/dm1TBcycnKfhk+Uwszz718kps9l+RVc8luxxf
+12+rkvyjAgMBAAGjdzB1MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaEP
+MA2BC2V4YW1wbGUuY29tMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQF
+AwMHBgAwHQYDVR0OBBYEFDv0mU9DC+eh9mYCvOz369Zt5r6OMA0GCSqGSIb3DQEB
+CwUAA4IBAQAuXK53yLcnupMI9+ijSbSZ24nT9pnJnoiVUsS0wpiO01PnCxwjGKSJ
+WPBwSwtoQ//uE3nIXgK24nd9+/Su/GV0sIN2dutoekfa+2dCq+I1bOa21C6Jdfdp
+FSFHR1XiXcNTaNBTjXpoVlxtFBAQDPHzI6fKCB+5NFaUYoLiJGq2ZiJR/DXGtEJy
+ttOhhheWFq44YD3Rne4+KbIp71qOUw50YayTb/eJlUYs9rWwg6p/koBMCoPkleLa
+5IQnajuyBqRz715s806esKrcLSu/OK5X07jA3r67iMt3e7D5U/XOpk858xeblfTN
+pQvTr4SDv4SkWtQKZufF5VcnVnG2UpBz
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/email-certs/chain.invalid.example.com b/tests/cert-tests/email-certs/chain.invalid.example.com
new file mode 100644
index 0000000..c2b48a4
--- /dev/null
+++ b/tests/cert-tests/email-certs/chain.invalid.example.com
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIMVRJ76imfHf/L2ojCMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTEyMTBaGA85OTk5MTIzMTIzNTk1OVow
+HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALNIeTFdw0PkvtLzd9StMFzq8OO13ZSloMWhzBKaEzDF
+lps4lpohgGQBxadgXllXrVmU87d5anUys+2RPzDlZ1+dlz0OWuzn00fF3P1dqiYB
+XVB3UUm7NmF8V9f/+M555LbIaZ/MoOiyGtgYSNl6tB6jvvV6OmTj+ra6shvd6yif
+aEJN2nvhphTekogsJILFKZYWNJRQQaBPm1s8L9T4yHlH1fE/A3pwntRyzQjaAhon
+99JmnD6w/42bUVTJwLXOcQdlTPCpGgtNFwwcQtaEIRaaN4i3wRl/IMenP9mUHZNj
+5sUAwWwhsss5r8p4W8trCY5xNNANECO9wLz92GYDt5MCAwEAAaN7MHkwDAYDVR0T
+AQH/BAIwADAYBgNVHREEETAPgQ10ZXN0QGNvbGEuY29tMA8GA1UdDwEB/wQFAwMH
+oAAwHQYDVR0OBBYEFJ4DXbljmFo5rsbCBIjRMzcxNW+fMB8GA1UdIwQYMBaAFJd2
+QavrmVCC37adJaKR4AutLF3nMA0GCSqGSIb3DQEBCwUAA4IBAQC//D2f2dOG0lSE
+qwwYtHfFtdq7rp/PmIJ4kU6HTQh9YDPjKxY5MK286dfO2bwnEFZpIL5ur3U9QWi2
+DDrHbCO6AgTcI/VzQRkKcbSvKUjD45e3awaZY9U87T+7LikpN7BmWtRW04DikiyQ
+l2JScZAjUHEZLsfmBBiDlTAaSUVLEuc9lBp8wR/9TvIIUy05QbLvWax+35zFH8Xu
+f+AvhgF05SCwJcFldF9CvDeZjM0v9K0G9jh8srAXMGXqQhelA8K1tM2mW/Jc2izj
+E7Ct2+Q5BP20MQsIzXWzDBqUQX2akysjecgHXt5pc0C3NkBXSynM6jdLIzDThvMR
+apUdAi3S
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCIYDzIwMTUwMzI1MDkxMjEwWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT
+BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUU/Q2Igkm2WWD
+y0FiHOSOfLJUSUeE5YBmC5PHMf3wClKBATauBVGxShKdiUNAAc01YqXSI2/lCYPh
+Vh4edsOSXnNYTv1lKHBkDANtbTqWlwvmT7vhcSGBwWqaRbUh6f1nN3tl1GLaO4W5
+iZkeKrMXTAjWaZF6t92g0/rqNJ6HvVzMfwEXYpgQPh+mUVM8nzdBB3PRg2uURyUn
+Z7yEQ81j/Kr/o+jsbjmswZAspe7G+tLx5+ArutS4GOQE7Y94xVopPybvXWG9mxes
+6U2tth2SzJHgwR49adjOmNtmtWDRZVNPN5zgS2jqRByC/xjuiP/H8jLzxoedoMBE
+CsjR4eXzAgMBAAGjdzB1MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP
+MA2BC2V4YW1wbGUuY29tMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQF
+AwMHBgAwHQYDVR0OBBYEFJd2QavrmVCC37adJaKR4AutLF3nMA0GCSqGSIb3DQEB
+CwUAA4IBAQASvISiHh72eF3g10YC7yPw7zUOSSbi4LepDwY7roCZqHAVd+CxDvD5
+y/ixjWYnCRlAptTTKUb4Qxrtsm8idnVcCfTlsX62iGdmdK80192YHCo2vZl2vbcl
+U12RdYczmEs1Z8D8DRTueWu/FrRGcR325w/gqKXp03qxsNEhdr1oqUpW9rgz8j64
+Aktha5Fdt8qfEgEX5IWREu9wRvudUC1Pmc8IVtN6sCEWyPIGdT7bHhADZuJvljWB
+8XECX7vWGKbJ2k2dHNv2poCVWfmpbd2XShUi4t37TrNjQWV6Xu/mQiEEJ9gVtx7a
+rvV1/5LfKmbzaeWyAlqwvNHK+gCXjfyU
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/email-certs/chain.test.example.com b/tests/cert-tests/email-certs/chain.test.example.com
new file mode 100644
index 0000000..464ed8f
--- /dev/null
+++ b/tests/cert-tests/email-certs/chain.test.example.com
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIMVRJ7XRPAtGI7FZy5MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTA5NDlaGA85OTk5MTIzMTIzNTk1OVow
+HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKrAF+UWjc0obVNshwH4VbKfWCMjN1ClnKoZkLzCE/XH
+xiVceDcYtPA1LxCpwcoE+2NDasvq1MbLECSsd8JdLXQbVcducOG6b5q2anvRHxDl
+v8UwD+Xvz3F6pcH81z7YOQXn69aCZ77C5SZksMDuWBrxk6Wfej6DDg5iwXpm6Z/v
+7gOHuX/0+qrAvhHhgC3YXwCeSggMH4jrd7ct8wcgAXnmS/cD3BIRdeE/EGyZSuPX
+Ra72z6c0WBCeWKNctCKTpvqo4d5Ye6blrII6zabmiCQMOt25AMRJx+Qa7eAh9QvL
+ed5VzCsm4KvOyR5kv+Ewu12ixu7YIAjPDx+7wBzfHBsCAwEAAaN+MHwwDAYDVR0T
+AQH/BAIwADAbBgNVHREEFDASgRB0ZXN0QGV4YW1wbGUuY29tMA8GA1UdDwEB/wQF
+AwMHoAAwHQYDVR0OBBYEFG2Do4EM8lzRfh4zghLd2+T9SerGMB8GA1UdIwQYMBaA
+FIvLg6ukRiLFDPsONyGBo4dJo5TcMA0GCSqGSIb3DQEBCwUAA4IBAQCha3QFzq1o
+nvr8M8BCajHHNom8FYEyepRrUW1W9eGIxdWLbvdW53jPZDqXyPrpuU4sG+8Xa5TY
+1O9/o1M/y1Dx8n9MDZcO2xH7Pa3rQbxDknMSsSpcQPnyjzdXfMHMb0z/IbGcxk9t
+Y/UOUKxSY3xrIrxbxK0BD53fy3FrXyNaRALvTFU2YYLYq7GiGYSdTDi8bF7gwWz9
+lXg7JoVxWYRe9dTL6KItPpMFnkFL+A35E+GDQ7AV2pt6nHKsujgOwuDhfOiWZF7t
++Nvtwmd7bw0VaTttkqqFKgybCBvHEpWauC1ccmOURETqObGd+8Wiv4S1Cb9hbI8w
+AfktJ54qMLnj
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCIYDzIwMTUwMzI1MDkwOTQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT
+BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6m3amKg59nR/8
+DtG8nFrZIlSAbD3XUb9y8c4AldWkz+I4iQ54R/XkLEAvmgT1QfRvfQ8Gunum3F4d
+AwuB7z2khymwRgEbunGv5weXaJk8TDMxufBeaO3hsYpmXYHIL8r5rWnbrtm06ojX
+YNKCkJOpmNtO0rePxqMj+Kz0rjU4/2gOzN2+w3Bbnjtq1wX/wc0CuAIQXwTooe/H
+FAh4FzEI0nvq1i7SRXcd7HouaeFdME2NQyMwJvzqHrBgDSir76o3XVS5fDiTwB6s
+85gYHbnGj0kbC6ZVC3j1Maw7+qciMpRHBe6GWexwSdi+wQ5tp/YCOtPqDezgArC+
+0/KePbFtAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB
+BQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUi8uDq6RGIsUM+w43IYGj
+h0mjlNwwDQYJKoZIhvcNAQELBQADggEBAFHdB9dQXRQ99xR16OU5V8PNl2WScCBL
+PwKHY4vnw//jpPINIcdOw0trj9+vr0airOoeD239f8Hyrr/TJfqFMxhDdUrbkz4B
+UkjGFmI2u7t7XDWDw1U4r8meN6zL5TehIgdScFeQEqcmHQt7/ZfP5kbUOSWg4MXi
+OhG9yvhOxNgV4wpxevZoRmSrUGcOlFZPjXgzG+DywOzMu9LVkJYcOA1h67zirtKg
+s64UBvkl2cstimnyhSZWyUbfnRQQX99JFUj0FQU5Mf67a9CJh66k5Zfc90wF45Bz
+azAECqpbyVzKGtHNHjYLy7pymqAtDQHUNj2+Fss10koCEAF682O6nUo=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/email-certs/chain.test.example.com-2 b/tests/cert-tests/email-certs/chain.test.example.com-2
new file mode 100644
index 0000000..640bb60
--- /dev/null
+++ b/tests/cert-tests/email-certs/chain.test.example.com-2
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIMVRJ7zy/JcGMexTfmMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTExNDNaGA85OTk5MTIzMTIzNTk1OVow
+HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALHCzLU4r2pNu/ZU3xwKAVwHYs773CFOF0rFVggPb8qy
+fDoOKi2hTgqxahe7rbaoWh/JL5UNoUOIN8riA24Ul3O2as50J/Zup1lcjk/TBb3H
+1LL01vsIg7VQvE083tab2cBt4pR3WLgrRaijMaXQrZX8Ua5TD/pOT9ZYt9jL9c9L
+CGIRuiBKyNyPZxhXps2BAuUkQgvb3mEEg4NtzCEai/HdrFYYWDwPpsiMmjAk4J34
+OL7pqPHqUh6CaboY80Val0Ri4Fhw8M52pbdx9hISnjM6di4bG8XNtaaC547B6JfY
+UTrMwxCgprFXKmnbRgtM7gODUtpaS+r1WJ1pGonGIoMCAwEAAaN+MHwwDAYDVR0T
+AQH/BAIwADAbBgNVHREEFDASgRB0ZXN0QGV4YW1wbGUuY29tMA8GA1UdDwEB/wQF
+AwMHoAAwHQYDVR0OBBYEFCQ5delYC4N0trL3bbanR+DXdqkaMB8GA1UdIwQYMBaA
+FCuSPJa0Adspta0MhNxqidruR6aaMA0GCSqGSIb3DQEBCwUAA4IBAQClKoXV1Dfo
+97cEgKmXJSpSoHcgDkosHuTdF1Up0R9zzeUSMtAPMDO3N0I84RQAHpHwzwh+kTB9
+M/XxmsMBU0GBHh/rFcKoz+xlHc+uYd9C3wA3JQGQ/6f7oXf+w9R+adcsytHqDrh5
+B0bCFllkmPh1+QC+LoL6HrfQuXCon8BlX8CBTfwQVzfzR7B4kpu7KeG9dPHaDdyK
+3/WWEEk7cxuaiZc0ZEzSrY9TXuELdBgd5I7jh7Z3QBfJzV/P5ekvkMODR0N7iFMl
+GXKtvzIqIs4GKjG9jK4817bOHaqrum81YhESmKne96R0EkL3+BZl8LJbcJ4ZZsaq
+kTAWnjrdgeIK
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w
+MCIYDzIwMTUwMzI1MDkxMTQzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT
+BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhxyFpxx/Bqkl7
+kPnM2GYUGUvgb5psv9nERXsAtWKSIdGcw8DQfjCSnF0AmReGfnepVcJlwiFEmOA6
+v4lY5bC6JCv62bJmZ8AN/s9OeOICRIY/HUgSKqe9qiLnciVscJG/9FOvk6kP5QJ9
+zD9OiAzuPtQcoMX634kjIeTTyxvWxKR73zNf0NuZtrS2Xt2oKx4dxG/NtuuW37I8
+3x4OGpBEu/h1Bxr9+8fj/taPOZ1zPqAPJWprnkZr+LEaiTyIPtGep2fQ5T5AsXFu
+AfFryIhtrlW2Kq6STvM5JrmUQwqYO3T8XJ3xSzsLgoRuu37Ojb/1zbVNoy7qqr+Y
+HEYT54TlAgMBAAGjdzB1MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP
+MA2BC2V4YW1wbGUuY29tMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQF
+AwMHBgAwHQYDVR0OBBYEFCuSPJa0Adspta0MhNxqidruR6aaMA0GCSqGSIb3DQEB
+CwUAA4IBAQCl5EcG7lAvQKpNAkABLltCUf7YEJ8QbE8v0TiE3zkFc6amiOAUvsSa
+Iqdy4KAAjESn3TzKOkgFhkj63SoIk0+sDQ4P1ISjup89ldGDV07iMBW/lYoJvMvP
+xkNxfnC16YxJ0rWX04HSGqPDd+nHTvm2bV99COalsMltkEBMUxUNbw7ZQ+hhkhzd
++IOJZ4uDBXP6vI4gE4nBmphAVMKxlEH6ZwdxAmJbf21tmnFoSYu1pdLx72PQUbCf
+ZPWn2aAgvFiWQhZMqbThsGe8bfWfs3T1Q8s0eRZqvDSOdMvt+V2+dyq5KzLbyDse
+HVkxGHoYlU9bMwRFx2q87ku232ytuVId
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/email.sh b/tests/cert-tests/email.sh
new file mode 100755
index 0000000..1629fec
--- /dev/null
+++ b/tests/cert-tests/email.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+DIFF=$"{DIFF:-diff}"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email test@example.com
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "email test 1 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email invalid@example.com
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "email test 2 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email test@example.com
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "email test 3 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email invalid@example.com
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "email test 4 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email invalid@example.com
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "email test 5 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email test@cola.com
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "email test 6 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email test@example.com
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "email test 7 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email invalid@example.com
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "email test 8 failed"
+	exit 1
+fi
+
+
+exit 0
diff --git a/tests/cert-tests/gost.sh b/tests/cert-tests/gost.sh
new file mode 100755
index 0000000..c16c539
--- /dev/null
+++ b/tests/cert-tests/gost.sh
@@ -0,0 +1,165 @@
+#!/bin/sh
+
+# Copyright (C) 2016-2017 Free Software Foundation, Inc.
