ESP-OPENSSL-tests : Added new test-app to check esp-ssl connection

2024-10-05 20:47:46 -04:00 · 2020-10-07 14:35:02 +04:00 · 2020-10-07 14:35:02 +04:00 · b3ad76537a
commit b3ad76537a
parent 6af7681008
15 changed files with 513 additions and 0 deletions
--- a/tools/test_apps/protocols/openssl/CMakeLists.txt
+++ b/tools/test_apps/protocols/openssl/CMakeLists.txt
@ -0,0 +1,14 @@
+# The following four lines of boilerplate have to be in your project's CMakeLists
+# in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.5)
+
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+
+project(openssl_connect_test)
+
+target_add_binary_data(openssl_connect_test.elf "client_certs/ca.crt" TEXT)
+target_add_binary_data(openssl_connect_test.elf "client_certs/ca.key" TEXT)
--- a/tools/test_apps/protocols/openssl/README.md
+++ b/tools/test_apps/protocols/openssl/README.md
@ -0,0 +1,11 @@
+# ESP-OPENSSL connect test project
+
+Main purpose of this application is to test the ESP-OPENSSL library to correctly connect/refuse connectio with TLS servers.
+It is possible to run this example manually without any test to exercise ESP-OPENSSL library.
+
+## Runtime settings
+This app waits for user input to provide these parameters:
+ test-type: "conn" connection test (host, port, test-case)
+
+## Hardware Required
+This test-app can be executed on any ESP32 board, the only required interface is WiFi and connection to a local network and tls server.
--- a/tools/test_apps/protocols/openssl/app_test.py
+++ b/tools/test_apps/protocols/openssl/app_test.py
@ -0,0 +1,126 @@
+from __future__ import print_function
+from __future__ import unicode_literals
+import re
+import os
+import socket
+from threading import Thread, Event
+import ttfw_idf
+import ssl
+
+SERVER_CERTS_DIR = "server_certs/"
+
+
+def _path(f):
+    return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
+
+
+def get_my_ip():
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    try:
+        # doesn't even have to be reachable
+        s.connect(('10.255.255.255', 1))
+        IP = s.getsockname()[0]
+    except socket.error:
+        IP = '127.0.0.1'
+    finally:
+        s.close()
+    return IP
+
+
+# Simple TLS server
+class TlsServer:
+
+    def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
+        self.port = port
+        self.socket = socket.socket()
+        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.socket.settimeout(20.0)
+        self.shutdown = Event()
+        self.negotiated_protocol = negotiated_protocol
+        self.conn = None
+        self.ssl_error = None
+        self.server_thread = None
+
+    def __enter__(self):
+        try:
+            self.socket.bind(('', self.port))
+        except socket.error as e:
+            print("Bind failed:{}".format(e))
+            raise
+
+        self.socket.listen(1)
+        self.server_thread = Thread(target=self.run_server)
+        self.server_thread.start()
+
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        self.shutdown.set()
+        self.server_thread.join()
+        self.socket.close()
+        if (self.conn is not None):
+            self.conn.close()
+
+    def run_server(self):
+        context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+        context.load_verify_locations(cafile=_path(SERVER_CERTS_DIR + "ca.crt"))
