qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From astitc...@apache.org
Subject [qpid-proton] 02/06: PROTON-2019: [Python] Fix the test certificates so that test work on Windows 10 - Had to change the key algorithm to EC because the previous default DSA is insecure and hence not supported by default on Windows
Date Thu, 14 Mar 2019 20:05:31 GMT
This is an automated email from the ASF dual-hosted git repository.

astitcher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git

commit 67bed640c83d6b9a6816191b61852694ccec1c1f
Author: Andrew Stitcher <astitcher@apache.org>
AuthorDate: Thu Mar 14 02:08:11 2019 -0400

    PROTON-2019: [Python] Fix the test certificates so that test work on Windows 10
    - Had to change the key algorithm to EC because the previous default DSA
      is insecure and hence not supported by default on Windows
---
 python/tests/proton_tests/ssl.py                   |  16 +++---
 python/tests/proton_tests/ssl_db/README.txt        |  61 +--------------------
 .../proton_tests/ssl_db/bad-server-certificate.p12 | Bin 1490 -> 887 bytes
 .../proton_tests/ssl_db/bad-server-certificate.pem |  31 +++++------
 .../proton_tests/ssl_db/bad-server-private-key.pem |  15 ++---
 python/tests/proton_tests/ssl_db/bad-server.pkcs12 | Bin 1524 -> 924 bytes
 .../tests/proton_tests/ssl_db/ca-certificate.p12   | Bin 992 -> 664 bytes
 .../tests/proton_tests/ssl_db/ca-certificate.pem   |  35 +++++-------
 python/tests/proton_tests/ssl_db/ca.pkcs12         | Bin 1572 -> 964 bytes
 .../proton_tests/ssl_db/client-certificate.p12     | Bin 1546 -> 951 bytes
 .../proton_tests/ssl_db/client-certificate.pem     |  25 +++------
 .../proton_tests/ssl_db/client-certificate1.p12    | Bin 1604 -> 1009 bytes
 .../proton_tests/ssl_db/client-certificate1.pem    |  27 ++++-----
 .../ssl_db/client-private-key-no-password.pem      |  11 +---
 .../proton_tests/ssl_db/client-private-key.pem     |  15 ++---
 .../proton_tests/ssl_db/client-private-key1.pem    |  15 ++---
 .../tests/proton_tests/ssl_db/client-request.pem   |  19 ++-----
 .../tests/proton_tests/ssl_db/client-request1.pem  |  21 +++----
 python/tests/proton_tests/ssl_db/client.pkcs12     | Bin 1532 -> 940 bytes
 python/tests/proton_tests/ssl_db/client1.pkcs12    | Bin 1646 -> 1054 bytes
 .../proton_tests/ssl_db/{README.txt => mkcerts.sh} |  43 +++------------
 .../proton_tests/ssl_db/server-certificate-lh.pem  |  33 +++--------
 .../proton_tests/ssl_db/server-certificate.p12     | Bin 1562 -> 967 bytes
 .../proton_tests/ssl_db/server-certificate.pem     |  25 +++------
 python/tests/proton_tests/ssl_db/server-lh.pkcs12  | Bin 2199 -> 900 bytes
 .../proton_tests/ssl_db/server-private-key-lh.pem  |  21 ++-----
 .../proton_tests/ssl_db/server-private-key.pem     |  15 ++---
 .../proton_tests/ssl_db/server-request-lh.pem      |  27 ++-------
 .../tests/proton_tests/ssl_db/server-request.pem   |  20 +++----
 .../proton_tests/ssl_db/server-wc-certificate.p12  | Bin 1624 -> 1029 bytes
 .../proton_tests/ssl_db/server-wc-certificate.pem  |  27 ++++-----
 .../proton_tests/ssl_db/server-wc-private-key.pem  |  15 ++---
 .../proton_tests/ssl_db/server-wc-request.pem      |  22 +++-----
 python/tests/proton_tests/ssl_db/server-wc.pkcs12  | Bin 1626 -> 1026 bytes
 python/tests/proton_tests/ssl_db/server.pkcs12     | Bin 1572 -> 972 bytes
 35 files changed, 158 insertions(+), 381 deletions(-)

diff --git a/python/tests/proton_tests/ssl.py b/python/tests/proton_tests/ssl.py
index 9419292..b33dae1 100644
--- a/python/tests/proton_tests/ssl.py
+++ b/python/tests/proton_tests/ssl.py
@@ -216,18 +216,18 @@ class SslTest(common.Test):
         self.assertEqual("O=Server,CN=A1.Good.Server.domain.com", client.ssl.get_cert_subject())
         self.assertEqual("O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev", server.ssl.get_cert_subject())
 
-        self.assertEqual("f78f03ec31317c213dcf607c095242adbf067824", server.ssl.get_cert_fingerprint_sha1())
-        self.assertEqual("3836fd0d7bbc155158997ff336de29545cc1ce4137f8419062ceb8b50fd7a6f9", server.ssl.get_cert_fingerprint_sha256())
-        self.assertEqual("a8390634eb10c7a12ba3ce0837001bc6ae78c7690984f4788cf4430acdb496d5d9e02c8ec39219f5c4dcd908c34861d09481c2faf53b4ccc95dac60e623165c4",
+        self.assertEqual("1762688fb3c1c7908690efa158e89924a8e739b6", server.ssl.get_cert_fingerprint_sha1())
+        self.assertEqual("f5890052d5ad3f38f68eae9027b30fc4c3f09758d59d8f19e3f192e29e41708d", server.ssl.get_cert_fingerprint_sha256())
+        self.assertEqual("5d2b1bff39df99d101040348be015970e3da1d0ad610902dc78bba24555aae16395fd1342e26b89b422c304c32b48913000b485933720773d033aaffc561b3e9",
                          server.ssl.get_cert_fingerprint_sha512())
-        self.assertEqual("32b7bc119f61c71d368caaf9a6bf58b2", server.ssl.get_cert_fingerprint_md5())
+        self.assertEqual("246ea13c8a549e8c0b0cc6490d81b34b", server.ssl.get_cert_fingerprint_md5())
 
         # Test the various fingerprint algorithms
-        self.assertEqual("0aab5922c8657a7fb78402b79379506d3d7806ce", client.ssl.get_cert_fingerprint_sha1())
-        self.assertEqual("de5e0c4097f841815a769ce1a30dbe912b83711438a5aaf50001da23cee5a8a8", client.ssl.get_cert_fingerprint_sha256())
-        self.assertEqual("d0aceeb68ab9de57c9e1c21a43a4511c54ec94011e770a523a6352b1374f59c8b58adc93d5cad6f25aa125b5934309a61a25e74a5d5e0cb40b07c7468615944c",
+        self.assertEqual("d28c0ae17c370c269bd680ea3bcc523ea5da544e", client.ssl.get_cert_fingerprint_sha1())
+        self.assertEqual("c460a601f77b77ec59480955574a227c309805dd36dbf866f42d2dce3fd4757c", client.ssl.get_cert_fingerprint_sha256())
+        self.assertEqual("37c28f451105b1979e2ea62d4a38c86e158ad345894b5016662bdd1913f48764bd71deb4b4de4ce22559828634357dcaea1832dd58327dfe5b0bc368ecbeee4c",
                          client.ssl.get_cert_fingerprint_sha512())
-        self.assertEqual("ae0ebcebc1f970fb696ef9f56e3235da", client.ssl.get_cert_fingerprint_md5())
+        self.assertEqual("16b075688b82c40ce5b03c984f20286b", client.ssl.get_cert_fingerprint_md5())
 
         self.assertEqual(None, client.ssl.get_cert_fingerprint(21, SSL.SHA1)) # Should be at least 41
         self.assertEqual(None, client.ssl.get_cert_fingerprint(50, SSL.SHA256)) # Should be at least 65
diff --git a/python/tests/proton_tests/ssl_db/README.txt b/python/tests/proton_tests/ssl_db/README.txt
index 8a6bd6a..6e0acc3 100644
--- a/python/tests/proton_tests/ssl_db/README.txt
+++ b/python/tests/proton_tests/ssl_db/README.txt
@@ -24,63 +24,4 @@ entries, and a wildcard CommonName.  Used for certificate name checking tests.
 
 These certificates have been created using the OpenSSL tool.
 