+#
+# Author: Dmitry Eremin-Solenikov
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TMPFILE=gost.$$.tmp
+TMPCA=gost-ca.$$.tmp
+TMPCAKEY=gost-ca-key.$$.tmp
+TMPSUBCA=gost-subca.$$.tmp
+TMPSUBCAKEY=gost-subca-key.$$.tmp
+TMPKEY=gost-key.$$.tmp
+TMPTEMPL=template.$$.tmp
+TMPUSER=user.$$.tmp
+VERIFYOUT=verify.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+echo ca > $TMPTEMPL
+echo "cn = GOST STREEBOG 256 CA" >> $TMPTEMPL
+
+"${CERTTOOL}" --generate-privkey --key-type gost12-512 --curve TC26-512-A > $TMPCAKEY 2>/dev/null
+#"${CERTTOOL}" --generate-privkey --key-type gost12-256 --curve CryptoPro-XchA > $TMPCAKEY 2>/dev/null
+
+"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \
+	--load-privkey $TMPCAKEY \
+	--outfile $TMPCA \
+	>$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo ca > $TMPTEMPL
+"${CERTTOOL}" --generate-privkey --key-type gost12-256 --curve CryptoPro-A  > $TMPSUBCAKEY 2>/dev/null
+echo "cn = GOST STREEBOG-256 Mid CA" >> $TMPTEMPL
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	--load-ca-privkey $TMPCAKEY \
+	--load-ca-certificate $TMPCA \
+	--load-privkey $TMPSUBCAKEY \
+	--outfile $TMPSUBCA \
+	>$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo "cn = End-user" > $TMPTEMPL
+
+"${CERTTOOL}" --generate-privkey --key-type gost01 --curve CryptoPro-XchA > $TMPKEY 2>/dev/null
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	--load-ca-privkey $TMPSUBCAKEY \
+	--load-ca-certificate $TMPSUBCA \
+	--load-privkey $TMPKEY \
+	--outfile $TMPUSER >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE
+"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT
+
+if [ $? != 0 ]; then
+	cat $VERIFYOUT
+	exit 1
+fi
+
+echo "cn = End-user" > $TMPTEMPL
+
+"${CERTTOOL}" --generate-privkey --key-type gost01 --curve TC26-256-B > $TMPKEY 2>/dev/null
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	--load-ca-privkey $TMPSUBCAKEY \
+	--load-ca-certificate $TMPSUBCA \
+	--load-privkey $TMPKEY \
+	--outfile $TMPUSER >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE
+"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT
+
+if [ $? != 0 ]; then
+	cat $VERIFYOUT
+	exit 1
+fi
+
+"${CERTTOOL}" -i < "${srcdir}"/data/grfc.crt --outfile $TMPFILE
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+if ! cmp "${srcdir}"/data/grfc.crt $TMPFILE ; then
+	cat $TMPFILE
+	exit 1
+fi
+
+"${CERTTOOL}" -i < "${srcdir}"/data/gost-cert-ca.pem --outfile $TMPFILE
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+if ! cmp "${srcdir}"/data/gost-cert-ca.pem $TMPFILE ; then
+	cat $TMPFILE
+	exit 1
+fi
+
+"${CERTTOOL}" -i < "${srcdir}"/data/gost-cert-new.pem --outfile $TMPFILE
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+if ! cmp "${srcdir}"/data/gost-cert-new.pem $TMPFILE ; then
+	cat $TMPFILE
+	exit 1
+fi
+
+"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}"/data/gost-cert-ca.pem --infile "${srcdir}"/data/gost-cert-new.pem --outfile $TMPFILE
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE
+rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY
+
+exit 0
diff --git a/tests/cert-tests/illegal-rsa.sh b/tests/cert-tests/illegal-rsa.sh
new file mode 100755
index 0000000..d0cb611
--- /dev/null
+++ b/tests/cert-tests/illegal-rsa.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${GREP=grep}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+TMPFILE=tmp-key.$$.p8
+
+${VALGRIND} "${CERTTOOL}" -k --password 1234 --infile "${srcdir}/data/p8key-illegal.pem"
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Error in importing illegal PKCS#8 key"
+	exit ${rc}
+fi
+
+#check invalid RSA pem key. The key has even prime factor.
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal.pem"
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Error in importing illegal RSA key"
+	exit ${rc}
+fi
+
+#check invalid RSA pem key. The key has too large salt.
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal-rsa-pss.pem"
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Error in importing illegal RSA-PSS key"
+	exit ${rc}
+fi
+
+#sanity generation
+${VALGRIND} "${CERTTOOL}" --generate-privkey --key-type rsa-pss --hash sha256 --salt-size 64 --bits 2048 >/dev/null
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in generating an RSA-PSS key"
+	exit ${rc}
+fi
+
+# generate illegal value
+${VALGRIND} "${CERTTOOL}" --generate-privkey --key-type rsa-pss --hash sha256 --salt-size 1024 --bits 2048 >/dev/null
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Error: allowed generation of an illegal key"
+	exit ${rc}
+fi
+
+rm -f $TMPFILE
+
+exit 0
diff --git a/tests/cert-tests/inhibit-anypolicy.sh b/tests/cert-tests/inhibit-anypolicy.sh
new file mode 100755
index 0000000..e27e4a8
--- /dev/null
+++ b/tests/cert-tests/inhibit-anypolicy.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+TMPFILE=tmp-inhibit.pem.$$.tmp
+TEMPLFILE=template.inhibit.$$.tmp
+CAFILE=inhibit-ca.$$.tmp
+SUBCAFILE=inhibit-subca.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge -s "2017-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/key-ca.pem" \
+		--template "${srcdir}/templates/inhibit-anypolicy.tmpl" \
+		--outfile ${CAFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/inhibit-anypolicy.pem" ${CAFILE}
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CA generation failed ${CAFILE}"
+	exit ${rc}
+fi
+
+# generate leaf
+echo ca > $TEMPLFILE
+echo "cn = sub-CA" >> $TEMPLFILE
+
+datefudge -s "2017-04-23" \
+"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
+	--load-ca-privkey "${srcdir}/data/key-ca.pem" \
+	--load-ca-certificate $CAFILE \
+	--load-privkey "${srcdir}/data/key-subca.pem" \
+	--outfile $SUBCAFILE
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+cat $SUBCAFILE $CAFILE > ${TMPFILE}
+
+# we do not support the inhibit any policy extension for verification
+datefudge -s "2017-04-25" "${CERTTOOL}" --verify-chain --infile ${TMPFILE}
+rc=$?
+if test "$rc" != "0"; then
+	echo "Verification failed unexpectedly ($rc)"
+	exit 1
+fi
+
+rm -f ${TMPFILE}
+rm -f ${TEMPLFILE}
+rm -f ${CAFILE}
+rm -f ${SUBCAFILE}
+
+exit 0
diff --git a/tests/cert-tests/invalid-sig.sh b/tests/cert-tests/invalid-sig.sh
new file mode 100755
index 0000000..53ef760
--- /dev/null
+++ b/tests/cert-tests/invalid-sig.sh
@@ -0,0 +1,103 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Nikos Mavrogiannopoulos
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+. ${srcdir}/../scripts/common.sh
+
+#check whether a different PKCS #1 signature than the advertized in certificate is tolerated
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem"
+rc=$?
+
+# We're done.
+if test $rc = 0; then
+	echo "Verification of invalid signature (1) failed"
+	exit 1
+fi
+
+#check whether a different tbsCertificate than the outer signature algorithm is tolerated
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem"
+rc=$?
+
+# We're done.
+if test $rc = 0; then
+	echo "Verification of invalid signature (2) failed"
+	exit 1
+fi
+
+#check whether a different tbsCertificate than the outer signature algorithm is tolerated
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem"
+rc=$?
+
+# We're done.
+if test $rc = 0; then
+	echo "Verification of invalid signature (3) failed"
+	exit 1
+fi
+
+#check whether different parameters in tbsCertificate than the outer signature is tolerated
+${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem"
+rc=$?
+
+# We're done.
+if test $rc = 0; then
+	echo "Verification of invalid signature (4) failed"
+	exit 1
+fi
+
+#check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated
+${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.pem"
+rc=$?
+
+# We're done.
+if test $rc = 0; then
+	echo "Verification of invalid signature (5) failed"
+	exit 1
+fi
+
+if check_for_datefudge; then
+	#this was causing a double free; verify that we receive the expected error code
+	datefudge -s 2020-01-01 \
+	${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem"
+	rc=$?
+
+	# We're done.
+	if test $rc != 1; then
+		echo "Verification of invalid signature (6) failed"
+		exit 1
+	fi
+else
+	echo "Verification of invalid signature (6) skipped"
+fi
+
+exit 0
diff --git a/tests/cert-tests/key-id.sh b/tests/cert-tests/key-id.sh
new file mode 100755
index 0000000..9c88035
--- /dev/null
+++ b/tests/cert-tests/key-id.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# Copyright (C) 2007-2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TMPFILE=key-id.$$.tmp
+TEMPLFILE=tmpl.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+PARAMS="--generate-certificate --load-privkey '${srcdir}/data/key-user.pem' --load-ca-privkey '${srcdir}/data/key-ca.pem' --template $TEMPLFILE"
+
+echo "serial = 1" > $TEMPLFILE
+
+#eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate $srcdir/ca-gnutls-keyid.pem \
+#    --outfile user-gnutls-keyid.pem 2> /dev/null
+
+#eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate $srcdir/ca-no-keyid.pem \
+#    --outfile user-no-keyid.pem 2> /dev/null
+
+eval ${VALGRIND} "${CERTTOOL}" ${PARAMS} --load-ca-certificate "${srcdir}/data/ca-weird-keyid.pem" \
+	--outfile $TMPFILE
+
+if ${VALGRIND} "${CERTTOOL}" -i < $TMPFILE \
+	| grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then
+:
+else
+	echo "Could not find CA SKI in user certificate."
+	exit 1;
+fi
+
+rm -f $TEMPLFILE $TMPFILE
+
+# We're done.
+exit 0
diff --git a/tests/cert-tests/key-invalid.sh b/tests/cert-tests/key-invalid.sh
new file mode 100755
index 0000000..975687f
--- /dev/null
+++ b/tests/cert-tests/key-invalid.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+TMPFILE=key-invalid.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+ret=0
+for p8 in ${srcdir}/data/key-invalid*.der;do
+	set -- ${p8}
+	file="$1"
+	${VALGRIND} "${CERTTOOL}" --inder --key-info \
+		--infile "${file}"
+	rc=$?
+	if test ${rc} != 1; then
+		echo "FATAL ${p8} - errno ${rc}"
+		ret=1
+	else
+		echo "OK ${p8} - errno ${rc}"
+	fi
+done
+
+rm -f $TMPFILE
+
+echo "DONE (rc $ret)"
+exit $ret
diff --git a/tests/cert-tests/krb5-test.sh b/tests/cert-tests/krb5-test.sh
new file mode 100755
index 0000000..caa7d54
--- /dev/null
+++ b/tests/cert-tests/krb5-test.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=tmp-krb5name.pem
+TMPLFILE=tmp-krb5name.tmpl
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+if ! test -z "${VALGRIND}"; then
+	ORIG_VALGRIND=${VALGRIND}
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3"
+fi
+
+# Note that in rare cases this test may fail because the
+# time set using datefudge could have changed since the generation
+# (if example the system was busy)
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-krb5name.tmpl" \
+		--outfile ${OUTFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-krb5name.pem" ${OUTFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 failed"
+	exit ${rc}
+fi
+
+# disable all parameters to valgrind, to prevent memleak checking on
+# the following tests (negative tests which have leaks in the tools).
+if ! test -z "${ORIG_VALGRIND}"; then
+	VALGRIND=$(echo ${ORIG_VALGRIND}|cut -d ' ' -f 1)
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3"
+fi
+
+# Negative tests. Check against values which may cause problems
+cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE}
+echo "krb5_principal = 'xxxxxxxxxxxxxx'" >>${TMPLFILE}
+
+datefudge -s "2007-04-22" \
+${VALGRIND} "${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template ${TMPLFILE} \
+		--outfile ${OUTFILE} 2>/dev/null
+
+rc=$?
