From 08a3201b9dcb101651f347ada68feeea64f0cad6 Mon Sep 17 00:00:00 2001
From: Benjamin Saunders <ben.e.saunders@gmail.com>
Date: Wed, 9 Jan 2019 17:54:21 -0800
Subject: [PATCH] Generate test certificates on demand

---
 certs/ca.der             | Bin 2301 -> 0 bytes
 certs/generate.sh        |  35 ----------------
 certs/openssl.cnf        |  17 --------
 certs/server.chain       |  86 ---------------------------------------
 certs/server.rsa         |  27 ------------
 quinn-proto/Cargo.toml   |   1 +
 quinn-proto/src/tests.rs |  33 ++++++---------
 quinn/Cargo.toml         |   1 +
 quinn/src/tests.rs       |  15 +++----
 9 files changed, 20 insertions(+), 195 deletions(-)
 delete mode 100644 certs/ca.der
 delete mode 100755 certs/generate.sh
 delete mode 100644 certs/openssl.cnf
 delete mode 100644 certs/server.chain
 delete mode 100644 certs/server.rsa

diff --git a/certs/ca.der b/certs/ca.der
deleted file mode 100644
index 47c356aec934eefcd6175f4cd7e20673d7855af3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2301
zcmZvcc{me{1IKM<jG;BN$=&jz#O9c5k~_SvIg(JUB$HmELXNqcyBuY?HMu4CEml^J
ztd)LC&6Uc1&XHbkJ<sot_mB6_@AEyL?_VEGjKD4?1~gT~3j_dx5T2C2BN(i6)hCQF
z7;-$}Ov1J>03gK2gMnjV7*Q~<Gl&-|;1F^(AVAK<2qS|O#_C`+)p1x&tcHfV8&X*P
zx77H*{O?i>=;*)40en2XF(6T%Unc~CF(3d>-K9OW9X~Tvp)MxR<5{vF`LnKC0X*mf
zgSTsA_%n}6@zpv3CmN~aHMIXM4%hSUd4Fb2U1I7|tNukdk9jZcV&eH~PT)3n#A+ba
zBlvkd%M>ojCQ}<_WiYmp(&4ZJ8No%%6$3~m+WQ@C?o^kWF)K<2hzgLEFTW`(Th&}`
zHlf1Y8ifxs-Y|w?^4q3PzIhmP=?anH2U>ES7j8Dh+6j^oq`D~TKK&3qU_JX`-(yD^
zqq)ZnWG8@(^T)m~F4A#-Z9}Cbl#k-?|J+Wd6WjD^pYJLF6UUAWz9b5#mr|yK9F9$=
zCd@7X6BI@{lYPmCVX}WPSN|N+|1<*rjuAFf*fu!viDjh52U)D#%9*yB5;(P@aci@y
zy@F&Vf<k~mr`H<p2t@*^3M5k<jaq%T&<Z4EzOuz91d)gEdZ@Z~z&Q=fseKXldibCp
zwIgp&KU~v=x3;3E1-MR<P}lWmb><|seYj<_5gkIKny#DY<j8Tg1A_}Ft!I+eiKqP`
zUvA!?h!EppHFHgTmA-ktF}Bfd{9Luq%tPA<6~xFhzBr_)?X6Wx%LF+#3kT)jPszuZ
zPrE1u=uC*lmKFD4l!H)TFS&LfDKrOb9!J(@dDA2!da(mmN)%Crs|VcOjfI{!>ZM8s
zAD%y9US|^Eq5@?h^U)u*mP`Dq!GaK{B-t1iY{c<C{fcnAiI{jpE_fDJ%c2<>^yszC
z7Ca2oGs9;>vL++kcFf(!=I#eBwT)+9(WZY0?Jrwx=UqR1qrd#Gm)%XXB)5tJpQrn~
z;pQ6)Qu<6t;EynkS0dJUwYJtI!*E&sL}v2rmxD$d&iLFnE&>LNr?@uRQ16vaZeV0_
zaxDbt(ML&52x0{>-al&8O&!o>|1qvPAiENAjZ)XHw=|>FTE4et_;a4ejbt`~Swi~v
z24^Qgk+6G5PaeCq%PtHa;G=qq<XPD+073At37I>?;ogb1_#)0Nq!ArB<qZk!Sc}Y!
