moved cyassl -> wolfssl

IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c

@@ -421,7 +421,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
     switch (version) {
 #ifndef NO_OLD_TLS
         case 0:
-            method = CyaSSLv3_client_method();
+            method = wolfSSLv3_client_method();
             break;
                 
                 

IDE/MDK5-ARM/Projects/CyaSSL-Full/echoserver.c

@@ -128,7 +128,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 #elif  !defined(NO_TLS)
     method = CyaSSLv23_server_method();
 #else
-    method = CyaSSLv3_server_method();
+    method = wolfSSLv3_server_method();
 #endif
     ctx    = CyaSSL_CTX_new(method);
     /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */

IDE/MDK5-ARM/Projects/EchoServer/echoserver.c

@@ -128,7 +128,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 #elif  !defined(NO_TLS)
     method = CyaSSLv23_server_method();
 #else
-    method = CyaSSLv3_server_method();
+    method = wolfSSLv3_server_method();
 #endif
     ctx    = CyaSSL_CTX_new(method);
     /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */

IDE/MDK5-ARM/Projects/SimpleClient/client.c

@@ -423,7 +423,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
     switch (version) {
 #ifndef NO_OLD_TLS
         case 0:
-            method = CyaSSLv3_client_method();
+            method = wolfSSLv3_client_method();
             break;
                 
                 

cyassl/callbacks.h

@@ -19,62 +19,4 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-#ifndef CYASSL_CALLBACKS_H
-#define CYASSL_CALLBACKS_H
-
-#include <sys/time.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum { /* CALLBACK CONTSTANTS */
-    MAX_PACKETNAME_SZ     =  24,
-    MAX_CIPHERNAME_SZ     =  24,
-    MAX_TIMEOUT_NAME_SZ   =  24,       
-    MAX_PACKETS_HANDSHAKE =  14,       /* 12 for client auth plus 2 alerts */
-    MAX_VALUE_SZ          = 128,       /* all handshake packets but Cert should
-                                          fit here  */
-};
-
-
-typedef struct handShakeInfo_st {
-    char   cipherName[MAX_CIPHERNAME_SZ + 1];    /* negotiated cipher */
-    char   packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1];
-                                                 /* SSL packet names  */ 
-    int    numberPackets;                        /* actual # of packets */
-    int    negotiationError;                     /* cipher/parameter err */
-} HandShakeInfo;
-
-
-typedef struct timeval Timeval;
-
-
-typedef struct packetInfo_st {
-    char           packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */
-    Timeval        timestamp;                       /* when it occured    */
-    unsigned char  value[MAX_VALUE_SZ];             /* if fits, it's here */ 
-    unsigned char* bufferValue;                     /* otherwise here (non 0) */
-    int            valueSz;                         /* sz of value or buffer */
-} PacketInfo;
-
-
-typedef struct timeoutInfo_st {
-    char       timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */
-    int        flags;                              /* for future use */
-    int        numberPackets;                      /* actual # of packets */
-    PacketInfo packets[MAX_PACKETS_HANDSHAKE];     /* list of all packets  */
-    Timeval    timeoutValue;                       /* timer that caused it */
-} TimeoutInfo;
-
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-
-#endif /* CYASSL_CALLBACKS_H */
-
+#include <wolfssl/callbacks.h>

cyassl/certs_test.h

@@ -1,1178 +1,3 @@
 /* certs_test.h */
 
-#ifndef CYASSL_CERTS_TEST_H
-#define CYASSL_CERTS_TEST_H
-
-#ifdef USE_CERT_BUFFERS_1024
-
-/* ./certs/1024/client-key.der, 1024-bit */
-const unsigned char client_key_der_1024[] =
-{
-	0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
-	0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 
-	0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 
-	0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 
-	0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 
-	0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 
-	0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 
-	0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 
-	0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 
-	0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 
-	0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 
-	0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 
-	0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 
-	0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 
-	0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x13, 0x97, 0xEA, 
-	0xE8, 0x38, 0x78, 0x25, 0xA2, 0x5C, 0x04, 0xCE, 0x0D, 0x40, 
-	0x7C, 0x31, 0xE5, 0xC4, 0x70, 0xCD, 0x9B, 0x82, 0x3B, 0x58, 
-	0x09, 0x86, 0x3B, 0x66, 0x5F, 0xDC, 0x31, 0x90, 0xF1, 0x4F, 
-	0xD5, 0xDB, 0x15, 0xDD, 0xDE, 0xD7, 0x3B, 0x95, 0x93, 0x31, 
-	0x18, 0x31, 0x0E, 0x5E, 0xA3, 0xD6, 0xA2, 0x1A, 0x71, 0x6E, 
-	0x81, 0x48, 0x1C, 0x4B, 0xCF, 0xDB, 0x8E, 0x7A, 0x86, 0x61, 
-	0x32, 0xDC, 0xFB, 0x55, 0xC1, 0x16, 0x6D, 0x27, 0x92, 0x24, 
-	0x45, 0x8B, 0xF1, 0xB8, 0x48, 0xB1, 0x4B, 0x1D, 0xAC, 0xDE, 
-	0xDA, 0xDD, 0x8E, 0x2F, 0xC2, 0x91, 0xFB, 0xA5, 0xA9, 0x6E, 
-	0xF8, 0x3A, 0x6A, 0xF1, 0xFD, 0x50, 0x18, 0xEF, 0x9F, 0xE7, 
-	0xC3, 0xCA, 0x78, 0xEA, 0x56, 0xD3, 0xD3, 0x72, 0x5B, 0x96, 
-	0xDD, 0x4E, 0x06, 0x4E, 0x3A, 0xC3, 0xD9, 0xBE, 0x72, 0xB6, 
-	0x65, 0x07, 0x07, 0x4C, 0x01, 0x02, 0x41, 0x00, 0xFA, 0x47, 
-	0xD4, 0x7A, 0x7C, 0x92, 0x3C, 0x55, 0xEF, 0x81, 0xF0, 0x41, 
-	0x30, 0x2D, 0xA3, 0xCF, 0x8F, 0x1C, 0xE6, 0x87, 0x27, 0x05, 
-	0x70, 0x0D, 0xDF, 0x98, 0x35, 0xD6, 0xF1, 0x8B, 0x38, 0x2F, 
-	0x24, 0xB5, 0xD0, 0x84, 0xB6, 0x79, 0x4F, 0x71, 0x29, 0x94, 
-	0x5A, 0xF0, 0x64, 0x6A, 0xAC, 0xE7, 0x72, 0xC6, 0xED, 0x4D, 
-	0x59, 0x98, 0x3E, 0x67, 0x3A, 0xF3, 0x74, 0x2C, 0xF9, 0x61, 
-	0x17, 0x69, 0x02, 0x41, 0x00, 0xC0, 0xC1, 0x82, 0x0D, 0x0C, 
-	0xEB, 0xC6, 0x2F, 0xDC, 0x92, 0xF9, 0x9D, 0x82, 0x1A, 0x31, 
-	0xE9, 0xE9, 0xF7, 0x4B, 0xF2, 0x82, 0x87, 0x1C, 0xEE, 0x16, 
-	0x6A, 0xD1, 0x1D, 0x18, 0x82, 0x70, 0xF3, 0xC0, 0xB6, 0x2F, 
-	0xF6, 0xF3, 0xF7, 0x1D, 0xF1, 0x86, 0x23, 0xC8, 0x4E, 0xEB, 
-	0x8F, 0x56, 0x8E, 0x8F, 0xF5, 0xBF, 0xF1, 0xF7, 0x2B, 0xB5, 
-	0xCC, 0x3D, 0xC6, 0x57, 0x39, 0x0C, 0x1B, 0x54, 0x41, 0x02, 
-	0x41, 0x00, 0x9D, 0x7E, 0x05, 0xDE, 0xED, 0xF4, 0xB7, 0xB2, 
-	0xFB, 0xFC, 0x30, 0x4B, 0x55, 0x1D, 0xE3, 0x2F, 0x01, 0x47, 
-	0x96, 0x69, 0x05, 0xCD, 0x0E, 0x2E, 0x2C, 0xBD, 0x83, 0x63, 
-	0xB6, 0xAB, 0x7C, 0xB7, 0x6D, 0xCA, 0x5B, 0x64, 0xA7, 0xCE, 
-	0xBE, 0x86, 0xDF, 0x3B, 0x53, 0xDE, 0x61, 0xD2, 0x1E, 0xEB, 
-	0xA5, 0xF6, 0x37, 0xED, 0xAC, 0xAB, 0x78, 0xD9, 0x4C, 0xE7, 
-	0x55, 0xFB, 0xD7, 0x11, 0x99, 0xC1, 0x02, 0x40, 0x18, 0x98, 
-	0x18, 0x29, 0xE6, 0x1E, 0x27, 0x39, 0x70, 0x21, 0x68, 0xAC, 
-	0x0A, 0x2F, 0xA1, 0x72, 0xC1, 0x21, 0x86, 0x95, 0x38, 0xC6, 
-	0x58, 0x90, 0xA0, 0x57, 0x9C, 0xBA, 0xE3, 0xA7, 0xB1, 0x15, 
-	0xC8, 0xDE, 0xF6, 0x1B, 0xC2, 0x61, 0x23, 0x76, 0xEF, 0xB0, 
-	0x9D, 0x1C, 0x44, 0xBE, 0x13, 0x43, 0x39, 0x67, 0x17, 0xC8, 
-	0x9D, 0xCA, 0xFB, 0xF5, 0x45, 0x64, 0x8B, 0x38, 0x82, 0x2C, 
-	0xF2, 0x81, 0x02, 0x40, 0x39, 0x89, 0xE5, 0x9C, 0x19, 0x55, 
-	0x30, 0xBA, 0xB7, 0x48, 0x8C, 0x48, 0x14, 0x0E, 0xF4, 0x9F, 
-	0x7E, 0x77, 0x97, 0x43, 0xE1, 0xB4, 0x19, 0x35, 0x31, 0x23, 
-	0x75, 0x9C, 0x3B, 0x44, 0xAD, 0x69, 0x12, 0x56, 0xEE, 0x00, 
-	0x61, 0x64, 0x16, 0x66, 0xD3, 0x7C, 0x74, 0x2B, 0x15, 0xB4, 
-	0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, 
-	0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2
-};
-const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
-
-/* ./certs/1024/client-cert.der, 1024-bit */
-const unsigned char client_cert_der_1024[] =
-{
-	0x30, 0x82, 0x02, 0xEC, 0x30, 0x82, 0x02, 0x55, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x8D, 0x0D, 0xAC, 0xFE, 
-	0xC6, 0x98, 0x45, 0x26, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
-	0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
-	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 
-	0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 
-	0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 
-	0x07, 0x0C, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 
-	0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 
-	0x0C, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 
-	0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 
-	0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 
-	0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 
-	0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 
-	0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 
-	0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 
-	0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 
-	0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, 
-	0x30, 0x31, 0x31, 0x38, 0x32, 0x31, 0x34, 0x32, 0x34, 0x39, 
-	0x5A, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x30, 0x31, 0x35, 0x32, 
-	0x31, 0x34, 0x32, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8E, 0x31, 
-	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
-	0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 
-	0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 
-	0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x08, 
-	0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, 
-	0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x05, 0x79, 
-	0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 
-	0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 
-	0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 
-	0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77, 0x77, 0x77, 
-	0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, 
-	0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 
-	0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 
-	0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 
-	0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 0xEF, 
-	0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 0xB3, 
-	0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 0xD1, 
-	0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 0xCA, 
-	0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 0xC4, 
-	0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 0xBB, 
-	0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 0x39, 
-	0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 0x4D, 
-	0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 0xC9, 
-	0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 0xE8, 
-	0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, 
-	0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, 
-	0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, 
-	0x01, 0x00, 0x01, 0xA3, 0x50, 0x30, 0x4E, 0x30, 0x1D, 0x06, 
-	0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 
-	0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 
-	0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x1F, 
-	0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 
-	0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 
-	0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 
-	0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 
-	0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 
-	0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 
-	0x03, 0x81, 0x81, 0x00, 0x72, 0x66, 0x0F, 0x6A, 0xA1, 0x85, 
-	0x95, 0x06, 0xE6, 0x87, 0x1A, 0xED, 0x2B, 0xDA, 0xED, 0x84, 
-	0x90, 0x89, 0xA6, 0x31, 0x4D, 0x60, 0xF2, 0x7B, 0x63, 0x0C, 
-	0xDC, 0x9B, 0x44, 0x4C, 0xD6, 0x62, 0x41, 0x24, 0x74, 0x30, 
-	0x70, 0x4E, 0x07, 0x10, 0x05, 0x12, 0x5E, 0x14, 0xB3, 0xDD, 
-	0xCF, 0x58, 0x27, 0x93, 0xCF, 0xAA, 0x4F, 0x85, 0x2C, 0x35, 
-	0x0E, 0xFF, 0x5B, 0xA8, 0x6B, 0xB5, 0x95, 0x32, 0xD5, 0xCC, 
-	0x73, 0x68, 0x5B, 0x1B, 0xC4, 0xF8, 0x89, 0x5E, 0x3D, 0xF8, 
-	0x02, 0x39, 0x32, 0x7D, 0x06, 0xA4, 0x32, 0xE9, 0xB3, 0xEF, 
-	0x62, 0xA0, 0x43, 0x5D, 0x4F, 0xFB, 0xCE, 0x3D, 0x08, 0x33, 
-	0xAF, 0x3D, 0x7F, 0x12, 0xCB, 0x8A, 0x5A, 0xC2, 0x63, 0xDB, 
-	0x3E, 0xDD, 0xEA, 0x5B, 0x67, 0x10, 0x49, 0x9F, 0x5B, 0x96, 
-	0x1B, 0x4E, 0x5D, 0xBC, 0x4E, 0x9A, 0x7C, 0x1F, 0xAB, 0x56, 
-	0x47, 0x4A
-};
-const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
-
-/* ./certs/1024/dh1024.der, 1024-bit */
-const unsigned char dh_key_der_1024[] =
-{
-	0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8, 
-	0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16, 
-	0x86, 0x5A, 0x4B, 0x05, 0x76, 0x90, 0xDD, 0x66, 0x61, 0xB9, 
-	0x6D, 0x52, 0xA7, 0x1C, 0xAF, 0x62, 0xC6, 0x69, 0x47, 0x7B, 
-	0x39, 0xF2, 0xFB, 0x94, 0xEC, 0xBC, 0x79, 0xFF, 0x24, 0x5E, 
-	0xEF, 0x79, 0xBB, 0x59, 0xB2, 0xFC, 0xCA, 0x07, 0xD6, 0xF4, 
-	0xE9, 0x34, 0xF7, 0xE8, 0x38, 0xE7, 0xD7, 0x33, 0x44, 0x1D, 
-	0xA3, 0x64, 0x76, 0x1A, 0x84, 0x97, 0x54, 0x74, 0x40, 0x84, 
-	0x1F, 0x15, 0xFE, 0x7C, 0x25, 0x2A, 0x2B, 0x25, 0xFD, 0x9E, 
-	0xC1, 0x89, 0x33, 0x8C, 0x39, 0x25, 0x2B, 0x40, 0xE6, 0xCD, 
-	0xF8, 0xA8, 0xA1, 0x8A, 0x53, 0xC6, 0x47, 0xB2, 0xA0, 0xD7, 
-	0x8F, 0xEB, 0x2E, 0x60, 0x0A, 0x0D, 0x4B, 0xF8, 0xB4, 0x94, 
-	0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, 
-	0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02
-};
-const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
-
-/* ./certs/1024/dsa1024.der, 1024-bit */
-const unsigned char dsa_key_der_1024[] =
-{
-	0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
-	0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE, 
-	0x1E, 0x4E, 0x71, 0x88, 0x85, 0xF2, 0xB7, 0xBA, 0xE2, 0x4A, 
-	0xDA, 0x76, 0x40, 0xCD, 0x69, 0x48, 0x9E, 0x83, 0x7C, 0x11, 
-	0xF7, 0x65, 0x31, 0x78, 0xF5, 0x25, 0x2D, 0xF7, 0xB7, 0xF8, 
-	0x52, 0x3F, 0xBE, 0xD8, 0xB6, 0xC5, 0xFE, 0x18, 0x15, 0x5B, 
-	0xB9, 0xD5, 0x92, 0x86, 0xBC, 0xB2, 0x17, 0x7C, 0xD8, 0xB0, 
-	0xBE, 0xA0, 0x7C, 0xF2, 0xD5, 0x73, 0x7A, 0x58, 0x8F, 0x8D, 
-	0xE5, 0x4A, 0x00, 0x99, 0x83, 0x4A, 0xC0, 0x9E, 0x16, 0x09, 
-	0xA1, 0x10, 0x34, 0xD5, 0x19, 0xBB, 0x63, 0xE3, 0xDD, 0x83, 
-	0x74, 0x7F, 0x10, 0xCA, 0x73, 0x75, 0xEE, 0x31, 0x4A, 0xDD, 
-	0x9F, 0xE0, 0x02, 0x6A, 0x9D, 0xEE, 0xB2, 0x4B, 0xA7, 0x6B, 
-	0x2A, 0x6C, 0xC7, 0x86, 0x77, 0xE8, 0x04, 0x15, 0xDC, 0x92, 
-	0xB4, 0x7A, 0x29, 0x1F, 0x4E, 0x83, 0x63, 0x85, 0x55, 0x02, 
-	0x15, 0x00, 0xD2, 0x05, 0xE4, 0x73, 0xFB, 0xC1, 0x99, 0xC5, 
-	0xDC, 0x68, 0xA4, 0x8D, 0x92, 0x27, 0x3D, 0xE2, 0x52, 0x5F, 
-	0x89, 0x8B, 0x02, 0x81, 0x81, 0x00, 0xAA, 0x21, 0x02, 0x09, 
-	0x43, 0x6E, 0xFB, 0xA2, 0x54, 0x14, 0x85, 0x0A, 0xF4, 0x28, 
-	0x7C, 0xCB, 0xCC, 0xDB, 0xF5, 0x1E, 0xA2, 0x18, 0xA9, 0x21, 
-	0xDE, 0x88, 0x88, 0x33, 0x8C, 0x2E, 0xEB, 0x8D, 0xA3, 0xF0, 
-	0x1D, 0xC8, 0x8F, 0xF6, 0x7E, 0xF8, 0xCF, 0x12, 0xF5, 0xB4, 
-	0xA1, 0x11, 0x6F, 0x0C, 0xD4, 0xF0, 0x06, 0xAD, 0xC4, 0xFC, 
-	0x14, 0x45, 0xC7, 0x94, 0x15, 0xBC, 0x19, 0x4B, 0xAE, 0xEF, 
-	0x93, 0x6A, 0x4F, 0xCC, 0x14, 0xD8, 0x47, 0x8B, 0x39, 0x66, 
-	0x87, 0x02, 0xD4, 0x28, 0x0A, 0xB8, 0xEE, 0x09, 0x37, 0xF4, 
-	0x00, 0xA0, 0x04, 0xA7, 0x79, 0xA7, 0xD2, 0x3C, 0xF7, 0x34, 
-	0x43, 0x56, 0x8E, 0xD0, 0x7C, 0xC2, 0xD8, 0x4D, 0x0F, 0x89, 
-	0xED, 0x14, 0xC1, 0x2C, 0x9C, 0x4C, 0x19, 0x9B, 0x9E, 0xDC, 
-	0x53, 0x09, 0x9F, 0xDF, 0x2D, 0xF0, 0x0C, 0x27, 0x54, 0x3A, 
-	0x77, 0x14, 0x2D, 0xDE, 0x02, 0x81, 0x81, 0x00, 0xE8, 0x1F, 
-	0x7C, 0xB7, 0xC0, 0x54, 0x51, 0xA7, 0x28, 0x2D, 0x58, 0x7C, 
-	0xDE, 0xD4, 0x5C, 0xDD, 0xD5, 0x76, 0x84, 0x3C, 0x36, 0x20, 
-	0xC0, 0xC3, 0x25, 0xD7, 0x3A, 0x38, 0xE1, 0x54, 0xC8, 0xFD, 
-	0x40, 0x68, 0x1A, 0x21, 0x54, 0x26, 0x39, 0x14, 0xBF, 0xF6, 
-	0xA3, 0x9C, 0x5E, 0xD9, 0x2B, 0xF7, 0xC9, 0x25, 0xBA, 0x00, 
-	0x09, 0xCB, 0x7F, 0x0C, 0x4A, 0x24, 0xFD, 0x15, 0x16, 0x15, 
-	0x48, 0xCD, 0x0B, 0x52, 0x44, 0x40, 0x7B, 0x90, 0x63, 0x2B, 
-	0x90, 0x22, 0xC5, 0x18, 0x05, 0x80, 0x53, 0xAF, 0x83, 0x1F, 
-	0x54, 0xE2, 0xB0, 0xA2, 0x0B, 0x5A, 0x92, 0x24, 0xE1, 0x62, 
-	0x28, 0x3F, 0xB7, 0xCA, 0xB9, 0x89, 0xD6, 0xA0, 0xB7, 0xAD, 
-	0xAE, 0x05, 0xE1, 0xC1, 0x59, 0x40, 0xED, 0x4A, 0x1B, 0x68, 
-	0xA7, 0x7B, 0xFB, 0xC3, 0x20, 0x81, 0xEF, 0x4B, 0xF3, 0x69, 
-	0x91, 0xB0, 0xCE, 0x3A, 0xB0, 0x38, 0x02, 0x14, 0x25, 0x38, 
-	0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, 
-	0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18
-};
-const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
-
-/* ./certs/1024/rsa1024.der, 1024-bit */
-const unsigned char rsa_key_der_1024[] =
-{
-	0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
-	0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE, 
-	0x66, 0xD8, 0x90, 0x88, 0xE0, 0xF1, 0xB7, 0xC3, 0xD0, 0xD2, 
-	0x3E, 0xE6, 0x4B, 0x94, 0x74, 0xB0, 0xFF, 0xB0, 0xF7, 0x63, 
-	0xA5, 0xAB, 0x7E, 0xAF, 0xB6, 0x2B, 0xB7, 0x38, 0x16, 0x1A, 
-	0x50, 0xBF, 0xF1, 0xCA, 0x87, 0x3A, 0xD5, 0xB0, 0xDA, 0xF8, 
-	0x43, 0x7A, 0x15, 0xB9, 0x7E, 0xEA, 0x2A, 0x80, 0xD2, 0x51, 
-	0xB0, 0x35, 0xAF, 0x07, 0xF3, 0xF2, 0x5D, 0x24, 0x3A, 0x4B, 
-	0x87, 0x56, 0x48, 0x1B, 0x3C, 0x24, 0x9A, 0xDA, 0x70, 0x80, 
-	0xBD, 0x3C, 0x8B, 0x03, 0x4A, 0x0C, 0x83, 0x71, 0xDE, 0xE3, 
-	0x03, 0x70, 0xA2, 0xB7, 0x60, 0x09, 0x1B, 0x5E, 0xC7, 0x3D, 
-	0xA0, 0x64, 0x60, 0xE3, 0xA9, 0x06, 0x8D, 0xD3, 0xFF, 0x42, 
-	0xBB, 0x0A, 0x94, 0x27, 0x2D, 0x57, 0x42, 0x0D, 0xB0, 0x2D, 
-	0xE0, 0xBA, 0x18, 0x25, 0x60, 0x92, 0x11, 0x92, 0xF3, 0x02, 
-	0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0E, 0xEE, 0x1D, 
-	0xC8, 0x2F, 0x7A, 0x0C, 0x2D, 0x44, 0x94, 0xA7, 0x91, 0xDD, 
-	0x49, 0x55, 0x6A, 0x04, 0xCE, 0x10, 0x4D, 0xA2, 0x1C, 0x76, 
-	0xCD, 0x17, 0x3B, 0x54, 0x92, 0x70, 0x9B, 0x82, 0x70, 0x72, 
-	0x32, 0x24, 0x07, 0x3F, 0x3C, 0x6C, 0x5F, 0xBC, 0x4C, 0xA6, 
-	0x86, 0x27, 0x94, 0xAD, 0x42, 0xDD, 0x87, 0xDC, 0xC0, 0x6B, 
-	0x44, 0x89, 0xF3, 0x3F, 0x1A, 0x3E, 0x11, 0x44, 0x84, 0x2E, 
-	0x69, 0x4C, 0xBB, 0x4A, 0x71, 0x1A, 0xBB, 0x9A, 0x52, 0x3C, 
-	0x6B, 0xDE, 0xBC, 0xB2, 0x7C, 0x51, 0xEF, 0x4F, 0x8F, 0x3A, 
-	0xDC, 0x50, 0x04, 0x4E, 0xB6, 0x31, 0x66, 0xA8, 0x8E, 0x06, 
-	0x3B, 0x51, 0xA9, 0xC1, 0x8A, 0xCB, 0xC4, 0x81, 0xCA, 0x2D, 
-	0x69, 0xEC, 0x88, 0xFC, 0x33, 0x88, 0xD1, 0xD4, 0x29, 0x47, 
-	0x87, 0x37, 0xF9, 0x6A, 0x22, 0x69, 0xB9, 0xC9, 0xFE, 0xEB, 
-	0x8C, 0xC5, 0x21, 0x41, 0x71, 0x02, 0x41, 0x00, 0xFD, 0x17, 
-	0x98, 0x42, 0x54, 0x1C, 0x23, 0xF8, 0xD7, 0x5D, 0xEF, 0x49, 
-	0x4F, 0xAF, 0xD9, 0x35, 0x6F, 0x08, 0xC6, 0xC7, 0x40, 0x5C, 
-	0x7E, 0x58, 0x86, 0xC2, 0xB2, 0x16, 0x39, 0x24, 0xC5, 0x06, 
-	0xB0, 0x3D, 0xAF, 0x02, 0xD2, 0x87, 0x77, 0xD2, 0x76, 0xBA, 
-	0xE3, 0x59, 0x60, 0x42, 0xF1, 0x16, 0xEF, 0x33, 0x0B, 0xF2, 
-	0x0B, 0xBA, 0x99, 0xCC, 0xB6, 0x4C, 0x46, 0x3F, 0x33, 0xE4, 
-	0xD4, 0x67, 0x02, 0x41, 0x00, 0xC0, 0xA0, 0x91, 0x6D, 0xFE, 
-	0x28, 0xE0, 0x81, 0x5A, 0x15, 0xA7, 0xC9, 0xA8, 0x98, 0xC6, 
-	0x0A, 0xAB, 0x00, 0xC5, 0x40, 0xC9, 0x21, 0xBB, 0xB2, 0x33, 
-	0x5A, 0xA7, 0xCB, 0x6E, 0xB8, 0x08, 0x56, 0x4A, 0x76, 0x28, 
-	0xE8, 0x6D, 0xBD, 0xF5, 0x26, 0x7B, 0xBF, 0xC5, 0x46, 0x45, 
-	0x0D, 0xEC, 0x7D, 0xEE, 0x82, 0xD6, 0xCA, 0x5F, 0x3D, 0x6E, 
-	0xCC, 0x94, 0x73, 0xCD, 0xCE, 0x86, 0x6E, 0x95, 0x95, 0x02, 
-	0x40, 0x38, 0xFD, 0x28, 0x1E, 0xBF, 0x5B, 0xBA, 0xC9, 0xDC, 
-	0x8C, 0xDD, 0x45, 0xAF, 0xB8, 0xD3, 0xFB, 0x11, 0x2E, 0x73, 
-	0xBC, 0x08, 0x05, 0x0B, 0xBA, 0x19, 0x56, 0x1B, 0xCD, 0x9F, 
-	0x3E, 0x65, 0x53, 0x15, 0x3A, 0x3E, 0x7F, 0x2F, 0x32, 0xAB, 
-	0xCB, 0x6B, 0x4A, 0xB7, 0xC8, 0xB7, 0x41, 0x3B, 0x92, 0x43, 
-	0x78, 0x46, 0x17, 0x51, 0x86, 0xC9, 0xFC, 0xEB, 0x8B, 0x8F, 
-	0x41, 0xCA, 0x08, 0x9B, 0xBF, 0x02, 0x41, 0x00, 0xAD, 0x9B, 
-	0x89, 0xB6, 0xF2, 0x8C, 0x70, 0xDA, 0xE4, 0x10, 0x04, 0x6B, 
-	0x11, 0x92, 0xAF, 0x5A, 0xCA, 0x08, 0x25, 0xBF, 0x60, 0x07, 
-	0x11, 0x1D, 0x68, 0x7F, 0x5A, 0x1F, 0x55, 0x28, 0x74, 0x0B, 
-	0x21, 0x8D, 0x21, 0x0D, 0x6A, 0x6A, 0xFB, 0xD9, 0xB5, 0x4A, 
-	0x7F, 0x47, 0xF7, 0xD0, 0xB6, 0xC6, 0x41, 0x02, 0x97, 0x07, 
-	0x49, 0x93, 0x1A, 0x9B, 0x33, 0x68, 0xB3, 0xA2, 0x61, 0x32, 
-	0xA5, 0x89, 0x02, 0x41, 0x00, 0x8F, 0xEF, 0xAD, 0xB5, 0xB0, 
-	0xB0, 0x7E, 0x86, 0x03, 0x43, 0x93, 0x6E, 0xDD, 0x3C, 0x2D, 
-	0x9B, 0x6A, 0x55, 0xFF, 0x6F, 0x3E, 0x70, 0x2A, 0xD4, 0xBF, 
-	0x1F, 0x8C, 0x93, 0x60, 0x9E, 0x6D, 0x2F, 0x18, 0x6C, 0x11, 
-	0x36, 0x98, 0x3F, 0x10, 0x78, 0xE8, 0x3E, 0x8F, 0xFE, 0x55, 
-	0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, 
-	0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3
-};
-const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
-
-#elif defined(USE_CERT_BUFFERS_2048)
-
-/* ./certs/client-key.der, 2048-bit */
-const unsigned char client_key_der_2048[] =
-{
-	0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
-	0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, 
-	0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, 
-	0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 
-	0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 
-	0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 
-	0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 
-	0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 
-	0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 
-	0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 
-	0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 
-	0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 
-	0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 
-	0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, 
-	0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, 
-	0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 
-	0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 
-	0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 
-	0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, 
-	0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, 
-	0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 
-	0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 
-	0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 
-	0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 
-	0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 
-	0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, 
-	0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, 
-	0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, 
-	0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, 
-	0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, 
-	0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, 
-	0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, 
-	0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, 
-	0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, 
-	0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, 
-	0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, 
-	0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, 
-	0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, 
-	0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, 
-	0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, 
-	0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, 
-	0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, 
-	0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, 
-	0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, 
-	0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, 
-	0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, 
-	0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, 
-	0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, 
-	0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, 
-	0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, 
-	0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, 
-	0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, 
-	0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, 
-	0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, 
-	0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, 
-	0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, 
-	0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, 
-	0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, 
-	0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, 
-	0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, 
-	0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, 
-	0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, 
-	0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, 
-	0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, 
-	0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, 
-	0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, 
-	0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, 
-	0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, 
-	0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, 
-	0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, 
-	0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, 
-	0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, 
-	0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, 
-	0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, 
-	0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, 
-	0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, 
-	0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, 
-	0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, 
-	0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, 
-	0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, 
-	0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, 
-	0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, 
-	0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, 
-	0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, 
-	0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, 
-	0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, 
-	0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, 
-	0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, 
-	0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, 
-	0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, 
-	0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, 
-	0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, 
-	0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, 
-	0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, 
-	0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, 
-	0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, 
-	0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, 
-	0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, 
-	0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, 
-	0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, 
-	0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, 
-	0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, 
-	0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, 
-	0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, 
-	0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, 
-	0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, 
-	0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, 
-	0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, 
-	0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, 
-	0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, 
-	0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, 
-	0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, 
-	0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, 
-	0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, 
-	0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, 
-	0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, 
-	0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, 
-	0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, 
-	0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, 
-	0xF5, 0xBF
-};
-const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
-
-/* ./certs/client-cert.der, 2048-bit */
-const unsigned char client_cert_der_2048[] =
-{
-	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB6, 0x63, 0xAF, 0x8F, 
-	0x5D, 0x62, 0x57, 0xA0, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
-	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
-	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
-	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
-	0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 
-	0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 
-	0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 
-	0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 
-	0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 
-	0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 
-	0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
-	0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 
-	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 
-	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
-	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
-	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x31, 0x31, 
-	0x31, 0x37, 0x33, 0x39, 0x34, 0x34, 0x5A, 0x17, 0x0D, 0x31, 
-	0x37, 0x30, 0x34, 0x30, 0x36, 0x31, 0x37, 0x33, 0x39, 0x34, 
-	0x34, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
-	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
-	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
-	0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 
-	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
-	0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 
-	0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 
-	0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 
-	0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
-	0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 
-	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 
-	0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 
-	0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 
-	0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 
-	0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 
-	0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 
-	0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 
-	0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 
-	0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 
-	0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 
-	0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 
-	0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 
-	0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 
-	0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 
-	0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 
-	0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 
-	0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 
-	0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 
-	0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 
-	0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 
-	0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 
-	0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 
-	0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 
-	0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 
-	0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 
-	0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 
-	0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 
-	0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 
-	0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 
-	0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 
-	0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 
-	0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 
-	0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 
-	0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 
-	0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 
-	0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 
-	0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 
-	0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 
-	0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 
-	0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 
-	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
-	0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
-	0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 
-	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 
-	0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 
-	0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 
-	0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 
-	0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 
-	0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 
-	0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 
-	0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 
-	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
-	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
-	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
-	0xB6, 0x63, 0xAF, 0x8F, 0x5D, 0x62, 0x57, 0xA0, 0x30, 0x0C, 
-	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
-	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 
-	0x01, 0x00, 0x85, 0x10, 0x90, 0xC5, 0x5D, 0xDE, 0x25, 0x8C, 
-	0xF2, 0x57, 0x7B, 0x2D, 0x14, 0x1C, 0x05, 0xF9, 0x71, 0x63, 
-	0x40, 0xB0, 0xE3, 0xC1, 0xC1, 0x2E, 0x13, 0x2A, 0x7A, 0xB7, 
-	0xD6, 0x24, 0x58, 0x87, 0xEB, 0x03, 0xFB, 0x0D, 0xAF, 0xE0, 
-	0xF4, 0xD0, 0xC8, 0xBC, 0x51, 0x36, 0x10, 0x4F, 0x79, 0xCC, 
-	0x4F, 0x66, 0x7D, 0xAF, 0x99, 0xCB, 0x7B, 0xCE, 0x68, 0x94, 
-	0xC6, 0x36, 0xAA, 0x42, 0x6E, 0x8C, 0x78, 0x5B, 0xB2, 0x85, 
-	0xCA, 0xD1, 0xE1, 0xA8, 0x31, 0xD1, 0x81, 0xD9, 0xF9, 0xC1, 
-	0xA3, 0x9E, 0x34, 0x43, 0xEF, 0x0A, 0x79, 0x7D, 0x3E, 0x83, 
-	0x61, 0xFC, 0x14, 0x5C, 0xD1, 0xDD, 0xBC, 0x0E, 0xD7, 0x51, 
-	0xB7, 0x71, 0x6E, 0x41, 0x7E, 0x8B, 0x2C, 0x5A, 0x9A, 0xCB, 
-	0x77, 0x4B, 0x6A, 0xF5, 0x06, 0xFF, 0x02, 0xAF, 0x1E, 0xE6, 
-	0x63, 0x4F, 0xBC, 0x44, 0xD9, 0x3F, 0x56, 0x9E, 0x09, 0x9C, 
-	0x43, 0xF9, 0x55, 0x21, 0x32, 0x46, 0x82, 0x09, 0x86, 0xA9, 
-	0x7B, 0x74, 0x1C, 0x9E, 0x5A, 0x2A, 0xBF, 0x03, 0x79, 0x91, 
-	0xCB, 0xF2, 0x29, 0x7F, 0xC9, 0x15, 0x82, 0x89, 0xB9, 0x53, 
-	0xCD, 0x7E, 0x07, 0x90, 0xA9, 0x5D, 0x76, 0xE1, 0x19, 0x5E, 
-	0x0D, 0x58, 0xB8, 0x59, 0xD5, 0x0D, 0xDF, 0x23, 0xAB, 0x6B, 
-	0x63, 0x76, 0x19, 0x9E, 0x9C, 0xDF, 0xB0, 0x57, 0x49, 0x6C, 
-	0xD0, 0x86, 0x97, 0xC3, 0x6C, 0x3C, 0xFA, 0xE0, 0x56, 0xC2, 
-	0x1B, 0xE3, 0xA1, 0x42, 0x1A, 0x58, 0x62, 0x85, 0x9D, 0x74, 
-	0x19, 0x83, 0x08, 0xAF, 0x59, 0x90, 0xF8, 0x99, 0xBD, 0x67, 
-	0xD3, 0x4A, 0xEA, 0x0E, 0xC9, 0xCA, 0x61, 0x8A, 0x0D, 0x8A, 
-	0x42, 0xCC, 0x90, 0xE9, 0x2E, 0xC2, 0x54, 0x73, 0x7F, 0x5E, 
-	0xAF, 0x8D, 0xE2, 0x32, 0xCB, 0x45, 0x20, 0xD6, 0x19, 0x4D, 
-	0x5B, 0x77, 0x31, 0xCC, 0x0F, 0x2D, 0xC0, 0x7E
-};
-const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
-
-/* ./certs/dh2048.der, 2048-bit */
-const unsigned char dh_key_der_2048[] =
-{
-	0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, 
-	0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 
-	0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, 
-	0xEF, 0x4A, 0xC6, 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, 
-	0x0A, 0x5C, 0x91, 0xDD, 0xA2, 0xC2, 0x94, 0x84, 0xBF, 0x7D, 
-	0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, 0xC5, 0xBE, 0x72, 
-	0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, 0x85, 
-	0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, 
-	0x3D, 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, 
-	0xD1, 0x17, 0x46, 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, 
-	0x39, 0x6D, 0x30, 0x8D, 0x2A, 0xF3, 0x94, 0xD3, 0x75, 0xCF, 
-	0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, 0x70, 0x05, 0xAA, 
-	0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, 0x50, 
-	0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, 
-	0xAE, 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, 
-	0x12, 0x7E, 0x5A, 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, 
-	0xCC, 0x16, 0x30, 0xDB, 0x0C, 0xFC, 0xC5, 0x62, 0xA7, 0x35, 
-	0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, 0xF6, 0xD9, 0xC9, 
-	0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, 0x6C, 
-	0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, 
-	0x48, 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, 
-	0x30, 0x07, 0x48, 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, 
-	0xE3, 0x48, 0xD3, 0x58, 0x4B, 0xA6, 0xB9, 0xCD, 0x29, 0xBF, 
-	0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, 0x5C, 0x6B, 0xD6, 
-	0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, 0xBB, 
-	0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 
-	0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02
-};
-const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
-
-/* ./certs/dsa2048.der, 2048-bit */
-const unsigned char dsa_key_der_2048[] =
-{
-	0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
-	0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C, 
-	0xDA, 0x52, 0xDF, 0xC7, 0xC0, 0xE6, 0x06, 0xA4, 0x3E, 0x8A, 
-	0x66, 0x49, 0xD0, 0x59, 0x33, 0x51, 0x69, 0xC4, 0x9C, 0x5E, 
-	0x64, 0x85, 0xC7, 0xF1, 0xAB, 0xD5, 0xD9, 0x62, 0xAC, 0xFD, 
-	0xA1, 0xE0, 0x1B, 0x57, 0xFF, 0x96, 0xEF, 0x0C, 0x9F, 0xC8, 
-	0x44, 0x87, 0xEB, 0x5C, 0x91, 0xD0, 0x46, 0x42, 0x09, 0x50, 
-	0x6A, 0x23, 0xCB, 0x89, 0x6F, 0x55, 0xE9, 0x6A, 0x11, 0xA9, 
-	0xA8, 0x32, 0xAB, 0x33, 0x0D, 0x51, 0xB5, 0x79, 0x51, 0xB4, 
-	0xAB, 0xA2, 0x25, 0x11, 0x8D, 0xE5, 0x24, 0xBE, 0xD8, 0xF1, 
-	0x9D, 0x4E, 0x12, 0x6F, 0xAC, 0x44, 0x54, 0x80, 0xA9, 0xB4, 
-	0x81, 0x68, 0x4E, 0x44, 0x0E, 0xB8, 0x39, 0xF3, 0xBE, 0x83, 
-	0x08, 0x74, 0xA2, 0xC6, 0x7A, 0xD7, 0x6A, 0x7D, 0x0A, 0x88, 
-	0x57, 0x83, 0x48, 0xDC, 0xCF, 0x5E, 0x6F, 0xEE, 0x68, 0x0C, 
-	0xF7, 0xFF, 0x03, 0x04, 0x90, 0xAA, 0xF7, 0x07, 0x98, 0xF8, 
-	0x67, 0x5A, 0x83, 0x23, 0x66, 0x47, 0x60, 0xC3, 0x43, 0x6E, 
-	0x03, 0x91, 0xAC, 0x28, 0x66, 0xCB, 0xF0, 0xD3, 0x05, 0xC8, 
-	0x09, 0x97, 0xB5, 0xAE, 0x01, 0x5E, 0x80, 0x3B, 0x9D, 0x4F, 
-	0xDE, 0x3E, 0x94, 0xFE, 0xCB, 0x82, 0xB0, 0xB1, 0xFC, 0x91, 
-	0x8B, 0x1D, 0x8A, 0xEE, 0xC6, 0x06, 0x1F, 0x37, 0x91, 0x48, 
-	0xD2, 0xF8, 0x6C, 0x5D, 0x60, 0x13, 0x83, 0xA7, 0x81, 0xAC, 
-	0xCA, 0x8D, 0xD0, 0x6A, 0x04, 0x0A, 0xEA, 0x3E, 0x22, 0x4E, 
-	0x13, 0xF1, 0x0D, 0xBB, 0x60, 0x6B, 0xCD, 0xBC, 0x5C, 0x87, 
-	0xA3, 0x67, 0x2B, 0x42, 0xA1, 0x9F, 0xCD, 0x39, 0x58, 0xBE, 
-	0x55, 0xB1, 0x93, 0x84, 0xCE, 0xB2, 0x10, 0x4E, 0xE4, 0xC3, 
-	0x9F, 0xB2, 0x53, 0x61, 0x01, 0x29, 0xAA, 0x96, 0xCB, 0x20, 
-	0x60, 0x42, 0x1D, 0xBA, 0x75, 0x4B, 0x63, 0xC1, 0x02, 0x15, 
-	0x00, 0xE7, 0xA5, 0x39, 0xD4, 0x6A, 0x37, 0x5E, 0x95, 0x06, 
-	0x39, 0x07, 0x77, 0x0A, 0xEB, 0xA0, 0x03, 0xEB, 0x78, 0x82, 
-	0x9B, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD4, 0x4C, 0x71, 
-	0x2F, 0xEC, 0xFA, 0x32, 0xB2, 0x80, 0x7E, 0x61, 0x4A, 0x6B, 
-	0x5F, 0x18, 0x76, 0x43, 0xC3, 0x69, 0xBA, 0x41, 0xC7, 0xA7, 
-	0x1D, 0x79, 0x01, 0xEC, 0xAF, 0x34, 0x87, 0x67, 0x4F, 0x29, 
-	0x80, 0xA8, 0x3B, 0x87, 0xF6, 0xE8, 0xA1, 0xE8, 0xCD, 0x1B, 
-	0x1C, 0x86, 0x38, 0xF6, 0xD1, 0x0C, 0x46, 0x2E, 0xC8, 0xE0, 
-	0xC9, 0x30, 0x26, 0xD5, 0x2C, 0x7F, 0xC1, 0x08, 0xBF, 0xCC, 
-	0x5A, 0x82, 0x8E, 0xD4, 0xD4, 0x49, 0xAA, 0xA2, 0xFA, 0xE6, 
-	0xC1, 0x9D, 0xF0, 0xD9, 0x96, 0xB0, 0xFF, 0x0C, 0x5B, 0x33, 
-	0x8E, 0x06, 0xDD, 0x9D, 0x28, 0xA9, 0xE9, 0x80, 0x41, 0x3B, 
-	0xD8, 0x7A, 0x94, 0x21, 0x8F, 0x56, 0xF1, 0xA2, 0xB4, 0x2B, 
-	0x89, 0x1C, 0x74, 0xFF, 0x7E, 0x91, 0xDC, 0x1F, 0x91, 0x13, 
-	0x98, 0xAF, 0xC7, 0x06, 0xD2, 0x4C, 0x90, 0xA2, 0xBD, 0xDA, 
-	0x16, 0xBA, 0x65, 0xB0, 0x2D, 0x68, 0x87, 0x3C, 0x6E, 0x25, 
-	0x8D, 0x90, 0xC7, 0xBC, 0x0D, 0xA9, 0x43, 0x03, 0xC9, 0xBE, 
-	0xCF, 0x85, 0x6F, 0xDB, 0x07, 0x7B, 0x8C, 0xF8, 0xB1, 0xC2, 
-	0x49, 0x10, 0x69, 0x63, 0x56, 0x37, 0xC5, 0x30, 0xD2, 0xFB, 
-	0x71, 0x9A, 0xE8, 0x82, 0x07, 0x2E, 0x3E, 0x95, 0x50, 0xF3, 
-	0x73, 0xCF, 0x34, 0x5B, 0xD5, 0xAB, 0x02, 0x15, 0xF2, 0xCC, 
-	0xD7, 0x52, 0xC5, 0x28, 0xD8, 0x41, 0x19, 0x55, 0x6F, 0xB8, 
-	0x5F, 0xF1, 0x99, 0xB3, 0xC7, 0xD9, 0xB3, 0x71, 0xF4, 0x2D, 
-	0xDF, 0x22, 0x59, 0x35, 0x86, 0xDB, 0x39, 0xCA, 0x1B, 0x4D, 
-	0x35, 0x90, 0x19, 0x6B, 0x31, 0xE3, 0xC8, 0xC6, 0x09, 0xBF, 
-	0x7C, 0xED, 0x01, 0xB4, 0xB2, 0xF5, 0x6E, 0xDA, 0x63, 0x41, 
-	0x3C, 0xE6, 0x3A, 0x72, 0x2D, 0x65, 0x48, 0xF6, 0x07, 0xCD, 
-	0x92, 0x84, 0x8B, 0x1D, 0xA7, 0x31, 0x6B, 0xD6, 0xF0, 0xFB, 
-	0xD9, 0xF4, 0x02, 0x82, 0x01, 0x00, 0x66, 0x4B, 0xBB, 0xB7, 
-	0xC9, 0x48, 0x95, 0x0D, 0x5A, 0xA6, 0x2D, 0xA1, 0x7F, 0xDF, 
-	0x1F, 0x67, 0x6D, 0xED, 0x52, 0x4B, 0x16, 0x6C, 0x17, 0xC6, 
-	0xAE, 0xF8, 0x6A, 0xC4, 0x57, 0xED, 0x2F, 0xB3, 0xF0, 0x2A, 
-	0x55, 0xAB, 0xBA, 0xCA, 0xEA, 0x17, 0xE8, 0x35, 0x7C, 0xE5, 
-	0x31, 0x0D, 0x4A, 0x95, 0xFC, 0x43, 0x6F, 0x97, 0x3C, 0x5C, 
-	0x67, 0xAC, 0xBE, 0x67, 0x7F, 0xE9, 0x4E, 0xAA, 0x48, 0xB3, 
-	0x92, 0xA1, 0x76, 0x75, 0xEA, 0x04, 0x34, 0x7F, 0x87, 0x33, 
-	0x2D, 0x24, 0xB6, 0x29, 0x97, 0xE3, 0x04, 0x77, 0x93, 0x89, 
-	0x13, 0xDB, 0x1B, 0x93, 0xB8, 0x2C, 0x90, 0x1A, 0x09, 0x3B, 
-	0x26, 0xD9, 0x59, 0xF3, 0x2A, 0x09, 0x58, 0xDC, 0xAC, 0x25, 
-	0xB4, 0xA9, 0x45, 0x3B, 0xA2, 0x3A, 0x6C, 0x61, 0x84, 0xBF, 
-	0x68, 0xD4, 0xEA, 0x9B, 0xC5, 0x29, 0x48, 0x60, 0x15, 0x10, 
-	0x35, 0x2C, 0x44, 0x1D, 0xB5, 0x9A, 0xEE, 0xAC, 0xC1, 0x68, 
-	0xE8, 0x47, 0xB7, 0x41, 0x34, 0x39, 0x9A, 0xF8, 0xA5, 0x20, 
-	0xE9, 0x24, 0xC4, 0x2C, 0x58, 0x3F, 0x4C, 0x41, 0x30, 0x3A, 
-	0x14, 0x6E, 0x8D, 0xEA, 0xAD, 0xBA, 0x9B, 0x43, 0xD3, 0x98, 
-	0x2F, 0x83, 0xD8, 0x14, 0x67, 0xE8, 0xF8, 0xD5, 0x4F, 0xAC, 
-	0xE0, 0x3B, 0xBF, 0xA7, 0x54, 0x16, 0x5E, 0x49, 0x64, 0x26, 
-	0x54, 0xA4, 0x6B, 0x69, 0x7C, 0xBA, 0x8A, 0x83, 0xD9, 0x2E, 
-	0x65, 0x0A, 0xA2, 0x27, 0xEF, 0x99, 0x99, 0x08, 0xD7, 0xB5, 
-	0x9F, 0xA0, 0x01, 0xEF, 0x7E, 0x17, 0xBF, 0x83, 0x6B, 0x2E, 
-	0xDD, 0xC0, 0x39, 0x38, 0x23, 0x68, 0xB4, 0x76, 0x6B, 0xE5, 
-	0xCA, 0xF7, 0x7C, 0xEE, 0xC0, 0x52, 0xE2, 0xDD, 0xAD, 0x59, 
-	0x3A, 0x42, 0x06, 0x45, 0xB0, 0xC7, 0xC1, 0x77, 0x05, 0xB2, 
-	0x0C, 0x32, 0x40, 0x46, 0xAA, 0xDA, 0x79, 0x77, 0x04, 0x71, 
-	0xDF, 0x7A, 0x02, 0x15, 0x00, 0x98, 0xEE, 0xB9, 0x51, 0x37, 
-	0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, 
-	0x00, 0xCB, 0x62, 0x6D, 0x9A
-};
-const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
-
-/* ./certs/rsa2048.der, 2048-bit */
-const unsigned char rsa_key_der_2048[] =
-{
-	0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
-	0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9, 
-	0x59, 0xA2, 0xDA, 0xAF, 0x74, 0xC8, 0xC9, 0x03, 0x26, 0x38, 
-	0xFA, 0x48, 0xFC, 0x4D, 0x30, 0x6E, 0xEA, 0x76, 0x89, 0xCE, 
-	0x4F, 0xF6, 0x87, 0xDE, 0x32, 0x3A, 0x46, 0x6E, 0x38, 0x12, 
-	0x58, 0x37, 0x22, 0x0D, 0x80, 0xAC, 0x2D, 0xAF, 0x2F, 0x12, 
-	0x3E, 0x62, 0x73, 0x60, 0x66, 0x68, 0x90, 0xB2, 0x6F, 0x47, 
-	0x17, 0x04, 0x2B, 0xCA, 0xB7, 0x26, 0xB7, 0x10, 0xC2, 0x13, 
-	0xF9, 0x7A, 0x62, 0x0A, 0x93, 0x32, 0x90, 0x42, 0x0D, 0x16, 
-	0x2E, 0xFA, 0xD7, 0x29, 0xD7, 0x9F, 0x54, 0xE4, 0xFC, 0x65, 
-	0x74, 0xF8, 0xF6, 0x43, 0x6B, 0x4E, 0x9E, 0x34, 0x7F, 0xCB, 
-	0x6B, 0x1C, 0x1A, 0xDE, 0x82, 0x81, 0xBF, 0x08, 0x5D, 0x3F, 
-	0xC0, 0xB6, 0xB1, 0xA8, 0xA5, 0x9C, 0x81, 0x70, 0xA7, 0x4E, 
-	0x32, 0x87, 0x15, 0x1C, 0x78, 0x0E, 0xF0, 0x18, 0xFE, 0xEB, 
-	0x4B, 0x37, 0x2B, 0xE9, 0xE1, 0xF7, 0xFA, 0x51, 0xC6, 0x58, 
-	0xB9, 0xD8, 0x06, 0x03, 0xED, 0xC0, 0x03, 0x18, 0x55, 0x8B, 
-	0x98, 0xFE, 0xB1, 0xF6, 0xD0, 0x3D, 0xFA, 0x63, 0xC0, 0x38, 
-	0x19, 0xC7, 0x00, 0xEF, 0x4D, 0x99, 0x60, 0xB4, 0xBA, 0xCE, 
-	0xE3, 0xCE, 0xD9, 0x6B, 0x2D, 0x76, 0x94, 0xFF, 0xFB, 0x77, 
-	0x18, 0x4A, 0xFE, 0x65, 0xF0, 0x0A, 0x91, 0x5C, 0x3B, 0x22, 
-	0x94, 0x85, 0xD0, 0x20, 0x18, 0x59, 0x2E, 0xA5, 0x33, 0x03, 
-	0xAC, 0x1B, 0x5F, 0x78, 0x32, 0x11, 0x25, 0xEE, 0x7F, 0x96, 
-	0x21, 0xA9, 0xD6, 0x76, 0x97, 0x8D, 0x66, 0x7E, 0xB2, 0x91, 
-	0xD0, 0x36, 0x2E, 0xA3, 0x1D, 0xBF, 0xF1, 0x85, 0xED, 0xC0, 
-	0x3E, 0x60, 0xB8, 0x5A, 0x9F, 0xAB, 0x80, 0xE0, 0xEA, 0x5D, 
-	0x5F, 0x75, 0x56, 0xC7, 0x4D, 0x51, 0x8E, 0xD4, 0x1F, 0x34, 
-	0xA6, 0x36, 0xF1, 0x30, 0x1F, 0x51, 0x99, 0x2F, 0x02, 0x03, 
-	0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x52, 0x11, 0x33, 
-	0x40, 0xC5, 0xD9, 0x64, 0x65, 0xB5, 0xE0, 0x0A, 0xA5, 0x19, 
-	0x8E, 0xED, 0x44, 0x54, 0x0C, 0x35, 0xB7, 0xAC, 0x21, 0x9B, 
-	0xE1, 0x7E, 0x37, 0x05, 0x9A, 0x20, 0x73, 0x6B, 0xAF, 0x63, 
-	0x4B, 0x23, 0x30, 0xDC, 0x37, 0x66, 0x14, 0x89, 0xBC, 0xE0, 
-	0xF8, 0xA0, 0x5D, 0x2D, 0x57, 0x65, 0xE0, 0xC6, 0xD6, 0x9B, 
-	0x66, 0x27, 0x62, 0xEC, 0xC3, 0xB8, 0x8C, 0xD8, 0xAE, 0xB5, 
-	0xC9, 0xBF, 0x0E, 0xFE, 0x84, 0x72, 0x68, 0xD5, 0x47, 0x0E, 
-	0x0E, 0xF8, 0xAE, 0x9D, 0x56, 0xAC, 0x4F, 0xAD, 0x88, 0xA0, 
-	0xA2, 0xF6, 0xFC, 0x38, 0xCD, 0x96, 0x5B, 0x5E, 0x7E, 0xB6, 
-	0x98, 0xBB, 0xF3, 0x8A, 0xEC, 0xFA, 0xC8, 0xB7, 0x90, 0x75, 
-	0xA0, 0x0E, 0x77, 0x6B, 0xFD, 0x59, 0x45, 0x5A, 0x0C, 0xFF, 
-	0x95, 0x8D, 0xCE, 0xFE, 0x9B, 0xF6, 0x19, 0x8E, 0x0B, 0xA1, 
-	0x0C, 0xEE, 0xC6, 0x79, 0xDD, 0x9D, 0x61, 0x85, 0x5C, 0x19, 
-	0x6C, 0x47, 0xCC, 0x08, 0xFF, 0xA5, 0x62, 0xDB, 0xE4, 0x2D, 
-	0x2D, 0xDD, 0x14, 0x67, 0xD6, 0x4A, 0x64, 0x2A, 0x66, 0x49, 
-	0x54, 0x9C, 0xE3, 0x85, 0x18, 0xE7, 0x31, 0x42, 0xE2, 0xD0, 
-	0x2C, 0x20, 0xA0, 0x74, 0x0F, 0x1F, 0x20, 0x89, 0xBA, 0xAB, 
-	0x80, 0xD8, 0x38, 0xD9, 0x46, 0x69, 0xBB, 0xEF, 0xCC, 0x8B, 
-	0xA1, 0x73, 0xA7, 0xF2, 0xE4, 0x38, 0x5D, 0xD6, 0x75, 0x9F, 
-	0x88, 0x0E, 0x56, 0xCD, 0xD8, 0x84, 0x59, 0x29, 0x73, 0xF5, 
-	0xA1, 0x79, 0xDA, 0x7A, 0x1F, 0xBF, 0x73, 0x83, 0xC0, 0x6D, 
-	0x9F, 0x8B, 0x34, 0x15, 0xC0, 0x6D, 0x69, 0x6A, 0x20, 0xE6, 
-	0x51, 0xCF, 0x45, 0x6E, 0xCC, 0x05, 0xC4, 0x3A, 0xC0, 0x9E, 
-	0xAA, 0xC1, 0x06, 0x2F, 0xAB, 0x99, 0x30, 0xE1, 0x6E, 0x9D, 
-	0x45, 0x7A, 0xFF, 0xA9, 0xCE, 0x70, 0xB8, 0x16, 0x1A, 0x0E, 
-	0x20, 0xFA, 0xC1, 0x02, 0x81, 0x81, 0x00, 0xFF, 0x30, 0x11, 
-	0xC2, 0x3C, 0x6B, 0xB4, 0xD6, 0x9E, 0x6B, 0xC1, 0x93, 0xD1, 
-	0x48, 0xCE, 0x80, 0x2D, 0xBE, 0xAF, 0xF7, 0xBA, 0xB2, 0xD7, 
-	0xC3, 0xC4, 0x53, 0x6E, 0x15, 0x02, 0xAA, 0x61, 0xB9, 0xEA, 
-	0x05, 0x9B, 0x79, 0x67, 0x0B, 0xCE, 0xD9, 0xFB, 0x98, 0x8C, 
-	0x1D, 0x6B, 0xF4, 0x5A, 0xA7, 0xA0, 0x5E, 0x54, 0x18, 0xE9, 
-	0x31, 0x44, 0x7C, 0xC7, 0x52, 0xD8, 0x6D, 0xA0, 0x3E, 0xD6, 
-	0x14, 0x2D, 0x7B, 0x15, 0x9D, 0x1E, 0x39, 0x87, 0x96, 0xDD, 
-	0xA8, 0x33, 0x55, 0x2A, 0x8E, 0x32, 0xC0, 0xC4, 0xE5, 0xB8, 
-	0xCB, 0xCD, 0x32, 0x8D, 0xAD, 0x7B, 0xE5, 0xC6, 0x7E, 0x4D, 
-	0x6F, 0xF3, 0xA4, 0xC5, 0xA6, 0x40, 0xBE, 0x90, 0x3A, 0x33, 
-	0x6A, 0x24, 0xB2, 0x80, 0x81, 0x12, 0xAC, 0xE3, 0x7B, 0x26, 
-	0x63, 0xCF, 0x88, 0xB9, 0xFF, 0x74, 0x23, 0x37, 0x52, 0xF0, 
-	0xC4, 0x27, 0x5D, 0x45, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xEA, 
-	0x48, 0xA7, 0xDD, 0x73, 0x41, 0x56, 0x21, 0x15, 0xF7, 0x42, 
-	0x45, 0x4D, 0xA9, 0xE1, 0x66, 0x5B, 0xBD, 0x25, 0x7D, 0xF7, 
-	0xA8, 0x65, 0x13, 0xAE, 0x2D, 0x38, 0x11, 0xCD, 0x93, 0xFC, 
-	0x30, 0xA3, 0x2C, 0x44, 0xBB, 0xCF, 0xD0, 0x21, 0x8F, 0xFB, 
-	0xC1, 0xF9, 0xAD, 0x1D, 0xEE, 0x96, 0xCF, 0x97, 0x49, 0x60, 
-	0x53, 0x80, 0xA5, 0xA2, 0xF8, 0xEE, 0xB9, 0xD5, 0x77, 0x44, 
-	0xDD, 0xFD, 0x19, 0x2A, 0xF1, 0x81, 0xF4, 0xD9, 0x3C, 0xEC, 
-	0x73, 0xD0, 0x2A, 0xD8, 0x3C, 0x27, 0x87, 0x79, 0x12, 0x86, 
-	0xE7, 0x57, 0x0C, 0x59, 0xD1, 0x44, 0x55, 0xAE, 0xC3, 0x4D, 
-	0x42, 0xAD, 0xA9, 0xB3, 0x28, 0x61, 0xB4, 0x9C, 0xA6, 0x63, 
-	0xD3, 0x96, 0xB1, 0x75, 0x9F, 0x2A, 0x78, 0x99, 0xE3, 0x1E, 
-	0x71, 0x47, 0x39, 0xF4, 0x52, 0xE3, 0x66, 0xF1, 0xEB, 0x7F, 
-	0xEF, 0xC6, 0x81, 0x93, 0x4C, 0x99, 0xF1, 0x02, 0x81, 0x81, 
-	0x00, 0xC5, 0xB6, 0x20, 0x8C, 0x34, 0xF3, 0xDD, 0xF0, 0x4A, 
-	0x5D, 0x82, 0x65, 0x5C, 0x48, 0xE4, 0x75, 0x3A, 0xFB, 0xFA, 
-	0xAA, 0x1C, 0xE4, 0x63, 0x77, 0x31, 0xAC, 0xD2, 0x25, 0x45, 
-	0x23, 0x6D, 0x03, 0xF5, 0xE4, 0xD2, 0x48, 0x85, 0x26, 0x08, 
-	0xE5, 0xAA, 0xA0, 0xCE, 0x2E, 0x1D, 0x6D, 0xFC, 0xAE, 0xD2, 
-	0xF9, 0x42, 0x7E, 0xEA, 0x6D, 0x59, 0x7A, 0xB3, 0x93, 0xE4, 
-	0x4B, 0x4B, 0x54, 0x63, 0xD8, 0xCE, 0x44, 0x06, 0xC2, 0xEC, 
-	0x9F, 0xF6, 0x05, 0x55, 0x46, 0xF4, 0x3E, 0x8F, 0xF2, 0x0C, 
-	0x30, 0x7E, 0x5C, 0xDD, 0x88, 0x49, 0x3B, 0x59, 0xB9, 0x87, 
-	0xBC, 0xC6, 0xC5, 0x24, 0x8A, 0x10, 0x63, 0x21, 0x1F, 0x66, 
-	0x1A, 0x3E, 0xF4, 0x58, 0xD1, 0x6C, 0x0D, 0x40, 0xB2, 0xC0, 
-	0x1D, 0x63, 0x42, 0x0E, 0xC4, 0x56, 0x0E, 0xC0, 0xCC, 0xC2, 
-	0xD6, 0x66, 0x0E, 0xC4, 0xAB, 0xB5, 0x33, 0xF6, 0x51, 0x02, 
-	0x81, 0x80, 0x19, 0x7E, 0xE6, 0xA5, 0xB6, 0xD1, 0x39, 0x6A, 
-	0x48, 0x55, 0xAC, 0x24, 0x96, 0x9B, 0x12, 0x28, 0x6D, 0x7B, 
-	0x5C, 0x05, 0x25, 0x5A, 0x72, 0x05, 0x7E, 0x42, 0xF5, 0x83, 
-	0x1A, 0x78, 0x2C, 0x4D, 0xAE, 0xB4, 0x36, 0x96, 0xA9, 0xBA, 
-	0xE0, 0xAC, 0x26, 0x9D, 0xA9, 0x6A, 0x29, 0x83, 0xB9, 0x6D, 
-	0xC5, 0xEC, 0xFA, 0x4A, 0x9C, 0x09, 0x6A, 0x7E, 0xE4, 0x9B, 
-	0xDC, 0x9B, 0x2A, 0x27, 0x6E, 0x4F, 0xBA, 0xD8, 0xA5, 0x67, 
-	0xDB, 0xEC, 0x41, 0x5F, 0x29, 0x1C, 0x40, 0x83, 0xEB, 0x59, 
-	0x56, 0xD7, 0xA9, 0x4E, 0xAB, 0xAE, 0x70, 0x67, 0xD1, 0xA3, 
-	0xF1, 0x6C, 0xD7, 0x8F, 0x96, 0x0E, 0x8D, 0xAC, 0xAB, 0x55, 
-	0x58, 0x66, 0xD3, 0x1E, 0x47, 0x9B, 0xF0, 0x4C, 0xED, 0xF6, 
-	0x49, 0xE8, 0xE9, 0x7B, 0x32, 0x61, 0x20, 0x31, 0x95, 0x05, 
-	0xB2, 0xF6, 0x09, 0xEA, 0x32, 0x14, 0x0F, 0xCF, 0x9A, 0x41, 
-	0x02, 0x81, 0x80, 0x77, 0x3F, 0xB6, 0x14, 0x8D, 0xC5, 0x13, 
-	0x08, 0x7E, 0xC9, 0xC4, 0xEA, 0xD4, 0xBA, 0x0D, 0xA4, 0x9E, 
-	0xB3, 0x6E, 0xDE, 0x1A, 0x7A, 0xF8, 0x89, 0x88, 0xEF, 0x36, 
-	0x3C, 0x11, 0xBC, 0x83, 0xE8, 0x30, 0x6C, 0x81, 0x7C, 0x47, 
-	0xF3, 0x4D, 0xCA, 0xEA, 0x56, 0x01, 0x62, 0x55, 0x2E, 0x4B, 
-	0x89, 0xA9, 0xBD, 0x6F, 0x01, 0xF6, 0x74, 0x02, 0xAA, 0xE3, 
-	0x84, 0x66, 0x06, 0x95, 0x34, 0xA1, 0xE2, 0xCA, 0x65, 0xFE, 
-	0xA3, 0x2D, 0x43, 0x97, 0x95, 0x6C, 0x6F, 0xD5, 0xB4, 0x38, 
-	0xF6, 0xF9, 0x95, 0x30, 0xFA, 0xF8, 0x9C, 0x25, 0x2B, 0xB6, 
-	0x14, 0x51, 0xCC, 0x2E, 0xB3, 0x5B, 0xD6, 0xDC, 0x1A, 0xEC, 
-	0x2D, 0x09, 0x5B, 0x3F, 0x3A, 0xD0, 0xB8, 0x4E, 0x27, 0x1F, 
-	0xDC, 0x2A, 0xEE, 0xAC, 0xA9, 0x59, 0x5D, 0x07, 0x63, 0x11, 
-	0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, 
-	0x56
-};
-const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
-
-/* ./certs/ca-cert.der, 2048-bit */
-const unsigned char ca_cert_der_2048[] =
-{
-	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x9A, 0x41, 0x47, 0xCD, 
-	0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
-	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
-	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
-	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
-	0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 
-	0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 
-	0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 
-	0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 
-	0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 
-	0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 
-	0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
-	0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 
-	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 
-	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
-	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
-	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x31, 0x31, 
-	0x30, 0x33, 0x32, 0x30, 0x30, 0x38, 0x5A, 0x17, 0x0D, 0x31, 
-	0x37, 0x30, 0x34, 0x30, 0x36, 0x30, 0x33, 0x32, 0x30, 0x30, 
-	0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
-	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
-	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
-	0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 
-	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 
-	0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 
-	0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 
-	0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 
-	0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
-	0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 
-	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 
-	0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 
-	0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 
-	0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 
-	0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 
-	0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, 
-	0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, 
-	0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, 
-	0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, 
-	0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, 
-	0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, 
-	0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, 
-	0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, 
-	0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, 
-	0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, 
-	0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, 
-	0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, 
-	0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, 
-	0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, 
-	0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, 
-	0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, 
-	0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, 
-	0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, 
-	0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, 
-	0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, 
-	0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, 
-	0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, 
-	0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, 
-	0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, 
-	0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, 
-	0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, 
-	0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 
-	0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 
-	0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 
-	0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 
-	0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 
-	0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 
-	0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 
-	0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 
-	0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 
-	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
-	0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
-	0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 
-	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 
-	0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 
-	0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 
-	0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 
-	0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 
-	0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 
-	0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 
-	0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 
-	0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 
-	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
-	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
-	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
-	0x9A, 0x41, 0x47, 0xCD, 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0C, 
-	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
-	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 
-	0x01, 0x00, 0x79, 0x78, 0x0C, 0x6D, 0x79, 0x88, 0x91, 0xFC, 
-	0x3A, 0x15, 0x9C, 0xF9, 0x27, 0x62, 0x16, 0xF0, 0x21, 0x1F, 
-	0xFA, 0x7D, 0x3F, 0xA2, 0xA8, 0x32, 0x1E, 0xF7, 0xF2, 0x11, 
-	0xA9, 0x74, 0x16, 0x74, 0x5E, 0xDC, 0x18, 0xCA, 0xF0, 0x00, 
-	0x2A, 0xD5, 0x03, 0x06, 0x26, 0x30, 0xF1, 0x47, 0x83, 0xFD, 
-	0x32, 0x6E, 0xFC, 0xED, 0xAA, 0x4F, 0x7D, 0x0C, 0x63, 0x60, 
-	0x31, 0x2F, 0x7C, 0x0C, 0xBF, 0x99, 0x66, 0x87, 0xED, 0x27, 
-	0x08, 0x86, 0x2D, 0xC4, 0x33, 0xE8, 0x98, 0x23, 0x1C, 0xFE, 
-	0xA3, 0xDB, 0x9A, 0x49, 0x4E, 0xFC, 0x5A, 0x42, 0xEF, 0x71, 
-	0xC3, 0x3F, 0xAD, 0xDC, 0x4A, 0xA8, 0xD2, 0xA3, 0x1D, 0x09, 
-	0xAC, 0x33, 0x04, 0x7B, 0x86, 0xF3, 0x6D, 0x00, 0x59, 0xA3, 
-	0xC8, 0xDB, 0xD1, 0x3C, 0x73, 0xF6, 0x0E, 0x90, 0xD6, 0x5E, 
-	0x49, 0xE0, 0xBF, 0x36, 0x63, 0x08, 0x7B, 0xA5, 0xB0, 0x8F, 
-	0x35, 0x3B, 0x56, 0x8C, 0x11, 0x35, 0x49, 0x04, 0x1C, 0xD0, 
-	0xE7, 0xBA, 0x56, 0xC5, 0x0D, 0x0A, 0x91, 0x8D, 0xD6, 0xB7, 
-	0x62, 0x19, 0x34, 0x12, 0x52, 0x4C, 0xD2, 0x6D, 0x7C, 0xC5, 
-	0x3D, 0x0F, 0x18, 0x81, 0x54, 0xCB, 0xF6, 0x3C, 0xE5, 0x84, 
-	0xD2, 0xD6, 0x71, 0x15, 0xEC, 0x1A, 0x34, 0x0B, 0xF0, 0xA0, 
-	0x21, 0x74, 0x43, 0xC8, 0xA3, 0xB0, 0xDF, 0xD9, 0x67, 0xDA, 
-	0xE2, 0xAD, 0x93, 0x48, 0xF8, 0xA0, 0x87, 0xBD, 0x79, 0x14, 
-	0xE0, 0x62, 0x0A, 0xDF, 0xF7, 0x31, 0x2E, 0x31, 0x7B, 0xD1, 
-	0x32, 0x2A, 0x0A, 0xFE, 0x5D, 0x14, 0xEF, 0xD9, 0x64, 0x50, 
-	0xE4, 0x83, 0x91, 0xBC, 0x70, 0x0D, 0xD7, 0x88, 0x8D, 0xD9, 
-	0xBC, 0x84, 0x0E, 0xC5, 0x1A, 0xB3, 0xBF, 0x64, 0x02, 0x4E, 
-	0x51, 0x91, 0xA4, 0xA2, 0x85, 0x15, 0x83, 0xAF, 0xF0, 0x5B, 
-	0x9B, 0x28, 0x49, 0x5F, 0xB2, 0xB3, 0x03, 0xD8
-};
-const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
-
-/* ./certs/server-key.der, 2048-bit */
-const unsigned char server_key_der_2048[] =
-{
-	0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
-	0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 
-	0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, 
-	0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, 
-	0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 
-	0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 
-	0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 
-	0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, 
-	0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 
-	0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 
-	0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 
-	0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, 
-	0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, 
-	0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 
-	0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 
-	0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, 
-	0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, 
-	0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 
-	0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 
-	0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 
-	0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, 
-	0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 
-	0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 
-	0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 
-	0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 
-	0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 
-	0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 
-	0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 
-	0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, 0x01, 0xEF, 0x9F, 0xED, 
-	0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, 0x92, 
-	0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 
-	0xC6, 0x79, 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 
-	0x95, 0x77, 0xCB, 0xC3, 0x9A, 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 
-	0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, 0x67, 0x16, 
-	0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 
-	0xFB, 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 
-	0x98, 0x6B, 0x65, 0x9A, 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 
-	0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, 0x60, 0x2A, 0x73, 
-	0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4, 
-	0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 
-	0x25, 0x4E, 0x9F, 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 
-	0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, 0xCA, 0x9A, 0x5B, 0x05, 
-	0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, 0x22, 
-	0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 
-	0x74, 0xD3, 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 
-	0x7A, 0x97, 0x2E, 0xD6, 0xB6, 0x19, 0xC6, 0x92, 0x26, 0xE4, 
-	0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, 0x78, 0x0D, 
-	0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 
-	0x41, 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 
-	0xD2, 0x60, 0xF2, 0x9F, 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 
-	0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, 0xE6, 0x55, 0x34, 
-	0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A, 
-	0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 
-	0xF1, 0x58, 0x58, 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 
-	0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, 0x10, 0x32, 0xB7, 0x93, 
-	0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, 0xB5, 
-	0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 
-	0x1B, 0xAC, 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 
-	0x19, 0xB8, 0xC3, 0x60, 0xB1, 0x57, 0x48, 0x5F, 0x52, 0x4F, 
-	0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, 0x50, 0x3F, 
-	0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 
-	0xAD, 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 
-	0x70, 0x9C, 0x0A, 0x7C, 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 
-	0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, 0x15, 0x73, 0xDA, 
-	0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0, 
-	0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 
-	0xC6, 0xB1, 0x53, 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 
-	0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, 0xB7, 0x5C, 0x5C, 0x7C, 
-	0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, 0xB3, 
-	0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 
-	0x8E, 0x7B, 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 
-	0x7D, 0xEA, 0xFE, 0x76, 0xA1, 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 
-	0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, 0x5B, 0x0F, 
-	0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 
-	0xED, 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 
-	0x13, 0x23, 0x4C, 0xCB, 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 
-	0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, 0xC1, 0x85, 0x5F, 
-	0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3, 
-	0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 
-	0x5F, 0x53, 0xA4, 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 
-	0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, 0xD5, 0xFE, 0xF9, 0x52, 
-	0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, 0x2F, 
-	0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 
-	0x52, 0xDA, 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 
-	0xD3, 0x18, 0x14, 0x72, 0x77, 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 
-	0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, 0xF2, 0xB5, 
-	0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 
-	0x5F, 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 
-	0x56, 0xC0, 0xD4, 0x22, 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 
-	0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, 0x92, 0x31, 0x41, 
-	0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39, 
-	0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 
-	0x22, 0x00, 0xFE, 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 
-	0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, 0x56, 0x28, 0x51, 0x9E, 
-	0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, 0x6C, 
-	0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 
-	0xD4, 0x0C, 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 
-	0xD4, 0xE6, 0xDC, 0x4C, 0xED, 0xD7, 0x16, 0x11, 0xC3, 0x3E, 
-	0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, 0xBB, 0x75, 
-	0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 
-	0xC5, 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 
-	0x6E, 0x99, 0x87, 0xF8, 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 
-	0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, 0x16, 0xCA, 0x8B, 
-	0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC, 
-	0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 
-	0x9D, 0xE0, 0x63, 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 
-	0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, 0x45, 0xF9, 0x40, 0x8C, 
-	0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, 0xAC, 
-	0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 
-	0xE5, 0x8A, 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 
-	0x86, 0x09, 0xB8, 0xD8, 0x76, 0xA7, 0xC9, 0x1C, 0x71, 0x52, 
-	0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, 0x61, 0x1B, 
-	0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 
-	0x43, 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 
-	0x5E, 0xCF, 0x4F, 0xFC, 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 
-	0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, 0x29, 0xD0, 0x44, 
-	0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2, 
-	0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 
-	0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 
-	0x3B, 0xF1, 0xB0
-};
-const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
-
-/* ./certs/server-cert.der, 2048-bit */
-const unsigned char server_cert_der_2048[] =
-{
-	0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 
-	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 
-	0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 
-	0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 
-	0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 
-	0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 
-	0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 
-	0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 
-	0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 
-	0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 
-	0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 
-	0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 
-	0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 
-	0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 
-	0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 
-	0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 
-	0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 
-	0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 
-	0x31, 0x31, 0x31, 0x37, 0x32, 0x30, 0x31, 0x34, 0x5A, 0x17, 
-	0x0D, 0x31, 0x37, 0x30, 0x34, 0x30, 0x36, 0x31, 0x37, 0x32, 
-	0x30, 0x31, 0x34, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 
-	0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 
-	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 
-	0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 
-	0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 
-	0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 
-	0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
-	0x55, 0x04, 0x0B, 0x0C, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, 
-	0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 
-	0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 
-	0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 
-	0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 
-	0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 
-	0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 
-	0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 
-	0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 
-	0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 
-	0x82, 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 
-	0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 
-	0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 
-	0x2F, 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 
-	0xA8, 0x67, 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 
-	0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 
-	0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 
-	0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 
-	0x95, 0x73, 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 
-	0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 
-	0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 
-	0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 
-	0x78, 0x73, 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 
-	0x19, 0x01, 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 
-	0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 
-	0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 
-	0xB5, 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 
-	0x5F, 0x1C, 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 
-	0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 
-	0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 
-	0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 
-	0x95, 0xA1, 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 
-	0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 
-	0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 
-	0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 
-	0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 
-	0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, 
-	0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 
-	0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, 
-	0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, 0x1F, 0x0E, 
-	0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, 
-	0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, 
-	0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 
-	0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 
-	0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 
-	0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 
-	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 
-	0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 
-	0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 
-	0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 
-	0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 
-	0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 
-	0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 
-	0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 
-	0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 
-	0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 
-	0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 
-	0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x9A, 0x41, 
-	0x47, 0xCD, 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0C, 0x06, 0x03, 
-	0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 
-	0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 
-	0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 
-	0x3D, 0x8C, 0x70, 0x05, 0x5B, 0x62, 0x4B, 0xBF, 0x6C, 0xB6, 
-	0x48, 0x61, 0x01, 0x10, 0x1D, 0x5E, 0x05, 0xBA, 0x55, 0x94, 
-	0x2C, 0xAE, 0x59, 0x6F, 0x97, 0x80, 0x5D, 0x6C, 0x86, 0xEC, 
-	0x9A, 0xEB, 0x15, 0x45, 0x44, 0xE4, 0x56, 0xF8, 0x75, 0xCA, 
-	0x8A, 0x45, 0x32, 0xF4, 0xC7, 0xE1, 0xFA, 0xF2, 0x98, 0x1C, 
-	0x91, 0xD3, 0x3F, 0xE8, 0x0E, 0xC9, 0x1B, 0xFA, 0xE1, 0x79, 
-	0x99, 0x67, 0x0E, 0x0D, 0x6B, 0x8A, 0xEC, 0x1A, 0x2C, 0x59, 
-	0xC4, 0x34, 0x04, 0x8D, 0x39, 0x77, 0xCD, 0xB5, 0xE9, 0x60, 
-	0x5B, 0x82, 0xBF, 0x34, 0xCE, 0xED, 0xC6, 0x4F, 0x3F, 0xB4, 
-	0x5C, 0x4D, 0x8A, 0xB4, 0xF4, 0x0A, 0x04, 0x12, 0xA0, 0x56, 
-	0xC1, 0xE1, 0x33, 0x37, 0xA1, 0x54, 0x87, 0x48, 0xE9, 0x81, 
-	0xC2, 0x0F, 0x8F, 0x6F, 0xD3, 0x52, 0x4C, 0x4C, 0x32, 0x4C, 
-	0x6B, 0x9F, 0x3A, 0x04, 0x8F, 0x77, 0x5D, 0xAD, 0xDC, 0x3D, 
-	0x2B, 0xF2, 0xC9, 0xDF, 0x3C, 0x60, 0x5D, 0xD8, 0xFC, 0x86, 
-	0x72, 0x7C, 0x3D, 0xD0, 0x84, 0x4B, 0x8C, 0xDF, 0x26, 0x43, 
-	0xFE, 0xC0, 0xCC, 0x5B, 0xE1, 0x36, 0xB3, 0x3D, 0x32, 0x28, 
-	0xA3, 0xEF, 0x0C, 0x20, 0xD6, 0xB1, 0x50, 0x39, 0xD6, 0x67, 
-	0xA9, 0x8B, 0x84, 0xBC, 0x92, 0x34, 0xEB, 0x19, 0x23, 0xE8, 
-	0x10, 0x8F, 0xEA, 0xBD, 0x18, 0x8C, 0x93, 0x27, 0x3C, 0x74, 
-	0x75, 0x8E, 0x58, 0x04, 0xFA, 0x2A, 0x74, 0x44, 0x7D, 0xFC, 
-	0x4D, 0x39, 0xDF, 0x54, 0x17, 0xBA, 0x78, 0xE1, 0x5D, 0x6A, 
-	0x70, 0xD3, 0x7C, 0xA2, 0x80, 0x81, 0xE6, 0x19, 0x51, 0x91, 
-	0xC3, 0x44, 0x51, 0xEC, 0xBB, 0x88, 0xA9, 0x53, 0xE1, 0xD7, 
-	0xA9, 0x8C, 0x28, 0xF4, 0x21, 0x1C, 0x42, 0x51, 0x09, 0xB4, 
-	0x12, 0x6D, 0xA0, 0xD6, 0x25, 0x09, 0x85, 0xC6, 0x2A, 0x0C, 
-	0xAF, 0xA7, 0x58, 0xE6, 0x52, 0x8B
-};
-const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
-
-#endif /* USE_CERT_BUFFERS_1024 */
-
-#endif /* CYASSL_CERTS_TEST_H */
-
+#include <wolfssl/certs_test.h>

