CRL verify the entire chain including loaded CA's

- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting

.gitignore

@@ -410,6 +410,7 @@ XXX-fips-test
 
 # ASYNC
 /wolfAsyncCrypt
+/async
 
 # Generated user_settings_asm.h.
 user_settings_asm.h

certs/crl/ca-int-ecc.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+MIIBXjCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0y
-MDA2MTYxOTE3NThaFw0yMzAzMTMxOTE3NThaoDAwLjAfBgNVHSMEGDAWgBQTtXlZ
-MrO7tEezNA6AwIMeqoLIWzALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSQAwRgIh
-AI0Fl7b1oh6x96i14akYhMMcVHPi7VdLh7fXSf9bMoeqAiEAzxqdobdrD2e53V5b
-0o4HUOCgRB1dzH1m+LcRe+LPUnI=
+MzA5MjcxMjEwMDlaFw0yNjA2MjMxMjEwMDlaoDAwLjAfBgNVHSMEGDAWgBSXHWDD
+hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDRwAwRAIg
+C6Wlwom5faQm2pTYRBI2DVTdy7DYv1QYsi/y6ZDhPAQCIEfioB8LqiTO0gjSzUVN
+KPkEXx3y4Ih3HHcrTwWOVuGv
 -----END X509 CRL-----

certs/crl/ca-int.pem

@@ -2,13 +2,13 @@
 MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD
 VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
 U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl
-cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIw
-MDYxNjE5MTc1OFoXDTIzMDMxMzE5MTc1OFqgMDAuMB8GA1UdIwQYMBaAFIMc8ZiF
-7G4GRTTeUcC6tytnMmZNMAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA
-VQ6Am+DuDpBbUs2yEIe0MDwgVZacmOwEB6wZM/c62qW+tGitjUnj1UD6wNQZwYpP
-OGNYOdbiIskilSC97WJgXW4dJVrRHiV8nAzzi/8tZO96oUbLx1hmfx1/hCxqtm50
-bbYUuS25qoiVFKYkx1tocY+ESLfam09T8ZP3m5m38h5YTe+s6dmHdonEM+JlNEdT
-itvZtSfUU29xCQIXVSWFJHsRGjqdvCpndtY1Kmb8aYdB60zpk2JgOGljg2uF7Iq0
-lquWWfhDl77r0qdlRYHTQ+0FetU4gCZ+ZVGH07+FD/p+GxPh4P0D3i2gFq2Z/0en
-396xKNy+NiBbFw/CUFbLDw==
+cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIz
+MDkyNzEyMTAwOVoXDTI2MDYyMzEyMTAwOVqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV
+HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA
+S39FIBb1dxg1cLXT/tg/G5AO96rcOYWz31KoZee1ATTDmgG/Wfl5eZyzqIrj6yNB
+r0itqwEK4rcJRz5CGRPCa81M3VRcQncj908boEuVsaiWzobWYz1TYTFUvnlQpRO3
+Z124+mBucZ+VxiClZqcCfR/0I8tJFMYDltwWtap8VYeIV6qhqKw7EWTPhwG+me18
+jyhclPaq6sHiUBanecQODzrlXsLGgC64E9h0zbFc7xQXrnLWRurfuLA4vY2xoyyj
+xwTcdSLDL4rlqA2dVEx/FrbA1SBjgUrJy4XJthsFIu4M2fiY81cWKQmEC/2q7qPK
+NrGG8b24EkPvFXepUtleJQ==
 -----END X509 CRL-----

certs/crl/ca-int2-ecc.pem

@@ -3,8 +3,8 @@ MIIBYTCCAQYCAQEwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJbnRlcm1l
 ZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcN
-MjAwNjE2MTkxNzU4WhcNMjMwMzEzMTkxNzU4WqAwMC4wHwYDVR0jBBgwFoAUG/S9
-kCh0ZOMzXotkp/yvuvK5VeUwCwYDVR0UBAQCAiAFMAoGCCqGSM49BAMCA0kAMEYC
-IQDBYNHurBS8JV1DkJLVaVXD5lrvjdCA13poIGJxVvx0NwIhALJQRBbMvQCLZ4ci
-sE1dD+cpe4NdK/x2iH4QJ8XJX8uc
+MjMwOTI3MTIxMDA5WhcNMjYwNjIzMTIxMDA5WqAwMC4wHwYDVR0jBBgwFoAUn657
+enCABFUrxrcMW3nkEkFlMSkwCwYDVR0UBAQCAiAFMAoGCCqGSM49BAMCA0kAMEYC
+IQCIZv1TFoij0ezl8/TaA4wq4cNRnYZaKf+W4ROnAfghZwIhALog+BqrxkhP0C3C
+LEWWD4Q7rOIZdNfK8ABwrg+vWneJ
 -----END X509 CRL-----

certs/crl/ca-int2.pem

@@ -3,12 +3,12 @@ MIICHTCCAQUCAQEwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYD
 VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
 U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBJbnRl
 cm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0y
-MDA2MTYxOTE3NThaFw0yMzAzMTMxOTE3NThaoDAwLjAfBgNVHSMEGDAWgBR6ix1O
-o0DIzlhfjfz/Rix1QdkDXjALBgNVHRQEBAICIAEwDQYJKoZIhvcNAQELBQADggEB
-AJeG0+IjjS5Rf2gAJu/ldHzCwMJccTKt17mHjyQhQnzOQN8Df+zAUDWIVF99d0vO
-cQFx5SYWpFYkT6kSRYHdYmZp8s6Yl0oQJ+isQ1wsFnkF2z+I/g1f/uDX9LWnKxnj
-UE2UttU6fKGQl2F8SDnloDsQjjGnxssyGVeNCTBGjkCHHH9QSpZv5xjTN7INYCso
-3GkWnXwGkghwleXGtgMwW2IMsNVMIFJlHQQzk9P6gqTtvhkCNp6rjAHieU8GqBkh
-1zCMDTgk2LjFaRF/OnbOk1/j+LZZxox9KUIhUF4d33+PhoUd9YegvJJfdVXAKnVc
-HwoO9FjX3jBcnfvs6qPBKLc=
+MzA5MjcxMjEwMDlaFw0yNjA2MjMxMjEwMDlaoDAwLjAfBgNVHSMEGDAWgBQNyWAg
+Q1iB4Joh72YW3G4hJd8rRTALBgNVHRQEBAICIAEwDQYJKoZIhvcNAQELBQADggEB
+AFZgStFKb9hSbaI7ysWXXDNBNPvb97aHd8A3T4HgYVf6MqlnyI2gJbe5VUYtoJTF
+VTIrfM7tJQf68pGCpCbo6N8ai9xAvfU+AeWk2SHgBFRj2LRprx7tDwt0/Y6YlZ2a
+PHhTqyOLEhrW0Qh6NLOJ3e0zS/GQ7Oy8muPUcBbeq+XkLK2JH6gKVrzjn7QptNDr
+7zEdntQArofx1+twNrn800pdltNjV0etC1Ags5ocg10Xp1dD9NPFdLsY5cASHitP
+xpek4sZiBvEB0YKOs+eY8tYtFAPRzEfz5JeZNwUL3jhLH8/4d0mioVSH1+k0xkBz
+MRdmZc1yQaIQe6U0tgzw9SM=
 -----END X509 CRL-----

certs/crl/client-int-ecc.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+MIIBWzCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg
-Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMDA2
-MTYxOTE3NThaFw0yMzAzMTMxOTE3NThaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh
-P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAcwCgYIKoZIzj0EAwIDSAAwRQIhAJiz
-His7baFwO9NAwNTMMpNJbYd1XClf1q9lOdO9S/sqAiBfh8Qy7Lri1brEaafDCxe3
-3PgVHR+m9QkJssAuOEIK2A==
+Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzA5
+MjcxMjEwMTBaFw0yNjA2MjMxMjEwMTBaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh
+P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAcwCgYIKoZIzj0EAwIDRwAwRAIgN4x2
+Lb57tlFYEhVyiNJ+7vmlTSn5IgDY2aMbw5bSi+wCIA7KlbvpkAzSA+lKwUD8wmfW
+r4AwiWgQOz5RfhRx1rXC
 -----END X509 CRL-----

certs/crl/client-int.pem

@@ -2,13 +2,13 @@
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
 VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
 U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll
-bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIwMDYx
-NjE5MTc1OFoXDTIzMDMxMzE5MTc1OFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY
-flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAzANBgkqhkiG9w0BAQsFAAOCAQEARom6
-mppTxCF+GWAEHFbn9EJee2uCCrQ9dd4JLA1Hc4XYGHOoN54jPKZEvTTYB5XKImCg
-NvbOb98l88Gpr0fUDTuAdBQZrM7Vs3IBPoOJdjMNuwQzxvQ+WdY2Jft/4CaR4/mq
-oMJrmhlz1PmWNTqqfFS/GQv/NYDdCXhP4bNuWRMZoSYROyby+bqr2SgNbZ+0GA3/
-jeSCXmdngwEB7z5SoqqRscVOS7Sw1S3e6X/QNQ6rNNR6MWKH95Ra8ke9A12r+3zu
-ZqbIYtbaF49tvOJsvzKQeC8J2oTzpEbRvNudJ4mXLpNEw5I/RL1sum0bJIn0wL+/
-7q1EaGe14zTsPsx06g==
+bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMDky
+NzEyMTAwOVoXDTI2MDYyMzEyMTAwOVqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY
+flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAzANBgkqhkiG9w0BAQsFAAOCAQEAquOQ
+8p0OUhEcAy2RKuXz9mJ+/NpBf4O3f4DmIlNjKC+Vm6dkV/wYFI63/trUZ7zOsL2A
+GCDuFtXqcmWJcl6A3Fi2sUqSrwaz+J7n0fRARlvAHNIiSZX02pPYt+zzBxUUdvmp
+VcFyAPs5VTbCGXQEgqPsH2bpeVtDvEqEhS4fv6GtOQ59nOiDMJqHl6iUKAD/Jw4x
+M/eemrpnGS4K2JG/IBmQN8bZ/3pX+4bAymNqaj+Wz0PQxkOvr7Kv+U9M/Jr8QXPz
+zPAZQfPU5caUA+DhGwPK9NNJu07seuUTi7D0qRP28p0k4rOR7AtRmi47KhP1Rxm1
+7aYL9GnvRcuHob7NtQ==
 -----END X509 CRL-----

certs/crl/extra-crls/ca-int-cert-revoked.pem

@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIICBTCB7gIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
+MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMDkyNzEyMTcyNVoX
+DTI2MDYyMzEyMTcyNVowFTATAgIQABcNMjMwOTI3MTIxNzE2WqAOMAwwCgYDVR0U
+BAMCAQQwDQYJKoZIhvcNAQELBQADggEBAHcmTpTTjLjvxhp88HaQntip35iPTdYb
+RI39Y/DvbDwlyjczvJhhjXmTvDcRLqTkzvdTPFMSVMm+oAYIUdi9RqBwxAZCx1Wf
+4l+WmU8qtz9l1PF3fKU5fsJzlWByPXjyUN6SAa4Uy5k5p4W2HBdXJvKFIY6Q08Cg
+ZHQgwOvHgu3Wh1qCbApNtzPcFv2HLWINg/e/mDAP7dJALNSld4HQ86oT9fB70sWI
+w9ogw18ARxX1M+piZ9oH02bO7K5KMnIeSalen0eXgA/O62+pBF1BvQ7fzmqEUyrp
+OkSYet+pv5bij8IK302z4Ukx/cU8dIDYTNfG+/12YVVFrKL1CnQ20mE=
+-----END X509 CRL-----

certs/crl/gencrls.sh

@@ -107,17 +107,25 @@ check_result $?
 # remove revoked so next time through the normal CA won't have server revoked
 cp blank.index.txt demoCA/index.txt
 
+echo "Step 12"
+# revoke an intermediate cert
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../intermediate/ca-int-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/ca-int-cert-revoked.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+
+# remove revoked so next time through the normal CA won't have server revoked
+cp blank.index.txt demoCA/index.txt
+
 # caEccCrl
-echo "Step 10"
+echo "Step 13"
 openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
 check_result $?
 
-echo "Step 11"
+echo "Step 14"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
 check_result $?
 
 # metadata
-echo "Step 13"
+echo "Step 15"
 openssl crl -in caEccCrl.pem -text > tmp
 check_result $?
 mv tmp caEccCrl.pem
@@ -128,12 +136,12 @@ mv tmp caEccCrl.pem
 # server-revoked-cert.pem is already revoked in Step 10
 #openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 
-echo "Step 14"
+echo "Step 16"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?
 
 # metadata
-echo "Step 15"
+echo "Step 17"
 openssl crl -in caEcc384Crl.pem -text > tmp
 check_result $?
 mv tmp caEcc384Crl.pem
@@ -141,12 +149,12 @@ mv tmp caEcc384Crl.pem
 #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
 
 # cliCrl
-echo "Step 16"
+echo "Step 18"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
 check_result $?
 
 # metadata
-echo "Step 17"
+echo "Step 19"
 openssl crl -in cliCrl.pem -text > tmp
 check_result $?
 mv tmp cliCrl.pem
@@ -154,12 +162,12 @@ mv tmp cliCrl.pem
 #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
 
 # eccCliCRL
-echo "Step 18"
+echo "Step 20"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
 check_result $?
 
 # metadata
-echo "Step 19"
+echo "Step 21"
 openssl crl -in eccCliCRL.pem -text > tmp
 check_result $?
 mv tmp eccCliCRL.pem
@@ -167,12 +175,12 @@ mv tmp eccCliCRL.pem
 #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
 
 # eccSrvCRL
-echo "Step 20"
+echo "Step 22"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
 check_result $?
 
 # metadata
-echo "Step 21"
+echo "Step 23"
 openssl crl -in eccSrvCRL.pem -text > tmp
 check_result $?
 mv tmp eccSrvCRL.pem
@@ -180,17 +188,17 @@ mv tmp eccSrvCRL.pem
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
 # caEccCrl
-echo "Step 22"
+echo "Step 24"
 openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
 check_result $?
 
 # ca-ecc384-cert
-echo "Step 23"
+echo "Step 25"
 openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?
 
 # create crl and crl2 der files for unit test
-echo "Step 24"
+echo "Step 26"
 openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
 openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
 

certs/crl/include.am

@@ -3,30 +3,32 @@
 #
 
 EXTRA_DIST += \
-	     certs/crl/hash_pem/0fdb2da4.r0 \
-	     certs/crl/hash_der/0fdb2da4.r0 \
-	     certs/crl/crl.pem \
-	     certs/crl/cliCrl.pem \
-	     certs/crl/eccSrvCRL.pem \
-	     certs/crl/eccCliCRL.pem \
-	     certs/crl/crl2.pem \
-	     certs/crl/caEccCrl.der \
-	     certs/crl/caEccCrl.pem \
-	     certs/crl/caEcc384Crl.pem \
-	     certs/crl/wolfssl.cnf \
-	     certs/crl/crl.der \
-	     certs/crl/crl2.der
+		certs/crl/hash_pem/0fdb2da4.r0 \
+		certs/crl/hash_der/0fdb2da4.r0 \
+		certs/crl/crl.pem \
+		certs/crl/cliCrl.pem \
+		certs/crl/eccSrvCRL.pem \
+		certs/crl/eccCliCRL.pem \
+		certs/crl/crl2.pem \
+		certs/crl/caEccCrl.der \
+		certs/crl/caEccCrl.pem \
+		certs/crl/caEcc384Crl.pem \
+		certs/crl/wolfssl.cnf \
+		certs/crl/crl.der \
+		certs/crl/crl2.der
 
 EXTRA_DIST += \
-	     certs/crl/crl.revoked
+		certs/crl/crl.revoked \
+		certs/crl/extra-crls/ca-int-cert-revoked.pem \
+		certs/crl/extra-crls/general-server-crl.pem
 
