mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added success test cases for domain name match (SNI) in common name and alternate name.

This commit is contained in:
David Garske 2018-06-13 09:26:54 -07:00
parent 8fa1592542
commit 61056829c5
9 changed files with 260 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
certs/crl/server-goodaltCrl.pem Normal file
View File

@ -0,0 +1,38 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
Last Update: Jun 13 16:02:51 2018 GMT
Next Update: Mar 9 16:02:51 2021 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0:
ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae:
ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae:
4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43:
51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f:
ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7:
13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a:
96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8:
dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0:
c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5:
c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0:
74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9:
46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5:
3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a:
75:e9:a2:88
-----BEGIN X509 CRL-----
MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM
MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh
jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ
Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs
xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh
2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P
RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI
-----END X509 CRL-----

38
certs/crl/server-goodcnCrl.pem Normal file
View File

@ -0,0 +1,38 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com
Last Update: Jun 13 16:02:51 2018 GMT
Next Update: Mar 9 16:02:51 2021 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b:
6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1:
62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c:
c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8:
18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1:
90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb:
ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8:
dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a:
19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45:
21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29:
5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3:
36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22:
bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b:
aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b:
d1:70:bb:e9
-----BEGIN X509 CRL-----
MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U
BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF
jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh
qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK
6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq
cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4
IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k=
-----END X509 CRL-----

6
certs/test/gen-testcerts.sh
View File

@ -71,6 +71,12 @@ function generate_test_cert {
}
# Generate Good CN=localhost, Alt=None
generate_test_cert server-goodcn localhost "" 1
# Generate Good CN=www.nomatch.com, Alt=localhost
generate_test_cert server-goodalt www.nomatch.com localhost 1
# Generate Good CN=*localhost, Alt=None
generate_test_cert server-goodcnwild *localhost "" 1

8
certs/test/include.am
View File

@ -20,9 +20,12 @@ EXTRA_DIST += \
EXTRA_DIST += \
certs/test/gen-testcerts.sh \
certs/test/server-goodcn.pem \
certs/test/server-goodcn.der \
certs/test/server-goodalt.pem \
certs/test/server-goodalt.der \
certs/test/server-goodcnwild.pem \
certs/test/server-goodcnwild.der \
certs/test/server-goodcnwild.csr \
certs/test/server-goodaltwild.pem \
certs/test/server-goodaltwild.der \
certs/test/server-badcnnull.pem \
@ -33,10 +36,11 @@ EXTRA_DIST += \
certs/test/server-badaltnull.der \
certs/test/server-badaltname.der \
certs/test/server-badaltname.pem \
certs/crl/server-goodaltCrl.pem \
certs/crl/server-goodcnCrl.pem \
certs/crl/server-goodaltwildCrl.pem \
certs/crl/server-goodcnwildCrl.pem
EXTRA_DIST += \
certs/test/crit-cert.pem \
certs/test/crit-key.pem \

BIN
certs/test/server-goodalt.der Normal file
View File

Binary file not shown.

74
certs/test/server-goodalt.pem Normal file
View File

@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14615220398693458350 (0xcad3b184922aa1ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 13 16:02:51 2018 GMT
Not After : Mar 9 16:02:51 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
5a:08:fc:f5:82:0b:a3:9b:8e:d0:95:92:46:df:a1:cd:8a:e5:
c5:57:71:d4:6f:f4:d9:73:66:bc:7e:d9:66:a7:67:c7:29:1c:
8d:d4:33:92:54:f3:7d:fd:5d:ef:b1:a8:07:a6:ee:df:99:f6:
70:56:d2:f6:0b:15:0b:70:6f:da:bd:c4:37:ef:99:f9:b7:f3:
59:70:12:41:f5:72:1c:61:1d:51:6d:22:c5:8c:8b:78:f8:77:
00:11:e3:b2:a6:b7:e9:00:02:f0:e7:8f:e3:50:cb:20:8b:ff:
f5:31:ce:7b:c1:ae:8f:a3:3c:60:81:da:34:6f:5f:d0:45:6d:
bf:c2:69:54:5a:58:d3:57:29:5e:0f:85:d7:73:e1:db:b1:15:
26:a8:66:72:51:d7:e7:b3:b8:87:b1:ab:6c:51:4b:7c:98:c7:
c4:a8:ba:b0:3d:05:b5:95:2e:b5:a4:47:87:cd:86:3d:6c:45:
54:46:63:c8:15:d6:06:39:a3:d6:b1:3f:f7:eb:a0:7c:c1:97:
a9:7f:11:f7:ee:e5:6d:53:90:30:6c:39:0a:6b:0d:d6:8e:eb:
38:9f:bc:09:c1:fc:67:28:4a:fd:59:60:df:d0:19:f9:35:52:
4c:5e:85:98:c5:d4:e9:fe:17:04:22:f8:f1:dd:4b:8f:29:0e:
b5:04:37:c1
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIJAMrTsYSSKqGuMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTMxNjAyNTFaFw0y
MTAzMDkxNjAyNTFaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
rdcCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
A4IBAQBaCPz1ggujm47QlZJG36HNiuXFV3HUb/TZc2a8ftlmp2fHKRyN1DOSVPN9
/V3vsagHpu7fmfZwVtL2CxULcG/avcQ375n5t/NZcBJB9XIcYR1RbSLFjIt4+HcA
EeOyprfpAALw54/jUMsgi//1Mc57wa6Pozxggdo0b1/QRW2/wmlUWljTVyleD4XX
c+HbsRUmqGZyUdfns7iHsatsUUt8mMfEqLqwPQW1lS61pEeHzYY9bEVURmPIFdYG
OaPWsT/366B8wZepfxH37uVtU5AwbDkKaw3Wjus4n7wJwfxnKEr9WWDf0Bn5NVJM
XoWYxdTp/hcEIvjx3UuPKQ61BDfB
-----END CERTIFICATE-----

BIN
certs/test/server-goodcn.der Normal file
View File

Binary file not shown.

70
certs/test/server-goodcn.pem Normal file
View File

@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9494820020802705564 (0x83c46080d236589c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
Validity
Not Before: Jun 13 16:02:51 2018 GMT
Not After : Mar 9 16:02:51 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15:
c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70:
26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76:
a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8:
7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce:
4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24:
3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1:
27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e:
14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd:
0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5:
5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2:
23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d:
4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61:
e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5:
72:b6:25:c8
-----BEGIN CERTIFICATE-----
MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2
MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv
c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI
hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9
cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0
j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ
fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT
xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ
inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg=
-----END CERTIFICATE-----

28
tests/test.conf
View File

@ -2247,6 +2247,34 @@
-c certs/client-cert-3072.pem
-k certs/client-key-3072.pem
# server good certificate common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-goodcn.pem
-d
# client good certificate common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-goodcn.pem
-m
# server good certificate alt name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-goodalt.pem
-d
# client good certificate alt name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-goodalt.pem
-m
# server good certificate common name wild
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256