cyassl/crl.h

@@ -19,33 +19,4 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-#ifndef CYASSL_CRL_H
-#define CYASSL_CRL_H
-
-
-#ifdef HAVE_CRL
-
-#include <cyassl/ssl.h>
-#include <cyassl/ctaocrypt/asn.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-typedef struct CYASSL_CRL CYASSL_CRL;
-
-CYASSL_LOCAL int  InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
-CYASSL_LOCAL void FreeCRL(CYASSL_CRL*, int dynamic);
-
-CYASSL_LOCAL int  LoadCRL(CYASSL_CRL* crl, const char* path, int type, int mon);
-CYASSL_LOCAL int  BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
-CYASSL_LOCAL int  CheckCertCRL(CYASSL_CRL*, DecodedCert*);
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* HAVE_CRL */
-#endif /* CYASSL_CRL_H */
+#include <wolfssl/crl.h>

cyassl/error-ssl.h

@@ -19,144 +19,4 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-#ifndef CYASSL_ERROR_H
-#define CYASSL_ERROR_H
-
-#include <cyassl/ctaocrypt/error-crypt.h>   /* pull in CTaoCrypt errors */
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-enum CyaSSL_ErrorCodes {
-    INPUT_CASE_ERROR        = -301,        /* process input state error */
-    PREFIX_ERROR            = -302,        /* bad index to key rounds  */
-    MEMORY_ERROR            = -303,        /* out of memory            */
-    VERIFY_FINISHED_ERROR   = -304,        /* verify problem on finished */
-    VERIFY_MAC_ERROR        = -305,        /* verify mac problem       */
-    PARSE_ERROR             = -306,        /* parse error on header    */
-    UNKNOWN_HANDSHAKE_TYPE  = -307,        /* weird handshake type     */
-    SOCKET_ERROR_E          = -308,        /* error state on socket    */
-    SOCKET_NODATA           = -309,        /* expected data, not there */
-    INCOMPLETE_DATA         = -310,        /* don't have enough data to
-                                              complete task            */
-    UNKNOWN_RECORD_TYPE     = -311,        /* unknown type in record hdr */
-    DECRYPT_ERROR           = -312,        /* error during decryption  */
-    FATAL_ERROR             = -313,        /* recvd alert fatal error  */
-    ENCRYPT_ERROR           = -314,        /* error during encryption  */
-    FREAD_ERROR             = -315,        /* fread problem            */
-    NO_PEER_KEY             = -316,        /* need peer's key          */
-    NO_PRIVATE_KEY          = -317,        /* need the private key     */
-    RSA_PRIVATE_ERROR       = -318,        /* error during rsa priv op */
-    NO_DH_PARAMS            = -319,        /* server missing DH params */
-    BUILD_MSG_ERROR         = -320,        /* build message failure    */
-
-    BAD_HELLO               = -321,        /* client hello malformed   */
-    DOMAIN_NAME_MISMATCH    = -322,        /* peer subject name mismatch */
-    WANT_READ               = -323,        /* want read, call again    */
-    NOT_READY_ERROR         = -324,        /* handshake layer not ready */
-    PMS_VERSION_ERROR       = -325,        /* pre m secret version error */
-    VERSION_ERROR           = -326,        /* record layer version error */
-    WANT_WRITE              = -327,        /* want write, call again   */
-    BUFFER_ERROR            = -328,        /* malformed buffer input   */
-    VERIFY_CERT_ERROR       = -329,        /* verify cert error        */
-    VERIFY_SIGN_ERROR       = -330,        /* verify sign error        */
-    CLIENT_ID_ERROR         = -331,        /* psk client identity error  */
-    SERVER_HINT_ERROR       = -332,        /* psk server hint error  */
-    PSK_KEY_ERROR           = -333,        /* psk key error  */
-    ZLIB_INIT_ERROR         = -334,        /* zlib init error  */
-    ZLIB_COMPRESS_ERROR     = -335,        /* zlib compression error  */
-    ZLIB_DECOMPRESS_ERROR   = -336,        /* zlib decompression error  */
-
-    GETTIME_ERROR           = -337,        /* gettimeofday failed ??? */
-    GETITIMER_ERROR         = -338,        /* getitimer failed ??? */
-    SIGACT_ERROR            = -339,        /* sigaction failed ??? */
-    SETITIMER_ERROR         = -340,        /* setitimer failed ??? */
-    LENGTH_ERROR            = -341,        /* record layer length error */
-    PEER_KEY_ERROR          = -342,        /* can't decode peer key */
-    ZERO_RETURN             = -343,        /* peer sent close notify */
-    SIDE_ERROR              = -344,        /* wrong client/server type */
-    NO_PEER_CERT            = -345,        /* peer didn't send key */
-    NTRU_KEY_ERROR          = -346,        /* NTRU key error  */
-    NTRU_DRBG_ERROR         = -347,        /* NTRU drbg error  */
-    NTRU_ENCRYPT_ERROR      = -348,        /* NTRU encrypt error  */
-    NTRU_DECRYPT_ERROR      = -349,        /* NTRU decrypt error  */
-    ECC_CURVETYPE_ERROR     = -350,        /* Bad ECC Curve Type */
-    ECC_CURVE_ERROR         = -351,        /* Bad ECC Curve */
-    ECC_PEERKEY_ERROR       = -352,        /* Bad Peer ECC Key */
-    ECC_MAKEKEY_ERROR       = -353,        /* Bad Make ECC Key */
-    ECC_EXPORT_ERROR        = -354,        /* Bad ECC Export Key */
-    ECC_SHARED_ERROR        = -355,        /* Bad ECC Shared Secret */
-    NOT_CA_ERROR            = -357,        /* Not a CA cert error */
-    BAD_PATH_ERROR          = -358,        /* Bad path for opendir */
-    BAD_CERT_MANAGER_ERROR  = -359,        /* Bad Cert Manager */
-    OCSP_CERT_REVOKED       = -360,        /* OCSP Certificate revoked */
-    CRL_CERT_REVOKED        = -361,        /* CRL Certificate revoked */
-    CRL_MISSING             = -362,        /* CRL Not loaded */
-    MONITOR_RUNNING_E       = -363,        /* CRL Monitor already running */
-    THREAD_CREATE_E         = -364,        /* Thread Create Error */
-    OCSP_NEED_URL           = -365,        /* OCSP need an URL for lookup */
-    OCSP_CERT_UNKNOWN       = -366,        /* OCSP responder doesn't know */
-    OCSP_LOOKUP_FAIL        = -367,        /* OCSP lookup not successful */
-    MAX_CHAIN_ERROR         = -368,        /* max chain depth exceeded */
-    COOKIE_ERROR            = -369,        /* dtls cookie error */
-    SEQUENCE_ERROR          = -370,        /* dtls sequence error */
-    SUITES_ERROR            = -371,        /* suites pointer error */
-    SSL_NO_PEM_HEADER       = -372,        /* no PEM header found */
-    OUT_OF_ORDER_E          = -373,        /* out of order message */
-    BAD_KEA_TYPE_E          = -374,        /* bad KEA type found */
-    SANITY_CIPHER_E         = -375,        /* sanity check on cipher error */
-    RECV_OVERFLOW_E         = -376,        /* RXCB returned more than rqed */
-    GEN_COOKIE_E            = -377,        /* Generate Cookie Error */
-    NO_PEER_VERIFY          = -378,        /* Need peer cert verify Error */
-    FWRITE_ERROR            = -379,        /* fwrite problem */
-    CACHE_MATCH_ERROR       = -380,        /* chache hdr match error */
-    UNKNOWN_SNI_HOST_NAME_E = -381,        /* Unrecognized host name Error */
-    UNKNOWN_MAX_FRAG_LEN_E  = -382,        /* Unrecognized max frag len Error */
-    KEYUSE_SIGNATURE_E      = -383,        /* KeyUse digSignature error */
-    KEYUSE_ENCIPHER_E       = -385,        /* KeyUse keyEncipher error */
-    EXTKEYUSE_AUTH_E        = -386,        /* ExtKeyUse server|client_auth */
-    SEND_OOB_READ_E         = -387,        /* Send Cb out of bounds read */
-    SECURE_RENEGOTIATION_E  = -388,        /* Invalid Renegotiation Info */
-    SESSION_TICKET_LEN_E    = -389,        /* Session Ticket too large */
-    SESSION_TICKET_EXPECT_E = -390,        /* Session Ticket missing   */
-    SCR_DIFFERENT_CERT_E    = -391,        /* SCR Different cert error  */
-    SESSION_SECRET_CB_E     = -392,        /* Session secret Cb fcn failure */
-    NO_CHANGE_CIPHER_E      = -393,        /* Finished before change cipher */
-    SANITY_MSG_E            = -394,        /* Sanity check on msg order error */
-    DUPLICATE_MSG_E         = -395,        /* Duplicate message error */
-    SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */
-
-    /* add strings to SetErrorString !!!!! */
-
-    /* begin negotiation parameter errors */
-    UNSUPPORTED_SUITE       = -500,        /* unsupported cipher suite */
-    MATCH_SUITE_ERROR       = -501         /* can't match cipher suite */
-    /* end negotiation parameter errors only 10 for now */
-    /* add strings to SetErrorString !!!!! */
-
-    /* no error stings go down here, add above negotiation errors !!!! */
-};
-
-
-#ifdef CYASSL_CALLBACKS
-    enum {
-        MIN_PARAM_ERR = UNSUPPORTED_SUITE,
-        MAX_PARAM_ERR = MIN_PARAM_ERR - 10
-    };
-#endif
-
-
-CYASSL_LOCAL
-void SetErrorString(int err, char* buff);
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-
-#endif /* CyaSSL_ERROR_H */
-
-
+#include <wolfssl/error-ssl.h>