 # Intermediate cert CRL's
 EXTRA_DIST += \
-		 certs/crl/ca-int.pem \
-		 certs/crl/ca-int2.pem \
-		 certs/crl/client-int.pem \
-	     certs/crl/server-int.pem \
-	     certs/crl/ca-int-ecc.pem \
-		 certs/crl/ca-int2-ecc.pem \
-		 certs/crl/client-int-ecc.pem \
-	     certs/crl/server-int-ecc.pem
+		certs/crl/ca-int.pem \
+		certs/crl/ca-int2.pem \
+		certs/crl/client-int.pem \
+		certs/crl/server-int.pem \
+		certs/crl/ca-int-ecc.pem \
+		certs/crl/ca-int2-ecc.pem \
+		certs/crl/client-int-ecc.pem \
+		certs/crl/server-int-ecc.pem

certs/crl/server-int-ecc.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg
-Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMDA2
-MTYxOTE3NThaFw0yMzAzMTMxOTE3NThaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42
-+Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAYwCgYIKoZIzj0EAwIDSAAwRQIgeQwr
-cMQD2CE83QHYP6QoAqN3FlxOmPC9f4QQVlpOozUCIQDTDxH4UsFLCy8QgtjtfkFC
-TmVI1ubZPFDiRHGDWI2LaA==
+Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzA5
+MjcxMjEwMDlaFw0yNjA2MjMxMjEwMDlaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42
++Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAYwCgYIKoZIzj0EAwIDSQAwRgIhAMfw
+Zdxg+ZHfkUB2CGl10FTK07QsadcvaWfPTm9DR+HKAiEA05BIg3SELG8Y3y5cpZ7o
+MoDq1dISrrjXFSoDE94DUeM=
 -----END X509 CRL-----

certs/crl/server-int.pem

@@ -2,13 +2,13 @@
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
 VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
 U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2
-ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIwMDYx
-NjE5MTc1OFoXDTIzMDMxMzE5MTc1OFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi
-yfjQO24DQsofDo48MAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAtEEG
-Z05j/ygGi+DNPkjevKDcZlkPYRcYMQpM1RTkVyzbO6YG1i0ZoCH1MKBxB0MPS3xa
-qb96jYIfpDZOUb/o2ZXOefXcirm53eJTSoa72dFoxawH74J1f/HgRT8UYISvJ+1a
-L4NtAcn3lNxZWtg0gvT0pdy1zCpEsxonz4mJEaN5796qIUj1z47r/D0P9w8TFshC
-9Kow+FNEjZT7A8E9EAdfePTlws8FXNcJEUbyxEJUOe6QTssXr4Ib20opQKREvhfY
-5S6MsQibpO/EEv+Tg5JYeqjWOpqfO/gKBo4Xa9ImbC8N1OdCkd0ZHqvcC8IC6S00
-V0/Td56mV5BZJXG0pw==
+ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMDky
+NzEyMTAwOVoXDTI2MDYyMzEyMTAwOVqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi
+yfjQO24DQsofDo48MAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEACBCr
+TAzAlmfF6tnhf/P5l+tg9Jd/J3SB0vNw8Pw5yQcb0/mCkYNfdjCGGp9KqiToeS1G
+uhKW5oENKY/n3CsXXBnRfhAHtwUyxrzjuc4iPF8ymgwlHGjlr/74a2CYu2iXTIIM
+2P37m1p+u5FhcyH+qncgR6I6n4FeIZFSz4aXHeruTVEDliUshWC4PVpkqokk1u5/
+V2RUYTiPGyxrlpRIFtTPbnRcwItmmtPrq6YO20soDPvjtjFOgGzlP31QzVSpP7wU
+O/z9Thzw0CBckJN3DZIQqGJd5GkmOw63KD0auf1FrtjuFY64OEU4+LsZwwQO6aVD
+nSKMhOpc5T6VumKS8w==
 -----END X509 CRL-----

certs/intermediate/ca-int-cert.pem

@@ -5,79 +5,79 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:57 2020 GMT
-            Not After : Jun 11 19:17:57 2040 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 22 12:10:09 2043 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
-                    00:f2:23:28:f7:81:43:f0:63:b9:f2:77:7e:30:1a:
-                    40:6b:e1:dd:6b:41:36:ee:7d:58:23:dc:56:e9:bb:
-                    e8:3b:11:58:c3:c3:b7:eb:98:5a:e9:76:12:cd:ef:
-                    77:09:25:d3:6c:e6:3a:49:68:50:90:d7:32:e0:18:
-                    d6:05:df:f7:9e:d2:8f:7b:b5:91:5c:bf:3e:09:81:
-                    dd:79:ed:44:c2:93:f5:9d:a4:cb:0a:6b:63:b4:f0:
-                    ee:d1:dd:6c:e7:c6:b7:f1:30:d4:b7:54:28:18:11:
-                    fc:25:ac:5b:f1:b3:19:13:47:7d:7e:d9:45:97:3c:
-                    bb:b9:42:70:06:94:55:23:15:0b:84:ca:0c:15:c1:
-                    6e:1a:1c:f9:54:c9:e6:e3:b8:c1:45:e5:5a:89:e1:
-                    f1:1b:1d:81:b7:34:07:17:28:5b:10:c7:a6:21:eb:
-                    5d:89:11:a3:d0:39:60:34:ea:e1:75:fa:b8:7c:ee:
-                    c5:3f:64:6a:1d:b8:d8:a4:b2:82:98:31:11:e8:b5:
-                    20:2d:03:e5:d1:61:35:a4:4b:b5:ad:a6:b7:72:71:
-                    3e:86:38:0e:38:b6:5d:b5:ab:bf:3a:ba:1e:32:76:
-                    ba:54:4d:05:ca:4e:e2:83:df:30:64:11:9e:99:93:
-                    3b:a6:fb:3b:df:7d:90:02:f4:b4:f1:e8:41:31:78:
-                    02:3f
+                    00:c3:a2:73:5d:21:62:20:ce:3a:71:38:a7:94:bb:
+                    db:87:04:1c:5a:1b:9e:4b:0d:3e:ca:f8:a5:f7:0d:
+                    6a:dc:23:90:22:6a:2b:58:63:4a:28:6a:48:a8:e7:
+                    73:1f:a2:55:d8:4d:02:3b:e2:cb:6b:e2:83:c9:51:
+                    8f:77:fd:dc:2d:5d:23:b7:23:9a:7e:b6:29:68:e8:
+                    2a:4e:a9:fe:32:70:31:9e:f0:ef:ee:f8:8d:e3:fc:
+                    f3:d7:28:dd:7a:1d:9e:ad:23:2b:f1:a6:7f:34:52:
+                    29:66:d2:e5:64:55:64:d6:dd:4b:41:3b:55:83:6e:
+                    c0:11:0e:6e:20:c2:16:73:eb:30:ff:09:46:bb:e7:
+                    cc:c6:03:44:41:11:c6:c1:6c:36:2f:4a:f9:91:55:
+                    ca:58:5e:37:b8:28:10:30:89:40:96:77:cf:70:66:
+                    a4:55:fb:69:0b:e7:d9:b2:33:65:db:72:3a:77:b7:
+                    2b:49:fc:b6:cd:58:10:8d:ab:aa:cb:40:45:77:02:
+                    39:18:b3:8f:33:01:48:77:50:be:8e:73:a7:de:36:
+                    a0:49:8e:2c:16:af:b9:fb:42:2d:35:6a:db:34:37:
+                    d5:14:59:7d:65:72:e5:8b:65:55:4b:20:5e:47:f9:
+                    f8:3a:d3:6c:d9:3a:f5:c7:01:46:31:c3:79:9a:18:
+                    be:49
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                83:1C:F1:98:85:EC:6E:06:45:34:DE:51:C0:BA:B7:2B:67:32:66:4D
+                EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
             X509v3 Authority Key Identifier: 
-                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
-
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
             X509v3 Basic Constraints: critical
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         7d:0d:5c:2a:19:e7:ee:5f:ca:2d:d4:59:54:b9:ca:33:18:3a:
-         e3:22:2c:18:70:bb:c5:58:45:d9:82:bc:80:5d:90:d9:02:34:
-         6c:1a:4f:f1:6b:59:4e:cd:e1:ea:27:80:e6:e2:d8:7e:af:2b:
-         ac:c1:62:e0:4d:e9:e6:74:99:fe:c0:50:cb:d3:7d:e5:2b:82:
-         0d:67:0d:14:b5:2c:6a:a2:7a:c2:dd:08:a7:40:2a:8f:a1:bf:
-         4d:53:75:5d:dd:c3:82:e5:e4:1f:04:b0:b6:a7:cc:55:6c:b4:
-         d4:74:9e:9a:36:37:f0:32:69:97:44:fb:d2:22:1a:8b:95:34:
-         44:32:cc:2a:a9:76:f7:12:c7:b9:9b:f1:e5:a7:c7:d5:6d:12:
-         ec:00:1d:21:b2:13:f2:33:e0:ea:e0:c8:63:7c:dd:06:c7:3c:
-         ba:a4:bd:a0:9b:8d:a1:1a:7d:3a:d7:c9:f3:35:4e:c5:76:6b:
-         6d:50:d1:95:23:e8:c0:7f:3d:3f:45:08:10:77:6b:29:68:cc:
-         dd:b6:20:f8:c1:15:4c:6f:e2:ab:9d:61:13:dd:bc:c5:e7:98:
-         cc:23:29:ba:1c:b6:21:c0:b0:b6:e9:de:2b:43:d7:ca:7b:28:
-         6a:fa:4c:c9:39:4d:e1:40:ed:e6:c0:16:9d:69:b2:f9:bf:db:
-         50:27:3c:b3
+    Signature Value:
+        83:d7:44:cb:2d:2e:1e:83:47:9b:e0:24:24:89:90:12:96:a8:
+        f4:c7:ac:ea:8c:dc:ff:93:40:bb:a2:3a:57:60:fd:94:b1:e2:
+        c9:56:be:a5:12:b5:b9:2a:50:57:48:fd:5b:90:96:7b:52:d3:
+        a4:3f:a2:3c:cb:2e:2d:a9:19:17:9a:30:b0:49:cd:78:25:98:
+        1e:f5:3b:37:fa:ec:cb:4d:45:46:b8:45:7f:97:b6:f3:79:e6:
+        2d:31:75:2c:80:f9:db:3b:af:94:31:6b:63:e4:5b:78:7f:6d:
+        52:84:22:60:56:3b:37:0f:8b:7b:5f:5c:f6:f3:f0:1f:d9:00:
+        8b:2a:ca:df:0e:03:94:90:d0:f4:ef:a5:47:8a:b6:7c:db:cf:
+        05:47:70:73:5d:b2:41:44:a0:a0:0e:62:39:7f:cc:06:87:13:
+        35:74:8c:9e:2c:46:2e:e5:0a:d3:92:7a:83:8d:22:8c:06:b3:
+        2f:0d:5c:26:9a:e4:19:cb:61:45:5a:2a:cb:8e:91:e6:63:58:
+        38:c3:14:db:07:8d:1a:9e:dd:f1:07:58:71:de:3d:0b:6c:c1:
+        98:8b:66:33:26:d9:61:db:01:c7:30:b8:e8:0a:bf:7a:58:6b:
+        98:6c:a7:3c:2c:f8:60:b7:05:7b:73:8b:d6:c5:c8:d5:5a:25:
+        03:df:e7:fc
 -----BEGIN CERTIFICATE-----
 MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1N1oXDTQwMDYxMTE5MTc1N1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyIyj3gUPwY7nyd34wGkBr4d1rQTbu
-fVgj3Fbpu+g7EVjDw7frmFrpdhLN73cJJdNs5jpJaFCQ1zLgGNYF3/ee0o97tZFc
-vz4Jgd157UTCk/WdpMsKa2O08O7R3WznxrfxMNS3VCgYEfwlrFvxsxkTR31+2UWX
-PLu5QnAGlFUjFQuEygwVwW4aHPlUyebjuMFF5VqJ4fEbHYG3NAcXKFsQx6Yh612J
-EaPQOWA06uF1+rh87sU/ZGoduNiksoKYMRHotSAtA+XRYTWkS7WtprdycT6GOA44
-tl21q786uh4ydrpUTQXKTuKD3zBkEZ6Zkzum+zvffZAC9LTx6EExeAI/AgMBAAGj
-ZjBkMB0GA1UdDgQWBBSDHPGYhexuBkU03lHAurcrZzJmTTAfBgNVHSMEGDAWgBQn
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
 jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB
-/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAfQ1cKhnn7l/KLdRZVLnKMxg64yIs
-GHC7xVhF2YK8gF2Q2QI0bBpP8WtZTs3h6ieA5uLYfq8rrMFi4E3p5nSZ/sBQy9N9
-5SuCDWcNFLUsaqJ6wt0Ip0Aqj6G/TVN1Xd3DguXkHwSwtqfMVWy01HSemjY38DJp
-l0T70iIai5U0RDLMKql29xLHuZvx5afH1W0S7AAdIbIT8jPg6uDIY3zdBsc8uqS9
-oJuNoRp9OtfJ8zVOxXZrbVDRlSPowH89P0UIEHdrKWjM3bYg+MEVTG/iq51hE928
-xeeYzCMpuhy2IcCwtuneK0PXynsoavpMyTlN4UDt5sAWnWmy+b/bUCc8sw==
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAg9dEyy0uHoNHm+AkJImQEpao9Mes
+6ozc/5NAu6I6V2D9lLHiyVa+pRK1uSpQV0j9W5CWe1LTpD+iPMsuLakZF5owsEnN
+eCWYHvU7N/rsy01FRrhFf5e283nmLTF1LID52zuvlDFrY+RbeH9tUoQiYFY7Nw+L
+e19c9vPwH9kAiyrK3w4DlJDQ9O+lR4q2fNvPBUdwc12yQUSgoA5iOX/MBocTNXSM
+nixGLuUK05J6g40ijAazLw1cJprkGcthRVoqy46R5mNYOMMU2weNGp7d8QdYcd49
+C2zBmItmMybZYdsBxzC46Aq/elhrmGynPCz4YLcFe3OL1sXI1VolA9/n/A==
 -----END CERTIFICATE-----

certs/intermediate/ca-int-ecc-cert.pem

@@ -5,48 +5,48 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:58 2020 GMT
-            Not After : Jun 11 19:17:58 2040 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 22 12:10:09 2043 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA ECC, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:c6:9c:cd:8f:e5:ec:5b:d8:b0:fc:91:20:e2:0b:
-                    3b:51:53:54:4b:89:43:8e:00:de:91:ae:d3:90:f3:
-                    85:dc:cc:3d:11:08:15:76:82:e2:92:35:4a:d4:45:
-                    8e:83:36:82:62:b8:4d:07:85:0b:a5:54:e0:14:e8:
-                    93:de:7f:92:e8
+                    04:95:df:1c:b2:9e:20:a9:1d:a2:5b:ab:5c:9b:a8:
+                    66:06:29:e6:b2:d8:e3:14:a6:c3:c1:b4:ad:4d:44:
+                    18:20:1e:5d:67:fd:15:1d:6d:25:e1:17:b1:71:ca:
+                    85:03:f0:d2:af:41:66:46:36:6d:ea:41:cb:4f:c8:
+                    4a:d0:a0:61:8c
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                13:B5:79:59:32:B3:BB:B4:47:B3:34:0E:80:C0:83:1E:AA:82:C8:5B
+                97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:8a:51:91:f6:92:c5:4a:69:65:db:5b:90:c3:
-         90:6a:c0:96:e7:26:7a:af:18:91:2c:6b:67:55:40:18:6c:c1:
-         a6:02:21:00:96:cc:9d:37:ad:ea:79:52:6e:4d:41:93:db:64:
-         7f:e7:42:b9:f1:12:90:f4:84:5c:73:b1:21:d8:fb:55:fe:6f
+    Signature Value:
+        30:46:02:21:00:e1:e7:6f:05:9e:1d:62:41:4e:9d:1e:38:67:
+        e9:9e:3b:65:dc:15:fc:eb:32:85:84:5e:02:f3:8e:7b:12:f7:
+        99:02:21:00:92:77:65:b1:bd:fb:b2:a4:41:87:c9:9e:3d:e0:
+        39:02:f3:db:42:31:bf:fb:6d:fd:74:be:a3:e3:74:fc:f5:64
 -----BEGIN CERTIFICATE-----
 MIICkzCCAjigAwIBAgICEAQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExpzNj+XsW9iw/JEg4gs7UVNUS4lDjgDe
-ka7TkPOF3Mw9EQgVdoLikjVK1EWOgzaCYrhNB4ULpVTgFOiT3n+S6KNmMGQwHQYD
-VR0OBBYEFBO1eVkys7u0R7M0DoDAgx6qgshbMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
 uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG
-MAoGCCqGSM49BAMCA0kAMEYCIQCKUZH2ksVKaWXbW5DDkGrAlucmeq8YkSxrZ1VA
-GGzBpgIhAJbMnTet6nlSbk1Bk9tkf+dCufESkPSEXHOxIdj7Vf5v
+MAoGCCqGSM49BAMCA0kAMEYCIQDh528Fnh1iQU6dHjhn6Z47ZdwV/OsyhYReAvOO
+exL3mQIhAJJ3ZbG9+7KkQYfJnj3gOQLz20Ixv/tt/XS+o+N0/PVk
 -----END CERTIFICATE-----

