[#1661] Addressed some 1661 comments (port)

COPYING

@@ -604,3 +604,8 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice
 The ext/coroutine code is externally maintained and distributed under
 the Boost Software License, Version 1.0.  (See its accompanying file
 LICENSE_1_0.txt.)
+
+Sample TLS clients and servers are used for tests and are included in
+src/lib/asiolink/testutils. The files are distributed under Boost
+Software license 1.0 and are used for testing only. They're not part
+of Kea installation.

src/lib/asiolink/Makefile.am

@@ -18,7 +18,7 @@ libkea_asiolink_la_SOURCES  = asiolink.h
 libkea_asiolink_la_SOURCES += asio_wrapper.h
 libkea_asiolink_la_SOURCES += addr_utilities.cc addr_utilities.h
 libkea_asiolink_la_SOURCES += botan_tls.h
-libkea_asiolink_la_SOURCES += common_tls.h
+libkea_asiolink_la_SOURCES += common_tls.cc common_tls.h
 libkea_asiolink_la_SOURCES += crypto_tls.h
 libkea_asiolink_la_SOURCES += dummy_io_cb.h
 libkea_asiolink_la_SOURCES += interval_timer.cc interval_timer.h
@@ -44,7 +44,7 @@ libkea_asiolink_la_SOURCES += unix_domain_socket_acceptor.h
 libkea_asiolink_la_SOURCES += unix_domain_socket_endpoint.h
 
 if HAVE_BOTAN
-#libkea_asiolink_la_SOURCES += botan_tls.cc
+libkea_asiolink_la_SOURCES += botan_tls.cc
 endif
 if HAVE_OPENSSL
 libkea_asiolink_la_SOURCES += openssl_tls.cc
@@ -88,11 +88,3 @@ libkea_asiolink_include_HEADERS = \
 	unix_domain_socket.h \
 	unix_domain_socket_acceptor.h \
 	unix_domain_socket_endpoint.h
-
-if HAVE_BOTAN
-libkea_asiolink_include_HEADERS += botan_tls.h
-endif
-
-if HAVE_OPENSSL
-libkea_asiolink_include_HEADERS += openssl_tls.h
-endif

src/lib/asiolink/botan_tls.cc

@@ -0,0 +1,56 @@
+// Copyright (C) 2021 Internet Systems Consortium, Inc. ("ISC")
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/// @file botan_tls.cc Botan fake implementation of the TLS API.
+
+#include <config.h>
+
+#ifdef WITH_BOTAN
+
+#include <asiolink/asio_wrapper.h>
+#include <asiolink/crypto_tls.h>
+
+namespace isc {
+namespace asiolink {
+
+TlsContext::TlsContext(TlsRole role)
+    : TlsContextBase(role), cert_required_(true) {
+}
+
+void
+TlsContext::setCertRequired(bool cert_required) {
+    cert_required_ = cert_required;
+}
+
+bool
+TlsContext::getCertRequired() const {
+    return (cert_required_);
+}
+
+void
+TlsContext::loadCaFile(const std::string&) {
+    isc_throw(NotImplemented, "Botan TLS is not yet supported");
+}
+
+void
+TlsContext::loadCaPath(const std::string&) {
+    isc_throw(NotImplemented, "loadCaPath is not implemented by Botan");
+}
+
+void
+TlsContext::loadCertFile(const std::string&) {
+    isc_throw(NotImplemented, "Botan TLS is not yet supported");
+}
+
+void
+TlsContext::loadKeyFile(const std::string&) {
+    isc_throw(NotImplemented, "Botan TLS is not yet supported");
+}
+
+} // namespace asiolink
+} // namespace isc
+
+#endif // WITH_BOTAN

src/lib/asiolink/botan_tls.h

@@ -9,6 +9,8 @@
 #ifndef BOTAN_TLS_H
 #define BOTAN_TLS_H
 
+/// @file botan_tls.h Botan fake implementation of the TLS API.
+
 #ifdef WITH_BOTAN
 
 #include <asiolink/asio_wrapper.h>
@@ -16,9 +18,158 @@
 #include <asiolink/io_service.h>
 #include <asiolink/common_tls.h>
 
+#include <exceptions/exceptions.h>
+
 namespace isc {
 namespace asiolink {
 
+/// @brief Botan TLS context.
+class TlsContext : public TlsContextBase {
+public:
+
+    /// @brief Destructor.
+    virtual ~TlsContext() { }
+
+    /// @brief Create a fresh context.
+    ///
+    /// @param role The TLS role client or server.
+    explicit TlsContext(TlsRole role);
+
+    /// @brief Set the peer certificate requirement mode.
+    ///
+    /// @param cert_required True if peer certificates are required,
+    /// false if they are optional.
+    virtual void setCertRequired(bool cert_required);
+
+    /// @brief Get the peer certificate requirement mode.
+    ///
+    /// @return True if peer certificates are required, false if they
+    /// are optional.
+    virtual bool getCertRequired() const;
+
+    /// @brief Load the trust anchor aka certificate authority.
+    ///
+    /// @param ca_file The certificate file name.
+    /// @throw isc::cryptolink::LibraryError on various errors as
+    /// file not found, bad format, etc.
+    virtual void loadCaFile(const std::string& ca_file);
+
+    /// @brief Load the trust anchor aka certificate authority.
+    ///
+    /// @param ca_path The certificate directory name.
+    /// @throw isc::cryptolink::LibraryError on various errors as
+    /// file not found, bad format, etc.
+    virtual void loadCaPath(const std::string& ca_path);
+
+    /// @brief Load the certificate file.
+    ///
+    /// @param cert_file The certificate file name.
+    /// @throw isc::cryptolink::LibraryError on various errors as
+    /// file not found, bad format, etc.
+    virtual void loadCertFile(const std::string& cert_file);
+
+    /// @brief Load the private key from a file.
+    ///
+    /// @param key_file The private key file name.
+    /// @throw isc::cryptolink::LibraryError on various errors as
+    /// file not found, bad format, etc.
+    virtual void loadKeyFile(const std::string& key_file);
+
+protected:
+    /// @brief Cached cert_required value.
+    bool cert_required_;
+};
+
+/// @brief The type of Botan TLS streams (in fact pure TCP streams).
+typedef boost::asio::ip::tcp::socket TlsStreamImpl;
+
+/// @brief Dummy type of X509 certificates.
+struct TlsCertificate { };
+
+/// @brief TlsStreamBase constructor.
+///
+/// @tparam Callback The type of callbacks.
+/// @tparam TlsStreamImpl The type of underlying TLS streams.
+/// @tparam TlsCertificate The type of X509 certificates.
+/// @param service I/O Service object used to manage the stream.
+/// @param context Pointer to the TLS context.
+/// @note The caller must not provide a null pointer to the TLS context.
+template <typename Callback, typename TlsStreamImpl, typename TlsCertificate>
+TlsStreamBase<Callback, TlsStreamImpl, TlsCertificate>::
+TlsStreamBase(IOService& service, TlsContextPtr context)
+    : TlsStreamImpl(service.get_io_service()), role_(context->getRole()) {
+}
+
+/// @brief Botan fake TLS stream.
+///
+/// @tparam callback The callback.
+template <typename Callback>
+class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl, TlsCertificate> {
+public:
+
+    /// @brief Type of the base.
+    typedef TlsStreamBase<Callback, TlsStreamImpl, TlsCertificate> Base;
+
+    /// @brief Constructor.
+    ///
+    /// @param service I/O Service object used to manage the stream.
+    /// @param context Pointer to the TLS context.
+    /// @note The caller must not provide a null pointer to the TLS context.
+    TlsStream(IOService& service, TlsContextPtr context)
+        : Base(service, context) {
+    }
+
+    /// @brief Destructor.
+    virtual ~TlsStream() { }
+
+    /// @brief TLS Handshake.
+    ///
+    /// @param callback Callback object.
+    virtual void handshake(Callback& callback) {
+        isc_throw(NotImplemented, "Botan TLS is not yet supported");
+    }
+
+    /// @brief TLS shutdown.
+    ///
+    /// @param callback Callback object.
+    virtual void shutdown(Callback& callback) {
+        isc_throw(NotImplemented, "Botan TLS is not yet supported");
+    }
+
+    /// @brief Clear the TLS state.
+    virtual void clear() {
+        isc_throw(NotImplemented, "Botan TLS is not yet supported");
+    }
+
+    /// @brief Return the peer certificate.
+    ///
+    /// @note The native_handle() method is used so it can't be made const.
+    /// @note Do not forget to free it when no longer used.
+    virtual TlsCertificate* getPeerCert() {
+        return (0);
+    }
+
+    /// @brief Return the commonName part of the subjectName of
+    /// the peer certificate.
+    ///
+    /// First commonName when there are more than one, in UTF-8.
+    ///
+    /// @return The commonName part of the subjectName or the empty string.
+    std::string getSubject() {
+        return ("");
+    }
+
+    /// @brief Return the commonName part of the issuerName of
+    /// the peer certificate.
+    ///
+    /// First commonName when there are more than one, in UTF-8.
+    ///
+    /// @return The commonName part of the issuerName or the empty string.
+    std::string getIssuer() {
+        return ("");
+    }
+};
+
 } // namespace asiolink
 } // namespace isc
 

src/lib/asiolink/common_tls.cc

@@ -0,0 +1,59 @@
+// Copyright (C) 2021 Internet Systems Consortium, Inc. ("ISC")
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/// @file common_tls.cc Common part of implementations of the TLS API.
+
+#include <config.h>
+
+#include <asiolink/asio_wrapper.h>
+#include <asiolink/crypto_tls.h>
+
+#include <sys/stat.h>
+
+using namespace isc::cryptolink;
+
+namespace { // anonymous namespace
+
+// C++17 has this function but Kea is still C++11 so provide it.
+bool
+isDir(const std::string& name) {
+    struct stat stats;
+    if (::stat(name.c_str(), &stats) < 0) {
+        return (false);
+    }
+    return ((stats.st_mode & S_IFMT) == S_IFDIR);
+}
+
+} // end of namespace
+
+namespace isc {
+namespace asiolink {
+
+void
+TlsContextBase::configure(TlsContextPtr& context,
+                          TlsRole role,
+                          const std::string& ca_file,
+                          const std::string& cert_file,
+                          const std::string& key_file,
+                          bool cert_required) {
+    try {
+        context.reset(new TlsContext(role));
+        if (isDir(ca_file)) {
+            context->loadCaPath(ca_file);
+        } else {
+            context->loadCaFile(ca_file);
+        }
+        context->loadCertFile(cert_file);
+        context->loadKeyFile(key_file);
+        context->setCertRequired(cert_required);
+    } catch (...) {
+        context.reset();
+        throw;
+    }
+}
+
+} // namespace asiolink
+} // namespace isc

src/lib/asiolink/common_tls.h

@@ -30,6 +30,14 @@ namespace asiolink {
 /// @brief Client and server roles.
 enum TlsRole { CLIENT, SERVER };
 
+/// @brief Forward declaration of backend TLS context.
+class TlsContext;
+
+/// @brief The type of shared pointers to TlsContext objects.
+///
+/// @note Not clear we need shared pointers but they cover more use cases...
+typedef boost::shared_ptr<TlsContext> TlsContextPtr;
+
 /// @brief TLS context base class.
 class TlsContextBase : private boost::noncopyable {
 public:
@@ -48,6 +56,22 @@ public:
 
     /// @note No need for a role set method.
 
