From 61056829c572d3ce2152dab8ae4fe684839cebfe Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 13 Jun 2018 09:26:54 -0700
Subject: [PATCH] Added success test cases for domain name match (SNI) in
 common name and alternate name.

---
 certs/crl/server-goodaltCrl.pem |  38 ++++++++++++++++
 certs/crl/server-goodcnCrl.pem  |  38 ++++++++++++++++
 certs/test/gen-testcerts.sh     |   6 +++
 certs/test/include.am           |   8 +++-
 certs/test/server-goodalt.der   | Bin 0 -> 933 bytes
 certs/test/server-goodalt.pem   |  74 ++++++++++++++++++++++++++++++++
 certs/test/server-goodcn.der    | Bin 0 -> 893 bytes
 certs/test/server-goodcn.pem    |  70 ++++++++++++++++++++++++++++++
 tests/test.conf                 |  28 ++++++++++++
 9 files changed, 260 insertions(+), 2 deletions(-)
 create mode 100644 certs/crl/server-goodaltCrl.pem
 create mode 100644 certs/crl/server-goodcnCrl.pem
 create mode 100644 certs/test/server-goodalt.der
 create mode 100644 certs/test/server-goodalt.pem
 create mode 100644 certs/test/server-goodcn.der
 create mode 100644 certs/test/server-goodcn.pem

diff --git a/certs/crl/server-goodaltCrl.pem b/certs/crl/server-goodaltCrl.pem
new file mode 100644
index 000000000..1a2a082a4
--- /dev/null
+++ b/certs/crl/server-goodaltCrl.pem
@@ -0,0 +1,38 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
+        Last Update: Jun 13 16:02:51 2018 GMT
+        Next Update: Mar  9 16:02:51 2021 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                1
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+         60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0:
+         ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae:
+         ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae:
+         4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43:
+         51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f:
+         ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7:
+         13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a:
+         96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8:
+         dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0:
+         c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5:
+         c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0:
+         74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9:
+         46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5:
+         3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a:
+         75:e9:a2:88
+-----BEGIN X509 CRL-----
+MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
+aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh
+jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ
+Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs
+xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh
+2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P
+RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI
+-----END X509 CRL-----
diff --git a/certs/crl/server-goodcnCrl.pem b/certs/crl/server-goodcnCrl.pem
new file mode 100644
index 000000000..9ebfb0838
--- /dev/null
+++ b/certs/crl/server-goodcnCrl.pem
@@ -0,0 +1,38 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com
+        Last Update: Jun 13 16:02:51 2018 GMT
+        Next Update: Mar  9 16:02:51 2021 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                1
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+         b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b:
+         6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1:
+         62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c:
+         c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8:
+         18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1:
+         90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb:
+         ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8:
+         dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a:
+         19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45:
+         21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29:
+         5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3:
+         36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22:
+         bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b:
+         aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b:
+         d1:70:bb:e9
+-----BEGIN X509 CRL-----
+MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
+CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
+bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
+c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U
+BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF
+jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh
+qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK
+6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq
+cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4
+IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k=
+-----END X509 CRL-----
diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh
index 655dd7492..634b62166 100755
--- a/certs/test/gen-testcerts.sh
+++ b/certs/test/gen-testcerts.sh
@@ -71,6 +71,12 @@ function generate_test_cert {
 }
 
 
+# Generate Good CN=localhost, Alt=None
+generate_test_cert server-goodcn localhost "" 1
+
+# Generate Good CN=www.nomatch.com, Alt=localhost
+generate_test_cert server-goodalt www.nomatch.com localhost 1
+
 # Generate Good CN=*localhost, Alt=None
 generate_test_cert server-goodcnwild *localhost "" 1
 
diff --git a/certs/test/include.am b/certs/test/include.am
index c1f4a447d..fd8bc9e1f 100644
--- a/certs/test/include.am
+++ b/certs/test/include.am
@@ -20,9 +20,12 @@ EXTRA_DIST += \
 