certs/intermediate/ca-int2-cert.pem

@@ -5,80 +5,80 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:57 2020 GMT
-            Not After : Jun 11 19:17:57 2040 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 22 12:10:09 2043 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate2 CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
-                    00:a0:2f:a1:02:30:5d:19:a1:8e:44:86:d4:93:f7:
-                    f1:53:ba:3f:d2:24:df:ff:cb:af:8f:a6:e7:f9:87:
-                    9a:1f:00:cc:8f:40:86:78:3a:1b:9a:78:0e:e3:6e:
-                    da:f3:e7:6c:57:76:31:cf:03:21:9a:c8:79:29:60:
-                    db:ee:d8:a9:15:b4:67:5b:77:9a:86:f9:db:43:cc:
-                    a2:0f:91:e6:70:4f:1e:6e:14:b1:8d:f0:a1:e5:39:
-                    77:a1:92:97:88:4a:26:f1:88:98:24:6c:fd:46:e2:
-                    71:07:5d:af:d4:bc:a8:8c:5d:ee:43:08:da:a7:ec:
-                    09:51:ed:ad:cd:75:8b:58:c7:a1:98:56:e7:19:78:
-                    93:4b:53:77:b7:da:79:7d:70:84:bb:1d:e9:a0:3c:
-                    02:bc:a7:96:fa:bb:98:90:ae:35:19:d0:e7:64:1e:
-                    9d:09:a1:06:f2:c2:fd:cb:a3:29:2c:c0:79:f8:e9:
-                    e9:93:67:8c:35:2e:a1:49:a0:34:6c:38:1d:6b:4c:
-                    a5:ba:c7:84:80:95:17:12:cb:dd:a7:f6:2e:2c:c7:
-                    0f:c1:54:1f:97:6c:01:3b:da:2e:c7:dc:53:c9:26:
-                    e6:9a:66:a8:7f:55:fa:cd:72:18:69:87:4e:8c:e4:
-                    02:dd:f7:31:1a:a3:6e:cd:88:43:70:b4:34:6d:a6:
-                    86:75
+                    00:cf:c9:3d:59:01:9f:1d:77:91:56:cb:ab:06:82:
+                    c1:81:31:9a:e2:f9:c6:f9:a3:40:2d:86:42:d7:5f:
+                    41:a5:05:42:0f:5f:2b:6b:bd:29:92:e5:52:c6:5c:
+                    f9:7e:9d:fb:8e:d6:69:8c:03:91:87:1c:1f:bf:24:
+                    59:44:cc:ef:af:92:2a:06:e1:a1:01:5b:04:57:8a:
+                    1a:b6:04:e2:c2:3c:10:3c:42:31:01:aa:c3:f2:32:
+                    1e:01:95:d0:91:a7:66:c1:22:68:36:53:2a:52:03:
+                    eb:b5:9b:82:01:24:f9:d1:ae:fb:53:4c:5a:06:e5:
+                    6e:5a:d6:ac:5b:28:1a:53:e8:d7:a5:ce:6e:9c:34:
+                    c3:08:0b:cb:2f:8e:df:ef:8c:35:f5:b0:bc:5d:0f:
+                    ae:0a:4a:cf:54:01:d2:3c:b4:78:ee:48:10:56:80:
+                    4f:83:87:4e:67:1f:4f:17:2e:3e:2d:f5:6d:c9:07:
+                    a2:3e:32:92:0f:1e:a4:0b:55:a6:1f:84:ef:9d:75:
+                    ef:66:7c:75:f7:e7:40:3a:9c:c1:33:42:3d:2f:7f:
+                    99:5d:7b:04:d5:a9:6c:41:e8:89:16:58:fd:3a:a0:
+                    04:bd:77:d6:63:5e:6a:13:59:37:5f:f1:59:01:45:
+                    48:9c:8b:f7:16:f4:50:f7:5a:b4:5a:33:f6:f5:41:
+                    c1:3d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                7A:8B:1D:4E:A3:40:C8:CE:58:5F:8D:FC:FF:46:2C:75:41:D9:03:5E
+                0D:C9:60:20:43:58:81:E0:9A:21:EF:66:16:DC:6E:21:25:DF:2B:45
             X509v3 Authority Key Identifier: 
-                keyid:83:1C:F1:98:85:EC:6E:06:45:34:DE:51:C0:BA:B7:2B:67:32:66:4D
-
+                EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
             X509v3 Basic Constraints: critical
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0c:72:99:ed:e7:03:58:c2:2b:88:d2:aa:43:31:84:18:2f:de:
-         c5:5d:e0:20:d8:54:3c:5e:2b:87:2a:9f:96:b1:ef:be:d7:c7:
-         27:71:68:ac:71:61:b8:6e:d1:aa:4b:2f:ef:d4:37:e7:bb:87:
-         90:63:48:38:9b:20:15:bd:bc:af:8a:b4:af:53:91:8e:84:11:
-         14:ea:6f:85:f4:4e:ba:0a:49:91:b3:19:99:2a:d1:f9:a7:a7:
-         6b:fd:7f:78:88:7b:d3:7d:2c:b1:9f:70:15:1a:db:86:9b:ce:
-         b7:07:25:ec:39:8c:59:a3:d2:d1:cc:18:15:14:a0:85:4d:4f:
-         fb:9a:47:2f:dc:66:c7:7d:7c:12:89:48:58:d4:cb:1a:1b:12:
-         ba:9c:ed:5c:8c:bf:72:0e:5f:8e:42:34:4b:6c:3e:04:6f:d9:
-         50:e3:28:93:6b:13:fd:6b:d6:2d:1b:cd:fb:fe:0b:a3:8c:df:
-         c8:e6:ad:9e:69:8a:93:96:d7:84:31:bb:ca:f2:db:e2:18:c9:
-         f1:91:8a:c7:06:9f:c2:0a:e9:b4:5f:e3:7b:20:fc:1a:16:1c:
-         02:53:12:cd:66:45:55:6e:b1:c0:95:2d:2b:d6:19:b8:99:4e:
-         1f:1b:9c:fb:b9:fe:8c:7e:32:57:f3:80:e9:f8:be:25:2f:03:
-         46:3c:b3:0a
+    Signature Value:
+        86:c3:f8:62:d2:10:a0:b4:da:78:e9:85:c5:99:04:24:9e:77:
+        1a:58:a4:9f:26:c7:58:5b:b8:76:80:57:ce:20:a4:e5:de:21:
+        21:3d:70:01:4d:0f:6d:5a:f6:3d:48:68:d2:38:c5:ea:d4:9f:
+        a4:00:b2:e4:de:70:6b:58:b9:a2:a9:9b:dd:a6:a6:8e:6c:c4:
+        f9:5f:d7:17:45:85:be:e8:2f:fb:d2:82:d2:ab:2c:e2:ff:35:
+        20:b4:6c:06:7e:08:51:7a:af:19:73:58:f3:a8:48:65:0a:4f:
+        67:44:7e:c0:fd:4b:94:94:b1:4c:56:85:7a:31:af:09:03:fa:
+        cc:5d:85:55:0b:ac:1b:6a:c9:aa:c4:bb:e4:e0:ad:42:38:f1:
+        6f:74:d7:db:0c:ca:01:e0:f3:4a:c7:eb:f2:6e:30:c6:8e:a3:
+        cf:5a:45:0f:7f:98:92:31:20:fc:26:21:34:15:06:4f:29:a3:
+        5c:15:11:5b:04:94:d5:2c:9b:1e:5b:61:65:dc:6e:6c:00:05:
+        01:ce:2b:48:54:f9:91:2b:4c:8c:bb:db:94:b5:08:53:11:97:
+        15:01:bc:65:28:b6:a2:83:5f:f0:d8:79:84:17:27:75:2a:54:
+        c8:07:31:d7:50:05:51:07:4f:57:c8:bf:49:75:35:a1:39:af:
+        66:ec:26:e1
 -----BEGIN CERTIFICATE-----
 MIIEIzCCAwugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
 TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjAwNjE2MTkxNzU3WhcNNDAwNjExMTkxNzU3WjCBoDELMAkGA1UEBhMC
+b20wHhcNMjMwOTI3MTIxMDA5WhcNNDMwOTIyMTIxMDA5WjCBoDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
 BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MSEwHwYDVQQDDBh3b2xm
 U1NMIEludGVybWVkaWF0ZTIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgL6ECMF0ZoY5E
-htST9/FTuj/SJN//y6+Ppuf5h5ofAMyPQIZ4OhuaeA7jbtrz52xXdjHPAyGayHkp
-YNvu2KkVtGdbd5qG+dtDzKIPkeZwTx5uFLGN8KHlOXehkpeISibxiJgkbP1G4nEH
-Xa/UvKiMXe5DCNqn7AlR7a3NdYtYx6GYVucZeJNLU3e32nl9cIS7HemgPAK8p5b6
-u5iQrjUZ0OdkHp0JoQbywv3LoykswHn46emTZ4w1LqFJoDRsOB1rTKW6x4SAlRcS
-y92n9i4sxw/BVB+XbAE72i7H3FPJJuaaZqh/VfrNchhph06M5ALd9zEao27NiENw
-tDRtpoZ1AgMBAAGjZjBkMB0GA1UdDgQWBBR6ix1Oo0DIzlhfjfz/Rix1QdkDXjAf
-BgNVHSMEGDAWgBSDHPGYhexuBkU03lHAurcrZzJmTTASBgNVHRMBAf8ECDAGAQH/
-AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEADHKZ7ecDWMIr
-iNKqQzGEGC/exV3gINhUPF4rhyqflrHvvtfHJ3ForHFhuG7Rqksv79Q357uHkGNI
-OJsgFb28r4q0r1ORjoQRFOpvhfROugpJkbMZmSrR+aena/1/eIh7030ssZ9wFRrb
-hpvOtwcl7DmMWaPS0cwYFRSghU1P+5pHL9xmx318EolIWNTLGhsSupztXIy/cg5f
-jkI0S2w+BG/ZUOMok2sT/WvWLRvN+/4Lo4zfyOatnmmKk5bXhDG7yvLb4hjJ8ZGK
-xwafwgrptF/jeyD8GhYcAlMSzWZFVW6xwJUtK9YZuJlOHxuc+7n+jH4yV/OA6fi+
-JS8DRjyzCg==
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyT1ZAZ8dd5FW
+y6sGgsGBMZri+cb5o0AthkLXX0GlBUIPXytrvSmS5VLGXPl+nfuO1mmMA5GHHB+/
+JFlEzO+vkioG4aEBWwRXihq2BOLCPBA8QjEBqsPyMh4BldCRp2bBImg2UypSA+u1
+m4IBJPnRrvtTTFoG5W5a1qxbKBpT6Nelzm6cNMMIC8svjt/vjDX1sLxdD64KSs9U
+AdI8tHjuSBBWgE+Dh05nH08XLj4t9W3JB6I+MpIPHqQLVaYfhO+dde9mfHX350A6
+nMEzQj0vf5ldewTVqWxB6IkWWP06oAS9d9ZjXmoTWTdf8VkBRUici/cW9FD3WrRa
+M/b1QcE9AgMBAAGjZjBkMB0GA1UdDgQWBBQNyWAgQ1iB4Joh72YW3G4hJd8rRTAf
+BgNVHSMEGDAWgBTvaeD31R3mmezcbdD34rlcZHGDNTASBgNVHRMBAf8ECDAGAQH/
+AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAhsP4YtIQoLTa
+eOmFxZkEJJ53GliknybHWFu4doBXziCk5d4hIT1wAU0PbVr2PUho0jjF6tSfpACy
+5N5wa1i5oqmb3aamjmzE+V/XF0WFvugv+9KC0qss4v81ILRsBn4IUXqvGXNY86hI
+ZQpPZ0R+wP1LlJSxTFaFejGvCQP6zF2FVQusG2rJqsS75OCtQjjxb3TX2wzKAeDz
+Ssfr8m4wxo6jz1pFD3+YkjEg/CYhNBUGTymjXBURWwSU1SybHlthZdxubAAFAc4r
+SFT5kStMjLvblLUIUxGXFQG8ZSi2ooNf8Nh5hBcndSpUyAcx11AFUQdPV8i/SXU1
+oTmvZuwm4Q==
 -----END CERTIFICATE-----

certs/intermediate/ca-int2-ecc-cert.pem

@@ -5,49 +5,49 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA ECC, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:58 2020 GMT
-            Not After : Jun 11 19:17:58 2040 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 22 12:10:09 2043 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate2 CA ECC, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:ea:16:28:2c:27:5e:41:99:05:28:8b:99:fa:c5:
-                    a2:74:3c:15:4d:52:f4:4b:2d:83:34:82:8e:d5:b6:
-                    3f:61:d0:87:eb:f8:4c:06:5e:ed:66:1e:8c:ca:a4:
-                    f6:2a:76:4f:d7:26:09:4c:1e:89:b9:18:8e:d2:a3:
-                    66:3c:1b:3d:cb
+                    04:c7:b4:a9:9f:32:fb:a2:8f:6a:f3:2e:c1:5d:ca:
+                    08:ec:c6:9f:13:ad:f5:3e:9d:75:f7:e4:f2:16:99:
+                    37:f7:89:73:cf:54:81:5f:16:0c:04:78:85:33:ef:
+                    92:a2:f7:86:3f:c7:a1:ba:0a:74:17:c2:45:7a:77:
+                    13:a9:13:fd:d3
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                1B:F4:BD:90:28:74:64:E3:33:5E:8B:64:A7:FC:AF:BA:F2:B9:55:E5
+                9F:AE:7B:7A:70:80:04:55:2B:C6:B7:0C:5B:79:E4:12:41:65:31:29
             X509v3 Authority Key Identifier: 
-                keyid:13:B5:79:59:32:B3:BB:B4:47:B3:34:0E:80:C0:83:1E:AA:82:C8:5B
-
+                97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
             X509v3 Basic Constraints: critical
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:20:4f:1b:d1:e1:d7:8e:73:b5:8b:f7:4d:0b:3d:fc:
-         12:bc:6f:7c:ad:b9:12:70:30:37:41:27:ec:6b:35:06:8e:47:
-         02:21:00:a1:55:91:b7:68:1e:32:66:37:68:10:0a:9f:36:ee:
-         c3:97:2b:85:b8:3c:47:3c:4a:ed:13:c5:5b:59:bc:b5:29
+    Signature Value:
+        30:46:02:21:00:85:d2:26:f9:75:6a:4b:e9:76:88:bb:37:d0:
+        96:e6:bc:24:d0:8f:67:51:18:cf:69:58:b7:da:7b:c1:a3:da:
+        41:02:21:00:fd:b7:36:be:ac:7c:43:6c:88:a8:b2:9b:2a:36:
+        21:2e:64:20:dc:b5:9d:09:95:5b:33:29:93:88:9b:67:cb:0d
 -----BEGIN CERTIFICATE-----
-MIICnzCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+MIICoDCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
 bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaQxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaQxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29s
 ZlNTTCBJbnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOoWKCwnXkGZBSiL
-mfrFonQ8FU1S9EstgzSCjtW2P2HQh+v4TAZe7WYejMqk9ip2T9cmCUweibkYjtKj
-ZjwbPcujZjBkMB0GA1UdDgQWBBQb9L2QKHRk4zNei2Sn/K+68rlV5TAfBgNVHSME
-GDAWgBQTtXlZMrO7tEezNA6AwIMeqoLIWzASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
-A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiBPG9Hh145ztYv3TQs9/BK8
-b3ytuRJwMDdBJ+xrNQaORwIhAKFVkbdoHjJmN2gQCp827sOXK4W4PEc8Su0TxVtZ
-vLUp
+b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMe0qZ8y+6KPavMu
+wV3KCOzGnxOt9T6ddffk8haZN/eJc89UgV8WDAR4hTPvkqL3hj/HoboKdBfCRXp3
+E6kT/dOjZjBkMB0GA1UdDgQWBBSfrnt6cIAEVSvGtwxbeeQSQWUxKTAfBgNVHSME
+GDAWgBSXHWDDhyJZm2AfhLSZHIhNv9oebjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
+A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAhdIm+XVqS+l2iLs30Jbm
+vCTQj2dRGM9pWLfae8Gj2kECIQD9tza+rHxDbIiospsqNiEuZCDctZ0JlVszKZOI
+m2fLDQ==
 -----END CERTIFICATE-----

certs/intermediate/client-chain-alt-ecc.pem

@@ -3,70 +3,70 @@ MIICyDCCAm2gAwIBAgICEAcwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJ
 bnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMDA2MTYxOTE3NThaFw0zMDA2MTQxOTE3NThaMIGgMQswCQYDVQQG
+LmNvbTAeFw0yMzA5MjcxMjEwMDlaFw0zMzA5MjQxMjEwMDlaMIGgMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
 A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxITAfBgNVBAMMGHdv
 bGZTU0wgQ2xpZW50IENoYWluIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
 c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFW/9A9EUJo9zpu38MVN
 9XB71OwkjhmA7FpMoiQDYiyb2u+iNRJDhHYWxlaVBswBqb32dRpC972psjYiX8dd
 f7SjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYE
-FOvUS1lrlWE/UVe2BE2JQYhEXKvyMB8GA1UdIwQYMBaAFBv0vZAodGTjM16LZKf8
-r7ryuVXlMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
-BQUHAwQwCgYIKoZIzj0EAwIDSQAwRgIhAK6CPTUWc9Ue5ac0zydwQpncWVqKNiU3
-gYnFhKaVgJ2tAiEA2Y4dfm0koH4xgiUJ6OHYtrpOmV+5TeNmPhFhuuIqeuM=
+FOvUS1lrlWE/UVe2BE2JQYhEXKvyMB8GA1UdIwQYMBaAFJ+ue3pwgARVK8a3DFt5
+5BJBZTEpMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
+BQUHAwQwCgYIKoZIzj0EAwIDSQAwRgIhAOD7alvrubi1X6XcihvnRLWc+kSktUr/
+ijQ9hxJst+ILAiEA8J5CctyYX1GIKkTeUthW0yMfRBIEyuBsPkOeRcZE3Gg=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIICnzCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+MIICoDCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
 bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaQxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaQxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29s
 ZlNTTCBJbnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOoWKCwnXkGZBSiL
-mfrFonQ8FU1S9EstgzSCjtW2P2HQh+v4TAZe7WYejMqk9ip2T9cmCUweibkYjtKj
-ZjwbPcujZjBkMB0GA1UdDgQWBBQb9L2QKHRk4zNei2Sn/K+68rlV5TAfBgNVHSME
-GDAWgBQTtXlZMrO7tEezNA6AwIMeqoLIWzASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
-A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiBPG9Hh145ztYv3TQs9/BK8
-b3ytuRJwMDdBJ+xrNQaORwIhAKFVkbdoHjJmN2gQCp827sOXK4W4PEc8Su0TxVtZ
-vLUp
+b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMe0qZ8y+6KPavMu
+wV3KCOzGnxOt9T6ddffk8haZN/eJc89UgV8WDAR4hTPvkqL3hj/HoboKdBfCRXp3
+E6kT/dOjZjBkMB0GA1UdDgQWBBSfrnt6cIAEVSvGtwxbeeQSQWUxKTAfBgNVHSME
+GDAWgBSXHWDDhyJZm2AfhLSZHIhNv9oebjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
+A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAhdIm+XVqS+l2iLs30Jbm
+vCTQj2dRGM9pWLfae8Gj2kECIQD9tza+rHxDbIiospsqNiEuZCDctZ0JlVszKZOI
+m2fLDQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICkzCCAjigAwIBAgICEAQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExpzNj+XsW9iw/JEg4gs7UVNUS4lDjgDe
-ka7TkPOF3Mw9EQgVdoLikjVK1EWOgzaCYrhNB4ULpVTgFOiT3n+S6KNmMGQwHQYD
-VR0OBBYEFBO1eVkys7u0R7M0DoDAgx6qgshbMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
 uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG
-MAoGCCqGSM49BAMCA0kAMEYCIQCKUZH2ksVKaWXbW5DDkGrAlucmeq8YkSxrZ1VA
-GGzBpgIhAJbMnTet6nlSbk1Bk9tkf+dCufESkPSEXHOxIdj7Vf5v
+MAoGCCqGSM49BAMCA0kAMEYCIQDh528Fnh1iQU6dHjhn6Z47ZdwV/OsyhYReAvOO
+exL3mQIhAJJ3ZbG9+7KkQYfJnj3gOQLz20Ixv/tt/XS+o+N0/PVk
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----