+        context.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + "server.crt"), keyfile=_path(SERVER_CERTS_DIR + "server.key"))
+        context.verify_flags = self.negotiated_protocol
+        self.socket = context.wrap_socket(self.socket, server_side=True)
+        try:
+            print("Listening socket")
+            self.conn, address = self.socket.accept()  # accept new connection
+            self.socket.settimeout(20.0)
+            print(" - connection from: {}".format(address))
+        except ssl.SSLError as e:
+            self.conn = None
+            self.ssl_error = str(e)
+            print(" - SSLError: {}".format(str(e)))
+
+
+@ttfw_idf.idf_custom_test(env_tag="Example_WIFI", group="test-apps")
+def test_app_esp_openssl(env, extra_data):
+    dut1 = env.get_dut("openssl_connect_test", "tools/test_apps/protocols/openssl", dut_class=ttfw_idf.ESP32DUT)
+    # check and log bin size
+    binary_file = os.path.join(dut1.app.binary_path, "openssl_connect_test.bin")
+    bin_size = os.path.getsize(binary_file)
+    ttfw_idf.log_performance("openssl_connect_test_bin_size", "{}KB".format(bin_size // 1024))
+    ttfw_idf.check_performance("openssl_connect_test_bin_size_vin_size", bin_size // 1024, dut1.TARGET)
+    dut1.start_app()
+    esp_ip = dut1.expect(re.compile(r" IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"), timeout=30)
+    print("Got IP={}".format(esp_ip[0]))
+    ip = get_my_ip()
+    server_port = 2222
+
+    def start_case(case, desc, negotiated_protocol, result):
+        with TlsServer(server_port, negotiated_protocol=negotiated_protocol):
+            print("Starting {}: {}".format(case, desc))
+            dut1.write("conn {} {} {}".format(ip, server_port, case))
+            dut1.expect(re.compile(result), timeout=10)
+            return case
+
+    # start test cases
+    start_case(
+        case="CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE",
+        desc="Connect with verify_none mode using wrong certs",
+        negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
+        result="SSL Connection Succeed")
+    start_case(
+        case="CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER",
+        desc="Connect with verify_peer mode using wrong certs",
+        negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
+        result="SSL Connection Failed")
+    start_case(
+        case="CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE",
+        desc="Connect with verify_none mode using wrong certs",
+        negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
+        result="SSL Connection Succeed")
+    start_case(
+        case="CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER",
+        desc="Connect with verify_peer mode using wrong certs",
+        negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
+        result="SSL Connection Failed")
+
+
+if __name__ == '__main__':
+    test_app_esp_openssl()
--- a/tools/test_apps/protocols/openssl/client_certs/ca.crt
+++ b/tools/test_apps/protocols/openssl/client_certs/ca.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUV+ePqdbRF3ln6vDyuopcmiQjLNcwDQYJKoZIhvcNAQEL
+BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