 EXTRA_DIST += \
          certs/test/gen-testcerts.sh \
+         certs/test/server-goodcn.pem \
+         certs/test/server-goodcn.der \
+         certs/test/server-goodalt.pem \
+         certs/test/server-goodalt.der \
          certs/test/server-goodcnwild.pem \
          certs/test/server-goodcnwild.der \
-         certs/test/server-goodcnwild.csr \
          certs/test/server-goodaltwild.pem \
          certs/test/server-goodaltwild.der \
          certs/test/server-badcnnull.pem \
@@ -33,10 +36,11 @@ EXTRA_DIST += \
          certs/test/server-badaltnull.der \
          certs/test/server-badaltname.der \
          certs/test/server-badaltname.pem \
+         certs/crl/server-goodaltCrl.pem \
+         certs/crl/server-goodcnCrl.pem \
          certs/crl/server-goodaltwildCrl.pem \
          certs/crl/server-goodcnwildCrl.pem
 
-
 EXTRA_DIST += \
 		 certs/test/crit-cert.pem \
 		 certs/test/crit-key.pem \
diff --git a/certs/test/server-goodalt.der b/certs/test/server-goodalt.der
new file mode 100644
index 0000000000000000000000000000000000000000..7ec7392c99b65c2d952f38bcb5fa5678a03b33a9
GIT binary patch
literal 933
zcmXqLVqR#_#MHTfnTe5!iId^f<&7<qv=**2;AP{~YV&CO&dbQi&B|cV*ks6Uz{$oO
z%EBhh6dG(OV893BaPYAE=I50p<|V>J*m>BU@~cvF6Y~s341_>xxOuo;^U^c(Qd5gE
z^U@6^48%a9%sl+%<>h*L`MHTD$r*ad`MHMj2C{HVIT^(SGV{{%9m?}_(u#|7Kne`x
z#CZ)Z49pCT4b2RUObw&Nd5sJWj14TI+`-|<CPpRXz++@(U~XdMXE11D<YH=KWMnun
zmE&Q!<EO&h?U!5~)frQdxvu-PN5x>r)N}fN*S^Vg?5UamdqsNvznD3JrQf?wu|GG}
z?|-<r`hb4T>Xa4Ye@?|#?|Pv4v`8;sukFUv;#+H^gLlT;Uzg-n^?#V09N5jBV!zgT
z$5NRXlg;ZG79=12R?i)oQBl0CM`9&Y?)t-$jCwl+9v?g7uqAV`n{j4)-jUtn%Raxj
zyS8{wwZ7ukziELydqXxq%#D}Xqg;HEletsmlEBWC!&(;>PV?IH@QPIQ@dXDCCRgyg
zm>U>PYcNuty0Cng@TKX+k789%X7L`jOjxpIL#C4x=gS)$dyEw}M<^{{_4>%eXNk>6
zFHO6D^Me1{>rBjy42+9`slY%4m=0tGS$GY&n>cgwlM{0?@{3E5!w#76fMLhT5XJH5
zYZLe4*?kwLPI9}y@NC!9qv3^D^1s|HPTNy=Gi`bLaZQ=tE5?&TKG*(@eZO%9`?7cU
zXMQUPyY!7)l)E7R*4`uL?`Qtp{yDNh$nk5DOrmUHuF}z-?usAf41$k0E!+N*f$78Z
z{>K5Q6}ta_H9S{+a9#gmn}o(&Ci(FfTyysy$_$B$xE!t-$KQIr_~Gr1qG~JBiUO}c
z-@K!J<LaD1@0uCMkF40W!IpLFRK2ZB+}qE#+2**0xFw$uy~bv__}WJM@2?ls9Gt$g
zUhw<7r@6rs400^FvU#udy|$RYhx6c{bPcb+kqP%NNd7bp@`-DmarDZ|f8s1kKR({|
M?$_ko%3^*H0NH_RTL1t6