-The following bash script can be used to create these certificates (requires keytool from Java 1.7, and openssl):
-
---8<--
-#!/bin/bash
-#set -x
-
-rm -f *.pem *.pkcs12
-
-# Create a self-signed certificate for the CA, and a private key to sign certificate requests:
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth
-openssl pkcs12 -nokeys -passin pass:ca-password -in ca.pkcs12 -passout pass:ca-password -out ca-certificate.pem
-
-# Create a certificate request for the server certificate.  Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey  -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999
-keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request.pem -outfile server-certificate.pem
-openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-private-key.pem
-
-# Create a certificate request for a server certificate using localhost.  Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey  -dname "CN=localhost" -validity 99999
-keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request-lh.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request-lh.pem -outfile server-certificate-lh.pem
-openssl pkcs12 -nocerts -passin pass:server-password -in server-lh.pkcs12 -passout pass:server-password -out server-private-key-lh.pem
-
-# Create a certificate request for the client certificate.  Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -genkey  -dname "O=Client,CN=127.0.0.1" -validity 99999
-keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -certreq -file client-request.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request.pem -outfile client-certificate.pem
-openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -passout pass:client-password -out client-private-key.pem
-openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -nodes -out client-private-key-no-password.pem
-
-# Create another client certificate with a different subject line
-keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -genkey  -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999
-keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -certreq -file client-request1.pem
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request1.pem -outfile client-certificate1.pem
-openssl pkcs12 -nocerts -passin pass:client-password -in client1.pkcs12 -passout pass:client-password -out client-private-key1.pem
-
-# Create a "bad" certificate - not signed by a trusted authority
-keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999
-openssl pkcs12 -nocerts -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-private-key.pem
-openssl pkcs12 -nokeys  -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-certificate.pem
-
-# Create a server certificate with several alternate names, including a wildcarded common name:
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -certreq -file server-wc-request.pem
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com  -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem
-openssl pkcs12 -nocerts -passin pass:server-password -in server-wc.pkcs12 -passout pass:server-password -out server-wc-private-key.pem
-
-# Create pkcs12 versions of the above certificates (for Windows SChannel)
-# The CA certificate store/DB is created without public keys.
-# Give the "p12" files the same base name so the tests can just change the extension to switch between platforms.
-# These certificates might work for OpenSSL <-> SChannel interop tests, but note that the DH cypher suite
-# overlap is poor between platforms especially for older Windows versions.  RSA certificates are better for
-# interop (or PFS-friendly certificates on newer platforms).
-openssl pkcs12 -export -out ca-certificate.p12 -in ca-certificate.pem -name ca-certificate -nokeys -passout pass:
-openssl pkcs12 -export -out server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-private-key.pem -in server-certificate.pem -name server-certificate
-openssl pkcs12 -export -out client-certificate.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key.pem -in client-certificate.pem -name client-certificate
-openssl pkcs12 -export -out client-certificate1.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key1.pem -in client-certificate1.pem -name client-certificate1
-openssl pkcs12 -export -out bad-server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey bad-server-private-key.pem -in bad-server-certificate.pem -name bad-server
-openssl pkcs12 -export -out server-wc-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-wc-private-key.pem -in server-wc-certificate.pem -name server-wc-certificate
+The mkcerts.sh script in this directory can be used to create these certificates (requires keytool from Java 1.7, and openssl):
diff --git a/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 b/python/tests/proton_tests/ssl_db/bad-server-certificate.p12
index 7906831..5284915 100644
Binary files a/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 and b/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/bad-server-certificate.pem b/python/tests/proton_tests/ssl_db/bad-server-certificate.pem
index 1dc288b..20a338e 100644
--- a/python/tests/proton_tests/ssl_db/bad-server-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/bad-server-certificate.pem
@@ -1,22 +1,17 @@
 Bag Attributes
     friendlyName: bad-server
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 32 39 36
-subject=/CN=127.0.0.1/O=Not Trusted Inc
-issuer=/CN=127.0.0.1/O=Not Trusted Inc
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 32 37 33 33 
+subject=CN = 127.0.0.1, O = Not Trusted Inc
+
+issuer=CN = 127.0.0.1, O = Not Trusted Inc
+
 -----BEGIN CERTIFICATE-----
-MIICuzCCAnmgAwIBAgIELMpW4jALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJMTI3
-LjAuMC4xMRgwFgYDVQQKEw9Ob3QgVHJ1c3RlZCBJbmMwIBcNMTcwODAyMjE1MzM4
-WhgPMjI5MTA1MTcyMTUzMzhaMC4xEjAQBgNVBAMTCTEyNy4wLjAuMTEYMBYGA1UE
-ChMPTm90IFRydXN0ZWQgSW5jMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4Ed
-dRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs
-14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
-wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BY
-HPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx
-BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx
-+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAK3E
-5j/UaiVHJYAf3DAIl5hjTZcChTp57GjODdfDteHeDh85HFyW0kxmXyhpUdODzAgG
-THhpxy/+Kkd8jmUBVFnU1EXByvGORBfnJkMTkuhmk9veytxlskQ0tQV8gmRNb0Xe
-hie7T9UT8TQJy9mPS74pSuviFSx0Hz0dKGi0eVUYoyEwHzAdBgNVHQ4EFgQUg2PE
-qycdV1oxVaA33ULDrVdSjhkwCwYHKoZIzjgEAwUAAy8AMCwCFGybqSwG3TauRJVw
-XA/xeSxpYbcBAhQ6ylf9XZAvM7tMyQQTcDAkmt+YWQ==
+MIIBdDCCARmgAwIBAgIEOYKHWjAMBggqhkjOPQQDAgUAMC4xEjAQBgNVBAMTCTEy
+Ny4wLjAuMTEYMBYGA1UEChMPTm90IFRydXN0ZWQgSW5jMCAXDTE5MDMxNDA0NDU1
+MloYDzIyOTIxMjI2MDQ0NTUyWjAuMRIwEAYDVQQDEwkxMjcuMC4wLjExGDAWBgNV
+BAoTD05vdCBUcnVzdGVkIEluYzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH0j
+wk2Vo1ArWrqrivUXOKj3DAUvbwVl2INC9XV56YR1eXK3UWf6dXDTsD943e7+Q1g/
++Xs6mnFzuTsg7pvmqlijITAfMB0GA1UdDgQWBBRHko8UA3o3XnC5LlOnRfTIcKdX
+djAMBggqhkjOPQQDAgUAA0cAMEQCIDiMfWK893Jt1hnuzSq+TzAZm+IaRVDmXSEU
+/xRgKdCNAiB3LVoii0X619W5H+ueGeiWUUqsi3sNPdYlUS3aarloMA==
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/bad-server-private-key.pem b/python/tests/proton_tests/ssl_db/bad-server-private-key.pem
index 331ade0..9b0d1ae 100644
--- a/python/tests/proton_tests/ssl_db/bad-server-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/bad-server-private-key.pem
@@ -1,15 +1,10 @@
 Bag Attributes
     friendlyName: bad-server
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 32 39 36
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 32 37 33 33 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqgLLe7iT+1wCAggA
-MBQGCCqGSIb3DQMHBAhg98ZJQMtngwSCAVCdhdOMr+VVTNaIPSy4nSwdRTlXIuRa
-4wPi+07mToJmEtGfpJ4MPjDF9yRptVQI4RoN/RrLl0WX/HNZ5U4JluL0j68+JB1d
-MoeSRiRc+Yd2vxey8reBrvx1m1mB3LXvm38oZVDFrQ9FNGK09EtTLN1rqckr1fxQ
-Imcvb63nu5UZB8WMCVfKqe9Zm9dQlsSlp3M5OCRm296Xsr0eWwe2W1/rJiKMZN7x
-eJMf4pWVrBHoi6VJHAEA7ZvhRfcHkSbyze5ouDpKbMZS9gq38Hs4d+wkxe9x3emx
-6OvppcpBolZhntF1vJXUXMc6D5Pw3mGEsRGwcMJqWCc8XJTkyP0ylNFNyaHaz0oC
-jSWmUu0s5628K+m8nGY4X7msfOddTA16W6mODjE2ddlTqwTFu2CYBk3WbprBRXo0
-ionZQTPTqcM0UR3KyF9CHRZbnQ/d7bk57/w=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAg7Gy4GHk0q2QICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI/hgn/VXHUKcESAxFPuVRqKtDnlRi