cyassl/internal.h

@@ -19,2351 +19,4 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-#ifndef CYASSL_INT_H
-#define CYASSL_INT_H
-
-
-#include <cyassl/ctaocrypt/types.h>
-#include <cyassl/ssl.h>
-#include <cyassl/crl.h>
-#include <cyassl/ctaocrypt/random.h>
-#include <cyassl/ctaocrypt/des3.h>
-#include <cyassl/ctaocrypt/hc128.h>
-#include <cyassl/ctaocrypt/rabbit.h>
-#include <cyassl/ctaocrypt/chacha.h>
-#include <cyassl/ctaocrypt/asn.h>
-#include <cyassl/ctaocrypt/md5.h>
-#include <cyassl/ctaocrypt/sha.h>
-#include <cyassl/ctaocrypt/aes.h>
-#include <cyassl/ctaocrypt/poly1305.h>
-#include <cyassl/ctaocrypt/camellia.h>
-#include <cyassl/ctaocrypt/logging.h>
-#include <cyassl/ctaocrypt/hmac.h>
-#ifndef NO_RC4
-    #include <wolfssl/wolfcrypt/arc4.h>
-#endif
-#ifdef HAVE_ECC
-    #include <cyassl/ctaocrypt/ecc.h>
-#endif
-#ifndef NO_SHA256
-    #include <cyassl/ctaocrypt/sha256.h>
-#endif
-#ifdef HAVE_OCSP
-    #include <cyassl/ocsp.h>
-#endif
-#ifdef CYASSL_SHA512
-    #include <cyassl/ctaocrypt/sha512.h>
-#endif
-
-#ifdef HAVE_AESGCM
-    #include <cyassl/ctaocrypt/sha512.h>
-#endif
-
-#ifdef CYASSL_RIPEMD
-    #include <cyassl/ctaocrypt/ripemd.h>
-#endif
-
-#ifdef CYASSL_CALLBACKS
-    #include <cyassl/callbacks.h>
-    #include <signal.h>
-#endif
-
-#ifdef USE_WINDOWS_API 
-    #ifdef CYASSL_GAME_BUILD
-        #include "system/xtl.h"
-    #else
-        #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
-            /* On WinCE winsock2.h must be included before windows.h */
-            #include <winsock2.h>
-        #endif
-        #include <windows.h>
-    #endif
-#elif defined(THREADX)
-    #ifndef SINGLE_THREADED
-        #include "tx_api.h"
-    #endif
-#elif defined(MICRIUM)
-    /* do nothing, just don't pick Unix */
-#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
-    /* do nothing */
-#elif defined(EBSNET)
-    /* do nothing */
-#elif defined(FREESCALE_MQX)
-    /* do nothing */
-#elif defined(CYASSL_MDK_ARM)
-    #if defined(CYASSL_MDK5)
-         #include "cmsis_os.h"
-    #else
-        #include <rtl.h>
-    #endif
-#elif defined(MBED)
-#elif defined(CYASSL_TIRTOS)
-    /* do nothing */
-#else
-    #ifndef SINGLE_THREADED
-        #define CYASSL_PTHREADS
-        #include <pthread.h>
-    #endif
-    #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
-        #include <unistd.h>      /* for close of BIO */
-    #endif
-#endif
-
-
-#ifdef HAVE_LIBZ
-    #include "zlib.h"
-#endif
-
-#ifdef _MSC_VER
-    /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
-    #pragma warning(disable: 4996)
-#endif
-
-#ifdef NO_AES
-    #if !defined (ALIGN16)
-        #define ALIGN16
-    #endif
-#endif
-
-#ifdef NO_SHA
-    #define SHA_DIGEST_SIZE 20
-#endif
-
-#ifdef NO_SHA256
-    #define SHA256_DIGEST_SIZE 32
-#endif
-
-#ifdef NO_MD5
-    #define MD5_DIGEST_SIZE 16
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-#ifdef USE_WINDOWS_API 
-    typedef unsigned int SOCKET_T;
-#else
-    typedef int SOCKET_T;
-#endif
-
-
-typedef byte word24[3];
-
-/* Define or comment out the cipher suites you'd like to be compiled in
-   make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
-
-   When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
-*/
-#if !defined(NO_RSA) && !defined(NO_RC4)
-  #if !defined(NO_SHA)
-    #define BUILD_SSL_RSA_WITH_RC4_128_SHA
-  #endif
-    #if !defined(NO_MD5)
-        #define BUILD_SSL_RSA_WITH_RC4_128_MD5
-    #endif
-    #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
-        #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
-    #endif
-#endif
-
-#if !defined(NO_RSA) && !defined(NO_DES3)
-  #if !defined(NO_SHA)
-    #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
-    #if !defined(NO_TLS) && defined(HAVE_NTRU)
-        #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
-    #endif
-  #endif
-#endif
-
-#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
-  #if !defined(NO_SHA)
-    #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
-    #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
-    #if defined(HAVE_NTRU)
-        #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
-        #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
-    #endif
-  #endif
-    #if !defined (NO_SHA256)
-        #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
-        #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
-    #endif
-    #if defined (HAVE_AESGCM)
-        #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
-        #if defined (CYASSL_SHA384)
-            #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
-        #endif
-    #endif
-    #if defined (HAVE_AESCCM)
-        #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
-        #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
-    #endif
-    #if defined(HAVE_BLAKE2)
-        #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
-        #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
-    #endif
-#endif
-
-#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
-    #ifndef NO_RSA
-      #if !defined(NO_SHA)
-        #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-        #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-      #endif
-        #ifndef NO_SHA256
-            #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-            #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-        #endif
-        #if !defined(NO_DH)
-          #if !defined(NO_SHA)
-            #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-            #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-          #endif
-            #ifndef NO_SHA256
-                #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-                #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-            #endif
-        #endif
-    #endif
-#endif
-
-#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
-  #if !defined(NO_SHA)
-    #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
-    #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
-  #endif
-    #ifndef NO_SHA256
-        #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
-        #ifdef HAVE_AESGCM
-            #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
-        #endif
-        #ifdef HAVE_AESCCM
-            #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
-            #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
-            #define BUILD_TLS_PSK_WITH_AES_128_CCM
-            #define BUILD_TLS_PSK_WITH_AES_256_CCM
-        #endif
-    #endif
-    #ifdef CYASSL_SHA384
-        #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
-        #ifdef HAVE_AESGCM
-            #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
-        #endif
-    #endif
-#endif
-
-#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
-    #if !defined(NO_RSA)
-      #if !defined(NO_SHA)
-        #define BUILD_TLS_RSA_WITH_NULL_SHA
-      #endif
-      #ifndef NO_SHA256
-        #define BUILD_TLS_RSA_WITH_NULL_SHA256
-      #endif
-    #endif
-    #if !defined(NO_PSK)
-      #if !defined(NO_SHA)
-        #define BUILD_TLS_PSK_WITH_NULL_SHA
-      #endif
-        #ifndef NO_SHA256
-            #define BUILD_TLS_PSK_WITH_NULL_SHA256
-        #endif
-        #ifdef CYASSL_SHA384
-            #define BUILD_TLS_PSK_WITH_NULL_SHA384
-        #endif
-    #endif
-#endif
-
-#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
-    #define BUILD_TLS_RSA_WITH_HC_128_MD5
-  #if !defined(NO_SHA)
-    #define BUILD_TLS_RSA_WITH_HC_128_SHA
-  #endif
-  #if defined(HAVE_BLAKE2)
-    #define BUILD_TLS_RSA_WITH_HC_128_B2B256
-  #endif
-#endif
-
-#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
-  #if !defined(NO_SHA)
-    #define BUILD_TLS_RSA_WITH_RABBIT_SHA
-  #endif
-#endif
-
-#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
-    !defined(NO_RSA)
-  #if !defined(NO_SHA)
-    #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-    #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-  #endif
-    #if !defined (NO_SHA256)
-        #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-        #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-        #if defined (HAVE_AESGCM)
-            #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-            #if defined (CYASSL_SHA384)
-                #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-            #endif
-        #endif
-    #endif
-#endif
-
-#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
-    !defined(NO_AES) && !defined(NO_SHA)
-    #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
-#endif
-
-#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
-    #ifndef NO_SHA256
-        #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
-        #ifdef HAVE_NULL_CIPHER
-            #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
-        #endif
-        #ifdef HAVE_AESGCM
-            #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
-        #endif
-        #ifdef HAVE_AESCCM
-            #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
-            #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
-        #endif
-    #endif
-    #ifdef CYASSL_SHA384
-        #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
-        #ifdef HAVE_NULL_CIPHER
-            #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
-        #endif
-        #ifdef HAVE_AESGCM
-            #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
-        #endif
-    #endif
-#endif
-
-#if defined(HAVE_ECC) && !defined(NO_TLS)
-    #if !defined(NO_AES)
-        #if !defined(NO_SHA)
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-                #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-                #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-                #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-            #endif
-    
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-    
-            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-        #endif /* NO_SHA */
-        #ifndef NO_SHA256
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-                #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
-            #endif
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
-        #endif
-
-        #ifdef CYASSL_SHA384
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-                #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
-            #endif
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
-        #endif
-
-        #if defined (HAVE_AESGCM)
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-                #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
-                #if defined(CYASSL_SHA384)
-                    #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
-                #endif
-            #endif
-
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
-            
-            #if defined(CYASSL_SHA384)
-                #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
-            #endif
-        #endif
-        #if defined (HAVE_AESCCM)
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
-        #endif
-    #endif /* NO_AES */
-    #if !defined(NO_RC4)
-        #if !defined(NO_SHA)
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-                #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
-            #endif
-
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-            #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
-        #endif
-    #endif
-    #if !defined(NO_DES3)
-        #if !defined(NO_RSA)
-            #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-            #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-        #endif
-
-        #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-        #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
-    #endif
-#endif
-
-
-#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
-    defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
-    #define BUILD_ARC4
-#endif
-
-#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
-    #define BUILD_DES3
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
-    defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
-    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-    #undef  BUILD_AES
-    #define BUILD_AES
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
-    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-    #define BUILD_AESGCM
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
-    defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
-    defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
-    #define BUILD_HC128
-#endif
-
-#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
-    #define BUILD_RABBIT
-#endif
-
-#ifdef NO_DES3
-    #define DES_BLOCK_SIZE 8
-#else
-    #undef  BUILD_DES3
-    #define BUILD_DES3
-#endif
-
-#ifdef NO_AES
-    #define AES_BLOCK_SIZE 16
-#else
-    #undef  BUILD_AES
-    #define BUILD_AES
-#endif
-
-#ifndef NO_RC4
-    #undef  BUILD_ARC4
-    #define BUILD_ARC4
-#endif
-
-#ifdef HAVE_CHACHA
-    #define CHACHA20_BLOCK_SIZE 16 
-    /* ChaCha - Poly AEAD suites */
-    #if defined(HAVE_POLY1305) && !defined(NO_SHA256)
-        #if defined(HAVE_ECC)
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-            #endif
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-        #endif
-        #if !defined(NO_DH) && !defined(NO_RSA)
-            #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-        #endif
-    #endif /* end of ChaCha - Poly AEAD suites */
-#endif
-
-#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA)
-    #define HAVE_AEAD
-#endif
-
-
-/* actual cipher values, 2nd byte */
-enum {
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA  = 0x39,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = 0x33,
-    TLS_DH_anon_WITH_AES_128_CBC_SHA  = 0x34,
-    TLS_RSA_WITH_AES_256_CBC_SHA      = 0x35,
-    TLS_RSA_WITH_AES_128_CBC_SHA      = 0x2F,
-    TLS_RSA_WITH_NULL_SHA             = 0x02,
-    TLS_PSK_WITH_AES_256_CBC_SHA      = 0x8d,
-    TLS_PSK_WITH_AES_128_CBC_SHA256   = 0xae,
-    TLS_PSK_WITH_AES_256_CBC_SHA384   = 0xaf,
-    TLS_PSK_WITH_AES_128_CBC_SHA      = 0x8c,
-    TLS_PSK_WITH_NULL_SHA256          = 0xb0,
-    TLS_PSK_WITH_NULL_SHA384          = 0xb1,
-    TLS_PSK_WITH_NULL_SHA             = 0x2c,
-    SSL_RSA_WITH_RC4_128_SHA          = 0x05,
-    SSL_RSA_WITH_RC4_128_MD5          = 0x04,
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA     = 0x0A,
-
-    /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA    = 0x14,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA    = 0x13,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA  = 0x0A,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA  = 0x09,
-    TLS_ECDHE_RSA_WITH_RC4_128_SHA        = 0x11,
-    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA      = 0x07,
-    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA   = 0x12,
-    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   = 0x27,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   = 0x28,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
-
-    /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
-    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA    = 0x0F,
-    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA    = 0x0E,
-    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA  = 0x05,
-    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA  = 0x04,
-    TLS_ECDH_RSA_WITH_RC4_128_SHA        = 0x0C,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA      = 0x02,
-    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA   = 0x0D,
-    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
-    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256   = 0x29,
-    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
-    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384   = 0x2A,
-    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
-
-    /* CyaSSL extension - eSTREAM */
-    TLS_RSA_WITH_HC_128_MD5       = 0xFB,
-    TLS_RSA_WITH_HC_128_SHA       = 0xFC,
-    TLS_RSA_WITH_RABBIT_SHA       = 0xFD,
-
-    /* CyaSSL extension - Blake2b 256 */
-    TLS_RSA_WITH_AES_128_CBC_B2B256   = 0xF8,
-    TLS_RSA_WITH_AES_256_CBC_B2B256   = 0xF9,
-    TLS_RSA_WITH_HC_128_B2B256        = 0xFA,   /* eSTREAM too */
-
-    /* CyaSSL extension - NTRU */
-    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
-    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
-    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA  = 0xe7,  /* clashes w/official SHA-256 */
-    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA  = 0xe8,
-
-    /* SHA256 */
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
-    TLS_RSA_WITH_AES_256_CBC_SHA256     = 0x3d,
-    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c,
-    TLS_RSA_WITH_NULL_SHA256            = 0x3b,
-    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
-    TLS_DHE_PSK_WITH_NULL_SHA256        = 0xb4,
-
-    /* SHA384 */
-    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
-    TLS_DHE_PSK_WITH_NULL_SHA384        = 0xb5,
-
-    /* AES-GCM */
-    TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x9c,
-    TLS_RSA_WITH_AES_256_GCM_SHA384          = 0x9d,
-    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      = 0x9e,
-    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      = 0x9f,
-    TLS_PSK_WITH_AES_128_GCM_SHA256          = 0xa8,
-    TLS_PSK_WITH_AES_256_GCM_SHA384          = 0xa9,
-    TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      = 0xaa,
-    TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      = 0xab,
-
-    /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  = 0x2b,
-    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  = 0x2c,
-    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   = 0x2d,
-    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   = 0x2e,
-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = 0x2f,
-    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = 0x30,
-    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = 0x31,
-    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = 0x32,
-
-    /* AES-CCM, first byte is 0xC0 but isn't ECC,
-     * also, in some of the other AES-CCM suites
-     * there will be second byte number conflicts
-     * with non-ECC AES-GCM */
-    TLS_RSA_WITH_AES_128_CCM_8         = 0xa0,
-    TLS_RSA_WITH_AES_256_CCM_8         = 0xa1,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
-    TLS_PSK_WITH_AES_128_CCM           = 0xa4,
-    TLS_PSK_WITH_AES_256_CCM           = 0xa5,
-    TLS_PSK_WITH_AES_128_CCM_8         = 0xa8,
-    TLS_PSK_WITH_AES_256_CCM_8         = 0xa9,
-    TLS_DHE_PSK_WITH_AES_128_CCM       = 0xa6,
-    TLS_DHE_PSK_WITH_AES_256_CCM       = 0xa7,
-
-    /* Camellia */
-    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        = 0x41,
-    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        = 0x84,
-    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     = 0xba,
-    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     = 0xc0,
-    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    = 0x45,
-    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    = 0x88,
-    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
-    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
-
-    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = 0x13,
-    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
-    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     = 0x15,
-
-    /* Renegotiation Indication Extension Special Suite */
-    TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0xff
-};
-
-
-#ifndef CYASSL_SESSION_TIMEOUT
-    #define CYASSL_SESSION_TIMEOUT 500
-    /* default session resumption cache timeout in seconds */
-#endif
-
-
-enum Misc {
-    ECC_BYTE    =  0xC0,           /* ECC first cipher suite byte */
-    CHACHA_BYTE = 0xCC,            /* ChaCha first cipher suite */
-
-    SEND_CERT       = 1,
-    SEND_BLANK_CERT = 2,
-
-    DTLS_MAJOR      = 0xfe,     /* DTLS major version number */
-    DTLS_MINOR      = 0xff,     /* DTLS minor version number */
-    DTLSv1_2_MINOR  = 0xfd,     /* DTLS minor version number */
-    SSLv3_MAJOR     = 3,        /* SSLv3 and TLSv1+  major version number */
-    SSLv3_MINOR     = 0,        /* TLSv1   minor version number */
-    TLSv1_MINOR     = 1,        /* TLSv1   minor version number */
-    TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
-    TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
-    OLD_HELLO_ID    = 0x01,     /* SSLv2 Client Hello Indicator */
-    INVALID_BYTE    = 0xff,     /* Used to initialize cipher specs values */
-    NO_COMPRESSION  =  0,
-    ZLIB_COMPRESSION = 221,     /* CyaSSL zlib compression */
-    HELLO_EXT_SIG_ALGO = 13,    /* ID for the sig_algo hello extension */
-    SECRET_LEN      = 48,       /* pre RSA and all master */
-    ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
-    SIZEOF_SENDER   =  4,       /* clnt or srvr           */
-    FINISHED_SZ     = 36,       /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
-    MAX_RECORD_SIZE = 16384,    /* 2^14, max size by standard */
-    MAX_MSG_EXTRA   = 38 + MAX_DIGEST_SIZE,
-                                /* max added to msg, mac + pad  from */
-                                /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
-                                   digest sz + BLOC_SZ (iv) + pad byte (1) */
-    MAX_COMP_EXTRA  = 1024,     /* max compression extra */
-    MAX_MTU         = 1500,     /* max expected MTU */
-    MAX_UDP_SIZE    = 8192 - 100, /* was MAX_MTU - 100 */
-    MAX_DH_SZ       = 1036,     /* 4096 p, pub, g + 2 byte size for each */
-    MAX_STR_VERSION = 8,        /* string rep of protocol version */
-
-    PAD_MD5        = 48,       /* pad length for finished */
-    PAD_SHA        = 40,       /* pad length for finished */
-    MAX_PAD_SIZE   = 256,      /* maximum length of padding */
-    COMPRESS_DUMMY_SIZE = 64,  /* compression dummy round size */
-    COMPRESS_CONSTANT   = 13,  /* compression calc constant */
-    COMPRESS_UPPER      = 55,  /* compression calc numerator */
-    COMPRESS_LOWER      = 64,  /* compression calc denominator */
-
-    PEM_LINE_LEN   = 80,       /* PEM line max + fudge */
-    LENGTH_SZ      =  2,       /* length field for HMAC, data only */
-    VERSION_SZ     =  2,       /* length of proctocol version */
-    SEQ_SZ         =  8,       /* 64 bit sequence number  */
-    BYTE3_LEN      =  3,       /* up to 24 bit byte lengths */
-    ALERT_SIZE     =  2,       /* level + description     */
-    VERIFY_HEADER  =  2,       /* always use 2 bytes      */
-    EXT_ID_SZ      =  2,       /* always use 2 bytes      */
-    MAX_DH_SIZE    = 513,      /* 4096 bit plus possible leading 0 */
-
-    MAX_SUITE_SZ = 200,        /* 100 suites for now! */
-    RAN_LEN      = 32,         /* random length           */
-    SEED_LEN     = RAN_LEN * 2, /* tls prf seed length    */
-    ID_LEN       = 32,         /* session id length       */
-    MAX_COOKIE_LEN = 32,       /* max dtls cookie size    */
-    COOKIE_SZ    = 20,         /* use a 20 byte cookie    */
-    SUITE_LEN    =  2,         /* cipher suite sz length  */
-    ENUM_LEN     =  1,         /* always a byte           */
-    OPAQUE8_LEN  =  1,         /* 1 byte                  */
-    OPAQUE16_LEN =  2,         /* 2 bytes                 */
-    OPAQUE24_LEN =  3,         /* 3 bytes                 */
-    OPAQUE32_LEN =  4,         /* 4 bytes                 */
-    COMP_LEN     =  1,         /* compression length      */
-    CURVE_LEN    =  2,         /* ecc named curve length  */
-    SERVER_ID_LEN = 20,        /* server session id length  */
-    
-    HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
-    RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
-    CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
-    REQ_HEADER_SZ         = 2,  /* cert request header sz  */
-    HINT_LEN_SZ           = 2,  /* length of hint size field */
-    TRUNCATED_HMAC_SZ     = 10, /* length of hmac w/ truncated hmac extension */
-    HELLO_EXT_TYPE_SZ     = 2,  /* length of a hello extension type */
-    HELLO_EXT_SZ          = 8,  /* total length of the lazy hello extensions */
-    HELLO_EXT_LEN         = 6,  /* length of the lazy hello extensions */
-    HELLO_EXT_SIGALGO_SZ  = 2,  /* length of signature algo extension  */
-    HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
-
-    DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
-    DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
-    DTLS_HANDSHAKE_EXTRA     = 8,  /* diff from normal */
-    DTLS_RECORD_EXTRA        = 8,  /* diff from normal */
-    DTLS_HANDSHAKE_SEQ_SZ    = 2,  /* handshake header sequence number */
-    DTLS_HANDSHAKE_FRAG_SZ   = 3,  /* fragment offset and length are 24 bit */
-    DTLS_POOL_SZ             = 5,  /* buffers to hold in the retry pool */
-
-    FINISHED_LABEL_SZ   = 15,  /* TLS finished label size */
-    TLS_FINISHED_SZ     = 12,  /* TLS has a shorter size  */
-    MASTER_LABEL_SZ     = 13,  /* TLS master secret label sz */
-    KEY_LABEL_SZ        = 13,  /* TLS key block expansion sz */
-    MAX_PRF_HALF        = 256, /* Maximum half secret len */
-    MAX_PRF_LABSEED     = 128, /* Maximum label + seed len */
-    MAX_PRF_DIG         = 224, /* Maximum digest len      */
-    MAX_REQUEST_SZ      = 256, /* Maximum cert req len (no auth yet */
-    SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 
-
-    RC4_KEY_SIZE        = 16,  /* always 128bit           */
-    DES_KEY_SIZE        =  8,  /* des                     */
-    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
-    DES_IV_SIZE         = DES_BLOCK_SIZE,
-    AES_256_KEY_SIZE    = 32,  /* for 256 bit             */
-    AES_192_KEY_SIZE    = 24,  /* for 192 bit             */
-    AES_IV_SIZE         = 16,  /* always block size       */
-    AES_128_KEY_SIZE    = 16,  /* for 128 bit             */
-
-    AEAD_SEQ_OFFSET     = 4,        /* Auth Data: Sequence number */
-    AEAD_TYPE_OFFSET    = 8,        /* Auth Data: Type            */
-    AEAD_VMAJ_OFFSET    = 9,        /* Auth Data: Major Version   */
-    AEAD_VMIN_OFFSET    = 10,       /* Auth Data: Minor Version   */
-    AEAD_LEN_OFFSET     = 11,       /* Auth Data: Length          */
-    AEAD_AUTH_DATA_SZ   = 13,       /* Size of the data to authenticate */
-    AEAD_IMP_IV_SZ      = 4,        /* Size of the implicit IV     */
-    AEAD_EXP_IV_SZ      = 8,        /* Size of the explicit IV     */
-    AEAD_NONCE_SZ       = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
-
-    AES_GCM_AUTH_SZ     = 16, /* AES-GCM Auth Tag length    */
-    AES_CCM_16_AUTH_SZ  = 16, /* AES-CCM-16 Auth Tag length */
-    AES_CCM_8_AUTH_SZ   = 8,  /* AES-CCM-8 Auth Tag Length  */
-
-    CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
-    CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
-    CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
-    CAMELLIA_IV_SIZE      = 16, /* always block size */
-
-    CHACHA20_256_KEY_SIZE = 32,  /* for 256 bit             */
-    CHACHA20_128_KEY_SIZE = 16,  /* for 128 bit             */
-    CHACHA20_IV_SIZE      =  8,  /* 64 bits for iv          */
-
-    POLY1305_AUTH_SZ    = 16,  /* 128 bits                */
-
-    HC_128_KEY_SIZE     = 16,  /* 128 bits                */
-    HC_128_IV_SIZE      = 16,  /* also 128 bits           */
-
-    RABBIT_KEY_SIZE     = 16,  /* 128 bits                */
-    RABBIT_IV_SIZE      =  8,  /* 64 bits for iv          */
-
-    EVP_SALT_SIZE       =  8,  /* evp salt size 64 bits   */
-
-    ECDHE_SIZE          = 32,  /* ECHDE server size defaults to 256 bit */
-    MAX_EXPORT_ECC_SZ   = 256, /* Export ANS X9.62 max future size */
-
-    MAX_HELLO_SZ       = 128,  /* max client or server hello */
-    MAX_CERT_VERIFY_SZ = 1024, /* max   */
-    CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
-    MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
-
-    DTLS_TIMEOUT_INIT       =  1, /* default timeout init for DTLS receive  */
-    DTLS_TIMEOUT_MAX        = 64, /* default max timeout for DTLS receive */
-    DTLS_TIMEOUT_MULTIPLIER =  2, /* default timeout multiplier for DTLS recv */
-
-    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
-    MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */
-
-    MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4,  /* 4 mb file size alloc limit */
-
-#ifdef FORTRESS
-    MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
-#endif
-
-    MAX_X509_SIZE      = 2048, /* max static x509 buffer size */
-    CERT_MIN_SIZE      =  256, /* min PEM cert size with header/footer */
-    MAX_FILENAME_SZ    =  256, /* max file name length */
-    FILE_BUFFER_SIZE   = 1024, /* default static file buffer size for input,
-                                  will use dynamic buffer if not big enough */
-
-    MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
-    MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
-    MAX_NTRU_BITS       =  256, /* max symmetric bit strength */
-    NO_SNIFF           =   0,  /* not sniffing */
-    SNIFF              =   1,  /* currently sniffing */
-
-    HASH_SIG_SIZE      =   2,  /* default SHA1 RSA */
-
-    NO_CAVIUM_DEVICE   =  -2,  /* invalid cavium device id */
-
-    NO_COPY            =   0,  /* should we copy static buffer for write */
-    COPY               =   1   /* should we copy static buffer for write */
-};
-
-#ifdef SESSION_INDEX
-/* Shift values for making a session index */
-#define SESSIDX_ROW_SHIFT 4
-#define SESSIDX_IDX_MASK  0x0F
-#endif
-
-
-/* max cert chain peer depth */
-#ifndef MAX_CHAIN_DEPTH
-    #define MAX_CHAIN_DEPTH 9
-#endif
-
-#ifndef SESSION_TICKET_LEN
-    #define SESSION_TICKET_LEN 256
-#endif
-
-
-/* don't use extra 3/4k stack space unless need to */
-#ifdef HAVE_NTRU
-    #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
-#else
-    #define MAX_ENCRYPT_SZ ENCRYPT_LEN
-#endif
-
-
-/* states */
-enum states {
-    NULL_STATE = 0,
-
-    SERVER_HELLOVERIFYREQUEST_COMPLETE,
-    SERVER_HELLO_COMPLETE,
-    SERVER_CERT_COMPLETE,
-    SERVER_KEYEXCHANGE_COMPLETE,
-    SERVER_HELLODONE_COMPLETE,
-    SERVER_FINISHED_COMPLETE,
-
-    CLIENT_HELLO_COMPLETE,
-    CLIENT_KEYEXCHANGE_COMPLETE,
-    CLIENT_FINISHED_COMPLETE,
-
-    HANDSHAKE_DONE
-};
-
-
-#if defined(__GNUC__)
-    #define CYASSL_PACK __attribute__ ((packed))
-#else
-    #define CYASSL_PACK
-#endif
-
-/* SSL Version */
-typedef struct ProtocolVersion {
-    byte major;
-    byte minor;
-} CYASSL_PACK ProtocolVersion;
-
-
-CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
-CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
-CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
-CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
-
-#ifdef CYASSL_DTLS
-    CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
-    CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
-#endif
-
-
-enum BIO_TYPE {
-    BIO_BUFFER = 1,
-    BIO_SOCKET = 2,
-    BIO_SSL    = 3,
-    BIO_MEMORY = 4
-};
-
-
-/* CyaSSL BIO_METHOD type */
-struct CYASSL_BIO_METHOD {
-    byte type;               /* method type */
-};
-
-
-/* CyaSSL BIO type */
-struct CYASSL_BIO {
-    byte        type;          /* method type */
-    byte        close;         /* close flag */
-    byte        eof;           /* eof flag */
-    CYASSL*     ssl;           /* possible associated ssl */
-    byte*       mem;           /* memory buffer */
-    int         memLen;        /* memory buffer length */
-    int         fd;            /* possible file descriptor */
-    CYASSL_BIO* prev;          /* previous in chain */
-    CYASSL_BIO* next;          /* next in chain */
-};
-
-
-/* CyaSSL method type */
-struct CYASSL_METHOD {
-    ProtocolVersion version;
-    byte            side;         /* connection side, server or client */
-    byte            downgrade;    /* whether to downgrade version, default no */
-};
-
-
-/* defautls to client */
-CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
-
-/* for sniffer */
-CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
-                            word32 size, word32 totalSz, int sniff);
-CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
-
-
-/* CyaSSL buffer type */
-typedef struct buffer {
-    word32 length;
-    byte*  buffer;
-} buffer;
-
-
-enum {
-    FORCED_FREE = 1,
-    NO_FORCED_FREE = 0
-};
-
-
-/* only use compression extra if using compression */
-#ifdef HAVE_LIBZ
-    #define COMP_EXTRA MAX_COMP_EXTRA
-#else
-    #define COMP_EXTRA 0
-#endif
-
-/* only the sniffer needs space in the buffer for extra MTU record(s) */
-#ifdef CYASSL_SNIFFER
-    #define MTU_EXTRA MAX_MTU * 3 
-#else
-    #define MTU_EXTRA 0
-#endif
-
-
-/* embedded callbacks require large static buffers, make sure on */
-#ifdef CYASSL_CALLBACKS
-    #undef  LARGE_STATIC_BUFFERS
-    #define LARGE_STATIC_BUFFERS
-#endif
-
-
-/* give user option to use 16K static buffers */
-#if defined(LARGE_STATIC_BUFFERS)
-    #define RECORD_SIZE MAX_RECORD_SIZE
-#else
-    #ifdef CYASSL_DTLS
-        #define RECORD_SIZE MAX_MTU 
-    #else
-        #define RECORD_SIZE 128 
-    #endif
-#endif
-
-
-/* user option to turn off 16K output option */
-/* if using small static buffers (default) and SSL_write tries to write data
-   larger than the record we have, dynamically get it, unless user says only
-   write in static buffer chuncks  */
-#ifndef STATIC_CHUNKS_ONLY
-    #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
-#else
-    #define OUTPUT_RECORD_SIZE RECORD_SIZE
-#endif
-
-/* CyaSSL input buffer
-
-   RFC 2246:
-
-   length
-       The length (in bytes) of the following TLSPlaintext.fragment.
-       The length should not exceed 2^14.
-*/
-#if defined(LARGE_STATIC_BUFFERS)
-    #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
-             MTU_EXTRA + MAX_MSG_EXTRA
-#else
-    /* don't fragment memory from the record header */
-    #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
-#endif
-
-typedef struct {
-    word32 length;       /* total buffer length used */
-    word32 idx;          /* idx to part of length already consumed */
-    byte*  buffer;       /* place holder for static or dynamic buffer */
-    word32 bufferSize;   /* current buffer size */
-    ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
-    byte   dynamicFlag;  /* dynamic memory currently in use */
-    byte   offset;       /* alignment offset attempt */
-} bufferStatic;
-
-/* Cipher Suites holder */
-typedef struct Suites {
-    int    setSuites;               /* user set suites from default */
-    byte   suites[MAX_SUITE_SZ];  
-    word16 suiteSz;                 /* suite length in bytes        */
-    byte   hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
-    word16 hashSigAlgoSz;           /* SigAlgo extension length in bytes */
-    byte   hashAlgo;                /* selected hash algorithm */
-    byte   sigAlgo;                 /* selected sig algorithm */
-} Suites;
-
-
-CYASSL_LOCAL
-void InitSuites(Suites*, ProtocolVersion,
-                                     byte, byte, byte, byte, byte, byte, int);
-CYASSL_LOCAL
-int  SetCipherList(Suites*, const char* list);
-
-#ifndef PSK_TYPES_DEFINED
-    typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
-                          unsigned int, unsigned char*, unsigned int);
-    typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
-                          unsigned char*, unsigned int);
-#endif /* PSK_TYPES_DEFINED */
-
-
-#ifdef HAVE_NETX
-    CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx);
-    CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx);
-#endif /* HAVE_NETX */
-
-
-/* CyaSSL Cipher type just points back to SSL */
-struct CYASSL_CIPHER {
-    CYASSL* ssl;
-};
-
-
-typedef struct OCSP_Entry OCSP_Entry;
-
-#ifdef SHA_DIGEST_SIZE
-    #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
-#else
-    #define OCSP_DIGEST_SIZE 160
-#endif
-
-#ifdef NO_ASN 
-    /* no_asn won't have */
-    typedef struct CertStatus CertStatus;
-#endif
-
-struct OCSP_Entry {
-    OCSP_Entry* next;                        /* next entry             */
-    byte    issuerHash[OCSP_DIGEST_SIZE];    /* issuer hash            */ 
-    byte    issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
-    CertStatus* status;                      /* OCSP response list     */
-    int         totalStatus;                 /* number on list         */
-};
-
-
-#ifndef HAVE_OCSP
-    typedef struct CYASSL_OCSP CYASSL_OCSP;
-#endif
-
-/* CyaSSL OCSP controller */
-struct CYASSL_OCSP {
-    CYASSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
-    OCSP_Entry*          ocspList;      /* OCSP response list */
-    CyaSSL_Mutex         ocspLock;      /* OCSP list lock */
-};
-
-#ifndef MAX_DATE_SIZE
-#define MAX_DATE_SIZE 32
-#endif
-
-typedef struct CRL_Entry CRL_Entry;
-
-#ifdef SHA_DIGEST_SIZE
-    #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
-#else
-    #define CRL_DIGEST_SIZE 160
-#endif
-
-#ifdef NO_ASN 
-    typedef struct RevokedCert RevokedCert;
-#endif
-
-/* Complete CRL */
-struct CRL_Entry {
-    CRL_Entry* next;                      /* next entry */
-    byte    issuerHash[CRL_DIGEST_SIZE];  /* issuer hash                 */ 
-    /* byte    crlHash[CRL_DIGEST_SIZE];      raw crl data hash           */ 
-    /* restore the hash here if needed for optimized comparisons */
-    byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
-    byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
-    byte    lastDateFormat;          /* last date format */
-    byte    nextDateFormat;          /* next date format */
-    RevokedCert* certs;              /* revoked cert list  */
-    int          totalCerts;         /* number on list     */
-};
-
-
-typedef struct CRL_Monitor CRL_Monitor;
-
-/* CRL directory monitor */
-struct CRL_Monitor {
-    char* path;      /* full dir path, if valid pointer we're using */
-    int   type;      /* PEM or ASN1 type */
-};
-
-
-#ifndef HAVE_CRL
-    typedef struct CYASSL_CRL CYASSL_CRL;
-#endif
-
-/* CyaSSL CRL controller */
-struct CYASSL_CRL {
-    CYASSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
-    CRL_Entry*           crlList;       /* our CRL list */
-    CyaSSL_Mutex         crlLock;       /* CRL list lock */
-    CRL_Monitor          monitors[2];   /* PEM and DER possible */
-#ifdef HAVE_CRL_MONITOR
-    pthread_t            tid;           /* monitoring thread */
-    int                  mfd;           /* monitor fd, -1 if no init yet */
-#endif
-};
-
-
-#ifdef NO_ASN 
-    typedef struct Signer Signer;
-#endif
-
-
-#ifndef CA_TABLE_SIZE
-    #define CA_TABLE_SIZE 11
-#endif
-
-/* CyaSSL Certificate Manager */
-struct CYASSL_CERT_MANAGER {
-    Signer*         caTable[CA_TABLE_SIZE]; /* the CA signer table */
-    CyaSSL_Mutex    caLock;             /* CA list lock */
-    CallbackCACache caCacheCallback;    /* CA cache addition callback */
-    void*           heap;               /* heap helper */
-    CYASSL_CRL*     crl;                /* CRL checker */
-    byte            crlEnabled;         /* is CRL on ? */
-    byte            crlCheckAll;        /* always leaf, but all ? */
-    CbMissingCRL    cbMissingCRL;       /* notify through cb of missing crl */
-    CYASSL_OCSP*    ocsp;               /* OCSP checker */
-    byte            ocspEnabled;        /* is OCSP on ? */
-    byte            ocspSendNonce;      /* send the OCSP nonce ? */
-    byte            ocspUseOverrideURL; /* ignore cert's responder, override */
-    char*           ocspOverrideURL;    /* use this responder */
-    void*           ocspIOCtx;          /* I/O callback CTX */
-    CbOCSPIO        ocspIOCb;           /* I/O callback for OCSP lookup */
-    CbOCSPRespFree  ocspRespFreeCb;     /* Frees OCSP Response from IO Cb */
-};
-
-CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER*, const char*);
-CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER*, const char*);
-CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER*, void*, int, int*);
-CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER*, const void*, int);
-CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*);
-
-/* CyaSSL Sock Addr */
-struct CYASSL_SOCKADDR {
-    unsigned int sz; /* sockaddr size */
-    void*        sa; /* pointer to the sockaddr_in or sockaddr_in6 */
-};
-
-typedef struct CYASSL_DTLS_CTX {
-    CYASSL_SOCKADDR peer;
-    int fd;
-} CYASSL_DTLS_CTX;
-
-
-#ifdef CYASSL_DTLS
-
-    #ifdef WORD64_AVAILABLE
-        typedef word64 DtlsSeq;
-    #else
-        typedef word32 DtlsSeq;
-    #endif
-    #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
-
-    typedef struct DtlsState {
-        DtlsSeq window;     /* Sliding window for current epoch    */
-        word16 nextEpoch;   /* Expected epoch in next record       */
-        word32 nextSeq;     /* Expected sequence in next record    */
-
-        word16 curEpoch;    /* Received epoch in current record    */
-        word32 curSeq;      /* Received sequence in current record */
-
-        DtlsSeq prevWindow; /* Sliding window for old epoch        */
-        word32 prevSeq;     /* Next sequence in allowed old epoch  */
-    } DtlsState;
-
-#endif /* CYASSL_DTLS */
-
-
-/* keys and secrets */
-typedef struct Keys {
-    byte client_write_MAC_secret[MAX_DIGEST_SIZE];   /* max sizes */
-    byte server_write_MAC_secret[MAX_DIGEST_SIZE];
-    byte client_write_key[AES_256_KEY_SIZE];         /* max sizes */
-    byte server_write_key[AES_256_KEY_SIZE];
-    byte client_write_IV[AES_IV_SIZE];               /* max sizes */
-    byte server_write_IV[AES_IV_SIZE];
-#ifdef HAVE_AEAD
-    byte aead_exp_IV[AEAD_EXP_IV_SZ];
-    byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
-    byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
-#endif
-
-    word32 peer_sequence_number;
-    word32 sequence_number;
-
-#ifdef CYASSL_DTLS
-    DtlsState dtls_state;                       /* Peer's state */
-    word16 dtls_peer_handshake_number;
-    word16 dtls_expected_peer_handshake_number;
-
-    word16 dtls_epoch;                          /* Current tx epoch    */
-    word32 dtls_sequence_number;                /* Current tx sequence */
-    word16 dtls_handshake_number;               /* Current tx handshake seq */
-#endif
-
-    word32 encryptSz;             /* last size of encrypted data   */
-    word32 padSz;                 /* how much to advance after decrypt part */
-    byte   encryptionOn;          /* true after change cipher spec */
-    byte   decryptedCur;          /* only decrypt current record once */
-} Keys;
-
-
-
-/* RFC 6066 TLS Extensions */
-#ifdef HAVE_TLS_EXTENSIONS
-
-typedef enum {
-    SERVER_NAME_INDICATION = 0x0000,
-    MAX_FRAGMENT_LENGTH    = 0x0001,
-    TRUNCATED_HMAC         = 0x0004,
-    ELLIPTIC_CURVES        = 0x000a,
-    SESSION_TICKET         = 0x0023,
-    SECURE_RENEGOTIATION   = 0xff01
-} TLSX_Type;
-
-typedef struct TLSX {
-    TLSX_Type    type; /* Extension Type  */
-    void*        data; /* Extension Data  */
-    byte         resp; /* IsResponse Flag */
-    struct TLSX* next; /* List Behavior   */
-} TLSX;
-
-CYASSL_LOCAL TLSX*  TLSX_Find(TLSX* list, TLSX_Type type);
-CYASSL_LOCAL void   TLSX_FreeAll(TLSX* list);
-CYASSL_LOCAL int    TLSX_SupportExtensions(CYASSL* ssl);
-
-#ifndef NO_CYASSL_CLIENT
-CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
-CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output);
-#endif
-
-#ifndef NO_CYASSL_SERVER
-CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl);
-CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
-#endif
-
-CYASSL_LOCAL int    TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
-                                                byte isRequest, Suites *suites);
-                                                
-#elif defined(HAVE_SNI)                  \
-   || defined(HAVE_MAX_FRAGMENT)         \
-   || defined(HAVE_TRUNCATED_HMAC)       \
-   || defined(HAVE_SUPPORTED_CURVES)     \
-   || defined(HAVE_SECURE_RENEGOTIATION) \
-   || defined(HAVE_SESSION_TICKET)
-
-#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
-
-#endif /* HAVE_TLS_EXTENSIONS */
-
-/* Server Name Indication */
-#ifdef HAVE_SNI
-
-typedef struct SNI {
-    byte                       type;    /* SNI Type          */
-    union { char* host_name; } data;    /* SNI Data          */
-    struct SNI*                next;    /* List Behavior     */
-#ifndef NO_CYASSL_SERVER
-    byte                       options; /* Behaviour options */
-    byte                       status;  /* Matching result   */
-#endif
-} SNI;
-
-CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
-                                                                   word16 size);
-
-#ifndef NO_CYASSL_SERVER
-CYASSL_LOCAL void   TLSX_SNI_SetOptions(TLSX* extensions, byte type,
-                                                                  byte options);
-CYASSL_LOCAL byte   TLSX_SNI_Status(TLSX* extensions, byte type);
-CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
-                                                                   void** data);
-CYASSL_LOCAL int    TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
-                                         byte type, byte* sni, word32* inOutSz);
-#endif
-
-#endif /* HAVE_SNI */
-
-/* Maximum Fragment Length */
-#ifdef HAVE_MAX_FRAGMENT
-
-CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
-
-#endif /* HAVE_MAX_FRAGMENT */
-
-#ifdef HAVE_TRUNCATED_HMAC
-
-CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
-
-#endif /* HAVE_TRUNCATED_HMAC */
-
-#ifdef HAVE_SUPPORTED_CURVES
-
-typedef struct EllipticCurve {
-    word16                name; /* CurveNames    */
-    struct EllipticCurve* next; /* List Behavior */
-} EllipticCurve;
-
-CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
-
-#ifndef NO_CYASSL_SERVER
-CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
-                                                                   byte second);
-#endif
-
-#endif /* HAVE_SUPPORTED_CURVES */
-
-#ifdef HAVE_SECURE_RENEGOTIATION
-
-enum key_cache_state {
-    SCR_CACHE_NULL   = 0,       /* empty / begin state */
-    SCR_CACHE_NEEDED,           /* need to cache keys */
-    SCR_CACHE_COPY,             /* we have a cached copy */
-    SCR_CACHE_PARTIAL,          /* partial restore to real keys */
-    SCR_CACHE_COMPLETE          /* complete restore to real keys */
-};
-
-
-/* Additional Conection State according to rfc5746 section 3.1 */
-typedef struct SecureRenegotiation {
-   byte                 enabled;  /* secure_renegotiation flag in rfc */
-   byte                 startScr; /* server requested client to start scr */
-   enum key_cache_state cache_status;  /* track key cache state */
-   byte                 client_verify_data[TLS_FINISHED_SZ];  /* cached */
-   byte                 server_verify_data[TLS_FINISHED_SZ];  /* cached */
-   byte                 subject_hash[SHA_DIGEST_SIZE];  /* peer cert hash */
-   Keys                 tmp_keys;  /* can't overwrite real keys yet */
-} SecureRenegotiation;
-
-CYASSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
-
-#endif /* HAVE_SECURE_RENEGOTIATION */
-
-#ifdef HAVE_SESSION_TICKET
-
-typedef struct SessionTicket {
-    word32 lifetime;
-    byte*  data;
-    word16 size;
-} SessionTicket;
-
-CYASSL_LOCAL int  TLSX_UseSessionTicket(TLSX** extensions, 
-                                                         SessionTicket* ticket);
-CYASSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
-                                                       byte* data, word16 size);
-CYASSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
-#endif /* HAVE_SESSION_TICKET */
-
-/* CyaSSL context type */
-struct CYASSL_CTX {
-    CYASSL_METHOD* method;
-    CyaSSL_Mutex   countMutex;    /* reference count mutex */
-    int         refCount;         /* reference count */
-#ifndef NO_CERTS
-    buffer      certificate;
-    buffer      certChain;
-                 /* chain after self, in DER, with leading size for each cert */
-    buffer      privateKey;
-    buffer      serverDH_P;
-    buffer      serverDH_G;
-    CYASSL_CERT_MANAGER* cm;      /* our cert manager, ctx owns SSL will use */
-#endif
-    Suites      suites;
-    void*       heap;             /* for user memory overrides */
-    byte        verifyPeer;
-    byte        verifyNone;
-    byte        failNoCert;
-    byte        sessionCacheOff;
-    byte        sessionCacheFlushOff;
-    byte        sendVerify;       /* for client side */
-    byte        haveRSA;          /* RSA available */
-    byte        haveDH;           /* server DH parms set by user */
-    byte        haveNTRU;         /* server private NTRU  key loaded */
-    byte        haveECDSAsig;     /* server cert signed w/ ECDSA */
-    byte        haveStaticECC;    /* static server ECC private key */
-    byte        partialWrite;     /* only one msg per write call */
-    byte        quietShutdown;    /* don't send close notify */
-    byte        groupMessages;    /* group handshake messages before sending */
-    CallbackIORecv CBIORecv;
-    CallbackIOSend CBIOSend;
-#ifdef CYASSL_DTLS
-    CallbackGenCookie CBIOCookie;       /* gen cookie callback */
-#endif
-    VerifyCallback  verifyCallback;     /* cert verification callback */
-    word32          timeout;            /* session timeout */
-#ifdef HAVE_ECC
-    word16          eccTempKeySz;       /* in octets 20 - 66 */
-    word32          pkCurveOID;         /* curve Ecc_Sum */
-#endif
-#ifndef NO_PSK
-    byte        havePSK;                /* psk key set by user */
-    psk_client_callback client_psk_cb;  /* client callback */
-    psk_server_callback server_psk_cb;  /* server callback */
-    char        server_hint[MAX_PSK_ID_LEN];
-#endif /* NO_PSK */
-#ifdef HAVE_ANON
-    byte        haveAnon;               /* User wants to allow Anon suites */
-#endif /* HAVE_ANON */
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-    pem_password_cb passwd_cb;
-    void*            userdata;
-#endif /* OPENSSL_EXTRA */
-#ifdef HAVE_OCSP
-    CYASSL_OCSP      ocsp;
-#endif
-#ifdef HAVE_CAVIUM
-    int              devId;            /* cavium device id to use */
-#endif
-#ifdef HAVE_TLS_EXTENSIONS
-    TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
-#endif
-#ifdef ATOMIC_USER
-    CallbackMacEncrypt    MacEncryptCb;    /* Atomic User Mac/Encrypt Cb */
-    CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
-#endif
-#ifdef HAVE_PK_CALLBACKS
-    #ifdef HAVE_ECC
-        CallbackEccSign   EccSignCb;    /* User EccSign   Callback handler */
-        CallbackEccVerify EccVerifyCb;  /* User EccVerify Callback handler */
-    #endif /* HAVE_ECC */
-    #ifndef NO_RSA 
-        CallbackRsaSign   RsaSignCb;    /* User RsaSign   Callback handler */
-        CallbackRsaVerify RsaVerifyCb;  /* User RsaVerify Callback handler */
-        CallbackRsaEnc    RsaEncCb;     /* User Rsa Public Encrypt  handler */
-        CallbackRsaDec    RsaDecCb;     /* User Rsa Private Decrypt handler */
-    #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-};
-
-
-CYASSL_LOCAL
-int InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*);
-CYASSL_LOCAL
-void FreeSSL_Ctx(CYASSL_CTX*);
-CYASSL_LOCAL
-void SSL_CtxResourceFree(CYASSL_CTX*);
-
-CYASSL_LOCAL
-int DeriveTlsKeys(CYASSL* ssl);
-CYASSL_LOCAL
-int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
-                          word32 inSz, word16 sz);
-#ifndef NO_CERTS
-    CYASSL_LOCAL
-    int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
-    CYASSL_LOCAL
-    int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
-#endif
-
-/* All cipher suite related info */
-typedef struct CipherSpecs {
-    byte bulk_cipher_algorithm;
-    byte cipher_type;               /* block, stream, or aead */
-    byte mac_algorithm;
-    byte kea;                       /* key exchange algo */
-    byte sig_algo;
-    byte hash_size;
-    byte pad_size;
-    byte static_ecdh;
-    word16 key_size;
-    word16 iv_size;
-    word16 block_size;
-    word16 aead_mac_size;
-} CipherSpecs;
-
-
-void InitCipherSpecs(CipherSpecs* cs);
-
-
-/* Supported Message Authentication Codes from page 43 */
-enum MACAlgorithm { 
-    no_mac,
-    md5_mac,
-    sha_mac,
-    sha224_mac,
-    sha256_mac,     /* needs to match external KDF_MacAlgorithm */
-    sha384_mac,
-    sha512_mac,
-    rmd_mac,
-    blake2b_mac
-};
-
-
-/* Supported Key Exchange Protocols */
-enum KeyExchangeAlgorithm { 
-    no_kea,
-    rsa_kea, 
-    diffie_hellman_kea, 
-    fortezza_kea,
-    psk_kea,
-    dhe_psk_kea,
-    ntru_kea,
-    ecc_diffie_hellman_kea,
-    ecc_static_diffie_hellman_kea       /* for verify suite only */
-};
-
-
-/* Supported Authentication Schemes */
-enum SignatureAlgorithm {
-    anonymous_sa_algo,
-    rsa_sa_algo,
-    dsa_sa_algo,
-    ecc_dsa_sa_algo
-};
-
-
-/* Supprted ECC Curve Types */
-enum EccCurves {
-    named_curve = 3
-};
-
-
-/* Supprted ECC Named Curves */
-enum EccNamedCurves {
-    secp256r1 = 0x17,         /* default, OpenSSL also calls it prime256v1 */
-    secp384r1 = 0x18,
-    secp521r1 = 0x19,
-
-    secp160r1 = 0x10,
-    secp192r1 = 0x13,        /*           Openssl also call it prime192v1 */
-    secp224r1 = 0x15
-};
-
-
-/* Valid client certificate request types from page 27 */
-enum ClientCertificateType {    
-    rsa_sign            = 1, 
-    dss_sign            = 2,
-    rsa_fixed_dh        = 3,
-    dss_fixed_dh        = 4,
-    rsa_ephemeral_dh    = 5,
-    dss_ephemeral_dh    = 6,
-    fortezza_kea_cert   = 20,
-    ecdsa_sign          = 64,
-    rsa_fixed_ecdh      = 65,
-    ecdsa_fixed_ecdh    = 66
-};
-
-
-enum CipherType { stream, block, aead };
-
-
-
-
-
-
-/* cipher for now */
-typedef struct Ciphers {
-#ifdef BUILD_ARC4
-    Arc4*   arc4;
-#endif
-#ifdef BUILD_DES3
-    Des3*   des3;
-#endif
-#if defined(BUILD_AES) || defined(BUILD_AESGCM)
-    Aes*    aes;
-#endif
-#ifdef HAVE_CAMELLIA
-    Camellia* cam;
-#endif
-#ifdef HAVE_CHACHA 
-    ChaCha*   chacha;
-#endif
-#ifdef HAVE_HC128
-    HC128*  hc128;
-#endif
-#ifdef BUILD_RABBIT
-    Rabbit* rabbit;
-#endif
-    byte    setup;       /* have we set it up flag for detection */
-} Ciphers;
-
-
-#ifdef HAVE_ONE_TIME_AUTH
-/* Ciphers for one time authentication such as poly1305 */
-typedef struct OneTimeAuth {
-#ifdef HAVE_POLY1305 
-    Poly1305* poly1305;
-#endif
-    byte    setup;      /* flag for if a cipher has been set */
-
-} OneTimeAuth;
-#endif
-
-
-CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
-CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
-
-
-/* hashes type */
-typedef struct Hashes {
-    #ifndef NO_OLD_TLS
-        byte md5[MD5_DIGEST_SIZE];
-    #endif
-    byte sha[SHA_DIGEST_SIZE];
-    #ifndef NO_SHA256
-        byte sha256[SHA256_DIGEST_SIZE];
-    #endif
-    #ifdef CYASSL_SHA384
-        byte sha384[SHA384_DIGEST_SIZE];
-    #endif
-} Hashes;
-
-
-/* Static x509 buffer */
-typedef struct x509_buffer {
-    int  length;                  /* actual size */
-    byte buffer[MAX_X509_SIZE];   /* max static cert size */
-} x509_buffer;
-
-
-/* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
-struct CYASSL_X509_CHAIN {
-    int         count;                    /* total number in chain */
-    x509_buffer certs[MAX_CHAIN_DEPTH];   /* only allow max depth 4 for now */
-};
-
-
-/* CyaSSL session type */
-struct CYASSL_SESSION {
-    byte         sessionID[ID_LEN];             /* id for protocol */
-    byte         sessionIDSz;
-    byte         masterSecret[SECRET_LEN];      /* stored secret */
-    word32       bornOn;                        /* create time in seconds   */
-    word32       timeout;                       /* timeout in seconds       */
-#ifdef SESSION_CERTS
-    CYASSL_X509_CHAIN chain;                    /* peer cert chain, static  */
-    ProtocolVersion version;                    /* which version was used */
-    byte            cipherSuite0;               /* first byte, normally 0 */
-    byte            cipherSuite;                /* 2nd byte, actual suite */
-#endif
-#ifndef NO_CLIENT_CACHE
-    byte         serverID[SERVER_ID_LEN];       /* for easier client lookup */
-    word16       idLen;                         /* serverID length */
-#endif
-#ifdef HAVE_SESSION_TICKET
-    byte         ticket[SESSION_TICKET_LEN];
-    word16       ticketLen;
-#endif
-};
-
-
-CYASSL_LOCAL
-CYASSL_SESSION* GetSession(CYASSL*, byte*);
-CYASSL_LOCAL
-int          SetSession(CYASSL*, CYASSL_SESSION*);
-
-typedef int (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int);
-
-#ifndef NO_CLIENT_CACHE
-    CYASSL_SESSION* GetSessionClient(CYASSL*, const byte*, int);
-#endif
-
-/* client connect state for nonblocking restart */
-enum ConnectState {
-    CONNECT_BEGIN = 0,
-    CLIENT_HELLO_SENT,
-    HELLO_AGAIN,               /* HELLO_AGAIN s for DTLS case */
-    HELLO_AGAIN_REPLY,
-    FIRST_REPLY_DONE,
-    FIRST_REPLY_FIRST,
-    FIRST_REPLY_SECOND,
-    FIRST_REPLY_THIRD,
-    FIRST_REPLY_FOURTH,
-    FINISHED_DONE,
-    SECOND_REPLY_DONE
-};
-
-
-/* server accept state for nonblocking restart */
-enum AcceptState {
-    ACCEPT_BEGIN = 0,
-    ACCEPT_CLIENT_HELLO_DONE,
-    HELLO_VERIFY_SENT,
-    ACCEPT_FIRST_REPLY_DONE,
-    SERVER_HELLO_SENT,
-    CERT_SENT,
-    KEY_EXCHANGE_SENT,
-    CERT_REQ_SENT,
-    SERVER_HELLO_DONE,
-    ACCEPT_SECOND_REPLY_DONE,
-    CHANGE_CIPHER_SENT,
-    ACCEPT_FINISHED_DONE,
-    ACCEPT_THIRD_REPLY_DONE
-};
-
-
-typedef struct Buffers {
-#ifndef NO_CERTS
-    buffer          certificate;            /* CYASSL_CTX owns, unless we own */
-    buffer          key;                    /* CYASSL_CTX owns, unless we own */
-    buffer          certChain;              /* CYASSL_CTX owns, unless we own */
-                 /* chain after self, in DER, with leading size for each cert */
-    buffer          serverDH_P;             /* CYASSL_CTX owns, unless we own */
-    buffer          serverDH_G;             /* CYASSL_CTX owns, unless we own */
-    buffer          serverDH_Pub;
-    buffer          serverDH_Priv;
-#endif
-    buffer          domainName;             /* for client check */
-    bufferStatic    inputBuffer;
-    bufferStatic    outputBuffer;
-    buffer          clearOutputBuffer;
-    int             prevSent;              /* previous plain text bytes sent
-                                              when got WANT_WRITE            */
-    int             plainSz;               /* plain text bytes in buffer to send
-                                              when got WANT_WRITE            */
-    byte            weOwnCert;             /* SSL own cert flag */
-    byte            weOwnCertChain;        /* SSL own cert chain flag */
-    byte            weOwnKey;              /* SSL own key  flag */
-    byte            weOwnDH;               /* SSL own dh (p,g)  flag */
-#ifdef CYASSL_DTLS
-    CYASSL_DTLS_CTX dtlsCtx;               /* DTLS connection context */
-#endif
-#ifdef HAVE_PK_CALLBACKS
-    #ifdef HAVE_ECC
-        buffer peerEccDsaKey;              /* we own for Ecc Verify Callbacks */
-    #endif /* HAVE_ECC */
-    #ifndef NO_RSA
-        buffer peerRsaKey;                 /* we own for Rsa Verify Callbacks */
-    #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-} Buffers;
-
-typedef struct Options {
-    byte            sessionCacheOff;
-    byte            sessionCacheFlushOff;
-    byte            cipherSuite0;           /* first byte, normally 0 */
-    byte            cipherSuite;            /* second byte, actual suite */
-    byte            serverState;
-    byte            clientState;
-    byte            handShakeState;
-    byte            handShakeDone;      /* at least one handshake complete */
-    byte            side;               /* client or server end */
-    byte            verifyPeer;
-    byte            verifyNone;
-    byte            failNoCert;
-    byte            downgrade;          /* allow downgrade of versions */
-    byte            minDowngrade;       /* minimum downgrade version */
-    byte            sendVerify;         /* false = 0, true = 1, sendBlank = 2 */
-    byte            resuming;
-    byte            haveSessionId;      /* server may not send */
-    byte            tls;                /* using TLS ? */
-    byte            tls1_1;             /* using TLSv1.1+ ? */
-    byte            dtls;               /* using datagrams ? */
-    byte            connReset;          /* has the peer reset */
-    byte            isClosed;           /* if we consider conn closed */
-    byte            closeNotify;        /* we've recieved a close notify */
-    byte            sentNotify;         /* we've sent a close notify */
-    byte            connectState;       /* nonblocking resume */
-    byte            acceptState;        /* nonblocking resume */
-    byte            usingCompression;   /* are we using compression */
-    byte            haveRSA;            /* RSA available */
-    byte            haveDH;             /* server DH parms set by user */
-    byte            haveNTRU;           /* server NTRU  private key loaded */
-    byte            haveECDSAsig;       /* server ECDSA signed cert */
-    byte            haveStaticECC;      /* static server ECC private key */
-    byte            havePeerCert;       /* do we have peer's cert */
-    byte            havePeerVerify;     /* and peer's cert verify */
-    byte            usingPSK_cipher;    /* whether we're using psk as cipher */
-    byte            usingAnon_cipher;   /* whether we're using an anon cipher */
-    byte            sendAlertState;     /* nonblocking resume */ 
-    byte            processReply;       /* nonblocking resume */
-    byte            partialWrite;       /* only one msg per write call */
-    byte            quietShutdown;      /* don't send close notify */
-    byte            certOnly;           /* stop once we get cert */
-    byte            groupMessages;      /* group handshake messages */
-    byte            usingNonblock;      /* set when using nonblocking socket */
-    byte            saveArrays;         /* save array Memory for user get keys
-                                           or psk */
-#ifdef HAVE_POLY1305
-    byte            oldPoly;            /* set when to use old rfc way of poly*/
-#endif
-#ifndef NO_PSK
-    byte            havePSK;            /* psk key set by user */
-    psk_client_callback client_psk_cb;
-    psk_server_callback server_psk_cb;
-#endif /* NO_PSK */
-#ifdef HAVE_ANON
-    byte            haveAnon;           /* User wants to allow Anon suites */
-#endif /* HAVE_ANON */
-} Options;
-
-typedef struct Arrays {
-    byte            clientRandom[RAN_LEN];
-    byte            serverRandom[RAN_LEN];
-    byte            sessionID[ID_LEN];
-    byte            sessionIDSz;
-    byte            preMasterSecret[ENCRYPT_LEN];
-    byte            masterSecret[SECRET_LEN];
-#ifdef CYASSL_DTLS
-    byte            cookie[MAX_COOKIE_LEN];
-    byte            cookieSz;
-#endif
-#ifndef NO_PSK
-    char            client_identity[MAX_PSK_ID_LEN];
-    char            server_hint[MAX_PSK_ID_LEN];
-    byte            psk_key[MAX_PSK_KEY_LEN];
-    word32          psk_keySz;          /* acutal size */
-#endif
-    word32          preMasterSz;        /* differs for DH, actual size */
-} Arrays;
-
-#ifndef ASN_NAME_MAX
-#define ASN_NAME_MAX 256
-#endif
-
-#ifndef MAX_DATE_SZ
-#define MAX_DATE_SZ 32
-#endif
-
-struct CYASSL_X509_NAME {
-    char  *name;
-    char  staticName[ASN_NAME_MAX];
-    int   dynamicName;
-    int   sz;
-#ifdef OPENSSL_EXTRA
-    DecodedName fullName;
-#endif /* OPENSSL_EXTRA */
-};
-
-#ifndef EXTERNAL_SERIAL_SIZE
-    #define EXTERNAL_SERIAL_SIZE 32
-#endif
-
-#ifdef NO_ASN 
-    typedef struct DNS_entry DNS_entry;
-#endif
-
-struct CYASSL_X509 {
-    int              version;
-    CYASSL_X509_NAME issuer;
-    CYASSL_X509_NAME subject;
-    int              serialSz;
-    byte             serial[EXTERNAL_SERIAL_SIZE];
-    char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
-#ifdef CYASSL_SEP
-    int              deviceTypeSz;
-    byte             deviceType[EXTERNAL_SERIAL_SIZE];
-    int              hwTypeSz;
-    byte             hwType[EXTERNAL_SERIAL_SIZE];
-    int              hwSerialNumSz;
-    byte             hwSerialNum[EXTERNAL_SERIAL_SIZE];
-    #ifdef OPENSSL_EXTRA
-        byte             certPolicySet;
-        byte             certPolicyCrit;
-    #endif /* OPENSSL_EXTRA */
-#endif
-    int              notBeforeSz;
-    byte             notBefore[MAX_DATE_SZ];
-    int              notAfterSz;
-    byte             notAfter[MAX_DATE_SZ];
-    int              sigOID;
-    buffer           sig;
-    int              pubKeyOID;
-    buffer           pubKey;
-    #ifdef HAVE_ECC
-        word32       pkCurveOID;
-    #endif /* HAVE_ECC */
-    buffer           derCert;                        /* may need  */
-    DNS_entry*       altNames;                       /* alt names list */
-    DNS_entry*       altNamesNext;                   /* hint for retrieval */
-    byte             dynamicMemory;                  /* dynamic memory flag */
-    byte             isCa;
-#ifdef OPENSSL_EXTRA
-    word32           pathLength;
-    word16           keyUsage;
-    byte             basicConstSet;
-    byte             basicConstCrit;
-    byte             basicConstPlSet;
-    byte             subjAltNameSet;
-    byte             subjAltNameCrit;
-    byte             authKeyIdSet;
-    byte             authKeyIdCrit;
-    byte*            authKeyId;
-    word32           authKeyIdSz;
-    byte             subjKeyIdSet;
-    byte             subjKeyIdCrit;
-    byte*            subjKeyId;
-    word32           subjKeyIdSz;
-    byte             keyUsageSet;
-    byte             keyUsageCrit;
-#endif /* OPENSSL_EXTRA */
-};
-
-
-/* record layer header for PlainText, Compressed, and CipherText */
-typedef struct RecordLayerHeader {
-    byte            type;
-    byte            pvMajor;
-    byte            pvMinor;
-    byte            length[2];
-} RecordLayerHeader;
-
-
-/* record layer header for DTLS PlainText, Compressed, and CipherText */
-typedef struct DtlsRecordLayerHeader {
-    byte            type;
-    byte            pvMajor;
-    byte            pvMinor;
-    byte            epoch[2];             /* increment on cipher state change */
-    byte            sequence_number[6];   /* per record */
-    byte            length[2];
-} DtlsRecordLayerHeader;
-
-
-typedef struct DtlsPool {
-    buffer          buf[DTLS_POOL_SZ];
-    int             used;
-} DtlsPool;
-
-typedef struct DtlsMsg {
-    struct DtlsMsg* next;
-    word32          seq;       /* Handshake sequence number    */
-    word32          sz;        /* Length of whole mesage       */
-    word32          fragSz;    /* Length of fragments received */
-    byte            type;
-    byte*           buf;
-    byte*           msg;
-} DtlsMsg;
-
-
-#ifdef HAVE_NETX
-
-    /* NETX I/O Callback default */
-    typedef struct NetX_Ctx {
-        NX_TCP_SOCKET* nxSocket;    /* send/recv socket handle */
-        NX_PACKET*     nxPacket;    /* incoming packet handle for short reads */
-        ULONG          nxOffset;    /* offset already read from nxPacket */
-        ULONG          nxWait;      /* wait option flag */
-    } NetX_Ctx;
-
-#endif
-
-
-/* Handshake messages recevied from peer (plus change cipher */
-typedef struct MsgsReceived {
-    word16 got_hello_request:1;
-    word16 got_client_hello:1;
-    word16 got_server_hello:1;
-    word16 got_hello_verify_request:1;
-    word16 got_session_ticket:1;
-    word16 got_certificate:1;
-    word16 got_server_key_exchange:1;
-    word16 got_certificate_request:1;
-    word16 got_server_hello_done:1;
-    word16 got_certificate_verify:1;
-    word16 got_client_key_exchange:1;
-    word16 got_finished:1;
-    word16 got_change_cipher:1;
-} MsgsReceived;
-
-
-/* CyaSSL ssl type */
-struct CYASSL {
-    CYASSL_CTX*     ctx;
-    int             error;
-    ProtocolVersion version;            /* negotiated version */
-    ProtocolVersion chVersion;          /* client hello version */
-    Suites*         suites;             /* only need during handshake */
-    Ciphers         encrypt;
-    Ciphers         decrypt;
-#ifdef HAVE_ONE_TIME_AUTH
-    OneTimeAuth     auth;
-#endif
-    CipherSpecs     specs;
-    Keys            keys;
-    MsgsReceived    msgsReceived;       /* peer messages received */
-    int             rfd;                /* read  file descriptor */
-    int             wfd;                /* write file descriptor */
-    int             rflags;             /* user read  flags */
-    int             wflags;             /* user write flags */
-    CYASSL_BIO*     biord;              /* socket bio read  to free/close */
-    CYASSL_BIO*     biowr;              /* socket bio write to free/close */
-    void*           IOCB_ReadCtx;
-    void*           IOCB_WriteCtx;
-    RNG*            rng;
-#ifndef NO_OLD_TLS
-#ifndef NO_SHA
-    Sha             hashSha;            /* sha hash of handshake msgs */
-#endif
-#ifndef NO_MD5
-    Md5             hashMd5;            /* md5 hash of handshake msgs */
-#endif
-#endif
-#ifndef NO_SHA256
-    Sha256          hashSha256;         /* sha256 hash of handshake msgs */
-#endif
-#ifdef CYASSL_SHA384
-    Sha384          hashSha384;         /* sha384 hash of handshake msgs */
-#endif
-    Hashes          verifyHashes;
-    Hashes          certHashes;         /* for cert verify */
-    Buffers         buffers;
-    Options         options;
-    Arrays*         arrays;
-    CYASSL_SESSION  session;
-    VerifyCallback  verifyCallback;      /* cert verification callback */
-    void*           verifyCbCtx;         /* cert verify callback user ctx*/
-#ifndef NO_RSA
-    RsaKey*         peerRsaKey;
-    byte            peerRsaKeyPresent;
-#endif
-#ifdef HAVE_NTRU
-    word16          peerNtruKeyLen;
-    byte            peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
-    byte            peerNtruKeyPresent;
-#endif
-#ifdef HAVE_ECC
-    ecc_key*        peerEccKey;              /* peer's  ECDHE key */
-    ecc_key*        peerEccDsaKey;           /* peer's  ECDSA key */
-    ecc_key*        eccTempKey;              /* private ECDHE key */
-    ecc_key*        eccDsaKey;               /* private ECDSA key */
-    word16          eccTempKeySz;            /* in octets 20 - 66 */
-    word32          pkCurveOID;              /* curve Ecc_Sum     */
-    byte            peerEccKeyPresent;
-    byte            peerEccDsaKeyPresent;
-    byte            eccTempKeyPresent;
-    byte            eccDsaKeyPresent;
-#endif
-    hmacfp          hmac;
-    void*           heap;               /* for user overrides */
-    RecordLayerHeader curRL;
-    word16            curSize;
-    word32          timeout;            /* session timeout */
-    CYASSL_CIPHER   cipher;
-#ifdef HAVE_LIBZ
-    z_stream        c_stream;           /* compression   stream */
-    z_stream        d_stream;           /* decompression stream */
-    byte            didStreamInit;      /* for stream init and end */
-#endif
-#ifdef CYASSL_DTLS
-    int             dtls_timeout_init;  /* starting timeout vaule */
-    int             dtls_timeout_max;   /* maximum timeout value */
-    int             dtls_timeout;       /* current timeout value, changes */
-    DtlsPool*       dtls_pool;
-    DtlsMsg*        dtls_msg_list;
-    void*           IOCB_CookieCtx;     /* gen cookie ctx */
-    word32          dtls_expected_rx;
-#endif
-#ifdef CYASSL_CALLBACKS
-    HandShakeInfo   handShakeInfo;      /* info saved during handshake */
-    TimeoutInfo     timeoutInfo;        /* info saved during handshake */
-    byte            hsInfoOn;           /* track handshake info        */
-    byte            toInfoOn;           /* track timeout   info        */
-#endif
-#ifdef HAVE_FUZZER
-    CallbackFuzzer  fuzzerCb;           /* for testing with using fuzzer */
-    void*           fuzzerCtx;          /* user defined pointer */
-#endif
-#ifdef KEEP_PEER_CERT
-    CYASSL_X509     peerCert;           /* X509 peer cert */
-#endif
-#ifdef FORTRESS
-    void*           ex_data[MAX_EX_DATA]; /* external data, for Fortress */
-#endif
-#ifdef HAVE_CAVIUM
-    int              devId;            /* cavium device id to use */
-#endif
-#ifdef HAVE_TLS_EXTENSIONS
-    TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
-    #ifdef HAVE_MAX_FRAGMENT
-        word16 max_fragment;
-    #endif
-    #ifdef HAVE_TRUNCATED_HMAC
-        byte truncated_hmac;
-    #endif
-    #ifdef HAVE_SECURE_RENEGOTIATION
-        SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
-    #endif                                         /* user turned on */
-    #if !defined(NO_CYASSL_CLIENT) && defined(HAVE_SESSION_TICKET)
-        CallbackSessionTicket session_ticket_cb;
-        void*                 session_ticket_ctx;
-        byte                  expect_session_ticket;
-    #endif
-#endif /* HAVE_TLS_EXTENSIONS */
-#ifdef HAVE_NETX
-    NetX_Ctx        nxCtx;             /* NetX IO Context */
-#endif
-#ifdef SESSION_INDEX
-    int sessionIndex;                  /* Session's location in the cache. */
-#endif
-    CYASSL_ALERT_HISTORY alert_history;
-#ifdef ATOMIC_USER
-    void*    MacEncryptCtx;    /* Atomic User Mac/Encrypt Callback Context */
-    void*    DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
-#endif
-#ifdef HAVE_PK_CALLBACKS
-    #ifdef HAVE_ECC
-        void* EccSignCtx;     /* Ecc Sign   Callback Context */
-        void* EccVerifyCtx;   /* Ecc Verify Callback Context */
-    #endif /* HAVE_ECC */
-    #ifndef NO_RSA 
-        void* RsaSignCtx;     /* Rsa Sign   Callback Context */
-        void* RsaVerifyCtx;   /* Rsa Verify Callback Context */
-        void* RsaEncCtx;      /* Rsa Public  Encrypt   Callback Context */
-        void* RsaDecCtx;      /* Rsa Private Decrypt   Callback Context */
-    #endif /* NO_RSA */
-#endif /* HAVE_PK_CALLBACKS */
-#ifdef HAVE_SECRET_CALLBACK
-        SessionSecretCb sessionSecretCb;
-        void*           sessionSecretCtx;
-#endif /* HAVE_SECRET_CALLBACK */
-};
-
-
-CYASSL_LOCAL
-int  InitSSL(CYASSL*, CYASSL_CTX*);
-CYASSL_LOCAL
-void FreeSSL(CYASSL*);
-CYASSL_API void SSL_ResourceFree(CYASSL*);   /* Micrium uses */
-
-
-enum {
-    IV_SZ   = 32,          /* max iv sz */
-    NAME_SZ = 80          /* max one line */
-};
-
-
-typedef struct EncryptedInfo {
-    char     name[NAME_SZ];    /* encryption name */
-    byte     iv[IV_SZ];        /* encrypted IV */
-    word32   ivSz;             /* encrypted IV size */
-    long     consumed;         /* tracks PEM bytes consumed */
-    byte     set;              /* if encryption set */
-    CYASSL_CTX* ctx;              /* CTX owner */
-} EncryptedInfo;
-
-
-#ifndef NO_CERTS
-    CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
-                              buffer* der, void* heap, EncryptedInfo* info,
-                              int* eccKey);
-
-    CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
-                                 int type, CYASSL* ssl, int userChain,
-                                CYASSL_CRL* crl);
-#endif
-
-
-#ifdef CYASSL_CALLBACKS
-    CYASSL_LOCAL
-    void InitHandShakeInfo(HandShakeInfo*);
-    CYASSL_LOCAL 
-    void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*);
-    CYASSL_LOCAL 
-    void AddPacketName(const char*, HandShakeInfo*);
-
-    CYASSL_LOCAL
-    void InitTimeoutInfo(TimeoutInfo*);
-    CYASSL_LOCAL 
-    void FreeTimeoutInfo(TimeoutInfo*, void*);
-    CYASSL_LOCAL 
-    void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
-    CYASSL_LOCAL 
-    void AddLateName(const char*, TimeoutInfo*);
-    CYASSL_LOCAL 
-    void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
-#endif
-
-
-/* Record Layer Header identifier from page 12 */
-enum ContentType {
-    no_type            = 0,
-    change_cipher_spec = 20, 
-    alert              = 21, 
-    handshake          = 22, 
-    application_data   = 23 
-};
-
-
-/* handshake header, same for each message type, pgs 20/21 */
-typedef struct HandShakeHeader {
-    byte            type;
-    word24          length;
-} HandShakeHeader;
-
-
-/* DTLS handshake header, same for each message type */
-typedef struct DtlsHandShakeHeader {
-    byte            type;
-    word24          length;
-    byte            message_seq[2];    /* start at 0, restransmit gets same # */
-    word24          fragment_offset;   /* bytes in previous fragments */
-    word24          fragment_length;   /* length of this fragment */
-} DtlsHandShakeHeader;
-
-
-enum HandShakeType {
-    no_shake            = -1,
-    hello_request       = 0, 
-    client_hello        = 1, 
-    server_hello        = 2,
-    hello_verify_request = 3,       /* DTLS addition */
-    session_ticket      =  4,
-    certificate         = 11, 
-    server_key_exchange = 12,
-    certificate_request = 13, 
-    server_hello_done   = 14,
-    certificate_verify  = 15, 
-    client_key_exchange = 16,
-    finished            = 20,
-    change_cipher_hs    = 55      /* simulate unique handshake type for sanity
-                                     checks.  record layer change_cipher
-                                     conflicts with handshake finished */
-};
-
-
-static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
-static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
-
-static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
-static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
-
-
-/* internal functions */
-CYASSL_LOCAL int SendChangeCipher(CYASSL*);
-CYASSL_LOCAL int SendData(CYASSL*, const void*, int);
-CYASSL_LOCAL int SendCertificate(CYASSL*);
-CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
-CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
-CYASSL_LOCAL int SendBuffered(CYASSL*);
-CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int, int);
-CYASSL_LOCAL int SendFinished(CYASSL*);
-CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
-CYASSL_LOCAL int ProcessReply(CYASSL*);
-
-CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
-CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
-
-CYASSL_LOCAL int  AddSession(CYASSL*);
-CYASSL_LOCAL int  DeriveKeys(CYASSL* ssl);
-CYASSL_LOCAL int  StoreKeys(CYASSL* ssl, const byte* keyData);
-
-CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
-CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
-
-CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
-CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
-CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
-
-CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl);
-#ifndef NO_CERTS
-    CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
-    #ifndef NO_SKID
-        CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
-    #endif
-#endif
-CYASSL_LOCAL int  BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
-                                   const byte* sender);
-CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
-CYASSL_LOCAL  int CheckAvailableSize(CYASSL *ssl, int size);
-CYASSL_LOCAL  int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
-
-#ifndef NO_TLS
-    CYASSL_LOCAL int  MakeTlsMasterSecret(CYASSL*);
-    CYASSL_LOCAL int  TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
-                               word32 sz, int content, int verify);
-#endif
-
-#ifndef NO_CYASSL_CLIENT
-    CYASSL_LOCAL int SendClientHello(CYASSL*);
-    CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
-    CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
-#endif /* NO_CYASSL_CLIENT */
-
-#ifndef NO_CYASSL_SERVER
-    CYASSL_LOCAL int SendServerHello(CYASSL*);
-    CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
-    #ifdef CYASSL_DTLS
-        CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
-    #endif
-#endif /* NO_CYASSL_SERVER */
-
-#ifdef CYASSL_DTLS
-    CYASSL_LOCAL int  DtlsPoolInit(CYASSL*);
-    CYASSL_LOCAL int  DtlsPoolSave(CYASSL*, const byte*, int);
-    CYASSL_LOCAL int  DtlsPoolTimeout(CYASSL*);
-    CYASSL_LOCAL int  DtlsPoolSend(CYASSL*);
-    CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
-
-    CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
-    CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
-    CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
-    CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
-                                                             word32, word32);
-    CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
-    CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32,
-                                                byte, word32, word32, void*);
-    CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
-#endif /* CYASSL_DTLS */
-
-#ifndef NO_TLS
-    
-
-#endif /* NO_TLS */
-
-
-CYASSL_LOCAL word32  LowResTimer(void);
-
-CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int);
-CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name);
-CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
-CYASSL_LOCAL void FreeX509(CYASSL_X509*);
-#ifndef NO_CERTS
-    CYASSL_LOCAL int  CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
-#endif
-
-/* used by ssl.c and cyassl_int.c */
-CYASSL_LOCAL void c32to24(word32 in, word24 out);
-
-CYASSL_LOCAL const char* const* GetCipherNames(void);
-CYASSL_LOCAL int GetCipherNamesSize(void);
-
-
-enum encrypt_side {
-    ENCRYPT_SIDE_ONLY = 1,
-    DECRYPT_SIDE_ONLY,
-    ENCRYPT_AND_DECRYPT_SIDE
-};
-
-CYASSL_LOCAL int SetKeysSide(CYASSL*, enum encrypt_side);
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* CyaSSL_INT_H */
-
+#include <wolfssl/internal.h>

cyassl/ocsp.h

@@ -19,34 +19,4 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-/* CyaSSL OCSP API */
-
-#ifndef CYASSL_OCSP_H
-#define CYASSL_OCSP_H
-
-#ifdef HAVE_OCSP
-
-#include <cyassl/ssl.h>
-#include <cyassl/ctaocrypt/asn.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-typedef struct CYASSL_OCSP CYASSL_OCSP;
-
-CYASSL_LOCAL int  InitOCSP(CYASSL_OCSP*, CYASSL_CERT_MANAGER*);
-CYASSL_LOCAL void FreeOCSP(CYASSL_OCSP*, int dynamic);
-
-CYASSL_LOCAL int  CheckCertOCSP(CYASSL_OCSP*, DecodedCert*);
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-
-#endif /* HAVE_OCSP */
-#endif /* CYASSL_OCSP_H */
-
-
+#include <wolfssl/ocsp.h>

cyassl/sniffer.h

@@ -19,62 +19,5 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-#ifndef CYASSL_SNIFFER_H
-#define CYASSL_SNIFFER_H
-
-#include <cyassl/ctaocrypt/settings.h>
-
-#ifdef _WIN32
-    #ifdef SSL_SNIFFER_EXPORTS
-        #define SSL_SNIFFER_API __declspec(dllexport)
-    #else
-        #define SSL_SNIFFER_API __declspec(dllimport)
-    #endif
-#else
-    #define SSL_SNIFFER_API
-#endif /* _WIN32 */
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-CYASSL_API 
-SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
-                                      const char* keyFile, int keyType,
-                                      const char* password, char* error);
-
-CYASSL_API
-SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
-                                           const char* address, int port,
-                                           const char* keyFile, int keyType,
-                                           const char* password, char* error);
-
-CYASSL_API 
-SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
-                                     unsigned char* data, char* error);
-
-CYASSL_API 
-SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error);
-        
-        
-CYASSL_API void ssl_InitSniffer(void);
-        
-CYASSL_API void ssl_FreeSniffer(void);
-
-        
-/* ssl_SetPrivateKey keyTypes */
-enum {
-    FILETYPE_PEM = 1,
-    FILETYPE_DER = 2,
-};
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* CyaSSL_SNIFFER_H */
+#include <wolfssl/sniffer.h>
 

cyassl/sniffer_error.h

@@ -19,94 +19,4 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-
-#ifndef CYASSL_SNIFFER_ERROR_H
-#define CYASSL_SNIFFER_ERROR_H
-
-/* need to have errors as #defines since .rc files can't handle enums */
-/* need to start at 1 and go in order for same reason */
-
-#define MEMORY_STR 1
-#define NEW_SERVER_STR 2
-#define IP_CHECK_STR 3
-#define SERVER_NOT_REG_STR 4
-#define TCP_CHECK_STR 5
-#define SERVER_PORT_NOT_REG_STR 6
-#define RSA_DECRYPT_STR 7
-#define RSA_DECODE_STR 8
-#define BAD_CIPHER_SPEC_STR 9
-#define SERVER_HELLO_INPUT_STR 10
-
-#define BAD_SESSION_RESUME_STR 11
-#define SERVER_DID_RESUMPTION_STR 12
-#define CLIENT_HELLO_INPUT_STR 13
-#define CLIENT_RESUME_TRY_STR 14
-#define HANDSHAKE_INPUT_STR 15
-#define GOT_HELLO_VERIFY_STR 16
-#define GOT_SERVER_HELLO_STR 17
-#define GOT_CERT_REQ_STR 18
-#define GOT_SERVER_KEY_EX_STR 19
-#define GOT_CERT_STR 20
-
-#define GOT_SERVER_HELLO_DONE_STR 21
-#define GOT_FINISHED_STR 22
-#define GOT_CLIENT_HELLO_STR 23
-#define GOT_CLIENT_KEY_EX_STR 24
-#define GOT_CERT_VER_STR 25
-#define GOT_UNKNOWN_HANDSHAKE_STR 26
-#define NEW_SESSION_STR 27
-#define BAD_NEW_SSL_STR 28
-#define GOT_PACKET_STR 29
-#define NO_DATA_STR 30
-
-#define BAD_SESSION_STR 31
-#define GOT_OLD_CLIENT_HELLO_STR 32
-#define OLD_CLIENT_INPUT_STR 33
-#define OLD_CLIENT_OK_STR 34
-#define BAD_OLD_CLIENT_STR 35
-#define BAD_RECORD_HDR_STR 36
-#define RECORD_INPUT_STR 37
-#define GOT_HANDSHAKE_STR 38
-#define BAD_HANDSHAKE_STR 39
-#define GOT_CHANGE_CIPHER_STR 40
-
-#define GOT_APP_DATA_STR 41
-#define BAD_APP_DATA_STR 42
-#define GOT_ALERT_STR 43
-#define ANOTHER_MSG_STR 44
-#define REMOVE_SESSION_STR 45
-#define KEY_FILE_STR 46
-#define BAD_IPVER_STR 47
-#define BAD_PROTO_STR 48
-#define PACKET_HDR_SHORT_STR 49
-#define GOT_UNKNOWN_RECORD_STR 50
-
-#define BAD_TRACE_FILE_STR 51
-#define FATAL_ERROR_STR 52
-#define PARTIAL_INPUT_STR 53
-#define BUFFER_ERROR_STR 54
-#define PARTIAL_ADD_STR 55
-#define DUPLICATE_STR 56
-#define OUT_OF_ORDER_STR 57
-#define OVERLAP_DUPLICATE_STR 58
-#define OVERLAP_REASSEMBLY_BEGIN_STR 59
-#define OVERLAP_REASSEMBLY_END_STR 60
-
-#define MISSED_CLIENT_HELLO_STR 61
-#define GOT_HELLO_REQUEST_STR 62
-#define GOT_SESSION_TICKET_STR 63
-#define BAD_INPUT_STR 64
-#define BAD_DECRYPT_TYPE 65
-#define BAD_FINISHED_MSG 66
-#define BAD_COMPRESSION_STR 67
-#define BAD_DERIVE_STR 68
-#define ACK_MISSED_STR 69
-#define BAD_DECRYPT    70 
-
-#define DECRYPT_KEYS_NOT_SETUP 71
-#define CLIENT_HELLO_LATE_KEY_STR 72
-/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
-
-
-#endif /* CyaSSL_SNIFFER_ERROR_H */
-
+#include <wolfssl/sniffer_error.h>

cyassl/ssl.h

@@ -52,7 +52,7 @@
 // typedef CYASSL_X509_CHAIN WOLFSSL_X509_CHAIN;
 
 
-// /* redeclare guard */
+/* redeclare guard */
 // #define CYASSL_TYPES_DEFINED
 
 
@@ -87,7 +87,7 @@
 // #define CyaSSL_Cleanup      wolfSSL_Cleanup
 // #define CyaSSL_shutdown     wolfSSL_shutdown
 
-// /* Certs and keys */
+/* Certs and keys */
 // #define CyaSSL_CTX_load_verify_buffer wolfSSL_CTX_load_verify_buffer
 // #define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer
 // #define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer
@@ -140,7 +140,7 @@
 // #define CyaSSL_set_verify wolfSSL_set_verify
 // #define CyaSSL_CTX_set_verify wolfSSL_CTX_set_verify
 
-// /* Callbacks */
+/* Callbacks */
 // #define CyaSSL_SetIOReadCtx wolfSSL_SetIOReadCtx
 // #define CyaSSL_SetIOWriteCtx wolfSSL_SetIOWriteCtx
 // #define CyaSSL_SetIOReadFlags wolfSSL_SetIOReadFlags
@@ -177,7 +177,7 @@
 // #define CyaSSL_SetRsaDecCtx wolfSSL_SetRsaDecCtx
 // #define CyaSSL_GetRsaDecCtx wolfSSL_GetRsaDecCtx
 
-// /* Error Handling and Debugging*/
+/* Error Handling and Debugging*/
 // #define CyaSSL_ERR_error_string wolfSSL_ERR_error_string
 // #define CyaSSL_ERR_error_string_n wolfSSL_ERR_error_string_n
 // #define CyaSSL_ERR_print_errors_fp wolfSSL_ERR_print_errors_fp
@@ -188,11 +188,11 @@
 // #define CyaSSL_Debugging_ON wolfSSL_Debugging_ON
 // #define CyaSSL_Debugging_OFF wolfSSL_Debugging_OFF
 
-// /* OCSP and CRL */
+/* OCSP and CRL */
 // #define CyaSSL_CTX_OCSP_set_options wolfSSL_CTX_OCSP_set_options
 // #define CyaSSL_CTX_OCSP_set_override_url wolfSSL_CTX_OCSP_set_override_url
 
-// /* Informational */
+/* Informational */
 // #define CyaSSL_GetObjectSize wolfSSL_GetObjectSize
 // #define CyaSSL_GetMacSecret wolfSSL_GetMacSecret
 // #define CyaSSL_GetClientWriteKey wolfSSL_GetClientWriteKey
@@ -209,7 +209,7 @@
 // #define CyaSSL_GetHmacType wolfSSL_GetHmacType
 // #define CyaSSL_GetCipherType wolfSSL_GetCipherType
 
-// /* Connection, Session, and I/O */
+/* Connection, Session, and I/O */
 // #define CyaSSL_accept wolfSSL_accept
 // #define CyaSSL_connect wolfSSL_connect
 // #define CyaSSL_connect_cert wolfSSL_connect_cert
@@ -226,20 +226,20 @@
 // #define CyaSSL_write wolfSSL_write
 // #define CyaSSL_writev wolfSSL_writev
 
-// /* DTLS Specific */
+/* DTLS Specific */
 // #define CyaSSL_dtls wolfSSL_dtls
 // #define CyaSSL_dtls_get_current_timeout wolfSSL_dtls_get_current_timeout
 // #define CyaSSL_dtls_get_peer wolfSSL_dtls_get_peer
 // #define CyaSSL_dtls_got_timeout wolfSSL_dtls_got_timeout
 // #define CyaSSL_dtls_set_peer wolfSSL_dtls_set_peer
 
-// /* Memory Abstraction Layer */
+/* Memory Abstraction Layer */
 // #define CyaSSL_Malloc wolfSSL_Malloc
 // #define CyaSSL_Realloc wolfSSL_Realloc
 // #define CyaSSL_Free wolfSSL_Free
 // #define CyaSSL_SetAllocators wolfSSL_SetAllocators
 
-// /* Certificate Manager */
+/* Certificate Manager */
 // #define CyaSSL_CertManagerDisableCRL wolfSSL_CertManagerDisableCRL
 // #define CyaSSL_CertManagerEnableCRL wolfSSL_CertManagerEnableCRL
 // #define CyaSSL_CertManagerFree wolfSSL_CertManagerFree
@@ -248,7 +248,7 @@
 // #define CyaSSL_CertManagerVerify wolfSSL_CertManagerVerify
 // #define CyaSSL_CertManagerVerifyBuffer wolfSSL_CertManagerVerifyBuffer
 
-// /* OpenSSL Compatibility Layer */
+/* OpenSSL Compatibility Layer */
 // #define CyaSSL_X509_get_serial_number wolfSSL_X509_get_serial_number
 // #define CyaSSL_get_sessionID wolfSSL_get_sessionID
 // #define CyaSSL_get_peer_chain wolfSSL_get_peer_chain
@@ -263,7 +263,7 @@
 // #define CyaSSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file
 // #define CyaSSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file
 
-// /*TLS Extensions */
+/* TLS Extensions */
 // #define CyaSSL_CTX_UseSNI wolfSSL_CTX_UseSNI
 // #define CyaSSL_UseSNI wolfSSL_UseSNI
 // #define CyaSSL_CTX_SNI_SetOptions wolfSSL_CTX_SNI_SetOptions