certs/intermediate/client-chain-alt.pem

@@ -3,7 +3,7 @@ MIIESzCCAzOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
 TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTMwMDYxNDE5MTc1OFowgZwxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
 ZlNTTCBDbGllbnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -14,83 +14,83 @@ QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ6KgIMIGvIAtDFMV0Z7Qygm+N
 hsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8ASA9ROcg1QbTujO6OZXp3I2QyF
 s9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4wxJeEhi1WL9cV93/ArvX8W+X7
 obrTAgMBAAGjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYD
-VR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMB8GA1UdIwQYMBaAFHqLHU6jQMjO
-WF+N/P9GLHVB2QNeMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
-AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAD37nA7EM00jkoUtSldJc0AV
-Kv/Ce+VmdWoG3r0Ji/3yQeW4r5Zc1Z5voFL6EBKwcY0gQ5kWKjlG7fU6swM1nYUe
-5+75YUudIKIWdmlndwaD9cCXDNmxtdZ9d8CTJ6kn8DG0rI1zPPFzGXSv92cHaL3F
-KJOI3ZCxEp9kprrEwEZ84wrbrsc5bJwBCrpk23TlAnI4zY6yLu8YwqbnbT+PxJLK
-reAMivJIyuEcySCm3tPFI1R9EMfb9Yw5snlRP/PXFfIiR5t7ANhU48BzIWh81vLM
-+rMnhagqZcdthdF3YnnPZD0kbMzSW7z++qmj6YWFH4eNbW/b8KS2WajxN6WNP50=
+VR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMB8GA1UdIwQYMBaAFA3JYCBDWIHg
+miHvZhbcbiEl3ytFMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
+AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAMVo04Y2fc78PfvmRBzmYJuK
+Q+zpya5skGuORdHkG44IQoksOYHD2kfNWwvZW9KXK2sSACTr5AodtXxQ4YzH8/+B
+x4yF5VALgx3gqhxyjjhjsfeQWNKd46XDAyfL88ntKE9hm+oJZdUJ/PZXfm9wVRNm
++gZmchzaTRM0YAuHnyuyVqxigG7nWjCj6yw4LKmoegixFomZVEyOizD5QmZPX3Yr
+oYWZ3Nai1TVYfqvgi59ba8HivCDfesspp9xen2KKY/Mh5hlcmqp1JvTxqKlXOeWD
+ZuRW0xH9O/oER/Pf5KC0COxPKf/shBdi9215zVIYYJXboR8agBEmc9ve60de5Ks=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEIzCCAwugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
 TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjAwNjE2MTkxNzU3WhcNNDAwNjExMTkxNzU3WjCBoDELMAkGA1UEBhMC
+b20wHhcNMjMwOTI3MTIxMDA5WhcNNDMwOTIyMTIxMDA5WjCBoDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
 BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MSEwHwYDVQQDDBh3b2xm
 U1NMIEludGVybWVkaWF0ZTIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgL6ECMF0ZoY5E
-htST9/FTuj/SJN//y6+Ppuf5h5ofAMyPQIZ4OhuaeA7jbtrz52xXdjHPAyGayHkp
-YNvu2KkVtGdbd5qG+dtDzKIPkeZwTx5uFLGN8KHlOXehkpeISibxiJgkbP1G4nEH
-Xa/UvKiMXe5DCNqn7AlR7a3NdYtYx6GYVucZeJNLU3e32nl9cIS7HemgPAK8p5b6
-u5iQrjUZ0OdkHp0JoQbywv3LoykswHn46emTZ4w1LqFJoDRsOB1rTKW6x4SAlRcS
-y92n9i4sxw/BVB+XbAE72i7H3FPJJuaaZqh/VfrNchhph06M5ALd9zEao27NiENw
-tDRtpoZ1AgMBAAGjZjBkMB0GA1UdDgQWBBR6ix1Oo0DIzlhfjfz/Rix1QdkDXjAf
-BgNVHSMEGDAWgBSDHPGYhexuBkU03lHAurcrZzJmTTASBgNVHRMBAf8ECDAGAQH/
-AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEADHKZ7ecDWMIr
-iNKqQzGEGC/exV3gINhUPF4rhyqflrHvvtfHJ3ForHFhuG7Rqksv79Q357uHkGNI
-OJsgFb28r4q0r1ORjoQRFOpvhfROugpJkbMZmSrR+aena/1/eIh7030ssZ9wFRrb
-hpvOtwcl7DmMWaPS0cwYFRSghU1P+5pHL9xmx318EolIWNTLGhsSupztXIy/cg5f
-jkI0S2w+BG/ZUOMok2sT/WvWLRvN+/4Lo4zfyOatnmmKk5bXhDG7yvLb4hjJ8ZGK
-xwafwgrptF/jeyD8GhYcAlMSzWZFVW6xwJUtK9YZuJlOHxuc+7n+jH4yV/OA6fi+
-JS8DRjyzCg==
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyT1ZAZ8dd5FW
+y6sGgsGBMZri+cb5o0AthkLXX0GlBUIPXytrvSmS5VLGXPl+nfuO1mmMA5GHHB+/
+JFlEzO+vkioG4aEBWwRXihq2BOLCPBA8QjEBqsPyMh4BldCRp2bBImg2UypSA+u1
+m4IBJPnRrvtTTFoG5W5a1qxbKBpT6Nelzm6cNMMIC8svjt/vjDX1sLxdD64KSs9U
+AdI8tHjuSBBWgE+Dh05nH08XLj4t9W3JB6I+MpIPHqQLVaYfhO+dde9mfHX350A6
+nMEzQj0vf5ldewTVqWxB6IkWWP06oAS9d9ZjXmoTWTdf8VkBRUici/cW9FD3WrRa
+M/b1QcE9AgMBAAGjZjBkMB0GA1UdDgQWBBQNyWAgQ1iB4Joh72YW3G4hJd8rRTAf
+BgNVHSMEGDAWgBTvaeD31R3mmezcbdD34rlcZHGDNTASBgNVHRMBAf8ECDAGAQH/
+AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAhsP4YtIQoLTa
+eOmFxZkEJJ53GliknybHWFu4doBXziCk5d4hIT1wAU0PbVr2PUho0jjF6tSfpACy
+5N5wa1i5oqmb3aamjmzE+V/XF0WFvugv+9KC0qss4v81ILRsBn4IUXqvGXNY86hI
+ZQpPZ0R+wP1LlJSxTFaFejGvCQP6zF2FVQusG2rJqsS75OCtQjjxb3TX2wzKAeDz
+Ssfr8m4wxo6jz1pFD3+YkjEg/CYhNBUGTymjXBURWwSU1SybHlthZdxubAAFAc4r
+SFT5kStMjLvblLUIUxGXFQG8ZSi2ooNf8Nh5hBcndSpUyAcx11AFUQdPV8i/SXU1
+oTmvZuwm4Q==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1N1oXDTQwMDYxMTE5MTc1N1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyIyj3gUPwY7nyd34wGkBr4d1rQTbu
-fVgj3Fbpu+g7EVjDw7frmFrpdhLN73cJJdNs5jpJaFCQ1zLgGNYF3/ee0o97tZFc
-vz4Jgd157UTCk/WdpMsKa2O08O7R3WznxrfxMNS3VCgYEfwlrFvxsxkTR31+2UWX
-PLu5QnAGlFUjFQuEygwVwW4aHPlUyebjuMFF5VqJ4fEbHYG3NAcXKFsQx6Yh612J
-EaPQOWA06uF1+rh87sU/ZGoduNiksoKYMRHotSAtA+XRYTWkS7WtprdycT6GOA44
-tl21q786uh4ydrpUTQXKTuKD3zBkEZ6Zkzum+zvffZAC9LTx6EExeAI/AgMBAAGj
-ZjBkMB0GA1UdDgQWBBSDHPGYhexuBkU03lHAurcrZzJmTTAfBgNVHSMEGDAWgBQn
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
 jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB
-/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAfQ1cKhnn7l/KLdRZVLnKMxg64yIs
-GHC7xVhF2YK8gF2Q2QI0bBpP8WtZTs3h6ieA5uLYfq8rrMFi4E3p5nSZ/sBQy9N9
-5SuCDWcNFLUsaqJ6wt0Ip0Aqj6G/TVN1Xd3DguXkHwSwtqfMVWy01HSemjY38DJp
-l0T70iIai5U0RDLMKql29xLHuZvx5afH1W0S7AAdIbIT8jPg6uDIY3zdBsc8uqS9
-oJuNoRp9OtfJ8zVOxXZrbVDRlSPowH89P0UIEHdrKWjM3bYg+MEVTG/iq51hE928
-xeeYzCMpuhy2IcCwtuneK0PXynsoavpMyTlN4UDt5sAWnWmy+b/bUCc8sw==
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAg9dEyy0uHoNHm+AkJImQEpao9Mes
+6ozc/5NAu6I6V2D9lLHiyVa+pRK1uSpQV0j9W5CWe1LTpD+iPMsuLakZF5owsEnN
+eCWYHvU7N/rsy01FRrhFf5e283nmLTF1LID52zuvlDFrY+RbeH9tUoQiYFY7Nw+L
+e19c9vPwH9kAiyrK3w4DlJDQ9O+lR4q2fNvPBUdwc12yQUSgoA5iOX/MBocTNXSM
+nixGLuUK05J6g40ijAazLw1cJprkGcthRVoqy46R5mNYOMMU2weNGp7d8QdYcd49
+C2zBmItmMybZYdsBxzC46Aq/elhrmGynPCz4YLcFe3OL1sXI1VolA9/n/A==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----

certs/intermediate/client-chain-ecc.pem

@@ -3,48 +3,48 @@ MIICyDCCAm2gAwIBAgICEAcwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJ
 bnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMDA2MTYxOTE3NThaFw0zMDA2MTQxOTE3NThaMIGgMQswCQYDVQQG
+LmNvbTAeFw0yMzA5MjcxMjEwMDlaFw0zMzA5MjQxMjEwMDlaMIGgMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
 A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxITAfBgNVBAMMGHdv
 bGZTU0wgQ2xpZW50IENoYWluIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
 c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFW/9A9EUJo9zpu38MVN
 9XB71OwkjhmA7FpMoiQDYiyb2u+iNRJDhHYWxlaVBswBqb32dRpC972psjYiX8dd
 f7SjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYE
-FOvUS1lrlWE/UVe2BE2JQYhEXKvyMB8GA1UdIwQYMBaAFBv0vZAodGTjM16LZKf8
-r7ryuVXlMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
-BQUHAwQwCgYIKoZIzj0EAwIDSQAwRgIhAK6CPTUWc9Ue5ac0zydwQpncWVqKNiU3
-gYnFhKaVgJ2tAiEA2Y4dfm0koH4xgiUJ6OHYtrpOmV+5TeNmPhFhuuIqeuM=
+FOvUS1lrlWE/UVe2BE2JQYhEXKvyMB8GA1UdIwQYMBaAFJ+ue3pwgARVK8a3DFt5
+5BJBZTEpMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
+BQUHAwQwCgYIKoZIzj0EAwIDSQAwRgIhAOD7alvrubi1X6XcihvnRLWc+kSktUr/
+ijQ9hxJst+ILAiEA8J5CctyYX1GIKkTeUthW0yMfRBIEyuBsPkOeRcZE3Gg=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIICnzCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+MIICoDCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
 bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaQxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaQxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29s
 ZlNTTCBJbnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOoWKCwnXkGZBSiL
-mfrFonQ8FU1S9EstgzSCjtW2P2HQh+v4TAZe7WYejMqk9ip2T9cmCUweibkYjtKj
-ZjwbPcujZjBkMB0GA1UdDgQWBBQb9L2QKHRk4zNei2Sn/K+68rlV5TAfBgNVHSME
-GDAWgBQTtXlZMrO7tEezNA6AwIMeqoLIWzASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
-A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiBPG9Hh145ztYv3TQs9/BK8
-b3ytuRJwMDdBJ+xrNQaORwIhAKFVkbdoHjJmN2gQCp827sOXK4W4PEc8Su0TxVtZ
-vLUp
+b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMe0qZ8y+6KPavMu
+wV3KCOzGnxOt9T6ddffk8haZN/eJc89UgV8WDAR4hTPvkqL3hj/HoboKdBfCRXp3
+E6kT/dOjZjBkMB0GA1UdDgQWBBSfrnt6cIAEVSvGtwxbeeQSQWUxKTAfBgNVHSME
+GDAWgBSXHWDDhyJZm2AfhLSZHIhNv9oebjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
+A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAhdIm+XVqS+l2iLs30Jbm
+vCTQj2dRGM9pWLfae8Gj2kECIQD9tza+rHxDbIiospsqNiEuZCDctZ0JlVszKZOI
+m2fLDQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICkzCCAjigAwIBAgICEAQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExpzNj+XsW9iw/JEg4gs7UVNUS4lDjgDe
-ka7TkPOF3Mw9EQgVdoLikjVK1EWOgzaCYrhNB4ULpVTgFOiT3n+S6KNmMGQwHQYD
-VR0OBBYEFBO1eVkys7u0R7M0DoDAgx6qgshbMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
 uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG
-MAoGCCqGSM49BAMCA0kAMEYCIQCKUZH2ksVKaWXbW5DDkGrAlucmeq8YkSxrZ1VA
-GGzBpgIhAJbMnTet6nlSbk1Bk9tkf+dCufESkPSEXHOxIdj7Vf5v
+MAoGCCqGSM49BAMCA0kAMEYCIQDh528Fnh1iQU6dHjhn6Z47ZdwV/OsyhYReAvOO
+exL3mQIhAJJ3ZbG9+7KkQYfJnj3gOQLz20Ixv/tt/XS+o+N0/PVk
 -----END CERTIFICATE-----

certs/intermediate/client-chain.pem

@@ -3,7 +3,7 @@ MIIESzCCAzOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
 TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTMwMDYxNDE5MTc1OFowgZwxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
 ZlNTTCBDbGllbnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -14,61 +14,61 @@ QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ6KgIMIGvIAtDFMV0Z7Qygm+N
 hsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8ASA9ROcg1QbTujO6OZXp3I2QyF
 s9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4wxJeEhi1WL9cV93/ArvX8W+X7
 obrTAgMBAAGjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYD
-VR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMB8GA1UdIwQYMBaAFHqLHU6jQMjO
-WF+N/P9GLHVB2QNeMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
-AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAD37nA7EM00jkoUtSldJc0AV
-Kv/Ce+VmdWoG3r0Ji/3yQeW4r5Zc1Z5voFL6EBKwcY0gQ5kWKjlG7fU6swM1nYUe
-5+75YUudIKIWdmlndwaD9cCXDNmxtdZ9d8CTJ6kn8DG0rI1zPPFzGXSv92cHaL3F
-KJOI3ZCxEp9kprrEwEZ84wrbrsc5bJwBCrpk23TlAnI4zY6yLu8YwqbnbT+PxJLK
-reAMivJIyuEcySCm3tPFI1R9EMfb9Yw5snlRP/PXFfIiR5t7ANhU48BzIWh81vLM
-+rMnhagqZcdthdF3YnnPZD0kbMzSW7z++qmj6YWFH4eNbW/b8KS2WajxN6WNP50=
+VR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMB8GA1UdIwQYMBaAFA3JYCBDWIHg
+miHvZhbcbiEl3ytFMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
+AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAMVo04Y2fc78PfvmRBzmYJuK
+Q+zpya5skGuORdHkG44IQoksOYHD2kfNWwvZW9KXK2sSACTr5AodtXxQ4YzH8/+B
+x4yF5VALgx3gqhxyjjhjsfeQWNKd46XDAyfL88ntKE9hm+oJZdUJ/PZXfm9wVRNm
++gZmchzaTRM0YAuHnyuyVqxigG7nWjCj6yw4LKmoegixFomZVEyOizD5QmZPX3Yr
+oYWZ3Nai1TVYfqvgi59ba8HivCDfesspp9xen2KKY/Mh5hlcmqp1JvTxqKlXOeWD
+ZuRW0xH9O/oER/Pf5KC0COxPKf/shBdi9215zVIYYJXboR8agBEmc9ve60de5Ks=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEIzCCAwugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
 TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjAwNjE2MTkxNzU3WhcNNDAwNjExMTkxNzU3WjCBoDELMAkGA1UEBhMC
+b20wHhcNMjMwOTI3MTIxMDA5WhcNNDMwOTIyMTIxMDA5WjCBoDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
 BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MSEwHwYDVQQDDBh3b2xm
 U1NMIEludGVybWVkaWF0ZTIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgL6ECMF0ZoY5E
-htST9/FTuj/SJN//y6+Ppuf5h5ofAMyPQIZ4OhuaeA7jbtrz52xXdjHPAyGayHkp
-YNvu2KkVtGdbd5qG+dtDzKIPkeZwTx5uFLGN8KHlOXehkpeISibxiJgkbP1G4nEH
-Xa/UvKiMXe5DCNqn7AlR7a3NdYtYx6GYVucZeJNLU3e32nl9cIS7HemgPAK8p5b6
-u5iQrjUZ0OdkHp0JoQbywv3LoykswHn46emTZ4w1LqFJoDRsOB1rTKW6x4SAlRcS
-y92n9i4sxw/BVB+XbAE72i7H3FPJJuaaZqh/VfrNchhph06M5ALd9zEao27NiENw
-tDRtpoZ1AgMBAAGjZjBkMB0GA1UdDgQWBBR6ix1Oo0DIzlhfjfz/Rix1QdkDXjAf
-BgNVHSMEGDAWgBSDHPGYhexuBkU03lHAurcrZzJmTTASBgNVHRMBAf8ECDAGAQH/
-AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEADHKZ7ecDWMIr
-iNKqQzGEGC/exV3gINhUPF4rhyqflrHvvtfHJ3ForHFhuG7Rqksv79Q357uHkGNI
-OJsgFb28r4q0r1ORjoQRFOpvhfROugpJkbMZmSrR+aena/1/eIh7030ssZ9wFRrb
-hpvOtwcl7DmMWaPS0cwYFRSghU1P+5pHL9xmx318EolIWNTLGhsSupztXIy/cg5f
-jkI0S2w+BG/ZUOMok2sT/WvWLRvN+/4Lo4zfyOatnmmKk5bXhDG7yvLb4hjJ8ZGK
-xwafwgrptF/jeyD8GhYcAlMSzWZFVW6xwJUtK9YZuJlOHxuc+7n+jH4yV/OA6fi+
-JS8DRjyzCg==
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyT1ZAZ8dd5FW
+y6sGgsGBMZri+cb5o0AthkLXX0GlBUIPXytrvSmS5VLGXPl+nfuO1mmMA5GHHB+/
+JFlEzO+vkioG4aEBWwRXihq2BOLCPBA8QjEBqsPyMh4BldCRp2bBImg2UypSA+u1
+m4IBJPnRrvtTTFoG5W5a1qxbKBpT6Nelzm6cNMMIC8svjt/vjDX1sLxdD64KSs9U
+AdI8tHjuSBBWgE+Dh05nH08XLj4t9W3JB6I+MpIPHqQLVaYfhO+dde9mfHX350A6
+nMEzQj0vf5ldewTVqWxB6IkWWP06oAS9d9ZjXmoTWTdf8VkBRUici/cW9FD3WrRa
+M/b1QcE9AgMBAAGjZjBkMB0GA1UdDgQWBBQNyWAgQ1iB4Joh72YW3G4hJd8rRTAf
+BgNVHSMEGDAWgBTvaeD31R3mmezcbdD34rlcZHGDNTASBgNVHRMBAf8ECDAGAQH/
+AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAhsP4YtIQoLTa
+eOmFxZkEJJ53GliknybHWFu4doBXziCk5d4hIT1wAU0PbVr2PUho0jjF6tSfpACy
+5N5wa1i5oqmb3aamjmzE+V/XF0WFvugv+9KC0qss4v81ILRsBn4IUXqvGXNY86hI
+ZQpPZ0R+wP1LlJSxTFaFejGvCQP6zF2FVQusG2rJqsS75OCtQjjxb3TX2wzKAeDz
+Ssfr8m4wxo6jz1pFD3+YkjEg/CYhNBUGTymjXBURWwSU1SybHlthZdxubAAFAc4r
+SFT5kStMjLvblLUIUxGXFQG8ZSi2ooNf8Nh5hBcndSpUyAcx11AFUQdPV8i/SXU1
+oTmvZuwm4Q==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1N1oXDTQwMDYxMTE5MTc1N1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyIyj3gUPwY7nyd34wGkBr4d1rQTbu
-fVgj3Fbpu+g7EVjDw7frmFrpdhLN73cJJdNs5jpJaFCQ1zLgGNYF3/ee0o97tZFc
-vz4Jgd157UTCk/WdpMsKa2O08O7R3WznxrfxMNS3VCgYEfwlrFvxsxkTR31+2UWX
-PLu5QnAGlFUjFQuEygwVwW4aHPlUyebjuMFF5VqJ4fEbHYG3NAcXKFsQx6Yh612J
-EaPQOWA06uF1+rh87sU/ZGoduNiksoKYMRHotSAtA+XRYTWkS7WtprdycT6GOA44
-tl21q786uh4ydrpUTQXKTuKD3zBkEZ6Zkzum+zvffZAC9LTx6EExeAI/AgMBAAGj
-ZjBkMB0GA1UdDgQWBBSDHPGYhexuBkU03lHAurcrZzJmTTAfBgNVHSMEGDAWgBQn
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
 jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB
-/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAfQ1cKhnn7l/KLdRZVLnKMxg64yIs
-GHC7xVhF2YK8gF2Q2QI0bBpP8WtZTs3h6ieA5uLYfq8rrMFi4E3p5nSZ/sBQy9N9
-5SuCDWcNFLUsaqJ6wt0Ip0Aqj6G/TVN1Xd3DguXkHwSwtqfMVWy01HSemjY38DJp
-l0T70iIai5U0RDLMKql29xLHuZvx5afH1W0S7AAdIbIT8jPg6uDIY3zdBsc8uqS9
-oJuNoRp9OtfJ8zVOxXZrbVDRlSPowH89P0UIEHdrKWjM3bYg+MEVTG/iq51hE928
-xeeYzCMpuhy2IcCwtuneK0PXynsoavpMyTlN4UDt5sAWnWmy+b/bUCc8sw==
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAg9dEyy0uHoNHm+AkJImQEpao9Mes
+6ozc/5NAu6I6V2D9lLHiyVa+pRK1uSpQV0j9W5CWe1LTpD+iPMsuLakZF5owsEnN
+eCWYHvU7N/rsy01FRrhFf5e283nmLTF1LID52zuvlDFrY+RbeH9tUoQiYFY7Nw+L
+e19c9vPwH9kAiyrK3w4DlJDQ9O+lR4q2fNvPBUdwc12yQUSgoA5iOX/MBocTNXSM
+nixGLuUK05J6g40ijAazLw1cJprkGcthRVoqy46R5mNYOMMU2weNGp7d8QdYcd49
+C2zBmItmMybZYdsBxzC46Aq/elhrmGynPCz4YLcFe3OL1sXI1VolA9/n/A==
 -----END CERTIFICATE-----