+VnBDcpPQgglazLR1oifNk0D5Q1ouNcHrhwpFblfr3k6vDwfvrcm+9wscbjh34Gcd
+1Epfnje7TcUwlbAOQA==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/bad-server.pkcs12 b/python/tests/proton_tests/ssl_db/bad-server.pkcs12
index dea2143..16fff19 100644
Binary files a/python/tests/proton_tests/ssl_db/bad-server.pkcs12 and b/python/tests/proton_tests/ssl_db/bad-server.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/ca-certificate.p12 b/python/tests/proton_tests/ssl_db/ca-certificate.p12
index 767b24d..f0085e7 100644
Binary files a/python/tests/proton_tests/ssl_db/ca-certificate.p12 and b/python/tests/proton_tests/ssl_db/ca-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/ca-certificate.pem b/python/tests/proton_tests/ssl_db/ca-certificate.pem
index 6d27395..4a04348 100644
--- a/python/tests/proton_tests/ssl_db/ca-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/ca-certificate.pem
@@ -1,24 +1,19 @@
 Bag Attributes
     friendlyName: ca
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 36 34 37 32
-subject=/CN=Trusted.CA.com/O=Trust Me Inc.
-issuer=/CN=Trusted.CA.com/O=Trust Me Inc.
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 34 38 33 36 36 
+subject=CN = Trusted.CA.com, O = Trust Me Inc.
+
+issuer=CN = Trusted.CA.com, O = Trust Me Inc.
+
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAsKgAwIBAgIEBGGY1zALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM2WhgPMjI5MTA1MTcyMTUzMzZaMDExFzAVBgNVBAMTDlRydXN0ZWQuQ0EuY29t
-MRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMIIBuDCCASwGByqGSM44BAEwggEfAoGB
-AP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6
-MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E
-+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
-ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeO
-utRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/
-C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUA
-AoGBALsRT+tH1c+TC78EYtPh+KQ0DosKKtxeSRos4eQ49erdI+tYhzeqN3Ebmeky
-TWfGjjU64PGRFDNGjpf9l7Yo22jk9U5zIFkFp5gP9DVBHrOrh8mdT+/oBhhVHxI5
-rWLqSjI/zXhRzRwueR81p0D3XJlV3g/xlOlWALoRnUWpDAo3o2QwYjASBgNVHRMB
-Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV
-HQ8BAf8EBAMCAoQwHQYDVR0OBBYEFLI2ezwilYHGS5MRPMWlifHH+Y5qMAsGByqG
-SM44BAMFAAMvADAsAhRxomjEvDfhe1p+D6KLc0IGjDNgtgIUIZXb0/Fpzy6dpCwe
-Ay+soxvpfMU=
+MIIBvjCCAWKgAwIBAgIEKf+gPDAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU0OFoYDzIyOTIxMjI2MDQ0NTQ4WjAxMRcwFQYDVQQDEw5UcnVzdGVkLkNBLmNv
+bTEWMBQGA1UEChMNVHJ1c3QgTWUgSW5jLjBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABNR8m25EBo4Gz9kJDzEFfhbJSVlIBNvkA4ptboCI7KtvlMFIngctZ57j0nQg
+zFRm4+7JvhG47emOKFnKTTi+ajujZDBiMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIChDAdBgNV
+HQ4EFgQUpc3FsKH3CFshhQ//NGv22VnJClUwDAYIKoZIzj0EAwIFAANIADBFAiEA
+yp0ubNbuHni42G9015G+5BN0JcrQR9+cXnPMmAbu+pICICHM/4bARj6MgMMjkNDw
+fAUY/tsPIf2bThlTne+dYswg
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/ca.pkcs12 b/python/tests/proton_tests/ssl_db/ca.pkcs12
index d9ca00c..ae14dc7 100644
Binary files a/python/tests/proton_tests/ssl_db/ca.pkcs12 and b/python/tests/proton_tests/ssl_db/ca.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/client-certificate.p12 b/python/tests/proton_tests/ssl_db/client-certificate.p12
index 82271f9..fbb9b76 100644
Binary files a/python/tests/proton_tests/ssl_db/client-certificate.p12 and b/python/tests/proton_tests/ssl_db/client-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/client-certificate.pem b/python/tests/proton_tests/ssl_db/client-certificate.pem
index 4c0d4d4..e79f9c8 100644
--- a/python/tests/proton_tests/ssl_db/client-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/client-certificate.pem
@@ -1,18 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIC1jCCApOgAwIBAgIEeg2f8DALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM3WhgPMjI5MTA1MTcyMTUzMzdaMCUxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0G
-A1UEChMGQ2xpZW50MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9K
-nC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00
-b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNa
-FpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA
-9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ
-FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7
-zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAJ3g1ohpHgoxH
-3Yj0SIfiPcUaM5FIszemFwQ2FZoG/J7MiVIw442JheTR/iEB3LYheHBp7ToqhaMY
-NYidcxxUzgZJs3worXqAuUgDdbDcW6AjQ4olyGVt7sX9OL2amMq9BFCIt7SlyDKW
-8Accx46H+8BffMdCu56yw5WQtZ3cPD2jQjBAMB8GA1UdIwQYMBaAFLI2ezwilYHG
-S5MRPMWlifHH+Y5qMB0GA1UdDgQWBBQg7FbClmtrSAHA9lR8E7uexl5p1jALBgcq
-hkjOOAQDBQADMAAwLQIVAIpUbUYyA3DisZyENQwcN0rDQ+FyAhRPcfg9Slb6MfO4
-SBFqOiesk+cpqw==
+MIIBkTCCATSgAwIBAgIEI9nW7zAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1MVoYDzIyOTIxMjI2MDQ0NTUxWjAlMRIwEAYDVQQDEwkxMjcuMC4wLjExDzAN
+BgNVBAoTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOhYajwUumZV
+KBln2HTYEa02R/tRJLUlsaXTNF0UWZsW1CusUHLUl8gCQzZ86gre37f9axOqTuKa
+X8S8X1e8kDajQjBAMB8GA1UdIwQYMBaAFKXNxbCh9whbIYUP/zRr9tlZyQpVMB0G
+A1UdDgQWBBTRne32fYHdf10kgqOReaM+Xggz+jAMBggqhkjOPQQDAgUAA0kAMEYC
+IQDNcLox96KCz9+uMpNnZBwCWaPnZAhLKSL4VAgRzsmguwIhALKsrrYmiHfADqL1
+NIPjXFqjVAr822FFDsNuPhImyb0I
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/client-certificate1.p12 b/python/tests/proton_tests/ssl_db/client-certificate1.p12
index d35f88f..49dfee1 100644
Binary files a/python/tests/proton_tests/ssl_db/client-certificate1.p12 and b/python/tests/proton_tests/ssl_db/client-certificate1.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/client-certificate1.pem b/python/tests/proton_tests/ssl_db/client-certificate1.pem
index c63b4f1..b4ba086 100644
--- a/python/tests/proton_tests/ssl_db/client-certificate1.pem
+++ b/python/tests/proton_tests/ssl_db/client-certificate1.pem
@@ -1,19 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIDDDCCAsqgAwIBAgIEBmzTzzALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM4WhgPMjI5MTA1MTcyMTUzMzhaMFwxDDAKBgNVBAsTA0RldjENMAsGA1UEBxME
-Q2l0eTELMAkGA1UECBMCU1QxCzAJBgNVBAYTAlVTMRIwEAYDVQQDEwkxMjcuMC4w
-LjExDzANBgNVBAoTBkNsaWVudDCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB
-HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tV
-bNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF
-HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvw
-WBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/m
-cQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi
-8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgHVu
-urVq1FFws/JN+I3yfA2RVmFwlYJID8yyO9lkHBPBDE0dqfFBF6F3nwsCiZF0n/v4
-od6MuuRSplV4kZH0jOOVw7e9cF2RNd/KahsIpm/Oq5aosm6W7KDK/xIwNyW+3DFt
-TGDTOZ6ejVMgGR2rAD+FEp2yycJACQBP1GtTSFXTo0IwQDAfBgNVHSMEGDAWgBSy
-Nns8IpWBxkuTETzFpYnxx/mOajAdBgNVHQ4EFgQUz4cx+zNqsCmWpBU2dw8GHO33
-+eEwCwYHKoZIzjgEAwUAAy8AMCwCFCsfHJPB4Tq6qX5U+DZBc3jmLBiXAhRF17Dz
-fq+AxqyQ9PvTtH3UbFh1hQ==
+MIIBxzCCAWugAwIBAgIED5w8oDAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1MloYDzIyOTIxMjI2MDQ0NTUyWjBcMQwwCgYDVQQLEwNEZXYxDTALBgNVBAcT
+BENpdHkxCzAJBgNVBAgTAlNUMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJMTI3LjAu
+MC4xMQ8wDQYDVQQKEwZDbGllbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATM
+/ljcSFBD2f5WXXYFfliu7OrnOQ0hYpggD2pi9hpHPCuc4O8qSpMIJD3rRmtZm9A0
+CUuwFO260ZWZ+XyGIL+ao0IwQDAfBgNVHSMEGDAWgBSlzcWwofcIWyGFD/80a/bZ
+WckKVTAdBgNVHQ4EFgQUgzkMJd//VkwkVEdNk8Pctl0CMvkwDAYIKoZIzj0EAwIF
+AANIADBFAiAuDk84/qkREIQuK55deoDN7dTHGrim/1IA7WlcX0WfNwIhAOyKVWAq
+YZjZyehg/4lxKEDnmURqUeZGwmPNX6Ohi0FO
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem b/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem
index 4609e17..f6f01fc 100644
--- a/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem
+++ b/python/tests/proton_tests/ssl_db/client-private-key-no-password.pem
@@ -1,13 +1,8 @@
 Bag Attributes
     friendlyName: client-certificate
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 32 33 39 
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 30 37 31 35 
 Key Attributes: <No Attributes>
 -----BEGIN PRIVATE KEY-----
-MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
-PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
-pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
-1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
-vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
-zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
-g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUagxvW3D50G8WfG2jBtMMVQRYXnY=