cyassl/test.h

@@ -1,1795 +1,3 @@
 /* test.h */
 
-#ifndef CyaSSL_TEST_H
-#define CyaSSL_TEST_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <ctype.h>
-#include <cyassl/ssl.h>
-#include <cyassl/ctaocrypt/types.h>
-#include <cyassl/ctaocrypt/error-crypt.h>
-
-#ifdef ATOMIC_USER
-    #include <cyassl/ctaocrypt/aes.h>
-    #include <cyassl/ctaocrypt/arc4.h>
-    #include <cyassl/ctaocrypt/hmac.h>
-#endif
-#ifdef HAVE_PK_CALLBACKS
-    #include <cyassl/ctaocrypt/random.h>
-    #include <cyassl/ctaocrypt/asn.h>
-    #ifdef HAVE_ECC
-        #include <cyassl/ctaocrypt/ecc.h>
-    #endif /* HAVE_ECC */
-#endif /*HAVE_PK_CALLBACKS */
-
-#ifdef USE_WINDOWS_API 
-    #include <winsock2.h>
-    #include <process.h>
-    #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
-        #include <ws2tcpip.h>
-        #include <wspiapi.h>
-    #endif
-    #define SOCKET_T SOCKET
-    #define SNPRINTF _snprintf
-#elif defined(CYASSL_MDK_ARM)
-    #include <string.h>
-#elif defined(CYASSL_TIRTOS)
-    #include <string.h>
-    #include <netdb.h>
-    #include <sys/types.h>
-    #include <arpa/inet.h>
-    #include <sys/socket.h>
-    #include <ti/sysbios/knl/Task.h>
-    #define SOCKET_T int
-#else
-    #include <string.h>
-    #include <sys/types.h>
-#ifndef CYASSL_LEANPSK
-    #include <unistd.h>
-    #include <netdb.h>
-    #include <netinet/in.h>
-    #include <netinet/tcp.h>
-    #include <arpa/inet.h>
-    #include <sys/ioctl.h>
-    #include <sys/time.h>
-    #include <sys/socket.h>
-    #include <pthread.h>
-    #include <fcntl.h>
-    #ifdef TEST_IPV6
-        #include <netdb.h>
-    #endif
-#endif
-    #define SOCKET_T int
-    #ifndef SO_NOSIGPIPE
-        #include <signal.h>  /* ignore SIGPIPE */
-    #endif
-    #define SNPRINTF snprintf
-#endif /* USE_WINDOWS_API */
-
-#ifdef HAVE_CAVIUM
-    #include "cavium_sysdep.h"
-    #include "cavium_common.h"
-    #include "cavium_ioctl.h"
-#endif
-
-#ifdef _MSC_VER
-    /* disable conversion warning */
-    /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
-    #pragma warning(disable:4244 4996)
-#endif
-
-
-#if defined(__MACH__) || defined(USE_WINDOWS_API)
-    #ifndef _SOCKLEN_T
-        typedef int socklen_t;
-    #endif
-#endif
-
-
-/* HPUX doesn't use socklent_t for third parameter to accept, unless
-   _XOPEN_SOURCE_EXTENDED is defined */
-#if !defined(__hpux__) && !defined(CYASSL_MDK_ARM) && !defined(CYASSL_IAR_ARM)
-    typedef socklen_t* ACCEPT_THIRD_T;
-#else
-    #if defined _XOPEN_SOURCE_EXTENDED
-        typedef socklen_t* ACCEPT_THIRD_T;
-    #else
-        typedef int*       ACCEPT_THIRD_T;
-    #endif
-#endif
-
-
-#ifdef USE_WINDOWS_API 
-    #define CloseSocket(s) closesocket(s)
-    #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
-#elif defined(CYASSL_MDK_ARM)
-    #define CloseSocket(s) closesocket(s)
-    #define StartTCP() 
-#else
-    #define CloseSocket(s) close(s)
-    #define StartTCP() 
-#endif
-
-
-#ifdef SINGLE_THREADED
-    typedef unsigned int  THREAD_RETURN;
-    typedef void*         THREAD_TYPE;
-    #define CYASSL_THREAD
-#else
-    #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
-        typedef void*         THREAD_RETURN;
-        typedef pthread_t     THREAD_TYPE;
-        #define CYASSL_THREAD
-        #define INFINITE -1
-        #define WAIT_OBJECT_0 0L
-    #elif defined(CYASSL_MDK_ARM)
-        typedef unsigned int  THREAD_RETURN;
-        typedef int           THREAD_TYPE;
-        #define CYASSL_THREAD
-    #elif defined(CYASSL_TIRTOS)
-        typedef void          THREAD_RETURN;
-        typedef Task_Handle   THREAD_TYPE;
-        #define CYASSL_THREAD
-    #else
-        typedef unsigned int  THREAD_RETURN;
-        typedef intptr_t      THREAD_TYPE;
-        #define CYASSL_THREAD __stdcall
-    #endif
-#endif
-
-
-#ifdef TEST_IPV6
-    typedef struct sockaddr_in6 SOCKADDR_IN_T;
-    #define AF_INET_V    AF_INET6
-#else
-    typedef struct sockaddr_in  SOCKADDR_IN_T;
-    #define AF_INET_V    AF_INET
-#endif
-   
-
-#define SERVER_DEFAULT_VERSION 3
-#define SERVER_DTLS_DEFAULT_VERSION (-2)
-#define SERVER_INVALID_VERSION (-99)
-#define CLIENT_DEFAULT_VERSION 3
-#define CLIENT_DTLS_DEFAULT_VERSION (-2)
-#define CLIENT_INVALID_VERSION (-99)
-
-/* all certs relative to CyaSSL home directory now */
-#define caCert     "./certs/ca-cert.pem"
-#define eccCert    "./certs/server-ecc.pem"
-#define eccKey     "./certs/ecc-key.pem"
-#define svrCert    "./certs/server-cert.pem"
-#define svrKey     "./certs/server-key.pem"
-#define cliCert    "./certs/client-cert.pem"
-#define cliKey     "./certs/client-key.pem"
-#define ntruCert   "./certs/ntru-cert.pem"
-#define ntruKey    "./certs/ntru-key.raw"
-#define dhParam    "./certs/dh2048.pem"
-#define cliEccKey  "./certs/ecc-client-key.pem"
-#define cliEccCert "./certs/client-ecc-cert.pem"
-#define crlPemDir  "./certs/crl"
-
-typedef struct tcp_ready {
-    word16 ready;              /* predicate */
-    word16 port;
-#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
-    pthread_mutex_t mutex;
-    pthread_cond_t  cond;
-#endif
-} tcp_ready;    
-
-
-void InitTcpReady(tcp_ready*);
-void FreeTcpReady(tcp_ready*);
-
-typedef CYASSL_METHOD* (*method_provider)(void);
-typedef void (*ctx_callback)(CYASSL_CTX* ctx);
-typedef void (*ssl_callback)(CYASSL* ssl);
-
-typedef struct callback_functions {
-    method_provider method;
-    ctx_callback ctx_ready;
-    ssl_callback ssl_ready;
-    ssl_callback on_result;
-} callback_functions;
-
-typedef struct func_args {
-    int    argc;
-    char** argv;
-    int    return_code;
-    tcp_ready* signal;
-    callback_functions *callbacks;
-} func_args;
-
-void wait_tcp_ready(func_args*);
-
-typedef THREAD_RETURN CYASSL_THREAD THREAD_FUNC(void*);
-
-void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
-void join_thread(THREAD_TYPE);
-
-/* yaSSL */
-#ifndef TEST_IPV6
-    static const char* const yasslIP   = "127.0.0.1";
-#else
-    static const char* const yasslIP   = "::1";
-#endif
-static const word16      yasslPort = 11111;
-
-static INLINE void err_sys(const char* msg)
-{
-    printf("yassl error: %s\n", msg);
-    if (msg)
-        exit(EXIT_FAILURE);
-}
-
-
-#define MY_EX_USAGE 2
-
-extern int   myoptind;
-extern char* myoptarg;
-
-static INLINE int mygetopt(int argc, char** argv, const char* optstring)
-{
-    static char* next = NULL;
-
-    char  c;
-    char* cp;
-
-    if (myoptind == 0)
-        next = NULL;   /* we're starting new/over */
-
-    if (next == NULL || *next == '\0') {
-        if (myoptind == 0)
-            myoptind++;
-
-        if (myoptind >= argc || argv[myoptind][0] != '-' ||
-                                argv[myoptind][1] == '\0') {
-            myoptarg = NULL;
-            if (myoptind < argc)
-                myoptarg = argv[myoptind];
-
-            return -1;
-        }
-
-        if (strcmp(argv[myoptind], "--") == 0) {
-            myoptind++;
-            myoptarg = NULL;
-
-            if (myoptind < argc)
-                myoptarg = argv[myoptind];
-
-            return -1;
-        }
-
-        next = argv[myoptind];
-        next++;                  /* skip - */
-        myoptind++;
-    }
-
-    c  = *next++;
-    /* The C++ strchr can return a different value */
-    cp = (char*)strchr(optstring, c);
-
-    if (cp == NULL || c == ':') 
-        return '?';
-
-    cp++;
-
-    if (*cp == ':') {
-        if (*next != '\0') {
-            myoptarg = next;
-            next     = NULL;
-        }
-        else if (myoptind < argc) {
-            myoptarg = argv[myoptind];
-            myoptind++;
-        }
-        else 
-            return '?';
-    }
-
-    return c;
-}
-
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-
-static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
-{
-    (void)rw;
-    (void)userdata;
-    strncpy(passwd, "yassl123", sz);
-    return 8;
-}
-
-#endif
-
-
-#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
-
-static INLINE void ShowX509(CYASSL_X509* x509, const char* hdr)
-{
-    char* altName;
-    char* issuer  = CyaSSL_X509_NAME_oneline(
-                                       CyaSSL_X509_get_issuer_name(x509), 0, 0);
-    char* subject = CyaSSL_X509_NAME_oneline(
-                                      CyaSSL_X509_get_subject_name(x509), 0, 0);
-    byte  serial[32];
-    int   ret;
-    int   sz = sizeof(serial);
-        
-    printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
-
-    while ( (altName = CyaSSL_X509_get_next_altname(x509)) != NULL)
-        printf(" altname = %s\n", altName);
-
-    ret = CyaSSL_X509_get_serial_number(x509, serial, &sz);
-    if (ret == SSL_SUCCESS) {
-        int  i;
-        int  strLen;
-        char serialMsg[80];
-
-        /* testsuite has multiple threads writing to stdout, get output
-           message ready to write once */
-        strLen = sprintf(serialMsg, " serial number");
-        for (i = 0; i < sz; i++)
-            sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
-        printf("%s\n", serialMsg);
-    }
-
-    XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
-    XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
-}
-
-#endif /* KEEP_PEER_CERT || SESSION_CERTS */
-
-
-static INLINE void showPeer(CYASSL* ssl)
-{
-
-    CYASSL_CIPHER* cipher;
-#ifdef KEEP_PEER_CERT
-    CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
-    if (peer)
-        ShowX509(peer, "peer's cert info:");
-    else
-        printf("peer has no cert!\n");
-#endif
-    printf("SSL version is %s\n", CyaSSL_get_version(ssl));
-
-    cipher = CyaSSL_get_current_cipher(ssl);
-    printf("SSL cipher suite is %s\n", CyaSSL_CIPHER_get_name(cipher));
-
-#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
-    {
-        CYASSL_X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
-        int                count = CyaSSL_get_chain_count(chain);
-        int i;
-
-        for (i = 0; i < count; i++) {
-            int length;
-            unsigned char buffer[3072];
-            CYASSL_X509* chainX509;
-
-            CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
-            buffer[length] = 0;
-            printf("cert %d has length %d data = \n%s\n", i, length, buffer);
-
-            chainX509 = CyaSSL_get_chain_X509(chain, i);
-            if (chainX509)
-                ShowX509(chainX509, "session cert info:");
-            else
-                printf("get_chain_X509 failed\n");
-            CyaSSL_FreeX509(chainX509);
-        }
-    }
-#endif
-  (void)ssl;
-}
-
-
-static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
-                              word16 port, int udp)
-{
-    int useLookup = 0;
-    (void)useLookup;
-    (void)udp;
-
-    memset(addr, 0, sizeof(SOCKADDR_IN_T));
-
-#ifndef TEST_IPV6
-    /* peer could be in human readable form */
-    if ( (peer != INADDR_ANY) && isalpha((int)peer[0])) {
-        #ifdef CYASSL_MDK_ARM
-            int err;
-            struct hostent* entry = gethostbyname(peer, &err);
-        #else
-            struct hostent* entry = gethostbyname(peer);
-        #endif
-
-        if (entry) {
-            memcpy(&addr->sin_addr.s_addr, entry->h_addr_list[0],
-                   entry->h_length);
-            useLookup = 1;
-        }
-        else
-            err_sys("no entry for host");
-    }
-#endif
-
-
-#ifndef TEST_IPV6
-    #if defined(CYASSL_MDK_ARM)
-        addr->sin_family = PF_INET;
-    #else
-        addr->sin_family = AF_INET_V;
-    #endif
-    addr->sin_port = htons(port);
-    if (peer == INADDR_ANY)
-        addr->sin_addr.s_addr = INADDR_ANY;
-    else {
-        if (!useLookup)
-            addr->sin_addr.s_addr = inet_addr(peer);
-    }
-#else
-    addr->sin6_family = AF_INET_V;
-    addr->sin6_port = htons(port);
-    if (peer == INADDR_ANY)
-        addr->sin6_addr = in6addr_any;
-    else {
-        #ifdef HAVE_GETADDRINFO
-            struct addrinfo  hints;
-            struct addrinfo* answer = NULL;
-            int    ret;
-            char   strPort[80];
-
-            memset(&hints, 0, sizeof(hints));
-
-            hints.ai_family   = AF_INET_V;
-            hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
-            hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
-
-            SNPRINTF(strPort, sizeof(strPort), "%d", port);
-            strPort[79] = '\0';
-
-            ret = getaddrinfo(peer, strPort, &hints, &answer);
-            if (ret < 0 || answer == NULL)
-                err_sys("getaddrinfo failed");
-
-            memcpy(addr, answer->ai_addr, answer->ai_addrlen);
-            freeaddrinfo(answer);
-        #else
-            printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
-            addr->sin6_addr = in6addr_loopback;
-        #endif
-    }
-#endif
-}
-
-
-static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
-{
-    if (udp)
-        *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
-    else
-        *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
-
-#ifdef USE_WINDOWS_API
-    if (*sockfd == INVALID_SOCKET)
-        err_sys("socket failed\n");
-#elif defined(CYASSL_TIRTOS)
-    if (*sockfd == -1)
-        err_sys("socket failed\n");
-#else
-    if (*sockfd < 0)
-        err_sys("socket failed\n");
-#endif
-
-#ifndef USE_WINDOWS_API 
-#ifdef SO_NOSIGPIPE
-    {
-        int       on = 1;
-        socklen_t len = sizeof(on);
-        int       res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
-        if (res < 0)
-            err_sys("setsockopt SO_NOSIGPIPE failed\n");
-    }
-#elif defined(CYASSL_MDK_ARM) || defined (CYASSL_TIRTOS)
-    /* nothing to define */
-#else  /* no S_NOSIGPIPE */
-    signal(SIGPIPE, SIG_IGN);
-#endif /* S_NOSIGPIPE */
-
-#if defined(TCP_NODELAY)
-    if (!udp)
-    {
-        int       on = 1;
-        socklen_t len = sizeof(on);
-        int       res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
-        if (res < 0)
-            err_sys("setsockopt TCP_NODELAY failed\n");
-    }
-#endif
-#endif  /* USE_WINDOWS_API */
-}
-
-static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
-                               int udp)
-{
-    SOCKADDR_IN_T addr;
-    build_addr(&addr, ip, port, udp);
-    tcp_socket(sockfd, udp);
-
-    if (!udp) {
-        if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
-            err_sys("tcp connect failed");
-    }
-}
-
-
-static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
-{
-    if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
-        err_sys("tcp connect failed");
-}
-
-
-enum {
-    TEST_SELECT_FAIL,
-    TEST_TIMEOUT,
-    TEST_RECV_READY,
-    TEST_ERROR_READY
-};
-
-
-#if !defined(CYASSL_MDK_ARM) && !defined(CYASSL_TIRTOS)
-static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
-{
-    fd_set recvfds, errfds;
-    SOCKET_T nfds = socketfd + 1;
-    struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
-    int result;
-
-    FD_ZERO(&recvfds);
-    FD_SET(socketfd, &recvfds);
-    FD_ZERO(&errfds);
-    FD_SET(socketfd, &errfds);
-
-    result = select(nfds, &recvfds, NULL, &errfds, &timeout);
-
-    if (result == 0)
-        return TEST_TIMEOUT;
-    else if (result > 0) {
-        if (FD_ISSET(socketfd, &recvfds))
-            return TEST_RECV_READY;
-        else if(FD_ISSET(socketfd, &errfds))
-            return TEST_ERROR_READY;
-    }
-
-    return TEST_SELECT_FAIL;
-}
-#elif defined(CYASSL_TIRTOS)
-static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
-{
-    return TEST_RECV_READY;
-}
-#endif /* !CYASSL_MDK_ARM */
-
-
-static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
-                              int udp)
-{
-    SOCKADDR_IN_T addr;
-
-    /* don't use INADDR_ANY by default, firewall may block, make user switch
-       on */
-    build_addr(&addr, (useAnyAddr ? INADDR_ANY : yasslIP), *port, udp);
-    tcp_socket(sockfd, udp);
-
-#if !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_ARM)
-    {
-        int       res, on  = 1;
-        socklen_t len = sizeof(on);
-        res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
-        if (res < 0)
-            err_sys("setsockopt SO_REUSEADDR failed\n");
-    }
-#endif
-
-    if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
-        err_sys("tcp bind failed");
-    if (!udp) {
-        if (listen(*sockfd, 5) != 0)
-            err_sys("tcp listen failed");
-    }
-    #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)
-        if (*port == 0) {
-            socklen_t len = sizeof(addr);
-            if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
-                #ifndef TEST_IPV6
-                    *port = ntohs(addr.sin_port);
-                #else
-                    *port = ntohs(addr.sin6_port);
-                #endif
-            }
-        }
-    #endif
-}
-
-
-static INLINE int udp_read_connect(SOCKET_T sockfd)
-{
-    SOCKADDR_IN_T cliaddr;
-    byte          b[1500];
-    int           n;
-    socklen_t     len = sizeof(cliaddr);
-
-    n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
-                      (struct sockaddr*)&cliaddr, &len);
-    if (n > 0) {
-        if (connect(sockfd, (const struct sockaddr*)&cliaddr,
-                    sizeof(cliaddr)) != 0)
-            err_sys("udp connect failed");
-    }
-    else
-        err_sys("recvfrom failed");
-
-    return sockfd;
-}
-
-static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
-                              int useAnyAddr, word16 port, func_args* args)
-{
-    SOCKADDR_IN_T addr;
-
-    (void)args;
-    build_addr(&addr, (useAnyAddr ? INADDR_ANY : yasslIP), port, 1);
-    tcp_socket(sockfd, 1);
-
-
-#if !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_ARM)
-    {
-        int       res, on  = 1;
-        socklen_t len = sizeof(on);
-        res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
-        if (res < 0)
-            err_sys("setsockopt SO_REUSEADDR failed\n");
-    }
-#endif
-
-    if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
-        err_sys("tcp bind failed");
-
-    #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)
-        if (port == 0) {
-            socklen_t len = sizeof(addr);
-            if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
-                #ifndef TEST_IPV6
-                    port = ntohs(addr.sin_port);
-                #else
-                    port = ntohs(addr.sin6_port);
-                #endif
-            }
-        }
-    #endif
-
-#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
-    /* signal ready to accept data */
-    {
-    tcp_ready* ready = args->signal;
-    pthread_mutex_lock(&ready->mutex);
-    ready->ready = 1;
-    ready->port = port;
-    pthread_cond_signal(&ready->cond);
-    pthread_mutex_unlock(&ready->mutex);
-    }
-#elif defined (CYASSL_TIRTOS)
-    /* Need mutex? */
-    tcp_ready* ready = args->signal;
-    ready->ready = 1;
-    ready->port = port;
-#endif
-
-    *clientfd = udp_read_connect(*sockfd);
-}
-
-static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
-                              func_args* args, word16 port, int useAnyAddr,
-                              int udp, int ready_file)
-{
-    SOCKADDR_IN_T client;
-    socklen_t client_len = sizeof(client);
-
-    if (udp) {
-        udp_accept(sockfd, clientfd, useAnyAddr, port, args);
-        return;
-    }
-
-    tcp_listen(sockfd, &port, useAnyAddr, udp);
-
-#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
-    /* signal ready to tcp_accept */
-    {
-    tcp_ready* ready = args->signal;
-    pthread_mutex_lock(&ready->mutex);
-    ready->ready = 1;
-    ready->port = port;
-    pthread_cond_signal(&ready->cond);
-    pthread_mutex_unlock(&ready->mutex);
-    }
-#elif defined (CYASSL_TIRTOS)
-    /* Need mutex? */
-    tcp_ready* ready = args->signal;
-    ready->ready = 1;
-    ready->port = port;
-#endif
-
-    if (ready_file) {
-#ifndef NO_FILESYSTEM
-        FILE* srf = fopen("./server_ready", "w+");
-
-        if (srf) {
-            fputs("ready", srf);
-            fclose(srf);
-        }
-#endif
-    }
-
-    *clientfd = accept(*sockfd, (struct sockaddr*)&client,
-                      (ACCEPT_THIRD_T)&client_len);
-#ifdef USE_WINDOWS_API
-    if (*clientfd == INVALID_SOCKET)
-        err_sys("tcp accept failed");
-#else
-    if (*clientfd == -1)
-        err_sys("tcp accept failed");
-#endif
-}
-
-
-static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
-{
-    #ifdef USE_WINDOWS_API 
-        unsigned long blocking = 1;
-        int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
-        if (ret == SOCKET_ERROR)
-            err_sys("ioctlsocket failed");
-    #elif defined(CYASSL_MDK_ARM) || defined (CYASSL_TIRTOS)
-         /* non blocking not suppported, for now */ 
-    #else
-        int flags = fcntl(*sockfd, F_GETFL, 0);
-        if (flags < 0)
-            err_sys("fcntl get failed");
-        flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
-        if (flags < 0)
-            err_sys("fcntl set failed");
-    #endif
-}
-
-
-#ifndef NO_PSK
-
-static INLINE unsigned int my_psk_client_cb(CYASSL* ssl, const char* hint,
-        char* identity, unsigned int id_max_len, unsigned char* key,
-        unsigned int key_max_len)
-{
-    (void)ssl;
-    (void)hint;
-    (void)key_max_len;
-
-    /* identity is OpenSSL testing default for openssl s_client, keep same */
-    strncpy(identity, "Client_identity", id_max_len);
-
-
-    /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
-       unsigned binary */
-    key[0] = 26;
-    key[1] = 43;
-    key[2] = 60;
-    key[3] = 77;
-
-    return 4;   /* length of key in octets or 0 for error */
-}
-
-
-static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
-        unsigned char* key, unsigned int key_max_len)
-{
-    (void)ssl;
-    (void)key_max_len;
-
-    /* identity is OpenSSL testing default for openssl s_client, keep same */
-    if (strncmp(identity, "Client_identity", 15) != 0)
-        return 0;
-
-    /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
-       unsigned binary */
-    key[0] = 26;
-    key[1] = 43;
-    key[2] = 60;
-    key[3] = 77;
-
-    return 4;   /* length of key in octets or 0 for error */
-}
-
-#endif /* NO_PSK */
-
-
-#ifdef USE_WINDOWS_API 
-
-    #define WIN32_LEAN_AND_MEAN
-    #include <windows.h>
-
-    static INLINE double current_time()
-    {
-        static int init = 0;
-        static LARGE_INTEGER freq;
-    
-        LARGE_INTEGER count;
-
-        if (!init) {
-            QueryPerformanceFrequency(&freq);
-            init = 1;
-        }
-
-        QueryPerformanceCounter(&count);
-
-        return (double)count.QuadPart / freq.QuadPart;
-    }
-
-#elif defined(CYASSL_TIRTOS)
-    extern double current_time();
-#else
-
-#if !defined(CYASSL_MDK_ARM)
-    #include <sys/time.h>
-
-    static INLINE double current_time(void)
-    {
-        struct timeval tv;
-        gettimeofday(&tv, 0);
-
-        return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
-    }
-        
-#endif
-#endif /* USE_WINDOWS_API */
-
-
-#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-
-    enum {
-        CYASSL_CA   = 1,
-        CYASSL_CERT = 2,
-        CYASSL_KEY  = 3
-    };
-
-    static INLINE void load_buffer(CYASSL_CTX* ctx, const char* fname, int type)
-    {
-        /* test buffer load */
-        long  sz = 0;
-        byte  buff[10000];
-        FILE* file = fopen(fname, "rb");
-
-        if (!file)
-            err_sys("can't open file for buffer load "
-                    "Please run from CyaSSL home directory if not");
-        fseek(file, 0, SEEK_END);
-        sz = ftell(file);
-        rewind(file);
-        fread(buff, sizeof(buff), 1, file);
-  
-        if (type == CYASSL_CA) {
-            if (CyaSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM)
-                                              != SSL_SUCCESS)
-                err_sys("can't load buffer ca file");
-        }
-        else if (type == CYASSL_CERT) {
-            if (CyaSSL_CTX_use_certificate_buffer(ctx, buff, sz,
-                        SSL_FILETYPE_PEM) != SSL_SUCCESS)
-                err_sys("can't load buffer cert file");
-        }
-        else if (type == CYASSL_KEY) {
-            if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz,
-                        SSL_FILETYPE_PEM) != SSL_SUCCESS)
-                err_sys("can't load buffer key file");
-        }
-    }
-
-#endif /* NO_FILESYSTEM */
-
-#ifdef VERIFY_CALLBACK
-
-static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
-{
-    (void)preverify;
-    char buffer[CYASSL_MAX_ERROR_SZ];
-
-#ifdef OPENSSL_EXTRA
-    CYASSL_X509* peer;
-#endif
-
-    printf("In verification callback, error = %d, %s\n", store->error,
-                                 CyaSSL_ERR_error_string(store->error, buffer));
-#ifdef OPENSSL_EXTRA
-    peer = store->current_cert;
-    if (peer) {
-        char* issuer  = CyaSSL_X509_NAME_oneline(
-                                       CyaSSL_X509_get_issuer_name(peer), 0, 0);
-        char* subject = CyaSSL_X509_NAME_oneline(
-                                      CyaSSL_X509_get_subject_name(peer), 0, 0);
-        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
-                                                                  subject);
-        XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
-        XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
-    }
-    else
-        printf("peer has no cert!\n");
-#endif
-    printf("Subject's domain name is %s\n", store->domain);
-
-    printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n");
-    return 1;
-}
-
-#endif /* VERIFY_CALLBACK */
-
-
-static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
-{
-    char buffer[CYASSL_MAX_ERROR_SZ];
-    (void)preverify;
-
-    printf("In verification callback, error = %d, %s\n", store->error,
-                                 CyaSSL_ERR_error_string(store->error, buffer));
-    printf("Subject's domain name is %s\n", store->domain);
-
-    if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
-        printf("Overriding cert date error as example for bad clock testing\n");
-        return 1;
-    }
-    printf("Cert error is not date error, not overriding\n");
-
-    return 0;
-}
-
-
-#ifdef HAVE_CRL
-
-static INLINE void CRL_CallBack(const char* url)
-{
-    printf("CRL callback url = %s\n", url);
-}
-
-#endif
-
-#ifndef NO_CERTS
-
-static INLINE void CaCb(unsigned char* der, int sz, int type)
-{
-    (void)der;
-    printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
-}
-
-
-#ifndef NO_DH
-static INLINE void SetDH(CYASSL* ssl)
-{
-    /* dh1024 p */
-    static unsigned char p[] =
-    {
-        0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
-        0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
-        0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
-        0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
-        0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
-        0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
-        0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
-        0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
-        0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
-        0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
-        0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
-    };
-
-    /* dh1024 g */
-    static unsigned char g[] =
-    {
-      0x02,
-    };
-
-    CyaSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
-}
-
-static INLINE void SetDHCtx(CYASSL_CTX* ctx)
-{
-    /* dh1024 p */
-    static unsigned char p[] =
-    {
-        0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
-        0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
-        0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
-        0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
-        0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
-        0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
-        0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
-        0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
-        0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
-        0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
-        0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
-    };
-
-    /* dh1024 g */
-    static unsigned char g[] =
-    {
-      0x02,
-    };
-
-    CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
-}
-#endif /* NO_DH */
-#endif /* !NO_CERTS */
-
-#ifdef HAVE_CAVIUM
-
-static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
-{
-   Csp1CoreAssignment core_assign;
-   Uint32             device;
-
-   if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
-      return -1;
-   if (Csp1GetDevType(&device))
-      return -1;
-   if (device != NPX_DEVICE) {
-      if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
-                (Uint32 *)&core_assign)!= 0)
-         return -1;
-   }
-   CspShutdown(CAVIUM_DEV_ID);
-
-   return CspInitialize(dma_mode, dev_id);
-}
-
-#endif /* HAVE_CAVIUM */
-
-
-#ifdef USE_WINDOWS_API 
-
-/* do back x number of directories */
-static INLINE void ChangeDirBack(int x)
-{
-    char path[MAX_PATH];
-
-    if (x == 1)
-        strncpy(path, "..\\", MAX_PATH);
-    else if (x == 2)
-        strncpy(path, "..\\..\\", MAX_PATH);
-    else if (x == 3)
-        strncpy(path, "..\\..\\..\\", MAX_PATH);
-    else if (x == 4)
-        strncpy(path, "..\\..\\..\\..\\", MAX_PATH);
-    else
-        strncpy(path, ".\\", MAX_PATH);
-    
-    SetCurrentDirectoryA(path);
-}
-
-/* does current dir contain str */
-static INLINE int CurrentDir(const char* str)
-{
-    char  path[MAX_PATH];
-    char* baseName;
-
-    GetCurrentDirectoryA(sizeof(path), path);
-
-    baseName = strrchr(path, '\\');
-    if (baseName)
-        baseName++;
-    else
-        baseName = path;
-
-    if (strstr(baseName, str))
-        return 1;
-
-    return 0;
-}
-
-#elif defined(CYASSL_MDK_ARM)
-    /* KEIL-RL File System does not support relative directry */
-#elif defined(CYASSL_TIRTOS)
-#else
-
-#ifndef MAX_PATH
-    #define MAX_PATH 256
-#endif
-
-/* do back x number of directories */
-static INLINE void ChangeDirBack(int x)
-{
-    char path[MAX_PATH];
-
-    if (x == 1)
-        strncpy(path, "../", MAX_PATH);
-    else if (x == 2)
-        strncpy(path, "../../", MAX_PATH);
-    else if (x == 3)
-        strncpy(path, "../../../", MAX_PATH);
-    else if (x == 4)
-        strncpy(path, "../../../../", MAX_PATH);
-    else
-        strncpy(path, "./", MAX_PATH);
-    
-    if (chdir(path) < 0)
-        printf("chdir to %s failed\n", path);
-}
-
-/* does current dir contain str */
-static INLINE int CurrentDir(const char* str)
-{
-    char  path[MAX_PATH];
-    char* baseName;
-
-    if (getcwd(path, sizeof(path)) == NULL) {
-        printf("no current dir?\n");
-        return 0;
-    }
-
-    baseName = strrchr(path, '/');
-    if (baseName)
-        baseName++;
-    else
-        baseName = path;
-
-    if (strstr(baseName, str))
-        return 1;
-
-    return 0;
-}
-
-#endif /* USE_WINDOWS_API */
-
-
-#ifdef USE_CYASSL_MEMORY
-
-    typedef struct memoryStats {
-        size_t totalAllocs;     /* number of allocations */
-        size_t totalBytes;      /* total number of bytes allocated */
-        size_t peakBytes;       /* concurrent max bytes */
-        size_t currentBytes;    /* total current bytes in use */
-    } memoryStats;
-
-    typedef struct memHint {
-        size_t thisSize;      /* size of this memory */
-        void*  thisMemory;    /* actual memory for user */
-    } memHint;
-
-    typedef struct memoryTrack {
-        union {
-            memHint hint;
-            byte    alignit[16];   /* make sure we have strong alignment */
-        } u;
-    } memoryTrack;
-
-    #if defined(CYASSL_TRACK_MEMORY)
-        #define DO_MEM_STATS
-        static memoryStats ourMemStats;
-    #endif
-
-    static INLINE void* TrackMalloc(size_t sz)
-    {
-        memoryTrack* mt;
-
-        if (sz == 0)
-            return NULL;
-
-        mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
-        if (mt == NULL)
-            return NULL;
-
-        mt->u.hint.thisSize   = sz;
-        mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
-
-#ifdef DO_MEM_STATS
-        ourMemStats.totalAllocs++;
-        ourMemStats.totalBytes   += sz;
-        ourMemStats.currentBytes += sz;
-        if (ourMemStats.currentBytes > ourMemStats.peakBytes)
-            ourMemStats.peakBytes = ourMemStats.currentBytes;
-#endif
-
-        return mt->u.hint.thisMemory;
-    }
-
-
-    static INLINE void TrackFree(void* ptr)
-    {
-        memoryTrack* mt;
-
-        if (ptr == NULL)
-            return;
-
-        mt = (memoryTrack*)ptr;
-        --mt;   /* same as minus sizeof(memoryTrack), removes header */
-
-#ifdef DO_MEM_STATS 
-        ourMemStats.currentBytes -= mt->u.hint.thisSize; 
-#endif
-
-        free(mt);
-    }
-
-
-    static INLINE void* TrackRealloc(void* ptr, size_t sz)
-    {
-        void* ret = TrackMalloc(sz);
-
-        if (ptr) {
-            /* if realloc is bigger, don't overread old ptr */
-            memoryTrack* mt = (memoryTrack*)ptr;
-            --mt;  /* same as minus sizeof(memoryTrack), removes header */
-
-            if (mt->u.hint.thisSize < sz)
-                sz = mt->u.hint.thisSize;
-        }
-
-        if (ret && ptr)
-            memcpy(ret, ptr, sz);
-
-        if (ret)
-            TrackFree(ptr);
-
-        return ret;
-    }
-
-    static INLINE void InitMemoryTracker(void) 
-    {
-        if (CyaSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0)
-            err_sys("CyaSSL SetAllocators failed for track memory");
-
-    #ifdef DO_MEM_STATS
-        ourMemStats.totalAllocs  = 0;
-        ourMemStats.totalBytes   = 0;
-        ourMemStats.peakBytes    = 0;
-        ourMemStats.currentBytes = 0;
-    #endif
-    }
-
-    static INLINE void ShowMemoryTracker(void) 
-    {
-    #ifdef DO_MEM_STATS 
-        printf("total   Allocs = %9lu\n",
-                                       (unsigned long)ourMemStats.totalAllocs);
-        printf("total   Bytes  = %9lu\n",
-                                       (unsigned long)ourMemStats.totalBytes);
-        printf("peak    Bytes  = %9lu\n",
-                                       (unsigned long)ourMemStats.peakBytes);
-        printf("current Bytes  = %9lu\n",
-                                       (unsigned long)ourMemStats.currentBytes);
-    #endif
-    }
-
-#endif /* USE_CYASSL_MEMORY */
-
-
-#ifdef HAVE_STACK_SIZE
-
-typedef THREAD_RETURN CYASSL_THREAD (*thread_func)(void* args);
-
-
-static INLINE void StackSizeCheck(func_args* args, thread_func tf)
-{
-    int            ret, i, used;
-    unsigned char* myStack;
-    int            stackSize = 1024*128;
-    pthread_attr_t myAttr;
-    pthread_t      threadId;
-
-#ifdef PTHREAD_STACK_MIN
-    if (stackSize < PTHREAD_STACK_MIN)
-        stackSize = PTHREAD_STACK_MIN;
-#endif
-
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
-    if (ret != 0) 
-        err_sys("posix_memalign failed\n");        
-
-    memset(myStack, 0x01, stackSize);
-
-    ret = pthread_attr_init(&myAttr);
-    if (ret != 0)
-        err_sys("attr_init failed");
-
-    ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
-    if (ret != 0)
-        err_sys("attr_setstackaddr failed");
-
-    ret = pthread_create(&threadId, &myAttr, tf, args);
-    if (ret != 0) {
-        perror("pthread_create failed");
-        exit(EXIT_FAILURE);
-    }
-
-    ret = pthread_join(threadId, NULL);
-    if (ret != 0)
-        err_sys("pthread_join failed");
-
-    for (i = 0; i < stackSize; i++) {
-        if (myStack[i] != 0x01) {
-            break;
-        }
-    }
-
-    used = stackSize - i;
-    printf("stack used = %d\n", used);
-}
-
-
-#endif /* HAVE_STACK_SIZE */
-
-
-#ifdef STACK_TRAP
-
-/* good settings
-   --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
-
-*/
-
-#ifdef HAVE_STACK_SIZE
-    /* client only for now, setrlimit will fail if pthread_create() called */
-    /* STACK_SIZE does pthread_create() on client */
-    #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
-#endif /* HAVE_STACK_SIZE */
-
-static INLINE void StackTrap(void)
-{
-    struct rlimit  rl;
-    if (getrlimit(RLIMIT_STACK, &rl) != 0)
-        err_sys("getrlimit failed");
-    printf("rlim_cur = %llu\n", rl.rlim_cur);
-    rl.rlim_cur = 1024*21;  /* adjust trap size here */
-    if (setrlimit(RLIMIT_STACK, &rl) != 0) {
-        perror("setrlimit");
-        err_sys("setrlimit failed");
-    }
-}
-
-#else /* STACK_TRAP */
-
-static INLINE void StackTrap(void)
-{
-}
-
-#endif /* STACK_TRAP */
-
-
-#ifdef ATOMIC_USER
-
-/* Atomic Encrypt Context example */
-typedef struct AtomicEncCtx {
-    int  keySetup;           /* have we done key setup yet */
-    Aes  aes;                /* for aes example */
-} AtomicEncCtx;
-
-
-/* Atomic Decrypt Context example */
-typedef struct AtomicDecCtx {
-    int  keySetup;           /* have we done key setup yet */
-    Aes  aes;                /* for aes example */
-} AtomicDecCtx;
-
-
-static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut, 
-       const unsigned char* macIn, unsigned int macInSz, int macContent, 
-       int macVerify, unsigned char* encOut, const unsigned char* encIn,
-       unsigned int encSz, void* ctx)
-{
-    int  ret;
-    Hmac hmac;
-    byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
-    AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
-    const char* tlsStr = "TLS";
-
-    /* example supports (d)tls aes */
-    if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
-        printf("myMacEncryptCb not using AES\n");
-        return -1;
-    }
-
-    if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
-        printf("myMacEncryptCb not using (D)TLS\n");
-        return -1;
-    }
-
-    /* hmac, not needed if aead mode */
-    CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
-
-    ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
-               CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl));
-    if (ret != 0)
-        return ret;
-    ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
-    if (ret != 0)
-        return ret;
-    ret = HmacUpdate(&hmac, macIn, macInSz);
-    if (ret != 0)
-        return ret;
-    ret = HmacFinal(&hmac, macOut);
-    if (ret != 0)
-        return ret;
-
-
-    /* encrypt setup on first time */
-    if (encCtx->keySetup == 0) {
-        int   keyLen = CyaSSL_GetKeySize(ssl);
-        const byte* key;
-        const byte* iv;
-
-        if (CyaSSL_GetSide(ssl) == CYASSL_CLIENT_END) {
-            key = CyaSSL_GetClientWriteKey(ssl);
-            iv  = CyaSSL_GetClientWriteIV(ssl);
-        }
-        else {
-            key = CyaSSL_GetServerWriteKey(ssl);
-            iv  = CyaSSL_GetServerWriteIV(ssl);
-        }
-
-        ret = AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
-        if (ret != 0) {
-            printf("AesSetKey failed in myMacEncryptCb\n");
-            return ret;
-        }
-        encCtx->keySetup = 1;
-    }
-
-    /* encrypt */
-    return AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
-}
-
-
-static INLINE int myDecryptVerifyCb(CYASSL* ssl, 
-       unsigned char* decOut, const unsigned char* decIn,
-       unsigned int decSz, int macContent, int macVerify,
-       unsigned int* padSz, void* ctx)
-{
-    AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
-    int ret      = 0;
-    int macInSz  = 0;
-    int ivExtra  = 0;
-    int digestSz = CyaSSL_GetHmacSize(ssl);
-    unsigned int pad     = 0;
-    unsigned int padByte = 0;
-    Hmac hmac;
-    byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
-    byte verify[MAX_DIGEST_SIZE];
-    const char* tlsStr = "TLS";
-
-    /* example supports (d)tls aes */
-    if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
-        printf("myMacEncryptCb not using AES\n");
-        return -1;
-    }
-
-    if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
-        printf("myMacEncryptCb not using (D)TLS\n");
-        return -1;
-    }
-
-    /*decrypt */
-    if (decCtx->keySetup == 0) {
-        int   keyLen = CyaSSL_GetKeySize(ssl);
-        const byte* key;
-        const byte* iv;
-
-        /* decrypt is from other side (peer) */
-        if (CyaSSL_GetSide(ssl) == CYASSL_SERVER_END) {
-            key = CyaSSL_GetClientWriteKey(ssl);
-            iv  = CyaSSL_GetClientWriteIV(ssl);
-        }
-        else {
-            key = CyaSSL_GetServerWriteKey(ssl);
-            iv  = CyaSSL_GetServerWriteIV(ssl);
-        }
-
-        ret = AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
-        if (ret != 0) {
-            printf("AesSetKey failed in myDecryptVerifyCb\n");
-            return ret;
-        }
-        decCtx->keySetup = 1;
-    }
-
-    /* decrypt */
-    ret = AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
-
-    if (CyaSSL_GetCipherType(ssl) == CYASSL_AEAD_TYPE) {
-        *padSz = CyaSSL_GetAeadMacSize(ssl);
-        return 0; /* hmac, not needed if aead mode */
-    }
-
-    if (CyaSSL_GetCipherType(ssl) == CYASSL_BLOCK_TYPE) {
-        pad     = *(decOut + decSz - 1);
-        padByte = 1;
-        if (CyaSSL_IsTLSv1_1(ssl))
-            ivExtra = CyaSSL_GetCipherBlockSize(ssl);
-    }
-
-    *padSz  = CyaSSL_GetHmacSize(ssl) + pad + padByte;
-    macInSz = decSz - ivExtra - digestSz - pad - padByte;
-
-    CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
-
-    ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
-               CyaSSL_GetMacSecret(ssl, macVerify), digestSz);
-    if (ret != 0)
-        return ret;
-    ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
-    if (ret != 0)
-        return ret;
-    ret = HmacUpdate(&hmac, decOut + ivExtra, macInSz);
-    if (ret != 0)
-        return ret;
-    ret = HmacFinal(&hmac, verify);
-    if (ret != 0)
-        return ret;
-
-    if (memcmp(verify, decOut + decSz - digestSz - pad - padByte,
-               digestSz) != 0) {
-        printf("myDecryptVerify verify failed\n");
-        return -1;
-    }
-
-    return ret;
-}
-
-
-static INLINE void SetupAtomicUser(CYASSL_CTX* ctx, CYASSL* ssl)
-{
-    AtomicEncCtx* encCtx;
-    AtomicDecCtx* decCtx;
-
-    encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
-    if (encCtx == NULL)
-        err_sys("AtomicEncCtx malloc failed");
-    memset(encCtx, 0, sizeof(AtomicEncCtx));
-
-    decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
-    if (decCtx == NULL) {
-        free(encCtx);
-        err_sys("AtomicDecCtx malloc failed");
-    }
-    memset(decCtx, 0, sizeof(AtomicDecCtx));
-
-    CyaSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
-    CyaSSL_SetMacEncryptCtx(ssl, encCtx);
-
-    CyaSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
-    CyaSSL_SetDecryptVerifyCtx(ssl, decCtx);
-}
-
-
-static INLINE void FreeAtomicUser(CYASSL* ssl)
-{
-    AtomicEncCtx* encCtx = (AtomicEncCtx*)CyaSSL_GetMacEncryptCtx(ssl);
-    AtomicDecCtx* decCtx = (AtomicDecCtx*)CyaSSL_GetDecryptVerifyCtx(ssl);
-
-    free(decCtx);
-    free(encCtx);
-}
-
-#endif /* ATOMIC_USER */
-
-
-#ifdef HAVE_PK_CALLBACKS
-
-#ifdef HAVE_ECC
-
-static INLINE int myEccSign(CYASSL* ssl, const byte* in, word32 inSz,
-        byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
-{
-    RNG     rng;
-    int     ret;
-    word32  idx = 0;
-    ecc_key myKey;
-
-    (void)ssl;
-    (void)ctx;
-
-    ret = InitRng(&rng);
-    if (ret != 0)
-        return ret;
-
-    ecc_init(&myKey);
-    
-    ret = EccPrivateKeyDecode(key, &idx, &myKey, keySz);    
-    if (ret == 0)
-        ret = ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
-    ecc_free(&myKey);
-
-    return ret;
-}
-
-
-static INLINE int myEccVerify(CYASSL* ssl, const byte* sig, word32 sigSz,
-        const byte* hash, word32 hashSz, const byte* key, word32 keySz,
-        int* result, void* ctx)
-{
-    int     ret;
-    ecc_key myKey;
-
-    (void)ssl;
-    (void)ctx;
-
-    ecc_init(&myKey);
-    
-    ret = ecc_import_x963(key, keySz, &myKey);
-    if (ret == 0)
-        ret = ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
-    ecc_free(&myKey);
-
-    return ret;
-}
-
-#endif /* HAVE_ECC */
-
-#ifndef NO_RSA
-
-static INLINE int myRsaSign(CYASSL* ssl, const byte* in, word32 inSz,
-        byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
-{
-    RNG     rng;
-    int     ret;
-    word32  idx = 0;
-    RsaKey  myKey;
-
-    (void)ssl;
-    (void)ctx;
-
-    ret = InitRng(&rng);
-    if (ret != 0)
-        return ret;
-
-    InitRsaKey(&myKey, NULL);
-    
-    ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);    
-    if (ret == 0)
-        ret = RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
-    if (ret > 0) {  /* save and convert to 0 success */
-        *outSz = ret;
-        ret = 0;
-    }
-    FreeRsaKey(&myKey);
-
-    return ret;
-}
-
-
-static INLINE int myRsaVerify(CYASSL* ssl, byte* sig, word32 sigSz,
-        byte** out,
-        const byte* key, word32 keySz,
-        void* ctx)
-{
-    int     ret;
-    word32  idx = 0;
-    RsaKey  myKey;
-
-    (void)ssl;
-    (void)ctx;
-
-    InitRsaKey(&myKey, NULL);
-    
-    ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);
-    if (ret == 0)
-        ret = RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
-    FreeRsaKey(&myKey);
-
-    return ret;
-}
-
-
-static INLINE int myRsaEnc(CYASSL* ssl, const byte* in, word32 inSz,
-                           byte* out, word32* outSz, const byte* key,
-                           word32 keySz, void* ctx)
-{
-    int     ret;
-    word32  idx = 0;
-    RsaKey  myKey;
-    RNG     rng;
-
-    (void)ssl;
-    (void)ctx;
-
-    ret = InitRng(&rng);
-    if (ret != 0)
-        return ret;
-
-    InitRsaKey(&myKey, NULL);
-    
-    ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);
-    if (ret == 0) {
-        ret = RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
-        if (ret > 0) {
-            *outSz = ret;
-            ret = 0;  /* reset to success */
-        }
-    }
-    FreeRsaKey(&myKey);
-
-    return ret;
-}
-
-static INLINE int myRsaDec(CYASSL* ssl, byte* in, word32 inSz,
-                           byte** out,
-                           const byte* key, word32 keySz, void* ctx)
-{
-    int     ret;
-    word32  idx = 0;
-    RsaKey  myKey;
-
-    (void)ssl;
-    (void)ctx;
-
-    InitRsaKey(&myKey, NULL);
-    
-    ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
-    if (ret == 0) {
-        ret = RsaPrivateDecryptInline(in, inSz, out, &myKey);
-    }
-    FreeRsaKey(&myKey);
-
-    return ret;
-}
-
-#endif /* NO_RSA */
-
-static INLINE void SetupPkCallbacks(CYASSL_CTX* ctx, CYASSL* ssl)
-{
-    (void)ctx;
-    (void)ssl;
-
-    #ifdef HAVE_ECC
-        CyaSSL_CTX_SetEccSignCb(ctx, myEccSign);
-        CyaSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
-    #endif /* HAVE_ECC */
-    #ifndef NO_RSA 
-        CyaSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
-        CyaSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
-        CyaSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
-        CyaSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
-    #endif /* NO_RSA */
-}
-
-#endif /* HAVE_PK_CALLBACKS */
-
-
-
-
-
-#if defined(__hpux__) || defined(__MINGW32__) || defined (CYASSL_TIRTOS)
-
-/* HP/UX doesn't have strsep, needed by test/suites.c */
-static INLINE char* strsep(char **stringp, const char *delim)
-{
-    char* start;
-    char* end;
-
-    start = *stringp;
-    if (start == NULL)
-        return NULL;
-
-    if ((end = strpbrk(start, delim))) {
-        *end++ = '\0';
-        *stringp = end;
-    } else {
-        *stringp = NULL;
-    }
-
-    return start;
-}
-
-#endif /* __hpux__ */
-
-#endif /* CyaSSL_TEST_H */
-
+#include <wolfssl/test.h>

wolfssl/callbacks.h

@@ -0,0 +1,80 @@
+/* callbacks.h
+ *
+ * Copyright (C) 2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef WOLFSSL_CALLBACKS_H
+#define WOLFSSL_CALLBACKS_H
+
+#include <sys/time.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+enum { /* CALLBACK CONTSTANTS */
+    MAX_PACKETNAME_SZ     =  24,
+    MAX_CIPHERNAME_SZ     =  24,
+    MAX_TIMEOUT_NAME_SZ   =  24,       
+    MAX_PACKETS_HANDSHAKE =  14,       /* 12 for client auth plus 2 alerts */
+    MAX_VALUE_SZ          = 128,       /* all handshake packets but Cert should
+                                          fit here  */
+};
+
+
+typedef struct handShakeInfo_st {
+    char   cipherName[MAX_CIPHERNAME_SZ + 1];    /* negotiated cipher */
+    char   packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1];
+                                                 /* SSL packet names  */ 
+    int    numberPackets;                        /* actual # of packets */
+    int    negotiationError;                     /* cipher/parameter err */
+} HandShakeInfo;
+
+
+typedef struct timeval Timeval;
+
+
+typedef struct packetInfo_st {
+    char           packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */
+    Timeval        timestamp;                       /* when it occured    */
+    unsigned char  value[MAX_VALUE_SZ];             /* if fits, it's here */ 
+    unsigned char* bufferValue;                     /* otherwise here (non 0) */
+    int            valueSz;                         /* sz of value or buffer */
+} PacketInfo;
+
+
+typedef struct timeoutInfo_st {
+    char       timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */
+    int        flags;                              /* for future use */
+    int        numberPackets;                      /* actual # of packets */
+    PacketInfo packets[MAX_PACKETS_HANDSHAKE];     /* list of all packets  */
+    Timeval    timeoutValue;                       /* timer that caused it */
+} TimeoutInfo;
+
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+
+#endif /* CYASSL_CALLBACKS_H */
+

