Initial revision

42 files changed, 1466 insertions, 0 deletions

diff --git a/test/01cert.pem b/test/01cert.pem
new file mode 100644
index 0000000..15a8679
--- /dev/null
+++ b/test/01cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEO
+MAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNo
+YWxAcm9rb3MuY3owHhcNMDEwOTA5MDgzNDExWhcNMDIwOTA5MDgzNDExWjBOMQsw
+CQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxDzANBgNVBAMTBk1pY2hhbDEeMBwG
+CSqGSIb3DQEJARYPbWljaGFsQHJva29zLmN6MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJpui4aF44GABGSm5kYglIVjGOfZiaOpx8sgAeWHY/cieHF3fcDCy9
+eUtv1BQeGOruiOuGLUk818TO5Ypsa45lc3mx5Inhusmsm6BJePNIK/pf+vYoskwH
+EaGOCg3kMvyylAzsr2nqP7hYm09nSlU96OyHJVssUbUFVaXQ7wBNnQIDAQABo4Gh
+MIGeMAkGA1UdEwQCMAAwHQYDVR0OBBYEFHxeY4K03AqIrFcjnWt0xO+SDE8OMHIG
+A1UdIwRrMGmAFIsvMx24Ivqj37PFReOHMRnUwQSOoU6kTDBKMQswCQYDVQQGEwJD
+WjEOMAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9t
+aWNoYWxAcm9rb3MuY3qCAQAwDQYJKoZIhvcNAQEEBQADggEBAAk1AjbFJVir3a1V
+k1eL3D4EKpk0/q0iK30L5jCPHKAQUSROVGbxb3t6AgdHR+eEnyaH9jHr/cgqMV4B
+ce0mkDUoS3r1NvBIiLIO49Uhs/RVv0YVz2cVK/PSVNLEbWwmSv/oZNJN0bzlfhkk
+qIulod3M3Vpr+tw0MCGjGHF7bfJjnvecsinJtlh1dZNElfdq/hZBD0nElKBTI5+J
+UyN91hpPMPOCY48CpE7/zDneUHnLJyZ9Dxo32XPBeqTX4shaBaNZ/nlISzoHAR9h
+HhcshzQx5WWgdOKnXkpZgqxizacM4Kl4xUpChUz9JhmQDydYC2LpFo8L0zfeLfnW
+XuWJtfA=
+-----END CERTIFICATE-----
diff --git a/test/01crl.pem b/test/01crl.pem
new file mode 100644
index 0000000..0c9a48f
--- /dev/null
+++ b/test/01crl.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBpjCBjzANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEOMAwGA1UEChMF
+Um9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNoYWxAcm9rb3Mu
+Y3oXDTAxMDkyMDIxMTAwMFoXDTAxMTAyMDIxMTAwMFowFDASAgEBFw0wMTA5MjAy
+MTA5MDZaMA0GCSqGSIb3DQEBBAUAA4IBAQAHyNipK4xxUoNy0ui38TdRUOcmuN7o
+gS0AaI+aEeio4NbRL4+J9qrm0Yf3HfE/gMzAHpBN7Jd5ABeLuRQVeztYCM4d9mtA
+CwYcnVIm0s0EzMpM5SSghmKHsUZ5xQOAXuHDjdYXyCgDrTs+xPCFAPabiwhnXAyq
+29IoX4V4fo0dyPgMgCZu93a3qdnpEAmdttgfdJrwEXlLIWkxhR88XXVo3ErGMsJ2
+zy2Zjt+Vm5uIHDCGMB0CNUv6zCik/v+9H1VyCmhmz/XfznJu7Fzt6y8Y/tXNLhY9
+i02Wr+IBLWL0PzPy6FOnr6EsH0gLrXO54Xb/RNn4+xDD9P7pe0ZakAgU
+-----END X509 CRL-----
diff --git a/test/01key.pem b/test/01key.pem
new file mode 100644
index 0000000..913ed6f
--- /dev/null
+++ b/test/01key.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6D6ED83B588F034
+
+QhTVi7BH3bBdJsxIjfStLVNbGZtrHaAqwCKrgNq8eHmeFh/GQmeh9wAgbVgdeBli
+c49UoWug+k7XCaSKO/DQMzePavyEXVirYJGrI5iGARgYOH70gMdJdQfa8K8EZhB7
+zkv0lMCuoMOa/46ItXNS9DKkdr6RRdmPU8C+WCjfgNdQIcAuYZLeiSnvpDCj8a5t
+H15ZyNxySzgpTw7OS4Z1PRETHcUWlNOs/vvNqRBtrmypw/P8VFvjXipWFA+hV6t5
+5CEHsMdXIrpb7nJ76OoyCSu9IO7FnftjiP+DuHcdJdTPJ2c7X1vXZ33QJwPqD4ci
+e042ZgBfdjQqOthRATX5x+uAdqokbfqDhlt+xUkUvyZsKlfuMpZr4ATqeH5SFcUt
+5vx+5oAFU0vvfnEw9PFt/8O3JbQVy/yCle9RSkVdecdpjsLgW/KzHedlc+TiNiac
+K7LQqfTv99iLq5tdmQQI8tgWX/vuzTyfAXOHiVo+LnB1m5MWjgjr93Ssrf1zCThu
+2EbWEDRbFENh8TRAFri8WCHay4U4/Zk7LzHOumE5sTLcoNfKUsykR/s6PI8W2Z/a
+B0uvJ/SUgTiWYEb56oNzOSCJBWdtusjXMskb2GOW8wwGJwS1Vq1sT4suh7NB13dZ
+DL56lKRtobdyHTNs8gylf5zgrzfJuChWXRLS0t12gyDVvLcGOXRiF2pdaape9F5V
+v8dwkTictvsxFIacBo2/wk/xW9mSlQxpHSjcHLneEV+t4vd21Q5LhjmWlQUG9hS3
+G8e0BD7BKqTcUuBQ8/9bh8VAOvsZjFy26fRMDXuuWV1AABvWyAq3IQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/01pub.pem b/test/01pub.pem
new file mode 100644
index 0000000..d3e9faa
--- /dev/null
+++ b/test/01pub.pem
@@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBAMmm6LhoXjgYAEZKbmRiCUhWMY59mJo6nHyyAB5Ydj9yJ4cXd9wMLL15
+S2/UFB4Y6u6I64YtSTzXxM7limxrjmVzebHkieG6yayboEl480gr+l/69iiyTAcR
+oY4KDeQy/LKUDOyvaeo/uFibT2dKVT3o7IclWyxRtQVVpdDvAE2dAgMBAAE=
+-----END RSA PUBLIC KEY-----
diff --git a/test/01req.pem b/test/01req.pem
new file mode 100644
index 0000000..a3400af
--- /dev/null
+++ b/test/01req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBjTCB9wIBADBOMQswCQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxDzANBgNV
+BAMTBk1pY2hhbDEeMBwGCSqGSIb3DQEJARYPbWljaGFsQHJva29zLmN6MIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJpui4aF44GABGSm5kYglIVjGOfZiaOpx8
+sgAeWHY/cieHF3fcDCy9eUtv1BQeGOruiOuGLUk818TO5Ypsa45lc3mx5Inhusms
+m6BJePNIK/pf+vYoskwHEaGOCg3kMvyylAzsr2nqP7hYm09nSlU96OyHJVssUbUF
+VaXQ7wBNnQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAVovoK9kVmu/sPWQMS/8H
+uDbLDWfWRnVOxZlVGnx5+ICryv8BsdYSezcF7+TYAnpypypgX7VzD7OvdO5DyYWN
+HnJYpW7M0ZnjgqAQi1dKvM+byj17cew3kyPbeljBf8By4PGvXbQxqzSASUOPTPCl
+XYy5y2lEGsY3jpj5IwITtvY=
+-----END CERTIFICATE REQUEST-----
diff --git a/test/02cert.pem b/test/02cert.pem
new file mode 100644
index 0000000..2e948e8
--- /dev/null
+++ b/test/02cert.pem
@@ -0,0 +1,69 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=CZ, O=Rokos, CN=CA/Email=michal@rokos.cz
+        Validity
+            Not Before: Sep 27 14:51:51 2001 GMT
+            Not After : Sep 27 14:51:51 2002 GMT
+        Subject: C=CZ, O=Rokos, CN=Pokus02
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c1:aa:c0:e9:ac:d1:49:66:21:01:97:13:51:aa:
+                    ff:df:0d:ca:e4:cf:5d:d6:f4:e9:2f:64:89:51:cb:
+                    e8:59:bf:8e:dd:20:21:63:e3:75:a5:ad:35:cb:e5:
+                    da:c6:ee:12:6d:41:f7:75:37:3a:31:94:a0:b3:3f:
+                    c9:69:b6:79:22:ee:03:f0:af:93:fa:21:6f:6c:c5:
+                    af:e6:20:3e:5b:2c:fd:03:c1:70:29:b2:da:17:8e:
+                    d9:4c:5a:2b:30:8b:08:f1:74:90:0d:31:dd:f8:ed:
+                    06:01:3a:23:39:42:56:e7:59:00:9c:79:b5:27:8a:
+                    80:b6:6d:90:81:22:d7:0d:59
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                21:FC:47:57:07:F1:9D:E0:F7:7D:43:24:A1:20:04:F2:1E:B9:D6:C9
+            X509v3 Authority Key Identifier: 
+                keyid:8B:2F:33:1D:B8:22:FA:A3:DF:B3:C5:45:E3:87:31:19:D4:C1:04:8E
+                DirName:/C=CZ/O=Rokos/CN=CA/Email=michal@rokos.cz
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        32:d8:78:d3:37:bb:aa:77:4d:ff:a5:e1:1d:57:4b:06:5f:f3:
+        25:62:e8:01:5e:25:c8:d9:4f:3e:02:87:0c:98:56:f8:83:7a:
+        cd:b5:2a:99:80:19:43:32:6b:44:5f:78:00:3c:86:aa:3d:5b:
+        51:ac:48:6e:84:c2:41:a1:a1:e4:dc:b0:17:9d:7d:09:b5:2a:
+        59:34:df:72:34:6d:8d:80:cf:2a:14:07:41:f1:9c:13:ea:ca:
+        66:c6:00:75:fa:be:5a:1b:ec:58:b5:ec:e0:1e:0f:49:12:d4:
+        f8:01:3e:44:26:6e:f5:fe:f6:56:93:a2:38:26:81:a0:2b:c2:
+        54:b7:6a:77:01:cc:5f:7e:98:db:7a:39:15:87:5f:b1:b2:e8:
+        7d:19:3d:8b:97:ae:ab:03:a5:76:15:e2:6d:28:e1:a3:4d:a1:
+        4f:a0:69:01:0d:03:bf:2f:b6:ec:ae:60:2a:d7:e3:cb:94:4c:
+        66:69:e6:8b:4a:50:49:31:c2:3c:e1:d9:bd:ac:bb:11:5a:53:
+        10:e4:01:67:5f:16:55:c0:eb:32:15:51:ca:68:a8:3e:5c:51:
+        c5:09:e2:ac:7f:25:67:8a:47:59:6a:9b:03:52:b8:b8:d8:35:
+        77:2d:72:6a:08:fc:b4:8e:9b:4e:29:a3:8d:e0:b5:83:cf:5c:
+        6b:c5:33:69
+-----BEGIN CERTIFICATE-----
+MIIDEjCCAfqgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEO
+MAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNo
+YWxAcm9rb3MuY3owHhcNMDEwOTI3MTQ1MTUxWhcNMDIwOTI3MTQ1MTUxWjAvMQsw
+CQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxEDAOBgNVBAMTB1Bva3VzMDIwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMGqwOms0UlmIQGXE1Gq/98NyuTPXdb0
+6S9kiVHL6Fm/jt0gIWPjdaWtNcvl2sbuEm1B93U3OjGUoLM/yWm2eSLuA/Cvk/oh
+b2zFr+YgPlss/QPBcCmy2heO2UxaKzCLCPF0kA0x3fjtBgE6IzlCVudZAJx5tSeK
+gLZtkIEi1w1ZAgMBAAGjgaEwgZ4wCQYDVR0TBAIwADAdBgNVHQ4EFgQUIfxHVwfx
+neD3fUMkoSAE8h651skwcgYDVR0jBGswaYAUiy8zHbgi+qPfs8VF44cxGdTBBI6h
+TqRMMEoxCzAJBgNVBAYTAkNaMQ4wDAYDVQQKEwVSb2tvczELMAkGA1UEAxMCQ0Ex
+HjAcBgkqhkiG9w0BCQEWD21pY2hhbEByb2tvcy5jeoIBADANBgkqhkiG9w0BAQQF
+AAOCAQEAMth40ze7qndN/6XhHVdLBl/zJWLoAV4lyNlPPgKHDJhW+IN6zbUqmYAZ
+QzJrRF94ADyGqj1bUaxIboTCQaGh5NywF519CbUqWTTfcjRtjYDPKhQHQfGcE+rK
+ZsYAdfq+WhvsWLXs4B4PSRLU+AE+RCZu9f72VpOiOCaBoCvCVLdqdwHMX36Y23o5
+FYdfsbLofRk9i5euqwOldhXibSjho02hT6BpAQ0Dvy+27K5gKtfjy5RMZmnmi0pQ
+STHCPOHZvay7EVpTEOQBZ18WVcDrMhVRymioPlxRxQnirH8lZ4pHWWqbA1K4uNg1
+dy1yagj8tI6bTimjjeC1g89ca8UzaQ==
+-----END CERTIFICATE-----
diff --git a/test/02key.pem b/test/02key.pem
new file mode 100644
index 0000000..e2e8e08
--- /dev/null
+++ b/test/02key.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C4F9A886D458E50C
+
+tdvJ2y/Eu67lWI+E6UJHdEKSkmW/h2QQ5gQYtqKgQ0bavN4r6HOB7mH1PVLo+HyD
+Q/aeOlWXQe0O5FbmufZ6OSZjyKuHoSyiFCwz9uuU9vAzd8SwT7dXG3ci1bKuvcP+
+0ApbTsdbL6CSHBqTw9gc7IUwUzVEa8d0Cz4skGuR4GqI3zTD/mEqmV9OBM9cFH56
+Wc+YF9BVRw4Yfl4go8wrhukYR+ixxdf5fuRCgdtho77kzm7nOhywEErAE0k44aC0
+lYN+Te9ukzlTe8m2vvd8wZQTL2WUsqN9PNP23oFDQgChPYfQ/FRt4y2Cym9kUK+J
+aW+AADdtO7fgDOqXPlpFoc/e2HdCF2Ayv3zER+llIcoxgH+NC0vBW7KMTpsaFeoz
+BUowS7t/uYtn+cxOmLUDhPi7cIH/Azjef6XC+puA7oraa6AlmAB7LCTSm1Kptxu4
+LEZrICj1kSnJBsOjcwiMd3Z2Hm9ORxVbj40T6iaG1/waqtdUZRzFUlXABAD/8MTc
+RanKi9cZw7nwiTYWtZ8NRhvcCddcxQLrODoCygSeYBB7icbh9XO1hpTwpJNmz+mn
+YZVsWkGPN4EUJBKHsgtzuKV3gizZfTfX6mZvE25gxobs+NJuOM8Awekp95N+zYta
+Yp44ex/OaQhHNb9M/zwpR0z2K5BE9p+JkfRs3SwWJ5BZzJJcrkF6h0dUBbjQ/1p0
+NHERUPhsLBUEa6ayLcdopf1MqBnyrJljaKrc+8BCneVuwQVxW+ZqFxcPF4qYtrnf
+6z3vF4cC8M6FAc0mIEkS4lFB5M4SDHm+Txgof7l6MLyxZAF+QzLdDA==
+-----END RSA PRIVATE KEY-----
diff --git a/test/02req.pem b/test/02req.pem
new file mode 100644
index 0000000..3fa9be4
--- /dev/null
+++ b/test/02req.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBbjCB2AIBADAvMQswCQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxEDAOBgNV
+BAMTB1Bva3VzMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMGqwOms0Ulm
+IQGXE1Gq/98NyuTPXdb06S9kiVHL6Fm/jt0gIWPjdaWtNcvl2sbuEm1B93U3OjGU
+oLM/yWm2eSLuA/Cvk/ohb2zFr+YgPlss/QPBcCmy2heO2UxaKzCLCPF0kA0x3fjt
+BgE6IzlCVudZAJx5tSeKgLZtkIEi1w1ZAgMBAAGgADANBgkqhkiG9w0BAQQFAAOB
+gQCtNmh1fd1M/pm1ybiTdWh2iI8GT01Azff5D5Hxk/WbuZS0U/v0auycrEaBj1w0
+hncaYnN8+fdSACbOBN5efni7FiClvx7COuJ3+qJmB/Cnv4j5ielyydUhkeRQ81Gq
+EooiyAXhDzVcCfjO8c5Gk2WkAfuQWf9h/7ZSRlVv72OcWw==
+-----END CERTIFICATE REQUEST-----
diff --git a/test/0cert.pem b/test/0cert.pem
new file mode 100644
index 0000000..cb383c7
--- /dev/null
+++ b/test/0cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJDWjEN
+MAsGA1UEChMEUnVieTEPMA0GA1UEAxMGUnVieUNBMB4XDTAxMTEwODExNTkxMloX
+DTAzMTEwODExNTkxMlowLTELMAkGA1UEBhMCQ1oxDTALBgNVBAoTBFJ1YnkxDzAN
+BgNVBAMTBlJ1YnlDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOV8
+Vc1b83eGNdpfM4IFbEY8h+nx8XU9QMJ5EnWiOzSqrOZtG/R6rFP/jxDS+rDgh2FF
+lzkdrRpElTVgCePEddrhSMj//8IprCN79sykiTILNAi0Wq9YHUCzADX+ViC0hkyS
+rUs4kD7qr3psfp1imARD2IE2gVhs5+fuyZlNGg1xXjsEfRMX6Uf57q7NBh3edjWh
+EfyKku7l51Z6X1r8tVPguyeeoZsnOPpQGKutchEskBwHjGwu0xBj9NJFKrIr9GBT