+
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Negative Test 1 failed"
+	exit ${rc}
+fi
+
+cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE}
+echo "krb5_principal = 'comp1/comp2/comp3/comp4/comp5/comp6/comp7/comp8/comp9/comp10@REALM.COM'" >>${TMPLFILE}
+
+datefudge -s "2007-04-22" \
+${VALGRIND} "${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template ${TMPLFILE} \
+		--outfile ${OUTFILE} 2>/dev/null
+
+rc=$?
+
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Negative Test 2 failed"
+	exit ${rc}
+fi
+
+rm -f ${OUTFILE}
+rm -f ${TMPLFILE}
+
+exit 0
diff --git a/tests/cert-tests/md5-test.sh b/tests/cert-tests/md5-test.sh
new file mode 100755
index 0000000..7438e09
--- /dev/null
+++ b/tests/cert-tests/md5-test.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2016 Free Software Foundation, Inc.
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+TMPFILE=md5.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+# Test MD5 signatures
+
+datefudge -s "2016-04-15" \
+	"${CERTTOOL}" --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "1"; then
+	echo "Test 1 (verification of RSA-MD5) failed"
+	exit ${rc}
+fi
+
+datefudge -s "2016-04-15" \
+	"${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 2 (verification of RSA-MD5 with allow-broken) failed"
+	exit ${rc}
+fi
+
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/name-constraints.sh b/tests/cert-tests/name-constraints.sh
new file mode 100755
index 0000000..e0c1e74
--- /dev/null
+++ b/tests/cert-tests/name-constraints.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+TMPFILE=constraints.$$.pem.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge -s "2016-04-22" \
+	${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "name constraints test 1 failed"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/name-constraints-ip2.pem" --outfile "${TMPFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "name constraints test 2 failed"
+	exit 1
+fi
+
+${DIFF} -I ^warning "${TMPFILE}" "${srcdir}/data/name-constraints-ip2.pem" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "name constraints test 3 failed"
+	exit 1
+fi
+
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/othername-test.sh b/tests/cert-tests/othername-test.sh
new file mode 100755
index 0000000..40eb6c1
--- /dev/null
+++ b/tests/cert-tests/othername-test.sh
@@ -0,0 +1,76 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=tmp-othername.pem
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+# Note that in rare cases this test may fail because the
+# time set using datefudge could have changed since the generation
+# (if example the system was busy)
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-othername.tmpl" \
+		--outfile ${OUTFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-othername.pem" ${OUTFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 (othername) failed"
+	exit ${rc}
+fi
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-othername-xmpp.tmpl" \
+		--outfile ${OUTFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-othername-xmpp.pem" ${OUTFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 (xmpp) failed"
+	exit ${rc}
+fi
+
+
+
+rm -f ${OUTFILE}
+
+exit 0
diff --git a/tests/cert-tests/pathlen.sh b/tests/cert-tests/pathlen.sh
new file mode 100755
index 0000000..b5cd7d7
--- /dev/null
+++ b/tests/cert-tests/pathlen.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+TMPFILE1=ca-no-pathlen-$$.tmp
+TMPFILE2=no-ca-or-pathlen-$$.tmp
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/ca-no-pathlen.pem" \
+	|grep -v "Algorithm Security Level"|grep -v ^warning > $TMPFILE1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "info 1 failed"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/no-ca-or-pathlen.pem" \
+	|grep -v "Algorithm Security Level" > $TMPFILE2
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "info 2 failed"
+	exit ${rc}
+fi
+
+${DIFF} "${srcdir}/data/ca-no-pathlen.pem" $TMPFILE1
+rc1=$?
+${DIFF} "${srcdir}/data/no-ca-or-pathlen.pem" $TMPFILE2
+rc2=$?
+
+
+# We're done.
+if test "${rc1}" != "0"; then
+	exit ${rc1}
+fi
+
+rm -f $TMPFILE1 $TMPFILE2
+
+exit ${rc2}
diff --git a/tests/cert-tests/pem-decoding.sh b/tests/cert-tests/pem-decoding.sh
new file mode 100755
index 0000000..dc9380c
--- /dev/null
+++ b/tests/cert-tests/pem-decoding.sh
@@ -0,0 +1,223 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+TMPFILE=tmp-$$.pem.tmp
+TMPFILE1=tmp1-$$.pem.tmp
+TMPFILE2=tmp2-$$.pem.tmp
+
+#check whether "funny" spaces can be interpreted
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/funny-spacing.pem" >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Funny-spacing cert decoding failed 1"
+	exit ${rc}
+fi
+
+#check whether a BMPString attribute can be properly decoded
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/bmpstring.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "BMPString cert decoding failed 1"
+	exit ${rc}
+fi
+
+check_if_equal "${srcdir}/data/bmpstring.pem" ${TMPFILE} "Algorithm Security Level"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "BMPString cert decoding failed 2"
+	exit ${rc}
+fi
+
+#check whether complex-cert is decoded as expected
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/complex-cert.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Complex cert decoding failed 1"
+	exit ${rc}
+fi
+
+check_if_equal "${srcdir}/data/complex-cert.pem" ${TMPFILE} "Not After:|Algorithm Security Level"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Complex cert decoding failed 2"
+	exit ${rc}
+fi
+
+#check whether the cert with many othernames is decoded as expected
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/xmpp-othername.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "XMPP cert decoding failed 1"
+	exit ${rc}
+fi
+
+check_if_equal "${srcdir}/data/xmpp-othername.pem" ${TMPFILE} "^warning|Not After:|Algorithm Security Level"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "XMPP cert decoding failed 2"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/template-krb5name.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "XMPP cert decoding failed 1"
+	exit ${rc}
+fi
+
+grep "KRB5Principal:" ${TMPFILE} >${TMPFILE1}
+grep "KRB5Principal:" "${srcdir}/data/template-krb5name-full.pem" >${TMPFILE2}
+check_if_equal ${TMPFILE1} ${TMPFILE2}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "KRB5 principalname cert decoding failed 1"
+	exit ${rc}
+fi
+
+
+#check whether the cert with GOST parameters is decoded as expected
+if test "${ENABLE_GOST}" = "1"; then
+	GOSTCERT="${srcdir}/data/gost-cert.pem"
+else
+	GOSTCERT="${srcdir}/data/gost-cert-nogost.pem"
+fi
+
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${GOSTCERT}" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "GOST cert decoding failed 1"
+	exit ${rc}
+fi
+
+check_if_equal ${TMPFILE} "${GOSTCERT}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "GOST cert decoding failed 2"
+	exit ${rc}
+fi
+
+#check whether the cert with GOST 31.10/11-94 parameters is decoded as expected
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/gost94-cert.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "GOST94 cert decoding failed 1"
+	exit ${rc}
+fi
+
+check_if_equal ${TMPFILE} "${srcdir}/data/gost94-cert.pem" "Algorithm Security Level"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "GOST94 cert decoding failed 2"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/multi-value-dn.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "MV-DN cert decoding failed 1"
+	exit ${rc}
+fi
+
+# Needed for FIPS140 mode
+check_if_equal "${srcdir}/data/multi-value-dn.pem" ${TMPFILE} "Algorithm Security Level:"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "MV-DN cert decoding failed 2"
+	exit ${rc}
+fi
+
+#check if --no-text works as expected
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text -k --certificate-info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text -k --certificate-info failed 2"
+	exit 1
+fi
+
+#check if --no-text works as expected
+${VALGRIND} "${CERTTOOL}" --certificate-pubkey --infile "${srcdir}/data/cert-ecc256.pem" --no-text  --outfile ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text cert pubkey failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text cert pubkey failed 2"
+	exit 1
+fi
+
+#check if --no-text works as expected
+${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/cert-ecc256.pem" --no-text  --outfile ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text pubkey info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text pubkey info failed 2"
+	exit 1
+fi
+
+rm -f ${TMPFILE} ${TMPFILE1} ${TMPFILE2}
+
+exit 0
diff --git a/tests/cert-tests/pkcs1-pad.sh b/tests/cert-tests/pkcs1-pad.sh
new file mode 100755
index 0000000..c8f34e4
--- /dev/null
+++ b/tests/cert-tests/pkcs1-pad.sh
@@ -0,0 +1,109 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2008-2010, 2012 Free Software Foundation,
+# Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+TMPFILE1=pkcs1-pad.$$.tmp
+TMPFILE2=pkcs1-pad-2.$$.tmp
+
+# Test 1, PKCS#1 pad digestAlgorithm.parameters
+
+EXPECT1=2002
+
+datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1
+datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1
+
+out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "`
+out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "`
+out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "`
+out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "`
+
+if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then
+	echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}"
+	echo "expected ${EXPECT1}"
+	echo "PKCS1-PAD1 FAIL"
+	exit 1
+fi
+
+rm -f $TMPFILE1 $TMPFILE2
+
+echo "PKCS1-PAD1 OK"
+
+# Test 2, Bleichenbacher's Crypto 06 rump session
+
+EXPECT2=2002
+
+datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1
+datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1
+
+out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "`
+out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "`
+out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "`
+out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "`
+
+if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then
+	echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}"
+	echo "expected ${EXPECT2}"
+	echo "PKCS1-PAD2 FAIL"
+	exit 1
+fi
+
+rm -f $TMPFILE1 $TMPFILE2
+
+echo "PKCS1-PAD2 OK"
+
+# Test 3, forged Starfield certificate,
+# by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann.
+
+
+datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1
+
+out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "`
+out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "`
+
+if test ${out1fails} -lt 2 || test ${out1oks} != 0;then
+	echo "$TMPFILE1 oks ${out1oks} fails ${out1fails}"
+	echo "expected ${EXPECT3}"
+	echo "PKCS1-PAD3 FAIL"
+	exit 1
+fi
+
+rm -f $TMPFILE1
+
+echo "PKCS1-PAD3 OK"
+
+# We're done.
+exit 0
diff --git a/tests/cert-tests/pkcs12-corner-cases.sh b/tests/cert-tests/pkcs12-corner-cases.sh
new file mode 100755
index 0000000..2c6a2d9
--- /dev/null
+++ b/tests/cert-tests/pkcs12-corner-cases.sh
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2008, 2010, 2012 Free Software Foundation,
+# Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+#	VALGRIND=$(echo ${VALGRIND}|cut -d ' ' -f 1)
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=6"
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+TMPFILE="pkcs12-corner.$$.tmp"
+
+# Cases from oss-fuzz
+
+cpassword='1234'
+for p12 in "mem-leak.p12";do
+	set -- ${p12}
+	file="$1"
+	${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \
+		--infile "${srcdir}/data/${file}" >${TMPFILE} 2>&1
+	rc=$?
+	if test ${rc} != 0 && test ${rc} != 1; then
+		cat ${TMPFILE}
+		echo "PKCS12 FATAL ${file}"
+		exit 1
+	fi
+done
+
+# Check corner cases in PKCS#12 decoding. Typically the structures tested fail
+# in parsing, but we check against crashes, etc. These test cases were taken
+# from Hubert Kario's corpus at: https://github.com/redhat-qe-security/keyfile-corpus
+
+cpassword='Red Hat Enterprise Linux 7.4'
+for p12 in "key-corpus-rc2-1.p12" "key-corpus-rc2-2.p12" "key-corpus-rc2-3.p12";do 
+	set -- ${p12}
+	file="$1"
+	${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \
+		--infile "${srcdir}/data/${file}" >${TMPFILE} 2>&1
+	rc=$?
+	if test ${rc} != 0 && test ${rc} != 1; then
+		cat ${TMPFILE}
+		echo "PKCS12 FATAL ${file}"
+		exit 1
+	fi
+done
+
+for p12 in "key-corpus-rc2-1.p12";do
+	set -- ${p12}
+	file="$1"
+	"${CERTTOOL}" --p12-info --inder --password "${cpassword}" \
+		--infile "${srcdir}/data/${file}" | tr -d '\r' >${TMPFILE} 2>/dev/null
+	rc=$?
+	if test ${rc} != 0 && test ${rc} != 1; then
+		cat ${TMPFILE}
+		echo "Error in output from ${file}"
+		exit 1
+	fi
+
+	check_if_equal ${TMPFILE} "${srcdir}/data/${file}.out"
+	rc=$?
+	if test ${rc} != 0;then
+		echo "Output differs in ${file}.out ${TMPFILE}"
+		exit 1
+	fi
+done
+
+rm -f ${TMPFILE}
+
+exit 0
diff --git a/tests/cert-tests/pkcs12-encode.sh b/tests/cert-tests/pkcs12-encode.sh
new file mode 100755
index 0000000..f3e7ade
--- /dev/null
+++ b/tests/cert-tests/pkcs12-encode.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2012 Free Software Foundation, Inc.