zy+`Y;|7?=@&Pmb=+I8Zqg9&f`Rm)w^zVG3$Oq1rTTo||MH!9J4QWp2J8svB2j8ctf
zBR=t9RUuHw@|4Ywvp7xj$aF_}zy7q6l4y(0k3t1ZUU4!yaobMHZH(yRU{y=c{Uc5h
z@ybc6W!rOK&w9oT<ai9QKqDJn3P0i9QSTIWV*Pq%Xe54ZX;PYP+wY7nXO0v7ZwM`@
zoVowZ+B|)UMR@TVWu;6hF~ByAW6O5ZZLMmj$0IDxQnhOD9=?rA`bnX7i#oiDEnM0N
z7C_y)+}=bGZtQw~JOBGxSVL#YU`j;pK<1xYqb-~7;UDY(896VU*dfch2a}#39G4A~
z0q;6`aOpr^01u$l9%GA<{>2+<5s)}YEJZ{GKjNt5HE@MGPl^Y!P7(P0F|xmHGzf(e
zkN)of^mhOb;=}L)00;kO&M%<-Vh(^O%Ht&i`9!C(apI1j%PK*ur8XCvA{^mKkLgrd
z^i9D>rRp!KZ{(aM?5@+&^Nb50&5fSsJeB!-pFiKnS^8Rq*W|ql#h9ST47Mqw-AkJd
zd^O>vZbA|-CYRrY>LxB$s>LNJw<XhJ-*cZGrF<_E?Ag%Ds0u=Ji3k51=&@<xUvP=z
z7x|nyvsWf%*GTIb(X;oe*bsupIpl4cpp~|7yqumu^sutSpUS0c6buDFndpTl$y5o?
zRwBU3<7$+gg;eTH4V(Y^^<z)=`E{V6xt;tPCH@>PracQ2N@=<rY~<>Dh8{j9Oyl0v
zb8wsblt0ucWyo1G&2e8TtH(-PzyNE6OG`c$aJ@v$CMrIIwS3;<@4Y)SN5{6)kBG6$
z1!L$huKo=v;@(j_-geyJ=^^{#5YSs+BITj(gp2H$mSQ*MX9?WmMI9JQRTVcMIsDhI
zJ0w+E6zoKFYw&9tNs#Mr8LENi&!TQpaHIlgsi@1_6~j_cWVBTE?(2H+x$Q+c<sr_6
zB+?!{72fo+7|*{d__SA7U)gQtvGxzaOW*rXvrQCAyn1aT4|NWr1q}6!u(S=9yti|H
z+ktnJ#JIaxtLm6nX%IKQ3UCAb^j)T2aggT&tg+?%V<HDnlO{a|lpn(dL1pyCoCrt8
z730N;I<A2FdP2st5e9~rIQJxN&-}wh%j)_7>=^7qxhv2odiYy@mPc&6nnaCI&N;x#
zkJ#<d^W(08JNhl<xv)Ouk_tJGEN(#4we(6ReC<|WT0i0C_=pS6G3WbQsM;WLxI>!N
zTqomDWQj}JaZY9{BPy%8J%&`3gmYn8T&c3H;{DiFQv;Un@Kk6~1bK#66n<wk*DkyD
zCm;}LpL>jnBhQ9#Mjm}Cy6ZpGdO{>yNF5|u(i9uOc36|xoM?M>{f_8z8<43HJ+jvo
zC<@yP7No%kdkYe7lU`^~e4BOAxtmR(ussGh%bcx^^Gubydir{71Ogvfhjf${*2I0*
zcb^P+%fA_mbb6z=WeJrt3FE9yJ7vQhdvTk)$!8)ktW%H+KHXg8_PKQvWAWFM!@wvT
z8ElrPZN>BzL}1djJio<u2{zZl3e|X4^NSB8(d6Xb3g>|mYS1YM&rrUE7W|p!>(_8{
z=FqBS)BMG2Cj83Hrtsq{$Vr=`c68YyRJFy3+E1upe7Zt~`7%UYam>)Xn7yTBweQ*i
z#aM?#ka3Vi#gwAx0<`-}hFD~pK<l@w*dks1DgWi!yPleyeQ%xM^LL|gixcfs+x1h`
z(bu-z(nMS@*Gm5&BXog7kpR1dYNYjpg61O0&M@>r&FwrTtjeI7W^BAefS*}rjkV7@
G6Z;SA>@BST

diff --git a/certs/generate.sh b/certs/generate.sh
deleted file mode 100755
index d5f583936..000000000
--- a/certs/generate.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-
-set -xe
-openssl req -nodes \
-          -x509 \
-          -newkey rsa:8192 \
-          -keyout ca.key \
-          -out ca.crt \
-          -sha256 \
-          -batch \
-          -days 3650 \
-          -subj "/CN=Quinn CA"
-
-openssl req -nodes \
-          -newkey rsa:2048 \
-          -keyout server.key \
-          -out server.csr \
-          -sha256 \
-          -batch \