literal 0
HcmV?d00001

diff --git a/certs/test/server-goodalt.pem b/certs/test/server-goodalt.pem
new file mode 100644
index 000000000..b8950929c
--- /dev/null
+++ b/certs/test/server-goodalt.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14615220398693458350 (0xcad3b184922aa1ae)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jun 13 16:02:51 2018 GMT
+            Not After : Mar  9 16:02:51 2021 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:localhost
+    Signature Algorithm: sha256WithRSAEncryption
+         5a:08:fc:f5:82:0b:a3:9b:8e:d0:95:92:46:df:a1:cd:8a:e5:
+         c5:57:71:d4:6f:f4:d9:73:66:bc:7e:d9:66:a7:67:c7:29:1c:
+         8d:d4:33:92:54:f3:7d:fd:5d:ef:b1:a8:07:a6:ee:df:99:f6:
+         70:56:d2:f6:0b:15:0b:70:6f:da:bd:c4:37:ef:99:f9:b7:f3:
+         59:70:12:41:f5:72:1c:61:1d:51:6d:22:c5:8c:8b:78:f8:77:
+         00:11:e3:b2:a6:b7:e9:00:02:f0:e7:8f:e3:50:cb:20:8b:ff:
+         f5:31:ce:7b:c1:ae:8f:a3:3c:60:81:da:34:6f:5f:d0:45:6d:
+         bf:c2:69:54:5a:58:d3:57:29:5e:0f:85:d7:73:e1:db:b1:15:
+         26:a8:66:72:51:d7:e7:b3:b8:87:b1:ab:6c:51:4b:7c:98:c7:
+         c4:a8:ba:b0:3d:05:b5:95:2e:b5:a4:47:87:cd:86:3d:6c:45:
+         54:46:63:c8:15:d6:06:39:a3:d6:b1:3f:f7:eb:a0:7c:c1:97:
+         a9:7f:11:f7:ee:e5:6d:53:90:30:6c:39:0a:6b:0d:d6:8e:eb:
+         38:9f:bc:09:c1:fc:67:28:4a:fd:59:60:df:d0:19:f9:35:52:
+         4c:5e:85:98:c5:d4:e9:fe:17:04:22:f8:f1:dd:4b:8f:29:0e:
+         b5:04:37:c1
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIJAMrTsYSSKqGuMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG
+A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTMxNjAyNTFaFw0y
+MTAzMDkxNjAyNTFaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
+MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM
+D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn
+AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX
+/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj
+xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9
+ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj
+laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP
+rdcCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
+A4IBAQBaCPz1ggujm47QlZJG36HNiuXFV3HUb/TZc2a8ftlmp2fHKRyN1DOSVPN9
+/V3vsagHpu7fmfZwVtL2CxULcG/avcQ375n5t/NZcBJB9XIcYR1RbSLFjIt4+HcA
+EeOyprfpAALw54/jUMsgi//1Mc57wa6Pozxggdo0b1/QRW2/wmlUWljTVyleD4XX
+c+HbsRUmqGZyUdfns7iHsatsUUt8mMfEqLqwPQW1lS61pEeHzYY9bEVURmPIFdYG
+OaPWsT/366B8wZepfxH37uVtU5AwbDkKaw3Wjus4n7wJwfxnKEr9WWDf0Bn5NVJM
+XoWYxdTp/hcEIvjx3UuPKQ61BDfB
+-----END CERTIFICATE-----
diff --git a/certs/test/server-goodcn.der b/certs/test/server-goodcn.der
new file mode 100644
index 0000000000000000000000000000000000000000..78edebedce44eee89f249d7d7ec56484dcbc5d40
GIT binary patch
literal 893
zcmXqLVy-l3VoF@V%*4pV#L3WnB%$GwS;QOzUN%mxHjlRNyo`+8tPBP<hTI06Y|No7
zY{E>T!G;0`d>{@754&%EUP)qJB20vxhutZ^Dm6DT&rrlb2&9IahubwTJu@#gwJ0+$
z-B8Ft03^!H!<mzxoS2i5UtD4+Zy*b|jgwJKATuv5-=RD|C#|?RM=v=)*Fa93*U-Yi
z%+T1-%)rRhFiM=)$k4#pz!J(GVAnM<Dj^3KBP#=Q6C*!^K@%evQxhX2!-1(B55pZl
z73OZg<m#x-n0m~0-KRY&20Nyn)AzgfO{QZ{&HUdh((C`l%n2<0-gS!oxv75t!@bo9
z^lMh9tPuZmDz<vp1I4FBdii>7H>MWfS|c62Gv5BXB(JLf!{p?^ZtfKOwaz=1%EXv#
zUdON?`RKQL?#PUa;$=M&E17cFAC_d)+ad7y*cpc{nTy?wGu!iy>=s}4`NiF}#e1st
z6}SFP3*^}wviV_dyv!cu;)|Tjog$Y6cBUNGy0CDX*Pe%0q@s^6IB+nzg5Sm5z-U^7
zk@D1q<-3G0O)q{Ft9mkv_poKck}VrDot!vd-r(3{tgtykY5A(xM;<;)Y(9Ev+Wngs
z{MTM*VrFDuL=GWff&zvRBLl;~(|2bF_Jlus(LHTa0r%k-qDMadeP((5$5r0Gb>G#+
z-5&ofP*b^_xV*crdipm-gD)yS4=a@|%V>5uH#hV8lX*}7pI>ZuAZSJ1<oc`8$>y$q
zPkrg{(+XJAaL!Lh%KFXQ{&oJGA#*p{v+g;sV*h29tnZy&#v8U&Eeo-@cW28-^>g_;
z7wVF_TGl(PzoaGa@GnkeE~|mIfA!Qh-PtRDGrX2w_?J8VUfSHpJM5l!ZLG7f=er$z
zG*)7HnrB}ivrX3NUsCUzmsfvM{`tGsU}Eh7tK^-Xl5_U={)qLOz08Bj^n>K9Nt|63
hRh+MT5}#)Ywys>Z?DrIp|80H;g*}Cr7Hv~K0RVw$TCo5C