+IsKL4iTG31ReZnLQrtUHlCmOQnfId3HBk+zzD3Z8db47KaUgaEFpyitl9l+1HzyU
+3CjJzRmJZrYXycE3eYUCAwEAAaOBuTCBtjAPBgNVHRMECDAGAQH/AgEAMC0GCWCG
+SAGG+EIBDQQgFh5HZW5lcmF0ZWQgYnkgT3BlblNTTCBmb3IgUnVieS4wHQYDVR0O
+BBYEFFhFcoVGe0cAv4c8QexFYb1YqCtoMFUGA1UdIwROMEyAFFhFcoVGe0cAv4c8
+QexFYb1YqCtooTGkLzAtMQswCQYDVQQGEwJDWjENMAsGA1UEChMEUnVieTEPMA0G
+A1UEAxMGUnVieUNBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQDQhltRNlB8KyhgyXNZ
+qYTupPvsoj1NDbXQT1nyNirOjGSqRYxcOshL2vfhgIESs5jQdcR+B41Oj3N+MEkI
+rPyXIcbI1MSjB/W0pHVDpxf/++cZ7OXUhhF0f25+ZO9qnWl4mdKH3XNWJM4lnzGn
+Q8UDs9aJr8FBh8puo4u27I844K6GoIWyAzAwyyDmoaCRpkt5YSJua07OVsVTUdpj
+5z9rNOjmymuA82VpKvzsxFev7z4UragXRBX92OCRIzIE5Ne8zGLFTjKGt5us7D79
+bYqjOv2ax0bOj8UgTw0Fyl5mKao00uTz4nZyjhxuE7qUeaFNnoFbzQL6isZRBsST
+1eph
+-----END CERTIFICATE-----
diff --git a/test/0key.pem b/test/0key.pem
new file mode 100644
index 0000000..0ef2deb
--- /dev/null
+++ b/test/0key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,26F5AE5B49B3A1FF
+
+cOkuSZ5jeT5T+vmiBUeBIonGBzmO3HzYMmRN2HoKKLbYHnpcaH/84mA876cZIGDB
+Fpu36e1Q5W/IzEO1oWdav0gG6jG8fGIZnZBsyYwkDWayg+p+vGgEUAj6TAnwvK/f
+qjAsMfbBJVIhvsMekmuz490A5LZ3tA1zgZBpl6i358JXbDidp1YreRsa2KYD2hSM
+dNBNWvRksm8n9/px8U6fgKYlywV267FtmJ9e0dsMLt3gtni2WYU4uLhZfS2RvgwP
+a5mwo1DcepbZ4UohCCjWPCy3UYU43A/7ugHaE2+XcWi0gh+pLOTKL7dP84PKL1Az
+u3h4fiszYfkLwodUHbODIilAAU+orQv89jPJK9jjlmVjQc0jRMowkfuBvzqwLPGY
+JwIjKuIeTR+uh6MEp/m4aBUiNyxfPJZ4lAgJB7mU/9aKPD3qpWvniDg12NWBeniQ
+VfHI3qWvR6J2s7idBgEk+H2GeFsIXONpWfbHuqoDITjm80407ms03EbwItMynn51
+sTjY2fLTCkQik5sgnuqikNczi7EnFga7JVkbLa+ltGfBSyqAZIlNpbapr+vEtefl
+ucW+S4fJ9duwFg+N/syBIUeMji2EJHNhGa7jt+1JU/Cf8ise/5oets+C/bzAMwyy
+jMH4QP4rwoAhGNf7gpw4MYLek2n4LX2F4AN2cTgWj4yt94+GWKgLf5cuvlNG7SfI
+Ha5akGWDaG5pfmTdfLM71iDs3S8KXNLQ2gHNYlVP2hvc9rMEZo9P8iGnxIxNKskr
+C62x47FGmgsr0ShSTNTG58dqFgaVLb0On53LbD6tsgnYdtPoqC8/Z/agqK0mNIwb
+lLb/g0LLAoxqV6gOUNFZ92FEXZ9iUue1YFkHHaLfSe/xeKVoSO2XqaxIhsNMp5AK
+cER7/qkvxmb+BII+X5cFSjt/tOcjkCE3FXkyP8PVxlFYF6mY4BuGpKBl7wPFS8kf
+Mjp+9kZvXBJm3Awfn0M7ZXF4dkMOyRdjbOfhHkqREvw2Xty1+Sa3RarUM3w3jU1v
+DUg3vg5uRs0rVUZeK+HQHI7z3PaLVKMoESoDfSCI7/7kiZaBpS5hGBmMz26Aa+Lg
+5CmwM+LMqRE7BcrRo8wiXMbkbh1xCeOqfcQBopii6ZC1xtQeXP3+j19BzA0dlnHV
+N01UD3tuQ8cfji79atEX03hIzpLB9q75yCs+C3SDdEJzft/S53jFQjuG1SWpOxDa
+xo6lKXjX71X1UUh1gAmSKMkQnrfMzw1FTHtxetwaK5s6LFmmqPgi1lYEYai3zVP/
+rwG2M/aSlvsaC7GfJnpKdfRONXiGEwggDLKodt6sRvtZQ5uddUQnyvBxDyZpV9K6
+JF0/FQXsYwgjFJq7krHIwr4ExvQxb3s2GRtKokwDd+WH6f53oFRgOpWpsWLBYyS3
+uoYSRL8AcTLIEIsco8dFLCwTXmubo5wMhpsjCS0vp4QJ//fo9zLKiOG+nn5p9Yfa
+ZN5R+rEUjAchjP/W4poH/tFLIRXQmIKN6K5fTfY30EFnA08l02GpSAW1wzgaa/08
+NTY5VdXGW+vaWT+CNmZ1TB///aqcC50JztiitNecF1oKnm8Ng80QMXh/sEoLWmm2
+-----END RSA PRIVATE KEY-----
diff --git a/test/1cert.pem b/test/1cert.pem
new file mode 100644
index 0000000..34cfc3b
--- /dev/null
+++ b/test/1cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJDWjEN
+MAsGA1UEChMEUnVieTETMBEGA1UEAxMKUkEgT2ZmaWNlcjAeFw0wMTExMDgxMjA0
+NDNaFw0wMjExMDgxMjA0NDNaMDExCzAJBgNVBAYTAkNaMQ0wCwYDVQQKEwRSdWJ5
+MRMwEQYDVQQDEwpSQSBPZmZpY2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDmjdOjVhXIhr9kYvAiad8nJwfjtnEGluXRs1YMFOfOLi5bquu7eUL8ADiN3Fry
+FKePiJppBscynd/nhaCnh24ideGEAUgFxNUiF5ER2P0q+UEJKqdIttVC3Alh8A+j
+84ORre3P2uStpzyGZLBd2AfdEMaYYW+JtA8e6iNug5qrtQIDAQABo4GzMIGwMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkdlbmVyYXRlZCBieSBPcGVuU1NMIGZv
+ciBSdWJ5LjAdBgNVHQ4EFgQUZGTsYtG/ZlqNyjRiH3X3KQpZtQswVQYDVR0jBE4w
+TIAUWEVyhUZ7RwC/hzxB7EVhvVioK2ihMaQvMC0xCzAJBgNVBAYTAkNaMQ0wCwYD
+VQQKEwRSdWJ5MQ8wDQYDVQQDEwZSdWJ5Q0GCAQAwDQYJKoZIhvcNAQEFBQADggEB
+AD6K5cVA25rvighcsqPG530gOpOqmfiguJogEJrjugGwXD3n6Cgpu8znNhN2v9bX
+v0h/7KisJAP/b0d2jyqEey+us1aZqtGNxAVk5dZ7zwU310fIOV19cujFSsF6LBZP
+KlPy2qQHrGvWHtJBk5STn5VdTWEeEqv5wWNmBqYCxToaGg+lsF8U4OHX6QJiPr9Y
+iOYPEqgYqpr9cJvu4PIHjXN0SSrwLcxln/wudP97J51cOoGb884zHWwwnzQVcJde
+JOg4A+FI3SM4ilsd0SSoOUgy41kIKhej3VP/VS+iFdU5y2gpu9BqgVbwYy+d7hGO
+vlPYILTKftShjnc1FxTAkx0=
+-----END CERTIFICATE-----
diff --git a/test/1key.pem b/test/1key.pem
new file mode 100644
index 0000000..b82fc7f
--- /dev/null
+++ b/test/1key.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5A6AD2396EEAFD8D
+
+bIPHC+et8QaPX8BS9xdRJeKOB+bIN3Sa1YEyEBR/nvANheD7YkgH3JOchCOL/EnC
+cFzQZH04SZqjh9Ir7X1QORYk2YV5rpaEHrjC3W2TPXDH3ED+SrS55sJuKue6V6Gs
+uXQYIOzC22AFs4taUCzilY0mEu2dnua61ueOivimX8mj88Sm9Td7UHPvGArC+t+P
+1FeD3wSV4Wt5z5IzrDjCfEA2FOz2GTz41vYF4YmqKOv/xPMBRUCOGvzvGPfnly2C
+KYH8ty6jAauQ/jTQJJi7P7oPurtK3v9nHEc3xNo07+uzkKKw1Ur8UFh3xiAHl7KE
+EKPUtc05KwD/NKcYEWbwiltFt/BSJIoyhAmR7J3siM5XvJ+saqhE8ycx3HG/I5DX
+8Juv8jK7XELawGQoUeHO8KWQT/uEmf9xmRS2a1KMy2NWwqUQgC/kO23c2mhKTUZI
+AppciHwExHeY1lXWyq+A0skbuYA531o3S8L28mk55VYSecz8LqFjeuMha774mDVi
+QG8gfURS4tliLV9ZT72p5D+rCOSYXUMeSgyZa+mZoIVbqbE8UClmZJvFOfa5MRLe
+tqHXk5STM6qQBD28mDeHKHLGFP7g0SnfXlHY1wQiSSZEOjY9RsoZFRcdC3Q4f7vY
+Uz5ji0DDytnXyHIoFO/sejf4QacOWcDJoYigkeUrX6WZR11d6wCRMvT1ekuViOM3
+KXZdQ+ziLnUSZVELxngqpK6Ao32QfuFYEDufKkayz8WvByMCuyLwSgrqZVdC8JmP
+9CSHO4zl97lQV5DOi9pen00fGL7PpyJhH1o0Ef320xByAR6InrbMTQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/c/hash.c b/test/c/hash.c
new file mode 100644
index 0000000..76f2fa4
--- /dev/null
+++ b/test/c/hash.c
@@ -0,0 +1,51 @@
+/*
+ * $Id$
+ * RubySSL project
+ * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details. (You can find the licence
+ * in LICENCE.txt file.)
+ */
+#include <openssl/ssl.h>
+
+int main(int argc, char *argv[])
+{
+	BIO *in = NULL, *out = NULL;
+	X509 *x509 = NULL;
+	ASN1_BIT_STRING *key = NULL;
+	ASN1_OCTET_STRING *digest = NULL;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	EVP_MD_CTX md;
+	unsigned int dig_len;
+	char *txt = NULL;
+	
+	in = BIO_new_file("./01cert.pem", "r");
+	out = BIO_new(BIO_s_file());
+	BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
+
+	x509 = PEM_read_bio_X509(in, NULL, NULL, NULL);
+	key = x509->cert_info->key->public_key;
+
+	ASN1_STRING_print(out, key);
+	BIO_printf(out, "\n===\n");
+	
+	EVP_DigestInit(&md, EVP_sha1());
+	EVP_DigestUpdate(&md, key->data, key->length);
+	EVP_DigestFinal(&md, dig, &dig_len);
+	
+	txt = hex_to_string(dig, dig_len);
+	BIO_printf(out, "%s\n===\n", txt);
+	return 0;
+}
+//i2v_ ... as STACK_OF(CONF_VALUE) for easy printing
+
diff --git a/test/c/key.c b/test/c/key.c
new file mode 100644
index 0000000..5f6cbf3
--- /dev/null
+++ b/test/c/key.c
@@ -0,0 +1,84 @@
+/*
+ * $Id$
+ * RubySSL project
+ * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details. (You can find the licence
+ * in LICENCE.txt file.)
+ */
+#include <openssl/ssl.h>
+
+int main(int argc, char *argv[])
+{
+	RSA *rsa = NULL;
+	BIO *in = NULL, *out = NULL;
+
+	OpenSSL_add_all_algorithms();
+
+	if (!(in = BIO_new(BIO_s_file()))) {
+		printf("BIO in err\n");
+		return 1;
+	}
+	//if (BIO_read_filename(in, "./01key.pem") <= 0) {
+	if (BIO_read_filename(in, "./01rsapub.pem") <= 0) {
+		printf("BIO_read err\n");
+		return 2;
+	}
+	//if (!(rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL, "pejs8nek"))) {
+	if (!(rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL))) {
+		printf("PEM read err\n");
+		BIO_free(in);
+		return 3;
+	}
+	BIO_free(in);
+	if(rsa->n) printf("n=Yes, "); else printf("n=NO, ");
+	if(rsa->e) printf("e=Yes, "); else printf("e=NO, ");
+	if(rsa->d) printf("d=Yes, "); else printf("d=NO, ");
+	if(rsa->p) printf("p=Yes, "); else printf("p=NO, ");
+	if(rsa->q) printf("q=Yes, "); else printf("q=NO, ");
+	if(rsa->dmp1) printf("dmp1=Yes, "); else printf("dmp1=NO, ");
+	if(rsa->dmq1) printf("dmq1=Yes, "); else printf("dmq1=NO, ");
+	if(rsa->iqmp) printf("iqmp=Yes\n"); else printf("iqmp=NO\n");
+
+/*
+	if (!(out = BIO_new(BIO_s_file()))) {
+		printf("BIO out err\n");
+		return 4;
+	}
+	if (BIO_write_filename(out, "./01rsapriv.pem") <= 0) {
+		printf("BIO write err\n");
+		return 5;
+	}
+	if (!PEM_write_bio_RSAPrivateKey(out, rsa, EVP_des_ede3_cbc(), NULL, 0, NULL, "alfa")) {
+		printf("Private err\n");
+		return 6;
+	}
+	BIO_free(out);
+
+	if (!(out = BIO_new(BIO_s_file()))) {
+		printf("BIO out err\n");
+		return 7;
+	}
+	if (BIO_write_filename(out, "./01rsapub.pem") <= 0) {
+		printf("BIO write err\n");
+		return 8;
+	}
+	if (!PEM_write_bio_RSAPublicKey(out, rsa)) {
+		printf("Private err\n");
+		return 9;
+	}
+	BIO_free(out);
+*/
+	return 0;
+}
+
diff --git a/test/cacert.pem b/test/cacert.pem
new file mode 100644
index 0000000..5b592ed
--- /dev/null
+++ b/test/cacert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBADANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEO
+MAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNo
+YWxAcm9rb3MuY3owHhcNMDEwOTA5MDcyMzU0WhcNMDMwOTA5MDcyMzU0WjBKMQsw
+CQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZI
+hvcNAQkBFg9taWNoYWxAcm9rb3MuY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC728A7LcXmMBjNNWLM+F2cr+/yjF2z5E72ZWE7MoFmArNTD9Kpzij+
+BoQr2Epj8FOpYebPPpy3V4WiaQXiG9w59pljHAAuAKnSdtiuWP7HNk/aCGSH19x9
+VjD2HpjqPwv1BiJ2XO/TVi5p6xO9PA/oYsj3GhkfQ3EUyvdeUJo3Fze2LC9hj6ED
+Yv4f15KaCGNL1DDYz1XDJtQh12Wt9l4i6GO8KHVIzZxQ4mnatfRiK7XnbaLqM3nC
+Z8Qi+MQ7GTycBmSgOAmg0vzZ+8GEZRDRfg02nbhju1P+gbiYA62HM0TI8Zr9Ol/e
+iWMBs6PSQ3C2dAcHPxGTXEM99SHlgTWPAgMBAAGjgaQwgaEwHQYDVR0OBBYEFIsv
+Mx24Ivqj37PFReOHMRnUwQSOMHIGA1UdIwRrMGmAFIsvMx24Ivqj37PFReOHMRnU
+wQSOoU6kTDBKMQswCQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxCzAJBgNVBAMT
+AkNBMR4wHAYJKoZIhvcNAQkBFg9taWNoYWxAcm9rb3MuY3qCAQAwDAYDVR0TBAUw
+AwEB/zANBgkqhkiG9w0BAQQFAAOCAQEANZ0WpcFk/fKcYIAK2C9dFVgnHqbP6+xa
+NH23epZ/29ONjVVZa4IW1OS3miufJDTGqSWncp8hLe18ux/AyJkGXcjYe0A4g/jn
+qARZe7zGlE9Plg6VMGYJk6AJyTf1m8a+0f9Ek9MfUkblltE4zHSFsVEBezmav9n1
+WjjWgc3WA9amagkCx1P/M5r36noclHd7L6O+S4BXMJaOzk10ADahINQ89QmGdeCU
+o2i09vtcupCwkepDCVhGU41Yp7ihjt4XJWePFXPf7Y1mf9Hhkq5cCIJVVRqT0YUL
+FQrQrZweM8eGF/xouqGWCZQnTIdhDcpRIIlhAQy8MSoJJgxPR5raKw==
+-----END CERTIFICATE-----
diff --git a/test/config.cnf b/test/config.cnf
new file mode 100644
index 0000000..2c3fcda
--- /dev/null
+++ b/test/config.cnf
@@ -0,0 +1,244 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 60
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/test/data b/test/data
new file mode 100644
index 0000000..4effa19
--- /dev/null
+++ b/test/data
@@ -0,0 +1 @@
+hello!
diff --git a/test/gen_ca_cert.rb b/test/gen_ca_cert.rb
new file mode 100755
index 0000000..0a07f0b
--- /dev/null
+++ b/test/gen_ca_cert.rb
@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p key = RSA.new(2048)
+p new = Certificate.new
+name = [['C', 'CZ'],['O','Ruby'],['CN','RubyCA']]