+CUVzcHJlc3NpZjAeFw0yMDEwMDQyMTA3MzhaFw0yMDExMDMyMTA3MzhaMDYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
+aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdrEr3ams2MvGm8Xqd
+9uMikvx/lQ2S1l5FD8kP7SaMmQJ6I9pLaDTSPzg7ZdiI94B7v1s+DJUPe9t9+Drb
+zk1fyI9SFooSkiTKcNcDq0MIKlI/6pBp9B86Bn+wpLL+u8G6616X8ERREltJ/HJh
+oR41zCHWYKmkRIEMfXPcRbiqw4dNtos5si26MIbBzouUAaN1odXnXGZxntAn3AmR
+jQso9GkW2YlrLhpUFgwLxzJZE8EOZsYXvo4X0/n+LoZIiRAGnX6Zy45zMTWAP5ZL
+DEo4RT8a2wOHXw6/as/ec7d7pZHk3lSzsfSONH38OWprieOqqnAK1TqBcjggPXvE
+pRq/AgMBAAGjUzBRMB0GA1UdDgQWBBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAfBgNV
+HSMEGDAWgBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCaMiRZpBr48Nq4S1xMkPw+ILeyGxwHdHKYMuqrEtKW
+ErRy1lij6ShCjKdXGLmjwOAtq8UV5BvtD6Rak88GwiP2D9Jn8Jw4oF7CGxQw/tjQ
+MxRF7ok8XNyp5fYkhGRYph0cMDhfYObku/cE9ser1UxKSq/szS9orTduyUfJZYd
+Doe6R7KNTq9uPKs5Gk2Lu7gflqlcv89j+r+r+uWf45uLXGP/8iZ9KEJB7xKuNAR1
+z1HovlFW1h08eLYpaLFKRXkSSmUhdEE59mdIYhToE9AHgoyGJqz3tkhzleRn6lmA
+JhDVxbm2xFHWCG9SJ6f8OYHpjOrAKXlX45zOLjUVcsN9
+-----END CERTIFICATE-----
--- a/tools/test_apps/protocols/openssl/client_certs/ca.key
+++ b/tools/test_apps/protocols/openssl/client_certs/ca.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAnaxK92prNjLxpvF6nfbjIpL8f5UNktZeRQ/JD+0mjJkCeiPa
+S2g00j84O2XYiPeAe79bPgyVD3vbffg6285NX8iPUhaKEpIkynDXA6tDCCpSP+qQ
+afQfOgZ/sKSy/rvBuutel/BEURJbSfxyYaEeNcwh1mCppESBDH1z3EW4qsOHTbaL
+ObItujCGwc6LlAGjdaHV51xmcZ7QJ9wJkY0LKPRpFtmJay4aVBYMC8cyWRPBDmbG
+F76OF9P5/i6GSIkQBp1+mcuOczE1gD+WSwxKOEU/GtsDh18Ov2rP3nO3e6WR5N5U
+s7H0jjR9/Dlqa4njqqpwCtU6gXI4ID17xKUavwIDAQABAoIBAAMEVvLhAGgrFWCi
+Yjw/ix0QPvCaA4Z5v5gGs0wwt3odO2Tm5rhmqAwV1ZedXUVRpw23HaHUT83aCtsg
+MtAd5HEev09MyxuL3FRbUGHrlv7DAIvkixrb5vUPRsY0gJBLO2u+MTMrD8OVXFXQ
+FMg1cwSIgWU+uEBCZ0274MmoM95gk7ZFI3f5TSjFshSBdcaoewdZS0hhKo9GlhmY
+Y/zRT0sQfzKZX8zRslqsWjHuJ1um8w+SRZhGX1Pdl8tZpAGoQASzaelJuNAzSQoD
+wW+FhpMKAB4VNwgNOD1BDelDdJb1VlK+mt5I/U1tvetynks6NbuEqtMoKFQSXyVH
+LLU7V9ECgYEA0U9mtFfmEyZDmvZaPBeiYwC5gYg5NK7QYFvIibkjvIrPvQUIP5jn
+kvrZv2Nsyf6iH6oq4xhS8n+JhzteAOJu56YprHbOXcVo7KhxiUcqvUCWyrwL7LiC
+zv0nVXW1SGNtSsZ334eI1B27L6wkVLTsz3tKPldn93s7zBE2tsbO2S0CgYEAwNgq
+vO60mYrEu/u6Eje59PULuODiFX+cwJoqCmsh1Uc4N3ty5B3pm0eI4aCGPYWpA0aQ
+ktxQVVHgXIVHDrqRCY+FqSoBQJ4/QNHtMYA23Uk5CcnrCKrhFtUwdXHbC2Lz1Men
+DA8zaxJaaJvqREpQH6w7YLDGyH1Klpe9R4/+3xsCgYBacPKx7mEt2RTROq2W1aeH
+G+MMQ25kgzzqxf4K9IKqj1hgFnKP+GPnsJiyCCYTygEHqaHKatI8kjs8wbxGqZC+
+a6AKM3PMNOa3i7kzVhrzl5sQktycNsXe5qg+VxQz6TJqYwOdBJVtAkPFv54bM+o3
+ZNCZy27TEt6tuKppo9HxKQKBgQCKYNNSHWvknaoMRla/ydMbTldqA5zX1mlx3235
+aeSuOVvCnEfWHwzJSuyTEvAg529fFVyatZLDlmwLl+tkS0XV+XHs8GJTrvouljTB
+B4LXCTrvpj+MSaoZC0OpktiedBQJhHZ+9c1ssI/FbtQMytJx19IH0PHjXdyO8TV2
+S4KVLwKBgQCYEldaRhQhRVD2JiY2qWqdqDSytX+NkSMF7uJQeAtx1xD+mCQQpKPA
+UviFoCpd6X2m2rGpEy/hOAlciS4LDuwzBlIR5XZgtIbTap5l0/fwS4cEvoP3ncYs
+y8v+dZLTwu81IlShVIN1c0SszX+yNrVyfdvLLV1boOX4YzE75EObiw==
+-----END RSA PRIVATE KEY-----
--- a/tools/test_apps/protocols/openssl/main/CMakeLists.txt
+++ b/tools/test_apps/protocols/openssl/main/CMakeLists.txt
@ -0,0 +1,2 @@
+idf_component_register(SRCS "main.c" "connect_test.c"
+                    INCLUDE_DIRS "." )
--- a/tools/test_apps/protocols/openssl/main/component.mk
+++ b/tools/test_apps/protocols/openssl/main/component.mk
@ -0,0 +1,3 @@
+#
+# Main Makefile. This is basically the same as a component makefile.
