Add new test certs

.gitignore

@@ -4,3 +4,4 @@ build
 include
 lib
 sqlite
+examples/ca/CA.pl

examples/ca/CA.pl.diff

@@ -0,0 +1,22 @@
+--- CA.pl	2019-10-12 19:56:43.000000000 +0000
++++ CA.pl	2020-03-05 07:58:41.112690266 +0000
+@@ -25,8 +25,8 @@
+ my $verbose = 1;
+ 
+ my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
+-my $DAYS = "-days 365";
+-my $CADAYS = "-days 1095";	# 3 years
++my $DAYS = "-days 36500";
++my $CADAYS = "-days 365000";	# 1000 years
+ my $REQ = "$openssl req $OPENSSL_CONFIG";
+ my $CA = "$openssl ca $OPENSSL_CONFIG";
+ my $VERIFY = "$openssl verify";
+@@ -34,7 +34,7 @@
+ my $PKCS12 = "$openssl pkcs12";
+ 
+ # default openssl.cnf file has setup as per the following
+-my $CATOP = "./demoCA";
++my $CATOP = "./CA";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";

examples/ca/CA/cacert.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Validity
+            Not Before: Mar  5 09:05:10 2020 GMT
+            Not After : Jul  7 09:05:10 3019 GMT
+        Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b:
+                    11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7:
+                    a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3:
+                    ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f:
+                    51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0:
+                    e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d:
+                    36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78:
+                    a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed:
+                    68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16:
+                    60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1:
+                    c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f:
+                    24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2:
+                    3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9:
+                    e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe:
+                    44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7:
+                    e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05:
+                    b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33:
+                    56:8d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+            X509v3 Authority Key Identifier: 
+                keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11:
+         b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50:
+         39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba:
+         4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee:
+         a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48:
+         00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e:
+         e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da:
+         ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4:
+         22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41:
+         97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93:
+         4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc:
+         2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29:
+         37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73:
+         98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5:
+         66:75:e8:70
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
+VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg
+Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx
+EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex
+GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a
+7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ
+6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx
+3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y
+P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b
+37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE
+FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ
+nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG
+HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV
+uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m
+v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5
+eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM
+3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ
+InkfP2hv9WZ16HA=
+-----END CERTIFICATE-----

examples/ca/CA/careq.pem

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxETAP
+BgNVBAcMCERlYnJlY2VuMQ8wDQYDVQQKDAZjb1RVUk4xCzAJBgNVBAMMAkNBMRsw
+GQYJKoZIhvcNAQkBFgxtaXNpQG1hamQuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDYdipZRHPaJTiTVNjFKxG9MIAhX0eVfetePpgNp6gwjAdtGu6J
+wUzMZIGQs6tUH5tyI8UvCjJSvietL1HuYp7tRNC6qnJnA6LuoONdnjfs7gspWejY
+1YShbTZdhWsNc6Ay/rb6me+MeKkC9Dq9E7wam3JVC+cM7WgAwud4St/OFCqZ8d6X
+FmBE8fz4dOUzMcz5/12ewcfGIXVICCb1fPFW7BXFfyQPCAN04NoQvz2QZwkesj+0
+9BXfU+ho6NEoji03+eA6oykAPQpmfHGrVOXa/kQYPLS+xc5JJozMq4iPt+OtW9+y
+1KP4qQZPOG63BbM6vWPN9yYV4Jj9MH7TM1aNAgMBAAGgADANBgkqhkiG9w0BAQsF
+AAOCAQEAmvXWsoJQneJFFHb+qTNjkA3sHduyB+kQ5qUVlFoT6U6IKyWnVUqAKc9a
+eFKw94yq/01cqOBd4MWKTg9k/wjjmkJA9WtXMrVq8HW1rKVRCCJxtzUKTR3pet/z
+gs3YwbTlqpljtpn3qEzspMaeyvh391A4IVykDZHGR12+4LqZhoUyGl1QJ7KgQwGM
++Vi2TL3fY8PDxvGFmGvWnUIWYkB31vAuDz1xOqm2JlP0kTHMUPiVBlwJVuHdATy2
+sWZEzsNnXBt2vAVwhTdFEajF4ut8guPQWW8XcTiaEOGJUIY8J4Yb2wqHk+4HsIFV
+i2vua41jc90Ki3EA0+QDB7BJAvC4yw==
+-----END CERTIFICATE REQUEST-----