wolfssl/certs_test.h

@@ -0,0 +1,1178 @@
+/* certs_test.h */
+
+#ifndef CYASSL_CERTS_TEST_H
+#define CYASSL_CERTS_TEST_H
+
+#ifdef USE_CERT_BUFFERS_1024
+
+/* ./certs/1024/client-key.der, 1024-bit */
+const unsigned char client_key_der_1024[] =
+{
+	0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
+	0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 
+	0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 
+	0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 
+	0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 
+	0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 
+	0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 
+	0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 
+	0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 
+	0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 
+	0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 
+	0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 
+	0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 
+	0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 
+	0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x13, 0x97, 0xEA, 
+	0xE8, 0x38, 0x78, 0x25, 0xA2, 0x5C, 0x04, 0xCE, 0x0D, 0x40, 
+	0x7C, 0x31, 0xE5, 0xC4, 0x70, 0xCD, 0x9B, 0x82, 0x3B, 0x58, 
+	0x09, 0x86, 0x3B, 0x66, 0x5F, 0xDC, 0x31, 0x90, 0xF1, 0x4F, 
+	0xD5, 0xDB, 0x15, 0xDD, 0xDE, 0xD7, 0x3B, 0x95, 0x93, 0x31, 
+	0x18, 0x31, 0x0E, 0x5E, 0xA3, 0xD6, 0xA2, 0x1A, 0x71, 0x6E, 
+	0x81, 0x48, 0x1C, 0x4B, 0xCF, 0xDB, 0x8E, 0x7A, 0x86, 0x61, 
+	0x32, 0xDC, 0xFB, 0x55, 0xC1, 0x16, 0x6D, 0x27, 0x92, 0x24, 
+	0x45, 0x8B, 0xF1, 0xB8, 0x48, 0xB1, 0x4B, 0x1D, 0xAC, 0xDE, 
+	0xDA, 0xDD, 0x8E, 0x2F, 0xC2, 0x91, 0xFB, 0xA5, 0xA9, 0x6E, 
+	0xF8, 0x3A, 0x6A, 0xF1, 0xFD, 0x50, 0x18, 0xEF, 0x9F, 0xE7, 
+	0xC3, 0xCA, 0x78, 0xEA, 0x56, 0xD3, 0xD3, 0x72, 0x5B, 0x96, 
+	0xDD, 0x4E, 0x06, 0x4E, 0x3A, 0xC3, 0xD9, 0xBE, 0x72, 0xB6, 
+	0x65, 0x07, 0x07, 0x4C, 0x01, 0x02, 0x41, 0x00, 0xFA, 0x47, 
+	0xD4, 0x7A, 0x7C, 0x92, 0x3C, 0x55, 0xEF, 0x81, 0xF0, 0x41, 
+	0x30, 0x2D, 0xA3, 0xCF, 0x8F, 0x1C, 0xE6, 0x87, 0x27, 0x05, 
+	0x70, 0x0D, 0xDF, 0x98, 0x35, 0xD6, 0xF1, 0x8B, 0x38, 0x2F, 
+	0x24, 0xB5, 0xD0, 0x84, 0xB6, 0x79, 0x4F, 0x71, 0x29, 0x94, 
+	0x5A, 0xF0, 0x64, 0x6A, 0xAC, 0xE7, 0x72, 0xC6, 0xED, 0x4D, 
+	0x59, 0x98, 0x3E, 0x67, 0x3A, 0xF3, 0x74, 0x2C, 0xF9, 0x61, 
+	0x17, 0x69, 0x02, 0x41, 0x00, 0xC0, 0xC1, 0x82, 0x0D, 0x0C, 
+	0xEB, 0xC6, 0x2F, 0xDC, 0x92, 0xF9, 0x9D, 0x82, 0x1A, 0x31, 
+	0xE9, 0xE9, 0xF7, 0x4B, 0xF2, 0x82, 0x87, 0x1C, 0xEE, 0x16, 
+	0x6A, 0xD1, 0x1D, 0x18, 0x82, 0x70, 0xF3, 0xC0, 0xB6, 0x2F, 
+	0xF6, 0xF3, 0xF7, 0x1D, 0xF1, 0x86, 0x23, 0xC8, 0x4E, 0xEB, 
+	0x8F, 0x56, 0x8E, 0x8F, 0xF5, 0xBF, 0xF1, 0xF7, 0x2B, 0xB5, 
+	0xCC, 0x3D, 0xC6, 0x57, 0x39, 0x0C, 0x1B, 0x54, 0x41, 0x02, 
+	0x41, 0x00, 0x9D, 0x7E, 0x05, 0xDE, 0xED, 0xF4, 0xB7, 0xB2, 
+	0xFB, 0xFC, 0x30, 0x4B, 0x55, 0x1D, 0xE3, 0x2F, 0x01, 0x47, 
+	0x96, 0x69, 0x05, 0xCD, 0x0E, 0x2E, 0x2C, 0xBD, 0x83, 0x63, 
+	0xB6, 0xAB, 0x7C, 0xB7, 0x6D, 0xCA, 0x5B, 0x64, 0xA7, 0xCE, 
+	0xBE, 0x86, 0xDF, 0x3B, 0x53, 0xDE, 0x61, 0xD2, 0x1E, 0xEB, 
+	0xA5, 0xF6, 0x37, 0xED, 0xAC, 0xAB, 0x78, 0xD9, 0x4C, 0xE7, 
+	0x55, 0xFB, 0xD7, 0x11, 0x99, 0xC1, 0x02, 0x40, 0x18, 0x98, 
+	0x18, 0x29, 0xE6, 0x1E, 0x27, 0x39, 0x70, 0x21, 0x68, 0xAC, 
+	0x0A, 0x2F, 0xA1, 0x72, 0xC1, 0x21, 0x86, 0x95, 0x38, 0xC6, 
+	0x58, 0x90, 0xA0, 0x57, 0x9C, 0xBA, 0xE3, 0xA7, 0xB1, 0x15, 
+	0xC8, 0xDE, 0xF6, 0x1B, 0xC2, 0x61, 0x23, 0x76, 0xEF, 0xB0, 
+	0x9D, 0x1C, 0x44, 0xBE, 0x13, 0x43, 0x39, 0x67, 0x17, 0xC8, 
+	0x9D, 0xCA, 0xFB, 0xF5, 0x45, 0x64, 0x8B, 0x38, 0x82, 0x2C, 
+	0xF2, 0x81, 0x02, 0x40, 0x39, 0x89, 0xE5, 0x9C, 0x19, 0x55, 
+	0x30, 0xBA, 0xB7, 0x48, 0x8C, 0x48, 0x14, 0x0E, 0xF4, 0x9F, 
+	0x7E, 0x77, 0x97, 0x43, 0xE1, 0xB4, 0x19, 0x35, 0x31, 0x23, 
+	0x75, 0x9C, 0x3B, 0x44, 0xAD, 0x69, 0x12, 0x56, 0xEE, 0x00, 
+	0x61, 0x64, 0x16, 0x66, 0xD3, 0x7C, 0x74, 0x2B, 0x15, 0xB4, 
+	0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, 
+	0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2
+};
+const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
+
+/* ./certs/1024/client-cert.der, 1024-bit */
+const unsigned char client_cert_der_1024[] =
+{
+	0x30, 0x82, 0x02, 0xEC, 0x30, 0x82, 0x02, 0x55, 0xA0, 0x03, 
+	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x8D, 0x0D, 0xAC, 0xFE, 
+	0xC6, 0x98, 0x45, 0x26, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
+	0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
+	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 
+	0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 
+	0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 
+	0x07, 0x0C, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 
+	0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 
+	0x0C, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 
+	0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 
+	0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 
+	0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 
+	0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 
+	0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 
+	0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 
+	0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 
+	0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, 
+	0x30, 0x31, 0x31, 0x38, 0x32, 0x31, 0x34, 0x32, 0x34, 0x39, 
+	0x5A, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x30, 0x31, 0x35, 0x32, 
+	0x31, 0x34, 0x32, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8E, 0x31, 
+	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
+	0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 
+	0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 
+	0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x08, 
+	0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, 
+	0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x05, 0x79, 
+	0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 
+	0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 
+	0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 
+	0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77, 0x77, 0x77, 
+	0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
+	0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
+	0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, 
+	0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 
+	0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 
+	0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 
+	0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 0xEF, 
+	0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 0xB3, 
+	0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 0xD1, 
+	0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 0xCA, 
+	0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 0xC4, 
+	0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 0xBB, 
+	0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 0x39, 
+	0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 0x4D, 
+	0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 0xC9, 
+	0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 0xE8, 
+	0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, 
+	0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, 
+	0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, 
+	0x01, 0x00, 0x01, 0xA3, 0x50, 0x30, 0x4E, 0x30, 0x1D, 0x06, 
+	0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 
+	0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 
+	0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x1F, 
+	0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 
+	0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 
+	0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 
+	0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 
+	0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 
+	0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 
+	0x03, 0x81, 0x81, 0x00, 0x72, 0x66, 0x0F, 0x6A, 0xA1, 0x85, 
+	0x95, 0x06, 0xE6, 0x87, 0x1A, 0xED, 0x2B, 0xDA, 0xED, 0x84, 
+	0x90, 0x89, 0xA6, 0x31, 0x4D, 0x60, 0xF2, 0x7B, 0x63, 0x0C, 
+	0xDC, 0x9B, 0x44, 0x4C, 0xD6, 0x62, 0x41, 0x24, 0x74, 0x30, 
+	0x70, 0x4E, 0x07, 0x10, 0x05, 0x12, 0x5E, 0x14, 0xB3, 0xDD, 
+	0xCF, 0x58, 0x27, 0x93, 0xCF, 0xAA, 0x4F, 0x85, 0x2C, 0x35, 
+	0x0E, 0xFF, 0x5B, 0xA8, 0x6B, 0xB5, 0x95, 0x32, 0xD5, 0xCC, 
+	0x73, 0x68, 0x5B, 0x1B, 0xC4, 0xF8, 0x89, 0x5E, 0x3D, 0xF8, 
+	0x02, 0x39, 0x32, 0x7D, 0x06, 0xA4, 0x32, 0xE9, 0xB3, 0xEF, 
+	0x62, 0xA0, 0x43, 0x5D, 0x4F, 0xFB, 0xCE, 0x3D, 0x08, 0x33, 
+	0xAF, 0x3D, 0x7F, 0x12, 0xCB, 0x8A, 0x5A, 0xC2, 0x63, 0xDB, 
+	0x3E, 0xDD, 0xEA, 0x5B, 0x67, 0x10, 0x49, 0x9F, 0x5B, 0x96, 
+	0x1B, 0x4E, 0x5D, 0xBC, 0x4E, 0x9A, 0x7C, 0x1F, 0xAB, 0x56, 
+	0x47, 0x4A
+};
+const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
+
+/* ./certs/1024/dh1024.der, 1024-bit */
+const unsigned char dh_key_der_1024[] =
+{
+	0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8, 
+	0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16, 
+	0x86, 0x5A, 0x4B, 0x05, 0x76, 0x90, 0xDD, 0x66, 0x61, 0xB9, 
+	0x6D, 0x52, 0xA7, 0x1C, 0xAF, 0x62, 0xC6, 0x69, 0x47, 0x7B, 
+	0x39, 0xF2, 0xFB, 0x94, 0xEC, 0xBC, 0x79, 0xFF, 0x24, 0x5E, 
+	0xEF, 0x79, 0xBB, 0x59, 0xB2, 0xFC, 0xCA, 0x07, 0xD6, 0xF4, 
+	0xE9, 0x34, 0xF7, 0xE8, 0x38, 0xE7, 0xD7, 0x33, 0x44, 0x1D, 
+	0xA3, 0x64, 0x76, 0x1A, 0x84, 0x97, 0x54, 0x74, 0x40, 0x84, 
+	0x1F, 0x15, 0xFE, 0x7C, 0x25, 0x2A, 0x2B, 0x25, 0xFD, 0x9E, 
+	0xC1, 0x89, 0x33, 0x8C, 0x39, 0x25, 0x2B, 0x40, 0xE6, 0xCD, 
+	0xF8, 0xA8, 0xA1, 0x8A, 0x53, 0xC6, 0x47, 0xB2, 0xA0, 0xD7, 
+	0x8F, 0xEB, 0x2E, 0x60, 0x0A, 0x0D, 0x4B, 0xF8, 0xB4, 0x94, 
+	0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, 
+	0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02
+};
+const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
+
+/* ./certs/1024/dsa1024.der, 1024-bit */
+const unsigned char dsa_key_der_1024[] =
+{
+	0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
+	0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE, 
+	0x1E, 0x4E, 0x71, 0x88, 0x85, 0xF2, 0xB7, 0xBA, 0xE2, 0x4A, 
+	0xDA, 0x76, 0x40, 0xCD, 0x69, 0x48, 0x9E, 0x83, 0x7C, 0x11, 
+	0xF7, 0x65, 0x31, 0x78, 0xF5, 0x25, 0x2D, 0xF7, 0xB7, 0xF8, 
+	0x52, 0x3F, 0xBE, 0xD8, 0xB6, 0xC5, 0xFE, 0x18, 0x15, 0x5B, 
+	0xB9, 0xD5, 0x92, 0x86, 0xBC, 0xB2, 0x17, 0x7C, 0xD8, 0xB0, 
+	0xBE, 0xA0, 0x7C, 0xF2, 0xD5, 0x73, 0x7A, 0x58, 0x8F, 0x8D, 
+	0xE5, 0x4A, 0x00, 0x99, 0x83, 0x4A, 0xC0, 0x9E, 0x16, 0x09, 
+	0xA1, 0x10, 0x34, 0xD5, 0x19, 0xBB, 0x63, 0xE3, 0xDD, 0x83, 
+	0x74, 0x7F, 0x10, 0xCA, 0x73, 0x75, 0xEE, 0x31, 0x4A, 0xDD, 
+	0x9F, 0xE0, 0x02, 0x6A, 0x9D, 0xEE, 0xB2, 0x4B, 0xA7, 0x6B, 
+	0x2A, 0x6C, 0xC7, 0x86, 0x77, 0xE8, 0x04, 0x15, 0xDC, 0x92, 
+	0xB4, 0x7A, 0x29, 0x1F, 0x4E, 0x83, 0x63, 0x85, 0x55, 0x02, 
+	0x15, 0x00, 0xD2, 0x05, 0xE4, 0x73, 0xFB, 0xC1, 0x99, 0xC5, 
+	0xDC, 0x68, 0xA4, 0x8D, 0x92, 0x27, 0x3D, 0xE2, 0x52, 0x5F, 
+	0x89, 0x8B, 0x02, 0x81, 0x81, 0x00, 0xAA, 0x21, 0x02, 0x09, 
+	0x43, 0x6E, 0xFB, 0xA2, 0x54, 0x14, 0x85, 0x0A, 0xF4, 0x28, 
+	0x7C, 0xCB, 0xCC, 0xDB, 0xF5, 0x1E, 0xA2, 0x18, 0xA9, 0x21, 
+	0xDE, 0x88, 0x88, 0x33, 0x8C, 0x2E, 0xEB, 0x8D, 0xA3, 0xF0, 
+	0x1D, 0xC8, 0x8F, 0xF6, 0x7E, 0xF8, 0xCF, 0x12, 0xF5, 0xB4, 
+	0xA1, 0x11, 0x6F, 0x0C, 0xD4, 0xF0, 0x06, 0xAD, 0xC4, 0xFC, 
+	0x14, 0x45, 0xC7, 0x94, 0x15, 0xBC, 0x19, 0x4B, 0xAE, 0xEF, 
+	0x93, 0x6A, 0x4F, 0xCC, 0x14, 0xD8, 0x47, 0x8B, 0x39, 0x66, 
+	0x87, 0x02, 0xD4, 0x28, 0x0A, 0xB8, 0xEE, 0x09, 0x37, 0xF4, 
+	0x00, 0xA0, 0x04, 0xA7, 0x79, 0xA7, 0xD2, 0x3C, 0xF7, 0x34, 
+	0x43, 0x56, 0x8E, 0xD0, 0x7C, 0xC2, 0xD8, 0x4D, 0x0F, 0x89, 
+	0xED, 0x14, 0xC1, 0x2C, 0x9C, 0x4C, 0x19, 0x9B, 0x9E, 0xDC, 
+	0x53, 0x09, 0x9F, 0xDF, 0x2D, 0xF0, 0x0C, 0x27, 0x54, 0x3A, 
+	0x77, 0x14, 0x2D, 0xDE, 0x02, 0x81, 0x81, 0x00, 0xE8, 0x1F, 
+	0x7C, 0xB7, 0xC0, 0x54, 0x51, 0xA7, 0x28, 0x2D, 0x58, 0x7C, 
+	0xDE, 0xD4, 0x5C, 0xDD, 0xD5, 0x76, 0x84, 0x3C, 0x36, 0x20, 
+	0xC0, 0xC3, 0x25, 0xD7, 0x3A, 0x38, 0xE1, 0x54, 0xC8, 0xFD, 
+	0x40, 0x68, 0x1A, 0x21, 0x54, 0x26, 0x39, 0x14, 0xBF, 0xF6, 
+	0xA3, 0x9C, 0x5E, 0xD9, 0x2B, 0xF7, 0xC9, 0x25, 0xBA, 0x00, 
+	0x09, 0xCB, 0x7F, 0x0C, 0x4A, 0x24, 0xFD, 0x15, 0x16, 0x15, 
+	0x48, 0xCD, 0x0B, 0x52, 0x44, 0x40, 0x7B, 0x90, 0x63, 0x2B, 
+	0x90, 0x22, 0xC5, 0x18, 0x05, 0x80, 0x53, 0xAF, 0x83, 0x1F, 
+	0x54, 0xE2, 0xB0, 0xA2, 0x0B, 0x5A, 0x92, 0x24, 0xE1, 0x62, 
+	0x28, 0x3F, 0xB7, 0xCA, 0xB9, 0x89, 0xD6, 0xA0, 0xB7, 0xAD, 
+	0xAE, 0x05, 0xE1, 0xC1, 0x59, 0x40, 0xED, 0x4A, 0x1B, 0x68, 
+	0xA7, 0x7B, 0xFB, 0xC3, 0x20, 0x81, 0xEF, 0x4B, 0xF3, 0x69, 
+	0x91, 0xB0, 0xCE, 0x3A, 0xB0, 0x38, 0x02, 0x14, 0x25, 0x38, 
+	0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, 
+	0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18
+};
+const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
+
+/* ./certs/1024/rsa1024.der, 1024-bit */
+const unsigned char rsa_key_der_1024[] =
+{
+	0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
+	0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE, 
+	0x66, 0xD8, 0x90, 0x88, 0xE0, 0xF1, 0xB7, 0xC3, 0xD0, 0xD2, 
+	0x3E, 0xE6, 0x4B, 0x94, 0x74, 0xB0, 0xFF, 0xB0, 0xF7, 0x63, 
+	0xA5, 0xAB, 0x7E, 0xAF, 0xB6, 0x2B, 0xB7, 0x38, 0x16, 0x1A, 
+	0x50, 0xBF, 0xF1, 0xCA, 0x87, 0x3A, 0xD5, 0xB0, 0xDA, 0xF8, 
+	0x43, 0x7A, 0x15, 0xB9, 0x7E, 0xEA, 0x2A, 0x80, 0xD2, 0x51, 
+	0xB0, 0x35, 0xAF, 0x07, 0xF3, 0xF2, 0x5D, 0x24, 0x3A, 0x4B, 
+	0x87, 0x56, 0x48, 0x1B, 0x3C, 0x24, 0x9A, 0xDA, 0x70, 0x80, 
+	0xBD, 0x3C, 0x8B, 0x03, 0x4A, 0x0C, 0x83, 0x71, 0xDE, 0xE3, 
+	0x03, 0x70, 0xA2, 0xB7, 0x60, 0x09, 0x1B, 0x5E, 0xC7, 0x3D, 
+	0xA0, 0x64, 0x60, 0xE3, 0xA9, 0x06, 0x8D, 0xD3, 0xFF, 0x42, 
+	0xBB, 0x0A, 0x94, 0x27, 0x2D, 0x57, 0x42, 0x0D, 0xB0, 0x2D, 
+	0xE0, 0xBA, 0x18, 0x25, 0x60, 0x92, 0x11, 0x92, 0xF3, 0x02, 
+	0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0E, 0xEE, 0x1D, 
+	0xC8, 0x2F, 0x7A, 0x0C, 0x2D, 0x44, 0x94, 0xA7, 0x91, 0xDD, 
+	0x49, 0x55, 0x6A, 0x04, 0xCE, 0x10, 0x4D, 0xA2, 0x1C, 0x76, 
+	0xCD, 0x17, 0x3B, 0x54, 0x92, 0x70, 0x9B, 0x82, 0x70, 0x72, 
+	0x32, 0x24, 0x07, 0x3F, 0x3C, 0x6C, 0x5F, 0xBC, 0x4C, 0xA6, 
+	0x86, 0x27, 0x94, 0xAD, 0x42, 0xDD, 0x87, 0xDC, 0xC0, 0x6B, 
+	0x44, 0x89, 0xF3, 0x3F, 0x1A, 0x3E, 0x11, 0x44, 0x84, 0x2E, 
+	0x69, 0x4C, 0xBB, 0x4A, 0x71, 0x1A, 0xBB, 0x9A, 0x52, 0x3C, 
+	0x6B, 0xDE, 0xBC, 0xB2, 0x7C, 0x51, 0xEF, 0x4F, 0x8F, 0x3A, 
+	0xDC, 0x50, 0x04, 0x4E, 0xB6, 0x31, 0x66, 0xA8, 0x8E, 0x06, 
+	0x3B, 0x51, 0xA9, 0xC1, 0x8A, 0xCB, 0xC4, 0x81, 0xCA, 0x2D, 
+	0x69, 0xEC, 0x88, 0xFC, 0x33, 0x88, 0xD1, 0xD4, 0x29, 0x47, 
+	0x87, 0x37, 0xF9, 0x6A, 0x22, 0x69, 0xB9, 0xC9, 0xFE, 0xEB, 
+	0x8C, 0xC5, 0x21, 0x41, 0x71, 0x02, 0x41, 0x00, 0xFD, 0x17, 
+	0x98, 0x42, 0x54, 0x1C, 0x23, 0xF8, 0xD7, 0x5D, 0xEF, 0x49, 
+	0x4F, 0xAF, 0xD9, 0x35, 0x6F, 0x08, 0xC6, 0xC7, 0x40, 0x5C, 
+	0x7E, 0x58, 0x86, 0xC2, 0xB2, 0x16, 0x39, 0x24, 0xC5, 0x06, 
+	0xB0, 0x3D, 0xAF, 0x02, 0xD2, 0x87, 0x77, 0xD2, 0x76, 0xBA, 
+	0xE3, 0x59, 0x60, 0x42, 0xF1, 0x16, 0xEF, 0x33, 0x0B, 0xF2, 
+	0x0B, 0xBA, 0x99, 0xCC, 0xB6, 0x4C, 0x46, 0x3F, 0x33, 0xE4, 
+	0xD4, 0x67, 0x02, 0x41, 0x00, 0xC0, 0xA0, 0x91, 0x6D, 0xFE, 
+	0x28, 0xE0, 0x81, 0x5A, 0x15, 0xA7, 0xC9, 0xA8, 0x98, 0xC6, 
+	0x0A, 0xAB, 0x00, 0xC5, 0x40, 0xC9, 0x21, 0xBB, 0xB2, 0x33, 
+	0x5A, 0xA7, 0xCB, 0x6E, 0xB8, 0x08, 0x56, 0x4A, 0x76, 0x28, 
+	0xE8, 0x6D, 0xBD, 0xF5, 0x26, 0x7B, 0xBF, 0xC5, 0x46, 0x45, 
+	0x0D, 0xEC, 0x7D, 0xEE, 0x82, 0xD6, 0xCA, 0x5F, 0x3D, 0x6E, 
+	0xCC, 0x94, 0x73, 0xCD, 0xCE, 0x86, 0x6E, 0x95, 0x95, 0x02, 
+	0x40, 0x38, 0xFD, 0x28, 0x1E, 0xBF, 0x5B, 0xBA, 0xC9, 0xDC, 
+	0x8C, 0xDD, 0x45, 0xAF, 0xB8, 0xD3, 0xFB, 0x11, 0x2E, 0x73, 
+	0xBC, 0x08, 0x05, 0x0B, 0xBA, 0x19, 0x56, 0x1B, 0xCD, 0x9F, 
+	0x3E, 0x65, 0x53, 0x15, 0x3A, 0x3E, 0x7F, 0x2F, 0x32, 0xAB, 
+	0xCB, 0x6B, 0x4A, 0xB7, 0xC8, 0xB7, 0x41, 0x3B, 0x92, 0x43, 
+	0x78, 0x46, 0x17, 0x51, 0x86, 0xC9, 0xFC, 0xEB, 0x8B, 0x8F, 
+	0x41, 0xCA, 0x08, 0x9B, 0xBF, 0x02, 0x41, 0x00, 0xAD, 0x9B, 
+	0x89, 0xB6, 0xF2, 0x8C, 0x70, 0xDA, 0xE4, 0x10, 0x04, 0x6B, 
+	0x11, 0x92, 0xAF, 0x5A, 0xCA, 0x08, 0x25, 0xBF, 0x60, 0x07, 
+	0x11, 0x1D, 0x68, 0x7F, 0x5A, 0x1F, 0x55, 0x28, 0x74, 0x0B, 
+	0x21, 0x8D, 0x21, 0x0D, 0x6A, 0x6A, 0xFB, 0xD9, 0xB5, 0x4A, 
+	0x7F, 0x47, 0xF7, 0xD0, 0xB6, 0xC6, 0x41, 0x02, 0x97, 0x07, 
+	0x49, 0x93, 0x1A, 0x9B, 0x33, 0x68, 0xB3, 0xA2, 0x61, 0x32, 
+	0xA5, 0x89, 0x02, 0x41, 0x00, 0x8F, 0xEF, 0xAD, 0xB5, 0xB0, 
+	0xB0, 0x7E, 0x86, 0x03, 0x43, 0x93, 0x6E, 0xDD, 0x3C, 0x2D, 
+	0x9B, 0x6A, 0x55, 0xFF, 0x6F, 0x3E, 0x70, 0x2A, 0xD4, 0xBF, 
+	0x1F, 0x8C, 0x93, 0x60, 0x9E, 0x6D, 0x2F, 0x18, 0x6C, 0x11, 
+	0x36, 0x98, 0x3F, 0x10, 0x78, 0xE8, 0x3E, 0x8F, 0xFE, 0x55, 
+	0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, 
+	0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3
+};
+const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
+
+#elif defined(USE_CERT_BUFFERS_2048)
+
+/* ./certs/client-key.der, 2048-bit */
+const unsigned char client_key_der_2048[] =
+{
+	0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
+	0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, 
+	0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, 
+	0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 
+	0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 
+	0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 
+	0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 
+	0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 
+	0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 
+	0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 
+	0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 
+	0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 
+	0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 
+	0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, 
+	0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, 
+	0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 
+	0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 
+	0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 
+	0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, 
+	0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, 
+	0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 
+	0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 
+	0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 
+	0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 
+	0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 
+	0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, 
+	0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, 
+	0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, 
+	0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, 
+	0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, 
+	0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, 
+	0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, 
+	0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, 
+	0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, 
+	0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, 
+	0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, 
+	0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, 
+	0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, 
+	0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, 
+	0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, 
+	0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, 
+	0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, 
+	0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, 
+	0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, 
+	0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, 
+	0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, 
+	0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, 
+	0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, 
+	0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, 
+	0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, 
+	0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, 
+	0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, 
+	0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, 
+	0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, 
+	0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, 
+	0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, 
+	0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, 
+	0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, 
+	0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, 
+	0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, 
+	0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, 
+	0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, 
+	0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, 
+	0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, 
+	0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, 
+	0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, 
+	0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, 
+	0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, 
+	0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, 
+	0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, 
+	0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, 
+	0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, 
+	0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, 
+	0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, 
+	0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, 
+	0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, 
+	0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, 
+	0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, 
+	0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, 
+	0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, 
+	0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, 
+	0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, 
+	0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, 
+	0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, 
+	0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, 
+	0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, 
+	0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, 
+	0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, 
+	0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, 
+	0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, 
+	0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, 
+	0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, 
+	0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, 
+	0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, 
+	0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, 
+	0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, 
+	0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, 
+	0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, 
+	0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, 
+	0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, 
+	0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, 
+	0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, 
+	0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, 
+	0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, 
+	0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, 
+	0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, 
+	0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, 
+	0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, 
+	0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, 
+	0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, 
+	0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, 
+	0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, 
+	0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, 
+	0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, 
+	0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, 
+	0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, 
+	0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, 
+	0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, 
+	0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, 
+	0xF5, 0xBF
+};
+const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
+
+/* ./certs/client-cert.der, 2048-bit */
+const unsigned char client_cert_der_2048[] =
+{
+	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
+	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB6, 0x63, 0xAF, 0x8F, 
+	0x5D, 0x62, 0x57, 0xA0, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
+	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
+	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
+	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
+	0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 
+	0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 
+	0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 
+	0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 
+	0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 
+	0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 
+	0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
+	0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 
+	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 
+	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
+	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
+	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
+	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x31, 0x31, 
+	0x31, 0x37, 0x33, 0x39, 0x34, 0x34, 0x5A, 0x17, 0x0D, 0x31, 
+	0x37, 0x30, 0x34, 0x30, 0x36, 0x31, 0x37, 0x33, 0x39, 0x34, 
+	0x34, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
+	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
+	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
+	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
+	0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 
+	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
+	0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 
+	0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 
+	0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 
+	0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
+	0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 
+	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
+	0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
+	0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 
+	0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 
+	0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 
+	0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 
+	0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 
+	0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 
+	0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 
+	0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 
+	0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 
+	0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 
+	0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 
+	0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 
+	0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 
+	0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 
+	0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 
+	0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 
+	0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 
+	0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 
+	0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 
+	0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 
+	0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 
+	0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 
+	0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 
+	0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 
+	0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 
+	0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 
+	0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 
+	0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 
+	0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 
+	0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 
+	0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 
+	0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 
+	0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 
+	0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 
+	0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 
+	0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 
+	0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 
+	0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 
+	0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 
+	0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 
+	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
+	0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
+	0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 
+	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 
+	0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 
+	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 
+	0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 
+	0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 
+	0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 
+	0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 
+	0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 
+	0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 
+	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
+	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
+	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
+	0xB6, 0x63, 0xAF, 0x8F, 0x5D, 0x62, 0x57, 0xA0, 0x30, 0x0C, 
+	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
+	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
+	0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 
+	0x01, 0x00, 0x85, 0x10, 0x90, 0xC5, 0x5D, 0xDE, 0x25, 0x8C, 
+	0xF2, 0x57, 0x7B, 0x2D, 0x14, 0x1C, 0x05, 0xF9, 0x71, 0x63, 
+	0x40, 0xB0, 0xE3, 0xC1, 0xC1, 0x2E, 0x13, 0x2A, 0x7A, 0xB7, 
+	0xD6, 0x24, 0x58, 0x87, 0xEB, 0x03, 0xFB, 0x0D, 0xAF, 0xE0, 
+	0xF4, 0xD0, 0xC8, 0xBC, 0x51, 0x36, 0x10, 0x4F, 0x79, 0xCC, 
+	0x4F, 0x66, 0x7D, 0xAF, 0x99, 0xCB, 0x7B, 0xCE, 0x68, 0x94, 
+	0xC6, 0x36, 0xAA, 0x42, 0x6E, 0x8C, 0x78, 0x5B, 0xB2, 0x85, 
+	0xCA, 0xD1, 0xE1, 0xA8, 0x31, 0xD1, 0x81, 0xD9, 0xF9, 0xC1, 
+	0xA3, 0x9E, 0x34, 0x43, 0xEF, 0x0A, 0x79, 0x7D, 0x3E, 0x83, 
+	0x61, 0xFC, 0x14, 0x5C, 0xD1, 0xDD, 0xBC, 0x0E, 0xD7, 0x51, 
+	0xB7, 0x71, 0x6E, 0x41, 0x7E, 0x8B, 0x2C, 0x5A, 0x9A, 0xCB, 
+	0x77, 0x4B, 0x6A, 0xF5, 0x06, 0xFF, 0x02, 0xAF, 0x1E, 0xE6, 
+	0x63, 0x4F, 0xBC, 0x44, 0xD9, 0x3F, 0x56, 0x9E, 0x09, 0x9C, 
+	0x43, 0xF9, 0x55, 0x21, 0x32, 0x46, 0x82, 0x09, 0x86, 0xA9, 
+	0x7B, 0x74, 0x1C, 0x9E, 0x5A, 0x2A, 0xBF, 0x03, 0x79, 0x91, 
+	0xCB, 0xF2, 0x29, 0x7F, 0xC9, 0x15, 0x82, 0x89, 0xB9, 0x53, 
+	0xCD, 0x7E, 0x07, 0x90, 0xA9, 0x5D, 0x76, 0xE1, 0x19, 0x5E, 
+	0x0D, 0x58, 0xB8, 0x59, 0xD5, 0x0D, 0xDF, 0x23, 0xAB, 0x6B, 
+	0x63, 0x76, 0x19, 0x9E, 0x9C, 0xDF, 0xB0, 0x57, 0x49, 0x6C, 
+	0xD0, 0x86, 0x97, 0xC3, 0x6C, 0x3C, 0xFA, 0xE0, 0x56, 0xC2, 
+	0x1B, 0xE3, 0xA1, 0x42, 0x1A, 0x58, 0x62, 0x85, 0x9D, 0x74, 
+	0x19, 0x83, 0x08, 0xAF, 0x59, 0x90, 0xF8, 0x99, 0xBD, 0x67, 
+	0xD3, 0x4A, 0xEA, 0x0E, 0xC9, 0xCA, 0x61, 0x8A, 0x0D, 0x8A, 
+	0x42, 0xCC, 0x90, 0xE9, 0x2E, 0xC2, 0x54, 0x73, 0x7F, 0x5E, 
+	0xAF, 0x8D, 0xE2, 0x32, 0xCB, 0x45, 0x20, 0xD6, 0x19, 0x4D, 
+	0x5B, 0x77, 0x31, 0xCC, 0x0F, 0x2D, 0xC0, 0x7E
+};
+const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
+
+/* ./certs/dh2048.der, 2048-bit */
+const unsigned char dh_key_der_2048[] =
+{
+	0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, 
+	0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 
+	0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, 
+	0xEF, 0x4A, 0xC6, 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, 
+	0x0A, 0x5C, 0x91, 0xDD, 0xA2, 0xC2, 0x94, 0x84, 0xBF, 0x7D, 
+	0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, 0xC5, 0xBE, 0x72, 
+	0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, 0x85, 
+	0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, 
+	0x3D, 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, 
+	0xD1, 0x17, 0x46, 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, 
+	0x39, 0x6D, 0x30, 0x8D, 0x2A, 0xF3, 0x94, 0xD3, 0x75, 0xCF, 
+	0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, 0x70, 0x05, 0xAA, 
+	0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, 0x50, 
+	0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, 
+	0xAE, 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, 
+	0x12, 0x7E, 0x5A, 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, 
+	0xCC, 0x16, 0x30, 0xDB, 0x0C, 0xFC, 0xC5, 0x62, 0xA7, 0x35, 
+	0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, 0xF6, 0xD9, 0xC9, 
+	0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, 0x6C, 
+	0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, 
+	0x48, 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, 
+	0x30, 0x07, 0x48, 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, 
+	0xE3, 0x48, 0xD3, 0x58, 0x4B, 0xA6, 0xB9, 0xCD, 0x29, 0xBF, 
+	0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, 0x5C, 0x6B, 0xD6, 
+	0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, 0xBB, 
+	0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 
+	0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02
+};
+const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
+
+/* ./certs/dsa2048.der, 2048-bit */
+const unsigned char dsa_key_der_2048[] =
+{
+	0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
+	0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C, 
+	0xDA, 0x52, 0xDF, 0xC7, 0xC0, 0xE6, 0x06, 0xA4, 0x3E, 0x8A, 
+	0x66, 0x49, 0xD0, 0x59, 0x33, 0x51, 0x69, 0xC4, 0x9C, 0x5E, 
+	0x64, 0x85, 0xC7, 0xF1, 0xAB, 0xD5, 0xD9, 0x62, 0xAC, 0xFD, 
+	0xA1, 0xE0, 0x1B, 0x57, 0xFF, 0x96, 0xEF, 0x0C, 0x9F, 0xC8, 
+	0x44, 0x87, 0xEB, 0x5C, 0x91, 0xD0, 0x46, 0x42, 0x09, 0x50, 
+	0x6A, 0x23, 0xCB, 0x89, 0x6F, 0x55, 0xE9, 0x6A, 0x11, 0xA9, 
+	0xA8, 0x32, 0xAB, 0x33, 0x0D, 0x51, 0xB5, 0x79, 0x51, 0xB4, 
+	0xAB, 0xA2, 0x25, 0x11, 0x8D, 0xE5, 0x24, 0xBE, 0xD8, 0xF1, 
+	0x9D, 0x4E, 0x12, 0x6F, 0xAC, 0x44, 0x54, 0x80, 0xA9, 0xB4, 
+	0x81, 0x68, 0x4E, 0x44, 0x0E, 0xB8, 0x39, 0xF3, 0xBE, 0x83, 
+	0x08, 0x74, 0xA2, 0xC6, 0x7A, 0xD7, 0x6A, 0x7D, 0x0A, 0x88, 
+	0x57, 0x83, 0x48, 0xDC, 0xCF, 0x5E, 0x6F, 0xEE, 0x68, 0x0C, 
+	0xF7, 0xFF, 0x03, 0x04, 0x90, 0xAA, 0xF7, 0x07, 0x98, 0xF8, 
+	0x67, 0x5A, 0x83, 0x23, 0x66, 0x47, 0x60, 0xC3, 0x43, 0x6E, 
+	0x03, 0x91, 0xAC, 0x28, 0x66, 0xCB, 0xF0, 0xD3, 0x05, 0xC8, 
+	0x09, 0x97, 0xB5, 0xAE, 0x01, 0x5E, 0x80, 0x3B, 0x9D, 0x4F, 
+	0xDE, 0x3E, 0x94, 0xFE, 0xCB, 0x82, 0xB0, 0xB1, 0xFC, 0x91, 
+	0x8B, 0x1D, 0x8A, 0xEE, 0xC6, 0x06, 0x1F, 0x37, 0x91, 0x48, 
+	0xD2, 0xF8, 0x6C, 0x5D, 0x60, 0x13, 0x83, 0xA7, 0x81, 0xAC, 
+	0xCA, 0x8D, 0xD0, 0x6A, 0x04, 0x0A, 0xEA, 0x3E, 0x22, 0x4E, 
+	0x13, 0xF1, 0x0D, 0xBB, 0x60, 0x6B, 0xCD, 0xBC, 0x5C, 0x87, 
+	0xA3, 0x67, 0x2B, 0x42, 0xA1, 0x9F, 0xCD, 0x39, 0x58, 0xBE, 
+	0x55, 0xB1, 0x93, 0x84, 0xCE, 0xB2, 0x10, 0x4E, 0xE4, 0xC3, 
+	0x9F, 0xB2, 0x53, 0x61, 0x01, 0x29, 0xAA, 0x96, 0xCB, 0x20, 
+	0x60, 0x42, 0x1D, 0xBA, 0x75, 0x4B, 0x63, 0xC1, 0x02, 0x15, 
+	0x00, 0xE7, 0xA5, 0x39, 0xD4, 0x6A, 0x37, 0x5E, 0x95, 0x06, 
+	0x39, 0x07, 0x77, 0x0A, 0xEB, 0xA0, 0x03, 0xEB, 0x78, 0x82, 
+	0x9B, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD4, 0x4C, 0x71, 
+	0x2F, 0xEC, 0xFA, 0x32, 0xB2, 0x80, 0x7E, 0x61, 0x4A, 0x6B, 
+	0x5F, 0x18, 0x76, 0x43, 0xC3, 0x69, 0xBA, 0x41, 0xC7, 0xA7, 
+	0x1D, 0x79, 0x01, 0xEC, 0xAF, 0x34, 0x87, 0x67, 0x4F, 0x29, 
+	0x80, 0xA8, 0x3B, 0x87, 0xF6, 0xE8, 0xA1, 0xE8, 0xCD, 0x1B, 
+	0x1C, 0x86, 0x38, 0xF6, 0xD1, 0x0C, 0x46, 0x2E, 0xC8, 0xE0, 
+	0xC9, 0x30, 0x26, 0xD5, 0x2C, 0x7F, 0xC1, 0x08, 0xBF, 0xCC, 
+	0x5A, 0x82, 0x8E, 0xD4, 0xD4, 0x49, 0xAA, 0xA2, 0xFA, 0xE6, 
+	0xC1, 0x9D, 0xF0, 0xD9, 0x96, 0xB0, 0xFF, 0x0C, 0x5B, 0x33, 
+	0x8E, 0x06, 0xDD, 0x9D, 0x28, 0xA9, 0xE9, 0x80, 0x41, 0x3B, 
+	0xD8, 0x7A, 0x94, 0x21, 0x8F, 0x56, 0xF1, 0xA2, 0xB4, 0x2B, 
+	0x89, 0x1C, 0x74, 0xFF, 0x7E, 0x91, 0xDC, 0x1F, 0x91, 0x13, 
+	0x98, 0xAF, 0xC7, 0x06, 0xD2, 0x4C, 0x90, 0xA2, 0xBD, 0xDA, 
+	0x16, 0xBA, 0x65, 0xB0, 0x2D, 0x68, 0x87, 0x3C, 0x6E, 0x25, 
+	0x8D, 0x90, 0xC7, 0xBC, 0x0D, 0xA9, 0x43, 0x03, 0xC9, 0xBE, 
+	0xCF, 0x85, 0x6F, 0xDB, 0x07, 0x7B, 0x8C, 0xF8, 0xB1, 0xC2, 
+	0x49, 0x10, 0x69, 0x63, 0x56, 0x37, 0xC5, 0x30, 0xD2, 0xFB, 
+	0x71, 0x9A, 0xE8, 0x82, 0x07, 0x2E, 0x3E, 0x95, 0x50, 0xF3, 
+	0x73, 0xCF, 0x34, 0x5B, 0xD5, 0xAB, 0x02, 0x15, 0xF2, 0xCC, 
+	0xD7, 0x52, 0xC5, 0x28, 0xD8, 0x41, 0x19, 0x55, 0x6F, 0xB8, 
+	0x5F, 0xF1, 0x99, 0xB3, 0xC7, 0xD9, 0xB3, 0x71, 0xF4, 0x2D, 
+	0xDF, 0x22, 0x59, 0x35, 0x86, 0xDB, 0x39, 0xCA, 0x1B, 0x4D, 
+	0x35, 0x90, 0x19, 0x6B, 0x31, 0xE3, 0xC8, 0xC6, 0x09, 0xBF, 
+	0x7C, 0xED, 0x01, 0xB4, 0xB2, 0xF5, 0x6E, 0xDA, 0x63, 0x41, 
+	0x3C, 0xE6, 0x3A, 0x72, 0x2D, 0x65, 0x48, 0xF6, 0x07, 0xCD, 
+	0x92, 0x84, 0x8B, 0x1D, 0xA7, 0x31, 0x6B, 0xD6, 0xF0, 0xFB, 
+	0xD9, 0xF4, 0x02, 0x82, 0x01, 0x00, 0x66, 0x4B, 0xBB, 0xB7, 
+	0xC9, 0x48, 0x95, 0x0D, 0x5A, 0xA6, 0x2D, 0xA1, 0x7F, 0xDF, 
+	0x1F, 0x67, 0x6D, 0xED, 0x52, 0x4B, 0x16, 0x6C, 0x17, 0xC6, 
+	0xAE, 0xF8, 0x6A, 0xC4, 0x57, 0xED, 0x2F, 0xB3, 0xF0, 0x2A, 
+	0x55, 0xAB, 0xBA, 0xCA, 0xEA, 0x17, 0xE8, 0x35, 0x7C, 0xE5, 
+	0x31, 0x0D, 0x4A, 0x95, 0xFC, 0x43, 0x6F, 0x97, 0x3C, 0x5C, 
+	0x67, 0xAC, 0xBE, 0x67, 0x7F, 0xE9, 0x4E, 0xAA, 0x48, 0xB3, 
+	0x92, 0xA1, 0x76, 0x75, 0xEA, 0x04, 0x34, 0x7F, 0x87, 0x33, 
+	0x2D, 0x24, 0xB6, 0x29, 0x97, 0xE3, 0x04, 0x77, 0x93, 0x89, 
+	0x13, 0xDB, 0x1B, 0x93, 0xB8, 0x2C, 0x90, 0x1A, 0x09, 0x3B, 
+	0x26, 0xD9, 0x59, 0xF3, 0x2A, 0x09, 0x58, 0xDC, 0xAC, 0x25, 
+	0xB4, 0xA9, 0x45, 0x3B, 0xA2, 0x3A, 0x6C, 0x61, 0x84, 0xBF, 
+	0x68, 0xD4, 0xEA, 0x9B, 0xC5, 0x29, 0x48, 0x60, 0x15, 0x10, 
+	0x35, 0x2C, 0x44, 0x1D, 0xB5, 0x9A, 0xEE, 0xAC, 0xC1, 0x68, 
+	0xE8, 0x47, 0xB7, 0x41, 0x34, 0x39, 0x9A, 0xF8, 0xA5, 0x20, 
+	0xE9, 0x24, 0xC4, 0x2C, 0x58, 0x3F, 0x4C, 0x41, 0x30, 0x3A, 
+	0x14, 0x6E, 0x8D, 0xEA, 0xAD, 0xBA, 0x9B, 0x43, 0xD3, 0x98, 
+	0x2F, 0x83, 0xD8, 0x14, 0x67, 0xE8, 0xF8, 0xD5, 0x4F, 0xAC, 
+	0xE0, 0x3B, 0xBF, 0xA7, 0x54, 0x16, 0x5E, 0x49, 0x64, 0x26, 
+	0x54, 0xA4, 0x6B, 0x69, 0x7C, 0xBA, 0x8A, 0x83, 0xD9, 0x2E, 
+	0x65, 0x0A, 0xA2, 0x27, 0xEF, 0x99, 0x99, 0x08, 0xD7, 0xB5, 
+	0x9F, 0xA0, 0x01, 0xEF, 0x7E, 0x17, 0xBF, 0x83, 0x6B, 0x2E, 
+	0xDD, 0xC0, 0x39, 0x38, 0x23, 0x68, 0xB4, 0x76, 0x6B, 0xE5, 
+	0xCA, 0xF7, 0x7C, 0xEE, 0xC0, 0x52, 0xE2, 0xDD, 0xAD, 0x59, 
+	0x3A, 0x42, 0x06, 0x45, 0xB0, 0xC7, 0xC1, 0x77, 0x05, 0xB2, 
+	0x0C, 0x32, 0x40, 0x46, 0xAA, 0xDA, 0x79, 0x77, 0x04, 0x71, 
+	0xDF, 0x7A, 0x02, 0x15, 0x00, 0x98, 0xEE, 0xB9, 0x51, 0x37, 
+	0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, 
+	0x00, 0xCB, 0x62, 0x6D, 0x9A
+};
+const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
+
+/* ./certs/rsa2048.der, 2048-bit */
+const unsigned char rsa_key_der_2048[] =
+{
+	0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
+	0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9, 
+	0x59, 0xA2, 0xDA, 0xAF, 0x74, 0xC8, 0xC9, 0x03, 0x26, 0x38, 
+	0xFA, 0x48, 0xFC, 0x4D, 0x30, 0x6E, 0xEA, 0x76, 0x89, 0xCE, 
+	0x4F, 0xF6, 0x87, 0xDE, 0x32, 0x3A, 0x46, 0x6E, 0x38, 0x12, 
+	0x58, 0x37, 0x22, 0x0D, 0x80, 0xAC, 0x2D, 0xAF, 0x2F, 0x12, 
+	0x3E, 0x62, 0x73, 0x60, 0x66, 0x68, 0x90, 0xB2, 0x6F, 0x47, 
+	0x17, 0x04, 0x2B, 0xCA, 0xB7, 0x26, 0xB7, 0x10, 0xC2, 0x13, 
+	0xF9, 0x7A, 0x62, 0x0A, 0x93, 0x32, 0x90, 0x42, 0x0D, 0x16, 
+	0x2E, 0xFA, 0xD7, 0x29, 0xD7, 0x9F, 0x54, 0xE4, 0xFC, 0x65, 
+	0x74, 0xF8, 0xF6, 0x43, 0x6B, 0x4E, 0x9E, 0x34, 0x7F, 0xCB, 
+	0x6B, 0x1C, 0x1A, 0xDE, 0x82, 0x81, 0xBF, 0x08, 0x5D, 0x3F, 
+	0xC0, 0xB6, 0xB1, 0xA8, 0xA5, 0x9C, 0x81, 0x70, 0xA7, 0x4E, 
+	0x32, 0x87, 0x15, 0x1C, 0x78, 0x0E, 0xF0, 0x18, 0xFE, 0xEB, 
+	0x4B, 0x37, 0x2B, 0xE9, 0xE1, 0xF7, 0xFA, 0x51, 0xC6, 0x58, 
+	0xB9, 0xD8, 0x06, 0x03, 0xED, 0xC0, 0x03, 0x18, 0x55, 0x8B, 
+	0x98, 0xFE, 0xB1, 0xF6, 0xD0, 0x3D, 0xFA, 0x63, 0xC0, 0x38, 
+	0x19, 0xC7, 0x00, 0xEF, 0x4D, 0x99, 0x60, 0xB4, 0xBA, 0xCE, 
+	0xE3, 0xCE, 0xD9, 0x6B, 0x2D, 0x76, 0x94, 0xFF, 0xFB, 0x77, 
+	0x18, 0x4A, 0xFE, 0x65, 0xF0, 0x0A, 0x91, 0x5C, 0x3B, 0x22, 
+	0x94, 0x85, 0xD0, 0x20, 0x18, 0x59, 0x2E, 0xA5, 0x33, 0x03, 
+	0xAC, 0x1B, 0x5F, 0x78, 0x32, 0x11, 0x25, 0xEE, 0x7F, 0x96, 
+	0x21, 0xA9, 0xD6, 0x76, 0x97, 0x8D, 0x66, 0x7E, 0xB2, 0x91, 
+	0xD0, 0x36, 0x2E, 0xA3, 0x1D, 0xBF, 0xF1, 0x85, 0xED, 0xC0, 
+	0x3E, 0x60, 0xB8, 0x5A, 0x9F, 0xAB, 0x80, 0xE0, 0xEA, 0x5D, 
+	0x5F, 0x75, 0x56, 0xC7, 0x4D, 0x51, 0x8E, 0xD4, 0x1F, 0x34, 
+	0xA6, 0x36, 0xF1, 0x30, 0x1F, 0x51, 0x99, 0x2F, 0x02, 0x03, 
+	0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x52, 0x11, 0x33, 
+	0x40, 0xC5, 0xD9, 0x64, 0x65, 0xB5, 0xE0, 0x0A, 0xA5, 0x19, 
+	0x8E, 0xED, 0x44, 0x54, 0x0C, 0x35, 0xB7, 0xAC, 0x21, 0x9B, 
+	0xE1, 0x7E, 0x37, 0x05, 0x9A, 0x20, 0x73, 0x6B, 0xAF, 0x63, 
+	0x4B, 0x23, 0x30, 0xDC, 0x37, 0x66, 0x14, 0x89, 0xBC, 0xE0, 
+	0xF8, 0xA0, 0x5D, 0x2D, 0x57, 0x65, 0xE0, 0xC6, 0xD6, 0x9B, 
+	0x66, 0x27, 0x62, 0xEC, 0xC3, 0xB8, 0x8C, 0xD8, 0xAE, 0xB5, 
+	0xC9, 0xBF, 0x0E, 0xFE, 0x84, 0x72, 0x68, 0xD5, 0x47, 0x0E, 
+	0x0E, 0xF8, 0xAE, 0x9D, 0x56, 0xAC, 0x4F, 0xAD, 0x88, 0xA0, 
+	0xA2, 0xF6, 0xFC, 0x38, 0xCD, 0x96, 0x5B, 0x5E, 0x7E, 0xB6, 
+	0x98, 0xBB, 0xF3, 0x8A, 0xEC, 0xFA, 0xC8, 0xB7, 0x90, 0x75, 
+	0xA0, 0x0E, 0x77, 0x6B, 0xFD, 0x59, 0x45, 0x5A, 0x0C, 0xFF, 
+	0x95, 0x8D, 0xCE, 0xFE, 0x9B, 0xF6, 0x19, 0x8E, 0x0B, 0xA1, 
+	0x0C, 0xEE, 0xC6, 0x79, 0xDD, 0x9D, 0x61, 0x85, 0x5C, 0x19, 
+	0x6C, 0x47, 0xCC, 0x08, 0xFF, 0xA5, 0x62, 0xDB, 0xE4, 0x2D, 
+	0x2D, 0xDD, 0x14, 0x67, 0xD6, 0x4A, 0x64, 0x2A, 0x66, 0x49, 
+	0x54, 0x9C, 0xE3, 0x85, 0x18, 0xE7, 0x31, 0x42, 0xE2, 0xD0, 
+	0x2C, 0x20, 0xA0, 0x74, 0x0F, 0x1F, 0x20, 0x89, 0xBA, 0xAB, 
+	0x80, 0xD8, 0x38, 0xD9, 0x46, 0x69, 0xBB, 0xEF, 0xCC, 0x8B, 
+	0xA1, 0x73, 0xA7, 0xF2, 0xE4, 0x38, 0x5D, 0xD6, 0x75, 0x9F, 
+	0x88, 0x0E, 0x56, 0xCD, 0xD8, 0x84, 0x59, 0x29, 0x73, 0xF5, 
+	0xA1, 0x79, 0xDA, 0x7A, 0x1F, 0xBF, 0x73, 0x83, 0xC0, 0x6D, 
+	0x9F, 0x8B, 0x34, 0x15, 0xC0, 0x6D, 0x69, 0x6A, 0x20, 0xE6, 
+	0x51, 0xCF, 0x45, 0x6E, 0xCC, 0x05, 0xC4, 0x3A, 0xC0, 0x9E, 
+	0xAA, 0xC1, 0x06, 0x2F, 0xAB, 0x99, 0x30, 0xE1, 0x6E, 0x9D, 
+	0x45, 0x7A, 0xFF, 0xA9, 0xCE, 0x70, 0xB8, 0x16, 0x1A, 0x0E, 
+	0x20, 0xFA, 0xC1, 0x02, 0x81, 0x81, 0x00, 0xFF, 0x30, 0x11, 
+	0xC2, 0x3C, 0x6B, 0xB4, 0xD6, 0x9E, 0x6B, 0xC1, 0x93, 0xD1, 
+	0x48, 0xCE, 0x80, 0x2D, 0xBE, 0xAF, 0xF7, 0xBA, 0xB2, 0xD7, 
+	0xC3, 0xC4, 0x53, 0x6E, 0x15, 0x02, 0xAA, 0x61, 0xB9, 0xEA, 
+	0x05, 0x9B, 0x79, 0x67, 0x0B, 0xCE, 0xD9, 0xFB, 0x98, 0x8C, 
+	0x1D, 0x6B, 0xF4, 0x5A, 0xA7, 0xA0, 0x5E, 0x54, 0x18, 0xE9, 
+	0x31, 0x44, 0x7C, 0xC7, 0x52, 0xD8, 0x6D, 0xA0, 0x3E, 0xD6, 
+	0x14, 0x2D, 0x7B, 0x15, 0x9D, 0x1E, 0x39, 0x87, 0x96, 0xDD, 
+	0xA8, 0x33, 0x55, 0x2A, 0x8E, 0x32, 0xC0, 0xC4, 0xE5, 0xB8, 
+	0xCB, 0xCD, 0x32, 0x8D, 0xAD, 0x7B, 0xE5, 0xC6, 0x7E, 0x4D, 
+	0x6F, 0xF3, 0xA4, 0xC5, 0xA6, 0x40, 0xBE, 0x90, 0x3A, 0x33, 
+	0x6A, 0x24, 0xB2, 0x80, 0x81, 0x12, 0xAC, 0xE3, 0x7B, 0x26, 
+	0x63, 0xCF, 0x88, 0xB9, 0xFF, 0x74, 0x23, 0x37, 0x52, 0xF0, 
+	0xC4, 0x27, 0x5D, 0x45, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xEA, 
+	0x48, 0xA7, 0xDD, 0x73, 0x41, 0x56, 0x21, 0x15, 0xF7, 0x42, 
+	0x45, 0x4D, 0xA9, 0xE1, 0x66, 0x5B, 0xBD, 0x25, 0x7D, 0xF7, 
+	0xA8, 0x65, 0x13, 0xAE, 0x2D, 0x38, 0x11, 0xCD, 0x93, 0xFC, 
+	0x30, 0xA3, 0x2C, 0x44, 0xBB, 0xCF, 0xD0, 0x21, 0x8F, 0xFB, 
+	0xC1, 0xF9, 0xAD, 0x1D, 0xEE, 0x96, 0xCF, 0x97, 0x49, 0x60, 
+	0x53, 0x80, 0xA5, 0xA2, 0xF8, 0xEE, 0xB9, 0xD5, 0x77, 0x44, 
+	0xDD, 0xFD, 0x19, 0x2A, 0xF1, 0x81, 0xF4, 0xD9, 0x3C, 0xEC, 
+	0x73, 0xD0, 0x2A, 0xD8, 0x3C, 0x27, 0x87, 0x79, 0x12, 0x86, 
+	0xE7, 0x57, 0x0C, 0x59, 0xD1, 0x44, 0x55, 0xAE, 0xC3, 0x4D, 
+	0x42, 0xAD, 0xA9, 0xB3, 0x28, 0x61, 0xB4, 0x9C, 0xA6, 0x63, 
+	0xD3, 0x96, 0xB1, 0x75, 0x9F, 0x2A, 0x78, 0x99, 0xE3, 0x1E, 
+	0x71, 0x47, 0x39, 0xF4, 0x52, 0xE3, 0x66, 0xF1, 0xEB, 0x7F, 
+	0xEF, 0xC6, 0x81, 0x93, 0x4C, 0x99, 0xF1, 0x02, 0x81, 0x81, 
+	0x00, 0xC5, 0xB6, 0x20, 0x8C, 0x34, 0xF3, 0xDD, 0xF0, 0x4A, 
+	0x5D, 0x82, 0x65, 0x5C, 0x48, 0xE4, 0x75, 0x3A, 0xFB, 0xFA, 
+	0xAA, 0x1C, 0xE4, 0x63, 0x77, 0x31, 0xAC, 0xD2, 0x25, 0x45, 
+	0x23, 0x6D, 0x03, 0xF5, 0xE4, 0xD2, 0x48, 0x85, 0x26, 0x08, 
+	0xE5, 0xAA, 0xA0, 0xCE, 0x2E, 0x1D, 0x6D, 0xFC, 0xAE, 0xD2, 
+	0xF9, 0x42, 0x7E, 0xEA, 0x6D, 0x59, 0x7A, 0xB3, 0x93, 0xE4, 
+	0x4B, 0x4B, 0x54, 0x63, 0xD8, 0xCE, 0x44, 0x06, 0xC2, 0xEC, 
+	0x9F, 0xF6, 0x05, 0x55, 0x46, 0xF4, 0x3E, 0x8F, 0xF2, 0x0C, 
+	0x30, 0x7E, 0x5C, 0xDD, 0x88, 0x49, 0x3B, 0x59, 0xB9, 0x87, 
+	0xBC, 0xC6, 0xC5, 0x24, 0x8A, 0x10, 0x63, 0x21, 0x1F, 0x66, 
+	0x1A, 0x3E, 0xF4, 0x58, 0xD1, 0x6C, 0x0D, 0x40, 0xB2, 0xC0, 
+	0x1D, 0x63, 0x42, 0x0E, 0xC4, 0x56, 0x0E, 0xC0, 0xCC, 0xC2, 
+	0xD6, 0x66, 0x0E, 0xC4, 0xAB, 0xB5, 0x33, 0xF6, 0x51, 0x02, 
+	0x81, 0x80, 0x19, 0x7E, 0xE6, 0xA5, 0xB6, 0xD1, 0x39, 0x6A, 
+	0x48, 0x55, 0xAC, 0x24, 0x96, 0x9B, 0x12, 0x28, 0x6D, 0x7B, 
+	0x5C, 0x05, 0x25, 0x5A, 0x72, 0x05, 0x7E, 0x42, 0xF5, 0x83, 
+	0x1A, 0x78, 0x2C, 0x4D, 0xAE, 0xB4, 0x36, 0x96, 0xA9, 0xBA, 
+	0xE0, 0xAC, 0x26, 0x9D, 0xA9, 0x6A, 0x29, 0x83, 0xB9, 0x6D, 
+	0xC5, 0xEC, 0xFA, 0x4A, 0x9C, 0x09, 0x6A, 0x7E, 0xE4, 0x9B, 
+	0xDC, 0x9B, 0x2A, 0x27, 0x6E, 0x4F, 0xBA, 0xD8, 0xA5, 0x67, 
+	0xDB, 0xEC, 0x41, 0x5F, 0x29, 0x1C, 0x40, 0x83, 0xEB, 0x59, 
+	0x56, 0xD7, 0xA9, 0x4E, 0xAB, 0xAE, 0x70, 0x67, 0xD1, 0xA3, 
+	0xF1, 0x6C, 0xD7, 0x8F, 0x96, 0x0E, 0x8D, 0xAC, 0xAB, 0x55, 
+	0x58, 0x66, 0xD3, 0x1E, 0x47, 0x9B, 0xF0, 0x4C, 0xED, 0xF6, 
+	0x49, 0xE8, 0xE9, 0x7B, 0x32, 0x61, 0x20, 0x31, 0x95, 0x05, 
+	0xB2, 0xF6, 0x09, 0xEA, 0x32, 0x14, 0x0F, 0xCF, 0x9A, 0x41, 
+	0x02, 0x81, 0x80, 0x77, 0x3F, 0xB6, 0x14, 0x8D, 0xC5, 0x13, 
+	0x08, 0x7E, 0xC9, 0xC4, 0xEA, 0xD4, 0xBA, 0x0D, 0xA4, 0x9E, 
+	0xB3, 0x6E, 0xDE, 0x1A, 0x7A, 0xF8, 0x89, 0x88, 0xEF, 0x36, 
+	0x3C, 0x11, 0xBC, 0x83, 0xE8, 0x30, 0x6C, 0x81, 0x7C, 0x47, 
+	0xF3, 0x4D, 0xCA, 0xEA, 0x56, 0x01, 0x62, 0x55, 0x2E, 0x4B, 
+	0x89, 0xA9, 0xBD, 0x6F, 0x01, 0xF6, 0x74, 0x02, 0xAA, 0xE3, 
+	0x84, 0x66, 0x06, 0x95, 0x34, 0xA1, 0xE2, 0xCA, 0x65, 0xFE, 
+	0xA3, 0x2D, 0x43, 0x97, 0x95, 0x6C, 0x6F, 0xD5, 0xB4, 0x38, 
+	0xF6, 0xF9, 0x95, 0x30, 0xFA, 0xF8, 0x9C, 0x25, 0x2B, 0xB6, 
+	0x14, 0x51, 0xCC, 0x2E, 0xB3, 0x5B, 0xD6, 0xDC, 0x1A, 0xEC, 
+	0x2D, 0x09, 0x5B, 0x3F, 0x3A, 0xD0, 0xB8, 0x4E, 0x27, 0x1F, 
+	0xDC, 0x2A, 0xEE, 0xAC, 0xA9, 0x59, 0x5D, 0x07, 0x63, 0x11, 
+	0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, 
+	0x56
+};
+const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
+
+/* ./certs/ca-cert.der, 2048-bit */
+const unsigned char ca_cert_der_2048[] =
+{
+	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
+	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x9A, 0x41, 0x47, 0xCD, 
+	0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
+	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
+	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
+	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
+	0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 
+	0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 
+	0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 
+	0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 
+	0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 
+	0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 
+	0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
+	0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 
+	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 
+	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
+	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
+	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
+	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x31, 0x31, 
+	0x30, 0x33, 0x32, 0x30, 0x30, 0x38, 0x5A, 0x17, 0x0D, 0x31, 
+	0x37, 0x30, 0x34, 0x30, 0x36, 0x30, 0x33, 0x32, 0x30, 0x30, 
+	0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
+	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
+	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
+	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
+	0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 
+	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 
+	0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 
+	0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 
+	0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 
+	0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
+	0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 
+	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
+	0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
+	0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 
+	0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 
+	0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 
+	0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 
+	0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 
+	0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, 
+	0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, 
+	0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, 
+	0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, 
+	0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, 
+	0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, 
+	0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, 
+	0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, 
+	0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, 
+	0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, 
+	0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, 
+	0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, 
+	0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, 
+	0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, 
+	0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, 
+	0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, 
+	0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, 
+	0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, 
+	0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, 
+	0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, 
+	0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, 
+	0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, 
+	0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, 
+	0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, 
+	0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, 
+	0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, 
+	0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 
+	0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 
+	0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 
+	0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 
+	0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 
+	0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 
+	0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 
+	0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 
+	0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 
+	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
+	0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
+	0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 
+	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 
+	0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 
+	0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 
+	0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 
+	0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 
+	0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 
+	0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 
+	0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 
+	0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 
+	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
+	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
+	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
+	0x9A, 0x41, 0x47, 0xCD, 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0C, 
+	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
+	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
+	0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 
+	0x01, 0x00, 0x79, 0x78, 0x0C, 0x6D, 0x79, 0x88, 0x91, 0xFC, 
+	0x3A, 0x15, 0x9C, 0xF9, 0x27, 0x62, 0x16, 0xF0, 0x21, 0x1F, 
+	0xFA, 0x7D, 0x3F, 0xA2, 0xA8, 0x32, 0x1E, 0xF7, 0xF2, 0x11, 
+	0xA9, 0x74, 0x16, 0x74, 0x5E, 0xDC, 0x18, 0xCA, 0xF0, 0x00, 
+	0x2A, 0xD5, 0x03, 0x06, 0x26, 0x30, 0xF1, 0x47, 0x83, 0xFD, 
+	0x32, 0x6E, 0xFC, 0xED, 0xAA, 0x4F, 0x7D, 0x0C, 0x63, 0x60, 
+	0x31, 0x2F, 0x7C, 0x0C, 0xBF, 0x99, 0x66, 0x87, 0xED, 0x27, 
+	0x08, 0x86, 0x2D, 0xC4, 0x33, 0xE8, 0x98, 0x23, 0x1C, 0xFE, 
+	0xA3, 0xDB, 0x9A, 0x49, 0x4E, 0xFC, 0x5A, 0x42, 0xEF, 0x71, 
+	0xC3, 0x3F, 0xAD, 0xDC, 0x4A, 0xA8, 0xD2, 0xA3, 0x1D, 0x09, 
+	0xAC, 0x33, 0x04, 0x7B, 0x86, 0xF3, 0x6D, 0x00, 0x59, 0xA3, 
+	0xC8, 0xDB, 0xD1, 0x3C, 0x73, 0xF6, 0x0E, 0x90, 0xD6, 0x5E, 
+	0x49, 0xE0, 0xBF, 0x36, 0x63, 0x08, 0x7B, 0xA5, 0xB0, 0x8F, 
+	0x35, 0x3B, 0x56, 0x8C, 0x11, 0x35, 0x49, 0x04, 0x1C, 0xD0, 
+	0xE7, 0xBA, 0x56, 0xC5, 0x0D, 0x0A, 0x91, 0x8D, 0xD6, 0xB7, 
+	0x62, 0x19, 0x34, 0x12, 0x52, 0x4C, 0xD2, 0x6D, 0x7C, 0xC5, 
+	0x3D, 0x0F, 0x18, 0x81, 0x54, 0xCB, 0xF6, 0x3C, 0xE5, 0x84, 
+	0xD2, 0xD6, 0x71, 0x15, 0xEC, 0x1A, 0x34, 0x0B, 0xF0, 0xA0, 
+	0x21, 0x74, 0x43, 0xC8, 0xA3, 0xB0, 0xDF, 0xD9, 0x67, 0xDA, 
+	0xE2, 0xAD, 0x93, 0x48, 0xF8, 0xA0, 0x87, 0xBD, 0x79, 0x14, 
+	0xE0, 0x62, 0x0A, 0xDF, 0xF7, 0x31, 0x2E, 0x31, 0x7B, 0xD1, 
+	0x32, 0x2A, 0x0A, 0xFE, 0x5D, 0x14, 0xEF, 0xD9, 0x64, 0x50, 
+	0xE4, 0x83, 0x91, 0xBC, 0x70, 0x0D, 0xD7, 0x88, 0x8D, 0xD9, 
+	0xBC, 0x84, 0x0E, 0xC5, 0x1A, 0xB3, 0xBF, 0x64, 0x02, 0x4E, 
+	0x51, 0x91, 0xA4, 0xA2, 0x85, 0x15, 0x83, 0xAF, 0xF0, 0x5B, 
+	0x9B, 0x28, 0x49, 0x5F, 0xB2, 0xB3, 0x03, 0xD8
+};
+const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
+
+/* ./certs/server-key.der, 2048-bit */
+const unsigned char server_key_der_2048[] =
+{
+	0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
+	0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 
+	0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, 
+	0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, 
+	0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 
+	0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 
+	0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 
+	0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, 
+	0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 
+	0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 
+	0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 
+	0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, 
+	0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, 
+	0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 
+	0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 
+	0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, 
+	0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, 
+	0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 
+	0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 
+	0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 
+	0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, 
+	0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 
+	0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 
+	0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 
+	0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 
+	0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 
+	0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 
+	0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 
+	0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, 0x01, 0xEF, 0x9F, 0xED, 
+	0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, 0x92, 
+	0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 
+	0xC6, 0x79, 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 
+	0x95, 0x77, 0xCB, 0xC3, 0x9A, 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 
+	0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, 0x67, 0x16, 
+	0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 
+	0xFB, 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 
+	0x98, 0x6B, 0x65, 0x9A, 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 
+	0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, 0x60, 0x2A, 0x73, 
+	0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4, 
+	0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 
+	0x25, 0x4E, 0x9F, 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 
+	0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, 0xCA, 0x9A, 0x5B, 0x05, 
+	0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, 0x22, 
+	0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 
+	0x74, 0xD3, 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 
+	0x7A, 0x97, 0x2E, 0xD6, 0xB6, 0x19, 0xC6, 0x92, 0x26, 0xE4, 
+	0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, 0x78, 0x0D, 
+	0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 
+	0x41, 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 
+	0xD2, 0x60, 0xF2, 0x9F, 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 
+	0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, 0xE6, 0x55, 0x34, 
+	0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A, 
+	0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 
+	0xF1, 0x58, 0x58, 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 
+	0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, 0x10, 0x32, 0xB7, 0x93, 
+	0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, 0xB5, 
+	0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 
+	0x1B, 0xAC, 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 
+	0x19, 0xB8, 0xC3, 0x60, 0xB1, 0x57, 0x48, 0x5F, 0x52, 0x4F, 
+	0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, 0x50, 0x3F, 
+	0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 
+	0xAD, 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 
+	0x70, 0x9C, 0x0A, 0x7C, 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 
+	0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, 0x15, 0x73, 0xDA, 
+	0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0, 
+	0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 
+	0xC6, 0xB1, 0x53, 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 
+	0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, 0xB7, 0x5C, 0x5C, 0x7C, 
+	0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, 0xB3, 
+	0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 
+	0x8E, 0x7B, 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 
+	0x7D, 0xEA, 0xFE, 0x76, 0xA1, 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 
+	0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, 0x5B, 0x0F, 
+	0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 
+	0xED, 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 
+	0x13, 0x23, 0x4C, 0xCB, 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 
+	0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, 0xC1, 0x85, 0x5F, 
+	0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3, 
+	0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 
+	0x5F, 0x53, 0xA4, 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 
+	0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, 0xD5, 0xFE, 0xF9, 0x52, 
+	0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, 0x2F, 
+	0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 
+	0x52, 0xDA, 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 
+	0xD3, 0x18, 0x14, 0x72, 0x77, 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 
+	0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, 0xF2, 0xB5, 
+	0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 
+	0x5F, 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 
+	0x56, 0xC0, 0xD4, 0x22, 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 
+	0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, 0x92, 0x31, 0x41, 
+	0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39, 
+	0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 
+	0x22, 0x00, 0xFE, 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 
+	0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, 0x56, 0x28, 0x51, 0x9E, 
+	0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, 0x6C, 
+	0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 
+	0xD4, 0x0C, 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 
+	0xD4, 0xE6, 0xDC, 0x4C, 0xED, 0xD7, 0x16, 0x11, 0xC3, 0x3E, 
+	0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, 0xBB, 0x75, 
+	0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 
+	0xC5, 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 
+	0x6E, 0x99, 0x87, 0xF8, 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 
+	0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, 0x16, 0xCA, 0x8B, 
+	0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC, 
+	0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 
+	0x9D, 0xE0, 0x63, 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 
+	0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, 0x45, 0xF9, 0x40, 0x8C, 
+	0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, 0xAC, 
+	0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 
+	0xE5, 0x8A, 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 
+	0x86, 0x09, 0xB8, 0xD8, 0x76, 0xA7, 0xC9, 0x1C, 0x71, 0x52, 
+	0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, 0x61, 0x1B, 
+	0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 
+	0x43, 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 
+	0x5E, 0xCF, 0x4F, 0xFC, 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 
+	0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, 0x29, 0xD0, 0x44, 
+	0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2, 
+	0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 
+	0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 
+	0x3B, 0xF1, 0xB0
+};
+const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
+
+/* ./certs/server-cert.der, 2048-bit */
+const unsigned char server_cert_der_2048[] =
+{
+	0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, 
+	0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 
+	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 
+	0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 
+	0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 
+	0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 
+	0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 
+	0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 
+	0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 
+	0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 
+	0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 
+	0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 
+	0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 
+	0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 
+	0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 
+	0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 
+	0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 
+	0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 
+	0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 
+	0x31, 0x31, 0x31, 0x37, 0x32, 0x30, 0x31, 0x34, 0x5A, 0x17, 
+	0x0D, 0x31, 0x37, 0x30, 0x34, 0x30, 0x36, 0x31, 0x37, 0x32, 
+	0x30, 0x31, 0x34, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 
+	0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 
+	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 
+	0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 
+	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 
+	0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 
+	0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 
+	0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
+	0x55, 0x04, 0x0B, 0x0C, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, 
+	0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 
+	0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 
+	0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 
+	0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 
+	0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 
+	0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 
+	0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 
+	0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 
+	0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 
+	0x82, 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 
+	0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 
+	0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 
+	0x2F, 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 
+	0xA8, 0x67, 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 
+	0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 
+	0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 
+	0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 
+	0x95, 0x73, 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 
+	0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 
+	0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 
+	0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 
+	0x78, 0x73, 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 
+	0x19, 0x01, 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 
+	0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 
+	0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 
+	0xB5, 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 
+	0x5F, 0x1C, 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 
+	0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 
+	0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 
+	0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 
+	0x95, 0xA1, 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 
+	0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 
+	0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 
+	0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 
+	0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 
+	0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, 
+	0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 
+	0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, 
+	0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, 0x1F, 0x0E, 
+	0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, 
+	0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, 
+	0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 
+	0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 
+	0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 
+	0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 
+	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 
+	0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 
+	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 
+	0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 
+	0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 
+	0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 
+	0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 
+	0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 
+	0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 
+	0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 
+	0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 
+	0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 
+	0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x9A, 0x41, 
+	0x47, 0xCD, 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0C, 0x06, 0x03, 
+	0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 
+	0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 
+	0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 
+	0x3D, 0x8C, 0x70, 0x05, 0x5B, 0x62, 0x4B, 0xBF, 0x6C, 0xB6, 
+	0x48, 0x61, 0x01, 0x10, 0x1D, 0x5E, 0x05, 0xBA, 0x55, 0x94, 
+	0x2C, 0xAE, 0x59, 0x6F, 0x97, 0x80, 0x5D, 0x6C, 0x86, 0xEC, 
+	0x9A, 0xEB, 0x15, 0x45, 0x44, 0xE4, 0x56, 0xF8, 0x75, 0xCA, 
+	0x8A, 0x45, 0x32, 0xF4, 0xC7, 0xE1, 0xFA, 0xF2, 0x98, 0x1C, 
+	0x91, 0xD3, 0x3F, 0xE8, 0x0E, 0xC9, 0x1B, 0xFA, 0xE1, 0x79, 
+	0x99, 0x67, 0x0E, 0x0D, 0x6B, 0x8A, 0xEC, 0x1A, 0x2C, 0x59, 
+	0xC4, 0x34, 0x04, 0x8D, 0x39, 0x77, 0xCD, 0xB5, 0xE9, 0x60, 
+	0x5B, 0x82, 0xBF, 0x34, 0xCE, 0xED, 0xC6, 0x4F, 0x3F, 0xB4, 
+	0x5C, 0x4D, 0x8A, 0xB4, 0xF4, 0x0A, 0x04, 0x12, 0xA0, 0x56, 
+	0xC1, 0xE1, 0x33, 0x37, 0xA1, 0x54, 0x87, 0x48, 0xE9, 0x81, 
+	0xC2, 0x0F, 0x8F, 0x6F, 0xD3, 0x52, 0x4C, 0x4C, 0x32, 0x4C, 
+	0x6B, 0x9F, 0x3A, 0x04, 0x8F, 0x77, 0x5D, 0xAD, 0xDC, 0x3D, 
+	0x2B, 0xF2, 0xC9, 0xDF, 0x3C, 0x60, 0x5D, 0xD8, 0xFC, 0x86, 
+	0x72, 0x7C, 0x3D, 0xD0, 0x84, 0x4B, 0x8C, 0xDF, 0x26, 0x43, 
+	0xFE, 0xC0, 0xCC, 0x5B, 0xE1, 0x36, 0xB3, 0x3D, 0x32, 0x28, 
+	0xA3, 0xEF, 0x0C, 0x20, 0xD6, 0xB1, 0x50, 0x39, 0xD6, 0x67, 
+	0xA9, 0x8B, 0x84, 0xBC, 0x92, 0x34, 0xEB, 0x19, 0x23, 0xE8, 
+	0x10, 0x8F, 0xEA, 0xBD, 0x18, 0x8C, 0x93, 0x27, 0x3C, 0x74, 
+	0x75, 0x8E, 0x58, 0x04, 0xFA, 0x2A, 0x74, 0x44, 0x7D, 0xFC, 
+	0x4D, 0x39, 0xDF, 0x54, 0x17, 0xBA, 0x78, 0xE1, 0x5D, 0x6A, 
+	0x70, 0xD3, 0x7C, 0xA2, 0x80, 0x81, 0xE6, 0x19, 0x51, 0x91, 
+	0xC3, 0x44, 0x51, 0xEC, 0xBB, 0x88, 0xA9, 0x53, 0xE1, 0xD7, 
+	0xA9, 0x8C, 0x28, 0xF4, 0x21, 0x1C, 0x42, 0x51, 0x09, 0xB4, 
+	0x12, 0x6D, 0xA0, 0xD6, 0x25, 0x09, 0x85, 0xC6, 0x2A, 0x0C, 
+	0xAF, 0xA7, 0x58, 0xE6, 0x52, 0x8B
+};
+const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
+
+#endif /* USE_CERT_BUFFERS_1024 */
+
+#endif /* CYASSL_CERTS_TEST_H */
+

wolfssl/crl.h

@@ -0,0 +1,51 @@
+/* crl.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef CYASSL_CRL_H
+#define CYASSL_CRL_H
+
+
+#ifdef HAVE_CRL
+
+#include <cyassl/ssl.h>
+#include <cyassl/ctaocrypt/asn.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+typedef struct CYASSL_CRL CYASSL_CRL;
+
+CYASSL_LOCAL int  InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
+CYASSL_LOCAL void FreeCRL(CYASSL_CRL*, int dynamic);
+
+CYASSL_LOCAL int  LoadCRL(CYASSL_CRL* crl, const char* path, int type, int mon);
+CYASSL_LOCAL int  BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
+CYASSL_LOCAL int  CheckCertCRL(CYASSL_CRL*, DecodedCert*);
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* HAVE_CRL */
+#endif /* CYASSL_CRL_H */

wolfssl/error-ssl.h

@@ -0,0 +1,162 @@
+/* error-ssl.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef CYASSL_ERROR_H
+#define CYASSL_ERROR_H
+
+#include <cyassl/ctaocrypt/error-crypt.h>   /* pull in CTaoCrypt errors */
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+enum CyaSSL_ErrorCodes {
+    INPUT_CASE_ERROR        = -301,        /* process input state error */
+    PREFIX_ERROR            = -302,        /* bad index to key rounds  */
+    MEMORY_ERROR            = -303,        /* out of memory            */
+    VERIFY_FINISHED_ERROR   = -304,        /* verify problem on finished */
+    VERIFY_MAC_ERROR        = -305,        /* verify mac problem       */
+    PARSE_ERROR             = -306,        /* parse error on header    */
+    UNKNOWN_HANDSHAKE_TYPE  = -307,        /* weird handshake type     */
+    SOCKET_ERROR_E          = -308,        /* error state on socket    */
+    SOCKET_NODATA           = -309,        /* expected data, not there */
+    INCOMPLETE_DATA         = -310,        /* don't have enough data to
+                                              complete task            */
+    UNKNOWN_RECORD_TYPE     = -311,        /* unknown type in record hdr */
+    DECRYPT_ERROR           = -312,        /* error during decryption  */
+    FATAL_ERROR             = -313,        /* recvd alert fatal error  */
+    ENCRYPT_ERROR           = -314,        /* error during encryption  */
+    FREAD_ERROR             = -315,        /* fread problem            */
+    NO_PEER_KEY             = -316,        /* need peer's key          */
+    NO_PRIVATE_KEY          = -317,        /* need the private key     */
+    RSA_PRIVATE_ERROR       = -318,        /* error during rsa priv op */
+    NO_DH_PARAMS            = -319,        /* server missing DH params */
+    BUILD_MSG_ERROR         = -320,        /* build message failure    */
+
+    BAD_HELLO               = -321,        /* client hello malformed   */
+    DOMAIN_NAME_MISMATCH    = -322,        /* peer subject name mismatch */
+    WANT_READ               = -323,        /* want read, call again    */
+    NOT_READY_ERROR         = -324,        /* handshake layer not ready */
+    PMS_VERSION_ERROR       = -325,        /* pre m secret version error */
+    VERSION_ERROR           = -326,        /* record layer version error */
+    WANT_WRITE              = -327,        /* want write, call again   */
+    BUFFER_ERROR            = -328,        /* malformed buffer input   */
+    VERIFY_CERT_ERROR       = -329,        /* verify cert error        */
+    VERIFY_SIGN_ERROR       = -330,        /* verify sign error        */
+    CLIENT_ID_ERROR         = -331,        /* psk client identity error  */
+    SERVER_HINT_ERROR       = -332,        /* psk server hint error  */
+    PSK_KEY_ERROR           = -333,        /* psk key error  */
+    ZLIB_INIT_ERROR         = -334,        /* zlib init error  */
+    ZLIB_COMPRESS_ERROR     = -335,        /* zlib compression error  */
+    ZLIB_DECOMPRESS_ERROR   = -336,        /* zlib decompression error  */
+
+    GETTIME_ERROR           = -337,        /* gettimeofday failed ??? */
+    GETITIMER_ERROR         = -338,        /* getitimer failed ??? */
+    SIGACT_ERROR            = -339,        /* sigaction failed ??? */
+    SETITIMER_ERROR         = -340,        /* setitimer failed ??? */
+    LENGTH_ERROR            = -341,        /* record layer length error */
+    PEER_KEY_ERROR          = -342,        /* can't decode peer key */
+    ZERO_RETURN             = -343,        /* peer sent close notify */
+    SIDE_ERROR              = -344,        /* wrong client/server type */
+    NO_PEER_CERT            = -345,        /* peer didn't send key */
+    NTRU_KEY_ERROR          = -346,        /* NTRU key error  */
+    NTRU_DRBG_ERROR         = -347,        /* NTRU drbg error  */
+    NTRU_ENCRYPT_ERROR      = -348,        /* NTRU encrypt error  */
+    NTRU_DECRYPT_ERROR      = -349,        /* NTRU decrypt error  */
+    ECC_CURVETYPE_ERROR     = -350,        /* Bad ECC Curve Type */
+    ECC_CURVE_ERROR         = -351,        /* Bad ECC Curve */
+    ECC_PEERKEY_ERROR       = -352,        /* Bad Peer ECC Key */
+    ECC_MAKEKEY_ERROR       = -353,        /* Bad Make ECC Key */
+    ECC_EXPORT_ERROR        = -354,        /* Bad ECC Export Key */
+    ECC_SHARED_ERROR        = -355,        /* Bad ECC Shared Secret */
+    NOT_CA_ERROR            = -357,        /* Not a CA cert error */
+    BAD_PATH_ERROR          = -358,        /* Bad path for opendir */
+    BAD_CERT_MANAGER_ERROR  = -359,        /* Bad Cert Manager */
+    OCSP_CERT_REVOKED       = -360,        /* OCSP Certificate revoked */
+    CRL_CERT_REVOKED        = -361,        /* CRL Certificate revoked */
+    CRL_MISSING             = -362,        /* CRL Not loaded */
+    MONITOR_RUNNING_E       = -363,        /* CRL Monitor already running */
+    THREAD_CREATE_E         = -364,        /* Thread Create Error */
+    OCSP_NEED_URL           = -365,        /* OCSP need an URL for lookup */
+    OCSP_CERT_UNKNOWN       = -366,        /* OCSP responder doesn't know */
+    OCSP_LOOKUP_FAIL        = -367,        /* OCSP lookup not successful */
+    MAX_CHAIN_ERROR         = -368,        /* max chain depth exceeded */
+    COOKIE_ERROR            = -369,        /* dtls cookie error */
+    SEQUENCE_ERROR          = -370,        /* dtls sequence error */
+    SUITES_ERROR            = -371,        /* suites pointer error */
+    SSL_NO_PEM_HEADER       = -372,        /* no PEM header found */
+    OUT_OF_ORDER_E          = -373,        /* out of order message */
+    BAD_KEA_TYPE_E          = -374,        /* bad KEA type found */
+    SANITY_CIPHER_E         = -375,        /* sanity check on cipher error */
+    RECV_OVERFLOW_E         = -376,        /* RXCB returned more than rqed */
+    GEN_COOKIE_E            = -377,        /* Generate Cookie Error */
+    NO_PEER_VERIFY          = -378,        /* Need peer cert verify Error */
+    FWRITE_ERROR            = -379,        /* fwrite problem */
+    CACHE_MATCH_ERROR       = -380,        /* chache hdr match error */
+    UNKNOWN_SNI_HOST_NAME_E = -381,        /* Unrecognized host name Error */
+    UNKNOWN_MAX_FRAG_LEN_E  = -382,        /* Unrecognized max frag len Error */
+    KEYUSE_SIGNATURE_E      = -383,        /* KeyUse digSignature error */
+    KEYUSE_ENCIPHER_E       = -385,        /* KeyUse keyEncipher error */
+    EXTKEYUSE_AUTH_E        = -386,        /* ExtKeyUse server|client_auth */
+    SEND_OOB_READ_E         = -387,        /* Send Cb out of bounds read */
+    SECURE_RENEGOTIATION_E  = -388,        /* Invalid Renegotiation Info */
+    SESSION_TICKET_LEN_E    = -389,        /* Session Ticket too large */
+    SESSION_TICKET_EXPECT_E = -390,        /* Session Ticket missing   */
+    SCR_DIFFERENT_CERT_E    = -391,        /* SCR Different cert error  */
+    SESSION_SECRET_CB_E     = -392,        /* Session secret Cb fcn failure */
+    NO_CHANGE_CIPHER_E      = -393,        /* Finished before change cipher */
+    SANITY_MSG_E            = -394,        /* Sanity check on msg order error */
+    DUPLICATE_MSG_E         = -395,        /* Duplicate message error */
+    SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */
+
+    /* add strings to SetErrorString !!!!! */
+
+    /* begin negotiation parameter errors */
+    UNSUPPORTED_SUITE       = -500,        /* unsupported cipher suite */
+    MATCH_SUITE_ERROR       = -501         /* can't match cipher suite */
+    /* end negotiation parameter errors only 10 for now */
+    /* add strings to SetErrorString !!!!! */
+
+    /* no error stings go down here, add above negotiation errors !!!! */
+};
+
+
+#ifdef CYASSL_CALLBACKS
+    enum {
+        MIN_PARAM_ERR = UNSUPPORTED_SUITE,
+        MAX_PARAM_ERR = MIN_PARAM_ERR - 10
+    };
+#endif
+
+
+CYASSL_LOCAL
+void SetErrorString(int err, char* buff);
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+
+#endif /* CyaSSL_ERROR_H */
+
+