-          -subj "/CN=example.com"
-
-openssl x509 -req \
-          -in server.csr \
-          -out server.crt \
-          -CA ca.crt \
-          -CAkey ca.key \
-          -sha256 \
-          -days 2000 \
-          -set_serial 20283 \
-          -extensions server -extfile openssl.cnf
-
-cat server.crt ca.crt > server.chain
-openssl asn1parse -in ca.crt -out ca.der
-openssl rsa -in server.key -out server.rsa
-rm *.csr ca.crt ca.key server.crt server.key
diff --git a/certs/openssl.cnf b/certs/openssl.cnf
deleted file mode 100644
index 7e7533488..000000000
--- a/certs/openssl.cnf
+++ /dev/null
@@ -1,17 +0,0 @@
-[server]
-basicConstraints = critical, CA:false
-keyUsage = nonRepudiation, digitalSignature
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always, issuer:always
-subjectAltName = @names
-
-[ca]
-subjectKeyIdentifier = hash
-extendedKeyUsage = critical, serverAuth, clientAuth
-basicConstraints = CA:true
-keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign
-
-[names]
-DNS.1 = example.com
-DNS.2 = sub.example.com
-DNS.3 = localhost
diff --git a/certs/server.chain b/certs/server.chain
deleted file mode 100644
index 28700691a..000000000
--- a/certs/server.chain
+++ /dev/null
@@ -1,86 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGXDCCAkSgAwIBAgICTzswDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIUXVp
-bm4gQ0EwHhcNMTgwNDI2MTQxMzMyWhcNMjMxMDE3MTQxMzMyWjAWMRQwEgYDVQQD
-DAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6l
-eN7aEalMS9mk6a/NZA1MT7dfM5SnGCacs5ZTsaDTTR3JMEM8fpG4SKzSZg/8LAvW
-PqXeE/5X7GJZN8RbGR2j7GW3knJVcmd99HH/WcaHWRpFCi2W8Niy9uJxZvaSavG2
-6a9HXX0cQYjBrxVkKOIRyqnQCK83XZ9DPbqVbx3AgHvqGfc7MkLMtycSCO1L2HBN
-SUxPbDpSAF216PDFTlgGn414rwfB3skZixJ75L/F3fiu/A6JrIIHR6r8iX/6Sv6f
-ab11H1GNvG96CjBCojbNwWh6ImgqrUxvLbjfmoFLfc1WMTUB3hXJlgd5XoYtQkjv
-/sQfGLbiNzcbWRIYniECAwEAAaOBtjCBszAMBgNVHRMBAf8EAjAAMAsGA1UdDwQE
-AwIGwDAdBgNVHQ4EFgQUBhdKHTQ9RsOV1jfvdIDayURd3RcwQwYDVR0jBDwwOoAU
-jA4sPM5TKGHEZ5vqa4UC1D5SBWyhF6QVMBMxETAPBgNVBAMMCFF1aW5uIENBggkA
-jMEaMDFVq90wMgYDVR0RBCswKYILZXhhbXBsZS5jb22CD3N1Yi5leGFtcGxlLmNv
-bYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IEAQBiTlJiwtCRQhvuV8AM/PXC
-Sf4CTRNYiXt2U5K4TL+gbelbRMcjImBAmePyc5xZUUayD0+1Ye7cnUkb0PBJmj0t
-LMldQOp4gagiyHObemxW5gI6eGkJRJ29PFbg1Ws+KfbsYPGUJpD6kAOF4MR2YrPY
-/pc6GJKcXYSYTnJR+Y2+2OX0iU1o1a3i/q48FJxueAbd8loPQsLQgRTqGsn5b8u2