examples/ca/CA/crlnumber

@@ -0,0 +1 @@
+01

examples/ca/CA/index.txt

@@ -0,0 +1,3 @@
+V	30190707090510Z		4C9BEC95D121491D5D65A71A614667DD42186546	unknown	/C=HU/ST=Hungary/O=coTURN/CN=CA/[email protected]
+V	300303090521Z		4C9BEC95D121491D5D65A71A614667DD42186547	unknown	/C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/[email protected]
+V	300303090542Z		4C9BEC95D121491D5D65A71A614667DD42186548	unknown	/C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Client/[email protected]

examples/ca/CA/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

examples/ca/CA/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = yes

examples/ca/CA/index.txt.old

@@ -0,0 +1,2 @@
+V	30190707090510Z		4C9BEC95D121491D5D65A71A614667DD42186546	unknown	/C=HU/ST=Hungary/O=coTURN/CN=CA/[email protected]
+V	300303090521Z		4C9BEC95D121491D5D65A71A614667DD42186547	unknown	/C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/[email protected]

examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186546.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Validity
+            Not Before: Mar  5 09:05:10 2020 GMT
+            Not After : Jul  7 09:05:10 3019 GMT
+        Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b:
+                    11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7:
+                    a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3:
+                    ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f:
+                    51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0:
+                    e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d:
+                    36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78:
+                    a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed:
+                    68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16:
+                    60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1:
+                    c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f:
+                    24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2:
+                    3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9:
+                    e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe:
+                    44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7:
+                    e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05:
+                    b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33:
+                    56:8d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+            X509v3 Authority Key Identifier: 
+                keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11:
+         b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50:
+         39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba:
+         4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee:
+         a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48:
+         00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e:
+         e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da:
+         ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4:
+         22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41:
+         97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93:
+         4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc:
+         2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29:
+         37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73:
+         98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5:
+         66:75:e8:70
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
+VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg
+Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx
+EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex
+GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a
+7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ
+6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx
+3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y
+P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b
+37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE
+FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ
+nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG
+HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV
+uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m
+v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5
+eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM
+3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ
+InkfP2hv9WZ16HA=
+-----END CERTIFICATE-----

examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186547.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Validity
+            Not Before: Mar  5 09:05:21 2020 GMT
+            Not After : Mar  3 09:05:21 2030 GMT
+        Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac:
+                    cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04:
+                    57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00:
+                    b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d:
+                    f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e:
+                    5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d:
+                    40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8:
+                    02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51:
+                    2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f:
+                    bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b:
+                    2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39:
+                    ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5:
+                    02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df:
+                    09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81:
+                    f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1:
+                    70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6:
+                    26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3:
+                    7b:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F
+            X509v3 Authority Key Identifier: 
+                keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f:
+         21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a:
+         1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b:
+         99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2:
+         83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68:
+         b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7:
+         2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22:
+         a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64:
+         36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3:
+         84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1:
+         ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6:
+         93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07:
+         91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c:
+         9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2:
+         06:0e:88:d7
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
+VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
+Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw
+DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
+VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s
+z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s
+yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5
+TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO
+YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI
+deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j
+e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud
+IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht
+EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA
+DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt
+p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER
+ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW
+GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc=
+-----END CERTIFICATE-----

examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186548.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Validity
+            Not Before: Mar  5 09:05:42 2020 GMT
+            Not After : Mar  3 09:05:42 2030 GMT
+        Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e:
+                    bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01:
+                    2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c:
+                    92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76:
+                    58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0:
+                    b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35:
+                    92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b:
+                    36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5:
+                    de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c:
+                    74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c:
+                    e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa:
+                    f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf:
+                    35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c:
+                    c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61:
+                    a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac:
+                    fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39:
+                    74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f:
+                    7c:e5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C
+            X509v3 Authority Key Identifier: 
+                keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a:
+         a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc:
+         64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b:
+         8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea:
+         2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6:
+         8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8:
+         ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b:
+         bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82:
+         dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5:
+         51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46:
+         ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25:
+         0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab:
+         f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0:
+         4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10:
+         2a:7e:cc:b6
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
+VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
+Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw
+DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
+VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+
+v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1
+OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz
+j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc
+jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV
+OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP
+fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud
+IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb
+KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x
+1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb
++eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH
+Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P
+RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY=
+-----END CERTIFICATE-----