+    /// @brief Configure.
+    ///
+    /// @param context The TLS context to configure.
+    /// @param role The TLS role client or server.
+    /// @param ca_file The certificate file or directory name.
+    /// @param cert_file The certificate file name.
+    /// @param key_file The private key file name.
+    /// @param cert_required True if peer certificates are required,
+    /// false if they are optional.
+    static void configure(TlsContextPtr& context,
+                          TlsRole role,
+                          const std::string& ca_file,
+                          const std::string& cert_file,
+                          const std::string& key_file,
+                          bool cert_required);
+
     /// @brief Set the peer certificate requirement mode.
     ///
     /// @param cert_required True if peer certificates are required,
@@ -81,7 +105,7 @@ public:
     /// file not found, bad format, etc.
     virtual void loadCertFile(const std::string& cert_file) = 0;
 
-    /// @brief Load the private key file name.
+    /// @brief Load the private key from a file.
     ///
     /// @param key_file The private key file name.
     /// @throw isc::cryptolink::LibraryError on various errors as
@@ -93,14 +117,6 @@ public:
     TlsRole role_;
 };
 
-/// @brief Forward declaration of OpenSSL TLS context.
-class TlsContext;
-
-/// @brief The type of shared pointers to TlsContext objects.
-///
-/// @note Not clear we need shared pointers but they covers more use cases...
-typedef boost::shared_ptr<TlsContext> TlsContextPtr;
-
 /// @brief TLS stream base class.
 ///
 /// @tparam Callback The type of callbacks.
@@ -136,6 +152,8 @@ public:
     virtual void shutdown(Callback& callback) = 0;
 
     /// @brief Clear the TLS state.
+    ///
+    /// @note For some unit tests only.
     virtual void clear() = 0;
 
     /// @brief Return the peer certificate.

src/lib/asiolink/openssl_tls.cc

@@ -4,6 +4,8 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+/// @file openssl_tls.cc OpenSSL implementation of the TLS API.
+
 #include <config.h>
 
 #ifdef WITH_OPENSSL
@@ -95,43 +97,6 @@ TlsContext::loadKeyFile(const std::string& key_file) {
     }
 }
 
-namespace { // anonymous namespace
-
-// C++17 has this function but Kea is still C++11 so provide it.
-bool
-isDir(const std::string& name) {
-    struct stat stats;
-    if (::stat(name.c_str(), &stats) < 0) {
-        return (false);
-    }
-    return ((stats.st_mode & S_IFMT) == S_IFDIR);
-}
-
-} // end of namespace
-
-void
-TlsContext::configure(TlsContextPtr& context,
-                      TlsRole role,
-                      const std::string& ca_file,
-                      const std::string& cert_file,
-                      const std::string& key_file,
-                      bool cert_required) {
-    try {
-        context.reset(new TlsContext(role));
-        if (isDir(ca_file)) {
-            context->loadCaPath(ca_file);
-        } else {
-            context->loadCaFile(ca_file);
-        }
-        context->loadCertFile(cert_file);
-        context->loadKeyFile(key_file);
-        context->setCertRequired(cert_required);
-    } catch (...) {
-        context.reset();
-        throw;
-    }
-}
-
 } // namespace asiolink
 } // namespace isc
 

src/lib/asiolink/openssl_tls.h

@@ -23,6 +23,15 @@
 namespace isc {
 namespace asiolink {
 
+/// @brief Translate TLS role into implementation.
+inline boost::asio::ssl::stream_base::handshake_type roleToImpl(TlsRole role) {
+    if (role == TlsRole::SERVER) {
+        return (boost::asio::ssl::stream_base::server);
+    } else {
+        return (boost::asio::ssl::stream_base::client);
+    }
+}
+
 /// @brief OpenSSL TLS context.
 class TlsContext : public TlsContextBase {
 public:
@@ -71,27 +80,11 @@ public:
     /// @param cert_file The certificate file name.
     virtual void loadCertFile(const std::string& cert_file);
 
-    /// @brief Load the private key file name.
+    /// @brief Load the private key from a file.
     ///
     /// @param key_file The private key file name.
     virtual void loadKeyFile(const std::string& key_file);
 
-    /// @brief Configure.
-    ///
-    /// @param context The TLS context to configure.
-    /// @param role The TLS role client or server.
-    /// @param ca_file The certificate file or directory name.
-    /// @param cert_file The certificate file name.
-    /// @param key_file The private key file name.
-    /// @param cert_required True if peer certificates are required,
-    /// false if they are optional.
-    static void configure(TlsContextPtr& context,
-                          TlsRole role,
-                          const std::string& ca_file,
-                          const std::string& cert_file,
-                          const std::string& key_file,
-                          bool cert_required);
-
 protected:
     /// @brief Cached cert_required value.
     bool cert_required_;
@@ -107,11 +100,13 @@ typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> TlsStreamImpl;
 typedef ::X509 TlsCertificate;
 
 /// @brief TlsStreamBase constructor.
-/// @brief TLS stream base class.
 ///
 /// @tparam Callback The type of callbacks.
 /// @tparam TlsStreamImpl The type of underlying TLS streams.
 /// @tparam TlsCertificate The type of X509 certificates.
+/// @param service I/O Service object used to manage the stream.
+/// @param context Pointer to the TLS context.
+/// @note The caller must not provide a null pointer to the TLS context.
 template <typename Callback, typename TlsStreamImpl, typename TlsCertificate>
 TlsStreamBase<Callback, TlsStreamImpl, TlsCertificate>::
 TlsStreamBase(IOService& service, TlsContextPtr context)
@@ -145,12 +140,7 @@ public:
     ///
     /// @param callback Callback object.
     virtual void handshake(Callback& callback) {
-        using namespace boost::asio::ssl;
-        if (Base::getRole() == SERVER) {
-            Base::async_handshake(stream_base::server, callback);
-        } else {
-            Base::async_handshake(stream_base::client, callback);
-        }
+        Base::async_handshake(roleToImpl(Base::getRole()), callback);
     }
 
     /// @brief TLS shutdown.
@@ -234,6 +224,9 @@ public:
     }
 };
 
+// Stream truncated error code.
+const int STREAM_TRUNCATED = boost::asio::ssl::error::stream_truncated;
+
 } // namespace asiolink
 } // namespace isc
 

src/lib/asiolink/tcp_socket.h

@@ -232,7 +232,7 @@ private:
     // Socket
     boost::asio::ip::tcp::socket& socket_;
 
-    // TODO: Remove temporary buffer
+    // @todo Remove temporary buffer
     // The current implementation copies the buffer passed to asyncSend() into
     // a temporary buffer and precedes it with a two-byte count field.  As
     // ASIO should really be just about sending and receiving data, the TCP
@@ -284,8 +284,8 @@ TCPSocket<C>::open(const IOEndpoint* endpoint, C& callback) {
         close();
     }
     // Ignore opens on already-open socket.  Don't throw a failure because
-    // of uncertainties as to what precedes whan when using asynchronous I/O.
-    // At also allows us a treat a passed-in socket as a self-managed socket.
+    // of uncertainties as to what precedes when using asynchronous I/O.
+    // Also allows us a treat a passed-in socket as a self-managed socket.
     if (!socket_.is_open()) {
         if (endpoint->getFamily() == AF_INET) {
             socket_.open(boost::asio::ip::tcp::v4());
@@ -350,7 +350,7 @@ TCPSocket<C>::asyncSend(const void* data, size_t length,
 
         // Need to copy the data into a temporary buffer and precede it with
         // a two-byte count field.
-        // TODO: arrange for the buffer passed to be preceded by the count
+        // @todo arrange for the buffer passed to be preceded by the count
         try {
             // Ensure it fits into 16 bits
             uint16_t count = boost::numeric_cast<uint16_t>(length);

src/lib/asiolink/tests/Makefile.am

@@ -39,9 +39,11 @@ run_unittests_SOURCES += dummy_io_callback_unittest.cc
 run_unittests_SOURCES += tcp_acceptor_unittest.cc
 run_unittests_SOURCES += unix_domain_socket_unittest.cc
 run_unittests_SOURCES += process_spawn_unittest.cc
+if HAVE_OPENSSL
 run_unittests_SOURCES += tls_unittest.cc
 run_unittests_SOURCES += tls_acceptor_unittest.cc
 run_unittests_SOURCES += tls_socket_unittest.cc
+endif
 
 run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
 

src/lib/asiolink/tests/tcp_socket_unittest.cc

@@ -4,7 +4,7 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-/// \brief Test of TCPSocket
+/// @brief Test of TCPSocket
 ///
 /// Tests the functionality of a TCPSocket by working through an open-send-
 /// receive-close sequence and checking that the asynchronous notifications
@@ -43,7 +43,7 @@ namespace {
 const char SERVER_ADDRESS[] = "127.0.0.1";
 const unsigned short SERVER_PORT = 5303;
 
-// TODO: Shouldn't we send something that is real message?
+/// @todo Shouldn't we send something that is real message?
 const char OUTBOUND_DATA[] = "Data sent from client to server";
 const char INBOUND_DATA[] = "Returned data from server to client";
 }
@@ -300,7 +300,7 @@ TEST(TCPSocket, processReceivedData) {
     EXPECT_TRUE(equal(inbuff + 2, inbuff + cumulative, dataptr));
 }
 
-// TODO: Need to add a test to check the cancel() method
+/// @todo Need to add a test to check the cancel() method
 
 // Tests the operation of a TCPSocket by opening it, sending an asynchronous
 // message to a server, receiving an asynchronous message from the server and

src/lib/asiolink/tests/tls_socket_unittest.cc

@@ -4,7 +4,7 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-/// \brief Test of TCPSocket
+/// @brief Test of TLSSocket
 ///
 /// Tests the functionality of a TCPSocket by working through an open-send-
 /// receive-close sequence and checking that the asynchronous notifications
@@ -44,7 +44,7 @@ namespace {
 const char SERVER_ADDRESS[] = "127.0.0.1";
 const unsigned short SERVER_PORT = 5303;
 
-// TODO: Shouldn't we send something that is real message?
+/// @todo Shouldn't we send something that is real message?
 const char OUTBOUND_DATA[] = "Data sent from client to server";
 const char INBOUND_DATA[] = "Returned data from server to client";
 }
@@ -310,7 +310,7 @@ TEST(TLSSocket, processReceivedData) {
     EXPECT_TRUE(equal(inbuff + 2, inbuff + cumulative, dataptr));
 }
 
-// TODO: Need to add a test to check the cancel() method
+/// @todo Need to add a test to check the cancel() method
 
 // Tests the operation of a TLSSocket by opening it, sending an asynchronous
 // message to a server, receiving an asynchronous message from the server and
@@ -394,7 +394,7 @@ TEST(TLSSocket, sequenceTest) {
     server_cb.queued() = TLSCallback::HANDSHAKE;
     server_cb.called() = TLSCallback::NONE;
     server_cb.setCode(42);  // Some error
-    server.async_handshake(ssl::stream_base::server, server_cb);
+    server.async_handshake(roleToImpl(TlsRole::SERVER), server_cb);
 
     while ((server_cb.called() == TLSCallback::NONE) ||
            (client_cb.called() == TLSCallback::NONE)) {

src/lib/asiolink/testutils/Makefile.am

@@ -8,13 +8,13 @@ AM_CPPFLAGS += -DTEST_CA_DIR=\"$(TEST_CA_DIR)\"
 AM_CXXFLAGS = $(KEA_CXXFLAGS)
 
 EXTRA_DIST  =
+EXTRA_DIST += ca/00af7a28.0
 EXTRA_DIST += ca/0c7eedb9.0
-EXTRA_DIST += ca/26d052a5.0
-EXTRA_DIST += ca/3071e5ff.0
-EXTRA_DIST += ca/a465d731.0
+EXTRA_DIST += ca/28f5a777.0
+EXTRA_DIST += ca/2eefa08b.0
+EXTRA_DIST += ca/7a5b785e.0
 EXTRA_DIST += ca/ad950210.0
-EXTRA_DIST += ca/d3d11a5f.0
-EXTRA_DIST += ca/doc
+EXTRA_DIST += ca/doc.txt
 EXTRA_DIST += ca/ext-addr-conf.cnf
 EXTRA_DIST += ca/ext-conf.cnf
 EXTRA_DIST += ca/kea-ca.crt
@@ -61,19 +61,14 @@ if HAVE_OPENSSL
 
 noinst_PROGRAMS = openssl_sample_client openssl_sample_server
 
-openssl_sample_client_SOURCES = openssl_sample_client.cpp
+openssl_sample_client_SOURCES = openssl_sample_client.cc
 openssl_sample_client_CPPFLAGS = $(AM_CPPFLAGS)
 openssl_sample_client_LDFLAGS = $(AM_LDFLAGS) $(CRYPTO_LDFLAGS)
 openssl_sample_client_LDADD = $(CRYPTO_LIBS)
 
-openssl_sample_server_SOURCES = openssl_sample_server.cpp
+openssl_sample_server_SOURCES = openssl_sample_server.cc
 openssl_sample_server_CPPFLAGS = $(AM_CPPFLAGS)
 openssl_sample_server_LDFLAGS = $(AM_LDFLAGS) $(CRYPTO_LDFLAGS)
 openssl_sample_server_LDADD = $(CRYPTO_LIBS)
 endif
-
 endif
-
-
-
-

src/lib/asiolink/testutils/ca/doc.txt

@@ -4,27 +4,69 @@ Similar to doc/examples/https/nginx/kea-nginx.conf
  Organization Name is ISC Inc.
  Common Name is the key name.
 