certs/intermediate/client-int-cert.pem

@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate2 CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:58 2020 GMT
-            Not After : Jun 14 19:17:58 2030 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 24 12:10:09 2033 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Client Chain, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -39,34 +39,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
             X509v3 Authority Key Identifier: 
-                keyid:7A:8B:1D:4E:A3:40:C8:CE:58:5F:8D:FC:FF:46:2C:75:41:D9:03:5E
-
+                0D:C9:60:20:43:58:81:E0:9A:21:EF:66:16:DC:6E:21:25:DF:2B:45
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, E-mail Protection
     Signature Algorithm: sha256WithRSAEncryption
-         3d:fb:9c:0e:c4:33:4d:23:92:85:2d:4a:57:49:73:40:15:2a:
-         ff:c2:7b:e5:66:75:6a:06:de:bd:09:8b:fd:f2:41:e5:b8:af:
-         96:5c:d5:9e:6f:a0:52:fa:10:12:b0:71:8d:20:43:99:16:2a:
-         39:46:ed:f5:3a:b3:03:35:9d:85:1e:e7:ee:f9:61:4b:9d:20:
-         a2:16:76:69:67:77:06:83:f5:c0:97:0c:d9:b1:b5:d6:7d:77:
-         c0:93:27:a9:27:f0:31:b4:ac:8d:73:3c:f1:73:19:74:af:f7:
-         67:07:68:bd:c5:28:93:88:dd:90:b1:12:9f:64:a6:ba:c4:c0:
-         46:7c:e3:0a:db:ae:c7:39:6c:9c:01:0a:ba:64:db:74:e5:02:
-         72:38:cd:8e:b2:2e:ef:18:c2:a6:e7:6d:3f:8f:c4:92:ca:ad:
-         e0:0c:8a:f2:48:ca:e1:1c:c9:20:a6:de:d3:c5:23:54:7d:10:
-         c7:db:f5:8c:39:b2:79:51:3f:f3:d7:15:f2:22:47:9b:7b:00:
-         d8:54:e3:c0:73:21:68:7c:d6:f2:cc:fa:b3:27:85:a8:2a:65:
-         c7:6d:85:d1:77:62:79:cf:64:3d:24:6c:cc:d2:5b:bc:fe:fa:
-         a9:a3:e9:85:85:1f:87:8d:6d:6f:db:f0:a4:b6:59:a8:f1:37:
-         a5:8d:3f:9d
+    Signature Value:
+        c5:68:d3:86:36:7d:ce:fc:3d:fb:e6:44:1c:e6:60:9b:8a:43:
+        ec:e9:c9:ae:6c:90:6b:8e:45:d1:e4:1b:8e:08:42:89:2c:39:
+        81:c3:da:47:cd:5b:0b:d9:5b:d2:97:2b:6b:12:00:24:eb:e4:
+        0a:1d:b5:7c:50:e1:8c:c7:f3:ff:81:c7:8c:85:e5:50:0b:83:
+        1d:e0:aa:1c:72:8e:38:63:b1:f7:90:58:d2:9d:e3:a5:c3:03:
+        27:cb:f3:c9:ed:28:4f:61:9b:ea:09:65:d5:09:fc:f6:57:7e:
+        6f:70:55:13:66:fa:06:66:72:1c:da:4d:13:34:60:0b:87:9f:
+        2b:b2:56:ac:62:80:6e:e7:5a:30:a3:eb:2c:38:2c:a9:a8:7a:
+        08:b1:16:89:99:54:4c:8e:8b:30:f9:42:66:4f:5f:76:2b:a1:
+        85:99:dc:d6:a2:d5:35:58:7e:ab:e0:8b:9f:5b:6b:c1:e2:bc:
+        20:df:7a:cb:29:a7:dc:5e:9f:62:8a:63:f3:21:e6:19:5c:9a:
+        aa:75:26:f4:f1:a8:a9:57:39:e5:83:66:e4:56:d3:11:fd:3b:
+        fa:04:47:f3:df:e4:a0:b4:08:ec:4f:29:ff:ec:84:17:62:f7:
+        6d:79:cd:52:18:60:95:db:a1:1f:1a:80:11:26:73:db:de:eb:
+        47:5e:e4:ab
 -----BEGIN CERTIFICATE-----
 MIIESzCCAzOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
 TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTMwMDYxNDE5MTc1OFowgZwxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
 ZlNTTCBDbGllbnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,12 +77,12 @@ QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ6KgIMIGvIAtDFMV0Z7Qygm+N
 hsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8ASA9ROcg1QbTujO6OZXp3I2QyF
 s9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4wxJeEhi1WL9cV93/ArvX8W+X7
 obrTAgMBAAGjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYD
-VR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMB8GA1UdIwQYMBaAFHqLHU6jQMjO
-WF+N/P9GLHVB2QNeMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
-AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAD37nA7EM00jkoUtSldJc0AV
-Kv/Ce+VmdWoG3r0Ji/3yQeW4r5Zc1Z5voFL6EBKwcY0gQ5kWKjlG7fU6swM1nYUe
-5+75YUudIKIWdmlndwaD9cCXDNmxtdZ9d8CTJ6kn8DG0rI1zPPFzGXSv92cHaL3F
-KJOI3ZCxEp9kprrEwEZ84wrbrsc5bJwBCrpk23TlAnI4zY6yLu8YwqbnbT+PxJLK
-reAMivJIyuEcySCm3tPFI1R9EMfb9Yw5snlRP/PXFfIiR5t7ANhU48BzIWh81vLM
-+rMnhagqZcdthdF3YnnPZD0kbMzSW7z++qmj6YWFH4eNbW/b8KS2WajxN6WNP50=
+VR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMB8GA1UdIwQYMBaAFA3JYCBDWIHg
+miHvZhbcbiEl3ytFMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
+AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAMVo04Y2fc78PfvmRBzmYJuK
+Q+zpya5skGuORdHkG44IQoksOYHD2kfNWwvZW9KXK2sSACTr5AodtXxQ4YzH8/+B
+x4yF5VALgx3gqhxyjjhjsfeQWNKd46XDAyfL88ntKE9hm+oJZdUJ/PZXfm9wVRNm
++gZmchzaTRM0YAuHnyuyVqxigG7nWjCj6yw4LKmoegixFomZVEyOizD5QmZPX3Yr
+oYWZ3Nai1TVYfqvgi59ba8HivCDfesspp9xen2KKY/Mh5hlcmqp1JvTxqKlXOeWD
+ZuRW0xH9O/oER/Pf5KC0COxPKf/shBdi9215zVIYYJXboR8agBEmc9ve60de5Ks=
 -----END CERTIFICATE-----

certs/intermediate/client-int-ecc-cert.pem

@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate2 CA ECC, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:58 2020 GMT
-            Not After : Jun 14 19:17:58 2030 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 24 12:10:09 2033 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Client Chain ECC, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,31 +27,31 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
             X509v3 Authority Key Identifier: 
-                keyid:1B:F4:BD:90:28:74:64:E3:33:5E:8B:64:A7:FC:AF:BA:F2:B9:55:E5
-
+                9F:AE:7B:7A:70:80:04:55:2B:C6:B7:0C:5B:79:E4:12:41:65:31:29
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, E-mail Protection
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:ae:82:3d:35:16:73:d5:1e:e5:a7:34:cf:27:
-         70:42:99:dc:59:5a:8a:36:25:37:81:89:c5:84:a6:95:80:9d:
-         ad:02:21:00:d9:8e:1d:7e:6d:24:a0:7e:31:82:25:09:e8:e1:
-         d8:b6:ba:4e:99:5f:b9:4d:e3:66:3e:11:61:ba:e2:2a:7a:e3
+    Signature Value:
+        30:46:02:21:00:e0:fb:6a:5b:eb:b9:b8:b5:5f:a5:dc:8a:1b:
+        e7:44:b5:9c:fa:44:a4:b5:4a:ff:8a:34:3d:87:12:6c:b7:e2:
+        0b:02:21:00:f0:9e:42:72:dc:98:5f:51:88:2a:44:de:52:d8:
+        56:d3:23:1f:44:12:04:ca:e0:6c:3e:43:9e:45:c6:44:dc:68
 -----BEGIN CERTIFICATE-----
 MIICyDCCAm2gAwIBAgICEAcwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJ
 bnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMDA2MTYxOTE3NThaFw0zMDA2MTQxOTE3NThaMIGgMQswCQYDVQQG
+LmNvbTAeFw0yMzA5MjcxMjEwMDlaFw0zMzA5MjQxMjEwMDlaMIGgMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
 A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxITAfBgNVBAMMGHdv
 bGZTU0wgQ2xpZW50IENoYWluIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
 c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFW/9A9EUJo9zpu38MVN
 9XB71OwkjhmA7FpMoiQDYiyb2u+iNRJDhHYWxlaVBswBqb32dRpC972psjYiX8dd
 f7SjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYE
-FOvUS1lrlWE/UVe2BE2JQYhEXKvyMB8GA1UdIwQYMBaAFBv0vZAodGTjM16LZKf8
-r7ryuVXlMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
-BQUHAwQwCgYIKoZIzj0EAwIDSQAwRgIhAK6CPTUWc9Ue5ac0zydwQpncWVqKNiU3
-gYnFhKaVgJ2tAiEA2Y4dfm0koH4xgiUJ6OHYtrpOmV+5TeNmPhFhuuIqeuM=
+FOvUS1lrlWE/UVe2BE2JQYhEXKvyMB8GA1UdIwQYMBaAFJ+ue3pwgARVK8a3DFt5
+5BJBZTEpMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
+BQUHAwQwCgYIKoZIzj0EAwIDSQAwRgIhAOD7alvrubi1X6XcihvnRLWc+kSktUr/
+ijQ9hxJst+ILAiEA8J5CctyYX1GIKkTeUthW0yMfRBIEyuBsPkOeRcZE3Gg=
 -----END CERTIFICATE-----

certs/intermediate/genintcerts.sh

@@ -262,6 +262,10 @@ echo "Assemble test chains - peer first, then intermediate2, then intermediate"
 openssl x509 -in ./certs/intermediate/server-int-cert.pem  > ./certs/intermediate/server-chain.pem
 openssl x509 -in ./certs/intermediate/ca-int2-cert.pem    >> ./certs/intermediate/server-chain.pem
 openssl x509 -in ./certs/intermediate/ca-int-cert.pem     >> ./certs/intermediate/server-chain.pem
+
+openssl x509 -in ./certs/intermediate/server-int-cert.pem  > ./certs/intermediate/server-chain-short.pem
+openssl x509 -in ./certs/intermediate/ca-int2-cert.pem    >> ./certs/intermediate/server-chain-short.pem
+
 cat ./certs/intermediate/server-int-cert.der ./certs/intermediate/ca-int2-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/server-chain.der
 
 openssl x509 -in ./certs/intermediate/client-int-cert.pem  > ./certs/intermediate/client-chain.pem

certs/intermediate/include.am

@@ -34,6 +34,7 @@ EXTRA_DIST += \
 	     certs/intermediate/server-chain-alt.pem \
 	     certs/intermediate/server-chain-ecc.der \
 	     certs/intermediate/server-chain-ecc.pem \
+	     certs/intermediate/server-chain-short.pem \
 	     certs/intermediate/server-chain.der \
 	     certs/intermediate/server-chain.pem \
 	     certs/intermediate/server-int-cert.der \

certs/intermediate/server-chain-alt-ecc.pem

@@ -1,76 +1,76 @@
 -----BEGIN CERTIFICATE-----
-MIIDczCCAxigAwIBAgICEAYwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
+MIIDcjCCAxigAwIBAgICEAYwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJ
 bnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMDA2MTYxOTE3NThaFw0zMDA2MTQxOTE3NThaMIGgMQswCQYDVQQG
+LmNvbTAeFw0yMzA5MjcxMjEwMDlaFw0zMzA5MjQxMjEwMDlaMIGgMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
 A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxITAfBgNVBAMMGHdv
 bGZTU0wgU2VydmVyIENoYWluIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
 c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLszrEwnUErGSqUEwzze
 nzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0
 idijggE6MIIBNjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4E
-FgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgdEGA1UdIwSByTCBxoAUG/S9kCh0ZOMz
-Xotkp/yvuvK5VeWhgamkgaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
+FgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgdEGA1UdIwSByTCBxoAUn657enCABFUr
+xrcMW3nkEkFlMSmhgamkgaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
 aW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYD
 VQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1lZGlhdGUg
 Q0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggIQBTAOBgNV
-HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAw
-RgIhAJjQ4vmJyrJ0NqczC/4UkBBFei1tQETbCOxFeYtOkeDVAiEA6hEbwbWVvL/Z
-9Zk30dLmuKoZvZdCCbsKUWxOomFy6EQ=
+HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIhAM2Jz84maR/vYDetyePIYQb6+rhvPGsSVaD/4vqf+EeTAiBpSi4/DcbnTtEp
+5TcCA6ktiL74CL4eyw0GoyGPqGCjtQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIICnzCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+MIICoDCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
 bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaQxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaQxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29s
 ZlNTTCBJbnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOoWKCwnXkGZBSiL
-mfrFonQ8FU1S9EstgzSCjtW2P2HQh+v4TAZe7WYejMqk9ip2T9cmCUweibkYjtKj
-ZjwbPcujZjBkMB0GA1UdDgQWBBQb9L2QKHRk4zNei2Sn/K+68rlV5TAfBgNVHSME
-GDAWgBQTtXlZMrO7tEezNA6AwIMeqoLIWzASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
-A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiBPG9Hh145ztYv3TQs9/BK8
-b3ytuRJwMDdBJ+xrNQaORwIhAKFVkbdoHjJmN2gQCp827sOXK4W4PEc8Su0TxVtZ
-vLUp
+b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMe0qZ8y+6KPavMu
+wV3KCOzGnxOt9T6ddffk8haZN/eJc89UgV8WDAR4hTPvkqL3hj/HoboKdBfCRXp3
+E6kT/dOjZjBkMB0GA1UdDgQWBBSfrnt6cIAEVSvGtwxbeeQSQWUxKTAfBgNVHSME
+GDAWgBSXHWDDhyJZm2AfhLSZHIhNv9oebjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
+A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAhdIm+XVqS+l2iLs30Jbm
+vCTQj2dRGM9pWLfae8Gj2kECIQD9tza+rHxDbIiospsqNiEuZCDctZ0JlVszKZOI
+m2fLDQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICkzCCAjigAwIBAgICEAQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExpzNj+XsW9iw/JEg4gs7UVNUS4lDjgDe
-ka7TkPOF3Mw9EQgVdoLikjVK1EWOgzaCYrhNB4ULpVTgFOiT3n+S6KNmMGQwHQYD
-VR0OBBYEFBO1eVkys7u0R7M0DoDAgx6qgshbMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
 uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG
-MAoGCCqGSM49BAMCA0kAMEYCIQCKUZH2ksVKaWXbW5DDkGrAlucmeq8YkSxrZ1VA
-GGzBpgIhAJbMnTet6nlSbk1Bk9tkf+dCufESkPSEXHOxIdj7Vf5v
+MAoGCCqGSM49BAMCA0kAMEYCIQDh528Fnh1iQU6dHjhn6Z47ZdwV/OsyhYReAvOO
+exL3mQIhAJJ3ZbG9+7KkQYfJnj3gOQLz20Ixv/tt/XS+o+N0/PVk
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----