examples/ca/CA/private/cakey.pem

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeK2OY7PJbzYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKP+q72oc4q7BIIEyHkaZfqjSX9W
+HIHqbQtHOMlAtqSxmAyV6C3pXLwNuEpo4cYwyPUdJwMNxm8OjsxuH708daZu5QWl
+7EVNV4WY9ff4/4geJAp9ZrqJN5TsgFIUyss5NzHjTMPUz/yunr0Hk5OOVLusTCqF
+Ys0Qdo2Gy33NZCK53U22pa0S/szppN4DIDujSOuUAiyxJdz12cCUyw/OlAXvDLJb
+I9oObKWpbYBtJSLk5aWblZDUTVmFWngkTIc76wchBXu7WntLjXdMG2lv4Gy/ozUb
+vsYvEADNRJFOpYyfWvmEFNKvEcVxfzshnms9TdzhDCmYhmYR+NfamYq5Om+81Pv3
+h+z1Zd7x3uYs8NM+DbRKhwHS6jkQCxelWdQbeSJj/Fz9VpWSrJlkmhXI+7qkBCsv
+DVoz017Y2zK/iM5JRPTH65tnNMeH61Zj4EOHBEzMBE6EvugJcSqPXfBKtVMwVAzV
+Mva8gtOlMN0Ce9dmG+HZKDek6S++5AbkxuOwRb+YOVXjUrNXXf0YqglM9Nb/RCr4
+Z+gkuTCwARJZqjebZnUw1mSZp2R89X774wNDHAlw96tSW2OZlfPmbvXBnwT7QwPm
+YBZT6CrLL7LEIs0G5zFh1L/PCQi7EyNaE9Ixw52nqc5Ej2M6Rj6XcdCRdw5IKmh/
+BbTzD0LxfNh+XKpAIzkuNfGkwUVtfldmfpW3xRKzI1o+rbgDGMA/eEFYWmyE9326
+/vsv7daE4zWAG4O5OdGKMKBABCqM92X2YU7bZoNQS25dy7uZsQ8zvkcI1Q1GKMW0
+Lg2oDTSTSrPRVgLAcb0o06Frvler5F277OBfBm1+6+7aL3hct4TZjb+0pp5SuxrS
+7PpRXMFYzbQ+Z7YrRv6uwrrxVl99Ok/jBGLYT+CllZ+PNvRbcgsy0xUIz6KTbQQZ
+H4qqkObdKFHQLqfP9+YUwjE2akR/prOR2Dfoq648L/eEF4qpGCADaXFoHODWfiqz
+VQHvLP4FN4ppYn3jB4lSTIl+7s92XznK5aN5AERRdUIfjPnZB8lQkDP/qwwCI0Ki
+SRxUtsrMef1biTKL5HI3On2wPLFQCGVEmiQoD8uEqaB/vAdJy5ZdQ3HA547TxLmy
+TJ6je8QMFUcO3n1pJWeUHuL+WyGrcstOEkZiFQyVpAFFeS7h6u2UI7HyNXGaP1mk
++vWulewlMjWHw05qG9wLqEiDkpZgmx4garfWbR2rggBu1Jlg4svS2jdmytuKQ735
+E1e5g7TCSzv6sHzdHfQ2WaVvfM5YfxqWpgPhNH2t7rScoLTvI2txyhpIIEIMn+ip
+tBM15Ai+L92gr4wLJlsBOcKOWSN46ucqQsGla3so0PZAtU4hVPEJ+PzaR2czStUk
+MzrKfG1qox+JW8BBiW2zV2idKy2440Sn/NSqMyvZgEFn7GDaAcTsZi2FhRLT1Fg+
+2c5viBTaCRdh20QDQQu3skEhbFU5GjeZEqCO25hX5L3BZPnQtwQujc2RU9aGWwPm
+o/nrp8ilBRI18qFdxfqFEV6ftdVNXlrV+cMgtuwPNX6vnmKWjN67/cDIUML3ab+e
+9cx0rBvCBvMn7Q0AvY/RcsVP0DaLmov7ciuvih0ptCgYThov7FJ2V+q+2LbNLwSc
+qpi/6R+l6bIjP0UITKZlug==
+-----END ENCRYPTED PRIVATE KEY-----