+#
--- a/tools/test_apps/protocols/openssl/main/connect_test.c
+++ b/tools/test_apps/protocols/openssl/main/connect_test.c
@ -0,0 +1,129 @@
+#include <sys/socket.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <openssl/ssl.h>
+#include "esp_log.h"
+
+static const char *TAG = "OPENSSL_TEST";
+
+static int open_connection(const char *host, const int port)
+{
+    struct sockaddr_in addr;
+    struct hostent *h;
+    int sd;
+    if ((h = gethostbyname(host)) == NULL) {
+        ESP_LOGI(TAG, "Failed to get host name %s", host);
+        return -1;
+    }
+    sd = socket(AF_INET, SOCK_STREAM, 0);
+    bzero(&addr, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_port = htons(port);
+    addr.sin_addr.s_addr = *(long*)(h->h_addr);
+    if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
+        return -1;
+    }
+    return sd;
+}
+
+static SSL_CTX* init_ctx(const char *test_case)
+{
+    extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
+    extern const unsigned char cacert_pem_end[]   asm("_binary_ca_crt_end");
+    const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
+    const SSL_METHOD *method = NULL;
+    SSL_CTX *ctx = NULL;
+    if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
+        method = TLSv1_1_client_method();
+        ctx = SSL_CTX_new(method);   /* Create new context */
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+    } else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
+        method = TLSv1_1_client_method();
+        ctx = SSL_CTX_new(method);   /* Create new context */
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+    } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
+        method = TLSv1_2_client_method();
+        ctx = SSL_CTX_new(method);   /* Create new context */
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+    } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
+        method = TLSv1_2_client_method();
+        ctx = SSL_CTX_new(method);   /* Create new context */
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+    }
+    X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
+    if(!x) {
+        ESP_LOGI(TAG, "Loading certs failed");
+        goto failed;
+    }
+    SSL_CTX_add_client_CA(ctx, x);
+    return ctx;
+failed:
+    return NULL;
+}
+
+static void start_test(const char *host, const int port, const char *test_case)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    int sockfd;
+    int ret;
+
+    ESP_LOGI(TAG, "Test %s started", test_case);
+    ctx = init_ctx(test_case);
+    if (!ctx) {
+        ESP_LOGI(TAG, "Failed");
+        goto failed1;
+    }
+    ESP_LOGI(TAG, "Trying connect to %s port %d test case %s ...", host, port, test_case);
+    sockfd = open_connection(host, port);
+    if(sockfd < 0) {
+        ESP_LOGI(TAG,"Failed");
+        goto failed1;
+    }
+    ESP_LOGI(TAG, "OK");
+    ESP_LOGI(TAG, "Create SSL obj");
+    ssl = SSL_new(ctx);
+    if (!ssl) {
+        ESP_LOGI(TAG,"Failed");
+        goto failed2;
+    }
+    ESP_LOGI(TAG, "OK");
+    SSL_set_fd(ssl, sockfd);
+    ESP_LOGI(TAG, "SSL verify mode = %d connected to %s port %d ...", SSL_CTX_get_verify_mode(ctx),
+        host, port);
+    ret = SSL_connect(ssl);
+    ESP_LOGI(TAG, "OK");
+    if (ret <= 0) {
+        ESP_LOGI(TAG,"SSL Connection Failed");
+        goto failed3;
+    }
+    ESP_LOGI(TAG,"SSL Connection Succeed");
+failed3:
+    SSL_free(ssl);
+    ssl = NULL;
+failed2:
+    close(sockfd);
+    sockfd = -1;
+failed1:
+    SSL_CTX_free(ctx);
+    ctx = NULL;
+}
+
+static void scan(char *s, char **test_type, char **host, int *p, char **test_case)
+{
+    const char *delim = " ";
+    *test_type = strtok(s, delim);
+    *host = strtok(NULL, delim);
+    *p = atoi(strtok(NULL, delim));
+    *test_case = strtok(NULL, delim);
+}
+
+void connection_test(char *line)
+{
+    char *test_case;
+    char *test_type;
+    char *host;
+    int port;
+    scan(line, &test_type, &host, &port, &test_case);
+    start_test(host, port, test_case);
+}
--- a/tools/test_apps/protocols/openssl/main/main.c
+++ b/tools/test_apps/protocols/openssl/main/main.c
@ -0,0 +1,71 @@
+/* OpenSSL client test
+
+   This example code is in the Public Domain (or CC0 licensed, at your option.)