-SQa6+BN540JT5vWL959dxU8tnVo6hExAqLoTuRFSJEjA4zTyKF2uJS8jxIe2BlPx
-2KkOcR5PajenGcjqpDRjVbQclyy1nW5eUaV7bovWDQokF1yap8DJe2WcE9NZo9hl
-tdTtysXZbDm6u2EMxF+BwYUxT+MDfwT8Bpw9KM0Qg93VCrP4EqGoQIPmPWCZM2Xe
-LpM5cZiv/EPJ7Bi0BtR2vDDAEgqsQb4y1a1EVgdADd6paaqplyOelEuQTCzV4xKv
-hTbCT8Vm3ZzNJ4CXr42agxobZQhGeHLhfD0aeuaKD8QWLb092QTF/lj9P1+ArOi7
-k16QcLeohoogzImyscBypXfLHiJOp5iYvzQ5IGy/fOWB1HxIY7hKu3OmrOltUEVh
-dGF9OYIJLEoxSZO6fAzhHPBTEWTZoezlCCa4uK9ZJyt9ZRLBlv+4YuQCn8rvnTGs
-gEfIOBN8NlW1Xxfha8iEfgLrjYLODFkiSpdhBCkileQ3CelCs7iMSiPBh7lelaeo
-qSNEs/wsBpWFPfiRSz917PAIpRG8Yj6SCBImOSzF5taOaGo//LFxx5D/MVoNjW4u
-X2Mh91uR5QWJltqiCJ0DJi1L4TGfSztFGMlAYiO6TP61MsrTvdjH5pgX0GmagyQ5
-OeFBXV2ZNqX9R7xOE0gidx/Ne5m4ZUfwmHwDaYQdxx1kEOHI6pnCv3lNOYvkT1Yy
-I7Z3mX0ZnWiZzFBzKxAqkG39qaOxExqYKg6fNzkHOYjCj22GkuX09gffOr5kBtnw
-3/WpvXhvMVG2uOcuFUVXaWZDTf+CdgBZtEU6ciY98hAkS9XaksdIceWg9hba2X7U
-v/d5q3SoQdOsHyN2iBSkuEKRBhBssjCYZbLL2zWm4y/Oka+t0aUuDDrh+w01OrX7
-kJFxK58o0QJAudAGjNxYLVf4B2UHkJbtwUO/JMIHJOBgq4vsFenvjMZFC72az62W
-1usf0V4sEYcDKQG+GLo9SkCuygGlLXJ/LPfCF11vn60Q3TRGMHggnnRKKU56c+dr
-lNKo2TzVXQSgqGcrm8vHsMIiWGeVFUSv3r75eeEpXtO6+bpq4KaTNAwF93IMr4Nt
-ByvNV0UQXWJ600hJPEesMwWTsOIGV5LyUpgGy4FJ43pnMtQhdlL8nkYMSj8psWZi
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIII+TCCBOGgAwIBAgIJAIzBGjAxVavdMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
-BAMMCFF1aW5uIENBMB4XDTE4MDQyNjE0MTMzMloXDTI4MDQyMzE0MTMzMlowEzER
-MA8GA1UEAwwIUXVpbm4gQ0EwggQiMA0GCSqGSIb3DQEBAQUAA4IEDwAwggQKAoIE
-AQCvZPojTwfSeSWvgppds4tqgd45L54TctjJA73zzd4ALKFprwhUpmu7ywzDVzY2
-v9XCw5Gtr4eN7bg7YFpd6mE3oWNbrN9x9zHOSsR5XXTChdREExvagZu0Hx4wTn4d
-exH/HgrsSe89CaojYtWm5j69L0LUfx4CGG4fIad2Hx+rtqxF3CzS9c8TyMnQyc0R
-IfdEVGiaMEYdqQ50mDUgvF92soNPCoEVa69/m/zFEMVu8pWZwaVTHkHmpckXvAGB
-Nmwx1qGgOFzLTZuKhqfPPJP994vFY7k6rsL5JQKH0RrIx2MNj6OK4nJRJOKNhuTr
-AoYlz9/gwYs/eh8m0vBMzDvdzgbpMA1FJfc9K93UQS8FCeyq9ZbiSuEIPu8zd/S9
-uqlrSg4YFQQEQPGyfAt+Apsla0Q4M647WnmpFwnqqrdmdRWaFWGZLvH/30AClq7G
-esvN/8MY+CFQxRKtvTxLSsWObljgaxhvO+Q45hs3Zvak5H27C880WPRZIIGErsTI
-6xg1sxush0BsCeV2k9x9FADUtvZDaCjoXtBCTTm03qv80pojTQuegiHJ5VGML/rx
-qh0eclO2DXKdk4ydPKfiVihuONwPg6ShvzApchjnZFi+Gp9GBjQqF66UYqYZfcAx
-xEooig8laf/2+fPrv9Ayoyg92MKo0m/SUhMPCKR16oDbNe6iaqwGCglUiB+C1BHO
-U5PFZw26QxQWspcG5BGu1KZBPb86ueSemXo6RTyRCZTgfVr4RlzR5pNx7bnXkWc3
-xdh5w6TwugPyEnPDp3DHvrXka1qpnmax/Pl7RvPrHDvSCXH7ejPKDks8L7m4iD97