examples/ca/CA/serial

@@ -0,0 +1 @@
+4C9BEC95D121491D5D65A71A614667DD42186549

examples/ca/CA/serial.old

@@ -0,0 +1 @@
+4C9BEC95D121491D5D65A71A614667DD42186548

examples/ca/openssl.conf

@@ -0,0 +1,364 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# Note that you can include other files from the main configuration
+# file using the .include directive.
+#.include filename
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# System default
+openssl_conf = default_conf
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./CA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several certs with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= HU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Hungary
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Debrecen
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= coTURN
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+#organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= [email protected]
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./CA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest  = sha256			# Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
+ess_cert_id_alg		= sha1	# algorithm to compute certificate
+				# identifier (optional, default: sha1)
+[default_conf]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = TLSv1.2
+CipherString = DEFAULT@SECLEVEL=2

examples/ca/run.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+#set -x
+# key passwd: coTURN
+cp /usr/lib/ssl/misc/CA.pl ./CA.pl
+patch < CA.pl.diff
+export OPENSSL_CONFIG="-config openssl.conf"
+./CA.pl -newca
+
+for i in "server" "client"; 
+do
+	./CA.pl -newreq-nodes
+	./CA.pl -signCA
+	mv newcert.pem turn_${i}_cert.pem
+	mv newkey.pem turn_${i}_pkey.pem
+	rm newreq.pem
+done;

examples/ca/turn_client_cert.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Validity
+            Not Before: Mar  5 09:05:42 2020 GMT
+            Not After : Mar  3 09:05:42 2030 GMT
+        Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e:
+                    bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01:
+                    2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c:
+                    92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76:
+                    58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0:
+                    b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35:
+                    92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b:
+                    36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5:
+                    de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c:
+                    74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c:
+                    e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa:
+                    f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf:
+                    35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c:
+                    c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61:
+                    a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac:
+                    fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39:
+                    74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f:
+                    7c:e5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C
+            X509v3 Authority Key Identifier: 
+                keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a:
+         a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc:
+         64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b:
+         8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea:
+         2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6:
+         8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8:
+         ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b:
+         bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82:
+         dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5:
+         51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46:
+         ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25:
+         0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab:
+         f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0:
+         4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10:
+         2a:7e:cc:b6
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
+VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
+Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw
+DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
+VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+
+v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1
+OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz
+j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc
+jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV
+OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP
+fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud
+IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb
+KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x
+1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb
++eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH
+Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P
+RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY=
+-----END CERTIFICATE-----

examples/ca/turn_client_pkey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvbTgxIxIS51qN
+7RwCfr/C73rRwLJLtDibp13dASyg53xbek1xS8lbd+izTJJbjENXtsmMRGZqnozy
+dlii9TijT++vWse/5XKYwLguoXXMFou/o2rm/cklNZIxsngqQnuhziW+MkVuCzYi
++Gyc84+/yIx51VkC9d4fZ/zvxyeIpzWx1+7cHHQR/DxWM7XniM7zztu5PODrFbwA
+Xyn0nI5NYd/aqvT8++dLddzcz/BLO2fPvzW4D1sglGDdO+V67A4wLMH79iFb7YA0
+nVlclTmiYaQT+le59YXUob+Rz9fcrPoyR+7ShpsU0TWIHi2fOXSG3vEE3uE5L6iR
+v4v3T3zlAgMBAAECggEBAINzP+vx75UirwQybA6ik2aqtEmALxnzDYf1PaxhOOPJ
+EbIqTuVaeKOFkmToN7NJwxxy50un5WZ3L/5vF7PkNHCLcXrgd1UfxWMY5eprKi2n
+p0gOWAiGmra7EbUTml9wOdvg8P84BDaVSBekNx7Ukx6OVFTmvTAutCascSfq/4Cx
+K71zaW/I9hrU8oNDBDzolVW4gW8ObNLGhoDqmvkoXrlrGEBNqkuErbbYZA1k/001
+lurEh7Zp7Kp6jjHcRm83a7bWiRYGtv1K9kR9MKKLW7au8zyjYcesTvS2QjY+k20W
+vE2kmyAosbJShFzTmZn8kwgh6c0BPyFDEI5XleMeefECgYEA6ZhgG87wyU4RDU1N
+PxLV9ufbSYpW91KP1iuZ5Z6QdLGWZeWKjvxtoLAa3z9ceIBVvFqCGDn4DfwIaNLe
+tGsjeyXre1R3/B0S/oAJbmbRV4pWl/jSzgbzCTGW7x1mpqgpJdHFmTbqTxkNB6cM
+fpzTPfM012KfRglD9D+2DTOCyEsCgYEAwECXQRIe7/657J68GHSBCaQ+rzDL3nRe
+exe4duHyXok0yohk7OiPepKQ1hdYq2PHhGEj6b5OgFppWeA66M/ndjX4S10oCtN0
+oEb7honFz4ZmHmqQ6UotAuBx7tq06v+KI/eTvefTVh9mujdwMW4sAowhx9Dw6PkR
+ipFCdi458Y8CgYEAhJ//ySoYKaMKKWw/NFVkZ9fB+CH0OF2GzslYijcZuzdstZO6
+tG37bCUwTJozzTLH+rXEcS7QeFglCibXTMYbkfq4lQAjU1/KffaB5E26A6LGgWhD
+f7gQWqLuF/qwYmTNX+yW7ONx6tDFRhgBDw3JHb4svTEATwpJq65UlXAui7sCgYBD
+krBXO8JKApNg+s4MHm74b5VkyFbv4qEOzOCWUIZ6+ejnQxeOOZOstnVX+q681v5a
+pjYUQ0KeVKjw4SJzkBe/8epKuvyHCZnVd/2SZTx0271q9XPnu52khDUnihHLA3SP
+fcadGi2q+LCHxVKW3S1028JH1EXI7TpgJPxiQ480OwKBgQDmi0BiSFaxNVcJm+pq
+rbmK2pRPl49VOlc7px89ilZgoIeU8jwWQyqXRooarFhV1H0SA6oh52jYljiIIFVn
+qwKfS3Sjo6iW3ytjGcRLeNS0Sk8D2XMky7Mw120ZxatTsKw3ztmYFAlSYdxRMnue
+zkYzcxL3N2LvHeY8SOwyxayfxg==
+-----END PRIVATE KEY-----

