openssl: add clientcert tests

Adds clientcert auth tests for the newly introduced
`MakeTlsConnector::from_tls_config(TlsConfig)` convenience constructor.

Author: uce

Diff for: docker/sql_setup.sh

@@ -2,60 +2,76 @@
 set -e
 
 cat > "$PGDATA/server.key" <<-EOKEY
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAllItXwrj62MkxKVlz2FimJk42WWc3K82Rn2vAl6z38zQxSCj
-t9uWwXWTx5YOdGiUcA+JUAruZxqN7vdfphJoYtTrcrpT4rC/FsCMImBxkj1cxdYT
-q94SFn9bQBRZk7RUx4Kolt+/h0d3PpNIb4DbyQ8A0MVvNVxLpRRVwc6yQP+NkRMy
-gHR+m3P8fxHEtkHCVy7HORbASvN8fRlREMHDL2hkadX0BNM72DDo+DWhPA8GF6WX
-tIl1gU6GP6pSbEeMHD3f+uj7f9iSjvkrHrOt2nLUQ9Qnev2nhmU0/dOIweQ17/Fr
-lL9jYDUUFNORyjRnlXXUoP5BO/LdEAAqT2A0pwIDAQABAoIBAQCIXu74XUneHuiZ
-Wa+eTqwC4mZXmz6OWonzs0vU65NlgksXuv+r6ZO/2GoD1Bcy9jlL3Fxm+DPF56pB
-07u7TtHSb3VWdMFrU4tYGcBH45TE5dRHSmo4LlPcgxeGb6/ANwX+pYNKtJvuHyCH
-7Vf2iEFcCrdjrumv0BZ0IZmXJGxEV+7mK2Og0bZ/zbmJNaH25muuWj6BKlvLhL0N
-S2LlBjKx3HqtppUgUqNFqjLs6IA1u79S5dAomOsxZtnuByaX5WFzpktU2pveZmyF
-cl0dwHYZIaxR3ewYeQXGF8ANUmIx3nnxD2JOysPkitaGzeqt6dQZV14tPlDZDKat
-Vf0b6BHhAoGBAMWV7rG+7nVXoQ30CIcPGklkST3mVOlrzeBbKP1SeAwoGRbfsdhp
-rFMkh5UxTexnOzD4O8HPuJ6NGeWRQfqZT1nnjwHPeJWtiMHT6cnWxlzvxAZ61mio
-0jRfb8flhgFKk+G9+Xa6WaYAAwGWdF062EMe2Ym92oKM9ilTPGFVRk1XAoGBAMLD
-ETSQd2UqTF/y7wxMPqF3l6d1KBjwpuNuin2IjkXTOfGkDnAU3mSQlr7K1IPX8NPO
-gdyMfJoysfRaBuRcNA/o/0l0wyxW4HWtTtPYI0+pRCFtRLsI1MB997QKeaGKb+me
-3nBXkOksPSr9oa0Cs27z2cSoBOkpq2N/zzBseHExAoGAOyq3rKBZNehEwTHnb9I0
-8+9FA3U6zh9LKjkCIEGW00Uapj/cOMsEIG2a8DEwfW84SWS8OEBkr43fSGBkGo/Y
-NDrkFw2ytVee0TQNGTTod6IQ2EPmera7I5XEml5/71kOyZWi40vQVqZAQDR2qgha
-BFdzmwywJ1Hg0OUs+pSXlccCgYEAgyOVki80NYolovWQwFcWVOKR2s+oECL6PGlS
-FvS714hCm9I7ZnymwlAZMJ6iOaRNJFEIX9i4jZtU95Mm0NzEsXHRc0SLpm9Y8+Oe
-EEaYgCsZFOjePpHTr0kiYLgs7fipIkU2wa40hMyk4y2kjzoiV7MaDrCTnevQ205T
-0+c1sgECgYBAXKcwdkh9JVSrLXFamsxiOx3MZ0n6J1d28wpdA3y4Y4AAJm4TGgFt