literal 0
HcmV?d00001

diff --git a/certs/test/server-goodcn.pem b/certs/test/server-goodcn.pem
new file mode 100644
index 000000000..3bcd40ee4
--- /dev/null
+++ b/certs/test/server-goodcn.pem
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9494820020802705564 (0x83c46080d236589c)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jun 13 16:02:51 2018 GMT
+            Not After : Mar  9 16:02:51 2021 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha256WithRSAEncryption
+         00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15:
+         c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70:
+         26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76:
+         a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8:
+         7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce:
+         4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24:
+         3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1:
+         27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e:
+         14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd:
+         0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5:
+         5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2:
+         23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d:
+         4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61:
+         e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5:
+         72:b6:25:c8
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
+VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2
+MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
+B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv
+c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
+1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
+lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
+r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
+CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
+wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9
+cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0
+j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ
+fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT
+xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ
+inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg=
+-----END CERTIFICATE-----
diff --git a/tests/test.conf b/tests/test.conf
index fdc2b7f5f..96f94b7d0 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -2247,6 +2247,34 @@
 -c certs/client-cert-3072.pem
 -k certs/client-key-3072.pem
 
+# server good certificate common name
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-k ./certs/server-key.pem
+-c ./certs/test/server-goodcn.pem
+-d
+
+# client good certificate common name
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-h localhost
+-A ./certs/test/server-goodcn.pem
+-m
+
+# server good certificate alt name
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-k ./certs/server-key.pem
+-c ./certs/test/server-goodalt.pem
+-d
+
+# client good certificate alt name
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-h localhost
+-A ./certs/test/server-goodalt.pem
+-m
+
 # server good certificate common name wild
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256