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAC7zwZZzLaBk+N55ry
+QzgmInDn9V3/u9sByfzzbAV0Ug==
 -----END PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/client-private-key.pem b/python/tests/proton_tests/ssl_db/client-private-key.pem
index bca85eb..b1a0c02 100644
--- a/python/tests/proton_tests/ssl_db/client-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/client-private-key.pem
@@ -1,15 +1,10 @@
 Bag Attributes
     friendlyName: client-certificate
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 32 33 39
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 30 37 31 35 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHmVKa1dEtm4CAggA
-MBQGCCqGSIb3DQMHBAgpc0Ay33xL9ASCAVBJ8D5DVRd0d6t3gSvTFBAflpUROv2/
-pQlMLGbGlJIoEPyMIc9/GcgS7U19nMdoJjI1TuT/hGwObualnRRjY6KL5cbK2oUQ
-371yUs6jGIQxtCeb1WgKpA/FKw9jRO7Tg5ztObItPiSQvkOcssfdRJYI1+W+ovj+
-j1BKMkJu197twIChYaz+3ppJzrh3qlqFgdRdE9H04ffWpNaZ6aOIIJHPMuZ8FScu
-bQyvD9JjI+JWJUaCyp/3dxxxVrZ3vu8i6LmrL6Nm9IkJtFMZOfgPkoRLML2DWKqB
-1qLk/Z45/THXDAxrPggFfqMvuctwJmtAGvo3MIbfCi+aewJE6/DjlSHDv6wGvOGB
-T5golvZ5siahHqwmufSQG8ZTsGcpu/jCA5ipIvcTVgWIxscNc2Yx9FDNWVNzUcTy
-ctRX6DS+s7rAy9ISjch4BbAtI7yALFt63eU=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAi5hbIRcNMhZwICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIVqW6ysNdlKsESC1xPa25tqkCSYlo
+EvU8CPJ1Z4FZrWg7Tm3TqhjsZzLLNV2ZAXmk66b0DEla4GtuDNX9cQ1mdJVt4cK9
+RRH2ydoTVZwfmGQUvQ==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/client-private-key1.pem b/python/tests/proton_tests/ssl_db/client-private-key1.pem
index bedf540..4b1fa0a 100644
--- a/python/tests/proton_tests/ssl_db/client-private-key1.pem
+++ b/python/tests/proton_tests/ssl_db/client-private-key1.pem
@@ -1,15 +1,10 @@
 Bag Attributes
     friendlyName: client-certificate1
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 37 37 32
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 31 37 33 33 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIg1n9vdGttqoCAggA
-MBQGCCqGSIb3DQMHBAgRjlrRQfGcLQSCAVChui/M+36/e0WzeM79aJV7YZds/OJY
-gprtJ2g5Cxb1L9hymwgxJtOAaRUqLUcfLHcKSxA+MaB+Ij+/8TH+miq0zZ9q0jZV
-BAm56FNgUjW0nPLueTNhWzVVfQU6H9Tj33OuKm1PQo84Af3OPMtE03pvGDPEAPbH
-a72HUgZyI7WTux4wpxfvUEVkT5OXgBHrFlqXiHHCI+9kqBXMCV3oHgZBcO+dqPKS
-rlaTY7xoQWLenB6EQeYopMA2GNUVtzB3y6/nX2z0Yp5oHqKPBNOyFlVmwCrENN1/
-qnrFfzVbnksWLKhg9O+TPsId1UIZVvBh67y5N5IZRrpuE03qd2BScKM/Tn6vkWNB
-Eus74Vba5vw9prauRC45FVgDe2YYYoULYPfhXWSiiWHDNKOBlz3l3hGlZsC8wKe5
-QlV5bVcOTfGIaBkD7SQyfRjMr8SWj4WMw1M=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjV9ic9LFKc4wICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIZvmbZ2cksUUESDjp49a8ZT4AGeLw
+FCo7HM7oyCMNjBBAYOCphiDwwRECU3K1Gtaelz7bt4GLQvHPEZRCwupmhL0btvuH
+6tJmq3SAllU564IbPg==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/client-request.pem b/python/tests/proton_tests/ssl_db/client-request.pem
index b247aab..ba03fff 100644
--- a/python/tests/proton_tests/ssl_db/client-request.pem
+++ b/python/tests/proton_tests/ssl_db/client-request.pem
@@ -1,15 +1,8 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIICWTCCAhcCAQAwJTESMBAGA1UEAxMJMTI3LjAuMC4xMQ8wDQYDVQQKEwZDbGll
-bnQwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8
-70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWk
-n5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
-Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8
-q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fP
-CTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD
-3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAneDWiGkeCjEfdiPRIh+I9xRoz
-kUizN6YXBDYVmgb8nsyJUjDjjYmF5NH+IQHctiF4cGntOiqFoxg1iJ1zHFTOBkmz
-fCiteoC5SAN1sNxboCNDiiXIZW3uxf04vZqYyr0EUIi3tKXIMpbwBxzHjof7wF98
-x0K7nrLDlZC1ndw8PaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFCDsVsKW
-a2tIAcD2VHwTu57GXmnWMAsGByqGSM44BAMFAAMvADAsAhQY5Zy4fQcy/SZOJ2Ix
-cl3/QfimvQIUVvSdet7NKWzMQoBDhlJTdTzJvE8=
+MIIBEzCBtwIBADAlMRIwEAYDVQQDEwkxMjcuMC4wLjExDzANBgNVBAoTBkNsaWVu
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOhYajwUumZVKBln2HTYEa02R/tR
+JLUlsaXTNF0UWZsW1CusUHLUl8gCQzZ86gre37f9axOqTuKaX8S8X1e8kDagMDAu
+BgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBTRne32fYHdf10kgqOReaM+Xggz+jAM
+BggqhkjOPQQDAgUAA0kAMEYCIQCZHpPOa5wARAM23XE9sOdQ7jYA+PmbtLNcX6jB
+9yVV/QIhAK6x+HRLjP4Yo2oqoDVo8TtHGTxLXOHhLGGnh8T8W0j4
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/client-request1.pem b/python/tests/proton_tests/ssl_db/client-request1.pem
index b46eb0a..f781da4 100644
--- a/python/tests/proton_tests/ssl_db/client-request1.pem
+++ b/python/tests/proton_tests/ssl_db/client-request1.pem
@@ -1,16 +1,9 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIICkTCCAk4CAQAwXDEMMAoGA1UECxMDRGV2MQ0wCwYDVQQHEwRDaXR5MQswCQYD
-VQQIEwJTVDELMAkGA1UEBhMCVVMxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0GA1UE
-ChMGQ2xpZW50MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s
-5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/Jm
-YLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy
-9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
-hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj
-6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx
-vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAdW66tWrUUXCz8k34
-jfJ8DZFWYXCVgkgPzLI72WQcE8EMTR2p8UEXoXefCwKJkXSf+/ih3oy65FKmVXiR
-kfSM45XDt71wXZE138pqGwimb86rlqiybpbsoMr/EjA3Jb7cMW1MYNM5np6NUyAZ
-HasAP4USnbLJwkAJAE/Ua1NIVdOgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
-BBTPhzH7M2qwKZakFTZ3DwYc7ff54TALBgcqhkjOOAQDBQADMAAwLQIUFs17HaTm
-vest72/4Caoo1sH39n0CFQCR680PPwr3lZ5jjEOp+n4htQNUvw==
+MIIBSTCB7gIBADBcMQwwCgYDVQQLEwNEZXYxDTALBgNVBAcTBENpdHkxCzAJBgNV
+BAgTAlNUMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJMTI3LjAuMC4xMQ8wDQYDVQQK
+EwZDbGllbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATM/ljcSFBD2f5WXXYF
+fliu7OrnOQ0hYpggD2pi9hpHPCuc4O8qSpMIJD3rRmtZm9A0CUuwFO260ZWZ+XyG
+IL+aoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUgzkMJd//VkwkVEdNk8Pc
+tl0CMvkwDAYIKoZIzj0EAwIFAANIADBFAiEAtxVWNgJy8KBmmlhCI9xsZeo42cGY
+MutsiPg6KxZwsp0CICb+Z+gdXThNC3aJGXYYX4sE2aTSUBnGYmXC2d2cCStD
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/client.pkcs12 b/python/tests/proton_tests/ssl_db/client.pkcs12
index 575a551..369c8e6 100644
Binary files a/python/tests/proton_tests/ssl_db/client.pkcs12 and b/python/tests/proton_tests/ssl_db/client.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/client1.pkcs12 b/python/tests/proton_tests/ssl_db/client1.pkcs12
index 0e7c888..2303a96 100644
Binary files a/python/tests/proton_tests/ssl_db/client1.pkcs12 and b/python/tests/proton_tests/ssl_db/client1.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/README.txt b/python/tests/proton_tests/ssl_db/mkcerts.sh
similarity index 75%
copy from python/tests/proton_tests/ssl_db/README.txt
copy to python/tests/proton_tests/ssl_db/mkcerts.sh
index 8a6bd6a..84e64b1 100644
--- a/python/tests/proton_tests/ssl_db/README.txt
+++ b/python/tests/proton_tests/ssl_db/mkcerts.sh
@@ -1,73 +1,44 @@
-The following certificate files are used by the SSL unit tests (ssl.py):
-
-ca-certificate.pem - contains the public certificate identifying a "trusted" Certificate
-Authority.  This certificate is used to sign the certificates that identify the SSL
-servers and clients run by the tests.
-
-client-certificate.pem - the public certificate used to identify the client.  Signed by
-the CA.
-
-client-private-key.pem - encrypted key used to create client-certificate.pem.  Password is
-"client-password"
-
-server-certificate.pem - the public certificate used to identify the server.  Signed by
-the CA.  The CommonName is "A1.Good.Server.domain.com", and is checked by some unit tests.
-
-server-private-key.pem - encrypted key used to create server-certificate.pem. Password is
-"server-password"
-
-bad-server-certificate.pem, bad-server-private-key.pem - a certificate/key that is not trusted by the client, for negative test.
-
-server-wc-certificate.pem and server-wc-private-key.pem - similar to
-server-certificate.pem and server-private-key.pem, but contains Subject Alternate Name
-entries, and a wildcard CommonName.  Used for certificate name checking tests.
-
-These certificates have been created using the OpenSSL tool.
-
-The following bash script can be used to create these certificates (requires keytool from Java 1.7, and openssl):
-
---8<--
 #!/bin/bash
 #set -x
 