-HzuH0ovk5f+0Td/X5uj2FRERhYpYtU2bkqPg8zAfNiC3UgwinIi1FWOpY4Vsf89a
-MgG9UNuEtm6VqhVtiq+6Ou3jKLin+vE//eoAWmtF3DDtF2zAdJWGDBcRkiItJHf5
-2p90xAWbXg6aSk7rAgQT54aR+M17YodOPKDfdxdBxQLhYglxu/F+l4OSpryw3kOH
-1VQbSgy9K+dRQwOdaUn5XsHpe8pEiOqrVsl4xXOqI/ocR5KUsiH4E8mjM7POZoUG
-LgsEde7hTftXNjRGfo9TIWrDjqKigEe82wue0gMWgSOH908cWtFjVlFKrsWXJoQn
-FcpUHLf3Xvw6S+NFBFMkAeumgUFkeytiu7BUfyvyb5F5fjzx7eAd2k7DVSOn0tdj
-bHML6yxIk7NLRo/t1FLGyxhKKYqiPTGy1zGk+I9OSq7i131HV5s1rokSeBiI/Yqb
-vg9RyoOf7fN0CBh3Zbq1Ug20vcJ4nelXEbK8osiMfZfEkUz1z7f01hPYTwGQlsZU
-2nXuOf/gXthT7j+LAdW7vzaPAgMBAAGjUDBOMB0GA1UdDgQWBBSMDiw8zlMoYcRn
-m+prhQLUPlIFbDAfBgNVHSMEGDAWgBSMDiw8zlMoYcRnm+prhQLUPlIFbDAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IEAQB/XcfJF6g4qrTcfGpW8FI1t66X
-MYwNfV7Fgrws7GiMPH+NO+0y85ZXUvnypo+aQp+c5s9A37Ee/vwHnWZVHW2pYeCS
-qSeCcn6Q2kTJumE32gLK3GEyQ2sWoYGndgw5h+yqL4SGKbmLpoPW9rMiiumgCr/z
-NZCrciP2Y//ZxL9NtwfrVoQHDt6R4/qkHE+0pr/OOlBhqfMLE4RRmvRDIyj3c8fi
-3BW/1JV7sSCPM57MdKjcwBOIHqsN5KoVBovXL4qW642b463aB29vJKj8BzgMBOb4
-na0oB5b2MLqUMHmKtWV0QVhoSMV70Q2m9nY6UVrh3Z3MtBw/3/FEllzvpLAxHUcR
-AfFSZO1mRxM6hzS1mzyQ1O5bR/76fOMi0fePGhTapwqCxcZp/gmg9nwnKrkqPbEQ
-UKF1BNNoY4qZOdxWH9E1J76K/aITR8avBgybLhZGzhJw+VwJjSkPBlRjWrJqtc6G
-IMO3zK0MneQYdoo2a54Mow9W0+8/owR+gBys+cuwBln37CApzN9fiGv6E40Ttceh
-PAfwCrHAOTspWu+lN/sKZOnDQNpDJaJhwE5+ELzIIwg/OkExpvPUIWJVnbn/YrUZ
-11xhuC7RYaNy9oWrAXMGsdWROqFyXpgxQknqpWPfPKYda6UBpyQ2cgweOxRUUhrX
-J4UWYzhYAbCwUpCzzskwA2PmqI76RthgSaywbjHREV+nWAJmgM3onZRdg7ovGa0L
-llkBx9sx93lb11hx+Du3p5cRwRftLIGagRY9pjlJYYtS574y7fIrYVOc9gaWRgXn
-ny6yGRK7HdS2rx5RoEk2jPhVi9opFaqs9r8/myyGWXqU9hyk9aH8g/BEPdQ5zeF5
-oH2B4wMPE3zPl0+VuP0BcQJQlyTSNoHkdd/OnN2giWzMuCsOlQsyBBuitYNu2lHx
-GfTcucpvfA/uuQLSM4DO+r1xDxH6dAqmE8jAnoZ4a8Y33OjkVjiJlVKK2l3I9KRV
-S0KaRCm9v8G/TQhxnEt1u6OfrYTeO1zgbtMH9IMXVNA69UkMIEN63/HiVJURU8A2
-9PmLSH0w1D4JX2a+9hf3WfJDQhbL4M0Cf00eMZReTqniZxVxiG2aauy6Gdr2R0oY
-tFc05WYJh0Mt+u/fmCgYyFSWPMkpZCMK/Y5oarIt4xDwG7XqYG1DBym2RBMq7xfg
-TaC6I6TsDC63QZvDUqnJ3WebEWjJDlg20nmagvrtiy/pN26hMVGHBEJyGanhJw/r
-DL7lkBR+jgi46GkxoDk74Wzu5IleNN/8Yjh0W4l/NuzcuptO8j6sgG31Wo4OWGWu
-HfuBFTkCzH4BT4asF0uYnragG7x6I/+teJooMSzIRTSDhVFuakWRrUtm8tIx
------END CERTIFICATE-----
diff --git a/certs/server.rsa b/certs/server.rsa
deleted file mode 100644
index 4d9da53da..000000000
--- a/certs/server.rsa