-eG/6qHRy6CHdFtJ7a84EMe1jaVLQJYW/VrOC2bWLftkU7qaOnkXHvr4CAHsXQHcx
-JhLfvh4ab3KyoK/iimifvcoS5z9gp7IBFKMyh5IeJ9Y75TgcfJ5HMg==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDX71FGKHUepupP
+7c4VGoeX+Dkn5PZjDkwv+DYsTxpcZ0x/S4fHSz+aEX7cP8M0vxPmxOwJPoAm2Vt2
+RTva+8TrGClzWPT8YHzyN7r8jdP9crBQDAidYuQdHxPpXji9TMyRAGk51Qy0U+K/
+Wjx787LsWF3DFTgvJdw7YaD9EZzG7sqXvCaWAQ8sxUdj0moSm42ftVFx4Ztv5JEo
+nAgKkuJ+0KklLJ08/KTp8OMm95PJzHPl+MDxqDv3jqvg5eVUnm+nE9kgZvTBtNNH
+YJM3VZ0rjQDThNlLz9PdHWpfKlBTv1uVGg2SWfVpiaqxq4n686QZPHS0fu/ZQejx
+h0bZ8qeBAgMBAAECggEBAKKZ3XOdJ4RrYGnLwrF1hsFS84ctDLPOomRE3lZDQrBu
+QNZiQ944ta4ImqSzhwUDFbNiefMEE3AtoIfQ3p+pksENMrlfNSuOZMfoW2+uRQHH
+CSldxmbtfqTHMDE8+DDj0e8mhhY8bhKkUEyTYJReEE+UwxYRtnsaYVp9y8KFLq9E
+4f6NDMzzSpw/ujkcACtx0DxeWZfaP6Ms4ydh2uDEvzUwnmw4kpsgo4NtPLHDNx/y
+kshfSpayYBKJ08qpzUAOXpi2UIRzvrYZE5cAcXtK6Jw02VnpNIr6+q/DAE58at7W
+RwvswhNdpVVVwn04o68c4GUsGQFG/Qve8hDLdN+KygECgYEA//PE9FAeuSy2KWxS
+HKSYZ422Sx/M4tuAQrX//yCFizxEhs9SF3ybZX4SCHGeQxeogIqOrFKKrXpzpCcH
+3fB4LjRpdUKdv11sxFoo0Jw6wtY3N+24yM3jrpDsQqcCxUxm+qOgwGyKRJCkLxK3
+RNkAAmoT2mONeaMyWLg5g4wVW5ECgYEA1/miyi6PmT3+y4DCdNYdJll3NRmR4DGk
+HDYOd+Qb+DSoBhcxz/bqBDDdXr6FT3nZEkTxKAsaPjarzKjK2J88fvnF2JRnM5Oy
+HKRNk3a9KxM//UwUgoLCdg/qZe4EXX9LJr06G6YGgg0uG6Cjsa+rZ33FiucBYrEL
+aevQ+cReNPECgYEAsCDlRWHk4nQ8HiEmGAPDxG6mJOgLK4j0p/Np5/xPKVMdrM75
+pKPgo2SvsBPPXkfnchzmtPpP57S94xXguf8CFHmIoGJo/wihEjUgpPz9CpoygVAa
+ukPEC5o6mlsm8vHyY0M6GXAXbbtC4Am3B69z7DVm1/9tmWiN+rM7EKTTBaECgYBi
+qOUWmyJ6DHoCmLU8DjuOszvjg+TBl6uyP3doiUnFnrhK3/mfWNoaRAA8MahQYAcr
+c1b+xeOdG/hrK4hOYJ+QGaWphFGInCW3M89EV++eZ9LJcSHFZNpUeHzJR2uzEl1Q
+Owz6aGN8sWyorj9ZAji4tBmzlEdrwBjIsDLshinK4QKBgEbmw1Dp1ZQEZcNiNKBl
+EEzce+yHf8FSaC4KQSOnZIK30ZoHGLkQfr+C+8qKeDe4WYn3yf5zhjG7ssyxgWrB
+S8GdV0OgrtvO5zhDH72KqddZe+api/34Zh2zY/2PKG2gBZ+ubsRpgptVK2ny5pmj
+WN5CmfEv9kwQmSKzzSGUJ59l
+-----END PRIVATE KEY-----
 EOKEY
 chmod 0600 "$PGDATA/server.key"
 