wolfssl/include.am

@@ -0,0 +1,25 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+include cyassl/ctaocrypt/include.am
+include cyassl/openssl/include.am
+
+EXTRA_DIST+= cyassl/sniffer_error.rc
+
+nobase_include_HEADERS+= \
+                         cyassl/error-ssl.h \
+                         cyassl/ssl.h \
+                         cyassl/sniffer_error.h \
+                         cyassl/sniffer.h \
+                         cyassl/callbacks.h \
+                         cyassl/certs_test.h \
+                         cyassl/test.h \
+                         cyassl/version.h \
+                         cyassl/options.h \
+                         cyassl/ocsp.h \
+                         cyassl/crl.h
+
+noinst_HEADERS+= \
+                         cyassl/internal.h
+

wolfssl/internal.h

@@ -0,0 +1,2369 @@
+/* internal.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef CYASSL_INT_H
+#define CYASSL_INT_H
+
+
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ssl.h>
+#include <cyassl/crl.h>
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/des3.h>
+#include <cyassl/ctaocrypt/hc128.h>
+#include <cyassl/ctaocrypt/rabbit.h>
+#include <cyassl/ctaocrypt/chacha.h>
+#include <cyassl/ctaocrypt/asn.h>
+#include <cyassl/ctaocrypt/md5.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/aes.h>
+#include <cyassl/ctaocrypt/poly1305.h>
+#include <cyassl/ctaocrypt/camellia.h>
+#include <cyassl/ctaocrypt/logging.h>
+#include <cyassl/ctaocrypt/hmac.h>
+#ifndef NO_RC4
+    #include <wolfssl/wolfcrypt/arc4.h>
+#endif
+#ifdef HAVE_ECC
+    #include <cyassl/ctaocrypt/ecc.h>
+#endif
+#ifndef NO_SHA256
+    #include <cyassl/ctaocrypt/sha256.h>
+#endif
+#ifdef HAVE_OCSP
+    #include <cyassl/ocsp.h>
+#endif
+#ifdef CYASSL_SHA512
+    #include <cyassl/ctaocrypt/sha512.h>
+#endif
+
+#ifdef HAVE_AESGCM
+    #include <cyassl/ctaocrypt/sha512.h>
+#endif
+
+#ifdef CYASSL_RIPEMD
+    #include <cyassl/ctaocrypt/ripemd.h>
+#endif
+
+#ifdef CYASSL_CALLBACKS
+    #include <cyassl/callbacks.h>
+    #include <signal.h>
+#endif
+
+#ifdef USE_WINDOWS_API 
+    #ifdef CYASSL_GAME_BUILD
+        #include "system/xtl.h"
+    #else
+        #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
+            /* On WinCE winsock2.h must be included before windows.h */
+            #include <winsock2.h>
+        #endif
+        #include <windows.h>
+    #endif
+#elif defined(THREADX)
+    #ifndef SINGLE_THREADED
+        #include "tx_api.h"
+    #endif
+#elif defined(MICRIUM)
+    /* do nothing, just don't pick Unix */
+#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
+    /* do nothing */
+#elif defined(EBSNET)
+    /* do nothing */
+#elif defined(FREESCALE_MQX)
+    /* do nothing */
+#elif defined(CYASSL_MDK_ARM)
+    #if defined(CYASSL_MDK5)
+         #include "cmsis_os.h"
+    #else
+        #include <rtl.h>
+    #endif
+#elif defined(MBED)
+#elif defined(CYASSL_TIRTOS)
+    /* do nothing */
+#else
+    #ifndef SINGLE_THREADED
+        #define CYASSL_PTHREADS
+        #include <pthread.h>
+    #endif
+    #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
+        #include <unistd.h>      /* for close of BIO */
+    #endif
+#endif
+
+
+#ifdef HAVE_LIBZ
+    #include "zlib.h"
+#endif
+
+#ifdef _MSC_VER
+    /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
+    #pragma warning(disable: 4996)
+#endif
+
+#ifdef NO_AES
+    #if !defined (ALIGN16)
+        #define ALIGN16
+    #endif
+#endif
+
+#ifdef NO_SHA
+    #define SHA_DIGEST_SIZE 20
+#endif
+
+#ifdef NO_SHA256
+    #define SHA256_DIGEST_SIZE 32
+#endif
+
+#ifdef NO_MD5
+    #define MD5_DIGEST_SIZE 16
+#endif
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+#ifdef USE_WINDOWS_API 
+    typedef unsigned int SOCKET_T;
+#else
+    typedef int SOCKET_T;
+#endif
+
+
+typedef byte word24[3];
+
+/* Define or comment out the cipher suites you'd like to be compiled in
+   make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
+
+   When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
+*/
+#if !defined(NO_RSA) && !defined(NO_RC4)
+  #if !defined(NO_SHA)
+    #define BUILD_SSL_RSA_WITH_RC4_128_SHA
+  #endif
+    #if !defined(NO_MD5)
+        #define BUILD_SSL_RSA_WITH_RC4_128_MD5
+    #endif
+    #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
+        #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
+    #endif
+#endif
+
+#if !defined(NO_RSA) && !defined(NO_DES3)
+  #if !defined(NO_SHA)
+    #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
+    #if !defined(NO_TLS) && defined(HAVE_NTRU)
+        #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
+    #endif
+  #endif
+#endif
+
+#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
+  #if !defined(NO_SHA)
+    #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
+    #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
+    #if defined(HAVE_NTRU)
+        #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
+        #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
+    #endif
+  #endif
+    #if !defined (NO_SHA256)
+        #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
+        #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
+    #endif
+    #if defined (HAVE_AESGCM)
+        #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
+        #if defined (CYASSL_SHA384)
+            #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
+        #endif
+    #endif
+    #if defined (HAVE_AESCCM)
+        #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
+        #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
+    #endif
+    #if defined(HAVE_BLAKE2)
+        #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
+        #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
+    #endif
+#endif
+
+#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
+    #ifndef NO_RSA
+      #if !defined(NO_SHA)
+        #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+        #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+      #endif
+        #ifndef NO_SHA256
+            #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+            #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+        #endif
+        #if !defined(NO_DH)
+          #if !defined(NO_SHA)
+            #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+            #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+          #endif
+            #ifndef NO_SHA256
+                #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+                #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+            #endif
+        #endif
+    #endif
+#endif
+
+#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
+  #if !defined(NO_SHA)
+    #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
+    #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
+  #endif
+    #ifndef NO_SHA256
+        #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
+        #ifdef HAVE_AESGCM
+            #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
+        #endif
+        #ifdef HAVE_AESCCM
+            #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
+            #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
+            #define BUILD_TLS_PSK_WITH_AES_128_CCM
+            #define BUILD_TLS_PSK_WITH_AES_256_CCM
+        #endif
+    #endif
+    #ifdef CYASSL_SHA384
+        #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
+        #ifdef HAVE_AESGCM
+            #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
+        #endif
+    #endif
+#endif
+
+#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
+    #if !defined(NO_RSA)
+      #if !defined(NO_SHA)
+        #define BUILD_TLS_RSA_WITH_NULL_SHA
+      #endif
+      #ifndef NO_SHA256
+        #define BUILD_TLS_RSA_WITH_NULL_SHA256
+      #endif
+    #endif
+    #if !defined(NO_PSK)
+      #if !defined(NO_SHA)
+        #define BUILD_TLS_PSK_WITH_NULL_SHA
+      #endif
+        #ifndef NO_SHA256
+            #define BUILD_TLS_PSK_WITH_NULL_SHA256
+        #endif
+        #ifdef CYASSL_SHA384
+            #define BUILD_TLS_PSK_WITH_NULL_SHA384
+        #endif
+    #endif
+#endif
+
+#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
+    #define BUILD_TLS_RSA_WITH_HC_128_MD5
+  #if !defined(NO_SHA)
+    #define BUILD_TLS_RSA_WITH_HC_128_SHA
+  #endif
+  #if defined(HAVE_BLAKE2)
+    #define BUILD_TLS_RSA_WITH_HC_128_B2B256
+  #endif
+#endif
+
+#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
+  #if !defined(NO_SHA)
+    #define BUILD_TLS_RSA_WITH_RABBIT_SHA
+  #endif
+#endif
+
+#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
+    !defined(NO_RSA)
+  #if !defined(NO_SHA)
+    #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+    #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+  #endif
+    #if !defined (NO_SHA256)
+        #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+        #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+        #if defined (HAVE_AESGCM)
+            #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+            #if defined (CYASSL_SHA384)
+                #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+            #endif
+        #endif
+    #endif
+#endif
+
+#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
+    !defined(NO_AES) && !defined(NO_SHA)
+    #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
+#endif
+
+#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
+    #ifndef NO_SHA256
+        #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+        #ifdef HAVE_NULL_CIPHER
+            #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
+        #endif
+        #ifdef HAVE_AESGCM
+            #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+        #endif
+        #ifdef HAVE_AESCCM
+            #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
+            #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
+        #endif
+    #endif
+    #ifdef CYASSL_SHA384
+        #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+        #ifdef HAVE_NULL_CIPHER
+            #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
+        #endif
+        #ifdef HAVE_AESGCM
+            #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+        #endif
+    #endif
+#endif
+
+#if defined(HAVE_ECC) && !defined(NO_TLS)
+    #if !defined(NO_AES)
+        #if !defined(NO_SHA)
+            #if !defined(NO_RSA)
+                #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+                #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+                #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+                #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+            #endif
+    
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+    
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+        #endif /* NO_SHA */
+        #ifndef NO_SHA256
+            #if !defined(NO_RSA)
+                #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+                #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+            #endif
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+        #endif
+
+        #ifdef CYASSL_SHA384
+            #if !defined(NO_RSA)
+                #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+                #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+            #endif
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+        #endif
+
+        #if defined (HAVE_AESGCM)
+            #if !defined(NO_RSA)
+                #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+                #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+                #if defined(CYASSL_SHA384)
+                    #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+                    #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+                #endif
+            #endif
+
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+            
+            #if defined(CYASSL_SHA384)
+                #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+            #endif
+        #endif
+        #if defined (HAVE_AESCCM)
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
+        #endif
+    #endif /* NO_AES */
+    #if !defined(NO_RC4)
+        #if !defined(NO_SHA)
+            #if !defined(NO_RSA)
+                #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+                #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
+            #endif
+
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+            #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+        #endif
+    #endif
+    #if !defined(NO_DES3)
+        #if !defined(NO_RSA)
+            #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+            #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+        #endif
+
+        #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+        #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+    #endif
+#endif
+
+
+#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
+    defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
+    #define BUILD_ARC4
+#endif
+
+#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
+    #define BUILD_DES3
+#endif
+
+#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
+    defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+    #undef  BUILD_AES
+    #define BUILD_AES
+#endif
+
+#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+    #define BUILD_AESGCM
+#endif
+
+#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
+    defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
+    defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
+    #define BUILD_HC128
+#endif
+
+#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
+    #define BUILD_RABBIT
+#endif
+
+#ifdef NO_DES3
+    #define DES_BLOCK_SIZE 8
+#else
+    #undef  BUILD_DES3
+    #define BUILD_DES3
+#endif
+
+#ifdef NO_AES
+    #define AES_BLOCK_SIZE 16
+#else
+    #undef  BUILD_AES
+    #define BUILD_AES
+#endif
+
+#ifndef NO_RC4
+    #undef  BUILD_ARC4
+    #define BUILD_ARC4
+#endif
+
+#ifdef HAVE_CHACHA
+    #define CHACHA20_BLOCK_SIZE 16 
+    /* ChaCha - Poly AEAD suites */
+    #if defined(HAVE_POLY1305) && !defined(NO_SHA256)
+        #if defined(HAVE_ECC)
+            #if !defined(NO_RSA)
+                #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+            #endif
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        #endif
+        #if !defined(NO_DH) && !defined(NO_RSA)
+            #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        #endif
+    #endif /* end of ChaCha - Poly AEAD suites */
+#endif
+
+#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA)
+    #define HAVE_AEAD
+#endif
+
+
+/* actual cipher values, 2nd byte */
+enum {
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA  = 0x39,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = 0x33,
+    TLS_DH_anon_WITH_AES_128_CBC_SHA  = 0x34,
+    TLS_RSA_WITH_AES_256_CBC_SHA      = 0x35,
+    TLS_RSA_WITH_AES_128_CBC_SHA      = 0x2F,
+    TLS_RSA_WITH_NULL_SHA             = 0x02,
+    TLS_PSK_WITH_AES_256_CBC_SHA      = 0x8d,
+    TLS_PSK_WITH_AES_128_CBC_SHA256   = 0xae,
+    TLS_PSK_WITH_AES_256_CBC_SHA384   = 0xaf,
+    TLS_PSK_WITH_AES_128_CBC_SHA      = 0x8c,
+    TLS_PSK_WITH_NULL_SHA256          = 0xb0,
+    TLS_PSK_WITH_NULL_SHA384          = 0xb1,
+    TLS_PSK_WITH_NULL_SHA             = 0x2c,
+    SSL_RSA_WITH_RC4_128_SHA          = 0x05,
+    SSL_RSA_WITH_RC4_128_MD5          = 0x04,
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA     = 0x0A,
+
+    /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA    = 0x14,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA    = 0x13,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA  = 0x0A,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA  = 0x09,
+    TLS_ECDHE_RSA_WITH_RC4_128_SHA        = 0x11,
+    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA      = 0x07,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA   = 0x12,
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   = 0x27,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   = 0x28,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
+
+    /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA    = 0x0F,
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA    = 0x0E,
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA  = 0x05,
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA  = 0x04,
+    TLS_ECDH_RSA_WITH_RC4_128_SHA        = 0x0C,
+    TLS_ECDH_ECDSA_WITH_RC4_128_SHA      = 0x02,
+    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA   = 0x0D,
+    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256   = 0x29,
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384   = 0x2A,
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
+
+    /* CyaSSL extension - eSTREAM */
+    TLS_RSA_WITH_HC_128_MD5       = 0xFB,
+    TLS_RSA_WITH_HC_128_SHA       = 0xFC,
+    TLS_RSA_WITH_RABBIT_SHA       = 0xFD,
+
+    /* CyaSSL extension - Blake2b 256 */
+    TLS_RSA_WITH_AES_128_CBC_B2B256   = 0xF8,
+    TLS_RSA_WITH_AES_256_CBC_B2B256   = 0xF9,
+    TLS_RSA_WITH_HC_128_B2B256        = 0xFA,   /* eSTREAM too */
+
+    /* CyaSSL extension - NTRU */
+    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
+    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
+    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA  = 0xe7,  /* clashes w/official SHA-256 */
+    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA  = 0xe8,
+
+    /* SHA256 */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
+    TLS_RSA_WITH_AES_256_CBC_SHA256     = 0x3d,
+    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c,
+    TLS_RSA_WITH_NULL_SHA256            = 0x3b,
+    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
+    TLS_DHE_PSK_WITH_NULL_SHA256        = 0xb4,
+
+    /* SHA384 */
+    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
+    TLS_DHE_PSK_WITH_NULL_SHA384        = 0xb5,
+
+    /* AES-GCM */
+    TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x9c,
+    TLS_RSA_WITH_AES_256_GCM_SHA384          = 0x9d,
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      = 0x9e,
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      = 0x9f,
+    TLS_PSK_WITH_AES_128_GCM_SHA256          = 0xa8,
+    TLS_PSK_WITH_AES_256_GCM_SHA384          = 0xa9,
+    TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      = 0xaa,
+    TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      = 0xab,
+
+    /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  = 0x2b,
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  = 0x2c,
+    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   = 0x2d,
+    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   = 0x2e,
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = 0x2f,
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = 0x30,
+    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = 0x31,
+    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = 0x32,
+
+    /* AES-CCM, first byte is 0xC0 but isn't ECC,
+     * also, in some of the other AES-CCM suites
+     * there will be second byte number conflicts
+     * with non-ECC AES-GCM */
+    TLS_RSA_WITH_AES_128_CCM_8         = 0xa0,
+    TLS_RSA_WITH_AES_256_CCM_8         = 0xa1,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
+    TLS_PSK_WITH_AES_128_CCM           = 0xa4,
+    TLS_PSK_WITH_AES_256_CCM           = 0xa5,
+    TLS_PSK_WITH_AES_128_CCM_8         = 0xa8,
+    TLS_PSK_WITH_AES_256_CCM_8         = 0xa9,
+    TLS_DHE_PSK_WITH_AES_128_CCM       = 0xa6,
+    TLS_DHE_PSK_WITH_AES_256_CCM       = 0xa7,
+
+    /* Camellia */
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        = 0x41,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        = 0x84,
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     = 0xba,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     = 0xc0,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    = 0x45,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    = 0x88,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
+
+    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = 0x13,
+    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
+    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     = 0x15,
+
+    /* Renegotiation Indication Extension Special Suite */
+    TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0xff
+};
+
+
+#ifndef CYASSL_SESSION_TIMEOUT
+    #define CYASSL_SESSION_TIMEOUT 500
+    /* default session resumption cache timeout in seconds */
+#endif
+
+
+enum Misc {
+    ECC_BYTE    =  0xC0,           /* ECC first cipher suite byte */
+    CHACHA_BYTE = 0xCC,            /* ChaCha first cipher suite */
+
+    SEND_CERT       = 1,
+    SEND_BLANK_CERT = 2,
+
+    DTLS_MAJOR      = 0xfe,     /* DTLS major version number */
+    DTLS_MINOR      = 0xff,     /* DTLS minor version number */
+    DTLSv1_2_MINOR  = 0xfd,     /* DTLS minor version number */
+    SSLv3_MAJOR     = 3,        /* SSLv3 and TLSv1+  major version number */
+    SSLv3_MINOR     = 0,        /* TLSv1   minor version number */
+    TLSv1_MINOR     = 1,        /* TLSv1   minor version number */
+    TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
+    TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
+    OLD_HELLO_ID    = 0x01,     /* SSLv2 Client Hello Indicator */
+    INVALID_BYTE    = 0xff,     /* Used to initialize cipher specs values */
+    NO_COMPRESSION  =  0,
+    ZLIB_COMPRESSION = 221,     /* CyaSSL zlib compression */
+    HELLO_EXT_SIG_ALGO = 13,    /* ID for the sig_algo hello extension */
+    SECRET_LEN      = 48,       /* pre RSA and all master */
+    ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
+    SIZEOF_SENDER   =  4,       /* clnt or srvr           */
+    FINISHED_SZ     = 36,       /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
+    MAX_RECORD_SIZE = 16384,    /* 2^14, max size by standard */
+    MAX_MSG_EXTRA   = 38 + MAX_DIGEST_SIZE,
+                                /* max added to msg, mac + pad  from */
+                                /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
+                                   digest sz + BLOC_SZ (iv) + pad byte (1) */
+    MAX_COMP_EXTRA  = 1024,     /* max compression extra */
+    MAX_MTU         = 1500,     /* max expected MTU */
+    MAX_UDP_SIZE    = 8192 - 100, /* was MAX_MTU - 100 */
+    MAX_DH_SZ       = 1036,     /* 4096 p, pub, g + 2 byte size for each */
+    MAX_STR_VERSION = 8,        /* string rep of protocol version */
+
+    PAD_MD5        = 48,       /* pad length for finished */
+    PAD_SHA        = 40,       /* pad length for finished */
+    MAX_PAD_SIZE   = 256,      /* maximum length of padding */
+    COMPRESS_DUMMY_SIZE = 64,  /* compression dummy round size */
+    COMPRESS_CONSTANT   = 13,  /* compression calc constant */
+    COMPRESS_UPPER      = 55,  /* compression calc numerator */
+    COMPRESS_LOWER      = 64,  /* compression calc denominator */
+
+    PEM_LINE_LEN   = 80,       /* PEM line max + fudge */
+    LENGTH_SZ      =  2,       /* length field for HMAC, data only */
+    VERSION_SZ     =  2,       /* length of proctocol version */
+    SEQ_SZ         =  8,       /* 64 bit sequence number  */
+    BYTE3_LEN      =  3,       /* up to 24 bit byte lengths */
+    ALERT_SIZE     =  2,       /* level + description     */
+    VERIFY_HEADER  =  2,       /* always use 2 bytes      */
+    EXT_ID_SZ      =  2,       /* always use 2 bytes      */
+    MAX_DH_SIZE    = 513,      /* 4096 bit plus possible leading 0 */
+
+    MAX_SUITE_SZ = 200,        /* 100 suites for now! */
+    RAN_LEN      = 32,         /* random length           */
+    SEED_LEN     = RAN_LEN * 2, /* tls prf seed length    */
+    ID_LEN       = 32,         /* session id length       */
+    MAX_COOKIE_LEN = 32,       /* max dtls cookie size    */
+    COOKIE_SZ    = 20,         /* use a 20 byte cookie    */
+    SUITE_LEN    =  2,         /* cipher suite sz length  */
+    ENUM_LEN     =  1,         /* always a byte           */
+    OPAQUE8_LEN  =  1,         /* 1 byte                  */
+    OPAQUE16_LEN =  2,         /* 2 bytes                 */
+    OPAQUE24_LEN =  3,         /* 3 bytes                 */
+    OPAQUE32_LEN =  4,         /* 4 bytes                 */
+    COMP_LEN     =  1,         /* compression length      */
+    CURVE_LEN    =  2,         /* ecc named curve length  */
+    SERVER_ID_LEN = 20,        /* server session id length  */
+    
+    HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
+    RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
+    CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
+    REQ_HEADER_SZ         = 2,  /* cert request header sz  */
+    HINT_LEN_SZ           = 2,  /* length of hint size field */
+    TRUNCATED_HMAC_SZ     = 10, /* length of hmac w/ truncated hmac extension */
+    HELLO_EXT_TYPE_SZ     = 2,  /* length of a hello extension type */
+    HELLO_EXT_SZ          = 8,  /* total length of the lazy hello extensions */
+    HELLO_EXT_LEN         = 6,  /* length of the lazy hello extensions */
+    HELLO_EXT_SIGALGO_SZ  = 2,  /* length of signature algo extension  */
+    HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
+
+    DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
+    DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
+    DTLS_HANDSHAKE_EXTRA     = 8,  /* diff from normal */
+    DTLS_RECORD_EXTRA        = 8,  /* diff from normal */
+    DTLS_HANDSHAKE_SEQ_SZ    = 2,  /* handshake header sequence number */
+    DTLS_HANDSHAKE_FRAG_SZ   = 3,  /* fragment offset and length are 24 bit */
+    DTLS_POOL_SZ             = 5,  /* buffers to hold in the retry pool */
+
+    FINISHED_LABEL_SZ   = 15,  /* TLS finished label size */
+    TLS_FINISHED_SZ     = 12,  /* TLS has a shorter size  */
+    MASTER_LABEL_SZ     = 13,  /* TLS master secret label sz */
+    KEY_LABEL_SZ        = 13,  /* TLS key block expansion sz */
+    MAX_PRF_HALF        = 256, /* Maximum half secret len */
+    MAX_PRF_LABSEED     = 128, /* Maximum label + seed len */
+    MAX_PRF_DIG         = 224, /* Maximum digest len      */
+    MAX_REQUEST_SZ      = 256, /* Maximum cert req len (no auth yet */
+    SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 
+
+    RC4_KEY_SIZE        = 16,  /* always 128bit           */
+    DES_KEY_SIZE        =  8,  /* des                     */
+    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
+    DES_IV_SIZE         = DES_BLOCK_SIZE,
+    AES_256_KEY_SIZE    = 32,  /* for 256 bit             */
+    AES_192_KEY_SIZE    = 24,  /* for 192 bit             */
+    AES_IV_SIZE         = 16,  /* always block size       */
+    AES_128_KEY_SIZE    = 16,  /* for 128 bit             */
+
+    AEAD_SEQ_OFFSET     = 4,        /* Auth Data: Sequence number */
+    AEAD_TYPE_OFFSET    = 8,        /* Auth Data: Type            */
+    AEAD_VMAJ_OFFSET    = 9,        /* Auth Data: Major Version   */
+    AEAD_VMIN_OFFSET    = 10,       /* Auth Data: Minor Version   */
+    AEAD_LEN_OFFSET     = 11,       /* Auth Data: Length          */
+    AEAD_AUTH_DATA_SZ   = 13,       /* Size of the data to authenticate */
+    AEAD_IMP_IV_SZ      = 4,        /* Size of the implicit IV     */
+    AEAD_EXP_IV_SZ      = 8,        /* Size of the explicit IV     */
+    AEAD_NONCE_SZ       = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
+
+    AES_GCM_AUTH_SZ     = 16, /* AES-GCM Auth Tag length    */
+    AES_CCM_16_AUTH_SZ  = 16, /* AES-CCM-16 Auth Tag length */
+    AES_CCM_8_AUTH_SZ   = 8,  /* AES-CCM-8 Auth Tag Length  */
+
+    CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
+    CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
+    CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
+    CAMELLIA_IV_SIZE      = 16, /* always block size */
+
+    CHACHA20_256_KEY_SIZE = 32,  /* for 256 bit             */
+    CHACHA20_128_KEY_SIZE = 16,  /* for 128 bit             */
+    CHACHA20_IV_SIZE      =  8,  /* 64 bits for iv          */
+
+    POLY1305_AUTH_SZ    = 16,  /* 128 bits                */
+
+    HC_128_KEY_SIZE     = 16,  /* 128 bits                */
+    HC_128_IV_SIZE      = 16,  /* also 128 bits           */
+
+    RABBIT_KEY_SIZE     = 16,  /* 128 bits                */
+    RABBIT_IV_SIZE      =  8,  /* 64 bits for iv          */
+
+    EVP_SALT_SIZE       =  8,  /* evp salt size 64 bits   */
+
+    ECDHE_SIZE          = 32,  /* ECHDE server size defaults to 256 bit */
+    MAX_EXPORT_ECC_SZ   = 256, /* Export ANS X9.62 max future size */
+
+    MAX_HELLO_SZ       = 128,  /* max client or server hello */
+    MAX_CERT_VERIFY_SZ = 1024, /* max   */
+    CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
+    MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
+
+    DTLS_TIMEOUT_INIT       =  1, /* default timeout init for DTLS receive  */
+    DTLS_TIMEOUT_MAX        = 64, /* default max timeout for DTLS receive */
+    DTLS_TIMEOUT_MULTIPLIER =  2, /* default timeout multiplier for DTLS recv */
+
+    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
+    MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */
+
+    MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4,  /* 4 mb file size alloc limit */
+
+#ifdef FORTRESS
+    MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
+#endif
+
+    MAX_X509_SIZE      = 2048, /* max static x509 buffer size */
+    CERT_MIN_SIZE      =  256, /* min PEM cert size with header/footer */
+    MAX_FILENAME_SZ    =  256, /* max file name length */
+    FILE_BUFFER_SIZE   = 1024, /* default static file buffer size for input,
+                                  will use dynamic buffer if not big enough */
+
+    MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
+    MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
+    MAX_NTRU_BITS       =  256, /* max symmetric bit strength */
+    NO_SNIFF           =   0,  /* not sniffing */
+    SNIFF              =   1,  /* currently sniffing */
+
+    HASH_SIG_SIZE      =   2,  /* default SHA1 RSA */
+
+    NO_CAVIUM_DEVICE   =  -2,  /* invalid cavium device id */
+
+    NO_COPY            =   0,  /* should we copy static buffer for write */
+    COPY               =   1   /* should we copy static buffer for write */
+};
+
+#ifdef SESSION_INDEX
+/* Shift values for making a session index */
+#define SESSIDX_ROW_SHIFT 4
+#define SESSIDX_IDX_MASK  0x0F
+#endif
+
+
+/* max cert chain peer depth */
+#ifndef MAX_CHAIN_DEPTH
+    #define MAX_CHAIN_DEPTH 9
+#endif
+
+#ifndef SESSION_TICKET_LEN
+    #define SESSION_TICKET_LEN 256
+#endif
+
+
+/* don't use extra 3/4k stack space unless need to */
+#ifdef HAVE_NTRU
+    #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
+#else
+    #define MAX_ENCRYPT_SZ ENCRYPT_LEN
+#endif
+
+
+/* states */
+enum states {
+    NULL_STATE = 0,
+
+    SERVER_HELLOVERIFYREQUEST_COMPLETE,
+    SERVER_HELLO_COMPLETE,
+    SERVER_CERT_COMPLETE,
+    SERVER_KEYEXCHANGE_COMPLETE,
+    SERVER_HELLODONE_COMPLETE,
+    SERVER_FINISHED_COMPLETE,
+
+    CLIENT_HELLO_COMPLETE,
+    CLIENT_KEYEXCHANGE_COMPLETE,
+    CLIENT_FINISHED_COMPLETE,
+
+    HANDSHAKE_DONE
+};
+
+
+#if defined(__GNUC__)
+    #define CYASSL_PACK __attribute__ ((packed))
+#else
+    #define CYASSL_PACK
+#endif
+
+/* SSL Version */
+typedef struct ProtocolVersion {
+    byte major;
+    byte minor;
+} CYASSL_PACK ProtocolVersion;
+
+
+CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
+CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
+CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
+CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
+
+#ifdef CYASSL_DTLS
+    CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
+    CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
+#endif
+
+
+enum BIO_TYPE {
+    BIO_BUFFER = 1,
+    BIO_SOCKET = 2,
+    BIO_SSL    = 3,
+    BIO_MEMORY = 4
+};
+
+
+/* CyaSSL BIO_METHOD type */
+struct CYASSL_BIO_METHOD {
+    byte type;               /* method type */
+};
+
+
+/* CyaSSL BIO type */
+struct CYASSL_BIO {
+    byte        type;          /* method type */
+    byte        close;         /* close flag */
+    byte        eof;           /* eof flag */
+    CYASSL*     ssl;           /* possible associated ssl */
+    byte*       mem;           /* memory buffer */
+    int         memLen;        /* memory buffer length */
+    int         fd;            /* possible file descriptor */
+    CYASSL_BIO* prev;          /* previous in chain */
+    CYASSL_BIO* next;          /* next in chain */
+};
+
+
+/* CyaSSL method type */
+struct CYASSL_METHOD {
+    ProtocolVersion version;
+    byte            side;         /* connection side, server or client */
+    byte            downgrade;    /* whether to downgrade version, default no */
+};
+
+
+/* defautls to client */
+CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
+
+/* for sniffer */
+CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
+                            word32 size, word32 totalSz, int sniff);
+CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
+
+
+/* CyaSSL buffer type */
+typedef struct buffer {
+    word32 length;
+    byte*  buffer;
+} buffer;
+
+
+enum {
+    FORCED_FREE = 1,
+    NO_FORCED_FREE = 0
+};
+
+
+/* only use compression extra if using compression */
+#ifdef HAVE_LIBZ
+    #define COMP_EXTRA MAX_COMP_EXTRA
+#else
+    #define COMP_EXTRA 0
+#endif
+
+/* only the sniffer needs space in the buffer for extra MTU record(s) */
+#ifdef CYASSL_SNIFFER
+    #define MTU_EXTRA MAX_MTU * 3 
+#else
+    #define MTU_EXTRA 0
+#endif
+
+
+/* embedded callbacks require large static buffers, make sure on */
+#ifdef CYASSL_CALLBACKS
+    #undef  LARGE_STATIC_BUFFERS
+    #define LARGE_STATIC_BUFFERS
+#endif
+
+
+/* give user option to use 16K static buffers */
+#if defined(LARGE_STATIC_BUFFERS)
+    #define RECORD_SIZE MAX_RECORD_SIZE
+#else
+    #ifdef CYASSL_DTLS
+        #define RECORD_SIZE MAX_MTU 
+    #else
+        #define RECORD_SIZE 128 
+    #endif
+#endif
+
+
+/* user option to turn off 16K output option */
+/* if using small static buffers (default) and SSL_write tries to write data
+   larger than the record we have, dynamically get it, unless user says only
+   write in static buffer chuncks  */
+#ifndef STATIC_CHUNKS_ONLY
+    #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
+#else
+    #define OUTPUT_RECORD_SIZE RECORD_SIZE
+#endif
+
+/* CyaSSL input buffer
+
+   RFC 2246:
+
+   length
+       The length (in bytes) of the following TLSPlaintext.fragment.
+       The length should not exceed 2^14.
+*/
+#if defined(LARGE_STATIC_BUFFERS)
+    #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
+             MTU_EXTRA + MAX_MSG_EXTRA
+#else
+    /* don't fragment memory from the record header */
+    #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
+#endif
+
+typedef struct {
+    word32 length;       /* total buffer length used */
+    word32 idx;          /* idx to part of length already consumed */
+    byte*  buffer;       /* place holder for static or dynamic buffer */
+    word32 bufferSize;   /* current buffer size */
+    ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
+    byte   dynamicFlag;  /* dynamic memory currently in use */
+    byte   offset;       /* alignment offset attempt */
+} bufferStatic;
+
+/* Cipher Suites holder */
+typedef struct Suites {
+    int    setSuites;               /* user set suites from default */
+    byte   suites[MAX_SUITE_SZ];  
+    word16 suiteSz;                 /* suite length in bytes        */
+    byte   hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
+    word16 hashSigAlgoSz;           /* SigAlgo extension length in bytes */
+    byte   hashAlgo;                /* selected hash algorithm */
+    byte   sigAlgo;                 /* selected sig algorithm */
+} Suites;
+
+
+CYASSL_LOCAL
+void InitSuites(Suites*, ProtocolVersion,
+                                     byte, byte, byte, byte, byte, byte, int);
+CYASSL_LOCAL
+int  SetCipherList(Suites*, const char* list);
+
+#ifndef PSK_TYPES_DEFINED
+    typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
+                          unsigned int, unsigned char*, unsigned int);
+    typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
+                          unsigned char*, unsigned int);
+#endif /* PSK_TYPES_DEFINED */
+
+
+#ifdef HAVE_NETX
+    CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx);
+    CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx);
+#endif /* HAVE_NETX */
+
+
+/* CyaSSL Cipher type just points back to SSL */
+struct CYASSL_CIPHER {
+    CYASSL* ssl;
+};
+
+
+typedef struct OCSP_Entry OCSP_Entry;
+
+#ifdef SHA_DIGEST_SIZE
+    #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
+#else
+    #define OCSP_DIGEST_SIZE 160
+#endif
+
+#ifdef NO_ASN 
+    /* no_asn won't have */
+    typedef struct CertStatus CertStatus;
+#endif
+
+struct OCSP_Entry {
+    OCSP_Entry* next;                        /* next entry             */
+    byte    issuerHash[OCSP_DIGEST_SIZE];    /* issuer hash            */ 
+    byte    issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
+    CertStatus* status;                      /* OCSP response list     */
+    int         totalStatus;                 /* number on list         */
+};
+
+
+#ifndef HAVE_OCSP
+    typedef struct CYASSL_OCSP CYASSL_OCSP;
+#endif
+
+/* CyaSSL OCSP controller */
+struct CYASSL_OCSP {
+    CYASSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
+    OCSP_Entry*          ocspList;      /* OCSP response list */
+    CyaSSL_Mutex         ocspLock;      /* OCSP list lock */
+};
+
+#ifndef MAX_DATE_SIZE
+#define MAX_DATE_SIZE 32
+#endif
+
+typedef struct CRL_Entry CRL_Entry;
+
+#ifdef SHA_DIGEST_SIZE
+    #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
+#else
+    #define CRL_DIGEST_SIZE 160
+#endif
+
+#ifdef NO_ASN 
+    typedef struct RevokedCert RevokedCert;
+#endif
+
+/* Complete CRL */
+struct CRL_Entry {
+    CRL_Entry* next;                      /* next entry */
+    byte    issuerHash[CRL_DIGEST_SIZE];  /* issuer hash                 */ 
+    /* byte    crlHash[CRL_DIGEST_SIZE];      raw crl data hash           */ 
+    /* restore the hash here if needed for optimized comparisons */
+    byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
+    byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
+    byte    lastDateFormat;          /* last date format */
+    byte    nextDateFormat;          /* next date format */
+    RevokedCert* certs;              /* revoked cert list  */
+    int          totalCerts;         /* number on list     */
+};
+
+
+typedef struct CRL_Monitor CRL_Monitor;
+
+/* CRL directory monitor */
+struct CRL_Monitor {
+    char* path;      /* full dir path, if valid pointer we're using */
+    int   type;      /* PEM or ASN1 type */
+};
+
+
+#ifndef HAVE_CRL
+    typedef struct CYASSL_CRL CYASSL_CRL;
+#endif
+
+/* CyaSSL CRL controller */
+struct CYASSL_CRL {
+    CYASSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
+    CRL_Entry*           crlList;       /* our CRL list */
+    CyaSSL_Mutex         crlLock;       /* CRL list lock */
+    CRL_Monitor          monitors[2];   /* PEM and DER possible */
+#ifdef HAVE_CRL_MONITOR
+    pthread_t            tid;           /* monitoring thread */
+    int                  mfd;           /* monitor fd, -1 if no init yet */
+#endif
+};
+
+
+#ifdef NO_ASN 
+    typedef struct Signer Signer;
+#endif
+
+
+#ifndef CA_TABLE_SIZE
+    #define CA_TABLE_SIZE 11
+#endif
+
+/* CyaSSL Certificate Manager */
+struct CYASSL_CERT_MANAGER {
+    Signer*         caTable[CA_TABLE_SIZE]; /* the CA signer table */
+    CyaSSL_Mutex    caLock;             /* CA list lock */
+    CallbackCACache caCacheCallback;    /* CA cache addition callback */
+    void*           heap;               /* heap helper */
+    CYASSL_CRL*     crl;                /* CRL checker */
+    byte            crlEnabled;         /* is CRL on ? */
+    byte            crlCheckAll;        /* always leaf, but all ? */
+    CbMissingCRL    cbMissingCRL;       /* notify through cb of missing crl */
+    CYASSL_OCSP*    ocsp;               /* OCSP checker */
+    byte            ocspEnabled;        /* is OCSP on ? */
+    byte            ocspSendNonce;      /* send the OCSP nonce ? */
+    byte            ocspUseOverrideURL; /* ignore cert's responder, override */
+    char*           ocspOverrideURL;    /* use this responder */
+    void*           ocspIOCtx;          /* I/O callback CTX */
+    CbOCSPIO        ocspIOCb;           /* I/O callback for OCSP lookup */
+    CbOCSPRespFree  ocspRespFreeCb;     /* Frees OCSP Response from IO Cb */
+};
+
+CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER*, const char*);
+CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER*, const char*);
+CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER*, void*, int, int*);
+CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER*, const void*, int);
+CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*);
+
+/* CyaSSL Sock Addr */
+struct CYASSL_SOCKADDR {
+    unsigned int sz; /* sockaddr size */
+    void*        sa; /* pointer to the sockaddr_in or sockaddr_in6 */
+};
+
+typedef struct CYASSL_DTLS_CTX {
+    CYASSL_SOCKADDR peer;
+    int fd;
+} CYASSL_DTLS_CTX;
+
+
+#ifdef CYASSL_DTLS
+
+    #ifdef WORD64_AVAILABLE
+        typedef word64 DtlsSeq;
+    #else
+        typedef word32 DtlsSeq;
+    #endif
+    #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
+
+    typedef struct DtlsState {
+        DtlsSeq window;     /* Sliding window for current epoch    */
+        word16 nextEpoch;   /* Expected epoch in next record       */
+        word32 nextSeq;     /* Expected sequence in next record    */
+
+        word16 curEpoch;    /* Received epoch in current record    */
+        word32 curSeq;      /* Received sequence in current record */
+
+        DtlsSeq prevWindow; /* Sliding window for old epoch        */
+        word32 prevSeq;     /* Next sequence in allowed old epoch  */
+    } DtlsState;
+
+#endif /* CYASSL_DTLS */
+
+
+/* keys and secrets */
+typedef struct Keys {
+    byte client_write_MAC_secret[MAX_DIGEST_SIZE];   /* max sizes */
+    byte server_write_MAC_secret[MAX_DIGEST_SIZE];
+    byte client_write_key[AES_256_KEY_SIZE];         /* max sizes */
+    byte server_write_key[AES_256_KEY_SIZE];
+    byte client_write_IV[AES_IV_SIZE];               /* max sizes */
+    byte server_write_IV[AES_IV_SIZE];
+#ifdef HAVE_AEAD
+    byte aead_exp_IV[AEAD_EXP_IV_SZ];
+    byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
+    byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
+#endif
+
+    word32 peer_sequence_number;
+    word32 sequence_number;
+
+#ifdef CYASSL_DTLS
+    DtlsState dtls_state;                       /* Peer's state */
+    word16 dtls_peer_handshake_number;
+    word16 dtls_expected_peer_handshake_number;
+
+    word16 dtls_epoch;                          /* Current tx epoch    */
+    word32 dtls_sequence_number;                /* Current tx sequence */
+    word16 dtls_handshake_number;               /* Current tx handshake seq */
+#endif
+
+    word32 encryptSz;             /* last size of encrypted data   */
+    word32 padSz;                 /* how much to advance after decrypt part */
+    byte   encryptionOn;          /* true after change cipher spec */
+    byte   decryptedCur;          /* only decrypt current record once */
+} Keys;
+
+
+
+/* RFC 6066 TLS Extensions */
+#ifdef HAVE_TLS_EXTENSIONS
+
+typedef enum {
+    SERVER_NAME_INDICATION = 0x0000,
+    MAX_FRAGMENT_LENGTH    = 0x0001,
+    TRUNCATED_HMAC         = 0x0004,
+    ELLIPTIC_CURVES        = 0x000a,
+    SESSION_TICKET         = 0x0023,
+    SECURE_RENEGOTIATION   = 0xff01
+} TLSX_Type;
+
+typedef struct TLSX {
+    TLSX_Type    type; /* Extension Type  */
+    void*        data; /* Extension Data  */
+    byte         resp; /* IsResponse Flag */
+    struct TLSX* next; /* List Behavior   */
+} TLSX;
+
+CYASSL_LOCAL TLSX*  TLSX_Find(TLSX* list, TLSX_Type type);
+CYASSL_LOCAL void   TLSX_FreeAll(TLSX* list);
+CYASSL_LOCAL int    TLSX_SupportExtensions(CYASSL* ssl);
+
+#ifndef NO_CYASSL_CLIENT
+CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
+CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output);
+#endif
+
+#ifndef NO_CYASSL_SERVER
+CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl);
+CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
+#endif
+
+CYASSL_LOCAL int    TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
+                                                byte isRequest, Suites *suites);
+                                                
+#elif defined(HAVE_SNI)                  \
+   || defined(HAVE_MAX_FRAGMENT)         \
+   || defined(HAVE_TRUNCATED_HMAC)       \
+   || defined(HAVE_SUPPORTED_CURVES)     \
+   || defined(HAVE_SECURE_RENEGOTIATION) \
+   || defined(HAVE_SESSION_TICKET)
+
+#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
+
+#endif /* HAVE_TLS_EXTENSIONS */
+
+/* Server Name Indication */
+#ifdef HAVE_SNI
+
+typedef struct SNI {
+    byte                       type;    /* SNI Type          */
+    union { char* host_name; } data;    /* SNI Data          */
+    struct SNI*                next;    /* List Behavior     */
+#ifndef NO_CYASSL_SERVER
+    byte                       options; /* Behaviour options */
+    byte                       status;  /* Matching result   */
+#endif
+} SNI;
+
+CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
+                                                                   word16 size);
+
+#ifndef NO_CYASSL_SERVER
+CYASSL_LOCAL void   TLSX_SNI_SetOptions(TLSX* extensions, byte type,
+                                                                  byte options);
+CYASSL_LOCAL byte   TLSX_SNI_Status(TLSX* extensions, byte type);
+CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
+                                                                   void** data);
+CYASSL_LOCAL int    TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
+                                         byte type, byte* sni, word32* inOutSz);
+#endif
+
+#endif /* HAVE_SNI */
+
+/* Maximum Fragment Length */
+#ifdef HAVE_MAX_FRAGMENT
+
+CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
+
+#endif /* HAVE_MAX_FRAGMENT */
+
+#ifdef HAVE_TRUNCATED_HMAC
+
+CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
+
+#endif /* HAVE_TRUNCATED_HMAC */
+
+#ifdef HAVE_SUPPORTED_CURVES
+
+typedef struct EllipticCurve {
+    word16                name; /* CurveNames    */
+    struct EllipticCurve* next; /* List Behavior */
+} EllipticCurve;
+
+CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
+
+#ifndef NO_CYASSL_SERVER
+CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
+                                                                   byte second);
+#endif
+
+#endif /* HAVE_SUPPORTED_CURVES */
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+
+enum key_cache_state {
+    SCR_CACHE_NULL   = 0,       /* empty / begin state */
+    SCR_CACHE_NEEDED,           /* need to cache keys */
+    SCR_CACHE_COPY,             /* we have a cached copy */
+    SCR_CACHE_PARTIAL,          /* partial restore to real keys */
+    SCR_CACHE_COMPLETE          /* complete restore to real keys */
+};
+
+
+/* Additional Conection State according to rfc5746 section 3.1 */
+typedef struct SecureRenegotiation {
+   byte                 enabled;  /* secure_renegotiation flag in rfc */
+   byte                 startScr; /* server requested client to start scr */
+   enum key_cache_state cache_status;  /* track key cache state */
+   byte                 client_verify_data[TLS_FINISHED_SZ];  /* cached */
+   byte                 server_verify_data[TLS_FINISHED_SZ];  /* cached */
+   byte                 subject_hash[SHA_DIGEST_SIZE];  /* peer cert hash */
+   Keys                 tmp_keys;  /* can't overwrite real keys yet */
+} SecureRenegotiation;
+
+CYASSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
+
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
+#ifdef HAVE_SESSION_TICKET
+
+typedef struct SessionTicket {
+    word32 lifetime;
+    byte*  data;
+    word16 size;
+} SessionTicket;
+
+CYASSL_LOCAL int  TLSX_UseSessionTicket(TLSX** extensions, 
+                                                         SessionTicket* ticket);
+CYASSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
+                                                       byte* data, word16 size);
+CYASSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
+#endif /* HAVE_SESSION_TICKET */
+
+/* CyaSSL context type */
+struct CYASSL_CTX {
+    CYASSL_METHOD* method;
+    CyaSSL_Mutex   countMutex;    /* reference count mutex */
+    int         refCount;         /* reference count */
+#ifndef NO_CERTS
+    buffer      certificate;
+    buffer      certChain;
+                 /* chain after self, in DER, with leading size for each cert */
+    buffer      privateKey;
+    buffer      serverDH_P;
+    buffer      serverDH_G;
+    CYASSL_CERT_MANAGER* cm;      /* our cert manager, ctx owns SSL will use */
+#endif
+    Suites      suites;
+    void*       heap;             /* for user memory overrides */
+    byte        verifyPeer;
+    byte        verifyNone;
+    byte        failNoCert;
+    byte        sessionCacheOff;
+    byte        sessionCacheFlushOff;
+    byte        sendVerify;       /* for client side */
+    byte        haveRSA;          /* RSA available */
+    byte        haveDH;           /* server DH parms set by user */
+    byte        haveNTRU;         /* server private NTRU  key loaded */
+    byte        haveECDSAsig;     /* server cert signed w/ ECDSA */
+    byte        haveStaticECC;    /* static server ECC private key */
+    byte        partialWrite;     /* only one msg per write call */
+    byte        quietShutdown;    /* don't send close notify */
+    byte        groupMessages;    /* group handshake messages before sending */
+    CallbackIORecv CBIORecv;
+    CallbackIOSend CBIOSend;
+#ifdef CYASSL_DTLS
+    CallbackGenCookie CBIOCookie;       /* gen cookie callback */
+#endif
+    VerifyCallback  verifyCallback;     /* cert verification callback */
+    word32          timeout;            /* session timeout */
+#ifdef HAVE_ECC
+    word16          eccTempKeySz;       /* in octets 20 - 66 */
+    word32          pkCurveOID;         /* curve Ecc_Sum */
+#endif
+#ifndef NO_PSK
+    byte        havePSK;                /* psk key set by user */
+    psk_client_callback client_psk_cb;  /* client callback */
+    psk_server_callback server_psk_cb;  /* server callback */
+    char        server_hint[MAX_PSK_ID_LEN];
+#endif /* NO_PSK */
+#ifdef HAVE_ANON
+    byte        haveAnon;               /* User wants to allow Anon suites */
+#endif /* HAVE_ANON */
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+    pem_password_cb passwd_cb;
+    void*            userdata;
+#endif /* OPENSSL_EXTRA */
+#ifdef HAVE_OCSP
+    CYASSL_OCSP      ocsp;
+#endif
+#ifdef HAVE_CAVIUM
+    int              devId;            /* cavium device id to use */
+#endif
+#ifdef HAVE_TLS_EXTENSIONS
+    TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
+#endif
+#ifdef ATOMIC_USER
+    CallbackMacEncrypt    MacEncryptCb;    /* Atomic User Mac/Encrypt Cb */
+    CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+    #ifdef HAVE_ECC
+        CallbackEccSign   EccSignCb;    /* User EccSign   Callback handler */
+        CallbackEccVerify EccVerifyCb;  /* User EccVerify Callback handler */
+    #endif /* HAVE_ECC */
+    #ifndef NO_RSA 
+        CallbackRsaSign   RsaSignCb;    /* User RsaSign   Callback handler */
+        CallbackRsaVerify RsaVerifyCb;  /* User RsaVerify Callback handler */
+        CallbackRsaEnc    RsaEncCb;     /* User Rsa Public Encrypt  handler */
+        CallbackRsaDec    RsaDecCb;     /* User Rsa Private Decrypt handler */
+    #endif /* NO_RSA */
+#endif /* HAVE_PK_CALLBACKS */
+};
+
+
+CYASSL_LOCAL
+int InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*);
+CYASSL_LOCAL
+void FreeSSL_Ctx(CYASSL_CTX*);
+CYASSL_LOCAL
+void SSL_CtxResourceFree(CYASSL_CTX*);
+
+CYASSL_LOCAL
+int DeriveTlsKeys(CYASSL* ssl);
+CYASSL_LOCAL
+int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
+                          word32 inSz, word16 sz);
+#ifndef NO_CERTS
+    CYASSL_LOCAL
+    int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
+    CYASSL_LOCAL
+    int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
+#endif
+
+/* All cipher suite related info */
+typedef struct CipherSpecs {
+    byte bulk_cipher_algorithm;
+    byte cipher_type;               /* block, stream, or aead */
+    byte mac_algorithm;
+    byte kea;                       /* key exchange algo */
+    byte sig_algo;
+    byte hash_size;
+    byte pad_size;
+    byte static_ecdh;
+    word16 key_size;
+    word16 iv_size;
+    word16 block_size;
+    word16 aead_mac_size;
+} CipherSpecs;
+
+
+void InitCipherSpecs(CipherSpecs* cs);
+
+
+/* Supported Message Authentication Codes from page 43 */
+enum MACAlgorithm { 
+    no_mac,
+    md5_mac,
+    sha_mac,
+    sha224_mac,
+    sha256_mac,     /* needs to match external KDF_MacAlgorithm */
+    sha384_mac,
+    sha512_mac,
+    rmd_mac,
+    blake2b_mac
+};
+
+
+/* Supported Key Exchange Protocols */
+enum KeyExchangeAlgorithm { 
+    no_kea,
+    rsa_kea, 
+    diffie_hellman_kea, 
+    fortezza_kea,
+    psk_kea,
+    dhe_psk_kea,
+    ntru_kea,
+    ecc_diffie_hellman_kea,
+    ecc_static_diffie_hellman_kea       /* for verify suite only */
+};
+
+
+/* Supported Authentication Schemes */
+enum SignatureAlgorithm {
+    anonymous_sa_algo,
+    rsa_sa_algo,
+    dsa_sa_algo,
+    ecc_dsa_sa_algo
+};
+
+
+/* Supprted ECC Curve Types */
+enum EccCurves {
+    named_curve = 3
+};
+
+
+/* Supprted ECC Named Curves */
+enum EccNamedCurves {
+    secp256r1 = 0x17,         /* default, OpenSSL also calls it prime256v1 */
+    secp384r1 = 0x18,
+    secp521r1 = 0x19,
+
+    secp160r1 = 0x10,
+    secp192r1 = 0x13,        /*           Openssl also call it prime192v1 */
+    secp224r1 = 0x15
+};
+
+
+/* Valid client certificate request types from page 27 */
+enum ClientCertificateType {    
+    rsa_sign            = 1, 
+    dss_sign            = 2,
+    rsa_fixed_dh        = 3,
+    dss_fixed_dh        = 4,
+    rsa_ephemeral_dh    = 5,
+    dss_ephemeral_dh    = 6,
+    fortezza_kea_cert   = 20,
+    ecdsa_sign          = 64,
+    rsa_fixed_ecdh      = 65,
+    ecdsa_fixed_ecdh    = 66
+};
+
+
+enum CipherType { stream, block, aead };
+
+
+
+
+
+
+/* cipher for now */
+typedef struct Ciphers {
+#ifdef BUILD_ARC4
+    Arc4*   arc4;
+#endif
+#ifdef BUILD_DES3
+    Des3*   des3;
+#endif
+#if defined(BUILD_AES) || defined(BUILD_AESGCM)
+    Aes*    aes;
+#endif
+#ifdef HAVE_CAMELLIA
+    Camellia* cam;
+#endif
+#ifdef HAVE_CHACHA 
+    ChaCha*   chacha;
+#endif
+#ifdef HAVE_HC128
+    HC128*  hc128;
+#endif
+#ifdef BUILD_RABBIT
+    Rabbit* rabbit;
+#endif
+    byte    setup;       /* have we set it up flag for detection */
+} Ciphers;
+
+
+#ifdef HAVE_ONE_TIME_AUTH
+/* Ciphers for one time authentication such as poly1305 */
+typedef struct OneTimeAuth {
+#ifdef HAVE_POLY1305 
+    Poly1305* poly1305;
+#endif
+    byte    setup;      /* flag for if a cipher has been set */
+
+} OneTimeAuth;
+#endif
+
+
+CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
+CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
+
+
+/* hashes type */
+typedef struct Hashes {
+    #ifndef NO_OLD_TLS
+        byte md5[MD5_DIGEST_SIZE];
+    #endif
+    byte sha[SHA_DIGEST_SIZE];
+    #ifndef NO_SHA256
+        byte sha256[SHA256_DIGEST_SIZE];
+    #endif
+    #ifdef CYASSL_SHA384
+        byte sha384[SHA384_DIGEST_SIZE];
+    #endif
+} Hashes;
+
+
+/* Static x509 buffer */
+typedef struct x509_buffer {
+    int  length;                  /* actual size */
+    byte buffer[MAX_X509_SIZE];   /* max static cert size */
+} x509_buffer;
+
+
+/* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
+struct CYASSL_X509_CHAIN {
+    int         count;                    /* total number in chain */
+    x509_buffer certs[MAX_CHAIN_DEPTH];   /* only allow max depth 4 for now */
+};
+
+
+/* CyaSSL session type */
+struct CYASSL_SESSION {
+    byte         sessionID[ID_LEN];             /* id for protocol */
+    byte         sessionIDSz;
+    byte         masterSecret[SECRET_LEN];      /* stored secret */
+    word32       bornOn;                        /* create time in seconds   */
+    word32       timeout;                       /* timeout in seconds       */
+#ifdef SESSION_CERTS
+    CYASSL_X509_CHAIN chain;                    /* peer cert chain, static  */
+    ProtocolVersion version;                    /* which version was used */
+    byte            cipherSuite0;               /* first byte, normally 0 */
+    byte            cipherSuite;                /* 2nd byte, actual suite */
+#endif
+#ifndef NO_CLIENT_CACHE
+    byte         serverID[SERVER_ID_LEN];       /* for easier client lookup */
+    word16       idLen;                         /* serverID length */
+#endif
+#ifdef HAVE_SESSION_TICKET
+    byte         ticket[SESSION_TICKET_LEN];
+    word16       ticketLen;
+#endif
+};
+
+
+CYASSL_LOCAL
+CYASSL_SESSION* GetSession(CYASSL*, byte*);
+CYASSL_LOCAL
+int          SetSession(CYASSL*, CYASSL_SESSION*);
+
+typedef int (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int);
+
+#ifndef NO_CLIENT_CACHE
+    CYASSL_SESSION* GetSessionClient(CYASSL*, const byte*, int);
+#endif
+
+/* client connect state for nonblocking restart */
+enum ConnectState {
+    CONNECT_BEGIN = 0,
+    CLIENT_HELLO_SENT,
+    HELLO_AGAIN,               /* HELLO_AGAIN s for DTLS case */
+    HELLO_AGAIN_REPLY,
+    FIRST_REPLY_DONE,
+    FIRST_REPLY_FIRST,
+    FIRST_REPLY_SECOND,
+    FIRST_REPLY_THIRD,
+    FIRST_REPLY_FOURTH,
+    FINISHED_DONE,
+    SECOND_REPLY_DONE
+};
+
+
+/* server accept state for nonblocking restart */
+enum AcceptState {
+    ACCEPT_BEGIN = 0,
+    ACCEPT_CLIENT_HELLO_DONE,
+    HELLO_VERIFY_SENT,
+    ACCEPT_FIRST_REPLY_DONE,
+    SERVER_HELLO_SENT,
+    CERT_SENT,
+    KEY_EXCHANGE_SENT,
+    CERT_REQ_SENT,
+    SERVER_HELLO_DONE,
+    ACCEPT_SECOND_REPLY_DONE,
+    CHANGE_CIPHER_SENT,
+    ACCEPT_FINISHED_DONE,
+    ACCEPT_THIRD_REPLY_DONE
+};
+
+
+typedef struct Buffers {
+#ifndef NO_CERTS
+    buffer          certificate;            /* CYASSL_CTX owns, unless we own */
+    buffer          key;                    /* CYASSL_CTX owns, unless we own */
+    buffer          certChain;              /* CYASSL_CTX owns, unless we own */
+                 /* chain after self, in DER, with leading size for each cert */
+    buffer          serverDH_P;             /* CYASSL_CTX owns, unless we own */
+    buffer          serverDH_G;             /* CYASSL_CTX owns, unless we own */
+    buffer          serverDH_Pub;
+    buffer          serverDH_Priv;
+#endif
+    buffer          domainName;             /* for client check */
+    bufferStatic    inputBuffer;
+    bufferStatic    outputBuffer;
+    buffer          clearOutputBuffer;
+    int             prevSent;              /* previous plain text bytes sent
+                                              when got WANT_WRITE            */
+    int             plainSz;               /* plain text bytes in buffer to send
+                                              when got WANT_WRITE            */
+    byte            weOwnCert;             /* SSL own cert flag */
+    byte            weOwnCertChain;        /* SSL own cert chain flag */
+    byte            weOwnKey;              /* SSL own key  flag */
+    byte            weOwnDH;               /* SSL own dh (p,g)  flag */
+#ifdef CYASSL_DTLS
+    CYASSL_DTLS_CTX dtlsCtx;               /* DTLS connection context */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+    #ifdef HAVE_ECC
+        buffer peerEccDsaKey;              /* we own for Ecc Verify Callbacks */
+    #endif /* HAVE_ECC */
+    #ifndef NO_RSA
+        buffer peerRsaKey;                 /* we own for Rsa Verify Callbacks */
+    #endif /* NO_RSA */
+#endif /* HAVE_PK_CALLBACKS */
+} Buffers;
+
+typedef struct Options {
+    byte            sessionCacheOff;
+    byte            sessionCacheFlushOff;
+    byte            cipherSuite0;           /* first byte, normally 0 */
+    byte            cipherSuite;            /* second byte, actual suite */
+    byte            serverState;
+    byte            clientState;
+    byte            handShakeState;
+    byte            handShakeDone;      /* at least one handshake complete */
+    byte            side;               /* client or server end */
+    byte            verifyPeer;
+    byte            verifyNone;
+    byte            failNoCert;
+    byte            downgrade;          /* allow downgrade of versions */
+    byte            minDowngrade;       /* minimum downgrade version */
+    byte            sendVerify;         /* false = 0, true = 1, sendBlank = 2 */
+    byte            resuming;
+    byte            haveSessionId;      /* server may not send */
+    byte            tls;                /* using TLS ? */
+    byte            tls1_1;             /* using TLSv1.1+ ? */
+    byte            dtls;               /* using datagrams ? */
+    byte            connReset;          /* has the peer reset */
+    byte            isClosed;           /* if we consider conn closed */
+    byte            closeNotify;        /* we've recieved a close notify */
+    byte            sentNotify;         /* we've sent a close notify */
+    byte            connectState;       /* nonblocking resume */
+    byte            acceptState;        /* nonblocking resume */
+    byte            usingCompression;   /* are we using compression */
+    byte            haveRSA;            /* RSA available */
+    byte            haveDH;             /* server DH parms set by user */
+    byte            haveNTRU;           /* server NTRU  private key loaded */
+    byte            haveECDSAsig;       /* server ECDSA signed cert */
+    byte            haveStaticECC;      /* static server ECC private key */
+    byte            havePeerCert;       /* do we have peer's cert */
+    byte            havePeerVerify;     /* and peer's cert verify */
+    byte            usingPSK_cipher;    /* whether we're using psk as cipher */
+    byte            usingAnon_cipher;   /* whether we're using an anon cipher */
+    byte            sendAlertState;     /* nonblocking resume */ 
+    byte            processReply;       /* nonblocking resume */
+    byte            partialWrite;       /* only one msg per write call */
+    byte            quietShutdown;      /* don't send close notify */
+    byte            certOnly;           /* stop once we get cert */
+    byte            groupMessages;      /* group handshake messages */
+    byte            usingNonblock;      /* set when using nonblocking socket */
+    byte            saveArrays;         /* save array Memory for user get keys
+                                           or psk */
+#ifdef HAVE_POLY1305
+    byte            oldPoly;            /* set when to use old rfc way of poly*/
+#endif
+#ifndef NO_PSK
+    byte            havePSK;            /* psk key set by user */
+    psk_client_callback client_psk_cb;
+    psk_server_callback server_psk_cb;
+#endif /* NO_PSK */
+#ifdef HAVE_ANON
+    byte            haveAnon;           /* User wants to allow Anon suites */
+#endif /* HAVE_ANON */
+} Options;
+
+typedef struct Arrays {
+    byte            clientRandom[RAN_LEN];
+    byte            serverRandom[RAN_LEN];
+    byte            sessionID[ID_LEN];
+    byte            sessionIDSz;
+    byte            preMasterSecret[ENCRYPT_LEN];
+    byte            masterSecret[SECRET_LEN];
+#ifdef CYASSL_DTLS
+    byte            cookie[MAX_COOKIE_LEN];
+    byte            cookieSz;
+#endif
+#ifndef NO_PSK
+    char            client_identity[MAX_PSK_ID_LEN];
+    char            server_hint[MAX_PSK_ID_LEN];
+    byte            psk_key[MAX_PSK_KEY_LEN];
+    word32          psk_keySz;          /* acutal size */
+#endif
+    word32          preMasterSz;        /* differs for DH, actual size */
+} Arrays;
+
+#ifndef ASN_NAME_MAX
+#define ASN_NAME_MAX 256
+#endif
+
+#ifndef MAX_DATE_SZ
+#define MAX_DATE_SZ 32
+#endif
+
+struct CYASSL_X509_NAME {
+    char  *name;
+    char  staticName[ASN_NAME_MAX];
+    int   dynamicName;
+    int   sz;
+#ifdef OPENSSL_EXTRA
+    DecodedName fullName;
+#endif /* OPENSSL_EXTRA */
+};
+
+#ifndef EXTERNAL_SERIAL_SIZE
+    #define EXTERNAL_SERIAL_SIZE 32
+#endif
+
+#ifdef NO_ASN 
+    typedef struct DNS_entry DNS_entry;
+#endif
+
+struct CYASSL_X509 {
+    int              version;
+    CYASSL_X509_NAME issuer;
+    CYASSL_X509_NAME subject;
+    int              serialSz;
+    byte             serial[EXTERNAL_SERIAL_SIZE];
+    char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
+#ifdef CYASSL_SEP
+    int              deviceTypeSz;
+    byte             deviceType[EXTERNAL_SERIAL_SIZE];
+    int              hwTypeSz;
+    byte             hwType[EXTERNAL_SERIAL_SIZE];
+    int              hwSerialNumSz;
+    byte             hwSerialNum[EXTERNAL_SERIAL_SIZE];
+    #ifdef OPENSSL_EXTRA
+        byte             certPolicySet;
+        byte             certPolicyCrit;
+    #endif /* OPENSSL_EXTRA */
+#endif
+    int              notBeforeSz;
+    byte             notBefore[MAX_DATE_SZ];
+    int              notAfterSz;
+    byte             notAfter[MAX_DATE_SZ];
+    int              sigOID;
+    buffer           sig;
+    int              pubKeyOID;
+    buffer           pubKey;
+    #ifdef HAVE_ECC
+        word32       pkCurveOID;
+    #endif /* HAVE_ECC */
+    buffer           derCert;                        /* may need  */
+    DNS_entry*       altNames;                       /* alt names list */
+    DNS_entry*       altNamesNext;                   /* hint for retrieval */
+    byte             dynamicMemory;                  /* dynamic memory flag */
+    byte             isCa;
+#ifdef OPENSSL_EXTRA
+    word32           pathLength;
+    word16           keyUsage;
+    byte             basicConstSet;
+    byte             basicConstCrit;
+    byte             basicConstPlSet;
+    byte             subjAltNameSet;
+    byte             subjAltNameCrit;
+    byte             authKeyIdSet;
+    byte             authKeyIdCrit;
+    byte*            authKeyId;
+    word32           authKeyIdSz;
+    byte             subjKeyIdSet;
+    byte             subjKeyIdCrit;
+    byte*            subjKeyId;
+    word32           subjKeyIdSz;
+    byte             keyUsageSet;
+    byte             keyUsageCrit;
+#endif /* OPENSSL_EXTRA */
+};
+
+
+/* record layer header for PlainText, Compressed, and CipherText */
+typedef struct RecordLayerHeader {
+    byte            type;
+    byte            pvMajor;
+    byte            pvMinor;
+    byte            length[2];
+} RecordLayerHeader;
+
+
+/* record layer header for DTLS PlainText, Compressed, and CipherText */
+typedef struct DtlsRecordLayerHeader {
+    byte            type;
+    byte            pvMajor;
+    byte            pvMinor;
+    byte            epoch[2];             /* increment on cipher state change */
+    byte            sequence_number[6];   /* per record */
+    byte            length[2];
+} DtlsRecordLayerHeader;
+
+
+typedef struct DtlsPool {
+    buffer          buf[DTLS_POOL_SZ];
+    int             used;
+} DtlsPool;
+
+typedef struct DtlsMsg {
+    struct DtlsMsg* next;
+    word32          seq;       /* Handshake sequence number    */
+    word32          sz;        /* Length of whole mesage       */
+    word32          fragSz;    /* Length of fragments received */
+    byte            type;
+    byte*           buf;
+    byte*           msg;
+} DtlsMsg;
+
+
+#ifdef HAVE_NETX
+
+    /* NETX I/O Callback default */
+    typedef struct NetX_Ctx {
+        NX_TCP_SOCKET* nxSocket;    /* send/recv socket handle */
+        NX_PACKET*     nxPacket;    /* incoming packet handle for short reads */
+        ULONG          nxOffset;    /* offset already read from nxPacket */
+        ULONG          nxWait;      /* wait option flag */
+    } NetX_Ctx;
+
+#endif
+
+
+/* Handshake messages recevied from peer (plus change cipher */
+typedef struct MsgsReceived {
+    word16 got_hello_request:1;
+    word16 got_client_hello:1;
+    word16 got_server_hello:1;
+    word16 got_hello_verify_request:1;
+    word16 got_session_ticket:1;
+    word16 got_certificate:1;
+    word16 got_server_key_exchange:1;
+    word16 got_certificate_request:1;
+    word16 got_server_hello_done:1;
+    word16 got_certificate_verify:1;
+    word16 got_client_key_exchange:1;
+    word16 got_finished:1;
+    word16 got_change_cipher:1;
+} MsgsReceived;
+
+
+/* CyaSSL ssl type */
+struct CYASSL {
+    CYASSL_CTX*     ctx;
+    int             error;
+    ProtocolVersion version;            /* negotiated version */
+    ProtocolVersion chVersion;          /* client hello version */
+    Suites*         suites;             /* only need during handshake */
+    Ciphers         encrypt;
+    Ciphers         decrypt;
+#ifdef HAVE_ONE_TIME_AUTH
+    OneTimeAuth     auth;
+#endif
+    CipherSpecs     specs;
+    Keys            keys;
+    MsgsReceived    msgsReceived;       /* peer messages received */
+    int             rfd;                /* read  file descriptor */
+    int             wfd;                /* write file descriptor */
+    int             rflags;             /* user read  flags */
+    int             wflags;             /* user write flags */
+    CYASSL_BIO*     biord;              /* socket bio read  to free/close */
+    CYASSL_BIO*     biowr;              /* socket bio write to free/close */
+    void*           IOCB_ReadCtx;
+    void*           IOCB_WriteCtx;
+    RNG*            rng;
+#ifndef NO_OLD_TLS
+#ifndef NO_SHA
+    Sha             hashSha;            /* sha hash of handshake msgs */
+#endif
+#ifndef NO_MD5
+    Md5             hashMd5;            /* md5 hash of handshake msgs */
+#endif
+#endif
+#ifndef NO_SHA256
+    Sha256          hashSha256;         /* sha256 hash of handshake msgs */
+#endif
+#ifdef CYASSL_SHA384
+    Sha384          hashSha384;         /* sha384 hash of handshake msgs */
+#endif
+    Hashes          verifyHashes;
+    Hashes          certHashes;         /* for cert verify */
+    Buffers         buffers;
+    Options         options;
+    Arrays*         arrays;
+    CYASSL_SESSION  session;
+    VerifyCallback  verifyCallback;      /* cert verification callback */
+    void*           verifyCbCtx;         /* cert verify callback user ctx*/
+#ifndef NO_RSA
+    RsaKey*         peerRsaKey;
+    byte            peerRsaKeyPresent;
+#endif
+#ifdef HAVE_NTRU
+    word16          peerNtruKeyLen;
+    byte            peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
+    byte            peerNtruKeyPresent;
+#endif
+#ifdef HAVE_ECC
+    ecc_key*        peerEccKey;              /* peer's  ECDHE key */
+    ecc_key*        peerEccDsaKey;           /* peer's  ECDSA key */
+    ecc_key*        eccTempKey;              /* private ECDHE key */
+    ecc_key*        eccDsaKey;               /* private ECDSA key */
+    word16          eccTempKeySz;            /* in octets 20 - 66 */
+    word32          pkCurveOID;              /* curve Ecc_Sum     */
+    byte            peerEccKeyPresent;
+    byte            peerEccDsaKeyPresent;
+    byte            eccTempKeyPresent;
+    byte            eccDsaKeyPresent;
+#endif
+    hmacfp          hmac;
+    void*           heap;               /* for user overrides */
+    RecordLayerHeader curRL;
+    word16            curSize;
+    word32          timeout;            /* session timeout */
+    CYASSL_CIPHER   cipher;
+#ifdef HAVE_LIBZ
+    z_stream        c_stream;           /* compression   stream */
+    z_stream        d_stream;           /* decompression stream */
+    byte            didStreamInit;      /* for stream init and end */
+#endif
+#ifdef CYASSL_DTLS
+    int             dtls_timeout_init;  /* starting timeout vaule */
+    int             dtls_timeout_max;   /* maximum timeout value */
+    int             dtls_timeout;       /* current timeout value, changes */
+    DtlsPool*       dtls_pool;
+    DtlsMsg*        dtls_msg_list;
+    void*           IOCB_CookieCtx;     /* gen cookie ctx */
+    word32          dtls_expected_rx;
+#endif
+#ifdef CYASSL_CALLBACKS
+    HandShakeInfo   handShakeInfo;      /* info saved during handshake */
+    TimeoutInfo     timeoutInfo;        /* info saved during handshake */
+    byte            hsInfoOn;           /* track handshake info        */
+    byte            toInfoOn;           /* track timeout   info        */
+#endif
+#ifdef HAVE_FUZZER
+    CallbackFuzzer  fuzzerCb;           /* for testing with using fuzzer */
+    void*           fuzzerCtx;          /* user defined pointer */
+#endif
+#ifdef KEEP_PEER_CERT
+    CYASSL_X509     peerCert;           /* X509 peer cert */
+#endif
+#ifdef FORTRESS
+    void*           ex_data[MAX_EX_DATA]; /* external data, for Fortress */
+#endif
+#ifdef HAVE_CAVIUM
+    int              devId;            /* cavium device id to use */
+#endif
+#ifdef HAVE_TLS_EXTENSIONS
+    TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
+    #ifdef HAVE_MAX_FRAGMENT
+        word16 max_fragment;
+    #endif
+    #ifdef HAVE_TRUNCATED_HMAC
+        byte truncated_hmac;
+    #endif
+    #ifdef HAVE_SECURE_RENEGOTIATION
+        SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
+    #endif                                         /* user turned on */
+    #if !defined(NO_CYASSL_CLIENT) && defined(HAVE_SESSION_TICKET)
+        CallbackSessionTicket session_ticket_cb;
+        void*                 session_ticket_ctx;
+        byte                  expect_session_ticket;
+    #endif
+#endif /* HAVE_TLS_EXTENSIONS */
+#ifdef HAVE_NETX
+    NetX_Ctx        nxCtx;             /* NetX IO Context */
+#endif
+#ifdef SESSION_INDEX
+    int sessionIndex;                  /* Session's location in the cache. */
+#endif
+    CYASSL_ALERT_HISTORY alert_history;
+#ifdef ATOMIC_USER
+    void*    MacEncryptCtx;    /* Atomic User Mac/Encrypt Callback Context */
+    void*    DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+    #ifdef HAVE_ECC
+        void* EccSignCtx;     /* Ecc Sign   Callback Context */
+        void* EccVerifyCtx;   /* Ecc Verify Callback Context */
+    #endif /* HAVE_ECC */
+    #ifndef NO_RSA 
+        void* RsaSignCtx;     /* Rsa Sign   Callback Context */
+        void* RsaVerifyCtx;   /* Rsa Verify Callback Context */
+        void* RsaEncCtx;      /* Rsa Public  Encrypt   Callback Context */
+        void* RsaDecCtx;      /* Rsa Private Decrypt   Callback Context */
+    #endif /* NO_RSA */
+#endif /* HAVE_PK_CALLBACKS */
+#ifdef HAVE_SECRET_CALLBACK
+        SessionSecretCb sessionSecretCb;
+        void*           sessionSecretCtx;
+#endif /* HAVE_SECRET_CALLBACK */
+};
+
+
+CYASSL_LOCAL
+int  InitSSL(CYASSL*, CYASSL_CTX*);
+CYASSL_LOCAL
+void FreeSSL(CYASSL*);
+CYASSL_API void SSL_ResourceFree(CYASSL*);   /* Micrium uses */
+
+
+enum {
+    IV_SZ   = 32,          /* max iv sz */
+    NAME_SZ = 80          /* max one line */
+};
+
+
+typedef struct EncryptedInfo {
+    char     name[NAME_SZ];    /* encryption name */
+    byte     iv[IV_SZ];        /* encrypted IV */
+    word32   ivSz;             /* encrypted IV size */
+    long     consumed;         /* tracks PEM bytes consumed */
+    byte     set;              /* if encryption set */
+    CYASSL_CTX* ctx;              /* CTX owner */
+} EncryptedInfo;
+
+
+#ifndef NO_CERTS
+    CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
+                              buffer* der, void* heap, EncryptedInfo* info,
+                              int* eccKey);
+
+    CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
+                                 int type, CYASSL* ssl, int userChain,
+                                CYASSL_CRL* crl);
+#endif
+
+
+#ifdef CYASSL_CALLBACKS
+    CYASSL_LOCAL
+    void InitHandShakeInfo(HandShakeInfo*);
+    CYASSL_LOCAL 
+    void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*);
+    CYASSL_LOCAL 
+    void AddPacketName(const char*, HandShakeInfo*);
+
+    CYASSL_LOCAL
+    void InitTimeoutInfo(TimeoutInfo*);
+    CYASSL_LOCAL 
+    void FreeTimeoutInfo(TimeoutInfo*, void*);
+    CYASSL_LOCAL 
+    void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
+    CYASSL_LOCAL 
+    void AddLateName(const char*, TimeoutInfo*);
+    CYASSL_LOCAL 
+    void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
+#endif
+
+
+/* Record Layer Header identifier from page 12 */
+enum ContentType {
+    no_type            = 0,
+    change_cipher_spec = 20, 
+    alert              = 21, 
+    handshake          = 22, 
+    application_data   = 23 
+};
+
+
+/* handshake header, same for each message type, pgs 20/21 */
+typedef struct HandShakeHeader {
+    byte            type;
+    word24          length;
+} HandShakeHeader;
+
+
+/* DTLS handshake header, same for each message type */
+typedef struct DtlsHandShakeHeader {
+    byte            type;
+    word24          length;
+    byte            message_seq[2];    /* start at 0, restransmit gets same # */
+    word24          fragment_offset;   /* bytes in previous fragments */
+    word24          fragment_length;   /* length of this fragment */
+} DtlsHandShakeHeader;
+
+
+enum HandShakeType {
+    no_shake            = -1,
+    hello_request       = 0, 
+    client_hello        = 1, 
+    server_hello        = 2,
+    hello_verify_request = 3,       /* DTLS addition */
+    session_ticket      =  4,
+    certificate         = 11, 
+    server_key_exchange = 12,
+    certificate_request = 13, 
+    server_hello_done   = 14,
+    certificate_verify  = 15, 
+    client_key_exchange = 16,
+    finished            = 20,
+    change_cipher_hs    = 55      /* simulate unique handshake type for sanity
+                                     checks.  record layer change_cipher
+                                     conflicts with handshake finished */
+};
+
+
+static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
+static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
+
+static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
+static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
+
+
+/* internal functions */
+CYASSL_LOCAL int SendChangeCipher(CYASSL*);
+CYASSL_LOCAL int SendData(CYASSL*, const void*, int);
+CYASSL_LOCAL int SendCertificate(CYASSL*);
+CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
+CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
+CYASSL_LOCAL int SendBuffered(CYASSL*);
+CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int, int);
+CYASSL_LOCAL int SendFinished(CYASSL*);
+CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
+CYASSL_LOCAL int ProcessReply(CYASSL*);
+
+CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
+CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
+
+CYASSL_LOCAL int  AddSession(CYASSL*);
+CYASSL_LOCAL int  DeriveKeys(CYASSL* ssl);
+CYASSL_LOCAL int  StoreKeys(CYASSL* ssl, const byte* keyData);
+
+CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
+CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
+
+CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
+CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
+CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
+
+CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl);
+#ifndef NO_CERTS
+    CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
+    #ifndef NO_SKID
+        CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
+    #endif
+#endif
+CYASSL_LOCAL int  BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
+                                   const byte* sender);
+CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
+CYASSL_LOCAL  int CheckAvailableSize(CYASSL *ssl, int size);
+CYASSL_LOCAL  int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
+
+#ifndef NO_TLS
+    CYASSL_LOCAL int  MakeTlsMasterSecret(CYASSL*);
+    CYASSL_LOCAL int  TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
+                               word32 sz, int content, int verify);
+#endif
+
+#ifndef NO_CYASSL_CLIENT
+    CYASSL_LOCAL int SendClientHello(CYASSL*);
+    CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
+    CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
+#endif /* NO_CYASSL_CLIENT */
+
+#ifndef NO_CYASSL_SERVER
+    CYASSL_LOCAL int SendServerHello(CYASSL*);
+    CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
+    #ifdef CYASSL_DTLS
+        CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
+    #endif
+#endif /* NO_CYASSL_SERVER */
+
+#ifdef CYASSL_DTLS
+    CYASSL_LOCAL int  DtlsPoolInit(CYASSL*);
+    CYASSL_LOCAL int  DtlsPoolSave(CYASSL*, const byte*, int);
+    CYASSL_LOCAL int  DtlsPoolTimeout(CYASSL*);
+    CYASSL_LOCAL int  DtlsPoolSend(CYASSL*);
+    CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
+
+    CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
+    CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
+    CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
+    CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
+                                                             word32, word32);
+    CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
+    CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32,
+                                                byte, word32, word32, void*);
+    CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
+#endif /* CYASSL_DTLS */
+
+#ifndef NO_TLS
+    
+
+#endif /* NO_TLS */
+
+
+CYASSL_LOCAL word32  LowResTimer(void);
+
+CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int);
+CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name);
+CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
+CYASSL_LOCAL void FreeX509(CYASSL_X509*);
+#ifndef NO_CERTS
+    CYASSL_LOCAL int  CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
+#endif
+
+/* used by ssl.c and cyassl_int.c */
+CYASSL_LOCAL void c32to24(word32 in, word24 out);
+
+CYASSL_LOCAL const char* const* GetCipherNames(void);
+CYASSL_LOCAL int GetCipherNamesSize(void);
+
+
+enum encrypt_side {
+    ENCRYPT_SIDE_ONLY = 1,
+    DECRYPT_SIDE_ONLY,
+    ENCRYPT_AND_DECRYPT_SIDE
+};
+
+CYASSL_LOCAL int SetKeysSide(CYASSL*, enum encrypt_side);
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* CyaSSL_INT_H */
+