certs/intermediate/server-chain-alt.pem

@@ -3,7 +3,7 @@ MIIE8jCCA9qgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
 TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTMwMDYxNDE5MTc1OFowgZwxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
 ZlNTTCBTZXJ2ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -14,87 +14,87 @@ Y8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1
 /WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAy
 I5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQ
 T63XAgMBAAGjggE2MIIBMjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAd
-BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUeosd
-TqNAyM5YX438/0YsdUHZA16hgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUDclg
+IENYgeCaIe9mFtxuISXfK0WhgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhABMA4G
 A1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
-AAOCAQEAkpC/Vl2YIc7WCo18r7qbWdgzwSEPbzEcE8Wf3qh97+XFC4t+GMud2N7J
-PTLu/9CJmDszaNvNZl6d7tpTNGUh40P2p7J5tXksLiM/PmFZgIj9w8UE6a1SqVh9
-78WnhRpVYOENfhHIulnYxh02BGOOfa8o/RN6MvUp1wrvBjyFkLbGTzmxGO6+F6VE
-F4ezlKE0Ykx3yAaTyAP18qpb/9CarfOyyluBVO8bOfjGd/GAUA8MbpQUYqP8mY7S
-4za4JRttVdIbIZfThOaW7p+zAERwOp/8YuJCGpMe/J7sjRx6GrETRk7rDSi5TQjm
-CTHAuy4H4MupWgaHxI66ay91VIU29Q==
+AAOCAQEASSfw2AHc6qbwlL8ibcem+R8IfnWxlqxWUeByi2UsObd0eJfaIVLRQ0zX
+CQ4TgIroRZAPOeRy30AIIfS1aaXCBCFX2GuRF9RV3HNu18zH2MFm7pRvGEeNI8/C
+pD2kRdIafLgjeeK0rHEmpBrjopfayIUA5x97sgXb7ZXYFlkLeyMB6+ZPcMKut35b
+LFpzbtKopj4bnni1O30fX6lLyoNBf0gYtpm5j1ZsMwpwym6m8JNdOpIxLcd8GlBA
+SV3Uso2a0Bg3TiWhmDz/XzsTXkq8+RzJKp/y9nDy9uziIyYnyIroCoFwX2pn/Fds
+b9r+Mz8hlmW2T/iJWpIO4S79Dhb1bg==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEIzCCAwugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
 TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjAwNjE2MTkxNzU3WhcNNDAwNjExMTkxNzU3WjCBoDELMAkGA1UEBhMC
+b20wHhcNMjMwOTI3MTIxMDA5WhcNNDMwOTIyMTIxMDA5WjCBoDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
 BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MSEwHwYDVQQDDBh3b2xm
 U1NMIEludGVybWVkaWF0ZTIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgL6ECMF0ZoY5E
-htST9/FTuj/SJN//y6+Ppuf5h5ofAMyPQIZ4OhuaeA7jbtrz52xXdjHPAyGayHkp
-YNvu2KkVtGdbd5qG+dtDzKIPkeZwTx5uFLGN8KHlOXehkpeISibxiJgkbP1G4nEH
-Xa/UvKiMXe5DCNqn7AlR7a3NdYtYx6GYVucZeJNLU3e32nl9cIS7HemgPAK8p5b6
-u5iQrjUZ0OdkHp0JoQbywv3LoykswHn46emTZ4w1LqFJoDRsOB1rTKW6x4SAlRcS
-y92n9i4sxw/BVB+XbAE72i7H3FPJJuaaZqh/VfrNchhph06M5ALd9zEao27NiENw
-tDRtpoZ1AgMBAAGjZjBkMB0GA1UdDgQWBBR6ix1Oo0DIzlhfjfz/Rix1QdkDXjAf
-BgNVHSMEGDAWgBSDHPGYhexuBkU03lHAurcrZzJmTTASBgNVHRMBAf8ECDAGAQH/
-AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEADHKZ7ecDWMIr
-iNKqQzGEGC/exV3gINhUPF4rhyqflrHvvtfHJ3ForHFhuG7Rqksv79Q357uHkGNI
-OJsgFb28r4q0r1ORjoQRFOpvhfROugpJkbMZmSrR+aena/1/eIh7030ssZ9wFRrb
-hpvOtwcl7DmMWaPS0cwYFRSghU1P+5pHL9xmx318EolIWNTLGhsSupztXIy/cg5f
-jkI0S2w+BG/ZUOMok2sT/WvWLRvN+/4Lo4zfyOatnmmKk5bXhDG7yvLb4hjJ8ZGK
-xwafwgrptF/jeyD8GhYcAlMSzWZFVW6xwJUtK9YZuJlOHxuc+7n+jH4yV/OA6fi+
-JS8DRjyzCg==
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyT1ZAZ8dd5FW
+y6sGgsGBMZri+cb5o0AthkLXX0GlBUIPXytrvSmS5VLGXPl+nfuO1mmMA5GHHB+/
+JFlEzO+vkioG4aEBWwRXihq2BOLCPBA8QjEBqsPyMh4BldCRp2bBImg2UypSA+u1
+m4IBJPnRrvtTTFoG5W5a1qxbKBpT6Nelzm6cNMMIC8svjt/vjDX1sLxdD64KSs9U
+AdI8tHjuSBBWgE+Dh05nH08XLj4t9W3JB6I+MpIPHqQLVaYfhO+dde9mfHX350A6
+nMEzQj0vf5ldewTVqWxB6IkWWP06oAS9d9ZjXmoTWTdf8VkBRUici/cW9FD3WrRa
+M/b1QcE9AgMBAAGjZjBkMB0GA1UdDgQWBBQNyWAgQ1iB4Joh72YW3G4hJd8rRTAf
+BgNVHSMEGDAWgBTvaeD31R3mmezcbdD34rlcZHGDNTASBgNVHRMBAf8ECDAGAQH/
+AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAhsP4YtIQoLTa
+eOmFxZkEJJ53GliknybHWFu4doBXziCk5d4hIT1wAU0PbVr2PUho0jjF6tSfpACy
+5N5wa1i5oqmb3aamjmzE+V/XF0WFvugv+9KC0qss4v81ILRsBn4IUXqvGXNY86hI
+ZQpPZ0R+wP1LlJSxTFaFejGvCQP6zF2FVQusG2rJqsS75OCtQjjxb3TX2wzKAeDz
+Ssfr8m4wxo6jz1pFD3+YkjEg/CYhNBUGTymjXBURWwSU1SybHlthZdxubAAFAc4r
+SFT5kStMjLvblLUIUxGXFQG8ZSi2ooNf8Nh5hBcndSpUyAcx11AFUQdPV8i/SXU1
+oTmvZuwm4Q==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1N1oXDTQwMDYxMTE5MTc1N1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyIyj3gUPwY7nyd34wGkBr4d1rQTbu
-fVgj3Fbpu+g7EVjDw7frmFrpdhLN73cJJdNs5jpJaFCQ1zLgGNYF3/ee0o97tZFc
-vz4Jgd157UTCk/WdpMsKa2O08O7R3WznxrfxMNS3VCgYEfwlrFvxsxkTR31+2UWX
-PLu5QnAGlFUjFQuEygwVwW4aHPlUyebjuMFF5VqJ4fEbHYG3NAcXKFsQx6Yh612J
-EaPQOWA06uF1+rh87sU/ZGoduNiksoKYMRHotSAtA+XRYTWkS7WtprdycT6GOA44
-tl21q786uh4ydrpUTQXKTuKD3zBkEZ6Zkzum+zvffZAC9LTx6EExeAI/AgMBAAGj
-ZjBkMB0GA1UdDgQWBBSDHPGYhexuBkU03lHAurcrZzJmTTAfBgNVHSMEGDAWgBQn
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
 jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB
-/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAfQ1cKhnn7l/KLdRZVLnKMxg64yIs
-GHC7xVhF2YK8gF2Q2QI0bBpP8WtZTs3h6ieA5uLYfq8rrMFi4E3p5nSZ/sBQy9N9
-5SuCDWcNFLUsaqJ6wt0Ip0Aqj6G/TVN1Xd3DguXkHwSwtqfMVWy01HSemjY38DJp
-l0T70iIai5U0RDLMKql29xLHuZvx5afH1W0S7AAdIbIT8jPg6uDIY3zdBsc8uqS9
-oJuNoRp9OtfJ8zVOxXZrbVDRlSPowH89P0UIEHdrKWjM3bYg+MEVTG/iq51hE928
-xeeYzCMpuhy2IcCwtuneK0PXynsoavpMyTlN4UDt5sAWnWmy+b/bUCc8sw==
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAg9dEyy0uHoNHm+AkJImQEpao9Mes
+6ozc/5NAu6I6V2D9lLHiyVa+pRK1uSpQV0j9W5CWe1LTpD+iPMsuLakZF5owsEnN
+eCWYHvU7N/rsy01FRrhFf5e283nmLTF1LID52zuvlDFrY+RbeH9tUoQiYFY7Nw+L
+e19c9vPwH9kAiyrK3w4DlJDQ9O+lR4q2fNvPBUdwc12yQUSgoA5iOX/MBocTNXSM
+nixGLuUK05J6g40ijAazLw1cJprkGcthRVoqy46R5mNYOMMU2weNGp7d8QdYcd49
+C2zBmItmMybZYdsBxzC46Aq/elhrmGynPCz4YLcFe3OL1sXI1VolA9/n/A==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----

certs/intermediate/server-chain-ecc.pem

@@ -1,54 +1,54 @@
 -----BEGIN CERTIFICATE-----
-MIIDczCCAxigAwIBAgICEAYwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
+MIIDcjCCAxigAwIBAgICEAYwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJ
 bnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMDA2MTYxOTE3NThaFw0zMDA2MTQxOTE3NThaMIGgMQswCQYDVQQG
+LmNvbTAeFw0yMzA5MjcxMjEwMDlaFw0zMzA5MjQxMjEwMDlaMIGgMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
 A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxITAfBgNVBAMMGHdv
 bGZTU0wgU2VydmVyIENoYWluIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
 c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLszrEwnUErGSqUEwzze
 nzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0
 idijggE6MIIBNjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4E
-FgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgdEGA1UdIwSByTCBxoAUG/S9kCh0ZOMz
-Xotkp/yvuvK5VeWhgamkgaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
+FgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgdEGA1UdIwSByTCBxoAUn657enCABFUr
+xrcMW3nkEkFlMSmhgamkgaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
 aW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYD
 VQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1lZGlhdGUg
 Q0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggIQBTAOBgNV
-HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAw
-RgIhAJjQ4vmJyrJ0NqczC/4UkBBFei1tQETbCOxFeYtOkeDVAiEA6hEbwbWVvL/Z
-9Zk30dLmuKoZvZdCCbsKUWxOomFy6EQ=
+HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIhAM2Jz84maR/vYDetyePIYQb6+rhvPGsSVaD/4vqf+EeTAiBpSi4/DcbnTtEp
+5TcCA6ktiL74CL4eyw0GoyGPqGCjtQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIICnzCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+MIICoDCCAkWgAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
 bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaQxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaQxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29s
 ZlNTTCBJbnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOoWKCwnXkGZBSiL
-mfrFonQ8FU1S9EstgzSCjtW2P2HQh+v4TAZe7WYejMqk9ip2T9cmCUweibkYjtKj
-ZjwbPcujZjBkMB0GA1UdDgQWBBQb9L2QKHRk4zNei2Sn/K+68rlV5TAfBgNVHSME
-GDAWgBQTtXlZMrO7tEezNA6AwIMeqoLIWzASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
-A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiBPG9Hh145ztYv3TQs9/BK8
-b3ytuRJwMDdBJ+xrNQaORwIhAKFVkbdoHjJmN2gQCp827sOXK4W4PEc8Su0TxVtZ
-vLUp
+b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMe0qZ8y+6KPavMu
+wV3KCOzGnxOt9T6ddffk8haZN/eJc89UgV8WDAR4hTPvkqL3hj/HoboKdBfCRXp3
+E6kT/dOjZjBkMB0GA1UdDgQWBBSfrnt6cIAEVSvGtwxbeeQSQWUxKTAfBgNVHSME
+GDAWgBSXHWDDhyJZm2AfhLSZHIhNv9oebjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
+A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAhdIm+XVqS+l2iLs30Jbm
+vCTQj2dRGM9pWLfae8Gj2kECIQD9tza+rHxDbIiospsqNiEuZCDctZ0JlVszKZOI
+m2fLDQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICkzCCAjigAwIBAgICEAQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1OFoXDTQwMDYxMTE5MTc1OFowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExpzNj+XsW9iw/JEg4gs7UVNUS4lDjgDe
-ka7TkPOF3Mw9EQgVdoLikjVK1EWOgzaCYrhNB4ULpVTgFOiT3n+S6KNmMGQwHQYD
-VR0OBBYEFBO1eVkys7u0R7M0DoDAgx6qgshbMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
 uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG
-MAoGCCqGSM49BAMCA0kAMEYCIQCKUZH2ksVKaWXbW5DDkGrAlucmeq8YkSxrZ1VA
-GGzBpgIhAJbMnTet6nlSbk1Bk9tkf+dCufESkPSEXHOxIdj7Vf5v
+MAoGCCqGSM49BAMCA0kAMEYCIQDh528Fnh1iQU6dHjhn6Z47ZdwV/OsyhYReAvOO
+exL3mQIhAJJ3ZbG9+7KkQYfJnj3gOQLz20Ixv/tt/XS+o+N0/PVk
 -----END CERTIFICATE-----

certs/intermediate/server-chain-short.pem

@@ -0,0 +1,54 @@
+-----BEGIN CERTIFICATE-----
+MIIE8jCCA9qgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
+TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
+VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
+ZlNTTCBTZXJ2ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVB
+JwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2So
+F/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCg
+Y8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1
+/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAy
+I5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQ
+T63XAgMBAAGjggE2MIIBMjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAd
+BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUDclg
+IENYgeCaIe9mFtxuISXfK0WhgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhABMA4G
+A1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
+AAOCAQEASSfw2AHc6qbwlL8ibcem+R8IfnWxlqxWUeByi2UsObd0eJfaIVLRQ0zX
+CQ4TgIroRZAPOeRy30AIIfS1aaXCBCFX2GuRF9RV3HNu18zH2MFm7pRvGEeNI8/C
+pD2kRdIafLgjeeK0rHEmpBrjopfayIUA5x97sgXb7ZXYFlkLeyMB6+ZPcMKut35b
+LFpzbtKopj4bnni1O30fX6lLyoNBf0gYtpm5j1ZsMwpwym6m8JNdOpIxLcd8GlBA
+SV3Uso2a0Bg3TiWhmDz/XzsTXkq8+RzJKp/y9nDy9uziIyYnyIroCoFwX2pn/Fds
+b9r+Mz8hlmW2T/iJWpIO4S79Dhb1bg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEIzCCAwugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMjMwOTI3MTIxMDA5WhcNNDMwOTIyMTIxMDA5WjCBoDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MSEwHwYDVQQDDBh3b2xm
+U1NMIEludGVybWVkaWF0ZTIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyT1ZAZ8dd5FW
+y6sGgsGBMZri+cb5o0AthkLXX0GlBUIPXytrvSmS5VLGXPl+nfuO1mmMA5GHHB+/
+JFlEzO+vkioG4aEBWwRXihq2BOLCPBA8QjEBqsPyMh4BldCRp2bBImg2UypSA+u1
+m4IBJPnRrvtTTFoG5W5a1qxbKBpT6Nelzm6cNMMIC8svjt/vjDX1sLxdD64KSs9U
+AdI8tHjuSBBWgE+Dh05nH08XLj4t9W3JB6I+MpIPHqQLVaYfhO+dde9mfHX350A6
+nMEzQj0vf5ldewTVqWxB6IkWWP06oAS9d9ZjXmoTWTdf8VkBRUici/cW9FD3WrRa
+M/b1QcE9AgMBAAGjZjBkMB0GA1UdDgQWBBQNyWAgQ1iB4Joh72YW3G4hJd8rRTAf
+BgNVHSMEGDAWgBTvaeD31R3mmezcbdD34rlcZHGDNTASBgNVHRMBAf8ECDAGAQH/
+AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAhsP4YtIQoLTa
+eOmFxZkEJJ53GliknybHWFu4doBXziCk5d4hIT1wAU0PbVr2PUho0jjF6tSfpACy
+5N5wa1i5oqmb3aamjmzE+V/XF0WFvugv+9KC0qss4v81ILRsBn4IUXqvGXNY86hI
+ZQpPZ0R+wP1LlJSxTFaFejGvCQP6zF2FVQusG2rJqsS75OCtQjjxb3TX2wzKAeDz
+Ssfr8m4wxo6jz1pFD3+YkjEg/CYhNBUGTymjXBURWwSU1SybHlthZdxubAAFAc4r
+SFT5kStMjLvblLUIUxGXFQG8ZSi2ooNf8Nh5hBcndSpUyAcx11AFUQdPV8i/SXU1
+oTmvZuwm4Q==
+-----END CERTIFICATE-----