+Some critical details:
+ - recent versions of OpenSSL requires at least 2038 bit RSA
+ - certificate version should be 3 (enforced by Botan for leaves),
+  if openssl creates a version 1 add an extension
+ - RSA allows a simpler format than PKCS#8 for RSA private keys
+  but Botan and other algorithms require PKCS#8
+ - some tools check the alternate subject name of the server so put
+  a correct value in it
+
+Files:
+ - doc.txt this file
+ - ext-addr-conf.cnf extension definition file to add an IP address subject
+  alternative name to the server certificate (IP 127.0.0.1)
+ - ext-conf.cnf extension definition file to add a subject alternative
+  name to the server certificate (DNS localhost)
+ - kea-ca.crt Certification Authority (CA) certificate
+ - kea-ca.key Certification Authority (CA) private key (password keatest)
+ - kea-client.crt client certificate
+ - kea-client.csr client PKCS#10 certificate request
+ - kea-client.key client private key (not encrypted)
+ - kea-client.p12 client PKCS#12 archive with the certificate and the private
+  key (required by curl on macOS or iOS when built with Secure Transport)
+ - kea-other.crt test client certificate (signed by another CA)
+ - kea-other.key test client private key (signed by another CA, not encrypted)
+ - kea-self.crt test client certificate (self-signed)
+ - kea-self.key test client private key (self-signed, not encrypted)
+ - kea-server-addr.crt server certificate using the 127.0.0.1 IP address
+ - kea-server-addr.csr server PKCS#10 certificate request using the
+  127.0.0.1 IP address
+ - kea-server.crt server certificate using the localhost DNS name
+ - kea-server.csr server PKCS#10 certificate request using the localhost
+  DNS name
+ - kea-server.key server private key (all certificates, not encrypted)
+ - server-addr-conf.cnf OpenSSL configuration file to add an IP address
+  subject alternative name (127.0.0.1 and ::1)
+ - server-conf.cnf OpenSSL configuration file to add a DNS subject
+  alternative name (localhost)
+
+Procedure to build CA, server and client files:
+
 1 - create a CA self signed certificate (password is keatest)
  openssl genrsa -aes128 -out kea-ca.key 4096
- openssl req -new -x509 -days 3650 -key kea-ca.key -out kea-ca.crt
+ openssl req -new -x509 -days 3650 -key kea-ca.key -out kea-ca.crt \
+ -extensions v3_ca -config server-conf.cnf
 
-2 - create a key for the client and decipher it
+2 - create a key for the client and convert to PKCS#8
  openssl genrsa -aes128 -out kea-client-aes.key 2048
- openssl rsa -in kea-client-aes.key -out kea-client.key
+ openssl pkcs8 -in kea-client-aes.key -out kea-client.key -nocrypt
  rm kea-client-aes.key
 
 3 - create a certificate for the client
  openssl req -new -key kea-client.key -out kea-client.csr
  openssl x509 -req -days 3650 -in kea-client.csr -CA kea-ca.crt \
-  -CAkey kea-ca.key -set_serial 10 -out kea-client.crt -sha256
+  -CAkey kea-ca.key -set_serial 10 -out kea-client.crt \
+  -extfile /dev/null -sha256
 
 4 - create a PKCS#12 bundle on macOS (password is keatest)
  openssl pkcs12 -in kea-client.crt -inkey kea-client.key -export \
   -out kea-client.p12
 
-5 - create a key for the server and decipher it (same than 2)
+5 - create a key for the server and convert to PKCS#8 (same than 2)
  openssl genrsa -aes128 -out kea-server-aes.key 2048
- openssl rsa -in kea-server-aes.key -out kea-server.key
+ openssl pkcs8 -in kea-server-aes.key -out kea-server.key -nocrypt
  rm kea-server-aes.key
 
 6 - create a certificate with a subject alternate name set to localhost

src/lib/asiolink/testutils/ca/kea-ca.crt

@@ -1,29 +1,30 @@
 -----BEGIN CERTIFICATE-----
-MIIE3jCCAsYCCQDVzhmZelXOXDANBgkqhkiG9w0BAQsFADAxMQswCQYDVQQGEwJV
-UzERMA8GA1UECgwISVNDIEluYy4xDzANBgNVBAMMBmtlYS1jYTAeFw0yMDA2MTEx
-MzU3MzhaFw0zMDA2MDkxMzU3MzhaMDExCzAJBgNVBAYTAlVTMREwDwYDVQQKDAhJ
-U0MgSW5jLjEPMA0GA1UEAwwGa2VhLWNhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
-MIICCgKCAgEAvKQ/vJpJnXjZ+/LxZNfPc/QYSChSEQ8qoxh8prBYvPXyDu9ORHOa
-Dtd5AWusQLCI3iNYMDaJwrazj0g91jPKcxfvFZbnzFHTAZrDnmJwcTw96UfrP4b7
-PyXpUSF1/YfDf+/M3C7Wm9IJ/e704XHln/vFCw2dR/N5VOrXXJRcCd5NOES/ICXe
-xe62Mv7OjUQS8u6ovejtaaMkvoV2hGSG2LXdgVOCv0U8ybRs03Xl8BVM4lFYVO9H
-jnQ7O9AeGMqebvuyNAyGK9Dv+ERu65M9hB+pW//d+tVv3Dkfou+d5cOXPFXjf6vI
-K+2ClxkBH4A5dhsRJ7vPI41mwXA+H0g+MzxJ8Lg0pzJuLher03RZq3pBHvEc/jek
-P4u6mPrc+5J84jQ0hFwH4XIpxaKJsUiE/r1nFDiWRV27PgXMQgEbjdotxFX4IDBN
-KPtQNrybxiQHsYoZPdKcEfh8XyVT4NHrcbqN1SNf2ZIfDkm09aeDYXDdINAD+0yZ
-E+3YMeH4oWPpOIfW4OVzEDyfBGHyo2klTZfI5zdd54Kp4dKkzSlmIPC7OubdZZGo
-SlZfUlWVcRkqMbUAsZ8H2sdz0l+4k8+VmyiA4EWAiO6SV5xmYSncPQIN5dE2PbIx
-jKosl9JGhajs2gxCqlK+ZA3zgoFHhG1mKGWW7ucMic8Jy4oEq1XsoI0CAwEAATAN
-BgkqhkiG9w0BAQsFAAOCAgEAert/+ovFSWtRWKbFZNXs/o9ElWtVp+dxbOtgUNIS
-hdfLSHt/9nXw2FuBrvonDnTtl0kPhci1Qcwd5uAErlgddE6k27kcjOesMuXtwUke
-LLb7UQG7TQy3KmB+ARnG+toNTm2d8I5420+VDLqU1oh++x9l9KpWsDENSNeTDulT
-lVTJ7fVOTK7++NTCmqrp+Ublri3a2aoTK4pkt1ymcdIGD/kyCNeZro3/CKooV4yU
-xyTMBV0Huyu9V6OldtKtfbP2sWrQn5McRY1/18wJVTMq+OV5EI73R4bn/frfwl8o
-k8x8PH/ulozK+Pk4wz3z2NdT+ckSIfFs0RtVLW2MF1+8kJyt/9u8yUNfcw7MvNor
-94Zr86Mg0ZsHlXgeFfLm7h9dB/lQ5mtotrXfH4C4zltjPz17xouBSuZjZhgbkLaJ
-s4nPxWwxM/tN1mSYuVkiwq+qOz8ooePZh7zzEwpDiHr1tgzXxKojDcNC2uvVRTw/
-DKq8htcEb9kFyvDzxTq6zbvuNIyvzmpseEnpYxuzHFqCQtbN54Q88HuyebJlbxEI
-0BNb74yxvAQj3P+KS8xY9iqPExBeMiQu85eGmpTtKSnNjP1i09bg+xOVlESOeUPE
-cEe2ZsdEBwVaoCvjl5vbt2eJfpdt3UEwg6zfyncxjMZka/315B7d7k5qIEqsD5KO
-HXQ=
+MIIFMzCCAxugAwIBAgIJAJHdRK24tsELMA0GCSqGSIb3DQEBCwUAMDAxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQKDAdJU0MgSW5jMQ8wDQYDVQQDDAZrZWEtY2EwHhcNMjEw
+MzAyMTQ1OTM3WhcNMzEwMjI4MTQ1OTM3WjAwMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CgwHSVNDIEluYzEPMA0GA1UEAwwGa2VhLWNhMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAvKQ/vJpJnXjZ+/LxZNfPc/QYSChSEQ8qoxh8prBYvPXyDu9O
+RHOaDtd5AWusQLCI3iNYMDaJwrazj0g91jPKcxfvFZbnzFHTAZrDnmJwcTw96Ufr
+P4b7PyXpUSF1/YfDf+/M3C7Wm9IJ/e704XHln/vFCw2dR/N5VOrXXJRcCd5NOES/
+ICXexe62Mv7OjUQS8u6ovejtaaMkvoV2hGSG2LXdgVOCv0U8ybRs03Xl8BVM4lFY
+VO9HjnQ7O9AeGMqebvuyNAyGK9Dv+ERu65M9hB+pW//d+tVv3Dkfou+d5cOXPFXj
+f6vIK+2ClxkBH4A5dhsRJ7vPI41mwXA+H0g+MzxJ8Lg0pzJuLher03RZq3pBHvEc
+/jekP4u6mPrc+5J84jQ0hFwH4XIpxaKJsUiE/r1nFDiWRV27PgXMQgEbjdotxFX4
+IDBNKPtQNrybxiQHsYoZPdKcEfh8XyVT4NHrcbqN1SNf2ZIfDkm09aeDYXDdINAD
++0yZE+3YMeH4oWPpOIfW4OVzEDyfBGHyo2klTZfI5zdd54Kp4dKkzSlmIPC7Oubd
+ZZGoSlZfUlWVcRkqMbUAsZ8H2sdz0l+4k8+VmyiA4EWAiO6SV5xmYSncPQIN5dE2
+PbIxjKosl9JGhajs2gxCqlK+ZA3zgoFHhG1mKGWW7ucMic8Jy4oEq1XsoI0CAwEA
+AaNQME4wHQYDVR0OBBYEFA2rYljxKlzKLA/dsiAmRtO876ifMB8GA1UdIwQYMBaA
+FA2rYljxKlzKLA/dsiAmRtO876ifMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAGqY1cv913Hj1+FDmD5fhzW6D/SeyL/vh3bCJ6ZJmnHFXxHZbK4lufdi
+v3HRJ4iSPnU40ZWVukWE+vKrZOJeBM2ip/cqv8iAiZg2NaQ56AcDgrpOfJcXOJzD
+83kZI8W3dF/zk1flJM3rsi5QlwkCaxBvwA+QInejN+oncA90CphumNqblPQp1Ifm
+dt+b1BIk6QJFYT0oEXnNj+5EmSu+zJ+fR5bJoZX0YTcP6YAHjdZo2qAHTeM6yX8s
+bLnX97IopyPZ/xgG2kdlp2TZZdeysaICOZ16LldE7fp2OD2ifjrAqF9eezwa2ybi
+wNhduRUn0Nmuw/Vy3X5l3gUekc3mS9br8ooHy6N+8pnq04gGWK3AAZLY5v7uvzmD
+BC6eA0IJAvLyeiuTpBlkHZTFxk7ENaStEMFjvPiLrgquHLmJQzsgKoUtR7TGdEJ+
+DOeLAhuXjpaZ/kefSODmm09BP0d/q3iFU3gp1xGu2svUK0/BC6NQNuTIIap+L/I+
+tKq+SpPpp7laJ7M04TqAlI+EMQ4KFRDbmlWAy5uq/ynEpEJ1FFuyg6Zo+fxracTR
+ytP3p/LUEYl1VQbtn9IEcrkzZNEshBglRSJ09u1nLccy3WoX03P0iQiF4oNCEPMg
+PdPlvvf1t3FbcEn5AFOsMRW4U7MBPD/gvy0EVuEJ/boydq8qMzyi
 -----END CERTIFICATE-----