wolfssl/ocsp.h

@@ -0,0 +1,52 @@
+/* ocsp.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/* CyaSSL OCSP API */
+
+#ifndef CYASSL_OCSP_H
+#define CYASSL_OCSP_H
+
+#ifdef HAVE_OCSP
+
+#include <cyassl/ssl.h>
+#include <cyassl/ctaocrypt/asn.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+typedef struct CYASSL_OCSP CYASSL_OCSP;
+
+CYASSL_LOCAL int  InitOCSP(CYASSL_OCSP*, CYASSL_CERT_MANAGER*);
+CYASSL_LOCAL void FreeOCSP(CYASSL_OCSP*, int dynamic);
+
+CYASSL_LOCAL int  CheckCertOCSP(CYASSL_OCSP*, DecodedCert*);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+
+#endif /* HAVE_OCSP */
+#endif /* CYASSL_OCSP_H */
+
+

wolfssl/openssl/asn1.h

@@ -0,0 +1,2 @@
+/* asn1.h for openssl */
+

wolfssl/openssl/bio.h

@@ -0,0 +1,23 @@
+/* bio.h for openssl */
+
+
+#ifndef CYASSL_BIO_H_
+#define CYASSL_BIO_H_
+
+#include <cyassl/openssl/ssl.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+
+#endif /* CYASSL_BIO_H_ */
+

wolfssl/openssl/bn.h

@@ -0,0 +1,115 @@
+/* bn.h for openssl */
+
+
+#ifndef CYASSL_BN_H_
+#define CYASSL_BN_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+typedef struct CYASSL_BIGNUM {
+    int   neg;              /* openssh deference */
+    void* internal;         /* our big num */
+} CYASSL_BIGNUM;        
+
+
+typedef struct CYASSL_BN_CTX CYASSL_BN_CTX;
+
+
+CYASSL_API CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void);
+CYASSL_API void           CyaSSL_BN_CTX_init(CYASSL_BN_CTX*);
+CYASSL_API void           CyaSSL_BN_CTX_free(CYASSL_BN_CTX*);
+
+CYASSL_API CYASSL_BIGNUM* CyaSSL_BN_new(void);
+CYASSL_API void           CyaSSL_BN_free(CYASSL_BIGNUM*);
+CYASSL_API void           CyaSSL_BN_clear_free(CYASSL_BIGNUM*);
+
+
+CYASSL_API int CyaSSL_BN_sub(CYASSL_BIGNUM*, const CYASSL_BIGNUM*,
+	                         const CYASSL_BIGNUM*);
+CYASSL_API int CyaSSL_BN_mod(CYASSL_BIGNUM*, const CYASSL_BIGNUM*,
+	                         const CYASSL_BIGNUM*, const CYASSL_BN_CTX*);
+
+CYASSL_API const CYASSL_BIGNUM* CyaSSL_BN_value_one(void);
+
+
+CYASSL_API int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM*);
+CYASSL_API int CyaSSL_BN_num_bits(const CYASSL_BIGNUM*);
+
+CYASSL_API int CyaSSL_BN_is_zero(const CYASSL_BIGNUM*);
+CYASSL_API int CyaSSL_BN_is_one(const CYASSL_BIGNUM*);
+CYASSL_API int CyaSSL_BN_is_odd(const CYASSL_BIGNUM*);
+
+CYASSL_API int CyaSSL_BN_cmp(const CYASSL_BIGNUM*, const CYASSL_BIGNUM*);
+
+CYASSL_API int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM*, unsigned char*);
+CYASSL_API CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char*, int len,
+	                            CYASSL_BIGNUM* ret);
+
+CYASSL_API int CyaSSL_mask_bits(CYASSL_BIGNUM*, int n);
+
+CYASSL_API int CyaSSL_BN_rand(CYASSL_BIGNUM*, int bits, int top, int bottom);
+CYASSL_API int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM*, int n);
+CYASSL_API int CyaSSL_BN_hex2bn(CYASSL_BIGNUM**, const char* str);
+
+CYASSL_API CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM*);
+CYASSL_API CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM*, const CYASSL_BIGNUM*);
+
+CYASSL_API int CyaSSL_BN_set_word(CYASSL_BIGNUM*, unsigned long w);
+
+CYASSL_API int   CyaSSL_BN_dec2bn(CYASSL_BIGNUM**, const char* str);
+CYASSL_API char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM*);
+
+
+typedef CYASSL_BIGNUM BIGNUM;
+typedef CYASSL_BN_CTX BN_CTX;
+
+#define BN_CTX_new        CyaSSL_BN_CTX_new
+#define BN_CTX_init       CyaSSL_BN_CTX_init
+#define BN_CTX_free       CyaSSL_BN_CTX_free
+
+#define BN_new        CyaSSL_BN_new
+#define BN_free       CyaSSL_BN_free
+#define BN_clear_free CyaSSL_BN_clear_free
+
+#define BN_num_bytes CyaSSL_BN_num_bytes
+#define BN_num_bits  CyaSSL_BN_num_bits
+
+#define BN_is_zero  CyaSSL_BN_is_zero
+#define BN_is_one   CyaSSL_BN_is_one
+#define BN_is_odd   CyaSSL_BN_is_odd
+
+#define BN_cmp    CyaSSL_BN_cmp
+
+#define BN_bn2bin  CyaSSL_BN_bn2bin
+#define BN_bin2bn  CyaSSL_BN_bin2bn
+
+#define BN_mod       CyaSSL_BN_mod
+#define BN_sub       CyaSSL_BN_sub
+#define BN_value_one CyaSSL_BN_value_one
+
+#define BN_mask_bits CyaSSL_mask_bits
+
+#define BN_rand       CyaSSL_BN_rand
+#define BN_is_bit_set CyaSSL_BN_is_bit_set
+#define BN_hex2bn     CyaSSL_BN_hex2bn
+
+#define BN_dup  CyaSSL_BN_dup
+#define BN_copy CyaSSL_BN_copy
+
+#define BN_set_word CyaSSL_BN_set_word
+
+#define BN_dec2bn CyaSSL_BN_dec2bn
+#define BN_bn2dec CyaSSL_BN_bn2dec
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+
+#endif /* CYASSL__H_ */
+

wolfssl/openssl/conf.h

@@ -0,0 +1,2 @@
+/* conf.h for openssl */
+

wolfssl/openssl/crypto.h

@@ -0,0 +1,26 @@
+/* crypto.h for openSSL */
+
+#ifndef CYASSL_CRYPTO_H_
+#define CYASSL_CRYPTO_H_
+
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef YASSL_PREFIX
+#include "prefix_crypto.h"
+#endif
+
+
+CYASSL_API const char*   CyaSSLeay_version(int type);
+CYASSL_API unsigned long CyaSSLeay(void);
+
+#define SSLeay_version CyaSSLeay_version
+#define SSLeay CyaSSLeay
+
+
+#define SSLEAY_VERSION 0x0090600fL
+#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
+
+
+#endif /* header */
+

wolfssl/openssl/des.h

@@ -0,0 +1,87 @@
+/* des.h
+ *
+ * Copyright (C) 2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/*  des.h defines mini des openssl compatibility layer 
+ *
+ */
+
+
+#ifndef CYASSL_DES_H_
+#define CYASSL_DES_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef YASSL_PREFIX
+#include "prefix_des.h"
+#endif
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+typedef unsigned char CYASSL_DES_cblock[8];
+typedef /* const */ CYASSL_DES_cblock CYASSL_const_DES_cblock;
+typedef CYASSL_DES_cblock CYASSL_DES_key_schedule;
+
+
+enum {
+    DES_ENCRYPT = 1,
+    DES_DECRYPT = 0
+};
+
+
+CYASSL_API void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock*,
+                                             CYASSL_DES_key_schedule*);
+CYASSL_API int  CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
+                                     CYASSL_DES_key_schedule* schedule);
+CYASSL_API void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
+                     unsigned char* output, long length,
+                     CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
+                     int enc);
+CYASSL_API void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
+                      unsigned char* output, long length,
+                      CYASSL_DES_key_schedule* schedule,
+                      CYASSL_DES_cblock* ivec, int enc);
+
+CYASSL_API void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock*);
+CYASSL_API void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock*, CYASSL_DES_cblock*,
+                                       CYASSL_DES_key_schedule*, int);
+
+
+typedef CYASSL_DES_cblock DES_cblock;
+typedef CYASSL_const_DES_cblock const_DES_cblock;
+typedef CYASSL_DES_key_schedule DES_key_schedule;
+
+#define DES_set_key_unchecked CyaSSL_DES_set_key_unchecked
+#define DES_key_sched CyaSSL_DES_key_sched
+#define DES_cbc_encrypt CyaSSL_DES_cbc_encrypt
+#define DES_ncbc_encrypt CyaSSL_DES_ncbc_encrypt
+#define DES_set_odd_parity CyaSSL_DES_set_odd_parity
+#define DES_ecb_encrypt CyaSSL_DES_ecb_encrypt
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+
+#endif /* CYASSL_DES_H_ */

wolfssl/openssl/dh.h

@@ -0,0 +1,52 @@
+/* dh.h for openSSL */
+
+
+#ifndef CYASSL_DH_H_
+#define CYASSL_DH_H_
+
+
+#include <cyassl/openssl/ssl.h>
+#include <cyassl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+
+
+typedef struct CYASSL_DH {
+	CYASSL_BIGNUM* p;
+	CYASSL_BIGNUM* g;
+    CYASSL_BIGNUM* pub_key;      /* openssh deference g^x */
+    CYASSL_BIGNUM* priv_key;     /* openssh deference x   */
+    void*          internal;     /* our DH */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
+} CYASSL_DH;
+
+
+CYASSL_API CYASSL_DH* CyaSSL_DH_new(void);
+CYASSL_API void       CyaSSL_DH_free(CYASSL_DH*);
+
+CYASSL_API int CyaSSL_DH_size(CYASSL_DH*);
+CYASSL_API int CyaSSL_DH_generate_key(CYASSL_DH*);
+CYASSL_API int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* pub,
+                                     CYASSL_DH*);
+
+typedef CYASSL_DH DH;
+
+#define DH_new  CyaSSL_DH_new 
+#define DH_free CyaSSL_DH_free
+
+#define DH_size         CyaSSL_DH_size
+#define DH_generate_key CyaSSL_DH_generate_key
+#define DH_compute_key  CyaSSL_DH_compute_key
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+#endif /* header */

wolfssl/openssl/dsa.h

@@ -0,0 +1,53 @@
+/* dsa.h for openSSL */
+
+
+#ifndef CYASSL_DSA_H_
+#define CYASSL_DSA_H_
+
+
+#include <cyassl/openssl/ssl.h>
+#include <cyassl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+
+struct CYASSL_DSA {
+	CYASSL_BIGNUM* p;
+	CYASSL_BIGNUM* q;
+	CYASSL_BIGNUM* g;
+	CYASSL_BIGNUM* pub_key;      /* our y */
+	CYASSL_BIGNUM* priv_key;     /* our x */
+    void*          internal;     /* our Dsa Key */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
+};
+
+
+CYASSL_API CYASSL_DSA* CyaSSL_DSA_new(void);
+CYASSL_API void        CyaSSL_DSA_free(CYASSL_DSA*);
+
+CYASSL_API int CyaSSL_DSA_generate_key(CYASSL_DSA*);
+CYASSL_API int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA*, int bits,
+                   unsigned char* seed, int seedLen, int* counterRet,
+                   unsigned long* hRet, void* cb);
+
+CYASSL_API int CyaSSL_DSA_LoadDer(CYASSL_DSA*, const unsigned char*, int sz);
+CYASSL_API int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
+                                  CYASSL_DSA* dsa);
+
+#define DSA_new CyaSSL_DSA_new
+#define DSA_free CyaSSL_DSA_free
+
+#define DSA_generate_key           CyaSSL_DSA_generate_key
+#define DSA_generate_parameters_ex CyaSSL_DSA_generate_parameters_ex
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+#endif /* header */

wolfssl/openssl/ec.h

@@ -0,0 +1,2 @@
+/* ec.h for openssl */
+

wolfssl/openssl/ecdsa.h

@@ -0,0 +1,2 @@
+/* ecdsa.h for openssl */
+

wolfssl/openssl/engine.h

@@ -0,0 +1,5 @@
+/* engine.h for libcurl */
+
+#undef HAVE_OPENSSL_ENGINE_H
+
+

wolfssl/openssl/err.h

@@ -0,0 +1,2 @@
+/* err.h for openssl */
+

wolfssl/openssl/evp.h

@@ -0,0 +1,241 @@
+/* evp.h
+ *
+ * Copyright (C) 2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/*  evp.h defines mini evp openssl compatibility layer 
+ *
+ */
+
+
+#ifndef CYASSL_EVP_H_
+#define CYASSL_EVP_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef YASSL_PREFIX
+#include "prefix_evp.h"
+#endif
+
+#include <cyassl/openssl/md5.h>
+#include <cyassl/openssl/sha.h>
+#include <cyassl/openssl/ripemd.h>
+#include <cyassl/openssl/rsa.h>
+#include <cyassl/openssl/dsa.h>
+
+#include <cyassl/ctaocrypt/aes.h>
+#include <cyassl/ctaocrypt/des3.h>
+#include <cyassl/ctaocrypt/arc4.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+typedef char CYASSL_EVP_MD;
+typedef char CYASSL_EVP_CIPHER;
+
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_md5(void);
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void);
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void);
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void);
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void);
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void);
+
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void);
+CYASSL_API const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void);
+
+
+typedef union {
+    CYASSL_MD5_CTX    md5;
+    CYASSL_SHA_CTX    sha;
+    CYASSL_SHA256_CTX sha256;
+    #ifdef CYASSL_SHA384
+        CYASSL_SHA384_CTX sha384;
+    #endif
+    #ifdef CYASSL_SHA512
+        CYASSL_SHA512_CTX sha512;
+    #endif
+    #ifdef CYASSL_RIPEMD
+        CYASSL_RIPEMD_CTX ripemd;
+    #endif
+} CYASSL_Hasher;
+
+
+typedef struct CYASSL_EVP_MD_CTX {
+    unsigned char macType;
+    CYASSL_Hasher hash;
+} CYASSL_EVP_MD_CTX;
+
+
+typedef union {
+    Aes  aes;
+#ifndef NO_DES3
+    Des  des;
+    Des3 des3;
+#endif
+    Arc4 arc4;
+} CYASSL_Cipher;
+
+
+enum {
+    AES_128_CBC_TYPE  = 1,
+    AES_192_CBC_TYPE  = 2,
+    AES_256_CBC_TYPE  = 3,
+    AES_128_CTR_TYPE  = 4,
+    AES_192_CTR_TYPE  = 5,
+    AES_256_CTR_TYPE  = 6,
+    DES_CBC_TYPE      = 7,
+    DES_EDE3_CBC_TYPE = 8,
+    ARC4_TYPE         = 9,
+    NULL_CIPHER_TYPE  = 10,
+    EVP_PKEY_RSA      = 11,
+    EVP_PKEY_DSA      = 12,
+    NID_sha1          = 64,
+    NID_md5           =  4
+};
+
+
+typedef struct CYASSL_EVP_CIPHER_CTX {
+    int            keyLen;         /* user may set for variable */
+    unsigned char  enc;            /* if encrypt side, then true */
+    unsigned char  cipherType;
+    unsigned char  iv[AES_BLOCK_SIZE];    /* working iv pointer into cipher */
+    CYASSL_Cipher  cipher;
+} CYASSL_EVP_CIPHER_CTX;
+
+
+CYASSL_API int  CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* md);
+CYASSL_API void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx);
+CYASSL_API int  CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx);
+
+CYASSL_API int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx,
+                                     const CYASSL_EVP_MD* type);
+CYASSL_API int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
+                                       unsigned long sz);
+CYASSL_API int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
+                                      unsigned int* s);
+CYASSL_API int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx,
+                                            unsigned char* md, unsigned int* s);
+CYASSL_API int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER*,
+                              const CYASSL_EVP_MD*, const unsigned char*,
+                              const unsigned char*, int, int, unsigned char*,
+                              unsigned char*);
+
+CYASSL_API void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx);
+CYASSL_API int  CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx);
+
+CYASSL_API int  CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX*);
+
+
+CYASSL_API int  CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx,
+                                    const CYASSL_EVP_CIPHER* type,
+                                    unsigned char* key, unsigned char* iv,
+                                    int enc);
+CYASSL_API int  CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx);
+CYASSL_API int  CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx,
+                                                     int keylen);
+CYASSL_API int  CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx,
+                          unsigned char* dst, unsigned char* src,
+                          unsigned int len);
+
+CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int);
+
+CYASSL_API CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY*);
+CYASSL_API CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY*);
+
+/* these next ones don't need real OpenSSL type, for OpenSSH compat only */
+CYASSL_API void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx);
+CYASSL_API int   CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx);
+
+CYASSL_API void  CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
+                                unsigned char* iv, int len);
+CYASSL_API void  CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
+                                unsigned char* iv, int len);
+
+CYASSL_API int  CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx);
+CYASSL_API int  CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx);
+
+
+/* end OpenSSH compat */
+
+typedef CYASSL_EVP_MD         EVP_MD;
+typedef CYASSL_EVP_CIPHER     EVP_CIPHER;
+typedef CYASSL_EVP_MD_CTX     EVP_MD_CTX;
+typedef CYASSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
+
+#define EVP_md5       CyaSSL_EVP_md5
+#define EVP_sha1      CyaSSL_EVP_sha1
+#define EVP_sha256    CyaSSL_EVP_sha256
+#define EVP_sha384    CyaSSL_EVP_sha384
+#define EVP_sha512    CyaSSL_EVP_sha512
+#define EVP_ripemd160 CyaSSL_EVP_ripemd160
+
+#define EVP_aes_128_cbc  CyaSSL_EVP_aes_128_cbc
+#define EVP_aes_192_cbc  CyaSSL_EVP_aes_192_cbc
+#define EVP_aes_256_cbc  CyaSSL_EVP_aes_256_cbc
+#define EVP_aes_128_ctr  CyaSSL_EVP_aes_128_ctr
+#define EVP_aes_192_ctr  CyaSSL_EVP_aes_192_ctr
+#define EVP_aes_256_ctr  CyaSSL_EVP_aes_256_ctr
+#define EVP_des_cbc      CyaSSL_EVP_des_cbc
+#define EVP_des_ede3_cbc CyaSSL_EVP_des_ede3_cbc
+#define EVP_rc4          CyaSSL_EVP_rc4
+#define EVP_enc_null     CyaSSL_EVP_enc_null
+
+#define EVP_MD_size        CyaSSL_EVP_MD_size
+#define EVP_MD_CTX_init    CyaSSL_EVP_MD_CTX_init
+#define EVP_MD_CTX_cleanup CyaSSL_EVP_MD_CTX_cleanup
+#define EVP_DigestInit     CyaSSL_EVP_DigestInit
+#define EVP_DigestUpdate   CyaSSL_EVP_DigestUpdate
+#define EVP_DigestFinal    CyaSSL_EVP_DigestFinal
+#define EVP_DigestFinal_ex CyaSSL_EVP_DigestFinal_ex
+#define EVP_BytesToKey     CyaSSL_EVP_BytesToKey
+
+#define EVP_CIPHER_CTX_init           CyaSSL_EVP_CIPHER_CTX_init
+#define EVP_CIPHER_CTX_cleanup        CyaSSL_EVP_CIPHER_CTX_cleanup
+#define EVP_CIPHER_CTX_iv_length      CyaSSL_EVP_CIPHER_CTX_iv_length
+#define EVP_CIPHER_CTX_key_length     CyaSSL_EVP_CIPHER_CTX_key_length
+#define EVP_CIPHER_CTX_set_key_length CyaSSL_EVP_CIPHER_CTX_set_key_length
+#define EVP_CipherInit                CyaSSL_EVP_CipherInit
+#define EVP_Cipher                    CyaSSL_EVP_Cipher
+
+#define EVP_get_digestbynid           CyaSSL_EVP_get_digestbynid
+
+#define EVP_PKEY_get1_RSA   CyaSSL_EVP_PKEY_get1_RSA
+#define EVP_PKEY_get1_DSA   CyaSSL_EVP_PKEY_get1_DSA
+
+#ifndef EVP_MAX_MD_SIZE
+    #define EVP_MAX_MD_SIZE   64     /* sha512 */
+#endif
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+
+#endif /* CYASSL_EVP_H_ */

wolfssl/openssl/hmac.h

@@ -0,0 +1,81 @@
+/* hmac.h
+ *
+ * Copyright (C) 2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/*  hmac.h defines mini hamc openssl compatibility layer 
+ *
+ */
+
+
+#ifndef CYASSL_HMAC_H_
+#define CYASSL_HMAC_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef YASSL_PREFIX
+#include "prefix_hmac.h"
+#endif
+
+#include <cyassl/openssl/evp.h>
+#include <cyassl/ctaocrypt/hmac.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+CYASSL_API unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md,
+                               const void* key, int key_len,
+                               const unsigned char* d, int n, unsigned char* md,
+                               unsigned int* md_len);
+
+
+typedef struct CYASSL_HMAC_CTX {
+    Hmac hmac;
+    int  type;
+} CYASSL_HMAC_CTX;
+
+
+CYASSL_API void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key,
+                                 int keylen, const EVP_MD* type);
+CYASSL_API void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx,
+                                   const unsigned char* data, int len);
+CYASSL_API void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash,
+                                  unsigned int* len);
+CYASSL_API void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx);
+
+
+typedef struct CYASSL_HMAC_CTX HMAC_CTX;
+
+#define HMAC(a,b,c,d,e,f,g) CyaSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
+
+#define HMAC_Init    CyaSSL_HMAC_Init
+#define HMAC_Update  CyaSSL_HMAC_Update
+#define HMAC_Final   CyaSSL_HMAC_Final
+#define HMAC_cleanup CyaSSL_HMAC_cleanup
+
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+
+#endif /* CYASSL_HMAC_H_ */

wolfssl/openssl/include.am

@@ -0,0 +1,36 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+nobase_include_HEADERS+= \
+                         cyassl/openssl/asn1.h \
+                         cyassl/openssl/bio.h \
+                         cyassl/openssl/bn.h \
+                         cyassl/openssl/conf.h \
+                         cyassl/openssl/crypto.h \
+                         cyassl/openssl/des.h \
+                         cyassl/openssl/dh.h \
+                         cyassl/openssl/dsa.h \
+                         cyassl/openssl/ecdsa.h \
+                         cyassl/openssl/ec.h \
+                         cyassl/openssl/engine.h \
+                         cyassl/openssl/err.h \
+                         cyassl/openssl/evp.h \
+                         cyassl/openssl/hmac.h \
+                         cyassl/openssl/lhash.h \
+                         cyassl/openssl/md4.h \
+                         cyassl/openssl/md5.h \
+                         cyassl/openssl/ripemd.h \
+                         cyassl/openssl/ocsp.h \
+                         cyassl/openssl/opensslconf.h \
+                         cyassl/openssl/opensslv.h \
+                         cyassl/openssl/ossl_typ.h \
+                         cyassl/openssl/pem.h \
+                         cyassl/openssl/pkcs12.h \
+                         cyassl/openssl/rand.h \
+                         cyassl/openssl/rsa.h \
+                         cyassl/openssl/sha.h \
+                         cyassl/openssl/ssl.h \
+                         cyassl/openssl/stack.h \
+                         cyassl/openssl/ui.h \
+                         cyassl/openssl/x509.h \
+                         cyassl/openssl/x509v3.h

wolfssl/openssl/lhash.h

@@ -0,0 +1,2 @@
+/* lhash.h for openSSL */
+

wolfssl/openssl/md4.h

@@ -0,0 +1 @@
+/* md4.h for libcurl */

wolfssl/openssl/md5.h

@@ -0,0 +1,39 @@
+/* md5.h for openssl */
+
+
+#ifndef CYASSL_MD5_H_
+#define CYASSL_MD5_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef YASSL_PREFIX
+#include "prefix_md5.h"
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+typedef struct CYASSL_MD5_CTX {
+    int holder[24];   /* big enough to hold ctaocrypt md5, but check on init */
+} CYASSL_MD5_CTX;
+
+CYASSL_API void CyaSSL_MD5_Init(CYASSL_MD5_CTX*);
+CYASSL_API void CyaSSL_MD5_Update(CYASSL_MD5_CTX*, const void*, unsigned long);
+CYASSL_API void CyaSSL_MD5_Final(unsigned char*, CYASSL_MD5_CTX*);
+
+
+typedef CYASSL_MD5_CTX MD5_CTX;
+
+#define MD5_Init CyaSSL_MD5_Init
+#define MD5_Update CyaSSL_MD5_Update
+#define MD5_Final CyaSSL_MD5_Final
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+
+#endif /* CYASSL_MD5_H_ */
+

wolfssl/openssl/ocsp.h

@@ -0,0 +1 @@
+/* ocsp.h for libcurl */

wolfssl/openssl/opensslconf.h

@@ -0,0 +1,8 @@
+/* opensslconf.h for openSSL */
+
+
+#ifndef OPENSSL_THREADS
+    #define OPENSSL_THREADS
+#endif
+
+

wolfssl/openssl/opensslv.h

@@ -0,0 +1,12 @@
+/* opensslv.h compatibility */
+
+#ifndef CYASSL_OPENSSLV_H_
+#define CYASSL_OPENSSLV_H_
+
+
+/* api version compatibility */
+#define OPENSSL_VERSION_NUMBER 0x0090410fL
+
+
+#endif /* header */
+

wolfssl/openssl/ossl_typ.h

@@ -0,0 +1,2 @@
+/* ossl_typ.h for openssl */
+

wolfssl/openssl/pem.h

@@ -0,0 +1,41 @@
+/* pem.h for openssl */
+
+
+#ifndef CYASSL_PEM_H_
+#define CYASSL_PEM_H_
+
+#include <cyassl/openssl/evp.h>
+#include <cyassl/openssl/bio.h>
+#include <cyassl/openssl/rsa.h>
+#include <cyassl/openssl/dsa.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+CYASSL_API int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa,
+	                                  const EVP_CIPHER* cipher,
+	                                  unsigned char* passwd, int len,
+	                                  pem_password_cb cb, void* arg);
+
+CYASSL_API int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa,
+	                                  const EVP_CIPHER* cipher,
+	                                  unsigned char* passwd, int len,
+	                                  pem_password_cb cb, void* arg);
+
+CYASSL_API CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio,
+                        CYASSL_EVP_PKEY**, pem_password_cb cb, void* arg); 
+
+#define PEM_write_bio_RSAPrivateKey CyaSSL_PEM_write_bio_RSAPrivateKey
+#define PEM_write_bio_DSAPrivateKey CyaSSL_PEM_write_bio_DSAPrivateKey
+#define PEM_read_bio_PrivateKey     CyaSSL_PEM_read_bio_PrivateKey
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+
+#endif /* CYASSL_PEM_H_ */
+

wolfssl/openssl/pkcs12.h

@@ -0,0 +1,2 @@
+/* pkcs12.h for openssl */
+

wolfssl/openssl/rand.h

@@ -0,0 +1,4 @@
+/* rand.h for openSSL */
+
+#include <cyassl/openssl/ssl.h>
+

wolfssl/openssl/ripemd.h

@@ -0,0 +1,37 @@
+/* ripemd.h for openssl */
+
+
+#ifndef CYASSL_RIPEMD_H_
+#define CYASSL_RIPEMD_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+typedef struct CYASSL_RIPEMD_CTX {
+    int holder[32];   /* big enough to hold ctaocrypt, but check on init */
+} CYASSL_RIPEMD_CTX;
+
+CYASSL_API void CyaSSL_RIPEMD_Init(CYASSL_RIPEMD_CTX*);
+CYASSL_API void CyaSSL_RIPEMD_Update(CYASSL_RIPEMD_CTX*, const void*,
+                                     unsigned long);
+CYASSL_API void CyaSSL_RIPEMD_Final(unsigned char*, CYASSL_RIPEMD_CTX*);
+
+
+typedef CYASSL_RIPEMD_CTX RIPEMD_CTX;
+
+#define RIPEMD_Init   CyaSSL_RIPEMD_Init
+#define RIPEMD_Update CyaSSL_RIPEMD_Update
+#define RIPEMD_Final  CyaSSL_RIPEMD_Final
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+
+#endif /* CYASSL_MD5_H_ */
+

wolfssl/openssl/rsa.h

@@ -0,0 +1,75 @@
+/* rsa.h for openSSL */
+
+
+#ifndef CYASSL_RSA_H_
+#define CYASSL_RSA_H_
+
+#include <cyassl/openssl/ssl.h>
+#include <cyassl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+enum  { 
+	RSA_PKCS1_PADDING = 1
+ };
+
+struct CYASSL_RSA {
+	CYASSL_BIGNUM* n;
+	CYASSL_BIGNUM* e;
+	CYASSL_BIGNUM* d;
+	CYASSL_BIGNUM* p;
+	CYASSL_BIGNUM* q;
+	CYASSL_BIGNUM* dmp1;      /* dP */
+	CYASSL_BIGNUM* dmq1;      /* dQ */
+	CYASSL_BIGNUM* iqmp;      /* u */
+    void*          internal;  /* our RSA */
+    char           inSet;     /* internal set from external ? */
+    char           exSet;     /* external set from internal ? */
+};
+
+
+CYASSL_API CYASSL_RSA* CyaSSL_RSA_new(void);
+CYASSL_API void        CyaSSL_RSA_free(CYASSL_RSA*);
+
+CYASSL_API int CyaSSL_RSA_generate_key_ex(CYASSL_RSA*, int bits, CYASSL_BIGNUM*,
+                                          void* cb);
+
+CYASSL_API int CyaSSL_RSA_blinding_on(CYASSL_RSA*, CYASSL_BN_CTX*);
+CYASSL_API int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr,
+	                               unsigned char* to, CYASSL_RSA*, int padding);
+CYASSL_API int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr,
+	                               unsigned char* to, CYASSL_RSA*, int padding);
+
+CYASSL_API int CyaSSL_RSA_size(const CYASSL_RSA*);
+CYASSL_API int CyaSSL_RSA_sign(int type, const unsigned char* m,
+                               unsigned int mLen, unsigned char* sigRet,
+                               unsigned int* sigLen, CYASSL_RSA*);
+CYASSL_API int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
+                                  unsigned char* to, CYASSL_RSA*, int padding);
+CYASSL_API int CyaSSL_RSA_GenAdd(CYASSL_RSA*);
+CYASSL_API int CyaSSL_RSA_LoadDer(CYASSL_RSA*, const unsigned char*, int sz);
+
+
+#define RSA_new  CyaSSL_RSA_new
+#define RSA_free CyaSSL_RSA_free
+
+#define RSA_generate_key_ex CyaSSL_RSA_generate_key_ex
+
+#define RSA_blinding_on     CyaSSL_RSA_blinding_on
+#define RSA_public_encrypt  CyaSSL_RSA_public_encrypt
+#define RSA_private_decrypt CyaSSL_RSA_private_decrypt
+
+#define RSA_size           CyaSSL_RSA_size
+#define RSA_sign           CyaSSL_RSA_sign
+#define RSA_public_decrypt CyaSSL_RSA_public_decrypt
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+#endif /* header */

wolfssl/openssl/sha.h

@@ -0,0 +1,125 @@
+/* sha.h for openssl */
+
+
+#ifndef CYASSL_SHA_H_
+#define CYASSL_SHA_H_
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef YASSL_PREFIX
+#include "prefix_sha.h"
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+typedef struct CYASSL_SHA_CTX {
+    int holder[24];   /* big enough to hold ctaocrypt sha, but check on init */
+} CYASSL_SHA_CTX;
+
+CYASSL_API void CyaSSL_SHA_Init(CYASSL_SHA_CTX*);
+CYASSL_API void CyaSSL_SHA_Update(CYASSL_SHA_CTX*, const void*, unsigned long);
+CYASSL_API void CyaSSL_SHA_Final(unsigned char*, CYASSL_SHA_CTX*);
+
+/* SHA1 points to above, shouldn't use SHA0 ever */
+CYASSL_API void CyaSSL_SHA1_Init(CYASSL_SHA_CTX*);
+CYASSL_API void CyaSSL_SHA1_Update(CYASSL_SHA_CTX*, const void*, unsigned long);
+CYASSL_API void CyaSSL_SHA1_Final(unsigned char*, CYASSL_SHA_CTX*);
+
+enum {
+    SHA_DIGEST_LENGTH = 20
+};
+
+
+typedef CYASSL_SHA_CTX SHA_CTX;
+
+#define SHA_Init CyaSSL_SHA_Init
+#define SHA_Update CyaSSL_SHA_Update
+#define SHA_Final CyaSSL_SHA_Final
+
+#define SHA1_Init CyaSSL_SHA1_Init
+#define SHA1_Update CyaSSL_SHA1_Update
+#define SHA1_Final CyaSSL_SHA1_Final
+
+
+typedef struct CYASSL_SHA256_CTX {
+    int holder[28];   /* big enough to hold ctaocrypt sha, but check on init */
+} CYASSL_SHA256_CTX;
+
+CYASSL_API void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX*);
+CYASSL_API void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX*, const void*,
+	                                 unsigned long);
+CYASSL_API void CyaSSL_SHA256_Final(unsigned char*, CYASSL_SHA256_CTX*);
+
+enum {
+    SHA256_DIGEST_LENGTH = 32 
+};
+
+
+typedef CYASSL_SHA256_CTX SHA256_CTX;
+
+#define SHA256_Init   CyaSSL_SHA256_Init
+#define SHA256_Update CyaSSL_SHA256_Update
+#define SHA256_Final  CyaSSL_SHA256_Final
+
+
+#ifdef CYASSL_SHA384
+
+typedef struct CYASSL_SHA384_CTX {
+    long long holder[32];   /* big enough, but check on init */
+} CYASSL_SHA384_CTX;
+
+CYASSL_API void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX*);
+CYASSL_API void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX*, const void*,
+	                                 unsigned long);
+CYASSL_API void CyaSSL_SHA384_Final(unsigned char*, CYASSL_SHA384_CTX*);
+
+enum {
+    SHA384_DIGEST_LENGTH = 48 
+};
+
+
+typedef CYASSL_SHA384_CTX SHA384_CTX;
+
+#define SHA384_Init   CyaSSL_SHA384_Init
+#define SHA384_Update CyaSSL_SHA384_Update
+#define SHA384_Final  CyaSSL_SHA384_Final
+
+#endif /* CYASSL_SHA384 */
+
+#ifdef CYASSL_SHA512
+
+typedef struct CYASSL_SHA512_CTX {
+    long long holder[36];   /* big enough, but check on init */
+} CYASSL_SHA512_CTX;
+
+CYASSL_API void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX*);
+CYASSL_API void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX*, const void*,
+	                                 unsigned long);
+CYASSL_API void CyaSSL_SHA512_Final(unsigned char*, CYASSL_SHA512_CTX*);
+
+enum {
+    SHA512_DIGEST_LENGTH = 64 
+};
+
+
+typedef CYASSL_SHA512_CTX SHA512_CTX;
+
+#define SHA512_Init   CyaSSL_SHA512_Init
+#define SHA512_Update CyaSSL_SHA512_Update
+#define SHA512_Final  CyaSSL_SHA512_Final
+
+#endif /* CYASSL_SHA512 */
+
+
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */ 
+#endif
+
+
+#endif /* CYASSL_SHA_H_ */
+

wolfssl/openssl/ssl.h

@@ -0,0 +1,382 @@
+/* ssl.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * a with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/*  ssl.h defines openssl compatibility layer 
+ *
+ */
+
+
+#ifndef CYASSL_OPENSSL_H_
+#define CYASSL_OPENSSL_H_
+
+#include <cyassl/ssl.h>
+#include <wolfssl/ssl.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifdef _WIN32
+    /* wincrypt.h clashes */
+    #undef X509_NAME
+#endif
+
+
+typedef CYASSL          SSL;          
+typedef CYASSL_SESSION  SSL_SESSION;
+typedef CYASSL_METHOD   SSL_METHOD;
+typedef CYASSL_CTX      SSL_CTX;
+
+typedef CYASSL_X509       X509;
+typedef CYASSL_X509_NAME  X509_NAME;
+typedef CYASSL_X509_CHAIN X509_CHAIN;
+
+
+/* redeclare guard */
+#define CYASSL_TYPES_DEFINED
+
+
+typedef CYASSL_EVP_PKEY       EVP_PKEY;
+typedef CYASSL_RSA            RSA;
+typedef CYASSL_DSA            DSA;
+typedef CYASSL_BIO            BIO;
+typedef CYASSL_BIO_METHOD     BIO_METHOD;
+typedef CYASSL_CIPHER         SSL_CIPHER;
+typedef CYASSL_X509_LOOKUP    X509_LOOKUP;
+typedef CYASSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
+typedef CYASSL_X509_CRL       X509_CRL;
+typedef CYASSL_X509_EXTENSION X509_EXTENSION;
+typedef CYASSL_ASN1_TIME      ASN1_TIME;
+typedef CYASSL_ASN1_INTEGER   ASN1_INTEGER;
+typedef CYASSL_ASN1_OBJECT    ASN1_OBJECT;
+typedef CYASSL_ASN1_STRING    ASN1_STRING;
+typedef CYASSL_dynlock_value  CRYPTO_dynlock_value;
+
+#define ASN1_UTCTIME CYASSL_ASN1_TIME
+
+typedef CYASSL_MD4_CTX        MD4_CTX;
+typedef CYASSL_COMP_METHOD    COMP_METHOD;
+typedef CYASSL_X509_STORE     X509_STORE;
+typedef CYASSL_X509_REVOKED   X509_REVOKED;
+typedef CYASSL_X509_OBJECT    X509_OBJECT;
+typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
+
+
+#define SSLv3_server_method wolfSSLv3_server_method
+#define SSLv3_client_method wolfSSLv3_client_method
+#define TLSv1_server_method wolfTLSv1_server_method
+#define TLSv1_client_method wolfTLSv1_client_method
+#define TLSv1_1_server_method wolfTLSv1_1_server_method
+#define TLSv1_1_client_method wolfTLSv1_1_client_method
+#define TLSv1_2_server_method wolfTLSv1_2_server_method
+#define TLSv1_2_client_method wolfTLSv1_2_client_method
+
+#ifdef CYASSL_DTLS
+    #define DTLSv1_client_method wolfDTLSv1_client_method
+    #define DTLSv1_server_method wolfDTLSv1_server_method
+    #define DTLSv1_2_client_method wolfDTLSv1_2_client_method
+    #define DTLSv1_2_server_method wolfDTLSv1_2_server_method
+#endif
+
+
+#ifndef NO_FILESYSTEM
+    #define SSL_CTX_use_certificate_file CyaSSL_CTX_use_certificate_file
+    #define SSL_CTX_use_PrivateKey_file CyaSSL_CTX_use_PrivateKey_file
+    #define SSL_CTX_load_verify_locations CyaSSL_CTX_load_verify_locations
+    #define SSL_CTX_use_certificate_chain_file CyaSSL_CTX_use_certificate_chain_file
+    #define SSL_CTX_use_RSAPrivateKey_file CyaSSL_CTX_use_RSAPrivateKey_file
+    
+    #define SSL_use_certificate_file CyaSSL_use_certificate_file
+    #define SSL_use_PrivateKey_file CyaSSL_use_PrivateKey_file
+    #define SSL_use_certificate_chain_file CyaSSL_use_certificate_chain_file
+    #define SSL_use_RSAPrivateKey_file CyaSSL_use_RSAPrivateKey_file
+#endif
+
+#define SSL_CTX_new CyaSSL_CTX_new
+#define SSL_new     CyaSSL_new
+#define SSL_set_fd  CyaSSL_set_fd
+#define SSL_get_fd  CyaSSL_get_fd
+#define SSL_connect CyaSSL_connect
+
+#define SSL_write    CyaSSL_write
+#define SSL_read     CyaSSL_read
+#define SSL_peek     CyaSSL_peek
+#define SSL_accept   CyaSSL_accept
+#define SSL_CTX_free CyaSSL_CTX_free
+#define SSL_free     CyaSSL_free
+#define SSL_shutdown CyaSSL_shutdown
+
+#define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown
+#define SSL_set_quiet_shutdown CyaSSL_set_quiet_shutdown
+#define SSL_get_error CyaSSL_get_error
+#define SSL_set_session CyaSSL_set_session
+#define SSL_get_session CyaSSL_get_session
+#define SSL_flush_sessions CyaSSL_flush_sessions
+
+#define SSL_CTX_set_verify CyaSSL_CTX_set_verify
+#define SSL_set_verify CyaSSL_set_verify
+#define SSL_pending CyaSSL_pending
+#define SSL_load_error_strings CyaSSL_load_error_strings
+#define SSL_library_init CyaSSL_library_init
+#define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode 
+#define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list
+#define SSL_set_cipher_list     CyaSSL_set_cipher_list
+
+#define ERR_error_string CyaSSL_ERR_error_string
+#define ERR_error_string_n CyaSSL_ERR_error_string_n
+#define ERR_reason_error_string CyaSSL_ERR_reason_error_string
+
+#define SSL_set_ex_data CyaSSL_set_ex_data
+#define SSL_get_shutdown CyaSSL_get_shutdown
+#define SSL_set_rfd CyaSSL_set_rfd 
+#define SSL_set_wfd CyaSSL_set_wfd 
+#define SSL_set_shutdown CyaSSL_set_shutdown 
+#define SSL_set_session_id_context CyaSSL_set_session_id_context
+#define SSL_set_connect_state CyaSSL_set_connect_state
+#define SSL_set_accept_state CyaSSL_set_accept_state
+#define SSL_session_reused CyaSSL_session_reused
+#define SSL_SESSION_free CyaSSL_SESSION_free
+#define SSL_is_init_finished CyaSSL_is_init_finished
+
+#define SSL_get_version CyaSSL_get_version
+#define SSL_get_current_cipher CyaSSL_get_current_cipher
+#define SSL_get_cipher CyaSSL_get_cipher
+#define SSL_CIPHER_description CyaSSL_CIPHER_description
+#define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name
+#define SSL_get1_session CyaSSL_get1_session
+
+#define SSL_get_keyblock_size CyaSSL_get_keyblock_size
+#define SSL_get_keys          CyaSSL_get_keys
+
+#define X509_free CyaSSL_X509_free
+#define OPENSSL_free CyaSSL_OPENSSL_free
+
+#define OCSP_parse_url CyaSSL_OCSP_parse_url
+#define SSLv23_client_method CyaSSLv23_client_method
+#define SSLv2_client_method CyaSSLv2_client_method
+#define SSLv2_server_method CyaSSLv2_server_method
+
+#define MD4_Init CyaSSL_MD4_Init
+#define MD4_Update  CyaSSL_MD4_Update  
+#define MD4_Final CyaSSL_MD4_Final
+
+#define BIO_new CyaSSL_BIO_new
+#define BIO_free CyaSSL_BIO_free
+#define BIO_free_all CyaSSL_BIO_free_all
+#define BIO_read CyaSSL_BIO_read
+#define BIO_write CyaSSL_BIO_write
+#define BIO_push CyaSSL_BIO_push
+#define BIO_pop CyaSSL_BIO_pop
+#define BIO_flush CyaSSL_BIO_flush
+#define BIO_pending CyaSSL_BIO_pending
+
+#define BIO_get_mem_data CyaSSL_BIO_get_mem_data
+#define BIO_new_mem_buf  CyaSSL_BIO_new_mem_buf
+
+#define BIO_f_buffer CyaSSL_BIO_f_buffer
+#define BIO_set_write_buffer_size CyaSSL_BIO_set_write_buffer_size
+#define BIO_f_ssl CyaSSL_BIO_f_ssl
+#define BIO_new_socket CyaSSL_BIO_new_socket
+#define SSL_set_bio CyaSSL_set_bio
+#define BIO_eof CyaSSL_BIO_eof
+#define BIO_set_ss CyaSSL_BIO_set_ss
+
+#define BIO_s_mem CyaSSL_BIO_s_mem
+#define BIO_f_base64 CyaSSL_BIO_f_base64
+#define BIO_set_flags CyaSSL_BIO_set_flags
+
+#define OpenSSL_add_all_algorithms CyaSSL_add_all_algorithms
+#define SSLeay_add_ssl_algorithms CyaSSL_add_all_algorithms
+#define SSLeay_add_all_algorithms CyaSSL_add_all_algorithms
+
+#define RAND_screen CyaSSL_RAND_screen
+#define RAND_file_name CyaSSL_RAND_file_name
+#define RAND_write_file CyaSSL_RAND_write_file
+#define RAND_load_file CyaSSL_RAND_load_file
+#define RAND_egd CyaSSL_RAND_egd
+#define RAND_seed CyaSSL_RAND_seed
+#define RAND_add  CyaSSL_RAND_add
+
+#define COMP_zlib CyaSSL_COMP_zlib
+#define COMP_rle CyaSSL_COMP_rle
+#define SSL_COMP_add_compression_method CyaSSL_COMP_add_compression_method
+
+#define SSL_get_ex_new_index CyaSSL_get_ex_new_index
+
+#define CRYPTO_set_id_callback CyaSSL_set_id_callback
+#define CRYPTO_set_locking_callback CyaSSL_set_locking_callback
+#define CRYPTO_set_dynlock_create_callback CyaSSL_set_dynlock_create_callback
+#define CRYPTO_set_dynlock_lock_callback CyaSSL_set_dynlock_lock_callback
+#define CRYPTO_set_dynlock_destroy_callback CyaSSL_set_dynlock_destroy_callback
+#define CRYPTO_num_locks CyaSSL_num_locks
+
+#define X509_STORE_CTX_get_current_cert CyaSSL_X509_STORE_CTX_get_current_cert
+#define X509_STORE_CTX_get_error CyaSSL_X509_STORE_CTX_get_error
+#define X509_STORE_CTX_get_error_depth CyaSSL_X509_STORE_CTX_get_error_depth
+
+#define X509_NAME_oneline CyaSSL_X509_NAME_oneline
+#define X509_get_issuer_name CyaSSL_X509_get_issuer_name
+#define X509_get_subject_name CyaSSL_X509_get_subject_name
+#define X509_verify_cert_error_string CyaSSL_X509_verify_cert_error_string
+
+#define X509_LOOKUP_add_dir CyaSSL_X509_LOOKUP_add_dir
+#define X509_LOOKUP_load_file CyaSSL_X509_LOOKUP_load_file
+#define X509_LOOKUP_hash_dir CyaSSL_X509_LOOKUP_hash_dir
+#define X509_LOOKUP_file CyaSSL_X509_LOOKUP_file
+
+#define X509_STORE_add_lookup CyaSSL_X509_STORE_add_lookup
+#define X509_STORE_new CyaSSL_X509_STORE_new
+#define X509_STORE_get_by_subject CyaSSL_X509_STORE_get_by_subject
+#define X509_STORE_CTX_init CyaSSL_X509_STORE_CTX_init
+#define X509_STORE_CTX_cleanup CyaSSL_X509_STORE_CTX_cleanup
+
+#define X509_CRL_get_lastUpdate CyaSSL_X509_CRL_get_lastUpdate
+#define X509_CRL_get_nextUpdate CyaSSL_X509_CRL_get_nextUpdate
+
+#define X509_get_pubkey CyaSSL_X509_get_pubkey
+#define X509_CRL_verify CyaSSL_X509_CRL_verify
+#define X509_STORE_CTX_set_error CyaSSL_X509_STORE_CTX_set_error
+#define X509_OBJECT_free_contents CyaSSL_X509_OBJECT_free_contents
+#define EVP_PKEY_free CyaSSL_EVP_PKEY_free
+#define X509_cmp_current_time CyaSSL_X509_cmp_current_time
+#define sk_X509_REVOKED_num CyaSSL_sk_X509_REVOKED_num
+#define X509_CRL_get_REVOKED CyaSSL_X509_CRL_get_REVOKED
+#define sk_X509_REVOKED_value CyaSSL_sk_X509_REVOKED_value 
+
+#define X509_get_serialNumber CyaSSL_X509_get_serialNumber
+
+#define ASN1_TIME_pr CyaSSL_ASN1_TIME_pr
+
+#define ASN1_INTEGER_cmp CyaSSL_ASN1_INTEGER_cmp
+#define ASN1_INTEGER_get CyaSSL_ASN1_INTEGER_get
+
+#define SSL_load_client_CA_file CyaSSL_load_client_CA_file
+
+#define SSL_CTX_set_client_CA_list CyaSSL_CTX_set_client_CA_list
+#define X509_STORE_CTX_get_ex_data CyaSSL_X509_STORE_CTX_get_ex_data 
+#define SSL_get_ex_data_X509_STORE_CTX_idx CyaSSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data CyaSSL_get_ex_data
+
+#define SSL_CTX_set_default_passwd_cb_userdata CyaSSL_CTX_set_default_passwd_cb_userdata
+#define SSL_CTX_set_default_passwd_cb CyaSSL_CTX_set_default_passwd_cb
+
+#define SSL_CTX_set_timeout CyaSSL_CTX_set_timeout
+#define SSL_CTX_set_info_callback CyaSSL_CTX_set_info_callback
+
+#define ERR_peek_error CyaSSL_ERR_peek_error
+#define ERR_GET_REASON CyaSSL_ERR_GET_REASON
+
+#define SSL_alert_type_string CyaSSL_alert_type_string
+#define SSL_alert_desc_string CyaSSL_alert_desc_string
+#define SSL_state_string CyaSSL_state_string
+
+#define RSA_free CyaSSL_RSA_free
+#define RSA_generate_key CyaSSL_RSA_generate_key
+#define SSL_CTX_set_tmp_rsa_callback CyaSSL_CTX_set_tmp_rsa_callback
+
+#define PEM_def_callback CyaSSL_PEM_def_callback
+
+#define SSL_CTX_sess_accept CyaSSL_CTX_sess_accept
+#define SSL_CTX_sess_connect CyaSSL_CTX_sess_connect
+#define SSL_CTX_sess_accept_good CyaSSL_CTX_sess_accept_good
+#define SSL_CTX_sess_connect_good CyaSSL_CTX_sess_connect_good
+#define SSL_CTX_sess_accept_renegotiate CyaSSL_CTX_sess_accept_renegotiate
+#define SSL_CTX_sess_connect_renegotiate CyaSSL_CTX_sess_connect_renegotiate
+#define SSL_CTX_sess_hits CyaSSL_CTX_sess_hits
+#define SSL_CTX_sess_cb_hits CyaSSL_CTX_sess_cb_hits
+#define SSL_CTX_sess_cache_full CyaSSL_CTX_sess_cache_full
+#define SSL_CTX_sess_misses CyaSSL_CTX_sess_misses
+#define SSL_CTX_sess_timeouts CyaSSL_CTX_sess_timeouts
+#define SSL_CTX_sess_number CyaSSL_CTX_sess_number
+#define SSL_CTX_sess_get_cache_size CyaSSL_CTX_sess_get_cache_size
+
+
+#define SSL_DEFAULT_CIPHER_LIST CYASSL_DEFAULT_CIPHER_LIST
+#define RSA_F4 CYASSL_RSA_F4
+
+#define SSL_CTX_set_psk_client_callback CyaSSL_CTX_set_psk_client_callback
+#define SSL_set_psk_client_callback CyaSSL_set_psk_client_callback
+
+#define SSL_get_psk_identity_hint CyaSSL_get_psk_identity_hint
+#define SSL_get_psk_identity CyaSSL_get_psk_identity
+
+#define SSL_CTX_use_psk_identity_hint CyaSSL_CTX_use_psk_identity_hint
+#define SSL_use_psk_identity_hint CyaSSL_use_psk_identity_hint
+
+#define SSL_CTX_set_psk_server_callback CyaSSL_CTX_set_psk_server_callback
+#define SSL_set_psk_server_callback CyaSSL_set_psk_server_callback
+
+#define ERR_get_error_line_data CyaSSL_ERR_get_error_line_data
+
+#define ERR_get_error CyaSSL_ERR_get_error
+#define ERR_clear_error CyaSSL_ERR_clear_error
+
+#define RAND_status CyaSSL_RAND_status
+#define RAND_bytes CyaSSL_RAND_bytes
+#define SSLv23_server_method CyaSSLv23_server_method
+#define SSL_CTX_set_options CyaSSL_CTX_set_options 
+#define SSL_CTX_check_private_key CyaSSL_CTX_check_private_key
+
+#define ERR_free_strings CyaSSL_ERR_free_strings
+#define ERR_remove_state CyaSSL_ERR_remove_state
+#define EVP_cleanup CyaSSL_EVP_cleanup
+
+#define CRYPTO_cleanup_all_ex_data CyaSSL_cleanup_all_ex_data
+#define SSL_CTX_set_mode CyaSSL_CTX_set_mode
+#define SSL_CTX_get_mode CyaSSL_CTX_get_mode
+#define SSL_CTX_set_default_read_ahead CyaSSL_CTX_set_default_read_ahead
+
+#define SSL_CTX_sess_set_cache_size CyaSSL_CTX_sess_set_cache_size
+#define SSL_CTX_set_default_verify_paths CyaSSL_CTX_set_default_verify_paths
+
+#define SSL_CTX_set_session_id_context CyaSSL_CTX_set_session_id_context
+#define SSL_get_peer_certificate CyaSSL_get_peer_certificate
+
+#define SSL_want_read CyaSSL_want_read
+#define SSL_want_write CyaSSL_want_write
+
+#define BIO_prf CyaSSL_BIO_prf
+#define ASN1_UTCTIME_pr CyaSSL_ASN1_UTCTIME_pr
+
+#define sk_num CyaSSL_sk_num
+#define sk_value CyaSSL_sk_value
+
+#define SSL_CTX_get_ex_data CyaSSL_CTX_get_ex_data
+#define SSL_CTX_set_ex_data CyaSSL_CTX_set_ex_data
+#define SSL_CTX_sess_set_get_cb CyaSSL_CTX_sess_set_get_cb
+#define SSL_CTX_sess_set_new_cb CyaSSL_CTX_sess_set_new_cb
+#define SSL_CTX_sess_set_remove_cb CyaSSL_CTX_sess_set_remove_cb
+
+#define i2d_SSL_SESSION CyaSSL_i2d_SSL_SESSION
+#define d2i_SSL_SESSION CyaSSL_d2i_SSL_SESSION
+#define SSL_SESSION_get_timeout CyaSSL_SESSION_get_timeout
+#define SSL_SESSION_get_time CyaSSL_SESSION_get_time
+#define SSL_CTX_get_ex_new_index CyaSSL_CTX_get_ex_new_index
+
+
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+
+#endif /* CyaSSL_openssl_h__ */