 cat > "$PGDATA/server.crt" <<-EOCERT
 -----BEGIN CERTIFICATE-----
-MIID9DCCAtygAwIBAgIJAIYfg4EQ2pVAMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNjA2MjgyMjQw
-NDFaFw0yNjA2MjYyMjQwNDFaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
-LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
-BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJZS
-LV8K4+tjJMSlZc9hYpiZONllnNyvNkZ9rwJes9/M0MUgo7fblsF1k8eWDnRolHAP
-iVAK7mcaje73X6YSaGLU63K6U+KwvxbAjCJgcZI9XMXWE6veEhZ/W0AUWZO0VMeC
-qJbfv4dHdz6TSG+A28kPANDFbzVcS6UUVcHOskD/jZETMoB0fptz/H8RxLZBwlcu
-xzkWwErzfH0ZURDBwy9oZGnV9ATTO9gw6Pg1oTwPBhell7SJdYFOhj+qUmxHjBw9
-3/ro+3/Yko75Kx6zrdpy1EPUJ3r9p4ZlNP3TiMHkNe/xa5S/Y2A1FBTTkco0Z5V1
-1KD+QTvy3RAAKk9gNKcCAwEAAaOBvjCBuzAdBgNVHQ4EFgQUEcuoFxzUZ4VV9VPv
-5frDyIuFA5cwgYsGA1UdIwSBgzCBgIAUEcuoFxzUZ4VV9VPv5frDyIuFA5ehXaRb
-MFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
-bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAIYf
-g4EQ2pVAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHwMzmXdtz3R
-83HIdRQic40bJQf9ucSwY5ArkttPhC8ewQGyiGexm1Tvx9YA/qT2rscKPHXCPYcP
-IUE+nJTc8lQb8wPnFwGdHUsJfCvurxE4Yv4Oi74+q1enhHBGsvhFdFY5jTYD9unM
-zBEn+ZHX3PlKhe3wMub4khBTbPLK+n/laQWuZNsa+kj7BynkAg8W/6RK0Z0cJzzw
-aiVP0bSvatAAcSwkEfKEv5xExjWqoewjSlQLEZYIjJhXdtx/8AMnrcyxrFvKALUQ
-9M15FXvlPOB7ez14xIXQBKvvLwXvteHF6kYbzg/Bl1Q2GE9usclPa4UvTpnLv6gq
-NmFaAhoxnXA=
+MIICojCCAYoCCQD51cTqxXxVZDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdy
+b290LWNhMB4XDTIxMDUxNzIxMDExM1oXDTIyMDUxNzIxMDExM1owFDESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+9R
+Rih1HqbqT+3OFRqHl/g5J+T2Yw5ML/g2LE8aXGdMf0uHx0s/mhF+3D/DNL8T5sTs
+CT6AJtlbdkU72vvE6xgpc1j0/GB88je6/I3T/XKwUAwInWLkHR8T6V44vUzMkQBp
+OdUMtFPiv1o8e/Oy7FhdwxU4LyXcO2Gg/RGcxu7Kl7wmlgEPLMVHY9JqEpuNn7VR
+ceGbb+SRKJwICpLiftCpJSydPPyk6fDjJveTycxz5fjA8ag7946r4OXlVJ5vpxPZ
+IGb0wbTTR2CTN1WdK40A04TZS8/T3R1qXypQU79blRoNkln1aYmqsauJ+vOkGTx0
+tH7v2UHo8YdG2fKngQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAqJLwuK1HIq2p0
+I4N7HUjApiyxYWKqAeiC/65sLyU5TUfTgiSxTJRh625NwEYXzGTGbY674quIYK7I
+uUIDrWTu2GBT1DIZJG78xbYfeWoHtKrTZ+MYy70FK448dI4lv0lZbmub0HircR2M
+9MVqhWw8ik5FrpiR2DcwTkwNuNlVSu+hr/c/ljhvNP7dBfIxc9Og6xp1tyHW2hce
+Vm/3HFjJqBfLw/lbZ6rx5wJA3E13r0LpnwuKQlgPYyaighfgetJdxorj37gCxLn3
+77qfpOnFfk/mgY+bLFu9ncR2svab4CGRXPey9Kb6wP+OCwnh0vCBioocUFRANkLb
+bEjAYyqo
+-----END CERTIFICATE-----
+EOCERT
+
+cat > "$PGDATA/root.crt" <<-EOCERT
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgWgAwIBAgIJAPuMcWp8Si1PMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
+BAMMB3Jvb3QtY2EwHhcNMjEwNTE3MjEwMTEzWhcNMzEwNTE1MjEwMTEzWjASMRAw
+DgYDVQQDDAdyb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+vhPvG4K6R1GAe3/MwLWsb3uQX3Zs8Z+1R15+h1Sx1SwgXLuLDwxMxg0dkip/R0ic
+XyJFeVntOQqZfZpwd3iD47AZx6c4/Hn+U6OQtfvY6FmYNfmhngAnk9nr5te4Fu+S
+n7YwUJ0+pfC8b6idM5XB2YBnO1azqP5Sa230gSqxBlzjOqUC8rlvF1woDej49E3l
+pzP7jD6yrZ3Z3SvF1+ZhW+6CvWi4cm8xfMaTCCvwoR3E7ia6OGUmNP/rkyxXSUHV
+O1ELw0FY63+J46BzONR/MRuoXBm2SF07WY9+kS35SIOK1PjO0ndNRlXYv7xzCxDW
+4EnfoTfDLwZ6vOBvcST9VwIDAQABo3YwdDAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTbVbnrDPLMcVV0ExWd/EexzCMhzDBCBgNVHSMEOzA5gBTbVbnrDPLMcVV0
+ExWd/EexzCMhzKEWpBQwEjEQMA4GA1UEAwwHcm9vdC1jYYIJAPuMcWp8Si1PMA0G
+CSqGSIb3DQEBCwUAA4IBAQA83u6ILbpsQRwyb074exRo2vLC0pjtOBeRLyhi95zk
+TtilDHNP5oYf4pmrTAagv+i5eOwwAvoaXil1+mAtckUkV0FRoxAX9U6ZTUFge9HE
+G0VLfhqmzlExRl7O6Jr/O7fC6hOz5YDD0SdAaLGx35J9kbWyOLXAWCte3FImetdB
+72lbGD8M9J9Sm12aN+e9a8xovFQQG8Sah4XVTubs3Yw8QOhs+kxIrw3LzRt3Nisa
+ASCK93sHNpRUfePn/9x+2VAd6p1r4ypDJAH9Tr1E7duPBe+2YwBjMMDviA7eCiFA
+Xi7zm5vUeHGuQOBUIz6HE7RGMhQNkORbQiopzVFOBkys
 -----END CERTIFICATE-----
 EOCERT
 