src/lib/asiolink/testutils/ca/kea-client.crt

@@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIID2jCCAcICARQwDQYJKoZIhvcNAQELBQAwMTELMAkGA1UEBhMCVVMxETAPBgNV
-BAoMCElTQyBJbmMuMQ8wDQYDVQQDDAZrZWEtY2EwHhcNMjEwMjIxMTg0MDQzWhcN
-MzEwMjE5MTg0MDQzWjA1MQswCQYDVQQGEwJVUzERMA8GA1UECgwISVNDIEluYy4x
-EzARBgNVBAMMCmtlYS1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDKbsDkElojvFhVt234GQOEVVudEp4s8KYnDQTZpsdeidrP3yY+qWfzG1k1
-6qMB5jXF7dRhzq4FiPbZMs5cz3BfwZDlxjWMxgixPaCrVphYLGhI8AOne8PEl47e
-4Ae3Cl96dWUfQKQmGIzzHfTcJvCxUOCob5zYOCDvtjk48IxdvHi18Ab/hXyGJKXS
-uqCsaXBRK7Amn8/jxMgdhds92tNxm0BiAJtsmkQm9QW8ztcoiEEgO4ViDRJSRKaG
-9hVRrAe4GPisOjUzerADkPX/pchHIqmrTJ9YKhngOfDdiAZY1lkZc1cbM6zqqTgT
-p1MvttSv8JEN6OMhM+bpCbaiWp4DAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAElh
-o7srSKP+6qiuzXR1eWDgTXcZa13Zj1z78Ipr3GnnoKJLLa+X69nHkA8fC2nP+Y6h
-2COdlPn/JVJ20ZKMkmC+VnnBklAe7zGnd83cmiOm12kj8lGUwQ/muDW3GU402WBT
-3CZubevUGgVIZv3fYcw1l3t1Q6eNASRr/xY40a9QvGAilKQSvZKdbIuYbAoMEbpX
-yCErSCVPxHcIjVDghIx/Jsn2RXg+yehpRgtCO/DM9E7/6q7yhb6jMrUqujCE40cc
-5TuBexXZsXH1x/Ic7mcwVDgAfGMm9j5a5isyIh7+uCItNpGlTOQIIx80wZbVHVyx
-9IpUA+IInq2rK5LGp4otXGODAN9wbMBrMX0VTQlY2DZ24Vr5L6sykmHkOSELaWvW
-2M0bNU16NUPxRUoWDkG99AwqT2ZnKMnsYqwayWMiQu/s1ek9zs01Pf4YFf5w659I
-YHgAVhd5gSmxcJ3VTilgUaYE9DRAKY3GVFkliTlGYM55khyJYdASWGijHI14hs4W
-TZQWebbaoaKNtEq+5omj7HsNLrWfKe6EQrn9z7PY+96ZbSZsbt34/tmsVpmTrOFB
-BV/iU3uEJGvAucI0VXgguKN3jmw2hWstHzEWEMHm107Vp3QPWmrHzvcosAxLsKpg
-WyHjO3AiUQOsP9NPOy9Owr/XJCcSbf5k4MuFDLXi
+MIID3TCCAcWgAwIBAgIBCjANBgkqhkiG9w0BAQsFADAwMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECgwHSVNDIEluYzEPMA0GA1UEAwwGa2VhLWNhMB4XDTIxMDMwMjE1MDAz
+M1oXDTMxMDIyODE1MDAzM1owNDELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0lTQyBJ
+bmMxEzARBgNVBAMMCmtlYS1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDKbsDkElojvFhVt234GQOEVVudEp4s8KYnDQTZpsdeidrP3yY+qWfz
+G1k16qMB5jXF7dRhzq4FiPbZMs5cz3BfwZDlxjWMxgixPaCrVphYLGhI8AOne8PE
+l47e4Ae3Cl96dWUfQKQmGIzzHfTcJvCxUOCob5zYOCDvtjk48IxdvHi18Ab/hXyG
+JKXSuqCsaXBRK7Amn8/jxMgdhds92tNxm0BiAJtsmkQm9QW8ztcoiEEgO4ViDRJS
+RKaG9hVRrAe4GPisOjUzerADkPX/pchHIqmrTJ9YKhngOfDdiAZY1lkZc1cbM6zq
+qTgTp1MvttSv8JEN6OMhM+bpCbaiWp4DAgMBAAEwDQYJKoZIhvcNAQELBQADggIB
+AENl7hCBjAft1uC/XAO/yBkkDrTk6R21+mdJMghJ9ojFP33QvYYv0pDNeCZ/IJEK
+G2ML8gFzd2YulF1qzBMuFvESRQyqJMnIWJS8FSEIKEyqj5RMTnVWjFM6V2yGhBA5
+XXAL4CVVNz/NqWV/Ebd1XB1OB/y5uz+ZowpWktHtqCKYhDzDtK600GswMOJ5UsZF
+X6JtkvG86nVfuyOIK3NtMXQE/ptAgwa87hVecu7yY/u6PmRwS7YbVBsh9VplnAsQ
+bLARtTGCWHL3otZaDi81dghHkHYmv1NmaubgKnFffKxJGLCtyHF0pqS7C0v7lLOo
+qOhSd3qaFEU1yWpXCFlyglDnadFQs8pdWIPBngwQC2luF1N7Kppz5zzGF5MHNt+E
+LuPlRAwgs8aRRPsySGYKvtCeNYAgjsbec9f0P7lMEGr+AqbZF9qNbbQQkq0dHrMH
+goazCek3XtlMAYYUdmkqQ5a44XRQUu4FuTVqzCH8nqhkeHcWTwO9BHayUebxiBk8
+njDwLtHiQ8u9TjVf/35UOdqFSxra+wZJPKYbH++82KG6rbEotGp3jv0uxasgiHVL
+qrD3dkQAU8zF7cllsUkRE3Gw4tDaZXkZCawiMfLiGK1FVApXkUnKilASDsaH6i3x
+Ui8LM1F9vbtJnzftTa3yi0FR6Gmi5Mc+R42gpE8xCa4y
 -----END CERTIFICATE-----

src/lib/asiolink/testutils/ca/kea-client.csr

@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICejCCAWICAQAwNTELMAkGA1UEBhMCVVMxETAPBgNVBAoMCElTQyBJbmMuMRMw
-EQYDVQQDDAprZWEtY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAym7A5BJaI7xYVbdt+BkDhFVbnRKeLPCmJw0E2abHXonaz98mPqln8xtZNeqj
-AeY1xe3UYc6uBYj22TLOXM9wX8GQ5cY1jMYIsT2gq1aYWCxoSPADp3vDxJeO3uAH
-twpfenVlH0CkJhiM8x303CbwsVDgqG+c2Dgg77Y5OPCMXbx4tfAG/4V8hiSl0rqg
-rGlwUSuwJp/P48TIHYXbPdrTcZtAYgCbbJpEJvUFvM7XKIhBIDuFYg0SUkSmhvYV
-UawHuBj4rDo1M3qwA5D1/6XIRyKpq0yfWCoZ4Dnw3YgGWNZZGXNXGzOs6qk4E6dT
-L7bUr/CRDejjITPm6Qm2olqeAwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAMgA
-4PiiHLAdo5tjjEWyPOsVCaKORAB8PqELc9XJHfZeyyCEDRptQfH//XKe7WRZmbZI
-baq1cqjZFVb8yrMjBr1mXUOuBzmofexaXwFEMOufirUawenqGeivkIW23j+Jq6vX
-xs2jlXdqE7H6ApXo5De0NhnpeNQS+88xDfQvcaqPYw5TmOrAtPrGt42vSa0x0vf6
-OnnFnOFEFh6AFfj6Sg6SWeNOn61RgUR5iqPkQsH33o/viTqKL4qITroFUHmau7Ec
-BimeigqvKOMS785BxmXeYl2qEg9Vu4zaFePAHPPpjIA7LELfXdM/B6TOP9/aCMEd
-NhQVPAUOXFxCnBHWo84=
+MIICeTCCAWECAQAwNDELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0lTQyBJbmMxEzAR
+BgNVBAMMCmtlYS1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDKbsDkElojvFhVt234GQOEVVudEp4s8KYnDQTZpsdeidrP3yY+qWfzG1k16qMB
+5jXF7dRhzq4FiPbZMs5cz3BfwZDlxjWMxgixPaCrVphYLGhI8AOne8PEl47e4Ae3
+Cl96dWUfQKQmGIzzHfTcJvCxUOCob5zYOCDvtjk48IxdvHi18Ab/hXyGJKXSuqCs
+aXBRK7Amn8/jxMgdhds92tNxm0BiAJtsmkQm9QW8ztcoiEEgO4ViDRJSRKaG9hVR
+rAe4GPisOjUzerADkPX/pchHIqmrTJ9YKhngOfDdiAZY1lkZc1cbM6zqqTgTp1Mv
+ttSv8JEN6OMhM+bpCbaiWp4DAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAs7Ed
+zY2f2BN33Jd2/XAe3Vl/Jm7JgLN7GnvwzdoM/KewsTsSo0wrgqBU2r36F+W2+/T6
+rN8C0SseFfaURd3CQc66UcGzp4+FKxWIS9loO4P43t6MjBUQ/RiW3IQUAbkMIL52
+CG1HiyyOp7GNtXb861CCu25t82oXeW7WWvWJxaKeAk/hkr7lrVxCcU7XkVY6sDU0
+t4fP3W31p5ZkLUK4qELiZ3iJZLnf/5xaXgJpVlS3E4DUe8tyl3TjayYxroyRj+TT
+D0LWwE65QGygJM2cZrraIvue5kVan4C8XZvO/VvZoakWH/ZkGN8Pis33r8oEfrQL
+SyGt7oTSRYob5MTWmA==
 -----END CERTIFICATE REQUEST-----

src/lib/asiolink/testutils/ca/kea-client.key

@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAym7A5BJaI7xYVbdt+BkDhFVbnRKeLPCmJw0E2abHXonaz98m
-Pqln8xtZNeqjAeY1xe3UYc6uBYj22TLOXM9wX8GQ5cY1jMYIsT2gq1aYWCxoSPAD
-p3vDxJeO3uAHtwpfenVlH0CkJhiM8x303CbwsVDgqG+c2Dgg77Y5OPCMXbx4tfAG
-/4V8hiSl0rqgrGlwUSuwJp/P48TIHYXbPdrTcZtAYgCbbJpEJvUFvM7XKIhBIDuF
-Yg0SUkSmhvYVUawHuBj4rDo1M3qwA5D1/6XIRyKpq0yfWCoZ4Dnw3YgGWNZZGXNX
-GzOs6qk4E6dTL7bUr/CRDejjITPm6Qm2olqeAwIDAQABAoIBAQCiT9OSC7UC2k3p
-zL38I/JR9S8T7o2tcveGcEXnTnalMtujuUUtESAsKU2KkaxKJZAQN/YGxnV6Mqva
-04XrnNh5rvbDhf4B9feaRdPCDhjw+gpUET6c1/vMcck4o2EMPuD3i5GdUXNMqHq7
-pNVkgESVqEe6RmP4amjeS7nuEdI6hSqFQa7EelC7C7HIIxz/jpiHRYk2pp5o3wx3
-EEyyhR+Ip3+U9EOlGZyqvasaGf6PYgBC2pTjitVP7+ArxokBTx1/VfNmVgOT+A+2
-kkqg4Ee3sgmBGjy0aUatr/QOSEELnJw9cHZLIapklDo+cS/ypSWiGASGUvCyjmBm
-VDg/DDDBAoGBAPFXAR1NwmVNs5mU5LA9kgs8Pz/d4LAOa3CrUEFjBSMrfAkB3Je8
-0x0Xmht2QIRVPQ2NFklM07aqToWMtxPSoLoGlovgTEAtcyLWnRrANlhd0VwG0m62
-YlRkIrRcS5m1yS+EKETCEWnsGoCrdYbBdpKJVoNd4pxAHXYgjlzKLPH5AoGBANa6
-tz0RiP6GHU7yONR0yXEYmLhniWnE9A+5UEKjEt4ZOo4rDxocBZSENPwMf7576Vv3
-kTuL4aSkBPA5DxBsjOq/CT3o3Fng2aRLNL37glYrVLAsNIPs/YVWuLJZ2fXJZMbG
-PbR2SVhXU8YvQaY3s6OlzfQ07Zd4T5TUnoMpDA7bAoGAJ5638R6d5lGeRX1bGc/R
-1QRcAdkkFOMZIlMNht6BrmdqInRqyYJXSjRguVdtegwgTMQ3v2rcauWEpIoYWCnA
-9ykzt9znx7VubG69NfIOOe2U/D2meER62g3iYKeyRZbBY4qXrcoKX9BB/ZOoZKoI
-FEB1snVMSYiBDa6EkJkkTckCgYBeU3UtAWfxjw6O4H6wbYEUCl8EGo9VhCxGP/yO
-2T3vjJuZWjbvHEIjRJRV6FOxZJNVUAJfawo7HcYBlL8WUujwMe0oYgNyBAD3WAYa
-MsLFgZFZNoH3NgMEMN0/k5LYkpiPbQQsIw4DHZFybM3k63EhQTOgxCNet34V/fSH
-318powKBgH/QdL/jSMUV4DGnPtayzTEszjgNsqt7SPkWvKtA+K+EoX2rlpZf65RI
-Mei9BawHU2H4rfCN3QTqimHt2/xNKyCowF+a4fRLPz8bDqOqiWMPZeD+PscWSrKq
-r3TDUNfttWQvdE5x1nct20T4dQ9FY1w8MgcsouBbmhFoWYDQOfuO
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKbsDkElojvFhV
+t234GQOEVVudEp4s8KYnDQTZpsdeidrP3yY+qWfzG1k16qMB5jXF7dRhzq4FiPbZ
+Ms5cz3BfwZDlxjWMxgixPaCrVphYLGhI8AOne8PEl47e4Ae3Cl96dWUfQKQmGIzz
+HfTcJvCxUOCob5zYOCDvtjk48IxdvHi18Ab/hXyGJKXSuqCsaXBRK7Amn8/jxMgd
+hds92tNxm0BiAJtsmkQm9QW8ztcoiEEgO4ViDRJSRKaG9hVRrAe4GPisOjUzerAD
+kPX/pchHIqmrTJ9YKhngOfDdiAZY1lkZc1cbM6zqqTgTp1MvttSv8JEN6OMhM+bp
+CbaiWp4DAgMBAAECggEBAKJP05ILtQLaTenMvfwj8lH1LxPuja1y94ZwRedOdqUy
+26O5RS0RICwpTYqRrEolkBA39gbGdXoyq9rTheuc2Hmu9sOF/gH195pF08IOGPD6
+ClQRPpzX+8xxyTijYQw+4PeLkZ1Rc0yoeruk1WSARJWoR7pGY/hqaN5Lue4R0jqF
+KoVBrsR6ULsLscgjHP+OmIdFiTamnmjfDHcQTLKFH4inf5T0Q6UZnKq9qxoZ/o9i
+AELalOOK1U/v4CvGiQFPHX9V82ZWA5P4D7aSSqDgR7eyCYEaPLRpRq2v9A5IQQuc
+nD1wdkshqmSUOj5xL/KlJaIYBIZS8LKOYGZUOD8MMMECgYEA8VcBHU3CZU2zmZTk
+sD2SCzw/P93gsA5rcKtQQWMFIyt8CQHcl7zTHReaG3ZAhFU9DY0WSUzTtqpOhYy3
+E9KgugaWi+BMQC1zItadGsA2WF3RXAbSbrZiVGQitFxLmbXJL4QoRMIRaewagKt1
+hsF2kolWg13inEAddiCOXMos8fkCgYEA1rq3PRGI/oYdTvI41HTJcRiYuGeJacT0
+D7lQQqMS3hk6jisPGhwFlIQ0/Ax/vnvpW/eRO4vhpKQE8DkPEGyM6r8JPejcWeDZ
+pEs0vfuCVitUsCw0g+z9hVa4slnZ9clkxsY9tHZJWFdTxi9Bpjezo6XN9DTtl3hP
+lNSegykMDtsCgYAnnrfxHp3mUZ5FfVsZz9HVBFwB2SQU4xkiUw2G3oGuZ2oidGrJ
+gldKNGC5V216DCBMxDe/atxq5YSkihhYKcD3KTO33OfHtW5sbr018g457ZT8PaZ4
+RHraDeJgp7JFlsFjipetygpf0EH9k6hkqggUQHWydUxJiIENroSQmSRNyQKBgF5T
+dS0BZ/GPDo7gfrBtgRQKXwQaj1WELEY//I7ZPe+Mm5laNu8cQiNElFXoU7Fkk1VQ
+Al9rCjsdxgGUvxZS6PAx7ShiA3IEAPdYBhoywsWBkVk2gfc2AwQw3T+TktiSmI9t
+BCwjDgMdkXJszeTrcSFBM6DEI163fhX99IffXymjAoGAf9B0v+NIxRXgMac+1rLN
+MSzOOA2yq3tI+Ra8q0D4r4ShfauWll/rlEgx6L0FrAdTYfit8I3dBOqKYe3b/E0r
+IKjAX5rh9Es/PxsOo6qJYw9l4P4+xxZKsqqvdMNQ1+21ZC90TnHWdy3bRPh1D0Vj
+XDwyByyi4FuaEWhZgNA5+44=
+-----END PRIVATE KEY-----