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+: ${DIFF=diff -b -B}
+DEBUG=""
+
+TMPFILE=pkcs12.$$.tmp
+TMPFILE_PEM=pkcs12.$$.pem.tmp
+
+# test whether we can encode a certificate, a key and a CA
+${VALGRIND} "${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding 2 (--outder)"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 123456 --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding 2 (--inder)"
+	exit 1
+fi
+
+grep "BEGIN ENCRYPTED PRIVATE KEY" ${TMPFILE_PEM} >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	exit ${rc}
+fi
+
+count=`grep -c "BEGIN CERTIFICATE" ${TMPFILE_PEM}`
+
+if test "$count" != "2"; then
+	echo "Only one certificate was included"
+	exit 1
+fi
+
+# Check whether we can encode a PKCS#12 file with cert / key and CRL
+${VALGRIND} "${CERTTOOL}" --to-p12 --password 123456 --pkcs-cipher aes-128 --p12-name "my-combo-key" --load-crl "${srcdir}/data/crl-demo1.pem" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outraw --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding 3 (--outraw)"
+	exit 1
+fi
+
+# Check whether the contents are the expected ones
+${VALGRIND} "${CERTTOOL}" --p12-info --inraw --password 123456 --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding 3 (--inraw)"
+	exit 1
+fi
+
+grep "BEGIN CERTIFICATE" ${TMPFILE_PEM} >/dev/null 2>&1
+if test "$?" != "0"; then
+	exit ${rc}
+fi
+
+grep "BEGIN CRL" ${TMPFILE_PEM} >/dev/null 2>&1
+if test "$?" != "0"; then
+	exit ${rc}
+fi
+
+grep "BEGIN ENCRYPTED PRIVATE KEY" ${TMPFILE_PEM} >/dev/null 2>&1
+if test "$?" != "0"; then
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE_PEM} $TMPFILE
+
+exit ${ret}
diff --git a/tests/cert-tests/pkcs12-gost.sh b/tests/cert-tests/pkcs12-gost.sh
new file mode 100755
index 0000000..ab94479
--- /dev/null
+++ b/tests/cert-tests/pkcs12-gost.sh
@@ -0,0 +1,105 @@
+#!/bin/sh
+
+# Copyright (C) 2018 Dmitry Eremin-Solenikov
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# This test cannot run under windows because it passes UTF8 data on command
+# line. This seems not to work under windows.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+: ${DIFF=diff}
+DEBUG=""
+
+TMPFILE=pkcs12-gost.$$.tmp
+TMPFILE_PEM=pkcs12-gost.$$.tmp.pem
+
+echo "Testing decoding of known keys"
+echo "=============================="
+
+ret=0
+for p12 in "gost01.p12 Пароль%20для%20PFX" "gost12.p12 Пароль%20для%20PFX" "gost12-2.p12 Пароль%20для%20PFX" ; do
+	set -- ${p12}
+	file="$1"
+	passwd=$(echo $2|sed 's/%20/ /g')
+
+	if test "x$DEBUG" != "x"; then
+		${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}"
+	else
+		${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}" >/dev/null
+	fi
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS12 FATAL ${p12}"
+		exit 1
+	fi
+done
+
+
+echo ""
+echo "Testing encoding/decoding"
+echo "========================="
+
+${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-256 --to-p12 --password "Пароль для PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль для PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-512 --to-p12 --password "Пароль для PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль для PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding"
+	exit 1
+fi
+
+rm -f "$TMPFILE" "$TMPFILE_PEM"
+
+exit 0
diff --git a/tests/cert-tests/pkcs12-utf8.sh b/tests/cert-tests/pkcs12-utf8.sh
new file mode 100755
index 0000000..168e7c5
--- /dev/null
+++ b/tests/cert-tests/pkcs12-utf8.sh
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+# Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# This test cannot run under windows because it passes UTF8 data on command
+# line. This seems not to work under windows. It intentionally depends on
+# bash as few other shells cannot handle utf8 strings
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+: ${DIFF=diff}
+DEBUG=""
+
+TMPFILE=pkcs12-utf8.$$.tmp
+TMPFILE_PEM=pkcs12-utf8.$$.tmp.pem
+
+echo "Testing decoding of known keys"
+echo "=============================="
+
+ret=0
+for p12 in "key-utf8-1.p12 ένα-δύο" "key-utf8-2.p12 ένα_δύο_τρία_τέσσερα"; do
+	set -- ${p12}
+	file="$1"
+	passwd="$2"
+	if test "x$DEBUG" != "x"; then
+		${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}"
+	else
+		${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}" >/dev/null
+	fi
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS12 FATAL ${p12}"
+		exit 1
+	fi
+done
+
+
+echo ""
+echo "Testing encoding/decoding"
+echo "========================="
+
+${VALGRIND} "${CERTTOOL}" --pkcs-cipher=aes-256 --to-p12 --password "ένα δύο tria" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "ένα δύο tria" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding"
+	exit 1
+fi
+
+rm -f "$TMPFILE" "$TMPFILE_PEM"
+
+exit 0
diff --git a/tests/cert-tests/pkcs12.sh b/tests/cert-tests/pkcs12.sh
new file mode 100755
index 0000000..f89e07a
--- /dev/null
+++ b/tests/cert-tests/pkcs12.sh
@@ -0,0 +1,168 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2008, 2010, 2012 Free Software Foundation,
+# Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+: ${DIFF=diff}
+DEBUG=""
+
+. "${srcdir}/../scripts/common.sh"
+testdir=`create_testdir pkcs12`
+
+TMPFILE=$testdir/pkcs12
+TMPFILE_PEM=$testdir/pkcs12.pem
+
+DEBUG="1"
+
+for p12 in "aes-128.p12 Red%20Hat%20Enterprise%20Linux%207.4" "pbes1-no-salt.p12 Red%20Hat%20Enterprise%20Linux%207.4" "no-salt.p12 Red%20Hat%20Enterprise%20Linux%207.4" "mac-sha512.p12 Red%20Hat%20Enterprise%20Linux%207.4" "cert-with-crl.p12 password" "client.p12 foobar" "openssl.p12 CaudFocwijRupogDoicsApfiHadManUgNa" "noclient.p12" "unclient.p12" "pkcs12_2certs.p12"; do
+	set -- ${p12}
+	file="$1"
+	passwd=$(echo $2|sed 's/%20/ /g')
+
+	if test "x$DEBUG" != "x"; then
+		${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}"
+	else
+		${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}" >/dev/null
+	fi
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS12 FATAL ${p12}"
+		exit 1
+	fi
+done
+
+file="$srcdir/data/test-null.p12"
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --null-password --infile "${file}" >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL ${file}"
+	exit 1
+fi
+
+file="$srcdir/data/sha256.p12"
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile "${file}" >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL ${file}"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile "$srcdir/data/sha256.p12" --outfile "${TMPFILE}" --no-text
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text pkcs12 info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text pkcs12 info failed 2"
+	exit 1
+fi
+
+# test whether we can encode a certificate and a key
+${VALGRIND} "${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile $TMPFILE|tr -d '\r' >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding"
+	exit 1
+fi
+
+grep "BEGIN ENCRYPTED PRIVATE KEY" ${TMPFILE_PEM} >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	exit ${rc}
+fi
+
+grep "BEGIN CERTIFICATE" ${TMPFILE_PEM} >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	exit ${rc}
+fi
+
+INFO_EXP=$testdir/p12-info.exp
+INFO_OUT=$testdir/p12-info.out
+
+cat >$INFO_EXP <<EOF
+MAC info:
+	MAC: SHA256 (2.16.840.1.101.3.4.2.1)
+	Salt size: 8
+	Iteration count: $PKCS12_ITER_COUNT
+
+BAG #0
+	Type: Encrypted
+	Cipher: AES-128-CBC
+	Schema: PBES2-AES128-CBC (2.16.840.1.101.3.4.1.2)
+	Iteration count: $PKCS12_ITER_COUNT
+
+BAG #1
+	Elements: 1
+	Type: PKCS #8 Encrypted key
+	PKCS #8 information:
+		Cipher: AES-128-CBC
+		Schema: PBES2-AES128-CBC (2.16.840.1.101.3.4.1.2)
+		Iteration count: $PKCS12_ITER_COUNT
+
+EOF
+
+sed -n -e '/^MAC/,/^$/p' -e '/^BAG/,/^$/p' ${TMPFILE_PEM} | \
+sed -e '/^[ 	]*Salt:/d' \
+    -e '/^BAG #[0-9]*/,$ { /^[ 	]*Salt size:/d
+}' > ${INFO_OUT}
+
+diff ${INFO_EXP} ${INFO_OUT}
+
+rc=$?
+
+if test "${rc}" != "0"; then
+	exit ${rc}
+fi
+
+rm -rf "${testdir}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7-broken-sigs.sh b/tests/cert-tests/pkcs7-broken-sigs.sh
new file mode 100755
index 0000000..b51d0c5
--- /dev/null
+++ b/tests/cert-tests/pkcs7-broken-sigs.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+
+# Test signing with MD5
+FILE="signing"
+${VALGRIND} "${CERTTOOL}" --p7-sign --hash md5 --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with MD5 failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "1"; then
+	echo "${FILE}: PKCS7 struct signing succeeded verification with MD5"
+	exit ${rc}
+fi
+
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed with MD5 and allow-broken"
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${OUTFILE2}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7-cat.sh b/tests/cert-tests/pkcs7-cat.sh
new file mode 100755
index 0000000..1cec37f
--- /dev/null
+++ b/tests/cert-tests/pkcs7-cat.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+datefudge -s "2016-10-1" \
+${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem" 
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "PKCS7 verification failed (1)"
+	exit 1
+fi
+
+rm -f "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7-constraints.sh b/tests/cert-tests/pkcs7-constraints.sh
new file mode 100755
index 0000000..150c103
--- /dev/null
+++ b/tests/cert-tests/pkcs7-constraints.sh
@@ -0,0 +1,114 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+
+FILE="signing"
+echo "test: $FILE"
+${VALGRIND} "${CERTTOOL}" --p7-sign --p7-include-cert --load-privkey  "${srcdir}/data/code-signing-cert.pem" --load-certificate "${srcdir}/data/code-signing-cert.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify-no-purpose"
+echo ""
+echo "test: $FILE"
+datefudge -s "2015-1-10" \
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (0)"
+	exit ${rc}
+fi
+
+FILE="signing-verify-valid-purpose"
+echo ""
+echo "test: $FILE"
+datefudge -s "2015-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (1)"
+	exit ${rc}
+fi
+
+FILE="signing-verify-invalid-purpose"
+echo ""
+echo "test: $FILE"
+datefudge -s "2015-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (2)"
+	exit 1
+fi
+
+FILE="signing-verify-invalid-date-1"
+echo ""
+echo "test: $FILE"
+datefudge -s "2011-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (3)"
+	exit 1
+fi
+
+FILE="signing-verify-invalid-date-2"
+echo ""
+echo "test: $FILE"
+datefudge -s "2018-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (4)"
+	exit 1
+fi
+
+rm -f "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7-constraints2.sh b/tests/cert-tests/pkcs7-constraints2.sh
new file mode 100755
index 0000000..94f89a5
--- /dev/null
+++ b/tests/cert-tests/pkcs7-constraints2.sh
@@ -0,0 +1,114 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+
+FILE="signing"
+echo "test: $FILE"
+${VALGRIND} "${CERTTOOL}" --p7-sign --p7-include-cert --load-privkey  "${srcdir}/data/code-signing-cert.pem" --load-certificate "${srcdir}/data/code-signing-cert.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify-no-purpose"
+echo ""
+echo "test: $FILE"
+datefudge -s "2015-1-10" \
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (0)"
+	exit ${rc}
+fi
+
+FILE="signing-verify-valid-purpose"
+echo ""
+echo "test: $FILE"
+datefudge -s "2015-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (1)"
+	exit ${rc}
+fi
+
+FILE="signing-verify-invalid-purpose"
+echo ""
+echo "test: $FILE"
+datefudge -s "2015-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (2)"
+	exit 1
+fi
+
+FILE="signing-verify-invalid-date-1"
+echo ""
+echo "test: $FILE"
+datefudge -s "2011-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (3)"
+	exit 1
+fi
+
+FILE="signing-verify-invalid-date-2"
+echo ""
+echo "test: $FILE"
+datefudge -s "2018-1-10" \
+${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification (4)"
+	exit 1
+fi
+
+rm -f "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7-eddsa.sh b/tests/cert-tests/pkcs7-eddsa.sh
new file mode 100755
index 0000000..4017970
--- /dev/null
+++ b/tests/cert-tests/pkcs7-eddsa.sh
@@ -0,0 +1,124 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+KEY="${srcdir}/../certs/ed25519.pem"
+CERT="${srcdir}/../certs/cert-ed25519.pem"
+
+# Test verification of saved file
+FILE="${srcdir}/data/pkcs7-eddsa-sig.p7s"
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-certificate "${CERT}" --infile "${FILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct verification failed"
+	exit ${rc}
+fi
+
+# Test signing
+FILE="signing"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+#check extraction of embedded data in signature
+FILE="signing-verify-data"
+${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${CERT}" --outfile "${OUTFILE2}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification with data"
+	exit ${rc}
+fi
+
+cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 data detaching failed"
+	exit ${rc}
+fi
+
+FILE="signing-time"
+${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey  "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}"
+grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
+if test $? != 0;then
+	echo "Content-Type was not set in attributes"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
+	exit ${rc}
+fi
+
+FILE="signing-time-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed verification"
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${OUTFILE2}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7-list-sign.sh b/tests/cert-tests/pkcs7-list-sign.sh
new file mode 100755
index 0000000..2cf168b
--- /dev/null
+++ b/tests/cert-tests/pkcs7-list-sign.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Karl Tarbe
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+# Test signing
+FILE="signing-with-cert-list"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-certificate "${srcdir}/data/pkcs7-chain.pem" --load-privkey "${srcdir}/data/pkcs7-chain-endcert-key.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+#test chain verification
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/pkcs7-chain-root.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+#check extraction of embedded data in signature
+FILE="signing-cert-list-verify-data"
+${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-ca-certificate "${srcdir}/data/pkcs7-chain-root.pem" --outfile "${OUTFILE2}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification with data"
+	exit ${rc}
+fi
+
+cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 data detaching failed"
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${OUTFILE2}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs7.sh b/tests/cert-tests/pkcs7.sh
new file mode 100755
index 0000000..709ee5c
--- /dev/null
+++ b/tests/cert-tests/pkcs7.sh
@@ -0,0 +1,352 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+TMPFILE=tmp-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1"
+then
+	GOST_P7B="rfc4490.p7b"
+else
+	GOST_P7B=""
+fi
+
+for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b $GOST_P7B; do
+${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}"
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 decoding failed"
+	exit ${rc}
+fi
+
+${DIFF} "${OUTFILE}" "${srcdir}/data/${FILE}.out" >/dev/null
+if test "$?" != "0"; then
+	echo "${FILE}: PKCS7 decoding didn't produce the correct file"
+	exit 1
+fi
+done
+
+${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/full.p7b" --outfile "${TMPFILE}" --no-text
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text pkcs7 info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text pkcs7 info failed 2"
+	exit 1
+fi
+
+# check signatures
+
+for FILE in full.p7b openssl.p7b openssl-keyid.p7b; do
+# check validation with date prior to CA issuance
+datefudge -s "2011-1-10" \
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 verification succeeded with invalid date (1)"
+	exit 1
+fi
+
+# check validation with date prior to intermediate cert issuance
+datefudge -s "2011-5-28 08:38:00 UTC" \
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 verification succeeded with invalid date (2)"
+	exit 1
+fi
+
+# check validation with date after intermediate cert issuance
+datefudge -s "2038-10-13" \
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 verification succeeded with invalid date (3)"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 verification failed"
+	exit ${rc}
+fi
+done
+
+
+#check key purpose verification
+for FILE in full.p7b; do
+
+${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 verification failed with key purpose"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.3 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 verification succeeded with wrong key purpose"
+	exit 2
+fi
+
+done
+
+# check signature with detached data
+
+FILE="detached.p7b"
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 verification succeeded without providing detached data"
+	exit 2
+fi
+
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-data "${srcdir}/data/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 verification failed"
+	exit ${rc}
+fi
+
+# Test cert combination
+
+FILE="p7-combined"
+
+rm -f "${OUTFILE2}"
+for i in cert-ecc256.pem cert-ecc521.pem cert-ecc384.pem cert-ecc.pem cert-rsa-2432.pem;do
+	cat "${srcdir}/../certs"/$i >>"${OUTFILE2}"
+done
+${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct generation failed"
+	exit ${rc}
+fi
+
+${DIFF} "${OUTFILE}" "${srcdir}/data/p7-combined.out" >/dev/null
+if test "$?" != "0"; then
+	echo "${FILE}: PKCS7 generation didn't produce the correct file"
+	exit 1
+fi
+
+# Test signing
+FILE="signing"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+#check extraction of embedded data in signature
+FILE="signing-verify-data"
+${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --outfile "${OUTFILE2}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification with data"
+	exit ${rc}
+fi
+
+cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 data detaching failed"
+	exit ${rc}
+fi
+
+FILE="signing-detached"
+${VALGRIND} "${CERTTOOL}" --p7-detached-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing-detached failed"
+	exit ${rc}
+fi
+
+FILE="signing-detached-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing-detached failed verification"
+	exit ${rc}
+fi
+
+# Test signing with broken algorithms
+FILE="signing-broken"
+${VALGRIND} "${CERTTOOL}" --hash md5 --p7-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing-broken failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify-broken"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "${FILE}: PKCS7 struct verification succeeded with broken algo"
+	exit 1
+fi
+
+FILE="signing-time"
+${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}"
+grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
+if test $? != 0;then
+	echo "Content-Type was not set in attributes"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
+	exit ${rc}
+fi
+
+FILE="signing-time-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed verification"
+	exit ${rc}
+fi
+
+FILE="rsa-pss-signing"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa-pss.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa-pss.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+FILE="rsa-pss-signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa-pss.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+# Test BER encoding, see RFC 4134 Section 4.5
+# SHA1 signature, so --verify-allow-broken
+FILE="rfc4134-4.5"
+${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-ca-certificate "${srcdir}/data/rfc4134-ca-rsa.pem" --infile "${srcdir}/data/rfc4134-4.5.p7b" --inder
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 BER parsing/decoding failed"
+	exit ${rc}
+fi
+
+if test "x$ENABLE_GOST" = "x1"  && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1"
+then
+	FILE="gost01-signing"
+	${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-gost01.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+	rc=$?