examples/ca/turn_server_cert.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/[email protected]
+        Validity
+            Not Before: Mar  5 09:05:21 2020 GMT
+            Not After : Mar  3 09:05:21 2030 GMT
+        Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac:
+                    cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04:
+                    57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00:
+                    b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d:
+                    f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e:
+                    5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d:
+                    40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8:
+                    02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51:
+                    2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f:
+                    bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b:
+                    2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39:
+                    ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5:
+                    02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df:
+                    09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81:
+                    f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1:
+                    70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6:
+                    26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3:
+                    7b:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F
+            X509v3 Authority Key Identifier: 
+                keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f:
+         21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a:
+         1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b:
+         99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2:
+         83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68:
+         b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7:
+         2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22:
+         a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64:
+         36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3:
+         84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1:
+         ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6:
+         93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07:
+         91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c:
+         9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2:
+         06:0e:88:d7
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
+VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
+Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw
+DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
+VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s
+z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s
+yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5
+TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO
+YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI
+deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j
+e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud
+IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht
+EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA
+DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt
+p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER
+ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW
+GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc=
+-----END CERTIFICATE-----

examples/ca/turn_server_pkey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC82/cXNRd8Rnlk
+iWFfrM+PbZcTh4rW8avf9mlOBFfBTWw9d8lQDT22ic2sALUCReRMeO9vGH5XTrxi
+TfbebMh36sWytGUtRna/Xl/4RXhV9E0grJHwTyPLXUApRN6c9wrmSKSANd3L6AKQ
+Wfcx+UxQ/pjv3X9gUS1EChSiV5ZRNj9zZttFX72d9II6zqt1T9CQbUPRey93MYjb
+L0qpTmI5xxR/Oe/iCLcYp2z42TXVo/hk9QJRIhuOesVErt+xFwtx3wmCiUlwxZug
+8zwCSHXngfkkUVYkO/+4aNMTLqL00XAzqXrWF/3KpWsTdMnOtiZPAf/rurX5oXCA
+2hHfo3tPAgMBAAECggEALGPXVBEakA9QgRz5Ui+gKaoslF6Ld7IeH+ofHkNPDRRR
+mLELFFHIa5tASGlyIjKjUoYqYQZ0y7ip9sE0gVs4U1dPWI2mKlohlyFrlUNe4XUm
+m8N0GfPAChDE/+48FNDMMwxn/eqrUz4ZPCypOYnLMk5lTBvX0J/D7/Yem3nSzwt1
+qkZoijxZH5IvJAJkBWvucRuJ8XxHzOAo2V2Y+wTdilcJhfCvqGC0rkydjaN6TtRW
+HWKvAOa7hEegNBbZhHhKfw5ovQwj9Cnr2+8gaTSw5gVaZNnhCO+TlUfQHIBH9rmt
+82SHu1QoYSGMvkjlrrKhRYHrx+4P4TXoZ6eB1hl3QQKBgQDmwUOkh6qwL2dtcrF1
+bVdRZjb1bw6L8qZAgUkcA1IaLVUlhjEJZGXAoPbLn6Vq+jfOvaYLmzEaLcpn3pfx
+Hwcb1vnNW7dlXC1vpIWXPZP4IPJV4XsL1AgoEj6mgETHxvC+4cLc2gaMY5o5TzUv
+VdV/A7SIqxAyPccXt1u/eITfNwKBgQDRhVTTJiBsGGjOetfgNqNGxpkKB6W4cET9
+EyC1c7Lh40lioA2G8lzhFCdK9VZ+cAT51Bmkr5jq29EyMafSy3e4+PG8ZLHVL0ll
+qBY4vSzHQNcGvUgh+15g6ISgCbM0eSsAea3LY+fmchz6mBS6DhyMkYPSbV+7YvHJ
+PSnfTkTgqQKBgQCO+SQOJzjs3RI6UBv/4/V8K9bVjy/2Kiw0P2arAqu2KGxfSZvM
+c/ZPuevwEkSN2ecGI59kBY4Q6FpGrTZ7YXwoFbTFNpSVKt3EFK3pHXA3B0LfT0vL
+8l3zZgqHY2Y6WdsEiiEQcc4o4fXGmHsdjxMvFX6gR01Ls9dNrIAeTHAXVQKBgGoL
+Q72C5JIRYKpw/mYbAVTHG5o5+KR7Hk/AqKNuJbGyqefi/jW44U2CN8j2l4pzA/G2
+aiwyPAFStHTlMP29waC7Tw59IIy33Dw5cNXS2aEXrj1Y+/NHGKOPy+B8SFlcomkh
+LNduf2bhhs1Gv+bTUZvL4p5UgUmEcL/b1x+Qq8fRAoGBAIpNCp4W+TsPUJcQKoWm
+L61RVr5GaHv7/qxQvYaXIVCq8/gZAbJi3/A9ieTrF72uuOZ+ajzFHDUiiDs19y67
+mCvCchPgqzLy9iSs6mm8fmS6kJnWn04I+7DOfe7kScUnD5WkyNaTYAeOqvdWzl/i
+B1hQJJ9GzZG5Rztlotm5m/JY
+-----END PRIVATE KEY-----

examples/etc/cacert.pem

@@ -0,0 +1 @@
+../ca/CA/cacert.pem

examples/etc/turn_client_cert.pem

@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDzjCCArYCCQD3YHhln4EqhDANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMC
-VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxKzApBgNVBAoT
-IlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3QxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAy
-NjdAZ21haWwuY29tMCAXDTEyMTEyNzAwNDEwNVoYDzIxMTIxMTAzMDA0MTA1WjCB
-pzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3Jl
-ZWsxKzApBgNVBAoTIlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3Qx
-FDASBgNVBAsTC2RldmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcN
-AQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEosxFd
-dEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40pwcm
-BJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PBXinM
-gtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKAqDYd
-FY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1skOXF
-Vm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
-AQAhXgGdXXf0dMPdkfl4jv4dqFNSmax6wmeNc+oJC9qIFVDLsdAaAWXZ+pZHYIMR
-UN8mQobsIZdfPQ0gs8CgUwrKziAjA92y2Q/I7vsg83qRLhysGC5etYMD/wlySDDS
-AJKraevDPTEdmfNstCblubNG2PIeqV1isWtPMqB2dMsCeyzJXVyfD0QcABzFv4Fs
-MMy7JI7MsctNh1tjV/0TsddDMeMLs22rix5fS8MZ6uunFzIuJ0MshFNehXFuvz0B
-uNmn0k7djUm3h+2Avs3YGCo/8GtqHapc/lva/9gT+iEW0e7i0Ru5Jhar66VMzJqv
-+wEhQafC77d3vWHtXQU8dYmM
------END CERTIFICATE-----