@@ -64,6 +80,7 @@ port = 5433
 ssl = on
 ssl_cert_file = 'server.crt'
 ssl_key_file = 'server.key'
+ssl_ca_file = 'root.crt'
 EOCONF
 
 cat > "$PGDATA/pg_hba.conf" <<-EOCONF
@@ -80,6 +97,16 @@ hostssl all             ssl_user        ::0/0                trust
 host    all             ssl_user        0.0.0.0/0            reject
 host    all             ssl_user        ::0/0                reject
 
+hostssl all             cert_user_ca    0.0.0.0/0            trust clientcert=verify-ca
+hostssl all             cert_user_ca    ::0/0                trust clientcert=verify-ca
+host    all             cert_user_ca    0.0.0.0/0            reject
+host    all             cert_user_ca    ::0/0                reject
+
+hostssl all             cert_user_full  0.0.0.0/0            trust clientcert=verify-full
+hostssl all             cert_user_full  ::0/0                trust clientcert=verify-full
+host    all             cert_user_full  0.0.0.0/0            reject
+host    all             cert_user_full  ::0/0                reject
+
 # IPv4 local connections:
 host    all             postgres        0.0.0.0/0            trust
 # IPv6 local connections:
@@ -94,6 +121,8 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
     SET password_encryption TO 'scram-sha-256';
     CREATE ROLE scram_user PASSWORD 'password' LOGIN;
     CREATE ROLE ssl_user LOGIN;
+    CREATE ROLE cert_user_ca LOGIN;
+    CREATE ROLE cert_user_full LOGIN;
     CREATE EXTENSION hstore;
     CREATE EXTENSION citext;
 EOSQL

Diff for: postgres-openssl/src/test.rs

@@ -145,21 +145,21 @@ async fn from_tls_config_base() {
     from_tls_config_smoke_test(TlsConfig {
         mode: SslMode::Require,
         client_cert: None,
-        root_cert: Some(PathBuf::from("../test/server.crt")),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
     })
     .await;
 
     from_tls_config_smoke_test(TlsConfig {
         mode: SslMode::VerifyCa,
         client_cert: None,
-        root_cert: Some(PathBuf::from("../test/server.crt")),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
     })
     .await;
 