+
+	if test "${rc}" != "0"; then
+		echo "${FILE}: PKCS7 struct signing failed"
+		exit ${rc}
+	fi
+
+	FILE="gost01-signing-verify"
+	${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}"
+	rc=$?
+
+	if test "${rc}" != "1"; then
+		echo "${FILE}: PKCS7 struct signing succeeded verification with broken algo"
+		exit ${rc}
+	fi
+
+	FILE="gost01-signing-verify"
+	${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}"
+	rc=$?
+
+	if test "${rc}" != "0"; then
+		echo "${FILE}: PKCS7 struct signing failed verification"
+		exit ${rc}
+	fi
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${OUTFILE2}"
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/pkcs8-decode.sh b/tests/cert-tests/pkcs8-decode.sh
new file mode 100755
index 0000000..27c84bf
--- /dev/null
+++ b/tests/cert-tests/pkcs8-decode.sh
@@ -0,0 +1,80 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+TMPFILE=pkcs8-decode.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+ret=0
+for p8 in "pkcs8-pbes1-des-md5.pem password" "encpkcs8.pem foobar" "unencpkcs8.pem" "enc2pkcs8.pem baz" "pkcs8-pbes2-sha256.pem password"; do
+	set -- ${p8}
+	file="$1"
+	passwd="$2"
+	${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
+		--infile "${srcdir}/data/${file}"
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS8 FATAL ${p8}"
+		ret=1
+	else
+		echo "PKCS8 OK ${p8}"
+	fi
+done
+
+for p8 in "openssl-aes128.p8" "openssl-aes256.p8" "openssl-3des.p8"; do
+	set -- ${p8}
+	file="$1"
+	passwd="$2"
+	${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \
+		--infile "${srcdir}/data/${file}" --outfile $TMPFILE
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS8 FATAL ${p8}"
+		ret=1
+	fi
+
+	${DIFF} "${srcdir}/data/${p8}.txt" $TMPFILE
+	rc=$?
+	if test ${rc} != 0; then
+		cat $TMPFILE
+		echo "PKCS8 FATAL TXT ${p8}"
+		ret=1
+	fi
+done
+rm -f $TMPFILE
+
+echo "PKCS8 DONE (rc $ret)"
+exit $ret
diff --git a/tests/cert-tests/pkcs8-eddsa.sh b/tests/cert-tests/pkcs8-eddsa.sh
new file mode 100755
index 0000000..2d33ebf
--- /dev/null
+++ b/tests/cert-tests/pkcs8-eddsa.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+TMPFILE=pkcs8-eddsa.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+for p8 in "pkcs8-eddsa.pem"; do
+	set -- ${p8}
+	file="$1"
+	${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "" \
+		--infile "${srcdir}/data/${file}" --outfile $TMPFILE
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS8 FATAL ${p8}"
+		exit 1
+	fi
+
+	echo ""
+	${DIFF} -u "${srcdir}/data/${p8}.txt" $TMPFILE
+	rc=$?
+	if test ${rc} != 0; then
+		cat $TMPFILE
+		echo "PKCS8 FATAL TXT ${p8}"
+		exit 1
+	fi
+done
+rm -f $TMPFILE
+
+echo "PKCS8 DONE"
+exit 0
diff --git a/tests/cert-tests/pkcs8-gost.sh b/tests/cert-tests/pkcs8-gost.sh
new file mode 100755
index 0000000..6527d9d
--- /dev/null
+++ b/tests/cert-tests/pkcs8-gost.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+# Copyright (C) 2018 Dmitry Eremin-Solenikov
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+TMPFILE=pkcs8-gost-decode.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+ret=0
+# key-gost12-512.p8 is not supported for now: it uses curve TC26-512-B
+for p8 in "key-gost01.p8" "key-gost12-256.p8" "key-gost01-2.p8" "key-gost12-256-2.p8" "key-gost01-2-enc.p8 Пароль%20для%20PFX" "key-gost12-256-2-enc.p8 Пароль%20для%20PFX"; do
+	set -- ${p8}
+	file="$1"
+	passwd=$(echo $2|sed 's/%20/ /g')
+	${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
+		--infile "${srcdir}/data/${file}" --outfile $TMPFILE \
+		--pkcs-cipher none
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS8 FATAL ${p8}"
+		ret=1
+		continue
+	fi
+
+	${DIFF} "${srcdir}/data/${1}.txt" $TMPFILE
+	rc=$?
+	if test ${rc} != 0; then
+		cat $TMPFILE
+		echo "PKCS8 FATAL TXT ${p8}"
+		ret=1
+	else
+		echo "PKCS8 OK ${p8}"
+	fi
+done
+
+rm -f $TMPFILE
+
+echo "PKCS8 DONE (rc $ret)"
+exit $ret
diff --git a/tests/cert-tests/pkcs8-invalid.sh b/tests/cert-tests/pkcs8-invalid.sh
new file mode 100755
index 0000000..edf19bb
--- /dev/null
+++ b/tests/cert-tests/pkcs8-invalid.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+TMPFILE=pkcs8-invalid.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+ret=0
+for p8 in "pkcs8-invalid1.der 1234" "pkcs8-invalid2.der 1234" "pkcs8-invalid3.der 1234" "pkcs8-invalid4.der 1234" \
+	"pkcs8-invalid5.der 1234" "pkcs8-invalid6.der 1234" "pkcs8-invalid7.der 1234" "pkcs8-invalid8.der password" \
+	"pkcs8-invalid9.der password" "pkcs8-invalid10.der password";do
+	set -- ${p8}
+	file="$1"
+	passwd="$2"
+	${VALGRIND} "${CERTTOOL}" --inder --key-info --pkcs8 --password "${passwd}" \
+		--infile "${srcdir}/data/${file}"
+	rc=$?
+	if test ${rc} != 1; then
+		echo "PKCS8 FATAL ${p8} - errno ${rc}"
+		exit 1
+	else
+		echo "PKCS8 OK ${p8} - errno ${rc}"
+	fi
+done
+
+rm -f $TMPFILE
+
+echo "PKCS8 DONE (rc $ret)"
+exit $ret
diff --git a/tests/cert-tests/pkcs8.sh b/tests/cert-tests/pkcs8.sh
new file mode 100755
index 0000000..8bad701
--- /dev/null
+++ b/tests/cert-tests/pkcs8.sh
@@ -0,0 +1,152 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${GREP=grep}
+
+TMPFILE=tmp-key-ca.$$.p8
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+# check keys with password
+${VALGRIND} "${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/data/key-ca.pem" --password "1234" \
+	--outfile $TMPFILE 2>/dev/null
+
+${GREP} "BEGIN ENCRYPTED PRIVATE KEY" $TMPFILE  >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in converting key to PKCS #8 with password"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca.pem" --password "1234" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading PKCS #8 key with password"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca-1234.p8" --password "1234" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading saved PKCS #8 key with password"
+	exit ${rc}
+fi
+
+#keys encrypted with empty password
+${VALGRIND} "${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/data/key-ca.pem" --password "" \
+		--outfile $TMPFILE 2>/dev/null
+
+${GREP} "BEGIN PRIVATE KEY" $TMPFILE  >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in converting key to PKCS #8 with empty password"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca.pem" --password "" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading PKCS #8 key with empty password"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca-empty.p8" --password "" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading saved PKCS #8 key with empty password"
+	exit ${rc}
+fi
+
+#keys encrypted with null password
+${VALGRIND} "${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/data/key-ca.pem" --null-password \
+	--outfile $TMPFILE 2>/dev/null
+
+${GREP} "BEGIN ENCRYPTED PRIVATE KEY" $TMPFILE >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in converting key to PKCS #8 with null password"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca.pem" --null-password >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading PKCS #8 key with null password"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca-null.p8" --null-password >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading saved PKCS #8 key with null password"
+	exit ${rc}
+fi
+
+# Tests for PKCS #8 ECC keys
+
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-ecc.pem" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading saved ECC key"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ecc.p8" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading saved PKCS #8 ECC key"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/openssl-key-ecc.p8" >/dev/null 2>&1
+rc=$?
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Error in reading saved openssl PKCS #8 ECC key"
+	exit ${rc}
+fi
+
+rm -f $TMPFILE
+
+exit 0
diff --git a/tests/cert-tests/privkey-import.sh b/tests/cert-tests/privkey-import.sh
new file mode 100755
index 0000000..575ca58
--- /dev/null
+++ b/tests/cert-tests/privkey-import.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+TMPFILE=tmp-$$.privkey.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+for i in privkey1.pem privkey2.pem privkey3.pem;do
+#check whether "funny" spaces can be interpreted
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/${i}"
+rc=$?
+
+if test "${rc}" != "0";then
+	echo "Error importing private key ${i}"
+	exit 1
+fi
+done
+
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/privkey1.pem" --no-text --outfile ${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "--no-text privkey info failed 1"
+	exit ${rc}
+fi
+
+if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then
+	echo "--no-text privkey info failed 2"
+	exit 1
+fi
+
+rm -f ${TMPFILE}
+
+exit 0
diff --git a/tests/cert-tests/provable-dh-default.sh b/tests/cert-tests/provable-dh-default.sh
new file mode 100755
index 0000000..f6fa889
--- /dev/null
+++ b/tests/cert-tests/provable-dh-default.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=provable-dh$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+#DH parameters - no seed
+${VALGRIND} "${CERTTOOL}" --generate-dh-params --provable --outfile "$OUTFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "test2: Could not generate DH parameters"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "test2: Could not verify the generated parameters"
+	exit 1
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/provable-dh.sh b/tests/cert-tests/provable-dh.sh
new file mode 100755
index 0000000..50d51ce
--- /dev/null
+++ b/tests/cert-tests/provable-dh.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=provable-dh$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${FIPS140}" = 1;then
+SEED="30EC334F97DBC0BA9C8652A7B5D3F7B2DBBB48A4842E190D210E01DABD535981503755EE96A270A598E9D91B2254669169EBDF4599D9F72ACA"
+DSAFILE=provable-dsa2048-fips.pem
+else
+SEED="5A0EA041779B0AB765BE2509C4DE90E5A0E7DAADAE6E49D35938F91333A8E1FE509DD2DFE1967CD0045428103497D00388C8CE36290FE9379F8003CBF8FDA4DA27"
+DSAFILE=provable-dsa2048.pem
+fi
+
+#DH parameters
+${VALGRIND} "${CERTTOOL}" --generate-dh-params --provable --bits 2048 --seed "$SEED" --outfile "$OUTFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "test1: Could not generate a 2048-bit DSA key"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" &
+PID1=$!
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" --seed "$SEED" &
+PID2=$!
+
+wait $PID1
+rc1=$?
+
+wait $PID2
+rc2=$?