+p new.subject = Name.new(name)
+p new.issuer = Name.new(name)
+p new.not_before = Time.now
+p new.not_after = Time.now + (2*365*24*60*60)
+p new.public_key = key
+p new.serial = 0
+p new.version = 3
+ef = ExtensionFactory.new
+ef.subject_certificate = new
+p ext1 = ef.create_extension("basicConstraints","CA:TRUE,pathlen:0")
+p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.")
+p ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
+new.extensions = [ext1, ext2, ext3]
+ef.issuer_certificate = new # we needed subjectKeyInfo inside, now we have it
+p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+p new.add_extension(ext4)
+p new.sign(key, Digest::SHA1.new)
+
+f = File.new("./#{new.serial}cert.pem","w")
+f.write new.to_pem
+f.close
+
+puts "Enter Password:"
+p pass = gets.chop!
+
+f = File.new("./#{new.serial}key.pem", "w")
+f.write key.export(Cipher::DES.new(Cipher::EDE3, Cipher::CBC), pass)
+f.close
+
diff --git a/test/gen_cert.rb b/test/gen_cert.rb
new file mode 100755
index 0000000..9d33f48
--- /dev/null
+++ b/test/gen_cert.rb
@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p ca = Certificate.new(File.open("./0cert.pem").read)
+p ca_key = RSA.new(File.open("./0key.pem").read)
+
+p key = RSA.new(1024)
+p new = Certificate.new
+name = [['C', 'CZ'],['O','Ruby'],['CN','RA Officer']]
+p new.subject = Name.new(name)
+p new.issuer = Name.new(name)
+p new.not_before = Time.now
+p new.not_after = Time.now + (365*24*60*60)
+p new.public_key = key
+p new.serial = 1
+p new.version = 3
+ef = ExtensionFactory.new
+ef.subject_certificate = new
+ef.issuer_certificate = ca
+p ext1 = ef.create_extension("basicConstraints","CA:FALSE")
+p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.")
+p ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
+p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+new.extensions = [ext1, ext2, ext3, ext4]
+p new.sign(ca_key, Digest::SHA1.new)
+
+f = File.new("./#{new.serial}cert.pem","w")
+f.write new.to_pem
+f.close
+
+puts "Enter Password:"
+p pass = gets.chop!
+
+f = File.new("./#{new.serial}key.pem", "w")
+f.write key.export(Cipher::DES.new(Cipher::EDE3, Cipher::CBC), pass)
+f.close
+
diff --git a/test/key_hash.rb b/test/key_hash.rb
new file mode 100755
index 0000000..5af095c
--- /dev/null
+++ b/test/key_hash.rb
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+
+x509 = X509::Certificate.new(File.open("./01cert.pem").read)
+key = x509.public_key
+p d = Digest::SHA1.new
+p d << key.to_der
+
+#x509 = X509::Certificate.new
+#rsa = PKey::RSA.new(1024)
+#x509.public_key = rsa
+#rsa = x509.public_key
+#d2 = Digest::SHA1.new
+#p d2 << rsa.to_der
+
diff --git a/test/ossl_cipher.rb b/test/ossl_cipher.rb
new file mode 100755
index 0000000..ce21342
--- /dev/null
+++ b/test/ossl_cipher.rb
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include Cipher
+
+p des = DES.new(EDE3, CBC) #Des3 CBC mode
+p "ENCRYPT"
+p des.encrypt("key") #, "initial_vector")
+p cipher = des.update("data1")
+#p cipher = des.encrypt("key", "initial_vector", "data")
+p cipher += des.cipher
+p "DECRYPT"
+p des.decrypt("key")
+#p des.decrypt("key", "initial_vector")
+p des.update(cipher) + des.cipher
+
diff --git a/test/ossl_config.rb b/test/ossl_config.rb
new file mode 100755
index 0000000..ac24db1
--- /dev/null
+++ b/test/ossl_config.rb
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+raise "TO BE DROPPED???..."
+
+require 'openssl'
+include OpenSSL
+
+p config = Config.new("./openssl.cnf")
+
+p string = config.get_string("req", "x509_extensions")
+p number = config.get_number("req", "default_bits")
+p string = config.get_string("req", "distinguished_name")
+
+p sect = config.get_section(string)
+p ConfigSection.new
+
diff --git a/test/ossl_digest.rb b/test/ossl_digest.rb
new file mode 100755
index 0000000..0ea7e0e
--- /dev/null
+++ b/test/ossl_digest.rb
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+require 'digest/sha1'
+require 'digest/md5'
+require 'openssl'
+
+str = "This is only bullshit! :-))"
+md5 = Digest::MD5.new(str)
+md5a = OpenSSL::Digest::MD5.new(str)
+p md5.digest == md5a.digest
+p md5.hexdigest == md5a.hexdigest
+
+sha1 = OpenSSL::Digest::SHA1.new(str*2)
+sha1a = Digest::SHA1.new(str*2)
+p sha1.digest == sha1a.digest
+p sha1.hexdigest == sha1a.hexdigest
+
diff --git a/test/ossl_pkey.rb b/test/ossl_pkey.rb
new file mode 100755
index 0000000..3b0eacd
--- /dev/null
+++ b/test/ossl_pkey.rb
@@ -0,0 +1,82 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include PKey
+include Cipher
+include Digest
+
+puts "==RSA=="
+p rsa = RSA.new(512)
+puts ".......=sign'n'verify"
+txt = <<END
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the GPL
+(see the file GPL), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) rename any non-standard executables so the names do not conflict
+	  with standard executables, which must also be provided.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or executable
+     form, provided that you do at least ONE of the following:
+
+       a) distribute the executables and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard executables non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under these terms.