     from_tls_config_smoke_test(TlsConfig {
         mode: SslMode::VerifyFull,
         client_cert: None,
-        root_cert: Some(PathBuf::from("../test/server.crt")),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
     })
     .await;
 }
@@ -203,7 +203,7 @@ async fn from_tls_config_verify_full_with_wrong_hostname_err() {
     let tls_config = TlsConfig {
         mode: SslMode::VerifyFull,
         client_cert: None,
-        root_cert: Some(PathBuf::from("../test/server.crt")),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
     };
     let mut connector = MakeTlsConnector::from_tls_config(tls_config).unwrap();
     smoke_test(
@@ -212,3 +212,74 @@ async fn from_tls_config_verify_full_with_wrong_hostname_err() {
     )
     .await
 }
+
+#[tokio::test]
+async fn from_tls_config_client_cert_verify_ca() {
+    let tls_config = TlsConfig {
+        mode: SslMode::VerifyCa,
+        client_cert: Some((
+            PathBuf::from("../test/postgres.crt"),
+            PathBuf::from("../test/postgres.key"),
+        )),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
+    };
+    let mut connector = MakeTlsConnector::from_tls_config(tls_config).unwrap();
+    smoke_test(
+        "user=cert_user_ca dbname=postgres",
+        MakeTlsConnect::<TcpStream>::make_tls_connect(&mut connector, "localhost").unwrap(),
+    )
+    .await;
+}
+
+#[tokio::test]
+async fn from_tls_config_client_cert_verify_full() {
+    let tls_config = TlsConfig {
+        mode: SslMode::VerifyFull,
+        client_cert: Some((
+            PathBuf::from("../test/cert_user_full.crt"),
+            PathBuf::from("../test/cert_user_full.key"),
+        )),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
+    };
+    let mut connector = MakeTlsConnector::from_tls_config(tls_config).unwrap();
+    smoke_test(
+        "user=cert_user_full dbname=postgres",
+        MakeTlsConnect::<TcpStream>::make_tls_connect(&mut connector, "localhost").unwrap(),
+    )
+    .await;
+}
+
+#[tokio::test]
+#[should_panic(expected = "connection requires a valid client certificate")]
+async fn from_tls_config_client_cert_verify_full_no_cert_err() {
+    let tls_config = TlsConfig {
+        mode: SslMode::VerifyFull,
+        client_cert: None,
+        root_cert: Some(PathBuf::from("../test/root.crt")),
+    };
+    let mut connector = MakeTlsConnector::from_tls_config(tls_config).unwrap();
+    smoke_test(
+        "user=cert_user_full dbname=postgres",
+        MakeTlsConnect::<TcpStream>::make_tls_connect(&mut connector, "localhost").unwrap(),
+    )
+    .await;
+}
+
+#[tokio::test]
+#[should_panic(expected = "\\\"trust\\\" authentication failed for user \\\"cert_user_full\\\"")]
+async fn from_tls_config_client_cert_verify_full_wrong_cert_err() {
+    let tls_config = TlsConfig {
+        mode: SslMode::VerifyFull,
+        client_cert: Some((
+            PathBuf::from("../test/postgres.crt"),
+            PathBuf::from("../test/postgres.key"),
+        )),
+        root_cert: Some(PathBuf::from("../test/root.crt")),
+    };
+    let mut connector = MakeTlsConnector::from_tls_config(tls_config).unwrap();
+    smoke_test(
+        "user=cert_user_full dbname=postgres",
+        MakeTlsConnect::<TcpStream>::make_tls_connect(&mut connector, "localhost").unwrap(),
+    )
+    .await;
+}

Diff for: test/cert_user_full.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAY8CCQD51cTqxXxVZzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdy
+b290LWNhMB4XDTIxMDUxNzIxMDcxNVoXDTIyMDUxNzIxMDcxNVowGTEXMBUGA1UE
+AwwOY2VydF91c2VyX2Z1bGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDk6alFxouky9Jx38ATn2hx3ecMfKI5WpQJ/lKdcZ2QIGHBsAvqYXOkYJ4/nbjD
+v3QsTdkCujiZvJJD7nEhDGpgJoqquI8zlPkXWmeqC+0lhvs3SP+cUyewKbRUxRN4
+mxYIsq7854FNlTtJfeleNFxWOzh42C9IzAxXkZsWVzz5yJorXbJlUklV2LA2szN5
+9HgO7HMFA8Jc2Ok7hm9gmhQsXUsDkcy5Y1aW04CQat5LVjSUHPJLjSa0l996FIgc
+5H8kw8ZvIwfGPu0JusRJL6OdtCp0RhhbPhW1gM7l7CIaiG8WeRSHscgP970uR1dg
+nU0X3kb/UC9SAcEJ4AkrHAXdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJBiyyF+
+zYMaj2Xz8N6ZTUzUCQabIT+VqYacFeihYdTWHXkgbO/yIDg67ybYMscrcNnQujpP
+bj9+cTwStk5pwIycyZS+hbgOINXtGQyE48kKksgaU1ctZvmlPbKWbdis4f7Cqr9V
+YXmZW3ZQwtmsq5e8OfXJ/6oqbcyuT6wYgDj0f+av1a9QbrN7JcRVRntyKtZ/KBqz
+VzIGJYIikopmDTt7pQ61Z11LUhYDsNHbDyeM7s/CV9hfotITS+ZGrZ/wGXAqP1Go
+ctCF7MkWqvyQFtz1jwcrqaJ9UXocojm1iDE0MWPpDCLggUwtaglCwSDaiycKt4sa
+PiNCaLcOfO3xzIQ=
+-----END CERTIFICATE-----