+
+if test "${rc1}" != "0" || test "${rc2}" != "0"; then
+	echo "test1: Could not verify the generated parameters"
+	exit 1
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/provable-privkey-dsa2048.sh b/tests/cert-tests/provable-privkey-dsa2048.sh
new file mode 100755
index 0000000..f7eee5d
--- /dev/null
+++ b/tests/cert-tests/provable-privkey-dsa2048.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=provable-privkey.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${VALGRIND} "${CERTTOOL}" --generate-privkey --provable --bits 2048 --dsa --seed "$SEED" --outfile "$OUTFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate a 2048-bit DSA key"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" &
+PID1=$!
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" --seed "$SEED" &
+PID2=$!
+
+wait $PID1
+rc1=$?
+
+wait $PID2
+rc2=$?
+
+if test "${rc1}" != "0" || test "${rc2}" != "0"; then
+	echo "Could not verify the generated parameters"
+	exit 1
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/provable-privkey-gen-default.sh b/tests/cert-tests/provable-privkey-gen-default.sh
new file mode 100755
index 0000000..6517a24
--- /dev/null
+++ b/tests/cert-tests/provable-privkey-gen-default.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=provable-privkey$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${VALGRIND} "${CERTTOOL}" --generate-privkey --provable --seed "A3:54:5C:B3:1D:70:56:1C:A0:BD:2C:C8:78:C1:9C:56:CD:69:75:50:0C:3A:FD:BF:E8:96:83:FA:52:BC:98:C5" --outfile $OUTFILE
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate a default key"
+	exit 1
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/provable-privkey-rsa2048.sh b/tests/cert-tests/provable-privkey-rsa2048.sh
new file mode 100755
index 0000000..7f6b409
--- /dev/null
+++ b/tests/cert-tests/provable-privkey-rsa2048.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=provable-privkey$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${VALGRIND} "${CERTTOOL}" --generate-privkey --provable --bits 2048 --seed "AF:BF:D6:96:BA:5D:05:E3:78:A9:4B:BF:E2:95:BA:F9:94:AC:B8:7F:BC:C8:ED:FF:7A:48:EE:4F" --outfile $OUTFILE
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Could not generate a 2048-bit key"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" &
+PID1=$!
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" --seed "AF:BF:D6:96:BA:5D:05:E3:78:A9:4B:BF:E2:95:BA:F9:94:AC:B8:7F:BC:C8:ED:FF:7A:48:EE:4F" &
+PID2=$!
+
+wait $PID1
+rc1=$?
+
+wait $PID2
+rc2=$?
+
+if test "${rc1}" != "0" || test "${rc2}" != "0"; then
+	echo "test1: Could not verify the generated parameters"
+	exit 1
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/provable-privkey.sh b/tests/cert-tests/provable-privkey.sh
new file mode 100755
index 0000000..0049c6d
--- /dev/null
+++ b/tests/cert-tests/provable-privkey.sh
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE=provable-privkey$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+#RSA keys
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "${srcdir}/data/provable2048.pem" &
+PID1=$!
+
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "${srcdir}/data/provable3072.pem" &
+PID2=$!
+
+
+if test "${FIPS140}" = 1;then
+SEED="30:EC:33:4F:97:DB:C0:BA:9C:86:52:A7:B5:D3:F7:B2:DB:BB:48:A4:84:2E:19:0D:21:0E:01:DA:BD:53:59:81:50:37:55:EE:96:A2:70:A5:98:E9:D9:1B:22:54:66:91:69:EB:DF:45:99:D9:F7:2A:CA"
+DSAFILE=provable-dsa2048-fips.pem
+else
+SEED="84:31:21:BD:89:53:5E:E8:69:46:D5:8D:24:6D:47:A5:8D:15:76:A8:35:1B:42:23:E1:CF:F3:69:A1:26:6D:2B:24:B0:72:9D:7C:A5:67:87:FD:E2:E3:DE:19:B9:F2:E7:21:AC:69:8A:29:61:77:32:E7:75:6F:5A:E4:58:0B:E1:79"
+DSAFILE=provable-dsa2048.pem
+fi
+
+#DSA keys
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "${srcdir}/data/${DSAFILE}" &
+PID3=$!
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --seed "${SEED}" --load-privkey "${srcdir}/data/${DSAFILE}" &
+PID4=$!
+
+wait $PID1
+rc1=$?
+
+wait $PID2
+rc2=$?
+
+wait $PID3
+rc3=$?
+
+wait $PID4
+rc4=$?
+
+if test "${rc1}" != "0"; then
+	echo "Could not verify the 2048-bit key"
+	exit 1
+fi
+
+if test "${rc2}" != "0"; then
+	echo "Could not verify the 3072-bit key"
+	exit 1
+fi
+
+if test "${rc3}" != "0"; then
+	echo "Could not verify the 2048-bit DSA key"
+	exit 1
+fi
+
+if test "${rc4}" != "0"; then
+	echo "Could not verify the 2048-bit DSA key with explicit seed"
+	exit 1
+fi
+
+#
+# Negative tests, verify using an incorrect seed
+#
+
+ARB_SEED="31:EC:34:4F:97:DB:C0:BA:9C:86:52:A7:B5:D3:F7:B2:DB:BB:48:A4:84:2E:19:0D:21:0E:01:DA:BD:53:59:81:50:37:55:EE:96:A2:70:A5:98:E9:D9:1B:22:54:66:91:69:EB:DF:45:99:D9:F7:2A:CA"
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --seed "${ARB_SEED}" --load-privkey "${srcdir}/data/provable2048.pem" &
+PID1=$!
+
+${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --seed "${ARB_SEED}" --load-privkey "${srcdir}/data/${DSAFILE}" &
+PID2=$!
+
+wait $PID1
+rc1=$?
+
+wait $PID2
+rc2=$?
+
+if test "${rc1}" = "0"; then
+	echo "Incorrectly verified an RSA key with wrong seed"
+	exit 1
+fi
+
+if test "${rc2}" = "0"; then
+	echo "Incorrectly verified a DSA key with wrong seed"
+	exit 1
+fi
+
+#
+# Try whether re-importing a key loses the parameters
+#
+
+"${CERTTOOL}" -k --infile "${srcdir}/data/provable2048.pem"|"${CERTTOOL}" -k|"${CERTTOOL}" -k >${OUTFILE}
+grep "Hash: SHA384" ${OUTFILE} && grep "Seed: ab499ea55a5f4cb743434e49ca1ee3a491544309c6f59ab2cd5507de" ${OUTFILE}
+if test $? != 0;then
+	echo "Could not find validation parameters after re-importing"
+	exit 1
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/reject-invalid-time.sh b/tests/cert-tests/reject-invalid-time.sh
new file mode 100755
index 0000000..27b3f3c
--- /dev/null
+++ b/tests/cert-tests/reject-invalid-time.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${PKG_CONFIG=pkg-config}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${PKG_CONFIG} --version >/dev/null || exit 77
+
+${PKG_CONFIG} --atleast-version=4.12 libtasn1 || exit 77
+
+# Check whether certificates with invalid time fields are accepted
+for file in openssl-invalid-time-format.pem;do
+	${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file"
+	rc=$?
+
+	if test "${rc}" = "0";then
+		echo "file $file was accepted"
+		exit 1
+	fi
+done
+
+exit 0
diff --git a/tests/cert-tests/rsa-pss-pad.sh b/tests/cert-tests/rsa-pss-pad.sh
new file mode 100755
index 0000000..76b5a50
--- /dev/null
+++ b/tests/cert-tests/rsa-pss-pad.sh
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+TMPFILE=pss.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+# Note that in rare cases this test may fail because the
+# time set using datefudge could have changed since the generation
+# (if example the system was busy)
+
+# Test PSS signatures on certificate
+
+for i in sha256 sha384 sha512;do
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-self-signed --key-type rsa-pss \
+		--load-privkey "${srcdir}/data/privkey1.pem" \
+		--template "${srcdir}/templates/template-test.tmpl" \
+		--outfile "${TMPFILE}" --hash $i
+rc=$?
+
+if test -f "${srcdir}/data/template-rsa-$i.pem";then
+${DIFF} "${srcdir}/data/template-rsa-$i.pem" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+fi
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test (RSA-PSS-$i) failed"
+	exit ${rc}
+fi
+
+datefudge -s "2007-04-25" \
+	"${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test (verification of RSA-PSS-$i) failed"
+	exit ${rc}
+fi
+done
+
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/sha2-dsa-test.sh b/tests/cert-tests/sha2-dsa-test.sh
new file mode 100755
index 0000000..f24195c
--- /dev/null
+++ b/tests/cert-tests/sha2-dsa-test.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TEMPLFILE=template-dsa.$$.tmp
+CAFILE=ca-dsa.$$.tmp
+SUBCAFILE=subca-dsa.$$.tmp
+TMPFILE=sha2-dsa.$$.tmp
+USERFILE=user-dsa.$$.tmp
+VERIFYFILE=verify-dsa.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+echo ca > $TEMPLFILE
+echo "cn = SHA 256 CA" >> $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-self-signed --template $TEMPLFILE \
+	--load-privkey "${srcdir}/data/key-ca-dsa.pem" \
+	--outfile $CAFILE \
+	--hash sha256 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo ca > $TEMPLFILE
+echo "cn = SHA 224 Mid CA" >> $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
+	--load-ca-privkey "${srcdir}/data/key-ca-dsa.pem" \
+	--load-ca-certificate $CAFILE \
+	--load-privkey "${srcdir}/data/key-subca-dsa.pem" \
+	--outfile $SUBCAFILE \
+	--hash sha224 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo "cn = End-user" > $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
+	--load-ca-privkey "${srcdir}/data/key-subca-dsa.pem" \
+	--load-ca-certificate $SUBCAFILE \
+	--load-privkey "${srcdir}/data/key-dsa.pem" \
+	--outfile $USERFILE >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+cat $USERFILE $SUBCAFILE $CAFILE > $TMPFILE
+"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYFILE
+
+if [ $? != 0 ]; then
+	cat $VERIFYFILE
+	exit 1
+fi
+
+rm -f $VERIFYFILE $USERFILE $CAFILE $SUBCAFILE $TEMPLFILE $TMPFILE
+
+exit 0
diff --git a/tests/cert-tests/sha2-test.sh b/tests/cert-tests/sha2-test.sh
new file mode 100755
index 0000000..0c5ebd4
--- /dev/null
+++ b/tests/cert-tests/sha2-test.sh
@@ -0,0 +1,105 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TEMPLFILE=template.$$.tmp
+CAFILE=ca.$$.tmp
+SUBCAFILE=subca.$$.tmp
+SUBSUBCAFILE=subsubca.$$.tmp
+TMPFILE=sha2.$$.tmp
+USERFILE=user.$$.tmp
+VERIFYFILE=verify.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+echo ca > $TEMPLFILE
+echo "cn = SHA 512 CA" >> $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-self-signed --template $TEMPLFILE \
+	--load-privkey "${srcdir}/data/key-ca.pem" \
+	--outfile $CAFILE \
+	--hash sha512 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo ca > $TEMPLFILE
+echo "cn = SHA 384 sub-CA" >> $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
+	--load-ca-privkey "${srcdir}/data/key-ca.pem" \
+	--load-ca-certificate $CAFILE \
+	--load-privkey "${srcdir}/data/key-subca.pem" \
+	--outfile $SUBCAFILE \
+	--hash sha384 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo ca > $TEMPLFILE
+echo "cn = SHA 256 sub-sub-CA" >> $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
+	--load-ca-privkey "${srcdir}/data/key-subca.pem" \
+	--load-ca-certificate $SUBCAFILE \
+	--load-privkey "${srcdir}/data/key-subsubca.pem" \
+	--outfile $SUBSUBCAFILE \
+	--hash sha256 >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+echo "cn = End-user" > $TEMPLFILE
+
+"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \
+	--load-ca-privkey "${srcdir}/data/key-subsubca.pem" \
+	--load-ca-certificate $SUBSUBCAFILE \
+	--load-privkey "${srcdir}/data/key-user.pem" \
+	--outfile $USERFILE >$TMPFILE 2>&1
+
+if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+fi
+
+num=`cat $USERFILE $SUBSUBCAFILE $SUBCAFILE $CAFILE | "${CERTTOOL}" --verify-chain | tee $VERIFYFILE | grep -c Verified`
+#cat verify
+
+if test "${num}" != "4"; then
+	echo Verification failure
+	exit 1
+fi
+
+rm -f $VERIFYFILE $USERFILE $SUBSUBCAFILE $SUBCAFILE $CAFILE $TEMPLFILE $TMPFILE
+
+exit 0
diff --git a/tests/cert-tests/sha3-test.sh b/tests/cert-tests/sha3-test.sh
new file mode 100755
index 0000000..386b20b
--- /dev/null
+++ b/tests/cert-tests/sha3-test.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+TMPFILE=sha3.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+# Note that in rare cases this test may fail because the
+# time set using datefudge could have changed since the generation
+# (if example the system was busy)
+
+# Test SHA3 signatures
+
+for i in sha3-224 sha3-256 sha3-384 sha3-512;do
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-test.tmpl" \
+		--outfile "${TMPFILE}" --hash $i 2>/dev/null
+rc=$?
+
+if test -f "${srcdir}/data/template-rsa-$i.pem";then
+	${DIFF} "${srcdir}/data/template-rsa-$i.pem" "${TMPFILE}" >/dev/null 2>&1
+	rc=$?