 rm -f *.pem *.pkcs12
 
 # Create a self-signed certificate for the CA, and a private key to sign certificate requests:
-keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth
+keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -keyalg EC -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth
 openssl pkcs12 -nokeys -passin pass:ca-password -in ca.pkcs12 -passout pass:ca-password -out ca-certificate.pem
 
 # Create a certificate request for the server certificate.  Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey  -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999
+keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -keyalg EC -genkey  -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999
 keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request.pem
 keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request.pem -outfile server-certificate.pem
 openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-private-key.pem
 
 # Create a certificate request for a server certificate using localhost.  Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey  -dname "CN=localhost" -validity 99999
+keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -keyalg EC -genkey  -dname "CN=localhost" -validity 99999
 keytool -storetype pkcs12 -keystore server-lh.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request-lh.pem
 keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request-lh.pem -outfile server-certificate-lh.pem
 openssl pkcs12 -nocerts -passin pass:server-password -in server-lh.pkcs12 -passout pass:server-password -out server-private-key-lh.pem
 
 # Create a certificate request for the client certificate.  Use the CA's certificate to sign it:
-keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -genkey  -dname "O=Client,CN=127.0.0.1" -validity 99999
+keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -keyalg EC -genkey  -dname "O=Client,CN=127.0.0.1" -validity 99999
 keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -certreq -file client-request.pem
 keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request.pem -outfile client-certificate.pem
 openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -passout pass:client-password -out client-private-key.pem
 openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -nodes -out client-private-key-no-password.pem
 
 # Create another client certificate with a different subject line
-keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -genkey  -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999
+keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -keyalg EC -genkey  -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999
 keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -certreq -file client-request1.pem
 keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request1.pem -outfile client-certificate1.pem
 openssl pkcs12 -nocerts -passin pass:client-password -in client1.pkcs12 -passout pass:client-password -out client-private-key1.pem
 
 # Create a "bad" certificate - not signed by a trusted authority
-keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999
+keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -keyalg EC -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999
 openssl pkcs12 -nocerts -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-private-key.pem
 openssl pkcs12 -nokeys  -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-certificate.pem
 