Diff for: test/cert_user_full.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDk6alFxouky9Jx
+38ATn2hx3ecMfKI5WpQJ/lKdcZ2QIGHBsAvqYXOkYJ4/nbjDv3QsTdkCujiZvJJD
+7nEhDGpgJoqquI8zlPkXWmeqC+0lhvs3SP+cUyewKbRUxRN4mxYIsq7854FNlTtJ
+feleNFxWOzh42C9IzAxXkZsWVzz5yJorXbJlUklV2LA2szN59HgO7HMFA8Jc2Ok7
+hm9gmhQsXUsDkcy5Y1aW04CQat5LVjSUHPJLjSa0l996FIgc5H8kw8ZvIwfGPu0J
+usRJL6OdtCp0RhhbPhW1gM7l7CIaiG8WeRSHscgP970uR1dgnU0X3kb/UC9SAcEJ
+4AkrHAXdAgMBAAECggEBAIaA9UFWhD70tFbMziO5irk9VcF0ii2BF3M3yHtSgu5o
+2IfiVV4GnNh9HP7sQeBi4nQV2elMWm2a66aWuEpe7TJJ8ziU8S+x3Rrnt/mmwFVI
+ltvJPMgx5CQSnS8iDWrUVYIO29smfEeF5Cwum60Kvya77Va0UDRKEQZzO9lIsT9i
+jv3teKAEP9NDHl9V5IeOcpN5h/PqlEArOSfKOXUFcN8q1uYmjk0pl3kfkjGRBirB
+IbhsbjkZhsy4FvNzbliLJCn79In72neIgLPTdMQvXwn9hjQiIZn2a8RQ7Ats2nBk
+TlEr8qOFwsM5nrVOHtC5ySacK6y6ySoPDIxCW3pXuIECgYEA+K45tYuFoBMb02Dc
+sORcW3F6XNRksdPjmL/pydMWpNPeexIelGv5EbX0NqY2WFgZRFNpp+UrPEUQphis
+Tca6tBZleZU8ovpdf8RuvXKVEG49aD1ARX1f13ylfmYyB7g3D8zbYRiNIct4c0x6
+7a4mg/0E8IWQXsnSOy26TkUY9yUCgYEA66Z85NriSAtGLBbhQQ1lu4q5aO8pcpZq
+0KmKSj3Fjm1zoUSRDZI1ga0NDtH1ZVmYR0cRb1NslGwvXeTqK6Gl0CCweppXwH1B
+V5ibt/gb0Q4/NPl11/+PVV2MhTOkQjysDyE8B7vieUR+ozYW173ynIjFYPJhWP7x
+i+ahwZ8fklkCgYEA0zmZRvzVaVwRvH9/tLijQgCnQIYfaXRi03HfMFCd4S8cwEhp
+tQPpMQPuBSU07+EUxRZcngFnse+v7oTyhbWRDDohwx3hvUUPeeDtdvkGaEha3Fl6
+aAvQBoaXQz+mqyvriP4mMNjbt6LOEpEZsRzFFkMpmOq57+lZKm7y2lySkgkCgYAD
+tt8XGGAitJLJlR690ME+wIQFpGdp1/cdDN8SJoEbqpv8+cCzjw9q2Nhw2Fxe2Zet
+3+/lalI20LG6cCZEw8qCSlGdzRr+/Lpv8AbcUnvVwry6UAhMfEm9FblmTBcVuDEa
+F/MDSDHcqXi5h9u6UNMnJny993QTXAlgpCT+kUyFGQKBgQDqrZz1XX6YoIRkrJfW
+oBy7CjEOvwkHkV1DjC0u/9jTszJhawvjat9qNXajbaF95CD/6rdCzacjoamKLDzs
+GzzyWyiLZA75KLElUzJz7dzBzgON5wZoH7Wo1wBt/Up9q8RvI2htXHIUyop/2WXS
+NRuVcx1Rh5cjPBtcaLG9kk7a6A==
+-----END PRIVATE KEY-----