+
+   Unless required by applicable law or agreed to in writing, this
+   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+   CONDITIONS OF ANY KIND, either express or implied.
+*/
+#include <stdio.h>
+#include <stddef.h>
+#include <string.h>
+#include "esp_system.h"
+#include "nvs_flash.h"
+#include "esp_event.h"
+#include "esp_netif.h"
+#include "esp_log.h"
+#include "protocol_examples_common.h"
+
+static const char *TAG = "OPENSSL_TEST";
+void connection_test(char *line);
+
+static void get_string(char *line, size_t size)
+{ 
+    int count = 0; 
+    while (count < size) {
+        int c = fgetc(stdin);
+        if (c == '\n') {
+            line[count] = '\0';
+            break;
+        } else if (c > 0 && c < 127) {
+            line[count] = c;
+            ++count;
+        }
+        vTaskDelay(10 / portTICK_PERIOD_MS);
+    }
+}
+
+void app_main(void)
+{
+    char line[256];
+
+    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
+    ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
+
+    esp_log_level_set("*", ESP_LOG_INFO);
+    esp_log_level_set("OPENSSL_CLIENT", ESP_LOG_VERBOSE);
+    esp_log_level_set("TRANSPORT_TCP", ESP_LOG_VERBOSE);
+    esp_log_level_set("TRANSPORT_SSL", ESP_LOG_VERBOSE);
+    esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE);
+    esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE);
+
+    ESP_ERROR_CHECK(nvs_flash_init());
+    ESP_ERROR_CHECK(esp_netif_init());
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
+     * Read "Establishing Wi-Fi or Ethernet Connection" section in
+     * examples/protocols/README.md for more information about this function.
+     */
+    ESP_ERROR_CHECK(example_connect());
+
+    while (1) {
+        get_string(line, sizeof(line));
+        if (memcmp(line, "conn", 4) == 0) {
+            // line starting with "conn" indicate connection tests
+            connection_test(line);
+            get_string(line, sizeof(line));
+            continue;
+        }
+    }
+}
--- a/tools/test_apps/protocols/openssl/server_certs/ca.crt
+++ b/tools/test_apps/protocols/openssl/server_certs/ca.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
+BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
+CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
+aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
+yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
+0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
+coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
+tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
+IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
+oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
+HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
+Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
+XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
+8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
+fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
+AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
+-----END CERTIFICATE-----
--- a/tools/test_apps/protocols/openssl/server_certs/ca.key
+++ b/tools/test_apps/protocols/openssl/server_certs/ca.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
+trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
+kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
+QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
+HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
+XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
+VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
+khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
+wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
+ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
+qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
+t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
+8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
+BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
+Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
+EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
+pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
+F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
+/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
+zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
+DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
+6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
+Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
+gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
+eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
+-----END RSA PRIVATE KEY-----
--- a/tools/test_apps/protocols/openssl/server_certs/ca.srl
+++ b/tools/test_apps/protocols/openssl/server_certs/ca.srl
@ -0,0 +1 @@
+2F41CC40E62F73ACADA631D44C6D40D87504A661
--- a/tools/test_apps/protocols/openssl/server_certs/server.crt
+++ b/tools/test_apps/protocols/openssl/server_certs/server.crt
@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfECFC9BzEDmL3OsraYx1ExtQNh1BKZhMA0GCSqGSIb3DQEBCwUAMDYx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3By
+ZXNzaWYwHhcNMjAwOTIzMDgwMDE5WhcNNDgwMjA5MDgwMDE5WjBMMQswCQYDVQQG
+EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJRXNwcmVzc2lmMRQw
+EgYDVQQDDAtDb21tb24gTmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANjphhEwXDfNjysOcPKhLoQQyZa/5ku3bZFHwlNf4XXbkmPOUgjWOq4JMDC6
+WZB93Ey+OJHIowuoPkADlUtsWRgSLizttn50hcO9PWLfd4NBoNJGqJmh38UiS1tB
+SO7YaFcAuXkv+SoirMw5bYuRTJQD8G/j5juvsMUWhif9WsYLPYurkksZqvdZHhrG
+nRqPD76RwXpzPwMa5OOj3N9jIxrt4NI8vizjS4weq3e/VNNZS6L93CZFFDB+O382
+ijtavThQ+S9LMyHe+EtoGyF/aSJk58pwo0J+u6t1iblHEBz0O3ZEuUn4vjtNSNnz
+f2Mbc/MlPWoibTe2uw7XxbHyaQMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpNQ
+lPHWiXizOxK46pI2EfeggUTtlAFoDvAT+s2SdlwZKNw6Hf80yFJ55nnOgmiMN9aq
+x7oXFBPdxhgWStqR+yN0KRyoc+5AS3lz4m61l2jIRYYhg7ItURxujGQPfHPcmQSp
+A+gkMXt0DBsdYBz/xxa4Bgw9S/BWUsXMLPG95SAPpAObSZEs/QXagVg0fxzdZTc9
+fajmP8S/5sO3MM+krpyh1NcrJZKm9poHYCG8bBOz19SNPl46eQHdoud3dstHPn0Q