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzqV43toRqUxL2aTpr81kDUxPt18zlKcYJpyzllOxoNNNHckw
-Qzx+kbhIrNJmD/wsC9Y+pd4T/lfsYlk3xFsZHaPsZbeSclVyZ330cf9ZxodZGkUK
-LZbw2LL24nFm9pJq8bbpr0ddfRxBiMGvFWQo4hHKqdAIrzddn0M9upVvHcCAe+oZ
-9zsyQsy3JxII7UvYcE1JTE9sOlIAXbXo8MVOWAafjXivB8HeyRmLEnvkv8Xd+K78
-DomsggdHqvyJf/pK/p9pvXUfUY28b3oKMEKiNs3BaHoiaCqtTG8tuN+agUt9zVYx
-NQHeFcmWB3lehi1CSO/+xB8YtuI3NxtZEhieIQIDAQABAoIBAFPzs8xNqbku7u3H
-6sxqVAh3BTfJLIpq7Avbw7YB4Hsm/QBp2Pqn2//Vb2kOvTonR7mzW5ZFR7gf/j/i
-YR6bp/N7wjF8x7k9b5IOAL5DcDSQjil2/PCSjtxqsJREYAEycNIsbnmwM5H9Zb5q
-eXfmThmyArTEeJK+moF2buCbjx31eEi8A8FCPkDoSY9B9ynzMQ0fofMHFDWaezfq
-jSBOyb1kBcJZGd+Orqi5v6fjfVFgxLaFSrCrrtc0AltQLsNBawBVVlHAbM/7Y9fi
-KYy+Jmna6TB3kaZC+JZtjLFXTyx4BCmX3sjKWFjvkjgQxUFE8oL+vwuanbuAikt+
-4V09jzECgYEA/Ji0NrqXbcQ+VcE+Z6fxZuciU2oYNyAm6zJMtpqsnxN9CL6NhUrk
-aupzv37XK4QXu26IDxaThYHt8WFzAdHHKC8/xcg0fSUj9fvoR82PbZX9nUfN/Rly
-xnTCUXShENz/gBd4JgTGstpGp7HxJq8DHLRFXBPC9psAz6EBsrHZTNUCgYEA0W5F
-C7uTyE9hMendYCO55E6sTRNxvc1T960tcFhPBz5UFH4HXJ03d2T+k6Fhxa0eEAI7
-6clQwmi7KYHKH3zkZWV/00XPQeAHjL/CPmQz7hUrwyMi3vS8KaJbzfrOAhJ0T3YK
-4nF1TMu6XDByclaBCjUSTeZ3hfDIiFM8UrH8Qh0CgYAgl3NpPFodh5yjY/OxXDIB
-nQEI0j+dnUBoSG0tgneTbuhLIIsSD7+5K9cTdkI9EyYcwP49NCSErWcOJgy4x2Bz
-BuWrl1FudERXkNE/sn43HYtDp+gkKAxvHtGTwQCnNFyjImQWQ7d/jDphmMwMubgl
-E/1/C+2z8/v+zj9x1xC6oQKBgQCncL8ZQ05DL1vpGS5aCBY+d7wAH5SniDsi4T1b
-/e6pPubgP2bJYBURixiSlctizSck63RVVRQRasSAyfj8tdCxVLYfB0hORbwjhsjZ
-Mynlpt2HNVdS5F5v9xPpGiWMuI5vXVQUeVusG5IS1NUbnxeqPoY07BcRalIZ1Fp9
-Tzn87QKBgQCjcFjOmYdj9o5Lnpx8fKXG1snmy1ZcH1xE7rgzKRp/zaYlB2ufFFmp
-UfmDQR8ss82sEt5zjKxR2Unblw/GFVvaehNDUPYBqoZZyt2/IfCreSD5WphScDjw
-XUNdyB5Siuj51tRdSYP6nL9wyrelOSJ4JySM6HNFHlYt4ThVyLTW4w==
------END RSA PRIVATE KEY-----
diff --git a/quinn-proto/Cargo.toml b/quinn-proto/Cargo.toml
index 6f3a22a53..02facb215 100644
--- a/quinn-proto/Cargo.toml
+++ b/quinn-proto/Cargo.toml
@@ -39,3 +39,4 @@ block-modes = "0.3"
 assert_matches = "1.1"
 hex-literal = "0.1.1"
 untrusted = "0.6.2"
+rcgen = "0.1"
diff --git a/quinn-proto/src/tests.rs b/quinn-proto/src/tests.rs
index 21f9f39e9..0cb6dcc2b 100644
--- a/quinn-proto/src/tests.rs
+++ b/quinn-proto/src/tests.rs
@@ -1,10 +1,10 @@
 use std::collections::VecDeque;
-use std::io::{self, Read, Write};
+use std::io::{self, Write};
 use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket};
 use std::ops::RangeFrom;
 use std::sync::{Arc, Mutex};