Diff for: test/postgres.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICoTCCAYkCCQD51cTqxXxVZTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdy
+b290LWNhMB4XDTIxMDUxNzIxMDE0M1oXDTIyMDUxNzIxMDE0M1owEzERMA8GA1UE
+AwwIcG9zdGdyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhSXov
+zJq1WAS6RBI6L1lH488KSoPN8K+D+dMbP29GO9OMis6siuDGFNANTq9YFWo/7JgW
+JCWskhCZIVpgwdWsUvo+swbCQSvJ4grLPHBKssSjbiUAtsZiXNYxRnNRTi1IdSFD
+5TomsDe2jkZhme/beWemu5K0ah2smveRHTOunbo+emHBnyv+d6IVslEFy4Ly5wXz
+Gp/1qRIN++dLfdEAl10VuQGf0A3a46ONPIYRklcxHsXuS3VhHqkQvAmWBtsE7I1H
+LjyzJznXXBI6G7Pl+WjCNoxvqJg85OzZ8pnfg6uKZGp3A244kb6ddmUnNwtidCS1
+4BxDsSd6k8s4cbRvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEnnxV2B8ztUe/Je
+Nk/10FtI2s/Njl0YieLXUGw3FgT6ZQuEHffEyw8kCr9lhi4jETEllqM1WpRacN4E
+S2mXMODaG8eNiJajnZMU9O9pYmPS0e4pSYPlyeSbjGReyrr5wlMd10Fh3eFYbdDc
+eNP+GfRiQi5xZ5IdInm8L/VYJRETbKRs30Kn1FqNKokmYrGCVswhWByCMDHSnEps
+3QLJWOvHF0I7+gQrqK8Jpmr194Mhe/0IIm3+AxAXCoo+KXyZOSsASnLyoqk62lLP
+kXSvnFBZj4u3AUCzr4eO4C104I91/Ljll9kw24AUuaqDIOS3OgAjbklW0BwL5cdh
+Cy7l8y4=
+-----END CERTIFICATE-----