src/lib/asiolink/testutils/ca/kea-other.crt

@@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIID1zCCAb8CARQwDQYJKoZIhvcNAQELBQAwMzELMAkGA1UEBhMCVVMxETAPBgNV
-BAoMCElTQyBJbmMuMREwDwYDVQQDDAhvdGhlci1jYTAeFw0yMTAyMjEyMTE4NDda
-Fw0zMTAyMTkyMTE4NDdaMDAxCzAJBgNVBAYTAlVTMREwDwYDVQQKDAhJU0MgSW5j
-LjEOMAwGA1UEAwwFb3RoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDAoEENWQ6tl6aaRMn+yaNUKTBIIWpVoy5+uGsBdZW++fEvw4xmleGD+bwyHZFE
-sHPos/v7zWUNFaX2aWD0H+Hk4l2WTFigWO3utPoXDzDOjfQmglKG+R08p3giURrJ
-zUKWwe/RRJBs7qXdcD9yNXVOb2JWp4Cxk1iPj7zTS/LGsFr7F4/k2nlH3EuqvB3G
-BEXHa/sA55xigMyvqVnVb4rNh+PjGL8l5SZzSnrbdoIEtKw/LVbBCAVrQsgcADNq
-jR7ILbqeIqg1Td11QvQzB7f/U5dQoQPzq3j4ow1zOiaSokZE7UcUCUNfjRv5E2lW
-+mmyM7nkgyE9LqUJ/3udIh1vAgMBAAEwDQYJKoZIhvcNAQELBQADggIBACK3Dl0s
-NmwPSNQuVH9d/fgL954ephn+GAsNamOLL9gFwZmHxVzHJ93GnbrVsTtvWFa2w+Tc
-jDGzRvbhMMh4bnKOJ4OUzn2ISQOyWdhBWnSKVt9kiunP7Jn8ufH4WOpkeP1FKXRg
-xMgGcK/3oOn2OV2Nj9BT5Wm8MPytVdsY1e3XCbBcRfYB1acNE0Q6Fx9/u0OxGNQ2
-ITRUQb5T1yoI6Isq2bhdW1hdl3O5DPcjkzDBQlqxXOUoZeLKuXeQlPxV+rELO52o
-z48CL/Y1jOhmplM7aUCNNxdObZZ0ym1OCEGo6yNCkGil6ErEgmVE7IrGaLMwbAHj
-eylbIcAieaAuc1w858nRbB+ryND9BWj5G0+B3xhuX3Xs4bfDKxPayytf9ixfshrn
-9TR0g3GIV+lIVOuCmQtf5H2eZ2wTxd09f6Sglh7WMm/RNEd+E53n3dnksjt9X/Lc
-27Q513x6IudXTreJMQdAstna/Aftjm4KN+zMc1JEYXPyiwN3UEFk8gfBstbg3Tb9
-ioA/yX4E1Jim7HHqB4eoTcmv4nz0kYrNtFxp4xAoy1qYc8afFOyborWdCqZFbERO
-JQJop0aVSm7tR95nhcd1O3ZgxMjzT6jOIw7P/DxCBQqz5xwXThpcYboK5z4cdWe7
-QAsCwmY3m4pbVvxtY9xl+LtEqNt7/eFXqstV
+MIID4DCCAcigAwIBAgIBFDANBgkqhkiG9w0BAQsFADAzMQswCQYDVQQGEwJVUzER
+MA8GA1UECgwISVNDIEluYy4xETAPBgNVBAMMCG90aGVyLWNhMB4XDTIxMDMwMjE0
+NTI0OFoXDTMxMDIyODE0NTI0OFowNDELMAkGA1UEBhMCVVMxETAPBgNVBAoMCElT
+QyBJbmMuMRIwEAYDVQQDDAlrZWEtb3RoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDAoEENWQ6tl6aaRMn+yaNUKTBIIWpVoy5+uGsBdZW++fEvw4xm
+leGD+bwyHZFEsHPos/v7zWUNFaX2aWD0H+Hk4l2WTFigWO3utPoXDzDOjfQmglKG
++R08p3giURrJzUKWwe/RRJBs7qXdcD9yNXVOb2JWp4Cxk1iPj7zTS/LGsFr7F4/k
+2nlH3EuqvB3GBEXHa/sA55xigMyvqVnVb4rNh+PjGL8l5SZzSnrbdoIEtKw/LVbB
+CAVrQsgcADNqjR7ILbqeIqg1Td11QvQzB7f/U5dQoQPzq3j4ow1zOiaSokZE7UcU
+CUNfjRv5E2lW+mmyM7nkgyE9LqUJ/3udIh1vAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggIBAMYcxVfoCIn+NPlsoRB2m5vAOuJTuBNigf8Fm0HYougE2W+p50+5USx2BCM8
+M1Cet+8X0dktHbRdDL5aZrRbYnz/OENBD4tKuWMQoP/qzafRiKSkDckxYM6AR4T+
+fzPgLjUde2NE1cDeRlJUmereRXiD2qefEFH55StLl8YnnciAMGTRjwBuLiReF+qE
+noaD8ZIKZ5pBMzoxyOe+39tLJkzhESdZ8gJZRXGm+ickAlP96w8z8TlQiWHG3Caw
+kM7SZSyVYdyfiF32J6A7hwlG3qud83GcunfrjOurWBe1lv51pb/OFGe6wlRD/pcS
+UcKZ07KXXYMXV40O6A5Dv0yJB8ocKhOkfU5MvotAAm2GL2ZXizfmEAz23X9I8830
+B5ggVxgp/bO/exC1sBJjUgF4qVPByE1MdDDWYvPKT8cYg5j8pD9rDn7WGVAmgCk9
+59lEI0HBP33ulBRoxrOQ7kV3pUlV8oP3wG/joz8PwSNAbbtQuUnAmjElONPyTrMN
+2Yqah89SqH9ygzz/UomdrKYuoTu/QEfLLtBcyBLKHrRT8ODvsp2kY9RpveCctsAR
+2gmnYixj7GDdp5c6zTich1+QkVvFtrl3Zu+AWRekFAn92bwwOli14S3LgW2t4iXL
+InVUqNg6l6K9d+FdHogvITQLKKMpfIfsCKPqvacpqryyaith
 -----END CERTIFICATE-----

src/lib/asiolink/testutils/ca/kea-other.key

@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwKBBDVkOrZemmkTJ/smjVCkwSCFqVaMufrhrAXWVvvnxL8OM
-ZpXhg/m8Mh2RRLBz6LP7+81lDRWl9mlg9B/h5OJdlkxYoFjt7rT6Fw8wzo30JoJS
-hvkdPKd4IlEayc1ClsHv0USQbO6l3XA/cjV1Tm9iVqeAsZNYj4+800vyxrBa+xeP
-5Np5R9xLqrwdxgRFx2v7AOecYoDMr6lZ1W+KzYfj4xi/JeUmc0p623aCBLSsPy1W
-wQgFa0LIHAAzao0eyC26niKoNU3ddUL0Mwe3/1OXUKED86t4+KMNczomkqJGRO1H
-FAlDX40b+RNpVvppsjO55IMhPS6lCf97nSIdbwIDAQABAoIBAGFKT7D7MzOwbeBr
-MA71Lv5aE13LKtb4JYqxgLJq/mhH+26heO9zckTjRQ+W6YFlEhYNmg8TLZ/POFTd
-4q9KzyB4yMYZ54WNhRdU5x/wdzlMb21n02ECv6ab+0xx5HLarnBQodzzoXKzkqjm
-gdUgdRBZp7SWw6RtBIT2F2wtZwC8v9TbLVjgYanK+sU1NlVJ86kg8WuPaST7kmaR
-I+BtFXapq5SP/MI5dJki3WNlalzJUIUiRtmqkSointJIEL1Jx1RGonPWDTQtmq8V
-/86eXOFEoqMXpK5gpKACl6amxbMBks3BViUHq/p7wpCF/c4a/t2xZ+P3ZAyuBg+P
-QLcNJCkCgYEA3sP4hAyoENqG0BVVttloXk0rhN7A7AXZ6Hd2EWYCJ+1X+0Mmjas6
-DnnPEIBN6DLthHSisiw8jfP9yAQlas1CHliSzdwgregzSt+PIRCXNxXNoYm7/xGu
-E0OK2cjcYmCX1fOp3WLyjEEjJh8/ZQys64wf8dS2gQbjuKi1M4Cu78MCgYEA3V0s
-CaPTMwng76kLVMTWzFyiTnxKhbrGlvzYnW0vTJ6YSJnLEKGzH3Df4e+K9mh/sRhw
-ZOaT3nH1P6iuPHcxFp3K1qaUU3yfVXlOVWJZ5LyP5hwyiaqBGRMnEapVAkb5bvAx
-qhDh3pVu2Qo3Bg+A3JEQ5mQmng+/DsSpIsrtjOUCgYAYthiNXXIPXI5z6sn1XKyt
-OVZIiQVRqVyA4y+fwncewr9tygcu0/2+uVh09iauSWf7t4yMw0d8X8KZO4yDCn35
-K84tM+wUHpwCBEa2XkbH/40uDD9kjiuHS4jNm/CGoTx2qW8Adgd984PYqMK5jOxp
-vMOWaghMy9zbESv4qJ+/TQKBgGBLcKW841n3eScoNSqp+fqqbVyRCuYDqvHxidVp
-ssK01u/2HvTcMoyB0JJ7Xsr0CGAkjngGKdsBXbtUiH77Jpp9B8i6bBmpQ7Kt81qH
-Ty2GrV5fc8iZKFGdGEjB/Prhnw4YZLJjZ64o+TBnFiqHwfmxDVX7ySTHGsi02hKt
-jgrVAoGBAKF0Z+KdT95HbS12J0wLJ4LAyFRMxQJ2+A17ryt6MwN5lICMBh0IosHD
-fpgh5pd4ZDJ5pA0seG2pGwFLkPhCM5EuumikU713SGboxkjS8ozfUkJGiXyg2C1t
-9lpsU6MKC4eTMg6WlTjBXoFc3seXP83mNKjy7Rn/qqIDHKH7WXke
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDAoEENWQ6tl6aa
+RMn+yaNUKTBIIWpVoy5+uGsBdZW++fEvw4xmleGD+bwyHZFEsHPos/v7zWUNFaX2
+aWD0H+Hk4l2WTFigWO3utPoXDzDOjfQmglKG+R08p3giURrJzUKWwe/RRJBs7qXd
+cD9yNXVOb2JWp4Cxk1iPj7zTS/LGsFr7F4/k2nlH3EuqvB3GBEXHa/sA55xigMyv
+qVnVb4rNh+PjGL8l5SZzSnrbdoIEtKw/LVbBCAVrQsgcADNqjR7ILbqeIqg1Td11
+QvQzB7f/U5dQoQPzq3j4ow1zOiaSokZE7UcUCUNfjRv5E2lW+mmyM7nkgyE9LqUJ
+/3udIh1vAgMBAAECggEAYUpPsPszM7Bt4GswDvUu/loTXcsq1vglirGAsmr+aEf7
+bqF473NyRONFD5bpgWUSFg2aDxMtn884VN3ir0rPIHjIxhnnhY2FF1TnH/B3OUxv
+bWfTYQK/ppv7THHkctqucFCh3POhcrOSqOaB1SB1EFmntJbDpG0EhPYXbC1nALy/
+1NstWOBhqcr6xTU2VUnzqSDxa49pJPuSZpEj4G0VdqmrlI/8wjl0mSLdY2VqXMlQ
+hSJG2aqRKiKe0kgQvUnHVEaic9YNNC2arxX/zp5c4USioxekrmCkoAKXpqbFswGS
+zcFWJQer+nvCkIX9zhr+3bFn4/dkDK4GD49Atw0kKQKBgQDew/iEDKgQ2obQFVW2
+2WheTSuE3sDsBdnod3YRZgIn7Vf7QyaNqzoOec8QgE3oMu2EdKKyLDyN8/3IBCVq
+zUIeWJLN3CCt6DNK348hEJc3Fc2hibv/Ea4TQ4rZyNxiYJfV86ndYvKMQSMmHz9l
+DKzrjB/x1LaBBuO4qLUzgK7vwwKBgQDdXSwJo9MzCeDvqQtUxNbMXKJOfEqFusaW
+/NidbS9MnphImcsQobMfcN/h74r2aH+xGHBk5pPecfU/qK48dzEWncrWppRTfJ9V
+eU5VYlnkvI/mHDKJqoEZEycRqlUCRvlu8DGqEOHelW7ZCjcGD4DckRDmZCaeD78O
+xKkiyu2M5QKBgBi2GI1dcg9cjnPqyfVcrK05VkiJBVGpXIDjL5/Cdx7Cv23KBy7T
+/b65WHT2Jq5JZ/u3jIzDR3xfwpk7jIMKffkrzi0z7BQenAIERrZeRsf/jS4MP2SO
+K4dLiM2b8IahPHapbwB2B33zg9iowrmM7Gm8w5ZqCEzL3NsRK/ion79NAoGAYEtw
+pbzjWfd5Jyg1Kqn5+qptXJEK5gOq8fGJ1WmywrTW7/Ye9NwyjIHQknteyvQIYCSO
+eAYp2wFdu1SIfvsmmn0HyLpsGalDsq3zWodPLYatXl9zyJkoUZ0YSMH8+uGfDhhk
+smNnrij5MGcWKofB+bENVfvJJMcayLTaEq2OCtUCgYEAoXRn4p1P3kdtLXYnTAsn
+gsDIVEzFAnb4DXuvK3ozA3mUgIwGHQiiwcN+mCHml3hkMnmkDSx4bakbAUuQ+EIz
+kS66aKRTvXdIZujGSNLyjN9SQkaJfKDYLW32WmxTowoLh5MyDpaVOMFegVzex5c/
+zeY0qPLtGf+qogMcoftZeR4=
+-----END PRIVATE KEY-----