 use std::time::Duration;
-use std::{env, fmt, fs, mem, str};
+use std::{env, fmt, mem, str};
 
 use byteorder::{BigEndian, ByteOrder};
 use bytes::Bytes;
@@ -12,7 +12,7 @@ use rand::RngCore;
 use ring::digest;
 use ring::hmac::SigningKey;
 use rustls::internal::msgs::enums::AlertDescription;
-use rustls::{internal::pemfile, KeyLogFile, ProtocolVersion};
+use rustls::{KeyLogFile, ProtocolVersion};
 use slog::{Drain, Logger, KV};
 use untrusted::Input;
 
@@ -57,6 +57,8 @@ fn logger() -> Logger {
 lazy_static! {
     static ref SERVER_PORTS: Mutex<RangeFrom<u16>> = Mutex::new(4433..);
     static ref CLIENT_PORTS: Mutex<RangeFrom<u16>> = Mutex::new(44433..);
+    static ref CERTIFICATE: rcgen::Certificate =
+        rcgen::generate_simple_self_signed(vec!["localhost".into()]);
 }
 
 struct Pair {
@@ -78,22 +80,14 @@ impl Default for Pair {
 }
 
 fn server_config() -> ServerConfig {
-    let certs = {
-        let f =
-            fs::File::open("../certs/server.chain").expect("cannot open '../certs/server.chain'");
-        let mut reader = io::BufReader::new(f);
-        pemfile::certs(&mut reader).expect("cannot read certificates")
-    };
-
-    let keys = {
-        let f = fs::File::open("../certs/server.rsa").expect("cannot open '../certs/server.rsa'");
-        let mut reader = io::BufReader::new(f);
-        pemfile::rsa_private_keys(&mut reader).expect("cannot read private keys")
-    };
+    let key = CERTIFICATE.serialize_private_key_der();
+    let cert = CERTIFICATE.serialize_der();
 
     let mut tls_config = crypto::build_server_config();
     tls_config.set_protocols(&[str::from_utf8(ALPN_QUIC_HTTP).unwrap().into()]);
-    tls_config.set_single_cert(certs, keys[0].clone()).unwrap();
+    tls_config
+        .set_single_cert(vec![rustls::Certificate(cert)], rustls::PrivateKey(key))
+        .unwrap();
     ServerConfig {
         tls_config: Arc::new(tls_config),
         ..Default::default()
@@ -101,11 +95,8 @@ fn server_config() -> ServerConfig {
 }
 
 fn client_config() -> Arc<ClientConfig> {
-    let mut f = fs::File::open("../certs/ca.der").expect("cannot open '../certs/ca.der'");
-    let mut bytes = Vec::new();
-    f.read_to_end(&mut bytes).expect("error while reading");
-
-    let anchor = webpki::trust_anchor_util::cert_der_as_trust_anchor(Input::from(&bytes)).unwrap();