+
+     For the list of those files and their copying conditions, see the
+     file LEGAL.
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.
+END
+p sig = rsa.sign(SHA1.new, txt)
+p rsa.verify(SHA1.new, sig, txt)
+puts ".......=encrypt'n'decrypt"
+txt2 = "Hello out there!"
+p enc = rsa.public_encrypt(txt2)
+p rsa.private_decrypt(enc)
+
+puts "==DSA=="
+p dsa = DSA.new(512)
+puts ".......=sign'n'verify"
+p sig = dsa.sign(DSS.new, txt)
+p dsa.verify(DSS.new, sig, txt)
+
diff --git a/test/ossl_rsa.rb b/test/ossl_rsa.rb
new file mode 100755
index 0000000..1ab9cd1
--- /dev/null
+++ b/test/ossl_rsa.rb
@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include PKey
+include Cipher
+#p RSA.new(1024)
+p priv = RSA.new(File.open("./01key.pem").read, "pejs8nek")
+p priv.private?
+p pub = RSA.new(File.open("./01pub.pem").read)
+p pub.private?
+puts exp = priv.export(DES.new(EDE3, CBC), "password")
+p priv2 = RSA.new(exp, "password")
+p priv.to_str == priv2.to_str
+#puts priv.to_pem
+#puts pub.to_str
+#puts priv.to_str
+#puts pub.export
+
diff --git a/test/ossl_x509.rb b/test/ossl_x509.rb
new file mode 100755
index 0000000..c8b5b07
--- /dev/null
+++ b/test/ossl_x509.rb
@@ -0,0 +1,62 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p x509 = Certificate.new(File.open("./01cert.pem").read)
+#puts x509.to_pem
+#p x509.serial
+#puts "Version = #{x509.version}"
+#p Name.new
+#p subject = x509.subject
+#p subject.to_str
+#p issuer = x509.issuer
+#p issuer.to_pem
+#p ary = issuer.to_a
+#p issuer.to_h
+#ary[3] = ["Email", "bow@wow.com"]
+#p x509.issuer = ary
+#p x509.not_before
+#p x509.not_before = Time.now
+#p x509.not_after
+#p k = x509.public_key
+#p k.private?
+#puts k.to_str
+#p priv = RSA.new(File.open("./01key.pem").read, "pejs8nek")
+#p priv.private?
+#p x509.public_key = priv
+#puts x509.public_key.to_str
+#p x509.issuer.to_str
+#p x509.sign(priv,MD5.new)
+#p x509.issuer.to_str
+#puts x509.to_str
+#x509.extensions.each_with_index {|e, i| p e.to_a}
+#puts "----end----"
+
+p key = RSA.new(1024)
+p new = Certificate.new
+name = [['C', 'CZ'],['O','Rokos'],['CN','pokusXXX']]
+p new.subject = Name.new(name)
+p new.issuer = Name.new(name)
+p new.not_before = Time.now
+p new.not_after = Time.now + (60*60*24*365)
+p new.public_key = key #x509.public_key
+p new.serial = 999999999
+p new.version = 3
+#p new.extensions #each_with_index {|e, i| p e.to_a}
+maker = ExtensionFactory.new(nil, new) #only subject
+p ext1 = maker.create_extension(["basicConstraints","CA:FALSE,pathlen:5"])
+p ext2 = maker.create_extension(["nsComment","OK, man!!!"])
+###p digest = Digest::SHA1.new(new.public_key.to_der)
+###p ext3 = maker.create_extension(["subjectKeyIdentifier", digest.hexdigest])
+p ext3 = maker.create_extension(["subjectKeyIdentifier", "hash"])
+new.extensions = [ext1, ext2, ext3]
+maker.issuer_certificate = new # we needed subjectKeyInfo inside, now we have it
+p ext4 = maker.create_extension(["authorityKeyIdentifier", "keyid:always,issuer:always"])
+#puts ext1.to_str
+p new.add_extension(ext4)
+p new.sign(key, Digest::MD5.new)
+puts new.to_str
+
diff --git a/test/ossl_x509crl.rb b/test/ossl_x509crl.rb
new file mode 100755
index 0000000..e885447
--- /dev/null
+++ b/test/ossl_x509crl.rb
@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p ca = Certificate.new(File.open("./cacert.pem").read)
+p key = ca.public_key
+p crl = CRL.new(File.open("./01crl.pem").read)
+p crl.issuer.to_str
+p crl.verify key
+p crl.verify RSA.new(1024)
+crl.revoked.each {|rev| p rev.time}
+
diff --git a/test/ossl_x509req.rb b/test/ossl_x509req.rb
new file mode 100755
index 0000000..95550d8
--- /dev/null
+++ b/test/ossl_x509req.rb
@@ -0,0 +1,23 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p req = Request.new
+p req = Request.new(File.open("./01req.pem").read)
+p pkey = RSA.new(File.open("./02key.pem").read, "alfa")
+p k2 = Certificate.new(File.open("./02cert.pem").read).public_key
+#puts req.to_str
+#p req.methods.sort
+p key = req.public_key
+p req.verify key
+p req.verify pkey
+p req.verify k2
+p req.public_key = k2
+p req.sign(pkey, Digest::MD5.new)
+p req.verify key
+p req.verify pkey
+p req.verify k2
+
diff --git a/test/ossl_x509store.rb b/test/ossl_x509store.rb
new file mode 100755
index 0000000..ba81100
--- /dev/null
+++ b/test/ossl_x509store.rb
@@ -0,0 +1,26 @@
+#!/usr/bin/ruby -w
+
+require 'openssl'
+include OpenSSL
+include X509
+
+p ca = Certificate.new(File.open("./cacert.pem").read)
+p cakey = ca.public_key
+p cert = Certificate.new(File.open("./01cert.pem").read)
+p key = cert.public_key
+p cert.serial
+#cert2 = Certificate.new(File.open("./02cert.pem").read)
+p crl = CRL.new(File.open("./01crl.pem").read)
+p crl.verify cakey
+p crl.revoked[0].serial
+#p ca.issuer.to_str
+#p ca.subject.to_str
+#p cert.subject.to_str
+#p cert.issuer.to_str
+p store = Store.new
+#p store.add_trusted ca # :-))
+p store.add_trusted cert # :-((
+#p store.add_trusted cert2 # :-((
+p store.add_crl crl #CRL does NOT have affect on validity in current OpenSSL <= 0.9.6b !!!
+p store.verify cert
+
diff --git a/test/pkcs7.rb b/test/pkcs7.rb
new file mode 100755
index 0000000..7852c05
--- /dev/null
+++ b/test/pkcs7.rb
@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+require 'openssl'
+
+include OpenSSL
+include PKey
+include X509
+include PKCS7
+
+data = File.open(ARGV[0]).read
+
+str = File.open('./server.pem').read
+cert = Certificate.new(str)
+key = RSA.new(str)
+
+p7 = PKCS7.new(SIGNED)
+signer = Signer.new(key, cert, Digest::SHA1.new)
+p7.add_signer(key, signer)
+p7.add_certificate(cert)
+p7.add_data(data, true) #...(data, (detached=false))
+puts (str = p7.to_pem)
+
+p store = Store.new
+p store.set_default_paths
+p store.load_locations("../../certs")
+
+ver_cb = Proc.new {|ok, store|
+  puts "HERE!"
+  true
+}
+p store.verify_callback = ver_cb
+
+p p7 = PKCS7.new(str)
+p p7.verify_data(store, data) {|signer|
+  puts "GOT IT!"