 # Create a server certificate with several alternate names, including a wildcarded common name:
-keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999
+keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -keyalg EC -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999
 keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -certreq -file server-wc-request.pem
 keytool -ext san=dns:alternate.name.one.com,dns:another.name.com  -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem
 openssl pkcs12 -nocerts -passin pass:server-password -in server-wc.pkcs12 -passout pass:server-password -out server-wc-private-key.pem
diff --git a/python/tests/proton_tests/ssl_db/server-certificate-lh.pem b/python/tests/proton_tests/ssl_db/server-certificate-lh.pem
index 6c9c7ff..362f734 100644
--- a/python/tests/proton_tests/ssl_db/server-certificate-lh.pem
+++ b/python/tests/proton_tests/ssl_db/server-certificate-lh.pem
@@ -1,26 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIEUzCCBA+gAwIBAgIEHgDMyTANBglghkgBZQMEAwIFADAxMRcwFQYDVQQDEw5U
-cnVzdGVkLkNBLmNvbTEWMBQGA1UEChMNVHJ1c3QgTWUgSW5jLjAgFw0xODA5MjUy
-MDM4MzFaGA8yMjkyMDcwOTIwMzgzMVowFDESMBAGA1UEAxMJbG9jYWxob3N0MIID
-QjCCAjUGByqGSM44BAEwggIoAoIBAQCPeTXZuarpv6vtiHrPSVG28y7FnjuvNxjo
-6sSWHz79NgbnQ1GpxBgzObgJ58KuHFObp0dbhdARrbi0eYd1SYRpXKwOjxSzNggo
-oi/6JxEKPWKpk0U0CaD+aWxGWPhL3SCBnDcJoBBXsZWtzQAjPbpUhLYpH51kjviD
-RIZ3l5zsBLQ0pqwudemYXeI9sCkvwRGMn/qdgYHnM423krcw17njSVkvaAmYchU5
-Feo9a4tGU8YzRY+AOzKkwuDycpAlbk4/ijsIOKHEUOThjBopo33fXqFD3ktm/wSQ
-PtXPFiPhWNSHxgjpfyEc2B3KI8tuOAdl+CLjQr5ITAV2OTlgHNZnAh0AuvaWpoV4
-99/e5/pnyXfHhe8ysjO65YDAvNVpXQKCAQAWplxYIEhQcE51AqOXVwQNNNo6NHjB
-VNTkpcAtJC7gT5bmHkvQkEq9rI837rHgnzGC0jyQQ8tkL4gAQWDt+coJsyB2p5wy
-pifyRz6Rh5uixOdEvSCBVEy1W4AsNo0fqD7UielOD6BojjJCilx4xHjGjQUntxya
-OrsLC+EsRGiWOefTznTbEBplqiuH9kxoJts+xy9LVZmDS7TtsC98kOmkltOlXVNb
-6/xF1PYZ9j897buHOSXC8iTgdzEpbaiH7B5HSPh++1/et1SEMWsiMt7lU92vAhEr
-DR8C2jCXMiT+J67ai51LKSLZuovjntnhA6Y8UoELxoi34u1DFuHvF9veA4IBBQAC
-ggEAdVroB0ANoeIKYkkbTwxY8B1eIHDUX1Xa1tFCzfTBIzeP4K+5a2Km5UqkIDje
-a9p3MtJgSZMAW9iJ1EDLBFH+75JirTtiYmt78vx9gIhSZkE2l/oKoVKrG3W1AJpX
-b95RnfivKIETioLGSJWNuGk2X2T1u1w0xePMGRi+dmcsCa/2ci3bMNnkkHzqNtv9
-zqWJPtjcJaGjRn0ttzXdulpdRgNndSddjBhBbFGJc8wQzqnL0aHby8tgXYcAlKiG
-tgcwZGTTrpg27bHyt6sMuANJZmd8hdgQ1MrFzw07EOoLa+I+7VNAsyF32gzTH1vy
-wGXmCLHGOZLOGI3rBHVE55+2IaNCMEAwHwYDVR0jBBgwFoAUsjZ7PCKVgcZLkxE8
-xaWJ8cf5jmowHQYDVR0OBBYEFO4pNMdb7FfaJo8k5NZGlEGO0PnDMA0GCWCGSAFl
-AwQDAgUAAy8AMCwCFB9MMOywXxzgX/OYImNrAJvR2sWLAhRMlioucHg/hFw456Y/
-fgaL4qbZfA==
+MIIBgDCCASOgAwIBAgIEZFrS+zAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1MFoYDzIyOTIxMjI2MDQ0NTUwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAARs4JYixuZKWrhNEUQX7JmrkbgHsNTSXSpw
+ucydDB364DcDastzs/67lNfcxygPIfApqocj3BPkIBtc+1hza7aso0IwQDAfBgNV
+HSMEGDAWgBSlzcWwofcIWyGFD/80a/bZWckKVTAdBgNVHQ4EFgQUfjC6oteX4u/7
+QxVHHqbWJVjK6r0wDAYIKoZIzj0EAwIFAANJADBGAiEAiIOCktPgM9pKL0aob/5j
+xNX224xo9ZNvhzSbThhHADACIQCkulC7slU+O5NjXoGraWIkLEdYL1nHKS9dix35
+D+u0ng==
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/server-certificate.p12 b/python/tests/proton_tests/ssl_db/server-certificate.p12
index cacfa89..821e40b 100644
Binary files a/python/tests/proton_tests/ssl_db/server-certificate.p12 and b/python/tests/proton_tests/ssl_db/server-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/server-certificate.pem b/python/tests/proton_tests/ssl_db/server-certificate.pem
index 462f3a5..fe66215 100644
--- a/python/tests/proton_tests/ssl_db/server-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/server-certificate.pem
@@ -1,18 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIC5jCCAqSgAwIBAgIEX8z6MDALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM3WhgPMjI5MTA1MTcyMTUzMzdaMDUxIjAgBgNVBAMTGUExLkdvb2QuU2VydmVy
-LmRvbWFpbi5jb20xDzANBgNVBAoTBlNlcnZlcjCCAbgwggEsBgcqhkjOOAQBMIIB
-HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6
-v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58ao
-phUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM
-spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4Jn
-UVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1
-kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq
-A4GFAAKBgQCERpy6RrkNHpgXT/uL9gN/IgwY7kp3Iwzr1lrqo+HqmydE+Cz9uqPH
-VyxjX7nHVrdwl7xgsoki3QyoKcrZfTL1oS79kodWG7t6CyOtj2L3KGMUdIlqWepZ
-wzCKTWrb07VjpqhMh0Qh8+IqEmvfC/4UVOec9alX0NO/ckDbIBhITqNCMEAwHwYD
-VR0jBBgwFoAUsjZ7PCKVgcZLkxE8xaWJ8cf5jmowHQYDVR0OBBYEFBhEDdcBRqn5
-wFEbAad559yrQPE7MAsGByqGSM44BAMFAAMvADAsAhRuMRxWMKxy3USjfSFn47H4
-Z5VIHgIUB2i6+RQi7dHOEQYKKmxdQvAPA9M=
+MIIBnzCCAUSgAwIBAgIEBv2/XzAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU0OVoYDzIyOTIxMjI2MDQ0NTQ5WjA1MSIwIAYDVQQDExlBMS5Hb29kLlNlcnZl
+ci5kb21haW4uY29tMQ8wDQYDVQQKEwZTZXJ2ZXIwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAASdmRnKMipY+B3VYHlddupOrzLtFN5vzn68cdoKWvrBgAmuFh8buYlN
+VLJkbsahTiklmMOjxv05DJJIX1gHdZFQo0IwQDAfBgNVHSMEGDAWgBSlzcWwofcI
+WyGFD/80a/bZWckKVTAdBgNVHQ4EFgQU5QX4K0PyMOOP1NCsNk9gN92eIpswDAYI
+KoZIzj0EAwIFAANHADBEAiAurMJBspkc6iRaeWz58AAaM32Hueml/6vm48VRlcJd
+EgIgLjThjB/bA/keP25no5IuXmtng++LdXRwT6n260Eb4n4=
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/server-lh.pkcs12 b/python/tests/proton_tests/ssl_db/server-lh.pkcs12
index 6d4c34f..930ea95 100644
Binary files a/python/tests/proton_tests/ssl_db/server-lh.pkcs12 and b/python/tests/proton_tests/ssl_db/server-lh.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/server-private-key-lh.pem b/python/tests/proton_tests/ssl_db/server-private-key-lh.pem
index 44279a6..ecb76af 100644
--- a/python/tests/proton_tests/ssl_db/server-private-key-lh.pem
+++ b/python/tests/proton_tests/ssl_db/server-private-key-lh.pem
@@ -1,21 +1,10 @@
 Bag Attributes
     friendlyName: server-certificate
-    localKeyID: 54 69 6D 65 20 31 35 33 37 39 30 37 39 31 30 32 39 39 
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 34 39 36 39 30 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInDWm8BaYfdQCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM0p5kC5QUKFBIICaJUTK4ZRiUBt
-g0YgRnrH1HE5f1h0tOHvnCND0wJmOmcwStqVtjIqVa5bkU4ZEEOOwWwO8n682Idd