+    let cert = CERTIFICATE.serialize_der();
+    let anchor = webpki::trust_anchor_util::cert_der_as_trust_anchor(Input::from(&cert)).unwrap();
     let anchor_vec = vec![anchor];
 
     let mut tls_client_config = ClientConfig::new();
diff --git a/quinn/Cargo.toml b/quinn/Cargo.toml
index a313165b5..817dc37e0 100644
--- a/quinn/Cargo.toml
+++ b/quinn/Cargo.toml
@@ -45,6 +45,7 @@ structopt = "0.2.7"
 tokio = "0.1.6"
 tokio-current-thread = "0.1"
 url = "1.7"
+rcgen = "0.1"
 
 [[example]]
 name = "server"
diff --git a/quinn/src/tests.rs b/quinn/src/tests.rs
index 6a810fb97..d7be6da80 100644
--- a/quinn/src/tests.rs
+++ b/quinn/src/tests.rs
@@ -5,7 +5,7 @@ use super::{
 use futures::{Future, Stream};
 use slog::{Drain, Logger, KV};
 use std::{
-    fmt, fs, io,
+    fmt, io,
     net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket},
     str,
 };
@@ -39,9 +39,10 @@ fn echo_dualstack() {
 fn run_echo(client_addr: SocketAddr, server_addr: SocketAddr) {
     let log = logger();
     let mut server_config = ServerConfigBuilder::default();
-    let key = crate::PrivateKey::from_pem(&fs::read("../certs/server.rsa").unwrap()).unwrap();
-    let cert_chain =
-        crate::CertificateChain::from_pem(&fs::read("../certs/server.chain").unwrap()).unwrap();
+    let cert = rcgen::generate_simple_self_signed(vec!["localhost".into()]);
+    let key = crate::PrivateKey::from_der(&cert.serialize_private_key_der()).unwrap();
+    let cert = crate::Certificate::from_der(&cert.serialize_der()).unwrap();
+    let cert_chain = crate::CertificateChain::from_certs(vec![cert.clone()]);
     server_config.set_certificate(cert_chain, key).unwrap();
 
     let mut server = EndpointBuilder::new(Config {
@@ -55,11 +56,7 @@ fn run_echo(client_addr: SocketAddr, server_addr: SocketAddr) {
     let (_, server_driver, server_incoming) = server.from_socket(server_sock).unwrap();
 
     let mut client_config = ClientConfigBuilder::default();
-    client_config
-        .add_certificate_authority(
-            crate::Certificate::from_der(&fs::read("../certs/ca.der").unwrap()).unwrap(),
-        )
-        .unwrap();
+    client_config.add_certificate_authority(cert).unwrap();
     let mut client = Endpoint::new();
     client.logger(log.clone());
     client.default_client_config(client_config.build());