certs/intermediate/server-chain.pem

@@ -3,7 +3,7 @@ MIIE8jCCA9qgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
 TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTMwMDYxNDE5MTc1OFowgZwxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
 ZlNTTCBTZXJ2ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -14,65 +14,65 @@ Y8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1
 /WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAy
 I5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQ
 T63XAgMBAAGjggE2MIIBMjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAd
-BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUeosd
-TqNAyM5YX438/0YsdUHZA16hgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUDclg
+IENYgeCaIe9mFtxuISXfK0WhgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhABMA4G
 A1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
-AAOCAQEAkpC/Vl2YIc7WCo18r7qbWdgzwSEPbzEcE8Wf3qh97+XFC4t+GMud2N7J
-PTLu/9CJmDszaNvNZl6d7tpTNGUh40P2p7J5tXksLiM/PmFZgIj9w8UE6a1SqVh9
-78WnhRpVYOENfhHIulnYxh02BGOOfa8o/RN6MvUp1wrvBjyFkLbGTzmxGO6+F6VE
-F4ezlKE0Ykx3yAaTyAP18qpb/9CarfOyyluBVO8bOfjGd/GAUA8MbpQUYqP8mY7S
-4za4JRttVdIbIZfThOaW7p+zAERwOp/8YuJCGpMe/J7sjRx6GrETRk7rDSi5TQjm
-CTHAuy4H4MupWgaHxI66ay91VIU29Q==
+AAOCAQEASSfw2AHc6qbwlL8ibcem+R8IfnWxlqxWUeByi2UsObd0eJfaIVLRQ0zX
+CQ4TgIroRZAPOeRy30AIIfS1aaXCBCFX2GuRF9RV3HNu18zH2MFm7pRvGEeNI8/C
+pD2kRdIafLgjeeK0rHEmpBrjopfayIUA5x97sgXb7ZXYFlkLeyMB6+ZPcMKut35b
+LFpzbtKopj4bnni1O30fX6lLyoNBf0gYtpm5j1ZsMwpwym6m8JNdOpIxLcd8GlBA
+SV3Uso2a0Bg3TiWhmDz/XzsTXkq8+RzJKp/y9nDy9uziIyYnyIroCoFwX2pn/Fds
+b9r+Mz8hlmW2T/iJWpIO4S79Dhb1bg==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEIzCCAwugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
 TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjAwNjE2MTkxNzU3WhcNNDAwNjExMTkxNzU3WjCBoDELMAkGA1UEBhMC
+b20wHhcNMjMwOTI3MTIxMDA5WhcNNDMwOTIyMTIxMDA5WjCBoDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
 BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MSEwHwYDVQQDDBh3b2xm
 U1NMIEludGVybWVkaWF0ZTIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgL6ECMF0ZoY5E
-htST9/FTuj/SJN//y6+Ppuf5h5ofAMyPQIZ4OhuaeA7jbtrz52xXdjHPAyGayHkp
-YNvu2KkVtGdbd5qG+dtDzKIPkeZwTx5uFLGN8KHlOXehkpeISibxiJgkbP1G4nEH
-Xa/UvKiMXe5DCNqn7AlR7a3NdYtYx6GYVucZeJNLU3e32nl9cIS7HemgPAK8p5b6
-u5iQrjUZ0OdkHp0JoQbywv3LoykswHn46emTZ4w1LqFJoDRsOB1rTKW6x4SAlRcS
-y92n9i4sxw/BVB+XbAE72i7H3FPJJuaaZqh/VfrNchhph06M5ALd9zEao27NiENw
-tDRtpoZ1AgMBAAGjZjBkMB0GA1UdDgQWBBR6ix1Oo0DIzlhfjfz/Rix1QdkDXjAf
-BgNVHSMEGDAWgBSDHPGYhexuBkU03lHAurcrZzJmTTASBgNVHRMBAf8ECDAGAQH/
-AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEADHKZ7ecDWMIr
-iNKqQzGEGC/exV3gINhUPF4rhyqflrHvvtfHJ3ForHFhuG7Rqksv79Q357uHkGNI
-OJsgFb28r4q0r1ORjoQRFOpvhfROugpJkbMZmSrR+aena/1/eIh7030ssZ9wFRrb
-hpvOtwcl7DmMWaPS0cwYFRSghU1P+5pHL9xmx318EolIWNTLGhsSupztXIy/cg5f
-jkI0S2w+BG/ZUOMok2sT/WvWLRvN+/4Lo4zfyOatnmmKk5bXhDG7yvLb4hjJ8ZGK
-xwafwgrptF/jeyD8GhYcAlMSzWZFVW6xwJUtK9YZuJlOHxuc+7n+jH4yV/OA6fi+
-JS8DRjyzCg==
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyT1ZAZ8dd5FW
+y6sGgsGBMZri+cb5o0AthkLXX0GlBUIPXytrvSmS5VLGXPl+nfuO1mmMA5GHHB+/
+JFlEzO+vkioG4aEBWwRXihq2BOLCPBA8QjEBqsPyMh4BldCRp2bBImg2UypSA+u1
+m4IBJPnRrvtTTFoG5W5a1qxbKBpT6Nelzm6cNMMIC8svjt/vjDX1sLxdD64KSs9U
+AdI8tHjuSBBWgE+Dh05nH08XLj4t9W3JB6I+MpIPHqQLVaYfhO+dde9mfHX350A6
+nMEzQj0vf5ldewTVqWxB6IkWWP06oAS9d9ZjXmoTWTdf8VkBRUici/cW9FD3WrRa
+M/b1QcE9AgMBAAGjZjBkMB0GA1UdDgQWBBQNyWAgQ1iB4Joh72YW3G4hJd8rRTAf
+BgNVHSMEGDAWgBTvaeD31R3mmezcbdD34rlcZHGDNTASBgNVHRMBAf8ECDAGAQH/
+AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAhsP4YtIQoLTa
+eOmFxZkEJJ53GliknybHWFu4doBXziCk5d4hIT1wAU0PbVr2PUho0jjF6tSfpACy
+5N5wa1i5oqmb3aamjmzE+V/XF0WFvugv+9KC0qss4v81ILRsBn4IUXqvGXNY86hI
+ZQpPZ0R+wP1LlJSxTFaFejGvCQP6zF2FVQusG2rJqsS75OCtQjjxb3TX2wzKAeDz
+Ssfr8m4wxo6jz1pFD3+YkjEg/CYhNBUGTymjXBURWwSU1SybHlthZdxubAAFAc4r
+SFT5kStMjLvblLUIUxGXFQG8ZSi2ooNf8Nh5hBcndSpUyAcx11AFUQdPV8i/SXU1
+oTmvZuwm4Q==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIwMDYx
-NjE5MTc1N1oXDTQwMDYxMTE5MTc1N1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDky
+NzEyMTAwOVoXDTQzMDkyMjEyMTAwOVowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyIyj3gUPwY7nyd34wGkBr4d1rQTbu
-fVgj3Fbpu+g7EVjDw7frmFrpdhLN73cJJdNs5jpJaFCQ1zLgGNYF3/ee0o97tZFc
-vz4Jgd157UTCk/WdpMsKa2O08O7R3WznxrfxMNS3VCgYEfwlrFvxsxkTR31+2UWX
-PLu5QnAGlFUjFQuEygwVwW4aHPlUyebjuMFF5VqJ4fEbHYG3NAcXKFsQx6Yh612J
-EaPQOWA06uF1+rh87sU/ZGoduNiksoKYMRHotSAtA+XRYTWkS7WtprdycT6GOA44
-tl21q786uh4ydrpUTQXKTuKD3zBkEZ6Zkzum+zvffZAC9LTx6EExeAI/AgMBAAGj
-ZjBkMB0GA1UdDgQWBBSDHPGYhexuBkU03lHAurcrZzJmTTAfBgNVHSMEGDAWgBQn
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
 jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB
-/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAfQ1cKhnn7l/KLdRZVLnKMxg64yIs
-GHC7xVhF2YK8gF2Q2QI0bBpP8WtZTs3h6ieA5uLYfq8rrMFi4E3p5nSZ/sBQy9N9
-5SuCDWcNFLUsaqJ6wt0Ip0Aqj6G/TVN1Xd3DguXkHwSwtqfMVWy01HSemjY38DJp
-l0T70iIai5U0RDLMKql29xLHuZvx5afH1W0S7AAdIbIT8jPg6uDIY3zdBsc8uqS9
-oJuNoRp9OtfJ8zVOxXZrbVDRlSPowH89P0UIEHdrKWjM3bYg+MEVTG/iq51hE928
-xeeYzCMpuhy2IcCwtuneK0PXynsoavpMyTlN4UDt5sAWnWmy+b/bUCc8sw==
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAg9dEyy0uHoNHm+AkJImQEpao9Mes
+6ozc/5NAu6I6V2D9lLHiyVa+pRK1uSpQV0j9W5CWe1LTpD+iPMsuLakZF5owsEnN
+eCWYHvU7N/rsy01FRrhFf5e283nmLTF1LID52zuvlDFrY+RbeH9tUoQiYFY7Nw+L
+e19c9vPwH9kAiyrK3w4DlJDQ9O+lR4q2fNvPBUdwc12yQUSgoA5iOX/MBocTNXSM
+nixGLuUK05J6g40ijAazLw1cJprkGcthRVoqy46R5mNYOMMU2weNGp7d8QdYcd49
+C2zBmItmMybZYdsBxzC46Aq/elhrmGynPCz4YLcFe3OL1sXI1VolA9/n/A==
 -----END CERTIFICATE-----

certs/intermediate/server-int-cert.pem

@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate2 CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:58 2020 GMT
-            Not After : Jun 14 19:17:58 2030 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 24 12:10:09 2033 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Server Chain, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -39,36 +39,36 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
             X509v3 Authority Key Identifier: 
-                keyid:7A:8B:1D:4E:A3:40:C8:CE:58:5F:8D:FC:FF:46:2C:75:41:D9:03:5E
+                keyid:0D:C9:60:20:43:58:81:E0:9A:21:EF:66:16:DC:6E:21:25:DF:2B:45
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
                 serial:10:01
-
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         92:90:bf:56:5d:98:21:ce:d6:0a:8d:7c:af:ba:9b:59:d8:33:
-         c1:21:0f:6f:31:1c:13:c5:9f:de:a8:7d:ef:e5:c5:0b:8b:7e:
-         18:cb:9d:d8:de:c9:3d:32:ee:ff:d0:89:98:3b:33:68:db:cd:
-         66:5e:9d:ee:da:53:34:65:21:e3:43:f6:a7:b2:79:b5:79:2c:
-         2e:23:3f:3e:61:59:80:88:fd:c3:c5:04:e9:ad:52:a9:58:7d:
-         ef:c5:a7:85:1a:55:60:e1:0d:7e:11:c8:ba:59:d8:c6:1d:36:
-         04:63:8e:7d:af:28:fd:13:7a:32:f5:29:d7:0a:ef:06:3c:85:
-         90:b6:c6:4f:39:b1:18:ee:be:17:a5:44:17:87:b3:94:a1:34:
-         62:4c:77:c8:06:93:c8:03:f5:f2:aa:5b:ff:d0:9a:ad:f3:b2:
-         ca:5b:81:54:ef:1b:39:f8:c6:77:f1:80:50:0f:0c:6e:94:14:
-         62:a3:fc:99:8e:d2:e3:36:b8:25:1b:6d:55:d2:1b:21:97:d3:
-         84:e6:96:ee:9f:b3:00:44:70:3a:9f:fc:62:e2:42:1a:93:1e:
-         fc:9e:ec:8d:1c:7a:1a:b1:13:46:4e:eb:0d:28:b9:4d:08:e6:
-         09:31:c0:bb:2e:07:e0:cb:a9:5a:06:87:c4:8e:ba:6b:2f:75:
-         54:85:36:f5
+    Signature Value:
+        49:27:f0:d8:01:dc:ea:a6:f0:94:bf:22:6d:c7:a6:f9:1f:08:
+        7e:75:b1:96:ac:56:51:e0:72:8b:65:2c:39:b7:74:78:97:da:
+        21:52:d1:43:4c:d7:09:0e:13:80:8a:e8:45:90:0f:39:e4:72:
+        df:40:08:21:f4:b5:69:a5:c2:04:21:57:d8:6b:91:17:d4:55:
+        dc:73:6e:d7:cc:c7:d8:c1:66:ee:94:6f:18:47:8d:23:cf:c2:
+        a4:3d:a4:45:d2:1a:7c:b8:23:79:e2:b4:ac:71:26:a4:1a:e3:
+        a2:97:da:c8:85:00:e7:1f:7b:b2:05:db:ed:95:d8:16:59:0b:
+        7b:23:01:eb:e6:4f:70:c2:ae:b7:7e:5b:2c:5a:73:6e:d2:a8:
+        a6:3e:1b:9e:78:b5:3b:7d:1f:5f:a9:4b:ca:83:41:7f:48:18:
+        b6:99:b9:8f:56:6c:33:0a:70:ca:6e:a6:f0:93:5d:3a:92:31:
+        2d:c7:7c:1a:50:40:49:5d:d4:b2:8d:9a:d0:18:37:4e:25:a1:
+        98:3c:ff:5f:3b:13:5e:4a:bc:f9:1c:c9:2a:9f:f2:f6:70:f2:
+        f6:ec:e2:23:26:27:c8:8a:e8:0a:81:70:5f:6a:67:fc:57:6c:
+        6f:da:fe:33:3f:21:96:65:b6:4f:f8:89:5a:92:0e:e1:2e:fd:
+        0e:16:f5:6e
 -----BEGIN CERTIFICATE-----
 MIIE8jCCA9qgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVT
 MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
 DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNT
 TCBJbnRlcm1lZGlhdGUyIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIwMDYxNjE5MTc1OFoXDTMwMDYxNDE5MTc1OFowgZwxCzAJBgNVBAYT
+Y29tMB4XDTIzMDkyNzEyMTAwOVoXDTMzMDkyNDEyMTAwOVowgZwxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29s
 ZlNTTCBTZXJ2ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -79,16 +79,16 @@ Y8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1
 /WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAy
 I5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQ
 T63XAgMBAAGjggE2MIIBMjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAd
-BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUeosd
-TqNAyM5YX438/0YsdUHZA16hgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8Ojjwwgc0GA1UdIwSBxTCBwoAUDclg
+IENYgeCaIe9mFtxuISXfK0WhgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
 MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
 ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhABMA4G
 A1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
-AAOCAQEAkpC/Vl2YIc7WCo18r7qbWdgzwSEPbzEcE8Wf3qh97+XFC4t+GMud2N7J
-PTLu/9CJmDszaNvNZl6d7tpTNGUh40P2p7J5tXksLiM/PmFZgIj9w8UE6a1SqVh9
-78WnhRpVYOENfhHIulnYxh02BGOOfa8o/RN6MvUp1wrvBjyFkLbGTzmxGO6+F6VE
-F4ezlKE0Ykx3yAaTyAP18qpb/9CarfOyyluBVO8bOfjGd/GAUA8MbpQUYqP8mY7S
-4za4JRttVdIbIZfThOaW7p+zAERwOp/8YuJCGpMe/J7sjRx6GrETRk7rDSi5TQjm
-CTHAuy4H4MupWgaHxI66ay91VIU29Q==
+AAOCAQEASSfw2AHc6qbwlL8ibcem+R8IfnWxlqxWUeByi2UsObd0eJfaIVLRQ0zX
+CQ4TgIroRZAPOeRy30AIIfS1aaXCBCFX2GuRF9RV3HNu18zH2MFm7pRvGEeNI8/C
+pD2kRdIafLgjeeK0rHEmpBrjopfayIUA5x97sgXb7ZXYFlkLeyMB6+ZPcMKut35b
+LFpzbtKopj4bnni1O30fX6lLyoNBf0gYtpm5j1ZsMwpwym6m8JNdOpIxLcd8GlBA
+SV3Uso2a0Bg3TiWhmDz/XzsTXkq8+RzJKp/y9nDy9uziIyYnyIroCoFwX2pn/Fds
+b9r+Mz8hlmW2T/iJWpIO4S79Dhb1bg==
 -----END CERTIFICATE-----

certs/intermediate/server-int-ecc-cert.pem

@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate2 CA ECC, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jun 16 19:17:58 2020 GMT
-            Not After : Jun 14 19:17:58 2030 GMT
+            Not Before: Sep 27 12:10:09 2023 GMT
+            Not After : Sep 24 12:10:09 2033 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Server Chain ECC, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,37 +27,37 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:1B:F4:BD:90:28:74:64:E3:33:5E:8B:64:A7:FC:AF:BA:F2:B9:55:E5
+                keyid:9F:AE:7B:7A:70:80:04:55:2B:C6:B7:0C:5B:79:E4:12:41:65:31:29
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
                 serial:10:05
-
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:98:d0:e2:f9:89:ca:b2:74:36:a7:33:0b:fe:
-         14:90:10:45:7a:2d:6d:40:44:db:08:ec:45:79:8b:4e:91:e0:
-         d5:02:21:00:ea:11:1b:c1:b5:95:bc:bf:d9:f5:99:37:d1:d2:
-         e6:b8:aa:19:bd:97:42:09:bb:0a:51:6c:4e:a2:61:72:e8:44
+    Signature Value:
+        30:45:02:21:00:cd:89:cf:ce:26:69:1f:ef:60:37:ad:c9:e3:
+        c8:61:06:fa:fa:b8:6f:3c:6b:12:55:a0:ff:e2:fa:9f:f8:47:
+        93:02:20:69:4a:2e:3f:0d:c6:e7:4e:d1:29:e5:37:02:03:a9:
+        2d:88:be:f8:08:be:1e:cb:0d:06:a3:21:8f:a8:60:a3:b5
 -----BEGIN CERTIFICATE-----
-MIIDczCCAxigAwIBAgICEAYwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
+MIIDcjCCAxigAwIBAgICEAYwCgYIKoZIzj0EAwIwgaQxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwcd29sZlNTTCBJ
 bnRlcm1lZGlhdGUyIENBIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMDA2MTYxOTE3NThaFw0zMDA2MTQxOTE3NThaMIGgMQswCQYDVQQG
+LmNvbTAeFw0yMzA5MjcxMjEwMDlaFw0zMzA5MjQxMjEwMDlaMIGgMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
 A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxITAfBgNVBAMMGHdv
 bGZTU0wgU2VydmVyIENoYWluIEVDQzEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
 c3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLszrEwnUErGSqUEwzze
 nzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0
 idijggE6MIIBNjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4E
-FgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgdEGA1UdIwSByTCBxoAUG/S9kCh0ZOMz
-Xotkp/yvuvK5VeWhgamkgaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
+FgQUXV0m76x+NvmbdhUrSiUCI++yiTAwgdEGA1UdIwSByTCBxoAUn657enCABFUr
+xrcMW3nkEkFlMSmhgamkgaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
 aW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYD
 VQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1lZGlhdGUg
 Q0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggIQBTAOBgNV
-HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAw
-RgIhAJjQ4vmJyrJ0NqczC/4UkBBFei1tQETbCOxFeYtOkeDVAiEA6hEbwbWVvL/Z
-9Zk30dLmuKoZvZdCCbsKUWxOomFy6EQ=
+HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIhAM2Jz84maR/vYDetyePIYQb6+rhvPGsSVaD/4vqf+EeTAiBpSi4/DcbnTtEp
+5TcCA6ktiL74CL4eyw0GoyGPqGCjtQ==
 -----END CERTIFICATE-----

src/crl.c

@@ -257,9 +257,11 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
         XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL);
 }
 