-xc7c3Tfu86nGOFSNH3PpM5Urp8eb5yg3c+rrxdjbRfWKmFtup5CnmyIUHRwvpwKo
-4iBSyMTLuwB149OA10i7soB2xPH+5ZoutKIEG7HmSKBxAIYnt7awty3uQide+CKw
-PPcm+P4fGeNAKoZ0QLQFuTF8ZDOzWFv6+LJuIIlHNiRwCKGLVglFpysd22PFJ7GX
-nVjJ1wfdXyqixoFGSCa25e2VIwVL3OnMyzAsNKMzAoDc0kzs1wbnAAeGSO8mJsMp
-ea4KHu08YFuhI99FAOHvOh1UGDBdtQ5VLBoLD+K26FCIIb45IYxbpBNXvy8N+tdW
-1YrqlpjGrV0mr7mG7QTSlewowJF9KKj+YKDYjENJTjDf64S3xacNmRUbBrewGD4B
-6YJyyREhj8o/kl5IuLQtLoDx6t6zr80y45LG1zarzEn3ncwAMnOApQiYLO4R/K8Y
-T3jgQmZ2vqArr2dWyYN+fqoouEHr6MRbKiOhruimFC3+zVtKfNI0flHPxX4T74Xr
-gETirpfZandMcqsZb6DDvXmY230IUR17NiruyLX2269LfmyT4Q5nlbURgqBYQ7zI
-niM1EbTSzXVspE3x/HijJuR2nPX3k8VOmY/l87bHi9hOVen3SPt5lOYHnIhQ26jx
-c+/0c7vOONxnYnl9ucB9Kgk5ku+wqPbR/olsiB36Rsf7VjZtQlwibaY2Dtb/zt7C
-VvW+geNsIkbM/qlBh5isl8diuwx75e+tyLsnXRcQ8z8=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAg+gAOWJWbkqAICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIync649PXgawESPAAwfJDNqASiPcS
+sMi6VmT+9m0tqrq+MS6KEhrlMcPyfF7SeoiMg/BUZ+tream5UV4/W9P0ylqE3QBs
+LmXJ5bfPOif2OK6jXQ==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/server-private-key.pem b/python/tests/proton_tests/ssl_db/server-private-key.pem
index 3ae25f8..f3eb80c 100644
--- a/python/tests/proton_tests/ssl_db/server-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/server-private-key.pem
@@ -1,15 +1,10 @@
 Bag Attributes
     friendlyName: server-certificate
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 36 36 35 36
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 34 38 37 30 37 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6jwDH/9bZYMCAggA
-MBQGCCqGSIb3DQMHBAgbIQ8UrRfmAgSCAVDejPh9sT2PMvDjjzXG6xpSmBPNZRiz
-f2k2a9EaI8L4xadveiZTzOpk2C/nltMCNY2Vwf/LMtbvcLiadBRWM/4Uf5fvL/94
-zlKE77wPSWK1R+btZm0KIaA+EPAvnIGcjHlcSU58eQexwVlMXJ9pdeHm9KWbV1D+
-PjrlJ+SDq7OSGprTCz9r+gQ7Fy2Oe9OKc92tE29QD2AZXtSodvY9CosXCx4cqXr3
-ey+HXmVXJohsL89NycL80TvkxppqZ1hT3DZMkrFg2jFPz505rzE48y62FMoKNCjQ
-6HXvsniWYXf7ipr+A4/diSSMBr/zmA+H+ZHKlNO8FJqZ8eI1eqRO+PjO1VV9bbG0
-lYoeoFu0Y1xw6V2jLYnFF1mTCC6kegl6kruvnwO7Oy+6kPEvDrejuI6uozW2etej
-cBq1lUK5QNKSoaB7Qw+2qlyFg/KFwXXDBqk=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAiQSBndpcIYvwICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIYeRON3+pm0UESAqbxM4OytHjivFH
+dyedXWqkwZT0nDmfnAhBfiI0YsjYhU6QsMASQZ+N09gnG3zYjvbjTkiIGeNZXojO
+v4Iw3Fm6liQFu26G1w==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/server-request-lh.pem b/python/tests/proton_tests/ssl_db/server-request-lh.pem
index 14072f8..b902c4d 100644
--- a/python/tests/proton_tests/ssl_db/server-request-lh.pem
+++ b/python/tests/proton_tests/ssl_db/server-request-lh.pem
@@ -1,23 +1,8 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIID5zCCA5ECAQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MIIDQjCCAjUGByqGSM44
-BAEwggIoAoIBAQCPeTXZuarpv6vtiHrPSVG28y7FnjuvNxjo6sSWHz79NgbnQ1Gp
-xBgzObgJ58KuHFObp0dbhdARrbi0eYd1SYRpXKwOjxSzNggooi/6JxEKPWKpk0U0
-CaD+aWxGWPhL3SCBnDcJoBBXsZWtzQAjPbpUhLYpH51kjviDRIZ3l5zsBLQ0pqwu
-demYXeI9sCkvwRGMn/qdgYHnM423krcw17njSVkvaAmYchU5Feo9a4tGU8YzRY+A
-OzKkwuDycpAlbk4/ijsIOKHEUOThjBopo33fXqFD3ktm/wSQPtXPFiPhWNSHxgjp
-fyEc2B3KI8tuOAdl+CLjQr5ITAV2OTlgHNZnAh0AuvaWpoV499/e5/pnyXfHhe8y
-sjO65YDAvNVpXQKCAQAWplxYIEhQcE51AqOXVwQNNNo6NHjBVNTkpcAtJC7gT5bm
-HkvQkEq9rI837rHgnzGC0jyQQ8tkL4gAQWDt+coJsyB2p5wypifyRz6Rh5uixOdE
-vSCBVEy1W4AsNo0fqD7UielOD6BojjJCilx4xHjGjQUntxyaOrsLC+EsRGiWOefT
-znTbEBplqiuH9kxoJts+xy9LVZmDS7TtsC98kOmkltOlXVNb6/xF1PYZ9j897buH
-OSXC8iTgdzEpbaiH7B5HSPh++1/et1SEMWsiMt7lU92vAhErDR8C2jCXMiT+J67a
-i51LKSLZuovjntnhA6Y8UoELxoi34u1DFuHvF9veA4IBBQACggEAdVroB0ANoeIK
-YkkbTwxY8B1eIHDUX1Xa1tFCzfTBIzeP4K+5a2Km5UqkIDjea9p3MtJgSZMAW9iJ
-1EDLBFH+75JirTtiYmt78vx9gIhSZkE2l/oKoVKrG3W1AJpXb95RnfivKIETioLG
-SJWNuGk2X2T1u1w0xePMGRi+dmcsCa/2ci3bMNnkkHzqNtv9zqWJPtjcJaGjRn0t
-tzXdulpdRgNndSddjBhBbFGJc8wQzqnL0aHby8tgXYcAlKiGtgcwZGTTrpg27bHy
-t6sMuANJZmd8hdgQ1MrFzw07EOoLa+I+7VNAsyF32gzTH1vywGXmCLHGOZLOGI3r
-BHVE55+2IaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFO4pNMdb7FfaJo8k
-5NZGlEGO0PnDMA0GCWCGSAFlAwQDAgUAA0EAMD4CHQCdi9BZ+4bJSteebZbHHIdV
-rsazxRXT3Jdq+JCZAh0AmqErYresnNvzucEWlQ2WcSHUvMc66e2DfIWplg==
+MIIBADCBpgIBADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAARs4JYixuZKWrhNEUQX7JmrkbgHsNTSXSpwucydDB364DcDastz
+s/67lNfcxygPIfApqocj3BPkIBtc+1hza7asoDAwLgYJKoZIhvcNAQkOMSEwHzAd
+BgNVHQ4EFgQUfjC6oteX4u/7QxVHHqbWJVjK6r0wDAYIKoZIzj0EAwIFAANHADBE
+AiBXR+XS4/Y/Yc3x3lcRW+hXMQsCE9V6WtoB/sAbgZk1uwIgGRge5kpyYK3R/SFm
+zYXcQpPH4mOXfHT6gdAKIpfIAiY=
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/server-request.pem b/python/tests/proton_tests/ssl_db/server-request.pem
index bd53fab..6fc9724 100644
--- a/python/tests/proton_tests/ssl_db/server-request.pem
+++ b/python/tests/proton_tests/ssl_db/server-request.pem
@@ -1,15 +1,9 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIICazCCAigCAQAwNTEiMCAGA1UEAxMZQTEuR29vZC5TZXJ2ZXIuZG9tYWluLmNv
-bTEPMA0GA1UEChMGU2VydmVyMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4Ed
-dRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs
-14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
-wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BY
-HPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx
-BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx
-+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAIRG
-nLpGuQ0emBdP+4v2A38iDBjuSncjDOvWWuqj4eqbJ0T4LP26o8dXLGNfucdWt3CX
-vGCyiSLdDKgpytl9MvWhLv2Sh1Ybu3oLI62PYvcoYxR0iWpZ6lnDMIpNatvTtWOm
-qEyHRCHz4ioSa98L/hRU55z1qVfQ079yQNsgGEhOoDAwLgYJKoZIhvcNAQkOMSEw
-HzAdBgNVHQ4EFgQUGEQN1wFGqfnAURsBp3nn3KtA8TswCwYHKoZIzjgEAwUAAzAA
-MC0CFFIXSYKFVq90wR3lH+KCwvL+j0A4AhUAlxeczUtqTQFeGXFsDwIGO+5/uA4=
+MIIBITCBxwIBADA1MSIwIAYDVQQDExlBMS5Hb29kLlNlcnZlci5kb21haW4uY29t
+MQ8wDQYDVQQKEwZTZXJ2ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdmRnK
+MipY+B3VYHlddupOrzLtFN5vzn68cdoKWvrBgAmuFh8buYlNVLJkbsahTiklmMOj
+xv05DJJIX1gHdZFQoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQU5QX4K0Py
+MOOP1NCsNk9gN92eIpswDAYIKoZIzj0EAwIFAANHADBEAiBDXcll5KnA2W0r3TcW
+bA8MlhKj3we0brZleMr6gS+4bAIgVTpVAMdkOBcsXlBQjXIv2PwvnKqjO0w0YFgo
+b+yWheM=
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 b/python/tests/proton_tests/ssl_db/server-wc-certificate.p12