+Jmg12w4HZ4Z5CU4zcgCWsGf0D/ezg15NEYU5r3hyskqFtTjOdoXY9cTdmgAtPGn
+NiUtKzHKywP+pO5h0Q==
+-----END CERTIFICATE-----
--- a/tools/test_apps/protocols/openssl/server_certs/server.csr
+++ b/tools/test_apps/protocols/openssl/server_certs/server.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+EjAQBgNVBAoMCUVzcHJlc3NpZjEUMBIGA1UEAwwLQ29tbW9uIE5hbWUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6YYRMFw3zY8rDnDyoS6EEMmWv+ZL
+t22RR8JTX+F125JjzlII1jquCTAwulmQfdxMvjiRyKMLqD5AA5VLbFkYEi4s7bZ+
+dIXDvT1i33eDQaDSRqiZod/FIktbQUju2GhXALl5L/kqIqzMOW2LkUyUA/Bv4+Y7
+r7DFFoYn/VrGCz2Lq5JLGar3WR4axp0ajw++kcF6cz8DGuTjo9zfYyMa7eDSPL4s
+40uMHqt3v1TTWUui/dwmRRQwfjt/Noo7Wr04UPkvSzMh3vhLaBshf2kiZOfKcKNC
+frurdYm5RxAc9Dt2RLlJ+L47TUjZ839jG3PzJT1qIm03trsO18Wx8mkDAgMBAAGg
+ADANBgkqhkiG9w0BAQsFAAOCAQEArUWZtrKI9cJEVP2WZXmsSI1vlLhSeqyv+d7z
+5nx5Nzmyuhkck75sA6h7cTZ+QPyJbaijDv8cVx7ZWNhwhIjOD0f7LGMK3EYa8skv
+SA92liKLL6zFWJKeJ/DhfM3PXp3g2jNKOwOuQkmWXdoqgR+VmlgA58gWS3EeBzNT
+C1MwqSd2s/DHOOoEg4FRAjH7DXUSW09vph7zRYr7KzDRSAaE+2S0FK2Uxl7pzpUc
+M2hh2GJ/yClP06XYl7OMFiIbp0hhyLBLLbXnZeYz570Cu8kCAhtfTE7CUiV7eAaY
+2/Bv8/a5qxaVEI2cbjJsmn0RURkXzo0a3FrXJPBeWqsKlPqlBQ==
+-----END CERTIFICATE REQUEST-----
--- a/tools/test_apps/protocols/openssl/server_certs/server.key
+++ b/tools/test_apps/protocols/openssl/server_certs/server.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2OmGETBcN82PKw5w8qEuhBDJlr/mS7dtkUfCU1/hdduSY85S
+CNY6rgkwMLpZkH3cTL44kcijC6g+QAOVS2xZGBIuLO22fnSFw709Yt93g0Gg0kao
+maHfxSJLW0FI7thoVwC5eS/5KiKszDlti5FMlAPwb+PmO6+wxRaGJ/1axgs9i6uS
+Sxmq91keGsadGo8PvpHBenM/Axrk46Pc32MjGu3g0jy+LONLjB6rd79U01lLov3c
+JkUUMH47fzaKO1q9OFD5L0szId74S2gbIX9pImTnynCjQn67q3WJuUcQHPQ7dkS5
+Sfi+O01I2fN/Yxtz8yU9aiJtN7a7DtfFsfJpAwIDAQABAoIBAAxoh2/SSWQz0R3Q
+bKukhsmtQCrsfVsVeiIWbcphML+SOPSWp+CziJXOFsCi2F7IpGKLeybzyEfxbuYw
+jkjLQOl8mMGfM5JWThSdbbaLPAX5Kh79RcXMGcXoKVFmEasAHC/l7bY+BU3gv+vK
+2TZjsHLDKuzrp48AhOcxW6lL9/ZeMUcjg1Qr00s1KzYMpnPSQYT+dH5INTX1fxaY
+gIOAipe4Xg5nJKB7eqI7B4d6EJaQhp+SIwtb3aZnETqPLRJFlyiqbaUVPDwWQ4qz
+HtN+h749OdmhK6xOyfs02fJBrqpfSXT620qNZTsjfq+GoKCPL1VmSSVuzJtDDclH
+e6ikPcECgYEA7+GKRCGHrO8QpubcIVr6VoCz9pwdzFxm5DOjVWfR/kJ2i51ne+f5
+VTEfLlsLQmoY54sSm7ojqpqN+lM7vZfZ8S4V9M+6zGq1I6GK0CA4vTB39qRyqMcv
+O+DahEQ+H7DlUsZUYMTjyeSlYcd70h2uQiKQSkDaWKpMYhL6n2/lWuMCgYEA53zf
+GvhlB3QSw98vE07/xWEaZWpFGBgTdjMRl8lv0H7yiLV319ax5HwSJZrI9nCM23Lk
+CiubgVSb8qtwnbJGlsKgvYbngtOsJMOhggAovyYY6U414hJBwRJz4jb9RIub7cpX
+9RQTw15I7UrQW/Gp7PtnViszDwLBMQOhg2dc2ECgYEA0jjcDV09I8bW1w3WuLyc
+Sxa7oFGso54O5cqDR6OWmrbwYOZu/F2NWqWT5/IN6gRFExYEFsmH3ElaR5iN8FeV
+vhFfWI577A1P9YvqtP6n+tTxLQttGJCGynkBx4xuzSMfteztoWirIBHrBcfmsXsl
+bfwQa6JuN+n2yrRLQ1Kys3UCgYBR/gPUPLkkK7Pd1vaIo0mq8trzovF4OEbkbfBE
+UCAfvGdRjt01ASGfaWbQFQQrbfAmZoppI8r/wyU9jgXkhVnFWoiuuNLVnv3xQ624
+KzBDjE30jTQ+r/LEXTHYpVuN5NlFH4+MbkZHyeDniesZUWsOyYdXXSpPaNEKThtK
+1hW34QKBgAcqVqoKWSFS2Z44LCE/E9npOxFHZdFsXy0U+EbLBNIoIEMbPex1c5ss
+nUzpvQcw8wpEcKn8RKIOMzJtdSat5yzGUIpziRHeSdyYK7pnBHn40SR2yQYDH/YO
+C9vrJRcoVFDOHmoQITCW/oOfL/QlKWgL54kmdHNDm8IqTKP2JYp4
+-----END RSA PRIVATE KEY-----