+  p signer.name.to_str
+  p signer.serial
+  p signer.signed_time
+}
+
diff --git a/test/server.pem b/test/server.pem
new file mode 100644
index 0000000..750aac2
--- /dev/null
+++ b/test/server.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/test/spki.pem b/test/spki.pem
new file mode 100644
index 0000000..ff3c03a
--- /dev/null
+++ b/test/spki.pem
@@ -0,0 +1 @@
+MIIBPjCBqDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuCjEDvjiNHcgya0+bU+NR7i6detQlZljdXmqx3UsQN+YmAkYPE4DIVtndRg/ofObSEV9VNgujKtwJdew111omp0tPT6gsT5VQJsceERgvJyv01J4oL3njJUKfMtet41hrUANSTDz/YAcKfiJn8fQYH+LgMEM64rWTPMXm+AFA0sCAwEAARYEcGVwYTANBgkqhkiG9w0BAQQFAAOBgQChk2Xq+RrdJWGnpQIaBkgy9Dw6pv39dfBklavXwU/Aapty3N7j+sM+j0nnkABgYpPB5/TZTX/L7RIUQHBbn3dk9GbGuj5R46AQVrKdEOQBPz96S61enXgPp6xJQqglAw5PARr3/5HOSTDz2cDvjqdDG/END21XaHiOtuRSyyZCLw==
\ No newline at end of file
diff --git a/test/spki.rb b/test/spki.rb
new file mode 100644
index 0000000..f88df6f
--- /dev/null
+++ b/test/spki.rb
@@ -0,0 +1,7 @@
+require "openssl"
+include OpenSSL
+
+txt = "MIICUDCCATgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUIhGCK7sr\r\nO+jHy7S1ZllFCEPzhlneTnjUnjZWuZEVu7c14NUhJzpNXg//6sCoiy5cQPaIYFIs\r\nded/PosTNfJVPX6El+bWk/2Elf5iVYcScRpf+RkUBR6T3WAMFPCajx3JFonhqhny\r\n5bSXU41h7/oLpnQkeeo76ujKoxjV6vl+y36jCeUAI+dzrWLznUswWVnWvdNt/z1h\r\npWILYtCKexLsz+aOqA6NdGTVDb8r+iDorU2KGL4BJjMXGr/LutYQjeVVXZTuaeN+\r\nxa75TVMcSEzvVQm8Dk1u3C3r3hm9I9zKnpta5NqiToR/fA85Qw5YhjEZMWT/Rj+7\r\nB5LBp5NcX35vAgMBAAEWEGNoYWxsZW5nZSBzdHJpbmcwDQYJKoZIhvcNAQEEBQAD\r\nggEBABdXwDZ9yDyyC5xw8rN/+/xAZSYa8xn4gsUEg4P/mM22WZaqh/NXroXUcU5F\r\nQBeGTYlT//wVlobLeES64Mk/FaCIXrZrLRAxb5QUYIupH2MifRU5XWriYcc6pp7S\r\nD1N+U6MOUFPMziqLf2AYqXBxuky1KhFeXuL6t9j1IadEY9UgTbUQ9Joyt50PoacM\r\ncc2i22GGdpowx7mrB0hnkmYmZ5CgQkrxNM2m4TCuuQwVIyaGgED5Xpa29QWaPhkM\r\njqjHBL4FOmPgYtaIFiFihQziYj5WYOtSEcIcEs/mHPx0lrY9V0fzp2yMGz+AQ3XF\r\nylBqpB33EBqXn/NGzHgWfdU1vEM="
+txt.gsub!(/(\r|\n)/,"")
+puts Netscape::SPKI.new(txt).to_str
+
diff --git a/test/spki2cert.rb b/test/spki2cert.rb
new file mode 100755
index 0000000..1bec365
--- /dev/null
+++ b/test/spki2cert.rb
@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p ca = Certificate.new(File.open("./0cert.pem").read)
+p ca_key = RSA.new(File.open("./0key.pem").read)
+
+p spki = Netscape::SPKI.new(File.open("./spki.pem").read)
+p key = spki.public_key
+p new = Certificate.new
+
+p dn = File.open("./spki_dn.txt").read
+dn = dn[1..dn.size]
+name = []
+dn.split("/").each {|i| name << i.split("=")}
+p new.subject = Name.new(name)
+
+p new.issuer = ca.subject
+p new.not_before = Time.now
+p new.not_after = Time.now + (365*24*60*60)
+p new.public_key = key
+p new.serial = 2
+p new.version = 3
+ef = ExtensionFactory.new
+ef.subject_certificate = new
+ef.issuer_certificate = ca
+p ext1 = ef.create_extension("basicConstraints","CA:FALSE")
+p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.")
+p ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
+p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+new.extensions = [ext1, ext2, ext3, ext4]
+p new.sign(ca_key, Digest::SHA1.new)
+
+f = File.new("./spki_cert.pem","w")
+f.write new.to_pem
+f.close
+
diff --git a/test/spki_cert.pem b/test/spki_cert.pem
new file mode 100644
index 0000000..3bb4396
--- /dev/null
+++ b/test/spki_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJDWjEN
+MAsGA1UEChMEUnVieTEPMA0GA1UEAxMGUnVieUNBMB4XDTAxMTExMDA4MjEyN1oX
+DTAyMTExMDA4MjEyN1owRDENMAsGA1UEAxMEcGVwYTEXMBUGA1UEChMOUnVieSBj
+b21tdW5pdHkxDTALBgNVBAsTBFRlc3QxCzAJBgNVBAYTAkNaMIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQC4KMQO+OI0dyDJrT5tT41HuLp161CVmWN1earHdSxA
+35iYCRg8TgMhW2d1GD+h85tIRX1U2C6Mq3Al17DXXWianS09PqCxPlVAmxx4RGC8
+nK/TUnigveeMlQp8y163jWGtQA1JMPP9gBwp+Imfx9Bgf4uAwQzritZM8xeb4AUD
+SwIDAQABo4GzMIGwMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkdlbmVyYXRl
+ZCBieSBPcGVuU1NMIGZvciBSdWJ5LjAdBgNVHQ4EFgQUu3y24OVXsOp/7leyLT/f
+rW2B/l8wVQYDVR0jBE4wTIAUWEVyhUZ7RwC/hzxB7EVhvVioK2ihMaQvMC0xCzAJ
+BgNVBAYTAkNaMQ0wCwYDVQQKEwRSdWJ5MQ8wDQYDVQQDEwZSdWJ5Q0GCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBABJ26j+AMhSyEIAqgCym911MKJ0s+Athb82NbNN23/6e
+adr2O0gLvDKCqJTkbNvpHuyjDheaA6udYaCSay+gbj62IkuNp+qLf2l/J5Tqk32H
+w0Q6nE58wiATx0q4Y9MgOBJ97rI/dnL6cBeR7nFwy8YHmBBTpyuQf/NXRR6g0e1k
+XVAw39R2R4YgEVMLQZvuc/ZV76DECL8Id3rS8ZRzJNGE97zTxM6GFilhFjuvkPyP
+74kErX3Y9dk3hVq5KWcbdhtd6hGUwZCUgO/zPW2lx/0U0Iv4EkhE3N8z81zXjy5D
+WV4mZ8b8tDHJchrStL04xqrPxBNkyXRqK9M13Tn22qM=
+-----END CERTIFICATE-----
diff --git a/test/spki_dn.txt b/test/spki_dn.txt
new file mode 100644
index 0000000..44fcbfb
--- /dev/null
+++ b/test/spki_dn.txt
@@ -0,0 +1 @@
+/CN=pepa/O=Ruby community/OU=Test/C=CZ
\ No newline at end of file
diff --git a/test/ssl/cli.rb b/test/ssl/cli.rb
new file mode 100755
index 0000000..82f26db
--- /dev/null
+++ b/test/ssl/cli.rb
@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+
+require 'socket'
+require 'openssl'
+require 'getopts'
+begin require 'verify_cb'; rescue LoadError; end
+
+include OpenSSL
+include SSL
+
+getopts "v", "C:", "p:2000", "c:", "k:"
+
+host = ARGV[0] || "localhost"
+
+p rsa = PKey::RSA.new(File.open($OPT_k).read) if $OPT_k && FileTest::file?($OPT_k)
+p cert = X509::Certificate.new(File.open($OPT_c).read) if $OPT_c && FileTest::file?($OPT_c)
+
+s = TCPSocket.new(host, $OPT_p)
+STDERR.print "connect to #{s.peeraddr[3]}.\n"
+
+ssl = SSLSocket.new(s, cert, rsa)
+###ssl.ca_cert = X509::Certificate.new(File.open($OPT_C).read) if $OPT_C && FileTest::file?($OPT_C)
+ssl.ca_file = $OPT_C if $OPT_C && FileTest::file?($OPT_C)
+ssl.ca_path = $OPT_C if $OPT_C && FileTest::directory?($OPT_C)
+ssl.verify_mode = VERIFY_PEER if $OPT_v
+ssl.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc
+STDERR.print "SSLSocket initialized.\n"
+
+ssl.connect
+STDERR.print "SSLSocket connected.\n"
+STDERR.print ssl.peer_cert.to_str, "\n" if ssl.peer_cert
+
+i = 0
+while line = gets
+  i += 1
+  ssl.puts "#{i}: #{line.chop}"
+end
+
+ssl.close
+s.close
+
diff --git a/test/ssl/login.rb b/test/ssl/login.rb
new file mode 100755
index 0000000..0835ef0
--- /dev/null
+++ b/test/ssl/login.rb
@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+
+require 'net/telnets'
+require 'getopts'
+require 'etc'
+begin require 'verify_cb'; rescue LoadError; end
+
+getopts 'v', 'C:', 'c:', 'k:'
+
+options = {}
+# ordinary options.