wolfssl/openssl/stack.h

@@ -0,0 +1,2 @@
+/* stack.h for openssl */
+

wolfssl/openssl/ui.h

@@ -0,0 +1,2 @@
+/* ui.h for openssl */
+

wolfssl/openssl/x509.h

@@ -0,0 +1,3 @@
+/* x509.h for openssl */
+
+#include <cyassl/openssl/ssl.h>

wolfssl/openssl/x509v3.h

@@ -0,0 +1,2 @@
+/* x509v3.h for openssl */
+

wolfssl/options.h

@@ -0,0 +1,56 @@
+/* cyassl options.h
+ * generated from configure options
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ */
+
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef  _POSIX_THREADS
+#define _POSIX_THREADS
+
+#undef  HAVE_THREAD_LS
+#define HAVE_THREAD_LS
+
+#undef  NDEBUG
+#define NDEBUG
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_DH
+#define NO_DH
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef  HAVE_PKCS7
+#define HAVE_PKCS7
+
+
+#ifdef __cplusplus
+}
+#endif
+

wolfssl/options.h.in

@@ -0,0 +1,34 @@
+/* options.h.in
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* default blank options for autoconf */
+
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+

wolfssl/sniffer.h

@@ -0,0 +1,80 @@
+/* sniffer.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef CYASSL_SNIFFER_H
+#define CYASSL_SNIFFER_H
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef _WIN32
+    #ifdef SSL_SNIFFER_EXPORTS
+        #define SSL_SNIFFER_API __declspec(dllexport)
+    #else
+        #define SSL_SNIFFER_API __declspec(dllimport)
+    #endif
+#else
+    #define SSL_SNIFFER_API
+#endif /* _WIN32 */
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+CYASSL_API 
+SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
+                                      const char* keyFile, int keyType,
+                                      const char* password, char* error);
+
+CYASSL_API
+SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
+                                           const char* address, int port,
+                                           const char* keyFile, int keyType,
+                                           const char* password, char* error);
+
+CYASSL_API 
+SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
+                                     unsigned char* data, char* error);
+
+CYASSL_API 
+SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error);
+        
+        
+CYASSL_API void ssl_InitSniffer(void);
+        
+CYASSL_API void ssl_FreeSniffer(void);
+
+        
+/* ssl_SetPrivateKey keyTypes */
+enum {
+    FILETYPE_PEM = 1,
+    FILETYPE_DER = 2,
+};
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* CyaSSL_SNIFFER_H */
+

wolfssl/sniffer_error.h

@@ -0,0 +1,112 @@
+/* sniffer_error.h
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef CYASSL_SNIFFER_ERROR_H
+#define CYASSL_SNIFFER_ERROR_H
+
+/* need to have errors as #defines since .rc files can't handle enums */
+/* need to start at 1 and go in order for same reason */
+
+#define MEMORY_STR 1
+#define NEW_SERVER_STR 2
+#define IP_CHECK_STR 3
+#define SERVER_NOT_REG_STR 4
+#define TCP_CHECK_STR 5
+#define SERVER_PORT_NOT_REG_STR 6
+#define RSA_DECRYPT_STR 7
+#define RSA_DECODE_STR 8
+#define BAD_CIPHER_SPEC_STR 9
+#define SERVER_HELLO_INPUT_STR 10
+
+#define BAD_SESSION_RESUME_STR 11
+#define SERVER_DID_RESUMPTION_STR 12
+#define CLIENT_HELLO_INPUT_STR 13
+#define CLIENT_RESUME_TRY_STR 14
+#define HANDSHAKE_INPUT_STR 15
+#define GOT_HELLO_VERIFY_STR 16
+#define GOT_SERVER_HELLO_STR 17
+#define GOT_CERT_REQ_STR 18
+#define GOT_SERVER_KEY_EX_STR 19
+#define GOT_CERT_STR 20
+
+#define GOT_SERVER_HELLO_DONE_STR 21
+#define GOT_FINISHED_STR 22
+#define GOT_CLIENT_HELLO_STR 23
+#define GOT_CLIENT_KEY_EX_STR 24
+#define GOT_CERT_VER_STR 25
+#define GOT_UNKNOWN_HANDSHAKE_STR 26
+#define NEW_SESSION_STR 27
+#define BAD_NEW_SSL_STR 28
+#define GOT_PACKET_STR 29
+#define NO_DATA_STR 30
+
+#define BAD_SESSION_STR 31
+#define GOT_OLD_CLIENT_HELLO_STR 32
+#define OLD_CLIENT_INPUT_STR 33
+#define OLD_CLIENT_OK_STR 34
+#define BAD_OLD_CLIENT_STR 35
+#define BAD_RECORD_HDR_STR 36
+#define RECORD_INPUT_STR 37
+#define GOT_HANDSHAKE_STR 38
+#define BAD_HANDSHAKE_STR 39
+#define GOT_CHANGE_CIPHER_STR 40
+
+#define GOT_APP_DATA_STR 41
+#define BAD_APP_DATA_STR 42
+#define GOT_ALERT_STR 43
+#define ANOTHER_MSG_STR 44
+#define REMOVE_SESSION_STR 45
+#define KEY_FILE_STR 46
+#define BAD_IPVER_STR 47
+#define BAD_PROTO_STR 48
+#define PACKET_HDR_SHORT_STR 49
+#define GOT_UNKNOWN_RECORD_STR 50
+
+#define BAD_TRACE_FILE_STR 51
+#define FATAL_ERROR_STR 52
+#define PARTIAL_INPUT_STR 53
+#define BUFFER_ERROR_STR 54
+#define PARTIAL_ADD_STR 55
+#define DUPLICATE_STR 56
+#define OUT_OF_ORDER_STR 57
+#define OVERLAP_DUPLICATE_STR 58
+#define OVERLAP_REASSEMBLY_BEGIN_STR 59
+#define OVERLAP_REASSEMBLY_END_STR 60
+
+#define MISSED_CLIENT_HELLO_STR 61
+#define GOT_HELLO_REQUEST_STR 62
+#define GOT_SESSION_TICKET_STR 63
+#define BAD_INPUT_STR 64
+#define BAD_DECRYPT_TYPE 65
+#define BAD_FINISHED_MSG 66
+#define BAD_COMPRESSION_STR 67
+#define BAD_DERIVE_STR 68
+#define ACK_MISSED_STR 69
+#define BAD_DECRYPT    70 
+
+#define DECRYPT_KEYS_NOT_SETUP 71
+#define CLIENT_HELLO_LATE_KEY_STR 72
+/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
+
+
+#endif /* CyaSSL_SNIFFER_ERROR_H */
+

wolfssl/sniffer_error.rc

@@ -0,0 +1,91 @@
+
+STRINGTABLE 
+{
+    1, "Out of Memory"
+    2, "New SSL Sniffer Server Registered"
+    3, "Checking IP Header"
+    4, "SSL Sniffer Server Not Registered"
+    5, "Checking TCP Header"
+
+    6, "SSL Sniffer Server Port Not Registered"
+    7, "RSA Private Decrypt Error"
+    8, "RSA Private Decode Error"
+    9, "Set Cipher Spec Error"
+    10, "Server Hello Input Malformed"
+
+    11, "Couldn't Resume Session Error"
+    12, "Server Did Resumption"
+    13, "Client Hello Input Malformed"
+    14, "Client Trying to Resume"
+    15, "Handshake Input Malformed"
+
+    16, "Got Hello Verify msg"
+    17, "Got Server Hello msg"
+    18, "Got Cert Request msg"
+    19, "Got Server Key Exchange msg"
+    20, "Got Cert msg"
+
+    21, "Got Server Hello Done msg"
+    22, "Got Finished msg"
+    23, "Got Client Hello msg"
+    24, "Got Client Key Exchange msg"
+    25, "Got Cert Verify msg"
+
+    26, "Got Unknown Handshake msg"
+    27, "New SSL Sniffer Session created"
+    28, "Couldn't create new SSL"
+    29, "Got a Packet to decode"
+    30, "No data present"
+
+    31, "Session Not Found"
+    32, "Got an Old Client Hello msg"
+    33, "Old Client Hello Input Malformed"
+    34, "Old Client Hello OK"
+    35, "Bad Old Client Hello"
+
+    36, "Bad Record Header"
+    37, "Record Header Input Malformed"
+    38, "Got a HandShake msg"
+    39, "Bad HandShake msg"
+    40, "Got a Change Cipher Spec msg"
+
+    41, "Got Application Data msg"
+    42, "Bad Application Data"
+    43, "Got an Alert msg"
+    44, "Another msg to Process"
+    45, "Removing Session From Table"
+
+    46, "Bad Key File"
+    47, "Wrong IP Version"
+    48, "Wrong Protocol type"
+    49, "Packet Short for header processing"
+    50, "Got Unknown Record Type"
+    
+    51, "Can't Open Trace File"
+    52, "Session in Fatal Error State"
+    53, "Partial SSL record received"
+    54, "Buffer Error, malformed input"
+    55, "Added to Partial Input"
+
+    56, "Received a Duplicate Packet"
+    57, "Received an Out of Order Packet"
+    58, "Received an Overlap Duplicate Packet"
+    59, "Received an Overlap Reassembly Begin Duplicate Packet"
+    60, "Received an Overlap Reassembly End Duplicate Packet"
+    
+    61, "Missed the Client Hello Entirely"
+    62, "Got Hello Request msg"
+    63, "Got Session Ticket msg"
+    64, "Bad Input"
+    65, "Bad Decrypt Type"
+
+    66, "Bad Finished Message Processing"
+    67, "Bad Compression Type"
+    68, "Bad DeriveKeys Error"
+    69, "Saw ACK for Missing Packet Error"
+    70, "Bad Decrypt Operation"
+
+    71, "Decrypt Keys Not Set Up"
+    72, "Late Key Load Error"
+}
+

wolfssl/test.h

@@ -0,0 +1,1795 @@
+/* test.h */
+
+#ifndef CyaSSL_TEST_H
+#define CyaSSL_TEST_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <ctype.h>
+#include <cyassl/ssl.h>
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/error-crypt.h>
+
+#ifdef ATOMIC_USER
+    #include <cyassl/ctaocrypt/aes.h>
+    #include <cyassl/ctaocrypt/arc4.h>
+    #include <cyassl/ctaocrypt/hmac.h>
+#endif
+#ifdef HAVE_PK_CALLBACKS
+    #include <cyassl/ctaocrypt/random.h>
+    #include <cyassl/ctaocrypt/asn.h>
+    #ifdef HAVE_ECC
+        #include <cyassl/ctaocrypt/ecc.h>
+    #endif /* HAVE_ECC */
+#endif /*HAVE_PK_CALLBACKS */
+
+#ifdef USE_WINDOWS_API 
+    #include <winsock2.h>
+    #include <process.h>
+    #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
+        #include <ws2tcpip.h>
+        #include <wspiapi.h>
+    #endif
+    #define SOCKET_T SOCKET
+    #define SNPRINTF _snprintf
+#elif defined(CYASSL_MDK_ARM)
+    #include <string.h>
+#elif defined(CYASSL_TIRTOS)
+    #include <string.h>
+    #include <netdb.h>
+    #include <sys/types.h>
+    #include <arpa/inet.h>
+    #include <sys/socket.h>
+    #include <ti/sysbios/knl/Task.h>
+    #define SOCKET_T int
+#else
+    #include <string.h>
+    #include <sys/types.h>
+#ifndef CYASSL_LEANPSK
+    #include <unistd.h>
+    #include <netdb.h>
+    #include <netinet/in.h>
+    #include <netinet/tcp.h>
+    #include <arpa/inet.h>
+    #include <sys/ioctl.h>
+    #include <sys/time.h>
+    #include <sys/socket.h>
+    #include <pthread.h>
+    #include <fcntl.h>
+    #ifdef TEST_IPV6
+        #include <netdb.h>
+    #endif
+#endif
+    #define SOCKET_T int
+    #ifndef SO_NOSIGPIPE
+        #include <signal.h>  /* ignore SIGPIPE */
+    #endif
+    #define SNPRINTF snprintf
+#endif /* USE_WINDOWS_API */
+
+#ifdef HAVE_CAVIUM
+    #include "cavium_sysdep.h"
+    #include "cavium_common.h"
+    #include "cavium_ioctl.h"
+#endif
+
+#ifdef _MSC_VER
+    /* disable conversion warning */
+    /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
+    #pragma warning(disable:4244 4996)
+#endif
+
+
+#if defined(__MACH__) || defined(USE_WINDOWS_API)
+    #ifndef _SOCKLEN_T
+        typedef int socklen_t;
+    #endif
+#endif
+
+
+/* HPUX doesn't use socklent_t for third parameter to accept, unless
+   _XOPEN_SOURCE_EXTENDED is defined */
+#if !defined(__hpux__) && !defined(CYASSL_MDK_ARM) && !defined(CYASSL_IAR_ARM)
+    typedef socklen_t* ACCEPT_THIRD_T;
+#else
+    #if defined _XOPEN_SOURCE_EXTENDED
+        typedef socklen_t* ACCEPT_THIRD_T;
+    #else
+        typedef int*       ACCEPT_THIRD_T;
+    #endif
+#endif
+
+
+#ifdef USE_WINDOWS_API 
+    #define CloseSocket(s) closesocket(s)
+    #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
+#elif defined(CYASSL_MDK_ARM)
+    #define CloseSocket(s) closesocket(s)
+    #define StartTCP() 
+#else
+    #define CloseSocket(s) close(s)
+    #define StartTCP() 
+#endif
+
+
+#ifdef SINGLE_THREADED
+    typedef unsigned int  THREAD_RETURN;
+    typedef void*         THREAD_TYPE;
+    #define CYASSL_THREAD
+#else
+    #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
+        typedef void*         THREAD_RETURN;
+        typedef pthread_t     THREAD_TYPE;
+        #define CYASSL_THREAD
+        #define INFINITE -1
+        #define WAIT_OBJECT_0 0L
+    #elif defined(CYASSL_MDK_ARM)
+        typedef unsigned int  THREAD_RETURN;
+        typedef int           THREAD_TYPE;
+        #define CYASSL_THREAD
+    #elif defined(CYASSL_TIRTOS)
+        typedef void          THREAD_RETURN;
+        typedef Task_Handle   THREAD_TYPE;
+        #define CYASSL_THREAD
+    #else
+        typedef unsigned int  THREAD_RETURN;
+        typedef intptr_t      THREAD_TYPE;
+        #define CYASSL_THREAD __stdcall
+    #endif
+#endif
+
+
+#ifdef TEST_IPV6
+    typedef struct sockaddr_in6 SOCKADDR_IN_T;
+    #define AF_INET_V    AF_INET6
+#else
+    typedef struct sockaddr_in  SOCKADDR_IN_T;
+    #define AF_INET_V    AF_INET
+#endif
+   
+
+#define SERVER_DEFAULT_VERSION 3
+#define SERVER_DTLS_DEFAULT_VERSION (-2)
+#define SERVER_INVALID_VERSION (-99)
+#define CLIENT_DEFAULT_VERSION 3
+#define CLIENT_DTLS_DEFAULT_VERSION (-2)
+#define CLIENT_INVALID_VERSION (-99)
+
+/* all certs relative to CyaSSL home directory now */
+#define caCert     "./certs/ca-cert.pem"
+#define eccCert    "./certs/server-ecc.pem"
+#define eccKey     "./certs/ecc-key.pem"
+#define svrCert    "./certs/server-cert.pem"
+#define svrKey     "./certs/server-key.pem"
+#define cliCert    "./certs/client-cert.pem"
+#define cliKey     "./certs/client-key.pem"
+#define ntruCert   "./certs/ntru-cert.pem"
+#define ntruKey    "./certs/ntru-key.raw"
+#define dhParam    "./certs/dh2048.pem"
+#define cliEccKey  "./certs/ecc-client-key.pem"
+#define cliEccCert "./certs/client-ecc-cert.pem"
+#define crlPemDir  "./certs/crl"
+
+typedef struct tcp_ready {
+    word16 ready;              /* predicate */
+    word16 port;
+#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
+    pthread_mutex_t mutex;
+    pthread_cond_t  cond;
+#endif
+} tcp_ready;    
+
+
+void InitTcpReady(tcp_ready*);
+void FreeTcpReady(tcp_ready*);
+
+typedef CYASSL_METHOD* (*method_provider)(void);
+typedef void (*ctx_callback)(CYASSL_CTX* ctx);
+typedef void (*ssl_callback)(CYASSL* ssl);
+
+typedef struct callback_functions {
+    method_provider method;
+    ctx_callback ctx_ready;
+    ssl_callback ssl_ready;
+    ssl_callback on_result;
+} callback_functions;
+
+typedef struct func_args {
+    int    argc;
+    char** argv;
+    int    return_code;
+    tcp_ready* signal;
+    callback_functions *callbacks;
+} func_args;
+
+void wait_tcp_ready(func_args*);
+
+typedef THREAD_RETURN CYASSL_THREAD THREAD_FUNC(void*);
+
+void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
+void join_thread(THREAD_TYPE);
+
+/* yaSSL */
+#ifndef TEST_IPV6
+    static const char* const yasslIP   = "127.0.0.1";
+#else
+    static const char* const yasslIP   = "::1";
+#endif
+static const word16      yasslPort = 11111;
+
+static INLINE void err_sys(const char* msg)
+{
+    printf("yassl error: %s\n", msg);
+    if (msg)
+        exit(EXIT_FAILURE);
+}
+
+
+#define MY_EX_USAGE 2
+
+extern int   myoptind;
+extern char* myoptarg;
+
+static INLINE int mygetopt(int argc, char** argv, const char* optstring)
+{
+    static char* next = NULL;
+
+    char  c;
+    char* cp;
+
+    if (myoptind == 0)
+        next = NULL;   /* we're starting new/over */
+
+    if (next == NULL || *next == '\0') {
+        if (myoptind == 0)
+            myoptind++;
+
+        if (myoptind >= argc || argv[myoptind][0] != '-' ||
+                                argv[myoptind][1] == '\0') {
+            myoptarg = NULL;
+            if (myoptind < argc)
+                myoptarg = argv[myoptind];
+
+            return -1;
+        }
+
+        if (strcmp(argv[myoptind], "--") == 0) {
+            myoptind++;
+            myoptarg = NULL;
+
+            if (myoptind < argc)
+                myoptarg = argv[myoptind];
+
+            return -1;
+        }
+
+        next = argv[myoptind];
+        next++;                  /* skip - */
+        myoptind++;
+    }
+
+    c  = *next++;
+    /* The C++ strchr can return a different value */
+    cp = (char*)strchr(optstring, c);
+
+    if (cp == NULL || c == ':') 
+        return '?';
+
+    cp++;
+
+    if (*cp == ':') {
+        if (*next != '\0') {
+            myoptarg = next;
+            next     = NULL;
+        }
+        else if (myoptind < argc) {
+            myoptarg = argv[myoptind];
+            myoptind++;
+        }
+        else 
+            return '?';
+    }
+
+    return c;
+}
+
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+
+static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
+{
+    (void)rw;
+    (void)userdata;
+    strncpy(passwd, "yassl123", sz);
+    return 8;
+}
+
+#endif
+
+
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
+
+static INLINE void ShowX509(CYASSL_X509* x509, const char* hdr)
+{
+    char* altName;
+    char* issuer  = CyaSSL_X509_NAME_oneline(
+                                       CyaSSL_X509_get_issuer_name(x509), 0, 0);
+    char* subject = CyaSSL_X509_NAME_oneline(
+                                      CyaSSL_X509_get_subject_name(x509), 0, 0);
+    byte  serial[32];
+    int   ret;
+    int   sz = sizeof(serial);
+        
+    printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
+
+    while ( (altName = CyaSSL_X509_get_next_altname(x509)) != NULL)
+        printf(" altname = %s\n", altName);
+
+    ret = CyaSSL_X509_get_serial_number(x509, serial, &sz);
+    if (ret == SSL_SUCCESS) {
+        int  i;
+        int  strLen;
+        char serialMsg[80];
+
+        /* testsuite has multiple threads writing to stdout, get output
+           message ready to write once */
+        strLen = sprintf(serialMsg, " serial number");
+        for (i = 0; i < sz; i++)
+            sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
+        printf("%s\n", serialMsg);
+    }
+
+    XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+    XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
+}
+
+#endif /* KEEP_PEER_CERT || SESSION_CERTS */
+
+
+static INLINE void showPeer(CYASSL* ssl)
+{
+
+    CYASSL_CIPHER* cipher;
+#ifdef KEEP_PEER_CERT
+    CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
+    if (peer)
+        ShowX509(peer, "peer's cert info:");
+    else
+        printf("peer has no cert!\n");
+#endif
+    printf("SSL version is %s\n", CyaSSL_get_version(ssl));
+
+    cipher = CyaSSL_get_current_cipher(ssl);
+    printf("SSL cipher suite is %s\n", CyaSSL_CIPHER_get_name(cipher));
+
+#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
+    {
+        CYASSL_X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
+        int                count = CyaSSL_get_chain_count(chain);
+        int i;
+
+        for (i = 0; i < count; i++) {
+            int length;
+            unsigned char buffer[3072];
+            CYASSL_X509* chainX509;
+
+            CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
+            buffer[length] = 0;
+            printf("cert %d has length %d data = \n%s\n", i, length, buffer);
+
+            chainX509 = CyaSSL_get_chain_X509(chain, i);
+            if (chainX509)
+                ShowX509(chainX509, "session cert info:");
+            else
+                printf("get_chain_X509 failed\n");
+            CyaSSL_FreeX509(chainX509);
+        }
+    }
+#endif
+  (void)ssl;
+}
+
+
+static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
+                              word16 port, int udp)
+{
+    int useLookup = 0;
+    (void)useLookup;
+    (void)udp;
+
+    memset(addr, 0, sizeof(SOCKADDR_IN_T));
+
+#ifndef TEST_IPV6
+    /* peer could be in human readable form */
+    if ( (peer != INADDR_ANY) && isalpha((int)peer[0])) {
+        #ifdef CYASSL_MDK_ARM
+            int err;
+            struct hostent* entry = gethostbyname(peer, &err);
+        #else
+            struct hostent* entry = gethostbyname(peer);
+        #endif
+
+        if (entry) {
+            memcpy(&addr->sin_addr.s_addr, entry->h_addr_list[0],
+                   entry->h_length);
+            useLookup = 1;
+        }
+        else
+            err_sys("no entry for host");
+    }
+#endif
+
+
+#ifndef TEST_IPV6
+    #if defined(CYASSL_MDK_ARM)
+        addr->sin_family = PF_INET;
+    #else
+        addr->sin_family = AF_INET_V;
+    #endif
+    addr->sin_port = htons(port);
+    if (peer == INADDR_ANY)
+        addr->sin_addr.s_addr = INADDR_ANY;
+    else {
+        if (!useLookup)
+            addr->sin_addr.s_addr = inet_addr(peer);
+    }
+#else
+    addr->sin6_family = AF_INET_V;
+    addr->sin6_port = htons(port);
+    if (peer == INADDR_ANY)
+        addr->sin6_addr = in6addr_any;
+    else {
+        #ifdef HAVE_GETADDRINFO
+            struct addrinfo  hints;
+            struct addrinfo* answer = NULL;
+            int    ret;
+            char   strPort[80];
+
+            memset(&hints, 0, sizeof(hints));
+
+            hints.ai_family   = AF_INET_V;
+            hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
+            hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
+
+            SNPRINTF(strPort, sizeof(strPort), "%d", port);
+            strPort[79] = '\0';
+
+            ret = getaddrinfo(peer, strPort, &hints, &answer);
+            if (ret < 0 || answer == NULL)
+                err_sys("getaddrinfo failed");
+
+            memcpy(addr, answer->ai_addr, answer->ai_addrlen);
+            freeaddrinfo(answer);
+        #else
+            printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
+            addr->sin6_addr = in6addr_loopback;
+        #endif
+    }
+#endif
+}
+
+
+static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
+{
+    if (udp)
+        *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
+    else
+        *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
+
+#ifdef USE_WINDOWS_API
+    if (*sockfd == INVALID_SOCKET)
+        err_sys("socket failed\n");
+#elif defined(CYASSL_TIRTOS)
+    if (*sockfd == -1)
+        err_sys("socket failed\n");
+#else
+    if (*sockfd < 0)
+        err_sys("socket failed\n");
+#endif
+
+#ifndef USE_WINDOWS_API 
+#ifdef SO_NOSIGPIPE
+    {
+        int       on = 1;
+        socklen_t len = sizeof(on);
+        int       res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
+        if (res < 0)
+            err_sys("setsockopt SO_NOSIGPIPE failed\n");
+    }
+#elif defined(CYASSL_MDK_ARM) || defined (CYASSL_TIRTOS)
+    /* nothing to define */
+#else  /* no S_NOSIGPIPE */
+    signal(SIGPIPE, SIG_IGN);
+#endif /* S_NOSIGPIPE */
+
+#if defined(TCP_NODELAY)
+    if (!udp)
+    {
+        int       on = 1;
+        socklen_t len = sizeof(on);
+        int       res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
+        if (res < 0)
+            err_sys("setsockopt TCP_NODELAY failed\n");
+    }
+#endif
+#endif  /* USE_WINDOWS_API */
+}
+
+static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
+                               int udp)
+{
+    SOCKADDR_IN_T addr;
+    build_addr(&addr, ip, port, udp);
+    tcp_socket(sockfd, udp);
+
+    if (!udp) {
+        if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+            err_sys("tcp connect failed");
+    }
+}
+
+
+static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
+{
+    if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
+        err_sys("tcp connect failed");
+}
+
+
+enum {
+    TEST_SELECT_FAIL,
+    TEST_TIMEOUT,
+    TEST_RECV_READY,
+    TEST_ERROR_READY
+};
+
+
+#if !defined(CYASSL_MDK_ARM) && !defined(CYASSL_TIRTOS)
+static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
+{
+    fd_set recvfds, errfds;
+    SOCKET_T nfds = socketfd + 1;
+    struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
+    int result;
+
+    FD_ZERO(&recvfds);
+    FD_SET(socketfd, &recvfds);
+    FD_ZERO(&errfds);
+    FD_SET(socketfd, &errfds);
+
+    result = select(nfds, &recvfds, NULL, &errfds, &timeout);
+
+    if (result == 0)
+        return TEST_TIMEOUT;
+    else if (result > 0) {
+        if (FD_ISSET(socketfd, &recvfds))
+            return TEST_RECV_READY;
+        else if(FD_ISSET(socketfd, &errfds))
+            return TEST_ERROR_READY;
+    }
+
+    return TEST_SELECT_FAIL;
+}
+#elif defined(CYASSL_TIRTOS)
+static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
+{
+    return TEST_RECV_READY;
+}
+#endif /* !CYASSL_MDK_ARM */
+
+
+static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
+                              int udp)
+{
+    SOCKADDR_IN_T addr;
+
+    /* don't use INADDR_ANY by default, firewall may block, make user switch
+       on */
+    build_addr(&addr, (useAnyAddr ? INADDR_ANY : yasslIP), *port, udp);
+    tcp_socket(sockfd, udp);
+
+#if !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_ARM)
+    {
+        int       res, on  = 1;
+        socklen_t len = sizeof(on);
+        res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
+        if (res < 0)
+            err_sys("setsockopt SO_REUSEADDR failed\n");
+    }
+#endif
+
+    if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+        err_sys("tcp bind failed");
+    if (!udp) {
+        if (listen(*sockfd, 5) != 0)
+            err_sys("tcp listen failed");
+    }
+    #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)
+        if (*port == 0) {
+            socklen_t len = sizeof(addr);
+            if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
+                #ifndef TEST_IPV6
+                    *port = ntohs(addr.sin_port);
+                #else
+                    *port = ntohs(addr.sin6_port);
+                #endif
+            }
+        }
+    #endif
+}
+
+
+static INLINE int udp_read_connect(SOCKET_T sockfd)
+{
+    SOCKADDR_IN_T cliaddr;
+    byte          b[1500];
+    int           n;
+    socklen_t     len = sizeof(cliaddr);
+
+    n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
+                      (struct sockaddr*)&cliaddr, &len);
+    if (n > 0) {
+        if (connect(sockfd, (const struct sockaddr*)&cliaddr,
+                    sizeof(cliaddr)) != 0)
+            err_sys("udp connect failed");
+    }
+    else
+        err_sys("recvfrom failed");
+
+    return sockfd;
+}
+
+static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
+                              int useAnyAddr, word16 port, func_args* args)
+{
+    SOCKADDR_IN_T addr;
+
+    (void)args;
+    build_addr(&addr, (useAnyAddr ? INADDR_ANY : yasslIP), port, 1);
+    tcp_socket(sockfd, 1);
+
+
+#if !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_ARM)
+    {
+        int       res, on  = 1;
+        socklen_t len = sizeof(on);
+        res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
+        if (res < 0)
+            err_sys("setsockopt SO_REUSEADDR failed\n");
+    }
+#endif
+
+    if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+        err_sys("tcp bind failed");
+
+    #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)
+        if (port == 0) {
+            socklen_t len = sizeof(addr);
+            if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
+                #ifndef TEST_IPV6
+                    port = ntohs(addr.sin_port);
+                #else
+                    port = ntohs(addr.sin6_port);
+                #endif
+            }
+        }
+    #endif
+
+#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
+    /* signal ready to accept data */
+    {
+    tcp_ready* ready = args->signal;
+    pthread_mutex_lock(&ready->mutex);
+    ready->ready = 1;
+    ready->port = port;
+    pthread_cond_signal(&ready->cond);
+    pthread_mutex_unlock(&ready->mutex);
+    }
+#elif defined (CYASSL_TIRTOS)
+    /* Need mutex? */
+    tcp_ready* ready = args->signal;
+    ready->ready = 1;
+    ready->port = port;
+#endif
+
+    *clientfd = udp_read_connect(*sockfd);
+}
+
+static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
+                              func_args* args, word16 port, int useAnyAddr,
+                              int udp, int ready_file)
+{
+    SOCKADDR_IN_T client;
+    socklen_t client_len = sizeof(client);
+
+    if (udp) {
+        udp_accept(sockfd, clientfd, useAnyAddr, port, args);
+        return;
+    }
+
+    tcp_listen(sockfd, &port, useAnyAddr, udp);
+
+#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
+    /* signal ready to tcp_accept */
+    {
+    tcp_ready* ready = args->signal;
+    pthread_mutex_lock(&ready->mutex);
+    ready->ready = 1;
+    ready->port = port;
+    pthread_cond_signal(&ready->cond);
+    pthread_mutex_unlock(&ready->mutex);
+    }
+#elif defined (CYASSL_TIRTOS)
+    /* Need mutex? */
+    tcp_ready* ready = args->signal;
+    ready->ready = 1;
+    ready->port = port;
+#endif
+
+    if (ready_file) {
+#ifndef NO_FILESYSTEM
+        FILE* srf = fopen("./server_ready", "w+");
+
+        if (srf) {
+            fputs("ready", srf);
+            fclose(srf);
+        }
+#endif
+    }
+
+    *clientfd = accept(*sockfd, (struct sockaddr*)&client,
+                      (ACCEPT_THIRD_T)&client_len);
+#ifdef USE_WINDOWS_API
+    if (*clientfd == INVALID_SOCKET)
+        err_sys("tcp accept failed");
+#else
+    if (*clientfd == -1)
+        err_sys("tcp accept failed");
+#endif
+}
+
+
+static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
+{
+    #ifdef USE_WINDOWS_API 
+        unsigned long blocking = 1;
+        int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
+        if (ret == SOCKET_ERROR)
+            err_sys("ioctlsocket failed");
+    #elif defined(CYASSL_MDK_ARM) || defined (CYASSL_TIRTOS)
+         /* non blocking not suppported, for now */ 
+    #else
+        int flags = fcntl(*sockfd, F_GETFL, 0);
+        if (flags < 0)
+            err_sys("fcntl get failed");
+        flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
+        if (flags < 0)
+            err_sys("fcntl set failed");
+    #endif
+}
+
+
+#ifndef NO_PSK
+
+static INLINE unsigned int my_psk_client_cb(CYASSL* ssl, const char* hint,
+        char* identity, unsigned int id_max_len, unsigned char* key,
+        unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)hint;
+    (void)key_max_len;
+
+    /* identity is OpenSSL testing default for openssl s_client, keep same */
+    strncpy(identity, "Client_identity", id_max_len);
+
+
+    /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
+       unsigned binary */
+    key[0] = 26;
+    key[1] = 43;
+    key[2] = 60;
+    key[3] = 77;
+
+    return 4;   /* length of key in octets or 0 for error */
+}
+
+
+static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
+        unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)key_max_len;
+
+    /* identity is OpenSSL testing default for openssl s_client, keep same */
+    if (strncmp(identity, "Client_identity", 15) != 0)
+        return 0;
+
+    /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
+       unsigned binary */
+    key[0] = 26;
+    key[1] = 43;
+    key[2] = 60;
+    key[3] = 77;
+
+    return 4;   /* length of key in octets or 0 for error */
+}
+
+#endif /* NO_PSK */
+
+
+#ifdef USE_WINDOWS_API 
+
+    #define WIN32_LEAN_AND_MEAN
+    #include <windows.h>
+
+    static INLINE double current_time()
+    {
+        static int init = 0;
+        static LARGE_INTEGER freq;
+    
+        LARGE_INTEGER count;
+
+        if (!init) {
+            QueryPerformanceFrequency(&freq);
+            init = 1;
+        }
+
+        QueryPerformanceCounter(&count);
+
+        return (double)count.QuadPart / freq.QuadPart;
+    }
+
+#elif defined(CYASSL_TIRTOS)
+    extern double current_time();
+#else
+
+#if !defined(CYASSL_MDK_ARM)
+    #include <sys/time.h>
+
+    static INLINE double current_time(void)
+    {
+        struct timeval tv;
+        gettimeofday(&tv, 0);
+
+        return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
+    }
+        
+#endif
+#endif /* USE_WINDOWS_API */
+
+
+#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+
+    enum {
+        CYASSL_CA   = 1,
+        CYASSL_CERT = 2,
+        CYASSL_KEY  = 3
+    };
+
+    static INLINE void load_buffer(CYASSL_CTX* ctx, const char* fname, int type)
+    {
+        /* test buffer load */
+        long  sz = 0;
+        byte  buff[10000];
+        FILE* file = fopen(fname, "rb");
+
+        if (!file)
+            err_sys("can't open file for buffer load "
+                    "Please run from CyaSSL home directory if not");
+        fseek(file, 0, SEEK_END);
+        sz = ftell(file);
+        rewind(file);
+        fread(buff, sizeof(buff), 1, file);
+  
+        if (type == CYASSL_CA) {
+            if (CyaSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM)
+                                              != SSL_SUCCESS)
+                err_sys("can't load buffer ca file");
+        }
+        else if (type == CYASSL_CERT) {
+            if (CyaSSL_CTX_use_certificate_buffer(ctx, buff, sz,
+                        SSL_FILETYPE_PEM) != SSL_SUCCESS)
+                err_sys("can't load buffer cert file");
+        }
+        else if (type == CYASSL_KEY) {
+            if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz,
+                        SSL_FILETYPE_PEM) != SSL_SUCCESS)
+                err_sys("can't load buffer key file");
+        }
+    }
+
+#endif /* NO_FILESYSTEM */
+
+#ifdef VERIFY_CALLBACK
+
+static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
+{
+    (void)preverify;
+    char buffer[CYASSL_MAX_ERROR_SZ];
+
+#ifdef OPENSSL_EXTRA
+    CYASSL_X509* peer;
+#endif
+
+    printf("In verification callback, error = %d, %s\n", store->error,
+                                 CyaSSL_ERR_error_string(store->error, buffer));
+#ifdef OPENSSL_EXTRA
+    peer = store->current_cert;
+    if (peer) {
+        char* issuer  = CyaSSL_X509_NAME_oneline(
+                                       CyaSSL_X509_get_issuer_name(peer), 0, 0);
+        char* subject = CyaSSL_X509_NAME_oneline(
+                                      CyaSSL_X509_get_subject_name(peer), 0, 0);
+        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
+                                                                  subject);
+        XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+        XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
+    }
+    else
+        printf("peer has no cert!\n");
+#endif
+    printf("Subject's domain name is %s\n", store->domain);
+
+    printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n");
+    return 1;
+}
+
+#endif /* VERIFY_CALLBACK */
+
+
+static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
+{
+    char buffer[CYASSL_MAX_ERROR_SZ];
+    (void)preverify;
+
+    printf("In verification callback, error = %d, %s\n", store->error,
+                                 CyaSSL_ERR_error_string(store->error, buffer));
+    printf("Subject's domain name is %s\n", store->domain);
+
+    if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
+        printf("Overriding cert date error as example for bad clock testing\n");
+        return 1;
+    }
+    printf("Cert error is not date error, not overriding\n");
+
+    return 0;
+}
+
+
+#ifdef HAVE_CRL
+
+static INLINE void CRL_CallBack(const char* url)
+{
+    printf("CRL callback url = %s\n", url);
+}
+
+#endif
+
+#ifndef NO_CERTS
+
+static INLINE void CaCb(unsigned char* der, int sz, int type)
+{
+    (void)der;
+    printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
+}
+
+
+#ifndef NO_DH
+static INLINE void SetDH(CYASSL* ssl)
+{
+    /* dh1024 p */
+    static unsigned char p[] =
+    {
+        0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+        0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+        0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+        0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+        0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+        0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+        0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+        0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+        0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+        0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+        0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+    };
+
+    /* dh1024 g */
+    static unsigned char g[] =
+    {
+      0x02,
+    };
+
+    CyaSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
+}
+
+static INLINE void SetDHCtx(CYASSL_CTX* ctx)
+{
+    /* dh1024 p */
+    static unsigned char p[] =
+    {
+        0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+        0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+        0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+        0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+        0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+        0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+        0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+        0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+        0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+        0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+        0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+    };
+
+    /* dh1024 g */
+    static unsigned char g[] =
+    {
+      0x02,
+    };
+
+    CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
+}
+#endif /* NO_DH */
+#endif /* !NO_CERTS */
+
+#ifdef HAVE_CAVIUM
+
+static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
+{
+   Csp1CoreAssignment core_assign;
+   Uint32             device;
+
+   if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
+      return -1;
+   if (Csp1GetDevType(&device))
+      return -1;
+   if (device != NPX_DEVICE) {
+      if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
+                (Uint32 *)&core_assign)!= 0)
+         return -1;
+   }
+   CspShutdown(CAVIUM_DEV_ID);
+
+   return CspInitialize(dma_mode, dev_id);
+}
+
+#endif /* HAVE_CAVIUM */
+
+
+#ifdef USE_WINDOWS_API 
+
+/* do back x number of directories */
+static INLINE void ChangeDirBack(int x)
+{
+    char path[MAX_PATH];
+
+    if (x == 1)
+        strncpy(path, "..\\", MAX_PATH);
+    else if (x == 2)
+        strncpy(path, "..\\..\\", MAX_PATH);
+    else if (x == 3)
+        strncpy(path, "..\\..\\..\\", MAX_PATH);
+    else if (x == 4)
+        strncpy(path, "..\\..\\..\\..\\", MAX_PATH);
+    else
+        strncpy(path, ".\\", MAX_PATH);
+    
+    SetCurrentDirectoryA(path);
+}
+
+/* does current dir contain str */
+static INLINE int CurrentDir(const char* str)
+{
+    char  path[MAX_PATH];
+    char* baseName;
+
+    GetCurrentDirectoryA(sizeof(path), path);
+
+    baseName = strrchr(path, '\\');
+    if (baseName)
+        baseName++;
+    else
+        baseName = path;
+
+    if (strstr(baseName, str))
+        return 1;
+
+    return 0;
+}
+
+#elif defined(CYASSL_MDK_ARM)
+    /* KEIL-RL File System does not support relative directry */
+#elif defined(CYASSL_TIRTOS)
+#else
+
+#ifndef MAX_PATH
+    #define MAX_PATH 256
+#endif
+
+/* do back x number of directories */
+static INLINE void ChangeDirBack(int x)
+{
+    char path[MAX_PATH];
+
+    if (x == 1)
+        strncpy(path, "../", MAX_PATH);
+    else if (x == 2)
+        strncpy(path, "../../", MAX_PATH);
+    else if (x == 3)
+        strncpy(path, "../../../", MAX_PATH);
+    else if (x == 4)
+        strncpy(path, "../../../../", MAX_PATH);
+    else
+        strncpy(path, "./", MAX_PATH);
+    
+    if (chdir(path) < 0)
+        printf("chdir to %s failed\n", path);
+}
+
+/* does current dir contain str */
+static INLINE int CurrentDir(const char* str)
+{
+    char  path[MAX_PATH];
+    char* baseName;
+
+    if (getcwd(path, sizeof(path)) == NULL) {
+        printf("no current dir?\n");
+        return 0;
+    }
+
+    baseName = strrchr(path, '/');
+    if (baseName)
+        baseName++;
+    else
+        baseName = path;
+
+    if (strstr(baseName, str))
+        return 1;
+
+    return 0;
+}
+
+#endif /* USE_WINDOWS_API */
+
+
+#ifdef USE_CYASSL_MEMORY
+
+    typedef struct memoryStats {
+        size_t totalAllocs;     /* number of allocations */
+        size_t totalBytes;      /* total number of bytes allocated */
+        size_t peakBytes;       /* concurrent max bytes */
+        size_t currentBytes;    /* total current bytes in use */
+    } memoryStats;
+
+    typedef struct memHint {
+        size_t thisSize;      /* size of this memory */
+        void*  thisMemory;    /* actual memory for user */
+    } memHint;
+
+    typedef struct memoryTrack {
+        union {
+            memHint hint;
+            byte    alignit[16];   /* make sure we have strong alignment */
+        } u;
+    } memoryTrack;
+
+    #if defined(CYASSL_TRACK_MEMORY)
+        #define DO_MEM_STATS
+        static memoryStats ourMemStats;
+    #endif
+
+    static INLINE void* TrackMalloc(size_t sz)
+    {
+        memoryTrack* mt;
+
+        if (sz == 0)
+            return NULL;
+
+        mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
+        if (mt == NULL)
+            return NULL;
+
+        mt->u.hint.thisSize   = sz;
+        mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
+
+#ifdef DO_MEM_STATS
+        ourMemStats.totalAllocs++;
+        ourMemStats.totalBytes   += sz;
+        ourMemStats.currentBytes += sz;
+        if (ourMemStats.currentBytes > ourMemStats.peakBytes)
+            ourMemStats.peakBytes = ourMemStats.currentBytes;
+#endif
+
+        return mt->u.hint.thisMemory;
+    }
+
+
+    static INLINE void TrackFree(void* ptr)
+    {
+        memoryTrack* mt;
+
+        if (ptr == NULL)
+            return;
+
+        mt = (memoryTrack*)ptr;
+        --mt;   /* same as minus sizeof(memoryTrack), removes header */
+
+#ifdef DO_MEM_STATS 
+        ourMemStats.currentBytes -= mt->u.hint.thisSize; 
+#endif
+
+        free(mt);
+    }
+
+
+    static INLINE void* TrackRealloc(void* ptr, size_t sz)
+    {
+        void* ret = TrackMalloc(sz);
+
+        if (ptr) {
+            /* if realloc is bigger, don't overread old ptr */
+            memoryTrack* mt = (memoryTrack*)ptr;
+            --mt;  /* same as minus sizeof(memoryTrack), removes header */
+
+            if (mt->u.hint.thisSize < sz)
+                sz = mt->u.hint.thisSize;
+        }
+
+        if (ret && ptr)
+            memcpy(ret, ptr, sz);
+
+        if (ret)
+            TrackFree(ptr);
+
+        return ret;
+    }
+
+    static INLINE void InitMemoryTracker(void) 
+    {
+        if (CyaSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0)
+            err_sys("CyaSSL SetAllocators failed for track memory");
+
+    #ifdef DO_MEM_STATS
+        ourMemStats.totalAllocs  = 0;
+        ourMemStats.totalBytes   = 0;
+        ourMemStats.peakBytes    = 0;
+        ourMemStats.currentBytes = 0;
+    #endif
+    }
+
+    static INLINE void ShowMemoryTracker(void) 
+    {
+    #ifdef DO_MEM_STATS 
+        printf("total   Allocs = %9lu\n",
+                                       (unsigned long)ourMemStats.totalAllocs);
+        printf("total   Bytes  = %9lu\n",
+                                       (unsigned long)ourMemStats.totalBytes);
+        printf("peak    Bytes  = %9lu\n",
+                                       (unsigned long)ourMemStats.peakBytes);
+        printf("current Bytes  = %9lu\n",
+                                       (unsigned long)ourMemStats.currentBytes);
+    #endif
+    }
+
+#endif /* USE_CYASSL_MEMORY */
+
+
+#ifdef HAVE_STACK_SIZE
+
+typedef THREAD_RETURN CYASSL_THREAD (*thread_func)(void* args);
+
+
+static INLINE void StackSizeCheck(func_args* args, thread_func tf)
+{
+    int            ret, i, used;
+    unsigned char* myStack;
+    int            stackSize = 1024*128;
+    pthread_attr_t myAttr;
+    pthread_t      threadId;
+
+#ifdef PTHREAD_STACK_MIN
+    if (stackSize < PTHREAD_STACK_MIN)
+        stackSize = PTHREAD_STACK_MIN;
+#endif
+
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    if (ret != 0) 
+        err_sys("posix_memalign failed\n");        
+
+    memset(myStack, 0x01, stackSize);
+
+    ret = pthread_attr_init(&myAttr);
+    if (ret != 0)
+        err_sys("attr_init failed");
+
+    ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
+    if (ret != 0)
+        err_sys("attr_setstackaddr failed");
+
+    ret = pthread_create(&threadId, &myAttr, tf, args);
+    if (ret != 0) {
+        perror("pthread_create failed");
+        exit(EXIT_FAILURE);
+    }
+
+    ret = pthread_join(threadId, NULL);
+    if (ret != 0)
+        err_sys("pthread_join failed");
+
+    for (i = 0; i < stackSize; i++) {
+        if (myStack[i] != 0x01) {
+            break;
+        }
+    }
+
+    used = stackSize - i;
+    printf("stack used = %d\n", used);
+}
+
+
+#endif /* HAVE_STACK_SIZE */
+
+
+#ifdef STACK_TRAP
+
+/* good settings
+   --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
+
+*/
+
+#ifdef HAVE_STACK_SIZE
+    /* client only for now, setrlimit will fail if pthread_create() called */
+    /* STACK_SIZE does pthread_create() on client */
+    #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
+#endif /* HAVE_STACK_SIZE */
+
+static INLINE void StackTrap(void)
+{
+    struct rlimit  rl;
+    if (getrlimit(RLIMIT_STACK, &rl) != 0)
+        err_sys("getrlimit failed");
+    printf("rlim_cur = %llu\n", rl.rlim_cur);
+    rl.rlim_cur = 1024*21;  /* adjust trap size here */
+    if (setrlimit(RLIMIT_STACK, &rl) != 0) {
+        perror("setrlimit");
+        err_sys("setrlimit failed");
+    }
+}
+
+#else /* STACK_TRAP */
+
+static INLINE void StackTrap(void)
+{
+}
+
+#endif /* STACK_TRAP */
+
+
+#ifdef ATOMIC_USER
+
+/* Atomic Encrypt Context example */
+typedef struct AtomicEncCtx {
+    int  keySetup;           /* have we done key setup yet */
+    Aes  aes;                /* for aes example */
+} AtomicEncCtx;
+
+
+/* Atomic Decrypt Context example */
+typedef struct AtomicDecCtx {
+    int  keySetup;           /* have we done key setup yet */
+    Aes  aes;                /* for aes example */
+} AtomicDecCtx;
+
+
+static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut, 
+       const unsigned char* macIn, unsigned int macInSz, int macContent, 
+       int macVerify, unsigned char* encOut, const unsigned char* encIn,
+       unsigned int encSz, void* ctx)
+{
+    int  ret;
+    Hmac hmac;
+    byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
+    AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
+    const char* tlsStr = "TLS";
+
+    /* example supports (d)tls aes */
+    if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
+        printf("myMacEncryptCb not using AES\n");
+        return -1;
+    }
+
+    if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
+        printf("myMacEncryptCb not using (D)TLS\n");
+        return -1;
+    }
+
+    /* hmac, not needed if aead mode */
+    CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
+
+    ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
+               CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl));
+    if (ret != 0)
+        return ret;
+    ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
+    if (ret != 0)
+        return ret;
+    ret = HmacUpdate(&hmac, macIn, macInSz);
+    if (ret != 0)
+        return ret;
+    ret = HmacFinal(&hmac, macOut);
+    if (ret != 0)
+        return ret;
+
+
+    /* encrypt setup on first time */
+    if (encCtx->keySetup == 0) {
+        int   keyLen = CyaSSL_GetKeySize(ssl);
+        const byte* key;
+        const byte* iv;
+
+        if (CyaSSL_GetSide(ssl) == CYASSL_CLIENT_END) {
+            key = CyaSSL_GetClientWriteKey(ssl);
+            iv  = CyaSSL_GetClientWriteIV(ssl);
+        }
+        else {
+            key = CyaSSL_GetServerWriteKey(ssl);
+            iv  = CyaSSL_GetServerWriteIV(ssl);
+        }
+
+        ret = AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
+        if (ret != 0) {
+            printf("AesSetKey failed in myMacEncryptCb\n");
+            return ret;
+        }
+        encCtx->keySetup = 1;
+    }
+
+    /* encrypt */
+    return AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
+}
+
+
+static INLINE int myDecryptVerifyCb(CYASSL* ssl, 
+       unsigned char* decOut, const unsigned char* decIn,
+       unsigned int decSz, int macContent, int macVerify,
+       unsigned int* padSz, void* ctx)
+{
+    AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
+    int ret      = 0;
+    int macInSz  = 0;
+    int ivExtra  = 0;
+    int digestSz = CyaSSL_GetHmacSize(ssl);
+    unsigned int pad     = 0;
+    unsigned int padByte = 0;
+    Hmac hmac;
+    byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
+    byte verify[MAX_DIGEST_SIZE];
+    const char* tlsStr = "TLS";
+
+    /* example supports (d)tls aes */
+    if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
+        printf("myMacEncryptCb not using AES\n");
+        return -1;
+    }
+
+    if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
+        printf("myMacEncryptCb not using (D)TLS\n");
+        return -1;
+    }
+
+    /*decrypt */
+    if (decCtx->keySetup == 0) {
+        int   keyLen = CyaSSL_GetKeySize(ssl);
+        const byte* key;
+        const byte* iv;
+
+        /* decrypt is from other side (peer) */
+        if (CyaSSL_GetSide(ssl) == CYASSL_SERVER_END) {
+            key = CyaSSL_GetClientWriteKey(ssl);
+            iv  = CyaSSL_GetClientWriteIV(ssl);
+        }
+        else {
+            key = CyaSSL_GetServerWriteKey(ssl);
+            iv  = CyaSSL_GetServerWriteIV(ssl);
+        }
+
+        ret = AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
+        if (ret != 0) {
+            printf("AesSetKey failed in myDecryptVerifyCb\n");
+            return ret;
+        }
+        decCtx->keySetup = 1;
+    }
+
+    /* decrypt */
+    ret = AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
+
+    if (CyaSSL_GetCipherType(ssl) == CYASSL_AEAD_TYPE) {
+        *padSz = CyaSSL_GetAeadMacSize(ssl);
+        return 0; /* hmac, not needed if aead mode */
+    }
+
+    if (CyaSSL_GetCipherType(ssl) == CYASSL_BLOCK_TYPE) {
+        pad     = *(decOut + decSz - 1);
+        padByte = 1;
+        if (CyaSSL_IsTLSv1_1(ssl))
+            ivExtra = CyaSSL_GetCipherBlockSize(ssl);
+    }
+
+    *padSz  = CyaSSL_GetHmacSize(ssl) + pad + padByte;
+    macInSz = decSz - ivExtra - digestSz - pad - padByte;
+
+    CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
+
+    ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
+               CyaSSL_GetMacSecret(ssl, macVerify), digestSz);
+    if (ret != 0)
+        return ret;
+    ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
+    if (ret != 0)
+        return ret;
+    ret = HmacUpdate(&hmac, decOut + ivExtra, macInSz);
+    if (ret != 0)
+        return ret;
+    ret = HmacFinal(&hmac, verify);
+    if (ret != 0)
+        return ret;
+
+    if (memcmp(verify, decOut + decSz - digestSz - pad - padByte,
+               digestSz) != 0) {
+        printf("myDecryptVerify verify failed\n");
+        return -1;
+    }
+
+    return ret;
+}
+
+
+static INLINE void SetupAtomicUser(CYASSL_CTX* ctx, CYASSL* ssl)
+{
+    AtomicEncCtx* encCtx;
+    AtomicDecCtx* decCtx;
+
+    encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
+    if (encCtx == NULL)
+        err_sys("AtomicEncCtx malloc failed");
+    memset(encCtx, 0, sizeof(AtomicEncCtx));
+
+    decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
+    if (decCtx == NULL) {
+        free(encCtx);
+        err_sys("AtomicDecCtx malloc failed");
+    }
+    memset(decCtx, 0, sizeof(AtomicDecCtx));
+
+    CyaSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
+    CyaSSL_SetMacEncryptCtx(ssl, encCtx);
+
+    CyaSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
+    CyaSSL_SetDecryptVerifyCtx(ssl, decCtx);
+}
+
+
+static INLINE void FreeAtomicUser(CYASSL* ssl)
+{
+    AtomicEncCtx* encCtx = (AtomicEncCtx*)CyaSSL_GetMacEncryptCtx(ssl);
+    AtomicDecCtx* decCtx = (AtomicDecCtx*)CyaSSL_GetDecryptVerifyCtx(ssl);
+
+    free(decCtx);
+    free(encCtx);
+}
+
+#endif /* ATOMIC_USER */
+
+
+#ifdef HAVE_PK_CALLBACKS
+
+#ifdef HAVE_ECC
+
+static INLINE int myEccSign(CYASSL* ssl, const byte* in, word32 inSz,
+        byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
+{
+    RNG     rng;
+    int     ret;
+    word32  idx = 0;
+    ecc_key myKey;
+
+    (void)ssl;
+    (void)ctx;
+
+    ret = InitRng(&rng);
+    if (ret != 0)
+        return ret;
+
+    ecc_init(&myKey);
+    
+    ret = EccPrivateKeyDecode(key, &idx, &myKey, keySz);    
+    if (ret == 0)
+        ret = ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
+    ecc_free(&myKey);
+
+    return ret;
+}
+
+
+static INLINE int myEccVerify(CYASSL* ssl, const byte* sig, word32 sigSz,
+        const byte* hash, word32 hashSz, const byte* key, word32 keySz,
+        int* result, void* ctx)
+{
+    int     ret;
+    ecc_key myKey;
+
+    (void)ssl;
+    (void)ctx;
+
+    ecc_init(&myKey);
+    
+    ret = ecc_import_x963(key, keySz, &myKey);
+    if (ret == 0)
+        ret = ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
+    ecc_free(&myKey);
+
+    return ret;
+}
+
+#endif /* HAVE_ECC */
+
+#ifndef NO_RSA
+
+static INLINE int myRsaSign(CYASSL* ssl, const byte* in, word32 inSz,
+        byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
+{
+    RNG     rng;
+    int     ret;
+    word32  idx = 0;
+    RsaKey  myKey;
+
+    (void)ssl;
+    (void)ctx;
+
+    ret = InitRng(&rng);
+    if (ret != 0)
+        return ret;
+
+    InitRsaKey(&myKey, NULL);
+    
+    ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);    
+    if (ret == 0)
+        ret = RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
+    if (ret > 0) {  /* save and convert to 0 success */
+        *outSz = ret;
+        ret = 0;
+    }
+    FreeRsaKey(&myKey);
+
+    return ret;
+}
+
+
+static INLINE int myRsaVerify(CYASSL* ssl, byte* sig, word32 sigSz,
+        byte** out,
+        const byte* key, word32 keySz,
+        void* ctx)
+{
+    int     ret;
+    word32  idx = 0;
+    RsaKey  myKey;
+
+    (void)ssl;
+    (void)ctx;
+
+    InitRsaKey(&myKey, NULL);
+    
+    ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);
+    if (ret == 0)
+        ret = RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
+    FreeRsaKey(&myKey);
+
+    return ret;
+}
+
+
+static INLINE int myRsaEnc(CYASSL* ssl, const byte* in, word32 inSz,
+                           byte* out, word32* outSz, const byte* key,
+                           word32 keySz, void* ctx)
+{
+    int     ret;
+    word32  idx = 0;
+    RsaKey  myKey;
+    RNG     rng;
+
+    (void)ssl;
+    (void)ctx;
+
+    ret = InitRng(&rng);
+    if (ret != 0)
+        return ret;
+
+    InitRsaKey(&myKey, NULL);
+    
+    ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);
+    if (ret == 0) {
+        ret = RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
+        if (ret > 0) {
+            *outSz = ret;
+            ret = 0;  /* reset to success */
+        }
+    }
+    FreeRsaKey(&myKey);
+
+    return ret;
+}
+
+static INLINE int myRsaDec(CYASSL* ssl, byte* in, word32 inSz,
+                           byte** out,
+                           const byte* key, word32 keySz, void* ctx)
+{
+    int     ret;
+    word32  idx = 0;
+    RsaKey  myKey;
+
+    (void)ssl;
+    (void)ctx;
+
+    InitRsaKey(&myKey, NULL);
+    
+    ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
+    if (ret == 0) {
+        ret = RsaPrivateDecryptInline(in, inSz, out, &myKey);
+    }
+    FreeRsaKey(&myKey);
+
+    return ret;
+}
+
+#endif /* NO_RSA */
+
+static INLINE void SetupPkCallbacks(CYASSL_CTX* ctx, CYASSL* ssl)
+{
+    (void)ctx;
+    (void)ssl;
+
+    #ifdef HAVE_ECC
+        CyaSSL_CTX_SetEccSignCb(ctx, myEccSign);
+        CyaSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
+    #endif /* HAVE_ECC */
+    #ifndef NO_RSA 
+        CyaSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
+        CyaSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
+        CyaSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
+        CyaSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
+    #endif /* NO_RSA */
+}
+
+#endif /* HAVE_PK_CALLBACKS */
+
+
+
+
+
+#if defined(__hpux__) || defined(__MINGW32__) || defined (CYASSL_TIRTOS)
+
+/* HP/UX doesn't have strsep, needed by test/suites.c */
+static INLINE char* strsep(char **stringp, const char *delim)
+{
+    char* start;
+    char* end;
+
+    start = *stringp;
+    if (start == NULL)
+        return NULL;
+
+    if ((end = strpbrk(start, delim))) {
+        *end++ = '\0';
+        *stringp = end;
+    } else {
+        *stringp = NULL;
+    }
+
+    return start;
+}
+
+#endif /* __hpux__ */
+
+#endif /* CyaSSL_TEST_H */
+

wolfssl/version.h

@@ -0,0 +1,35 @@
+/* cyassl_version.h.in
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LIBCYASSL_VERSION_STRING "3.3.0"
+#define LIBCYASSL_VERSION_HEX 0x03003000
+
+#ifdef __cplusplus
+}
+#endif
+

wolfssl/version.h.in

@@ -0,0 +1,35 @@
+/* cyassl_version.h.in
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LIBCYASSL_VERSION_STRING "@VERSION@"
+#define LIBCYASSL_VERSION_HEX @HEX_VERSION@
+
+#ifdef __cplusplus
+}
+#endif
+