index 3f8a53d..b4d3287 100644
Binary files a/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 and b/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 differ
diff --git a/python/tests/proton_tests/ssl_db/server-wc-certificate.pem b/python/tests/proton_tests/ssl_db/server-wc-certificate.pem
index 4d32b40..b03f992 100644
--- a/python/tests/proton_tests/ssl_db/server-wc-certificate.pem
+++ b/python/tests/proton_tests/ssl_db/server-wc-certificate.pem
@@ -1,19 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIDFTCCAtOgAwIBAgIEVTK/cTALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
-c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1
-MzM4WhgPMjI5MTA1MTcyMTUzMzhaMDAxHTAbBgNVBAMMFCoucHJlZml4Ki5kb21h
-aW4uY29tMQ8wDQYDVQQKEwZTZXJ2ZXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA
-/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow
-9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7
-g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi
-64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466
-1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L
-+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
-gYATsU4dSb5vvYkuhnLJPYpiHOEOagLSwwggm8CD4JqA8CC/lzIJBI3LkR7Ve1Mw
-xYiDbQQPaxGsdCxaDuE+rOHmJcCNxum4gIYxeOOGHLa9eezTXLu2s0kBgsWx3I0U
-98lI4E+gRHiU27NXlNiEKvVq3GhzWvKdUqClbtLZ+67gzqN3MHUwHwYDVR0jBBgw
-FoAUsjZ7PCKVgcZLkxE8xaWJ8cf5jmowMwYDVR0RBCwwKoIWYWx0ZXJuYXRlLm5h
-bWUub25lLmNvbYIQYW5vdGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUas7dEjv/R3ig
-GcCdPRLL5P3HPU8wCwYHKoZIzjgEAwUAAy8AMCwCFFuvuEosI+5a+lSmpEahvhyE
-31WUAhR6+NkSdChlT0v6HmjyhBL1hLZYNA==
+MIIB0TCCAXSgAwIBAgIEL5KM1zAMBggqhkjOPQQDAgUAMDExFzAVBgNVBAMTDlRy
+dXN0ZWQuQ0EuY29tMRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMCAXDTE5MDMxNDA0
+NDU1M1oYDzIyOTIxMjI2MDQ0NTUzWjAwMR0wGwYDVQQDDBQqLnByZWZpeCouZG9t
+YWluLmNvbTEPMA0GA1UEChMGU2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEH6HU/fmheSsvQmcypcVi5ya6htApdLxyVTnQ5NjuCoXnsr6mm9cPEH19A43+
+JBVWsdHg9sibx1JInh/JU9BYK6N3MHUwHwYDVR0jBBgwFoAUpc3FsKH3CFshhQ//
+NGv22VnJClUwMwYDVR0RBCwwKoIWYWx0ZXJuYXRlLm5hbWUub25lLmNvbYIQYW5v
+dGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUqgEQSNq/wnTz2TXH8tdDCLwnvWUwDAYI
+KoZIzj0EAwIFAANJADBGAiEA2AU1P7pwfO70WFHlEyFTEQ5I5FyctS2vYiJN2rH+
+opYCIQD4niWqR+WA+2bkxDmoRST5A3qGCsAuADU5Br11UU9MHQ==
 -----END CERTIFICATE-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc-private-key.pem b/python/tests/proton_tests/ssl_db/server-wc-private-key.pem
index 7bae296..c9e0005 100644
--- a/python/tests/proton_tests/ssl_db/server-wc-private-key.pem
+++ b/python/tests/proton_tests/ssl_db/server-wc-private-key.pem
@@ -1,15 +1,10 @@
 Bag Attributes
     friendlyName: server-wc-certificate
-    localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 34 39 33
+    localKeyID: 54 69 6D 65 20 31 35 35 32 35 33 38 37 35 33 31 32 30 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFt9KwMYb/OQCAggA
-MBQGCCqGSIb3DQMHBAjQ+Hr462sAigSCAVAmqByfn+Ujb9TfpEI0d6mlW7Nyko00
-chzSFz61RVA/twfbLImhYvEo7P+UglcqGc1H3DaysDuMjbiNqgP25lDHO6ndhN7r
-XaeNshI8U3RQfUrhTwcA2pGpHQ6t+TGNKifRuJMbcHxWDNr+Tdod8uUADZt8Ywb+
-WQOqIrByNJryx5i2yZT7FphYrz6N0L5cNKVIirNv9/FOlKiyuzzg5c4NmABkpajE
-ZyT2H1p/qFipz8XeQ7BvFVDWSGn6Jb8vRvcc/swoCNSs8Wukr7tbryie2IbgktES
-gw7mVOw/Wdw6u26Q8Dz1c+eyy1WPuCiubFKUK12Ul0X9KKYCufVvQPoQBsMGikRM
-JcvrMd1cZ60pANJhnrogE6VEYE3NQrPC6SNao0NB+g4CW3tOH6m80H5+yHrMdvjo
-MQNXdlwdNWrCEH6hXJxzuE1qM5Ajc82bfwo=
+MIGaME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAio8aayQeHaFAICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIiuo/t9M71U0ESFOz+aKK6gyX/QY9
+2aypHy3FSj/7jJxqmCRf6B0yStOsfJElYkuqRWaElLboXuY6QCNDEldnl9RA1GmT
+2i25//LzKqGngQYIAg==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc-request.pem b/python/tests/proton_tests/ssl_db/server-wc-request.pem
index f6f13bd..8eae46c 100644
--- a/python/tests/proton_tests/ssl_db/server-wc-request.pem
+++ b/python/tests/proton_tests/ssl_db/server-wc-request.pem
@@ -1,16 +1,10 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIICmTCCAlcCAQAwMDEdMBsGA1UEAwwUKi5wcmVmaXgqLmRvbWFpbi5jb20xDzAN
-BgNVBAoTBlNlcnZlcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLf
-Spwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4Ad
-NG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT
-WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGB
-APfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0
-SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEk
-O8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgBOxTh1Jvm+9
-iS6Gcsk9imIc4Q5qAtLDCCCbwIPgmoDwIL+XMgkEjcuRHtV7UzDFiINtBA9rEax0
-LFoO4T6s4eYlwI3G6biAhjF444Yctr157NNcu7azSQGCxbHcjRT3yUjgT6BEeJTb
-s1eU2IQq9WrcaHNa8p1SoKVu0tn7ruDOoGUwYwYJKoZIhvcNAQkOMVYwVDAzBgNV
-HREELDAqghZhbHRlcm5hdGUubmFtZS5vbmUuY29tghBhbm90aGVyLm5hbWUuY29t
-MB0GA1UdDgQWBBRqzt0SO/9HeKAZwJ09Esvk/cc9TzALBgcqhkjOOAQDBQADLwAw
-LAIUNn3ravBNvEsgZRjQd4EPPvQ1k9wCFEuakAyAzmt2ZfIKX3ZmTIgNKsvy
+MIIBUjCB9wIBADAwMR0wGwYDVQQDDBQqLnByZWZpeCouZG9tYWluLmNvbTEPMA0G
+A1UEChMGU2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEH6HU/fmheSsv
+QmcypcVi5ya6htApdLxyVTnQ5NjuCoXnsr6mm9cPEH19A43+JBVWsdHg9sibx1JI
+nh/JU9BYK6BlMGMGCSqGSIb3DQEJDjFWMFQwMwYDVR0RBCwwKoIWYWx0ZXJuYXRl
+Lm5hbWUub25lLmNvbYIQYW5vdGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUqgEQSNq/
+wnTz2TXH8tdDCLwnvWUwDAYIKoZIzj0EAwIFAANIADBFAiEA0tvlq2F+YlaR8zVS
+BpgsSLl1MyoX4ap0hlNw4Ejxm+oCIGIvWIZ2Xh7j8NDBvOJV4q6fubs5+1X3vy34
+6JZIA47d
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/python/tests/proton_tests/ssl_db/server-wc.pkcs12 b/python/tests/proton_tests/ssl_db/server-wc.pkcs12
index 0ceccbc..b9936ef 100644
Binary files a/python/tests/proton_tests/ssl_db/server-wc.pkcs12 and b/python/tests/proton_tests/ssl_db/server-wc.pkcs12 differ
diff --git a/python/tests/proton_tests/ssl_db/server.pkcs12 b/python/tests/proton_tests/ssl_db/server.pkcs12
index f3c19e2..14bcf27 100644
Binary files a/python/tests/proton_tests/ssl_db/server.pkcs12 and b/python/tests/proton_tests/ssl_db/server.pkcs12 differ


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message