src/lib/asiolink/testutils/ca/kea-self.crt

@@ -1,18 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIC6DCCAdACCQC3T0mkbypFVTANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQGEwJV
-UzERMA8GA1UECgwISVNDIEluYy4xFDASBgNVBAMMC3NlbGYtc2lnbmVkMB4XDTIx
-MDIxODE4MzA0MloXDTMxMDIxNjE4MzA0MlowNjELMAkGA1UEBhMCVVMxETAPBgNV
-BAoMCElTQyBJbmMuMRQwEgYDVQQDDAtzZWxmLXNpZ25lZDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMCgQQ1ZDq2XpppEyf7Jo1QpMEghalWjLn64awF1
-lb758S/DjGaV4YP5vDIdkUSwc+iz+/vNZQ0VpfZpYPQf4eTiXZZMWKBY7e60+hcP
-MM6N9CaCUob5HTyneCJRGsnNQpbB79FEkGzupd1wP3I1dU5vYlangLGTWI+PvNNL
-8sawWvsXj+TaeUfcS6q8HcYERcdr+wDnnGKAzK+pWdVvis2H4+MYvyXlJnNKett2
-ggS0rD8tVsEIBWtCyBwAM2qNHsgtup4iqDVN3XVC9DMHt/9Tl1ChA/OrePijDXM6
-JpKiRkTtRxQJQ1+NG/kTaVb6abIzueSDIT0upQn/e50iHW8CAwEAATANBgkqhkiG
-9w0BAQsFAAOCAQEAnhmEeDZv9IJL5Vv8K9Ltb8WzCaH7faSd/wKW5qqh+odeUJHk
-mZN8gwBaL8VSrXiCGKgTexn5Uc4PgxAbK887t3Q0BUIleOHG5mvQ7/0+uBtGEp72
-PSSsIHL7osiSMTi142ppY2/LpUfP7I65Z1lpaThdJu2YgxjVeoFZI+L3ubzVM6M0
-V/yBrK/vZMVVQv4tkCgte3jX/XH7aQ/+OK1xB9oyOqe7yShMrPS6oFLmvGjWMqQO
-/NMPxqsGWH/EZeTVmPP8+zw7/s2mnHrdqMLkHO6/sEPAdgyxrjcDLqtIdNgoMdBz
-2sH8t4L5qGTKQjDIJ8Zam6O9lJJhZ18D6Rqtwg==
+MIIDHDCCAgSgAwIBAgIUe1AyLcAeSfKwCZNZLFTRkWMyOJQwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoM
+CElTQyBJbmMuMREwDwYDVQQDDAhrZWEtc2VsZjAeFw0yMTAzMDIxNDQ3MDdaFw0z
+MTAyMjgxNDQ3MDdaMEgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRl
+MREwDwYDVQQKDAhJU0MgSW5jLjERMA8GA1UEAwwIa2VhLXNlbGYwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAoEENWQ6tl6aaRMn+yaNUKTBIIWpVoy5+
+uGsBdZW++fEvw4xmleGD+bwyHZFEsHPos/v7zWUNFaX2aWD0H+Hk4l2WTFigWO3u
+tPoXDzDOjfQmglKG+R08p3giURrJzUKWwe/RRJBs7qXdcD9yNXVOb2JWp4Cxk1iP
+j7zTS/LGsFr7F4/k2nlH3EuqvB3GBEXHa/sA55xigMyvqVnVb4rNh+PjGL8l5SZz
+SnrbdoIEtKw/LVbBCAVrQsgcADNqjR7ILbqeIqg1Td11QvQzB7f/U5dQoQPzq3j4
+ow1zOiaSokZE7UcUCUNfjRv5E2lW+mmyM7nkgyE9LqUJ/3udIh1vAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAHWFX55xUt1Opqtji+I2XvBrcexleSAME+irKwExe+tY
+laFEWb1eWyzFHiuOSuNLjcXt1PkUYZ0lYUg17cDj5urpAy+F07uCRQWTXBY8W53H
+IppYl4KjN3w4e5DSyDfiTv99MT8xVKJk+rVu75lQ0kgg68fZR6yK82SLjBQmjV2A
+OcSqHNHtnBU5RcdlZ+E05M1Vo1jHzxHpybkgNxjvmUgBRc9ieLbgSFRZji0nNmhA
+TSZ0DjRce6eyDI+OoEFJL0wXMl0ZOijeuCJr4C45h3TyreU2COC1GaoIeNwmGSIb
+mw0j+XR4rKHcgkUQ7L2DfwOjGFG7IeT+k0QdyeM2NU4=
 -----END CERTIFICATE-----

src/lib/asiolink/testutils/ca/kea-self.key

@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwKBBDVkOrZemmkTJ/smjVCkwSCFqVaMufrhrAXWVvvnxL8OM
-ZpXhg/m8Mh2RRLBz6LP7+81lDRWl9mlg9B/h5OJdlkxYoFjt7rT6Fw8wzo30JoJS
-hvkdPKd4IlEayc1ClsHv0USQbO6l3XA/cjV1Tm9iVqeAsZNYj4+800vyxrBa+xeP
-5Np5R9xLqrwdxgRFx2v7AOecYoDMr6lZ1W+KzYfj4xi/JeUmc0p623aCBLSsPy1W
-wQgFa0LIHAAzao0eyC26niKoNU3ddUL0Mwe3/1OXUKED86t4+KMNczomkqJGRO1H
-FAlDX40b+RNpVvppsjO55IMhPS6lCf97nSIdbwIDAQABAoIBAGFKT7D7MzOwbeBr
-MA71Lv5aE13LKtb4JYqxgLJq/mhH+26heO9zckTjRQ+W6YFlEhYNmg8TLZ/POFTd
-4q9KzyB4yMYZ54WNhRdU5x/wdzlMb21n02ECv6ab+0xx5HLarnBQodzzoXKzkqjm
-gdUgdRBZp7SWw6RtBIT2F2wtZwC8v9TbLVjgYanK+sU1NlVJ86kg8WuPaST7kmaR
-I+BtFXapq5SP/MI5dJki3WNlalzJUIUiRtmqkSointJIEL1Jx1RGonPWDTQtmq8V
-/86eXOFEoqMXpK5gpKACl6amxbMBks3BViUHq/p7wpCF/c4a/t2xZ+P3ZAyuBg+P
-QLcNJCkCgYEA3sP4hAyoENqG0BVVttloXk0rhN7A7AXZ6Hd2EWYCJ+1X+0Mmjas6
-DnnPEIBN6DLthHSisiw8jfP9yAQlas1CHliSzdwgregzSt+PIRCXNxXNoYm7/xGu
-E0OK2cjcYmCX1fOp3WLyjEEjJh8/ZQys64wf8dS2gQbjuKi1M4Cu78MCgYEA3V0s
-CaPTMwng76kLVMTWzFyiTnxKhbrGlvzYnW0vTJ6YSJnLEKGzH3Df4e+K9mh/sRhw
-ZOaT3nH1P6iuPHcxFp3K1qaUU3yfVXlOVWJZ5LyP5hwyiaqBGRMnEapVAkb5bvAx
-qhDh3pVu2Qo3Bg+A3JEQ5mQmng+/DsSpIsrtjOUCgYAYthiNXXIPXI5z6sn1XKyt
-OVZIiQVRqVyA4y+fwncewr9tygcu0/2+uVh09iauSWf7t4yMw0d8X8KZO4yDCn35
-K84tM+wUHpwCBEa2XkbH/40uDD9kjiuHS4jNm/CGoTx2qW8Adgd984PYqMK5jOxp
-vMOWaghMy9zbESv4qJ+/TQKBgGBLcKW841n3eScoNSqp+fqqbVyRCuYDqvHxidVp
-ssK01u/2HvTcMoyB0JJ7Xsr0CGAkjngGKdsBXbtUiH77Jpp9B8i6bBmpQ7Kt81qH
-Ty2GrV5fc8iZKFGdGEjB/Prhnw4YZLJjZ64o+TBnFiqHwfmxDVX7ySTHGsi02hKt
-jgrVAoGBAKF0Z+KdT95HbS12J0wLJ4LAyFRMxQJ2+A17ryt6MwN5lICMBh0IosHD
-fpgh5pd4ZDJ5pA0seG2pGwFLkPhCM5EuumikU713SGboxkjS8ozfUkJGiXyg2C1t
-9lpsU6MKC4eTMg6WlTjBXoFc3seXP83mNKjy7Rn/qqIDHKH7WXke
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDAoEENWQ6tl6aa
+RMn+yaNUKTBIIWpVoy5+uGsBdZW++fEvw4xmleGD+bwyHZFEsHPos/v7zWUNFaX2
+aWD0H+Hk4l2WTFigWO3utPoXDzDOjfQmglKG+R08p3giURrJzUKWwe/RRJBs7qXd
+cD9yNXVOb2JWp4Cxk1iPj7zTS/LGsFr7F4/k2nlH3EuqvB3GBEXHa/sA55xigMyv
+qVnVb4rNh+PjGL8l5SZzSnrbdoIEtKw/LVbBCAVrQsgcADNqjR7ILbqeIqg1Td11
+QvQzB7f/U5dQoQPzq3j4ow1zOiaSokZE7UcUCUNfjRv5E2lW+mmyM7nkgyE9LqUJ
+/3udIh1vAgMBAAECggEAYUpPsPszM7Bt4GswDvUu/loTXcsq1vglirGAsmr+aEf7
+bqF473NyRONFD5bpgWUSFg2aDxMtn884VN3ir0rPIHjIxhnnhY2FF1TnH/B3OUxv
+bWfTYQK/ppv7THHkctqucFCh3POhcrOSqOaB1SB1EFmntJbDpG0EhPYXbC1nALy/
+1NstWOBhqcr6xTU2VUnzqSDxa49pJPuSZpEj4G0VdqmrlI/8wjl0mSLdY2VqXMlQ
+hSJG2aqRKiKe0kgQvUnHVEaic9YNNC2arxX/zp5c4USioxekrmCkoAKXpqbFswGS
+zcFWJQer+nvCkIX9zhr+3bFn4/dkDK4GD49Atw0kKQKBgQDew/iEDKgQ2obQFVW2
+2WheTSuE3sDsBdnod3YRZgIn7Vf7QyaNqzoOec8QgE3oMu2EdKKyLDyN8/3IBCVq
+zUIeWJLN3CCt6DNK348hEJc3Fc2hibv/Ea4TQ4rZyNxiYJfV86ndYvKMQSMmHz9l
+DKzrjB/x1LaBBuO4qLUzgK7vwwKBgQDdXSwJo9MzCeDvqQtUxNbMXKJOfEqFusaW
+/NidbS9MnphImcsQobMfcN/h74r2aH+xGHBk5pPecfU/qK48dzEWncrWppRTfJ9V
+eU5VYlnkvI/mHDKJqoEZEycRqlUCRvlu8DGqEOHelW7ZCjcGD4DckRDmZCaeD78O
+xKkiyu2M5QKBgBi2GI1dcg9cjnPqyfVcrK05VkiJBVGpXIDjL5/Cdx7Cv23KBy7T
+/b65WHT2Jq5JZ/u3jIzDR3xfwpk7jIMKffkrzi0z7BQenAIERrZeRsf/jS4MP2SO
+K4dLiM2b8IahPHapbwB2B33zg9iowrmM7Gm8w5ZqCEzL3NsRK/ion79NAoGAYEtw
+pbzjWfd5Jyg1Kqn5+qptXJEK5gOq8fGJ1WmywrTW7/Ye9NwyjIHQknteyvQIYCSO
+eAYp2wFdu1SIfvsmmn0HyLpsGalDsq3zWodPLYatXl9zyJkoUZ0YSMH8+uGfDhhk
+smNnrij5MGcWKofB+bENVfvJJMcayLTaEq2OCtUCgYEAoXRn4p1P3kdtLXYnTAsn
+gsDIVEzFAnb4DXuvK3ozA3mUgIwGHQiiwcN+mCHml3hkMnmkDSx4bakbAUuQ+EIz
+kS66aKRTvXdIZujGSNLyjN9SQkaJfKDYLW32WmxTowoLh5MyDpaVOMFegVzex5c/
+zeY0qPLtGf+qogMcoftZeR4=
+-----END PRIVATE KEY-----