+fi
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test (RSA-$i) failed"
+	exit ${rc}
+fi
+
+datefudge -s "2007-04-25" \
+	"${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test (verification of RSA-$i) failed"
+	exit ${rc}
+fi
+done
+
+# Test SHA3 signatures with ECDSA
+
+for i in sha3-224 sha3-256 sha3-384 sha3-512;do
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-self-signed \
+	--load-privkey "${srcdir}/data/template-test-ecc.key" \
+	--template "${srcdir}/templates/template-test.tmpl" \
+	--outfile "${TMPFILE}" --hash $i 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Test (ECDSA-$i) failed"
+	exit ${rc}
+fi
+
+datefudge -s "2007-04-25" \
+	"${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test (verification of ECDSA-$i) failed"
+	exit ${rc}
+fi
+done
+
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/cert-tests/smime.sh b/tests/cert-tests/smime.sh
new file mode 100755
index 0000000..5f6f803
--- /dev/null
+++ b/tests/cert-tests/smime.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+# test the --smime-to-p7 functionality
+${VAGRLIND} "${CERTTOOL}" --smime-to-p7 --infile "${srcdir}/data/pkcs7.smime" --outfile ${OUTFILE}
+rc=$?
+if test "${rc}" != "0"; then
+	echo "SMIME to pkcs7 transformation failed"
+	exit ${rc}
+fi
+
+
+datefudge -s "2017-4-6" \
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "PKCS7 verification failed"
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+
+exit 0
diff --git a/tests/cert-tests/suppressions.valgrind b/tests/cert-tests/suppressions.valgrind
new file mode 100644
index 0000000..12b43e6
--- /dev/null
+++ b/tests/cert-tests/suppressions.valgrind
@@ -0,0 +1,24 @@
+# suppressions -- Valgrind suppresion file for libgcrypt
+
+# Copyright (C) 2015 Red Hat, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.
+
+{
+   <insert_a_suppression_name_here>
+   Memcheck:Addr4
+   fun:idna_to_ascii_4z
+   fun:idna_to_ascii_8z
+   fun:gnutls_x509_crt_check_email
+   ...
+}
+{
+   ld-uncond-jump
+   Memcheck:Cond
+   fun:index
+   fun:expand_dynamic_string_token
+   fun:fillin_rpath
+   ...
+}
diff --git a/tests/cert-tests/template-exts-test.sh b/tests/cert-tests/template-exts-test.sh
new file mode 100755
index 0000000..379a929
--- /dev/null
+++ b/tests/cert-tests/template-exts-test.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTFILE="exts.$$.tmp"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/arb-extensions.tmpl" \
+		--outfile $OUTFILE #2>/dev/null
+
+${DIFF} "${srcdir}/data/arb-extensions.pem" $OUTFILE #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test with crt failed"
+	exit ${rc}
+fi
+
+rm -f "$OUTFILE"
+
+# Test adding critical extensions only
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/crit-extensions.tmpl" \
+		--outfile $OUTFILE #2>/dev/null
+
+${DIFF} "${srcdir}/data/crit-extensions.pem" $OUTFILE #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test with critical only failed"
+	exit ${rc}
+fi
+
+rm -f "$OUTFILE"
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-request \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/arb-extensions.tmpl" \
+		2>/dev/null | grep -v "Algorithm Security Level" >$OUTFILE
+
+${DIFF} "${srcdir}/data/arb-extensions.csr" $OUTFILE #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test with crq failed"
+	exit ${rc}
+fi
+
+rm -f "$OUTFILE"
+
+exit 0
diff --git a/tests/cert-tests/template-policy-test.sh b/tests/cert-tests/template-policy-test.sh
new file mode 100755
index 0000000..9954341
--- /dev/null
+++ b/tests/cert-tests/template-policy-test.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# Copyright (C) 2021 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+OUTCERT="policy-cert.$$.tmp"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/simple-policy.tmpl" \
+		--outfile $OUTCERT #2>/dev/null
+
+${DIFF} "${srcdir}/data/simple-policy.pem" $OUTCERT #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test with simple policy failed"
+	exit ${rc}
+fi
+
+rm -f "$OUTCERT"
+
+exit 0
diff --git a/tests/cert-tests/template-test.sh b/tests/cert-tests/template-test.sh
new file mode 100755
index 0000000..b17942f
--- /dev/null
+++ b/tests/cert-tests/template-test.sh
@@ -0,0 +1,323 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${ac_cv_sizeof_time_t=8}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+TMPFILE=tmp-tt.pem.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t"
+
+# Note that in rare cases this test may fail because the
+# time set using datefudge could have changed since the generation
+# (if example the system was busy)
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-test.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-test.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-utf8.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-utf8.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 2 (UTF8) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-dn.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-dn.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 3 (DN) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+echo "Running test for certificate generation with --generate-self-signed"
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-certificate \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+		--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+		--template "${srcdir}/templates/template-dn.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-sgenerate.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 3-a non-self-signed generation failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-dn-err.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+rc=$?
+
+if test "${rc}" = "0"; then
+	echo "Test 3 (DN-err) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-overflow.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-overflow.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 4 (overflow1) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+# The following test works in 64-bit systems
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-overflow2.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+rc=$?
+if test "${ac_cv_sizeof_time_t}" -lt 8;then
+	if test "$rc" = "0"; then
+		echo "Test 5-1 (overflow2) succeeded unexpectedly with 32-bit time_t"
+		exit ${rc}
+	fi
+else
+	if test "$rc" != "0"; then
+		echo "Test 5-1 (overflow2) failed"
+		exit ${rc}
+	fi
+
+	${DIFF} "${srcdir}/data/template-overflow2.pem" ${TMPFILE} #>/dev/null 2>&1
+	rc=$?
+
+	# We're done.
+	if test "${rc}" != "0"; then
+		echo "Test 5-2 (overflow2) failed"
+		exit ${rc}
+	fi
+
+fi
+rm -f ${TMPFILE}
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-date.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-date.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 6 (explicit dates) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-dates-after2038.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+rc=$?
+if test "${ac_cv_sizeof_time_t}" -lt 8;then
+	if test "$rc" = "0"; then
+		echo "Test 6-2 (explicit dates) succeeded unexpectedly with 32-bit long"
+		exit ${rc}
+	fi
+else
+	if test "$rc" != "0"; then
+		echo "Test 6-2 (explicit dates) failed"
+		exit ${rc}
+	fi
+
+	${DIFF} "${srcdir}/data/template-dates-after2038.pem" ${TMPFILE} >/dev/null 2>&1
+	rc=$?
+
+	if test "${rc}" != "0"; then
+		echo "Test 6-3 (explicit dates) failed"
+		exit ${rc}
+	fi
+fi
+
+rm -f ${TMPFILE}
+
+# Test name constraints generation
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-nc.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-nc.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 7 (name constraints) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+
+# Test the GeneralizedTime support
+if test "${ac_cv_sizeof_time_t}" = 8;then
+	# we should test that on systems which have 64-bit time_t.
+	datefudge -s "2051-04-22" \
+			"${CERTTOOL}" --generate-self-signed \
+				--load-privkey "${srcdir}/data/template-test.key" \
+				--template "${srcdir}/templates/template-generalized.tmpl" \
+				--outfile ${TMPFILE} 2>/dev/null
+
+	${DIFF} "${srcdir}/data/template-generalized.pem" ${TMPFILE} >/dev/null 2>&1
+	rc=$?
+
+	# We're done.
+	if test "${rc}" != "0"; then
+		echo "Test 8 (generalizedTime) failed"
+		exit ${rc}
+	fi
+fi
+
+rm -f ${TMPFILE}
+
+# Test unique ID field generation
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-unique.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-unique.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 9 (unique ID) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+# Test generation with very long dns names
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-long-dns.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/long-dns.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 10 (long dns) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+# Test generation with larger serial number
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-long-serial.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/long-serial.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 11 (long serial) failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
+exit 0
diff --git a/tests/cert-tests/templates/arb-extensions.tmpl b/tests/cert-tests/templates/arb-extensions.tmpl
new file mode 100644
index 0000000..5171e20
--- /dev/null
+++ b/tests/cert-tests/templates/arb-extensions.tmpl
@@ -0,0 +1,38 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+serial = 9
+expiration_days = 2590
+
+email_protection_key
+
+add_extension = "1.2.3.4 0001020304050607AAABCD"
+add_extension = "1.6.7.8 0x0001020304050607AAABCD"
+add_extension = "1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_critical_extension = "1.10.11.12.13.14.15.16.17.1.5 CAFE"
+add_extension = "1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "1.0.1.5 octet_string(CAFEBEAF)"
+add_critical_extension = "1.0.1.5.1 octet_string(BEAFCAFEFAFA)"
diff --git a/tests/cert-tests/templates/crit-extensions.tmpl b/tests/cert-tests/templates/crit-extensions.tmpl
new file mode 100644
index 0000000..414298d
--- /dev/null
+++ b/tests/cert-tests/templates/crit-extensions.tmpl
@@ -0,0 +1,30 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+serial = 9
+expiration_days = 2590
+
+add_critical_extension = "1.10.11.12.13.14.15.16.17.1.5 CAFE"
+add_critical_extension = "1.2.1.5.1 octet_string(BEAFCAFEFAFA)"
diff --git a/tests/cert-tests/templates/inhibit-anypolicy.tmpl b/tests/cert-tests/templates/inhibit-anypolicy.tmpl
new file mode 100644
index 0000000..f763317
--- /dev/null
+++ b/tests/cert-tests/templates/inhibit-anypolicy.tmpl
@@ -0,0 +1,101 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+inhibit_anypolicy_skip_certs = 3
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl1/"
+crl_dist_points = "http://www.getcrl.crl/getcrl2/"
+crl_dist_points = "http://www.getcrl.crl/getcrl3/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/simple-policy.tmpl b/tests/cert-tests/templates/simple-policy.tmpl
new file mode 100644
index 0000000..2077186
--- /dev/null
+++ b/tests/cert-tests/templates/simple-policy.tmpl
@@ -0,0 +1,30 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+serial = 10
+expiration_days = 2590
+
+policy1 = 2.16.840.1.101.3.2.1.48.1
+# no policy1_txt or policy1_url to verify #1238
diff --git a/tests/cert-tests/templates/template-crq.tmpl b/tests/cert-tests/templates/template-crq.tmpl
new file mode 100644
index 0000000..24a5b75
--- /dev/null
+++ b/tests/cert-tests/templates/template-crq.tmpl
@@ -0,0 +1,4 @@
+serial = 567
+
+honor_crq_ext 2.5.29.15
+honor_crq_ext 2.5.29.37
diff --git a/tests/cert-tests/templates/template-date.tmpl b/tests/cert-tests/templates/template-date.tmpl
new file mode 100644
index 0000000..a535d10
--- /dev/null
+++ b/tests/cert-tests/templates/template-date.tmpl
@@ -0,0 +1,97 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+expiration_date = 2015-05-24 14:29:12
+activation_date = 2029-01-12 11:36:11
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-dates-after2038.tmpl b/tests/cert-tests/templates/template-dates-after2038.tmpl
new file mode 100644
index 0000000..cb17387
--- /dev/null
+++ b/tests/cert-tests/templates/template-dates-after2038.tmpl
@@ -0,0 +1,97 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+expiration_date = 2043-05-24 14:29:12
+activation_date = 2039-01-12 11:36:11
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-dn-err.tmpl b/tests/cert-tests/templates/template-dn-err.tmpl
new file mode 100644
index 0000000..df864bb
--- /dev/null
+++ b/tests/cert-tests/templates/template-dn-err.tmpl
@@ -0,0 +1,67 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "acn=Nik,st=Attiki,C=GR,surNameO=Mavrogiannopoulos,2.5.4.9=Arkadias"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-dn.tmpl b/tests/cert-tests/templates/template-dn.tmpl
new file mode 100644
index 0000000..b35956b
--- /dev/null
+++ b/tests/cert-tests/templates/template-dn.tmpl
@@ -0,0 +1,67 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-generalized.tmpl b/tests/cert-tests/templates/template-generalized.tmpl
new file mode 100644
index 0000000..2143c82
--- /dev/null
+++ b/tests/cert-tests/templates/template-generalized.tmpl
@@ -0,0 +1,97 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+expiration_date = 2055-05-24 14:29:12
+activation_date = 2051-01-12 11:36:11
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-krb5name.tmpl b/tests/cert-tests/templates/template-krb5name.tmpl
new file mode 100644
index 0000000..4fb63fd
--- /dev/null
+++ b/tests/cert-tests/templates/template-krb5name.tmpl
@@ -0,0 +1,68 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+krb5_principal = user@email.domain@KERBEROS.REALM
+krb5_principal = user@REALM.COM
+krb5_principal = HTTP/user@REALM.COM
+krb5_principal = comp1/comp2/user@REALM.COM
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-long-dns.tmpl b/tests/cert-tests/templates/template-long-dns.tmpl
new file mode 100644
index 0000000..6bb5ef9
--- /dev/null
+++ b/tests/cert-tests/templates/template-long-dns.tmpl
@@ -0,0 +1,70 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "cn=super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+o = "super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long org"
+ou = "super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long dept"
+
+# A dnsname in case of a WWW server.