examples/etc/turn_client_cert.pem

@@ -0,0 +1 @@
+../ca/turn_client_cert.pem

examples/etc/turn_client_pkey.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEo
-sxFddEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40
-pwcmBJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PB
-XinMgtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKA
-qDYdFY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1s
-kOXFVm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABAoIBAH5ITN8FZEe10gws
-qUrkcRD2h3aI/gMyetzGz45UUERmfq17xvY5M1eA884kNmbowoMhfoO9hqBSOYkA
-Ndh9p5he5L+GLeyRlDi9WEFQ4iqCnC2uEEW/bMBAcVIhcvkGOT4ROiOPDRlsuaUh
-v7cxe2OeYZVra7L1vJzC+eVYyNBN5CgK8w08MPEkupQS9+Jvr0QWCikRz187cG45
-EiDMrBKyJNE9lY6u4P8gJ+/NgaASWP/D3kbsjiQ2OwSGLrwDAvWC7Bx2GK3/0goA
-btp7YGaWvp+mE5V91cOW+PfweC5Do4MjOr4ToNkczW0AxKE5o94yo56h+II5bX6N
-z65VvtkCgYEA/Sq/3S2yup/Oodzj003KG4skWYFrj7KXeXgm7RZcpNwkd8JaFXJ/
-Cwl7/3bkRv6RHLmXX/2hcNWlxq3u6Efs1EjtycdArU68kO01vLdExJYIzHKmHikV
-n+T4hukxGDzObxn3lH1KcOodh/x572Uufn79dewoZCPzH8t/jiMOWGcCgYEA4JfN
-66Kq/oDookqenM9Ij5l6zeeNwzMjIlkU2eG0DAH0KdsBN/hTGGGRQVBk03YREQmK
-crEhGAZxzfrX5fK11UVG3C2pqAtrVe6FuD32vFUpP1MO0ftSA889NoEwGdNZV4pV
-Mk0+6xVCNOatj2inMXlQq5s68WfCzkiWD7uLCv8CgYBcwuYsF4tuYBGpMzNzAAS2
-1OPLu+T6cPiZdFHm+xOVAGiITPkO9LXiCGabsydvb+UhvkrdzCP0IQQt6RsplvkK
-y3H9RfnHxprHC3NuI0SaN1Mf/j4pvOoEfTQm0pi/hcAp6zzQ9ptpBg8t/W98LPm9
-NbCPHamrD5UMqFajcOrXrwKBgD8D2M8IcRm/aYY/kYlFz4Ia+g3Trj7alj0I6YTI
-gw/rbGph/FGL5ySsG2lL+T4rnlY9aw8LC9IF3OCCRRlLpCEWsu8MENIJgjA2IGa1
-XAkzi8MstrfL4BMZjn9AeBKG7kZVldnrOoATEuRs5L2cC20iMLQ1dbBOAKaITzJS
-2IxZAoGBAKqwr/uennxJrnMtpjLBgcphoU3aXJZvzzDqlOaqzJp6Xmbese4sDEe0
-hvVHreigDzOnGnqL/vSjTDWaLqS/O1iE7p+UrGIkZj/Zl6Jk54OX6AHmWE2LhdlU
-FYgIQKX7fuocpF1Dpe7xEeVwvdp+UqbDzHQg1CWGe1cBPYDYIkSH
------END RSA PRIVATE KEY-----

examples/etc/turn_client_pkey.pem

@@ -0,0 +1 @@
+../ca/turn_client_pkey.pem

examples/etc/turn_server_cert.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsDCCApgCCQCmgrJCiQlGOTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC
-VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoT
-E1RVUk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYD
-VQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMCAX
-DTEyMTEyNTA4MjAxNloYDzIxMTIxMTAxMDgyMDE2WjCBmDELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoTE1RV
-Uk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYDVQQD
-EwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+l
-JI/GwlVzdzQ3+F4clMQDR1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJ
-d2DUFADkF+7I674XwX8U2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj
-9yPkqnO0c3ko1/OzIQCcs09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZE
-psCztA+KCCoiJf7NenOvVhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLe
-IcopqSbg9CRIKe1HOL8YTvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4IBAQATbrBOLV4e8Qmsby9+srxXsdbNc60PmDZ4WiZ1
-IElfWmzM7wGXm9sJg1PX/7T24R1tbwZGLIhZnkhecG372GChULZJ9Pdjh0Ab2nK5
-LRKHXTpjp/xOJvx0JMCIIyRnGZT1nABPOk8uEjNW8PaU6yhQ4f5nKaSOgYGRCln6
-dcy5vylCsyD9Q7GXs0KOC38XD+Ycv6VLX4zKJ2Yum50Wt643nLjG9RlGT3FXWJ1K
-HUbPC5TO6bcYLdiTjaYr+X8xC/x6h/Ngdo/16w7fRmQQ4uS+TVXrg8ITmI71KX/I
-m7C9jbsubwzrhW84oZXYf+o/0ATtEAhiVLnHifKCCYikqfVj
------END CERTIFICATE-----