src/lib/asiolink/testutils/ca/kea-server-addr.crt

@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIECzCCAfOgAwIBAgIBHjANBgkqhkiG9w0BAQsFADAxMQswCQYDVQQGEwJVUzER
-MA8GA1UECgwISVNDIEluYy4xDzANBgNVBAMMBmtlYS1jYTAeFw0yMTAyMjEyMTE1
-MTdaFw0zMTAyMTkyMTE1MTdaMDoxCzAJBgNVBAYTAlVTMREwDwYDVQQKDAhJU0Mg
-SW5jLjEYMBYGA1UEAwwPa2VhLXNlcnZlci1hZGRyMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAveRRgIN0S8oeBXVaIEnsG1DKuDzKKqLoLdBQNfoZrKzD
-LIMNzlabxu20h82Y/OU02EdEzar98OstzglIWimKFVI0Omi0AuinUkv9640tjoO0
-g0oyCiWFpJLJ8WOF4j7vmZUWuSS3VthlB+MLWlOZ5zACyPyWPo4Z2noHaYjfiQxB
-H8r5GJtQiJGapgWRbeyI+m837bjimpz6V1AGebHvf+zd1Lj+zDOczp38PqIGUbmA
-vfKCj+ILMS46wYjjHTvCG5WSCG/Skker2HAJM2cNcEPmQqAOpAkmFQ2G46bXB4rB
-Xh9dNZB52U9QkyPFHKrnNn400B/xBGNKoyTSYbLQEwIDAQABoyUwIzAhBgNVHREE
-GjAYhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4ICAQAz
-qHfXZGJ7fBZPEvOhAHrPyNTrf66tqNavGG+xkSIZ8R58SaS2JHQO/YvmX1vZ+kHI
-AM1DiqEFiT2/yeuh1OrzSN58L5n6mHxfkaCDFW3y7dmm8P34G36CqRY2YxiXH20Z
-pr+rAz2rVoopWxpsIY0hzuXytBF/ZDGLNv6NsrJzK6joM+WM23ugQ9krOy79whf5
-rrvVERygbnaTP+gXOrc1KePaw5YFEdGAdbOHxR2/1j+xvyNtdO5eqZr78SX81dr3
-YE6O3NHz+aHf3zJ5f0cXABSe9ZDqCnBaBvF3vj5Hd0BGdZ5TuM+tKLEQDCivdC2K
-89cthsPpCqTzednw3Q/mEuIqyJg6F6grQR1/qapMf8OlVa6LQXhTL9RVe6M6sg3u
-DuAnrdrFDcmxP2dGL4oycxA2t82lnJ3vjfl329PQmZ3iEVQJDuitQGsymv0nnqos
-S9YCqPpTnk6ADnv9RLqHuCyKJLgERy5RO/pMM9rjB0mqtNtSQgVW55Or2byFL1qR
-IKQIQWneP7VLAXaNKUQNbyDzTCTo7QZTHivDgC03E/36vKz2wWbcl4u/oBxkEa+H
-LORk7RNnXQJRXQms7rydJQk9osBWio0hsuZddkwuetUzkverWOSdofqAtN+xZUBt
-lZYE+em29aBd6/wektxqJriVZxpaQxyrSMKF+jQtmA==
+MIIECjCCAfKgAwIBAgIBHjANBgkqhkiG9w0BAQsFADAwMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECgwHSVNDIEluYzEPMA0GA1UEAwwGa2VhLWNhMB4XDTIxMDMwMjE1MDE0
+OVoXDTMxMDIyODE1MDE0OVowOjELMAkGA1UEBhMCVVMxETAPBgNVBAoMCElTQyBJ
+bmMuMRgwFgYDVQQDDA9rZWEtc2VydmVyLWFkZHIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC95FGAg3RLyh4FdVogSewbUMq4PMoqougt0FA1+hmsrMMs
+gw3OVpvG7bSHzZj85TTYR0TNqv3w6y3OCUhaKYoVUjQ6aLQC6KdSS/3rjS2Og7SD
+SjIKJYWkksnxY4XiPu+ZlRa5JLdW2GUH4wtaU5nnMALI/JY+jhnaegdpiN+JDEEf
+yvkYm1CIkZqmBZFt7Ij6bzftuOKanPpXUAZ5se9/7N3UuP7MM5zOnfw+ogZRuYC9
+8oKP4gsxLjrBiOMdO8IblZIIb9KSR6vYcAkzZw1wQ+ZCoA6kCSYVDYbjptcHisFe
+H101kHnZT1CTI8Ucquc2fjTQH/EEY0qjJNJhstATAgMBAAGjJTAjMCEGA1UdEQQa
+MBiHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggIBAAaf
+GIHwgnSo4zo6cIfpzirVpSqjzOrsAqzSswigZdj7dwx959sgSJzZssDf/TA98iXM
+YQEkBao6jPuo8fTlCF0XGCUGAfq/f6Yn1Nhkk0qUdxLrNsEjKPXjISZPaVZllZBR
++mRMKObn0l86vJ/0zGzPRxH2P5CKg9g3sT8zkg1fGIE/SNr8abZV5Cf3spYQ9PF9
+zQ2TdpgaEGGufKR6VAIJH4CVShMfvBF0qFbzMC7R/CTdSvEBXagWclBT7PqcVGlV
+rK/NB6rt8W8hLQQE6bRunJmkLrmLKLVjFtPZPq5hm3jE8fnGxfzvThiZHTj+oFGw
+KXcbuSvwgYuLKym648V+VDGiDWdpS2dIwQi2JeHTt7Y4P+8dqPfHY7oDy2+67J6o
+ElTXvloGVNCedQtpp9gNrtil5avXrU9HCfD9avYlsn89kqYZ3Ht1GBYPyqeSZDCo
+a+sffazhYPfqFdH0U7wpq6Gf8/JMSAuQmAR2UAwhjoQatqDqEJ3pAFsI3YcQOZqm
+kj3/T0iYkU8YdJkxI2YgVCRRIzTKHkGMVc/iz+C0OJwFeJDuj+dj+EXXtyi3sjhL
+oTQT2y01nW2TPrHqlG3/fQyPx1gKXrij+1uOZJpZcgKE7/YBGByRiUdOyRJ0E6h6
+oimhTLT6mC9wteMiRmj68z5tTC1P0H4nuOU7OqwL
 -----END CERTIFICATE-----

src/lib/asiolink/testutils/ca/kea-server.crt

@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIID+TCCAeGgAwIBAgIBFDANBgkqhkiG9w0BAQsFADAxMQswCQYDVQQGEwJVUzER
-MA8GA1UECgwISVNDIEluYy4xDzANBgNVBAMMBmtlYS1jYTAeFw0yMTAyMjEyMTEz
-MzZaFw0zMTAyMTkyMTEzMzZaMDUxCzAJBgNVBAYTAlVTMREwDwYDVQQKDAhJU0Mg
-SW5jLjETMBEGA1UEAwwKa2VhLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAL3kUYCDdEvKHgV1WiBJ7BtQyrg8yiqi6C3QUDX6GayswyyDDc5W
-m8bttIfNmPzlNNhHRM2q/fDrLc4JSFopihVSNDpotALop1JL/euNLY6DtINKMgol
-haSSyfFjheI+75mVFrkkt1bYZQfjC1pTmecwAsj8lj6OGdp6B2mI34kMQR/K+Rib
-UIiRmqYFkW3siPpvN+244pqc+ldQBnmx73/s3dS4/swznM6d/D6iBlG5gL3ygo/i
-CzEuOsGI4x07whuVkghv0pJHq9hwCTNnDXBD5kKgDqQJJhUNhuOm1weKwV4fXTWQ
-edlPUJMjxRyq5zZ+NNAf8QRjSqMk0mGy0BMCAwEAAaMYMBYwFAYDVR0RBA0wC4IJ
-bG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4ICAQBXVoyYSkLjFHKwAutjN8E0SWdX
-tBuEPtYwB9lZrGx+B36x4dufxl5NBeUvNLvmJrJlZC4tnrdXzWQBTNX1wKjaNcbM
-nNMvcczFUo/H7mJJys3vVxQx2kCkMwjgOjA/VsFjcgGF5zK630o2+0fdLYEmoe2J
-OgOz304HccOS8j888p0Sfh4y3v4ZvvZ2uwrWXjVtehGa1Yy6iBNrrczmiVRBcOrh
-GSw4kw+p+BuLZ2VK98DWD5FzW1+9+a7pEJA5Zt/ru88wm+/FK5SpysIykq/2CY6G
-pHyBh361es+4gRobg0ApSkldqmd3TubWyQj9zXV98qghhyT0DuQN3KIAF/RMloq2
-dQHVK6a6h7hPk876/FSGILwKw3yxaXFYmkoUpv2bnEBtMvNYgrkoxp6zpxFforKa
-VVz6NhpkKg1iG4wEc7rot60IlRUfqPFX68sQfkcOXezuj6Qdkl41sfBSQIyUcPkH
-OOQ9Mi1Rn/pPMm/kHXwJthcuVcLP006eS5zFaU5ejicx+nT2L0YS/eyNygq6jubJ
-4Xm2QcX2be3LNyWwiGWPw1CqOCxpGFIgY1Z9cyORGL12KyZ5sPxFdwUWI2RTXLOn
-mjDYzyR8cByql0QZSO7neH/QSrQyfVeDxawbWJCK9VimAKqxUXWuAqjqtfF42XGM
-xbwIHFtwsd+04XA8xQ==
+MIID+DCCAeCgAwIBAgIBFDANBgkqhkiG9w0BAQsFADAwMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECgwHSVNDIEluYzEPMA0GA1UEAwwGa2VhLWNhMB4XDTIxMDMwMjE1MDEy
+N1oXDTMxMDIyODE1MDEyN1owNTELMAkGA1UEBhMCVVMxETAPBgNVBAoMCElTQyBJ
+bmMuMRMwEQYDVQQDDAprZWEtc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAveRRgIN0S8oeBXVaIEnsG1DKuDzKKqLoLdBQNfoZrKzDLIMNzlab
+xu20h82Y/OU02EdEzar98OstzglIWimKFVI0Omi0AuinUkv9640tjoO0g0oyCiWF
+pJLJ8WOF4j7vmZUWuSS3VthlB+MLWlOZ5zACyPyWPo4Z2noHaYjfiQxBH8r5GJtQ
+iJGapgWRbeyI+m837bjimpz6V1AGebHvf+zd1Lj+zDOczp38PqIGUbmAvfKCj+IL
+MS46wYjjHTvCG5WSCG/Skker2HAJM2cNcEPmQqAOpAkmFQ2G46bXB4rBXh9dNZB5
+2U9QkyPFHKrnNn400B/xBGNKoyTSYbLQEwIDAQABoxgwFjAUBgNVHREEDTALggls
+b2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAKYtC4/KKZnTktvWankLnlVact5K
+L0bJT4qCDg/0gj0pj3rofqyOEoGIjZssQtAG/wmJNF6gNisX/1F23BdEdPAsOJQv
+KuRwr4zL3uj2Mkz585Or/iz633LnD8Ibv8KQsKLnJ/UnJikeH5UgxqcU9kA7ymAE
+pzilP23p3bINvyBMwWZUzT3CsYB7PrcRzx3ScZhbhYaN0f8lq83nspXr8U3FyH5U
+NkrgpuqIE9dFPiaY4CsjNIISpYANcVeWwyPKMk/uty3KbzbmDr7ssm1u1MyJjeVP
+jE/Dhq+WTbDGMfqR3gyXBWq7b1ROA7tk9kAMQg91PLAELSB6lRmzfxzrH/wYk6E/
+0gHgpznpDcA68uW/54eX8phJQQp7Ak7csElXjqXDJ1AWA8VVjRXHerOkq0cUWply
+YsJQCkx3jKdLDFfjtKZWVOjc9rGCnph4BfUej/Lt7z7tTr/Yh+oAR+UyowRzdZM/
+RSsui8vVbvKU+bRlyB5qmNR8cSI5oEA+kAs5DXK2bh5v1SGSxVjwKuwwLeu8eCr3
+HUYQMxKi7Y15+BqjbrOZCEfHE4WORkKze1dh9U/UU9h+LVd+TB7jprZc3ZOvuqYP
+Bb+ponHJJaRvHUKD/jL8kHQ7KX79wXNVkrevGcPe8qE1X/xu4ChK5PuDzq2HQPLs
+USYWw/aARNwslhV6
 -----END CERTIFICATE-----