+dns_name = "super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+#ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+#cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-long-serial.tmpl b/tests/cert-tests/templates/template-long-serial.tmpl
new file mode 100644
index 0000000..0352586
--- /dev/null
+++ b/tests/cert-tests/templates/template-long-serial.tmpl
@@ -0,0 +1,99 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 0x1234567890abcdeffedcba0987654321abcdef12
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl1/"
+crl_dist_points = "http://www.getcrl.crl/getcrl2/"
+crl_dist_points = "http://www.getcrl.crl/getcrl3/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-nc.tmpl b/tests/cert-tests/templates/template-nc.tmpl
new file mode 100644
index 0000000..bcc5f41
--- /dev/null
+++ b/tests/cert-tests/templates/template-nc.tmpl
@@ -0,0 +1,87 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+nc_permit_dns = example.com
+nc_exclude_dns = net
+nc_exclude_dns = org
+
+#empty DNS means that subordinates cannot sign certs with DNS names
+nc_exclude_dns = ''
+
+nc_permit_email = nmav@example.com
+nc_exclude_email = example.net
+nc_exclude_email = example.li
+
+nc_permit_ip = 192.168.5.0/24
+nc_permit_ip = 10.10.10.0/16
+nc_permit_ip = 172.23.122.0/23
+nc_exclude_ip = 10.10.100.0/24
+nc_exclude_ip = 10.10.101.5/24
+
+nc_permit_ip = fc4c:fe8f:7ffa:18bd::/64
+nc_exclude_ip = fc4c:fe8f:7ffa:18bd:72c8:64b9::/96
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-no-ca-explicit.tmpl b/tests/cert-tests/templates/template-no-ca-explicit.tmpl
new file mode 100644
index 0000000..2b0f7e3
--- /dev/null
+++ b/tests/cert-tests/templates/template-no-ca-explicit.tmpl
@@ -0,0 +1,13 @@
+cn = "No CA"
+serial = 02
+
+email_protection_key
+
+add_extension = "1.2.3.4 0001020304050607AAABCD"
+add_extension = "1.6.7.8 0x0001020304050607AAABCD"
+add_extension = "1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_critical_extension = "1.10.11.12.13.14.15.16.17.1.5 CAFE"
+add_extension = "1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "1.0.1.5 octet_string(CAFEBEAF)"
+add_critical_extension = "1.0.1.5.1 octet_string(BEAFCAFEFAFA)"
diff --git a/tests/cert-tests/templates/template-no-ca-honor.tmpl b/tests/cert-tests/templates/template-no-ca-honor.tmpl
new file mode 100644
index 0000000..05f21b8
--- /dev/null
+++ b/tests/cert-tests/templates/template-no-ca-honor.tmpl
@@ -0,0 +1,3 @@
+cn = "No CA"
+serial = 02
+honor_crq_extensions
diff --git a/tests/cert-tests/templates/template-no-ca.tmpl b/tests/cert-tests/templates/template-no-ca.tmpl
new file mode 100644
index 0000000..6528a50
--- /dev/null
+++ b/tests/cert-tests/templates/template-no-ca.tmpl
@@ -0,0 +1,2 @@
+cn = "No CA"
+serial = 02
diff --git a/tests/cert-tests/templates/template-othername-xmpp.tmpl b/tests/cert-tests/templates/template-othername-xmpp.tmpl
new file mode 100644
index 0000000..017dfba
--- /dev/null
+++ b/tests/cert-tests/templates/template-othername-xmpp.tmpl
@@ -0,0 +1,67 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+xmpp_name = juliet@im.example.com
+xmpp_name = hello@hello.org
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-othername.tmpl b/tests/cert-tests/templates/template-othername.tmpl
new file mode 100644
index 0000000..e9d1ed3
--- /dev/null
+++ b/tests/cert-tests/templates/template-othername.tmpl
@@ -0,0 +1,71 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+other_name = "1.3.6.1.5.2.2 302ca00d1b0b56414e5245494e2e4f5247a11b3019a006020400000002a10f300d1b047269636b1b0561646d696e"
+other_name_utf8 = "1.3.6.1.5.5.7.8.7 nmav@gnutls.org"
+other_name_utf8 = "1.3.6.1.5.5.7.8.5 nmav@gnutls.org"
+other_name_octet = "1.2.4.5.6 a test string"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-overflow.tmpl b/tests/cert-tests/templates/template-overflow.tmpl
new file mode 100644
index 0000000..ec88388
--- /dev/null
+++ b/tests/cert-tests/templates/template-overflow.tmpl
@@ -0,0 +1,97 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = -1
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-overflow2.tmpl b/tests/cert-tests/templates/template-overflow2.tmpl
new file mode 100644
index 0000000..af245f4
--- /dev/null
+++ b/tests/cert-tests/templates/template-overflow2.tmpl
@@ -0,0 +1,97 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 99999
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-test.tmpl b/tests/cert-tests/templates/template-test.tmpl
new file mode 100644
index 0000000..007adcf
--- /dev/null
+++ b/tests/cert-tests/templates/template-test.tmpl
@@ -0,0 +1,99 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl1/"
+crl_dist_points = "http://www.getcrl.crl/getcrl2/"
+crl_dist_points = "http://www.getcrl.crl/getcrl3/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-tlsfeature-crq.tmpl b/tests/cert-tests/templates/template-tlsfeature-crq.tmpl
new file mode 100644
index 0000000..1a41d2d
--- /dev/null
+++ b/tests/cert-tests/templates/template-tlsfeature-crq.tmpl
@@ -0,0 +1,23 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+honor_crq_extensions
diff --git a/tests/cert-tests/templates/template-tlsfeature.tmpl b/tests/cert-tests/templates/template-tlsfeature.tmpl
new file mode 100644
index 0000000..f4d3f69
--- /dev/null
+++ b/tests/cert-tests/templates/template-tlsfeature.tmpl
@@ -0,0 +1,99 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+tls_feature = 5
+tls_feature = 17
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl1/"
+crl_dist_points = "http://www.getcrl.crl/getcrl2/"
+crl_dist_points = "http://www.getcrl.crl/getcrl3/"
+
+email = "where@none.org"
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-unique.tmpl b/tests/cert-tests/templates/template-unique.tmpl
new file mode 100644
index 0000000..4576ebb
--- /dev/null
+++ b/tests/cert-tests/templates/template-unique.tmpl
@@ -0,0 +1,70 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+subject_unique_id = 0015232425
+issuer_unique_id =  11142324251224
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
diff --git a/tests/cert-tests/templates/template-utf8.tmpl b/tests/cert-tests/templates/template-utf8.tmpl
new file mode 100644
index 0000000..3a37da4
--- /dev/null
+++ b/tests/cert-tests/templates/template-utf8.tmpl
@@ -0,0 +1,35 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Μεγάλη εταιρία"
+
+# The name (Koala)
+cn = "🐨"
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Αττική"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The serial number of the certificate
+serial = 009
+
+# Certificate policies
+policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
+policy1_txt = "Μια πολιτική που θέλει διάβασμα"
+policy1_url = http://www.example.com/a-policy-to-read
+
+policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1
+policy2_txt = "Another policy"
+policy2_url = http://www.example.com/another-policy-to-read
+
+policy3 = 1.3.6.1.4.1.5484.1.10.99.1.2
+policy3_txt = "More policies"
+policy3_url = http://example.com/a-policy-to-read
+
diff --git a/tests/cert-tests/tlsfeature-test.sh b/tests/cert-tests/tlsfeature-test.sh
new file mode 100755
index 0000000..4148a7b
--- /dev/null
+++ b/tests/cert-tests/tlsfeature-test.sh
@@ -0,0 +1,198 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+TMPFILE=tlsfeature.$$.tmp
+TMPFILE2=tlsfeature-2.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+. ${srcdir}/../scripts/common.sh
+
+skip_if_no_datefudge
+
+#
+# Test certificate generation
+#
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-tlsfeature.tmpl" \
+		--outfile "${TMPFILE}" 2>/dev/null
+rc=$?
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/template-tlsfeature.pem" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Cert generation test failed"
+	exit ${rc}
+fi
+
+#
+# Test certificate printing
+#
+rm -f "${TMPFILE}"
+rm -f "${TMPFILE2}"
+"${CERTTOOL}" -i \
+		--infile "${srcdir}/data/template-tlsfeature.pem" --outfile "${TMPFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert printing (0) failed"
+	exit ${rc}
+fi
+
+grep -A 2 "TLS Features" "${TMPFILE}" >"${TMPFILE2}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert printing (1) failed"
+	exit ${rc}
+fi
+
+grep "17" "${TMPFILE2}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert printing (1) failed"
+	exit ${rc}
+fi
+
+grep "Status Request(5)" "${TMPFILE2}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert printing (2) failed"
+	exit ${rc}
+fi
+
+
+#
+# Test certificate request generation
+#
+
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-request \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--template "${srcdir}/templates/template-tlsfeature.tmpl" \
+		--outfile "${TMPFILE}" -d 4 #2>/dev/null
+rc=$?
+if test "${rc}" != "0"; then
+	echo "CSR generation test (0) failed"
+	exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/template-tlsfeature.csr" "${TMPFILE}" #>/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "CSR generation test (1) failed"
+	exit ${rc}
+fi
+
+#
+# Test certificate request printing
+#
+rm -f "${TMPFILE}"
+rm -f "${TMPFILE2}"
+"${CERTTOOL}" --crq-info \
+		--infile "${srcdir}/data/template-tlsfeature.csr" --outfile "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "CSR printing (0) failed"
+	exit ${rc}
+fi
+
+grep -A 2 "TLS Features" "${TMPFILE}" >"${TMPFILE2}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "CSR printing (1) failed"
+	exit ${rc}
+fi
+
+grep "17" "${TMPFILE2}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "CSR printing (2) failed"
+	exit ${rc}
+fi
+
+grep "Status Request(5)" "${TMPFILE2}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "CSR printing (3) failed"
+	exit ${rc}
+fi
+
+#
+# Test certificate generation after a request
+#
+datefudge -s "2007-04-22" \
+"${CERTTOOL}" --generate-certificate \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--load-ca-privkey "${srcdir}/data/template-test.key" \
+		--load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \
+		--template "${srcdir}/templates/template-tlsfeature-crq.tmpl" \
+		--load-request "${TMPFILE}" >"${TMPFILE2}" 2>&1
+
+grep -A 2 "TLS Features" "${TMPFILE2}" >"${TMPFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert generation (csr) (0) failed"
+	exit ${rc}
+fi
+
+grep "17" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert generation (csr) (1) failed"
+	exit ${rc}
+fi
+
+grep "Status Request(5)" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "Cert generation (csr) (2) failed"
+	exit ${rc}
+fi
+
+
+rm -f "${TMPFILE}"
+rm -f "${TMPFILE2}"
+
+exit 0
diff --git a/tests/cert-tests/tolerate-invalid-time.sh b/tests/cert-tests/tolerate-invalid-time.sh
new file mode 100755
index 0000000..d5f8916
--- /dev/null
+++ b/tests/cert-tests/tolerate-invalid-time.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+: ${PKG_CONFIG=pkg-config}
+: ${DIFF=diff -b -B}
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${PKG_CONFIG} --version >/dev/null || exit 77
+
+${PKG_CONFIG} --atleast-version=4.12 libtasn1 || exit 77
+
+# Check whether certificates with invalid time fields are accepted
+for file in openssl-invalid-time-format.pem;do
+	${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file"
+	rc=$?
+
+	if test "${rc}" != "0";then
+		echo "file $file was not rejected"
+		exit 1
+	fi
+done
+
+exit 0
diff --git a/tests/cert-tests/x25519-and-x448.sh b/tests/cert-tests/x25519-and-x448.sh
new file mode 100755
index 0000000..23fbd5f
--- /dev/null
+++ b/tests/cert-tests/x25519-and-x448.sh
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+# Copyright (C) 2021 Free Software Foundation, Inc.
+#
+# Author: Daniel Kahn Gillmor
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+TMPFILE=crfg-kx.$$.tmp
+TMPCA=eddsa-ca.$$.tmp
+TMPCAKEY=eddsa-ca-key.$$.tmp
+TMPSUBCA=eddsa-subca.$$.tmp
+TMPSUBCAKEY=eddsa-subca-key.$$.tmp
+TMPKEY=kx-key.$$.tmp
+TMPTEMPL=template.$$.tmp
+TMPUSER=user.$$.tmp
+VERIFYOUT=verify.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+for curve in 25519 448; do
+    echo ca > $TMPTEMPL
+    echo "cn = Ed$curve CA" >> $TMPTEMPL
+
+    "${CERTTOOL}" --generate-privkey --key-type=ed$curve > $TMPCAKEY 2>/dev/null
+
+    "${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \
+	          --load-privkey $TMPCAKEY \
+	          --outfile $TMPCA >$TMPFILE 2>&1
+
+    if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+    fi
+
+    echo ca > $TMPTEMPL
+    echo "cn = Ed$curve Mid CA" >> $TMPTEMPL
+
+    "${CERTTOOL}" --generate-privkey --key-type=ed$curve > $TMPSUBCAKEY 2>/dev/null
+
+    "${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	          --load-ca-privkey $TMPCAKEY \
+	          --load-ca-certificate $TMPCA \
+	          --load-privkey $TMPSUBCAKEY \
+	          --outfile $TMPSUBCA >$TMPFILE 2>&1
+
+    if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+    fi
+
+    echo "cn = End-user" > $TMPTEMPL
+    echo email_protection_key >> $TMPTEMPL
+    echo encryption_key >> $TMPTEMPL
+
+    "${CERTTOOL}" --generate-privkey --key-type=x$curve > $TMPKEY 2>/dev/null
+
+    "${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \
+	          --load-ca-privkey $TMPSUBCAKEY \
+	          --load-ca-certificate $TMPSUBCA \
+	          --load-privkey $TMPKEY \
+	          --outfile $TMPUSER >$TMPFILE 2>&1
+
+    if [ $? != 0 ]; then
+	cat $TMPFILE
+	exit 1
+    fi
+
+    cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE
+    "${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT
+
+    if [ $? != 0 ]; then
+	cat $VERIFYOUT
+	exit 1
+    fi
+
+    rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE
+    rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY
+done
+
+exit 0
diff --git a/tests/cert-tests/x509-duplicate-ext.sh b/tests/cert-tests/x509-duplicate-ext.sh
new file mode 100755
index 0000000..0cfa7e1
--- /dev/null
+++ b/tests/cert-tests/x509-duplicate-ext.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Copyright (C) 2019 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+: ${srcdir=.}
+: ${CERTTOOL=../../src/certtool${EXEEXT}}
+OUTFILE=out.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+"${CERTTOOL}" --certificate-info --infile "${srcdir}/data/dup-exts.pem" >${OUTFILE} 2>&1
+RET=$?
+if test ${RET} =  0; then
+	echo "Successfully loaded a certificate with duplicate extensions"
+	cat ${OUTFILE}
+	exit 1
+fi
+
+grep "Duplicate extension in" ${OUTFILE} 2>/dev/null
+if test $? !=  0; then
+	echo "Could not find the expected error value"
+	cat ${OUTFILE}
+	exit 1
+fi
+
+
+rm -f ${OUTFILE}
+
+exit 0