-static int FindRevokedSerial(DecodedCert* cert, RevokedCert* rc, int totalCerts)
+static int FindRevokedSerial(RevokedCert* rc, byte* serial, int serialSz,
+        byte* serialHash, int totalCerts)
 {
     int ret = 0;
+    byte hash[SIGNER_DIGEST_SIZE];
 #ifdef CRL_STATIC_REVOKED_LIST
     /* do binary search */
     int low, high, mid;
@@ -270,11 +272,10 @@ static int FindRevokedSerial(DecodedCert* cert, RevokedCert* rc, int totalCerts)
     while (low <= high) {
         mid = (low + high) / 2;
 
-        if (XMEMCMP(rc[mid].serialNumber, cert->serial, rc->serialSz) < 0) {
+        if (XMEMCMP(rc[mid].serialNumber, serial, rc->serialSz) < 0) {
             low = mid + 1;
         }
-        else if (XMEMCMP(rc[mid].serialNumber, cert->serial,
-                                                        rc->serialSz) > 0) {
+        else if (XMEMCMP(rc[mid].serialNumber, serial, rc->serialSz) > 0) {
             high = mid - 1;
         }
         else {
@@ -288,11 +289,23 @@ static int FindRevokedSerial(DecodedCert* cert, RevokedCert* rc, int totalCerts)
     /* search in the linked list*/
 
     while (rc) {
-        if (rc->serialSz == cert->serialSz &&
-               XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
-            WOLFSSL_MSG("Cert revoked");
-            ret = CRL_CERT_REVOKED;
-            break;
+        if (serialHash == NULL) {
+            if (rc->serialSz == serialSz &&
+                   XMEMCMP(rc->serialNumber, serial, rc->serialSz) == 0) {
+                WOLFSSL_MSG("Cert revoked");
+                ret = CRL_CERT_REVOKED;
+                break;
+            }
+        }
+        else {
+            ret = CalcHashId(rc->serialNumber, rc->serialSz, hash);
+            if (ret != 0)
+                break;
+            if (XMEMCMP(hash, serialHash, SIGNER_DIGEST_SIZE) == 0) {
+                WOLFSSL_MSG("Cert revoked");
+                ret = CRL_CERT_REVOKED;
+                break;
+            }
         }
         rc = rc->next;
     }
@@ -331,7 +344,8 @@ static int VerifyCRLE(const WOLFSSL_CRL* crl, CRL_Entry* crle)
     return ret;
 }
 
-static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry)
+static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
+        int serialSz, byte* serialHash, int *pFoundEntry)
 {
     CRL_Entry* crle;
     int        foundEntry = 0;
@@ -343,7 +357,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
     }
 
     for (crle = crl->crlList; crle != NULL; crle = crle->next) {
-        if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
+        if (XMEMCMP(crle->issuerHash, issuerHash, CRL_DIGEST_SIZE) == 0) {
             WOLFSSL_MSG("Found CRL Entry on list");
 
             if (crle->verified == 0) {
@@ -384,7 +398,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
             }
             if (ret == 0) {
                 foundEntry = 1;
-                ret = FindRevokedSerial(cert, crle->certs, crle->totalCerts);
+                ret = FindRevokedSerial(crle->certs, serial, serialSz,
+                        serialHash, crle->totalCerts);
                 if (ret != 0)
                     break;
             }
@@ -398,35 +413,43 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
     return ret;
 }
 
-/* Is the cert ok with CRL, return 0 on success */
-int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
+int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
+        int serialSz, byte* serialHash, const byte* extCrlInfo,
+        int extCrlInfoSz, void* issuerName)
 {
     int        foundEntry = 0;
     int        ret = 0;
 
     WOLFSSL_ENTER("CheckCertCRL");
+    (void)issuerName;
+
+    if ((serial == NULL || serialSz == 0) && serialHash == NULL) {
+        WOLFSSL_MSG("Either serial or hash has to be provided");
+        return BUFFER_ERROR;
+    }
 
 #ifdef WOLFSSL_CRL_ALLOW_MISSING_CDP
     /* Skip CRL verification in case no CDP in peer cert */
-    if (!cert->extCrlInfo) {
+    if (!extCrlInfo) {
         return ret;
     }
 #endif
 
-    ret = CheckCertCRLList(crl, cert, &foundEntry);
+    ret = CheckCertCRLList(crl, issuerHash, serial, serialSz, serialHash,
+            &foundEntry);
 
 #ifdef HAVE_CRL_IO
     if (foundEntry == 0) {
         /* perform embedded lookup */
         if (crl->crlIOCb) {
-            ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo,
-                                                        cert->extCrlInfoSz);
+            ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz);
             if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
                 ret = OCSP_WANT_READ;
             }
             else if (ret >= 0) {
                 /* try again */
-                ret = CheckCertCRLList(crl, cert, &foundEntry);
+                ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
+                        serialHash, &foundEntry);
             }
         }
     }
@@ -443,10 +466,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
     if ((foundEntry == 0) && (ret != OCSP_WANT_READ)) {
         if (crl->cm->x509_store_p != NULL) {
             ret = LoadCertByIssuer(crl->cm->x509_store_p,
-                          (WOLFSSL_X509_NAME*)cert->issuerName, X509_LU_CRL);
+                          (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
             if (ret == WOLFSSL_SUCCESS) {
                 /* try again */
-                ret = CheckCertCRLList(crl, cert, &foundEntry);
+                ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
+                        serialHash, &foundEntry);
             }
         }
     }
@@ -462,10 +486,10 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 
             WOLFSSL_MSG("Issuing missing CRL callback");
             url[0] = '\0';
-            if (cert->extCrlInfo) {
-                if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
-                    XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
-                    url[cert->extCrlInfoSz] = '\0';
+            if (extCrlInfo) {
+                if (extCrlInfoSz < (int)sizeof(url) -1 ) {
+                    XMEMCPY(url, extCrlInfo, extCrlInfoSz);
+                    url[extCrlInfoSz] = '\0';
                 }
                 else  {
                     WOLFSSL_MSG("CRL url too long");
@@ -479,6 +503,18 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
     return ret;
 }
 
+/* Is the cert ok with CRL, return 0 on success */
+int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
+{
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    void* issuerName = cert->issuerName;
+#else
+    void* issuerName = NULL;
+#endif
+    return CheckCertCRL_ex(crl, cert->issuerHash, cert->serial, cert->serialSz,
+            NULL, cert->extCrlInfo, cert->extCrlInfoSz, issuerName);
+}
+
 
 /* Add Decoded CRL, 0 on success */
 static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,

src/internal.c

@@ -13672,6 +13672,24 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
     return ret;
 }
 
+#ifdef HAVE_CRL
+static int ProcessPeerCertsChainCRLCheck(WOLFSSL_CERT_MANAGER* cm, Signer* ca)
+{
+    Signer* prev = NULL;
+    int ret = 0;
+    /* End loop if no more issuers found or if we have
+     * found a self signed cert (ca == prev) */
+    for (; ret == 0 && ca != NULL && ca != prev;
+            prev = ca, ca = GetCAByName(cm, ca->issuerNameHash)) {
+        ret = CheckCertCRL_ex(cm->crl, ca->issuerNameHash, NULL, 0,
+                ca->serialHash, NULL, 0, NULL);
+        if (ret != 0)
+            break;
+    }
+    return ret;
+}
+#endif
+
 int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      word32 totalSz)
 {
@@ -14149,6 +14167,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                     WOLFSSL_ERROR_VERBOSE(ret);
                                     WOLFSSL_MSG("\tCRL check not ok");
                                 }
+                                if (ret == 0 &&
+                                        args->certIdx == args->totalCerts-1) {
+                                    ret = ProcessPeerCertsChainCRLCheck(
+                                            SSL_CM(ssl), args->dCert->ca);
+                                    if (ret != 0) {
+                                        WOLFSSL_ERROR_VERBOSE(ret);
+                                        WOLFSSL_MSG("\tCRL chain check not ok");
+                                        args->fatal = 0;
+                                    }
+                                }
                             }
                         }
                 #endif /* HAVE_CRL */
@@ -14552,11 +14580,27 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 ssl->peerVerifyRet =
                                         ret == CRL_CERT_REVOKED
                                             ? WOLFSSL_X509_V_ERR_CERT_REVOKED
-                                            : WOLFSSL_X509_V_ERR_CERT_REJECTED;;
+                                            : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
                         #endif
                         }
                     }
+                    if (ret == 0 && doLookup && SSL_CM(ssl)->crlEnabled &&
+                            SSL_CM(ssl)->crlCheckAll && args->totalCerts == 1) {
+                        /* Check the entire cert chain */
+                        if (args->dCert->ca != NULL) {
+                            ret = ProcessPeerCertsChainCRLCheck(SSL_CM(ssl),
+                                    args->dCert->ca);
+                            if (ret != 0) {
+                                WOLFSSL_ERROR_VERBOSE(ret);
+                                WOLFSSL_MSG("\tCRL chain check not ok");
+                                args->fatal = 0;
+                            }
+                        }
+                        else {
+                            WOLFSSL_MSG("No CA signer set");
+                        }
+                    }
                 #endif /* HAVE_CRL */
                     (void)doLookup;
                 }

src/ssl.c

@@ -5875,13 +5875,14 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         if (!signer)
             ret = MEMORY_ERROR;
     }
+#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL)
+    if (ret == 0 && signer != NULL)
+        ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash);
+#endif
     if (ret == 0 && signer != NULL) {
     #ifdef WOLFSSL_SIGNER_DER_CERT
         ret = AllocDer(&signer->derCert, der->length, der->type, NULL);
     }
-    if (ret == 0 && signer != NULL) {
-        ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash);
-    }
     if (ret == 0 && signer != NULL) {
         XMEMCPY(signer->derCert->buffer, der->buffer, der->length);
     #endif
@@ -5906,9 +5907,11 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     #endif
         XMEMCPY(signer->subjectNameHash, cert->subjectHash,
                 SIGNER_DIGEST_SIZE);
-    #ifdef HAVE_OCSP
+    #if defined(HAVE_OCSP) || defined(HAVE_CRL)
         XMEMCPY(signer->issuerNameHash, cert->issuerHash,
                 SIGNER_DIGEST_SIZE);
+    #endif
+    #ifdef HAVE_OCSP
         XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash,
                 KEYID_SIZE);
     #endif
@@ -8631,7 +8634,7 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
 
 int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type)
 {
-    WOLFSSL_ENTER("wolfSSL_LoadCRL");
+    WOLFSSL_ENTER("wolfSSL_LoadCRLFile");
     SSL_CM_WARNING(ssl);
     if (ssl)
         return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type);

tests/api.c

@@ -5701,8 +5701,8 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     if (!c_sharedCtx)
 #endif
     {
-        ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx->c_ctx, cliCertFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx,
+            cliCertFile), WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, cliKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
@@ -5772,8 +5772,8 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     if (!s_sharedCtx)
 #endif
     {
-        ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx->s_ctx, certFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->s_ctx,
+            certFile), WOLFSSL_SUCCESS);
     }
     if (ctx->s_cb.keyPemFile != NULL) {
         keyFile = ctx->s_cb.keyPemFile;
@@ -5806,8 +5806,8 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
         )
     {
-        ExpectIntEQ(wolfSSL_use_certificate_file(ctx->c_ssl, cliCertFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl, cliCertFile),
+            WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, cliKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
@@ -5827,8 +5827,8 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
         )
     {
-        ExpectIntEQ(wolfSSL_use_certificate_file(ctx->s_ssl, certFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl, certFile),
+            WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, keyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
@@ -6035,7 +6035,9 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
     test_ssl_memio_cleanup(&test_ctx);
 
     client_cb->return_code = test_ctx.c_cb.return_code;
+    client_cb->last_err = test_ctx.c_cb.last_err;
     server_cb->return_code = test_ctx.s_cb.return_code;
+    server_cb->last_err = test_ctx.s_cb.last_err;
 
     return EXPECT_RESULT();
 }
@@ -7841,8 +7843,8 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
-    wolfSSL_CTX_set_verify_depth(ctx, 1);
+    myVerifyAction = VERIFY_OVERRIDE_ERROR;
+    wolfSSL_CTX_set_verify_depth(ctx, 0);
     return TEST_SUCCESS;
 }
 #endif
@@ -7915,10 +7917,12 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
      * therefore, handshake becomes failure.
      */
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-        &server_cbf, NULL), TEST_SUCCESS);
+        &server_cbf, NULL), TEST_FAIL);
 
-    ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
-    ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
+    ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
+    ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
+    ExpectIntEQ(client_cbf.last_err, MAX_CHAIN_ERROR);
+    ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
 #endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
         * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
@@ -65112,6 +65116,105 @@ static int test_certreq_sighash_algos(void)
     return EXPECT_RESULT();
 }
 
+#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+    myVerifyAction = VERIFY_USE_PREVERFIY;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/ca-int.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    return EXPECT_RESULT();
+}
+
+static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+    myVerifyAction = VERIFY_USE_PREVERFIY;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/ca-int2.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/ca-int.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_revoked_loaded_int_cert(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+    struct {
+        const char* certPemFile;
+        const char* keyPemFile;
+        ctx_cb      client_ctx_ready;
+    } test_params[] = {
+        {"./certs/intermediate/ca-int2-cert.pem",
+            "./certs/intermediate/ca-int2-key.pem",
+            test_revoked_loaded_int_cert_ctx_ready1},
+        {"./certs/intermediate/server-chain.pem",
+            "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
+        {"./certs/intermediate/server-chain-short.pem",
+            "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
+    };
+    size_t i;
+
+    printf("\n");
+
+    for (i = 0; i < XELEM_CNT(test_params); i++) {
+        XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+        XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+        printf("\tTesting with %s...\n", test_params[i].certPemFile);
+
+        server_cbf.certPemFile = test_params[i].certPemFile;
+        server_cbf.keyPemFile  = test_params[i].keyPemFile;
+
+        client_cbf.ctx_ready = test_params[i].client_ctx_ready;
+
+        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+            &server_cbf, NULL), TEST_FAIL);
+#ifndef WOLFSSL_HAPROXY
+        ExpectIntEQ(client_cbf.last_err, CRL_CERT_REVOKED);
+#else
+        ExpectIntEQ(client_cbf.last_err, WOLFSSL_X509_V_ERR_CERT_REVOKED);
+#endif
+        ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
+
+        if (!EXPECT_SUCCESS())
+            break;
+        printf("\t%s passed\n", test_params[i].certPemFile);
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
 /*----------------------------------------------------------------------------*
  | Main
  *----------------------------------------------------------------------------*/
@@ -66379,6 +66482,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls_client_hello_timeout),
     TEST_DECL(test_dtls_dropped_ccs),
     TEST_DECL(test_certreq_sighash_algos),
+    TEST_DECL(test_revoked_loaded_int_cert),
     /* This test needs to stay at the end to clean up any caches allocated. */
     TEST_DECL(test_wolfSSL_Cleanup)
 };

wolfssl/crl.h

@@ -42,6 +42,9 @@ WOLFSSL_LOCAL int  LoadCRL(WOLFSSL_CRL* crl, const char* path, int type,
 WOLFSSL_LOCAL int  BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz,
                                  int type, int verify);
 WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert);
+WOLFSSL_LOCAL int  CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash,
+        byte* serial, int serialSz, byte* serialHash, const byte* extCrlInfo,
+        int extCrlInfoSz, void* issuerName);
 
 
 #ifdef __cplusplus

wolfssl/wolfcrypt/asn.h

@@ -1959,7 +1959,7 @@ struct Signer {
 #endif /* IGNORE_NAME_CONSTRAINTS */
     byte    subjectNameHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of names in certificate */
-    #ifdef HAVE_OCSP
+    #if defined(HAVE_OCSP) || defined(HAVE_CRL)
         byte    issuerNameHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of issuer names in certificate.
                                       * Used in OCSP to check for authorized
@@ -1972,7 +1972,7 @@ struct Signer {
     #ifdef HAVE_OCSP
         byte subjectKeyHash[KEYID_SIZE];
     #endif
-#ifdef WOLFSSL_AKID_NAME
+#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL)
     byte serialHash[SIGNER_DIGEST_SIZE]; /* serial number hash */
 #endif
 #ifdef WOLFSSL_SIGNER_DER_CERT

wolfssl/wolfcrypt/types.h

@@ -426,6 +426,8 @@ typedef struct w64wrapper {
 
     #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
 
+    #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x)))
+
     /* idea to add global alloc override by Moises Guimaraes  */
     /* default to libc stuff */
     /* XREALLOC is used once in normal math lib, not in fast math lib */