src/lib/asiolink/testutils/ca/kea-server.key

@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAveRRgIN0S8oeBXVaIEnsG1DKuDzKKqLoLdBQNfoZrKzDLIMN
-zlabxu20h82Y/OU02EdEzar98OstzglIWimKFVI0Omi0AuinUkv9640tjoO0g0oy
-CiWFpJLJ8WOF4j7vmZUWuSS3VthlB+MLWlOZ5zACyPyWPo4Z2noHaYjfiQxBH8r5
-GJtQiJGapgWRbeyI+m837bjimpz6V1AGebHvf+zd1Lj+zDOczp38PqIGUbmAvfKC
-j+ILMS46wYjjHTvCG5WSCG/Skker2HAJM2cNcEPmQqAOpAkmFQ2G46bXB4rBXh9d
-NZB52U9QkyPFHKrnNn400B/xBGNKoyTSYbLQEwIDAQABAoIBAHYZ4nbDSzk346QR
-cJRUZXw3q10ascICv9R+kuR/QCic6mZsu9FxHEGE5ZrwzA29oDhDWw9vIbENE9fo
-/g7VdwP7tG//XrXQbQBKMwqlK4hPcZ2WL7kPzSamBOMUutgTvIEQsKlFpKFmxK87
-DnyHMlkPCyxlrCwLxRiUfLeuYRiiau/3mAHUneJiYTL+pqQVkeznSkWq1cYp9A7n
-Gy4+3lxzyj3ru///S28V4UShh53PgPD5ghWKPqLJYbS6Zc1T8c0mtg/cbwZBUyuX
-W8AkT/ifYuJEBn3oQWluI2acwV7Yy+onRgFOsfZwUiX1oQ7keNh7D5+5XJ6CpZxK
-xtIpw0ECgYEA8wW6O07AQfA0dNNyMbHijfVabpeG1FKfqZeIhAnbYLwU1DJiipHl
-fyNDo7wM0AM27puohMAjo16ZfacUseruIiUSvv8bcWQE9g3XN7RGqpfJHHPlRI2V
-WT0iHEkjkMOkq4viufWcxGz/nw4BZERBnYmAOANmbwXX7ZnVbCnrjEUCgYEAyAhD
-PPNUTQGTcME98lVPohHvtekuaqA415otCtHA330I4mG8I3XGYbYymXYnmbIzy0KH
-+ZjMZdTXiWmqPYIh0P7ZOeXKXNe8ZTedCwfX+1wGpjk01KCIzpdoS8X5WeN23/1t
-hoF+HTKdhRBQte68WFD36Dtb0r1Hwe+IKC8h7HcCgYB0i0mdSY3v0UcGw6Re6qTw
-WTqOEMLLLfh9tzrzv1pikLAYdzVEqOT7TKkSa4tlcjU0xpdRWmd84FARrz/Adx7O
-ZyMPT34UqderPEX648yD4RjEOVw4vQFjc2rZT8XrlbdxwTrw3TXaCT+pQmkucYFa
-EGfZ9N953L6Jpp1wKsZYVQKBgEwaiKpZ0YryvIu7mbvnJUL+G/tT2isLBlVQ/S4O
-m5jr00N997xuBKoMTbgBMhPRrs74Yw9dSPa9QbuwDesU5ZTEQRU8Df/AvJatz/vw
-YgXp/0Wioiz7XtFq3W1mxvWiCwoxO0hfYAHvzepgSLTPPa1EMO2UF91X0kNAxMa1
-F+0FAoGAAIcCoN3PazFWSsNMO4EfZf4VUgnTg9Dh3mMH8M3hEGybISSVKz5NILBC
-OKRKNLPLuj4TwTcurelNjMOUvkd/+yQgu1B9ImNuHdSvJjS9TzWCgZ26Q16woMzv
-yKeky514sst/1LtWuwiitmGS0rpKf3vIlkqcUE9WcLd3Hy/PxKg=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC95FGAg3RLyh4F
+dVogSewbUMq4PMoqougt0FA1+hmsrMMsgw3OVpvG7bSHzZj85TTYR0TNqv3w6y3O
+CUhaKYoVUjQ6aLQC6KdSS/3rjS2Og7SDSjIKJYWkksnxY4XiPu+ZlRa5JLdW2GUH
+4wtaU5nnMALI/JY+jhnaegdpiN+JDEEfyvkYm1CIkZqmBZFt7Ij6bzftuOKanPpX
+UAZ5se9/7N3UuP7MM5zOnfw+ogZRuYC98oKP4gsxLjrBiOMdO8IblZIIb9KSR6vY
+cAkzZw1wQ+ZCoA6kCSYVDYbjptcHisFeH101kHnZT1CTI8Ucquc2fjTQH/EEY0qj
+JNJhstATAgMBAAECggEAdhnidsNLOTfjpBFwlFRlfDerXRqxwgK/1H6S5H9AKJzq
+Zmy70XEcQYTlmvDMDb2gOENbD28hsQ0T1+j+DtV3A/u0b/9etdBtAEozCqUriE9x
+nZYvuQ/NJqYE4xS62BO8gRCwqUWkoWbErzsOfIcyWQ8LLGWsLAvFGJR8t65hGKJq
+7/eYAdSd4mJhMv6mpBWR7OdKRarVxin0DucbLj7eXHPKPeu7//9LbxXhRKGHnc+A
+8PmCFYo+oslhtLplzVPxzSa2D9xvBkFTK5dbwCRP+J9i4kQGfehBaW4jZpzBXtjL
+6idGAU6x9nBSJfWhDuR42HsPn7lcnoKlnErG0inDQQKBgQDzBbo7TsBB8DR003Ix
+seKN9Vpul4bUUp+pl4iECdtgvBTUMmKKkeV/I0OjvAzQAzbum6iEwCOjXpl9pxSx
+6u4iJRK+/xtxZAT2Ddc3tEaql8kcc+VEjZVZPSIcSSOQw6Sri+K59ZzEbP+fDgFk
+REGdiYA4A2ZvBdftmdVsKeuMRQKBgQDICEM881RNAZNwwT3yVU+iEe+16S5qoDjX
+mi0K0cDffQjiYbwjdcZhtjKZdieZsjPLQof5mMxl1NeJaao9giHQ/tk55cpc17xl
+N50LB9f7XAamOTTUoIjOl2hLxflZ43bf/W2GgX4dMp2FEFC17rxYUPfoO1vSvUfB
+74goLyHsdwKBgHSLSZ1Jje/RRwbDpF7qpPBZOo4Qwsst+H23OvO/WmKQsBh3NUSo
+5PtMqRJri2VyNTTGl1FaZ3zgUBGvP8B3Hs5nIw9PfhSp16s8RfrjzIPhGMQ5XDi9
+AWNzatlPxeuVt3HBOvDdNdoJP6lCaS5xgVoQZ9n033ncvommnXAqxlhVAoGATBqI
+qlnRivK8i7uZu+clQv4b+1PaKwsGVVD9Lg6bmOvTQ333vG4EqgxNuAEyE9Guzvhj
+D11I9r1Bu7AN6xTllMRBFTwN/8C8lq3P+/BiBen/RaKiLPte0WrdbWbG9aILCjE7
+SF9gAe/N6mBItM89rUQw7ZQX3VfSQ0DExrUX7QUCgYAAhwKg3c9rMVZKw0w7gR9l
+/hVSCdOD0OHeYwfwzeEQbJshJJUrPk0gsEI4pEo0s8u6PhPBNy6t6U2Mw5S+R3/7
+JCC7UH0iY24d1K8mNL1PNYKBnbpDXrCgzO/Ip6TLnXiyy3/Uu1a7CKK2YZLSukp/
+e8iWSpxQT1Zwt3cfL8/EqA==
+-----END PRIVATE KEY-----

src/lib/asiolink/testutils/openssl_sample_client.cc

@@ -8,6 +8,8 @@
 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
 //
 
+#include <config.h>
+
 #include <cstdlib>
 #include <cstring>
 #include <functional>

src/lib/asiolink/testutils/openssl_sample_server.cc

@@ -11,6 +11,8 @@
 // Use the cpp03 version because the cpp11 version does not compile with
 // some g++ e.g. on Fedora 33.
 
+#include <config.h>
+
 #include <cstdlib>
 #include <iostream>
 #include <boost/bind/bind.hpp>

src/lib/asiolink/tls_socket.h

@@ -204,6 +204,9 @@ public:
     virtual void close();
 
     /// @brief TLS shutdown.
+    ///
+    /// The callback is called on completion i.e. when the peer performs
+    /// a shutdown or a close.
     virtual void shutdown(C& callback);
 
     /// @brief Returns reference to the underlying ASIO socket.
@@ -234,7 +237,7 @@ private:
     /// @brief Underlying TCP socket.
     typename TlsStream<C>::lowest_layer_type& socket_;
 
-    /// TODO: Remove temporary buffer
+    /// @todo Remove temporary buffer
     /// The current implementation copies the buffer passed to asyncSend() into
     /// a temporary buffer and precedes it with a two-byte count field.  As
     /// ASIO should really be just about sending and receiving data, the TCP
@@ -280,8 +283,8 @@ TLSSocket<C>::open(const IOEndpoint* endpoint, C& callback) {
     }
 
     // Ignore opens on already-open socket.  Don't throw a failure because
-    // of uncertainties as to what precedes whan when using asynchronous I/O.
-    // At also allows us a treat a passed-in socket as a self-managed socket.
+    // of uncertainties as to what precedes when using asynchronous I/O.
+    // Also allows us a treat a passed-in socket as a self-managed socket.
     if (!socket_.is_open()) {
         if (endpoint->getFamily() == AF_INET) {
             socket_.open(boost::asio::ip::tcp::v4());
@@ -358,7 +361,7 @@ TLSSocket<C>::asyncSend(const void* data, size_t length,
 
     // Need to copy the data into a temporary buffer and precede it with
     // a two-byte count field.
-    // TODO: arrange for the buffer passed to be preceded by the count
+    // @todo arrange for the buffer passed to be preceded by the count
     try {
         // Ensure it fits into 16 bits
         uint16_t count = boost::numeric_cast<uint16_t>(length);

src/lib/asiolink/udp_socket.h

@@ -191,7 +191,7 @@ template <typename C> void
 UDPSocket<C>::open(const IOEndpoint* endpoint, C&) {
 
     // Ignore opens on already-open socket.  (Don't throw a failure because
-    // of uncertainties as to what precedes whan when using asynchronous I/O.)
+    // of uncertainties as to what precedes when using asynchronous I/O.)
     // It also allows us a treat a passed-in socket in exactly the same way as
     // a self-managed socket (in that we can call the open() and close() methods
     // of this class).