Diff for: test/postgres.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhSXovzJq1WAS6
+RBI6L1lH488KSoPN8K+D+dMbP29GO9OMis6siuDGFNANTq9YFWo/7JgWJCWskhCZ
+IVpgwdWsUvo+swbCQSvJ4grLPHBKssSjbiUAtsZiXNYxRnNRTi1IdSFD5TomsDe2
+jkZhme/beWemu5K0ah2smveRHTOunbo+emHBnyv+d6IVslEFy4Ly5wXzGp/1qRIN
+++dLfdEAl10VuQGf0A3a46ONPIYRklcxHsXuS3VhHqkQvAmWBtsE7I1HLjyzJznX
+XBI6G7Pl+WjCNoxvqJg85OzZ8pnfg6uKZGp3A244kb6ddmUnNwtidCS14BxDsSd6
+k8s4cbRvAgMBAAECggEBAN4PJOb0kBHrfk1zR1wey6v2ul70b9KQSRCXMSSMdEwQ
+MEc5ktmz0jas0R4sztzNzvrPZGF+o7vkBYRKweDZbpn6+DrRD/ptbpIBwo3tNuoK
+J5THvqVjg0v1IhNT09ryaeQfv/hCe/0ieOfyeSE/MJNuqWJJRSOb7T/zR867r/OO
+HyMrYlMOrYOntrunRTiF3hdm3OpJB0ThHOERLEk/4vruvLELL1X3ZKBv/ZdQ4n9M
+ASsiKqfxVN8OklaXetnPNgUAsMnOZ5cB3yaV/mkZkm0aQCbeWKLQb+kisJOQpFza
+DR17TwtDiGvUEj7mEqCFiJsXxPdi3pv0PnJZSGa07FECgYEA9ywTvbhK3QKVGRU4
+eJtIBu+M6bjak6T2zo5hYEAWog+aC09EaiYlxGhQkiUFsG2Xs7hbkU2b4RXYZixn
+P2FR6TCsIHywLRG6DmXZ01kh71ZOvZJgIOMXVK0jnYsQDirNbmd6VBKMyn60O8jt
+tXAOci3HQ2H8cD/OxhizWMxNLE0CgYEA6VVNP4CGCqMgFiRA7wOFBQYZOCVlsrZ6
+0pnCT3VPDk6YlQsmaqhMbPDK7Af1rRUw9ATAzgqyBGmySU6snpOOatVn8c1bXRnf
+BnWJ3c4y/LCm2fILgpHBMneMAkx2c7dRX5ehUTt76VujxTC2HKGjlrjzKs31GeGd
++FJVxY7EEasCgYBp9M0poR0GjRrZO82PdhF0V7ByaLnaXPcoKMT5e7+4DTQd8QcE
+8gFypr0TSSedL/2+HyOxsDFIVhMECbjg5Jk2e5TuAEWNrHGzxlmQTj9L2BW9Ekh/
+EJppxCbmXDyvtg2GbHl2HNWZ4KLmlgXAp56pt5IaAqEyhUfgh6oqQLo8aQKBgQCu
+QbZfJmz0pL7hylF0Lvy4s8VB2SwKO52eipZDISjZVnk9VgZqwSXSdkIV5BvmF11n
+3+Td+77W7NjpRohEJY7G2nm2a9c/wIJ/IGjF7ajGbmctfUZ7TL8sIXu+e7w6zz1G
+VsdzEymHLZkxOx/GYjD570YrQYU6vvRq75J+6BAl4QKBgBXfxncPKlo/xDUP0nlr
+UScgosfTOvMxgk79zV5eoEHcU9ay9ncvef+qpm7lr7+UGMUHqnBGY6st451rhNNW
+5Kw97urguUh3B3cky0mvwNRfVjRcZ9/NGONWTFjJKf6Ij9/hzZpqGZYB2XGKdIE4
+ZYrqIVCvqekv4GxE6U4hm8kf
+-----END PRIVATE KEY-----

Diff for: test/root.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgWgAwIBAgIJAPuMcWp8Si1PMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
+BAMMB3Jvb3QtY2EwHhcNMjEwNTE3MjEwMTEzWhcNMzEwNTE1MjEwMTEzWjASMRAw
+DgYDVQQDDAdyb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+vhPvG4K6R1GAe3/MwLWsb3uQX3Zs8Z+1R15+h1Sx1SwgXLuLDwxMxg0dkip/R0ic
+XyJFeVntOQqZfZpwd3iD47AZx6c4/Hn+U6OQtfvY6FmYNfmhngAnk9nr5te4Fu+S
+n7YwUJ0+pfC8b6idM5XB2YBnO1azqP5Sa230gSqxBlzjOqUC8rlvF1woDej49E3l
+pzP7jD6yrZ3Z3SvF1+ZhW+6CvWi4cm8xfMaTCCvwoR3E7ia6OGUmNP/rkyxXSUHV
+O1ELw0FY63+J46BzONR/MRuoXBm2SF07WY9+kS35SIOK1PjO0ndNRlXYv7xzCxDW
+4EnfoTfDLwZ6vOBvcST9VwIDAQABo3YwdDAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTbVbnrDPLMcVV0ExWd/EexzCMhzDBCBgNVHSMEOzA5gBTbVbnrDPLMcVV0
+ExWd/EexzCMhzKEWpBQwEjEQMA4GA1UEAwwHcm9vdC1jYYIJAPuMcWp8Si1PMA0G
+CSqGSIb3DQEBCwUAA4IBAQA83u6ILbpsQRwyb074exRo2vLC0pjtOBeRLyhi95zk
+TtilDHNP5oYf4pmrTAagv+i5eOwwAvoaXil1+mAtckUkV0FRoxAX9U6ZTUFge9HE
+G0VLfhqmzlExRl7O6Jr/O7fC6hOz5YDD0SdAaLGx35J9kbWyOLXAWCte3FImetdB
+72lbGD8M9J9Sm12aN+e9a8xovFQQG8Sah4XVTubs3Yw8QOhs+kxIrw3LzRt3Nisa
+ASCK93sHNpRUfePn/9x+2VAd6p1r4ypDJAH9Tr1E7duPBe+2YwBjMMDviA7eCiFA
+Xi7zm5vUeHGuQOBUIz6HE7RGMhQNkORbQiopzVFOBkys
+-----END CERTIFICATE-----