examples/etc/turn_server_cert.pem

@@ -0,0 +1 @@
+../ca/turn_server_cert.pem

examples/etc/turn_server_pkey.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+lJI/GwlVzdzQ3+F4clMQD
-R1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJd2DUFADkF+7I674XwX8U
-2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj9yPkqnO0c3ko1/OzIQCc
-s09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZEpsCztA+KCCoiJf7NenOv
-VhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLeIcopqSbg9CRIKe1HOL8Y
-TvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQABAoIBADUPHCXUyKLCwKFH
-NEf27sGZxX71H+NfaseioLT/3/8DDyagncfDB7I4OL2YEKC8YScpD3xv1n59BFcZ
-oRtDzW+1AkVpm+VRCWYAWSXHFhkuJ6WKaVr9UOeMHStqQCcktP/kLKqU6s9UJDnM
-pOHNPVzBjl+jHxHs/gGyxuKxSH2Anwkrzpiv5j0obKFnw3QtAqeZRs1NlvPtYt2S
-eihZWr8r8LqylPk9ga9MYmO79Yr+EPVaqd6bmz4MpZJ4/7LEjx03Q6azdMCPhFNY
-cYzPIDZFEj81Zj/tqA2MU/uTTUUrcXint4dHRJs34m5N68PV1Y1XhhH6FG0+X711
-ZymudoECgYEA/ChS5zmmOoLoaq2441+PzQbDP45qR6+G4slHwC8RDZhsYw0hQnp9
-n44Qagpt74J4FjxT20BdE714DZP32IqagUwatWRQ+z3UoGafkJSNc5JSEogwZ65C
-nC8RI1pPHLEvE8IzBJiqUA1kbMOMfTYW694wdN9JVZang05/AXaJzm8CgYEAwpJ8
-nJRR9JFweHRrRgnrVk0Qi+ABbN9T/nhPXYab2vjBfeBOTA1Mob0M3zMJDCnL2i+D
-K1GzE6WaYHElr45j2Wfphd/rRTk74WR4BaPpTCGaAhBQNn0ufqUkKsCPEAlTU+nG
-iyXP4OvdMPjEBckjbKm/mlX7m0njSHAY6SWNorsCgYEAi8Yubk3efwChpMC3hBIs
-vBHLmSdwclwyAPRh+X4djdO4AQ/+J8OObytond86IVHJD0pRkW+UKKUWLzCeakIq
-cxGknHgHC72yZ1d7i8FMx4uMQwmLC23lLn5ImbgtslHlLqavcRTPE6DY0hFzhtS8
-z/JSGfbLx83C/V49uKnkqbECgYA6h1oYt70XdpCAi3ShcuZp5XCuwslq+JsJlyM4
-nP9RFTcPKGQlGHMOzBGNKor0L7Z0gYpRg5f8tvoDPMX7UzfR9CIY9UyOXDMZD+HS
-wIWzMwBi0olueqV7zy1b9uSSDFwWh+IDhXJM1GaLDqnYm7KeQ0mxoV+4TLej2KSF
-rZg3dQKBgQCVrVxFV8jHBsRsH5PzMx6pUSAollmuyte9mGU1MIE7EZf+LEQIAjGZ
-9jvtAILYVJXwVZv1/zNxldUfBNuWc95ft+Gg7FEN0p0uLpdYNXQUcXuJaJ9tJ1td
-ZfvRcrUXdFNKYt9/yaGeHVaIQfp4W1faZD7OnII7EOVkUKyv/qNGAA==
------END RSA PRIVATE KEY-----

examples/etc/turn_server_pkey.pem

@@ -0,0 +1 @@
+../ca/turn_server_pkey.pem

examples/scripts/longtermsecure/secure_dtls_client_cert.sh

@@ -32,5 +32,5 @@ fi
 
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
 
-PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1
+PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1
 

examples/scripts/longtermsecure/secure_relay_cert.sh

@@ -36,4 +36,4 @@ fi
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
 
-PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@
+PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=cacert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@

examples/scripts/longtermsecure/secure_tls_client_cert.sh

@@ -32,5 +32,5 @@ fi
 
 export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
 
-PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1
+PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1