+options['Host'] = ARGV[0] || "localhost"
+options['Port'] = ARGV[1] || "telnets"
+options['Prompt'] = /[$%>#] \z/n
+
+# for SSL/TLS
+options['Cert'] = $OPT_c
+options['Key'] = $OPT_k
+options['CAFile'] = $OPT_C if $OPT_C && File::file?($OPT_C)
+options['CAPath'] = $OPT_C if $OPT_C && File::directory?($OPT_C)
+options['VerifyMode'] = SSL::VERIFY_PEER if $OPT_v
+options['VerifyCallback'] = VerifyCallbackProc if defined? VerifyCallbackProc
+
+# getting Password.
+username = Etc::getlogin || Etc::getpwuid[0]
+system "stty -echo"
+print "Passwd for #{username}@#{options['Host']}: "
+passwd = $stdin.gets.chomp
+print "\n"
+system "stty echo"
+
+t = Net::Telnet.new(options)
+t.login(username, passwd)
+prompt = t.ssl? ? "Telnets: " : "Telnet: "
+while $stdout.write(prompt) && line = $stdin.gets
+  line.chomp!
+  t.cmd(line){|c| print c } 
+end
+t.close
diff --git a/test/ssl/svr.rb b/test/ssl/svr.rb
new file mode 100755
index 0000000..d844119
--- /dev/null
+++ b/test/ssl/svr.rb
@@ -0,0 +1,76 @@
+#!/usr/bin/env ruby
+
+require 'socket'
+require 'openssl'
+require 'getopts'
+begin require 'verify_cb'; rescue LoadError; end
+
+include OpenSSL
+include SSL
+
+getopts "v", "C:", "p:2000", "c:", "k:"
+
+p [ $OPT_p, $OPT_k, $OPT_c ]
+
+    if $OPT_k
+      p rsa = PKey::RSA.new(File.open($OPT_k).read)
+    else
+      p rsa = PKey::RSA.new(512)
+    end
+
+    if $OPT_c
+      p cert = X509::Certificate.new(File.open($OPT_c).read)
+    else
+      cert = X509::Certificate.new
+      cert.version = 3
+      cert.serial = 0
+      name = X509::Name.new([["C","CZ"],["O","Ruby"],["CN","Test"]])
+      cert.subject = name
+      cert.issuer = name
+      cert.not_before = Time.now
+      cert.not_after = Time.now + (365*24*60*60)
+      cert.public_key = rsa.public_key
+      ef = X509::ExtensionFactory.new(nil,cert)
+      cert.extensions = [ef.create_extension("basicConstraints","CA:FALSE"), ef.create_extension("subjectKeyIdentifier", "hash")]
+      ef.issuer_certificate = cert
+      cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+      cert.add_extension ef.create_extension("nsComment","Generated by OpenSSL for Ruby!")
+      cert.sign(rsa, Digest::SHA1.new)
+      puts cert.to_str
+    end
+
+ns = TCPServer.new($OPT_p)
+loop do
+  begin
+    s = ns.accept
+    STDERR.print "connect from #{s.peeraddr[3]}.\n"
+
+    ssl = SSLSocket.new(s, cert, rsa)
+    ###ssl.ca_cert = X509::Certificate.new(File.open($OPT_C).read) if $OPT_C && FileTest::file?($OPT_C)
+    ssl.ca_file = $OPT_C if $OPT_C && FileTest::file?($OPT_C)
+    ssl.ca_path = $OPT_C if $OPT_C && FileTest::directory?($OPT_C)
+    ssl.verify_mode = VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT if $OPT_v
+    ssl.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc
+    STDERR.print "SSLSocket initialized.\n"
+
+    ssl.accept
+    STDERR.print "SSLSocket accepted.\n"
+    STDERR.print ssl.peer_cert.inspect, "\n" if ssl.peer_cert
+  rescue 
+    ssl.close
+    s.close
+    print $!, "\n"
+    next
+  end
+
+  Thread.start{
+    puts "Thread started"
+    while line = ssl.gets
+      p line
+    end
+    STDERR.print "connection closed.\n"
+    ssl.close
+    s.close
+  }
+end
+
diff --git a/test/ssl/verify_cb.rb b/test/ssl/verify_cb.rb
new file mode 100644
index 0000000..3196973
--- /dev/null
+++ b/test/ssl/verify_cb.rb
@@ -0,0 +1,21 @@
+VerifyCallbackProc = Proc.new{ |ok, x509_store_ctx|
+  code  = x509_store_ctx.verify_status
+  msg   = x509_store_ctx.verify_message
+  depth = x509_store_ctx.verify_depth
+  x509  = x509_store_ctx.cert
+
+  if $OPT_v
+    STDERR.print <<-_eof_
+    ------verify callback start------
+    ok,code,depth = #{ok},#{code}:#{msg},#{depth}
+    x509 = #{x509.to_str}
+    -------verify callback end-------
+    _eof_
+    if !ok
+      STDERR.print "Couldn't verify peer. Do you want to progerss? [y]: "
+      ok = true unless /^n/i =~ STDIN.gets()
+    end
+  end
+  ok
+}
+
diff --git a/test/ssl/wget.rb b/test/ssl/wget.rb
new file mode 100755
index 0000000..e71f55a
--- /dev/null
+++ b/test/ssl/wget.rb
@@ -0,0 +1,88 @@
+#!/usr/bin/env ruby
+
+require 'socket'
+require 'getopts'
+require 'openssl'
+begin require 'verify_cb'; rescue LoadError; end
+
+include OpenSSL
+include SSL
+
+STDOUT.sync = true
+STDERR.sync = true
+
+getopts "v", "c:"
+
+scheme = host = port = path = nil
+p_scheme = p_host = p_port = nil
+
+# parse request URI.
+uri = ARGV[0]
+if %r!(https?)://(.*?)(?::(\d+))?(/.*)! =~ uri
+  scheme = $1
+  host   = $2
+  port   = $3 ? $3.to_i : Socket.getservbyname(scheme)
+  path   = $4 || "/"
+else
+  STDERR.print "Invalid URI.\n"
+  exit 2
+end
+
+# parse HTTP_PROXY environment variable.
+if proxy = ENV['HTTP_PROXY']
+  if %r!(http)://(.*?)(?::(\d+))?(/.*)! =~ proxy
+    p_scheme = $1
+    p_host   = $2
+    p_port   = $3 ? $3.to_i : Socket.getservbyname(p_scheme)
+  else
+    STDERR.print "Invalid HTTP_PROXY.\n"
+    exit 2
+  end
+end
+
+# Connect to server.
+to = proxy ? [ p_host, p_port ] : [ host, port ]
+sock = TCPSocket.new(to[0], to[1])
+
+# If scheme is ``https'' we are going to initiate SSL session.
+if scheme == "https"
+  # If the peer is a proxy server, send CONNECT method to
+  # be switched to being a tunnel.
+  if proxy
+    sock.write "CONNECT #{host}:#{port} HTTP/1.0\r\n\r\n"
+    while line = sock.gets
+      STDERR.print line
+      break if line == "\r\n"
+    end
+  end
+
+  # start SSL session.
+  sock = SSLSocket.new(sock)
+  ##sock.ca_cert = X509::Certificate.new(File.open($OPT_c).read) if $OPT_c && FileTest.file?($OPT_c)
+  sock.ca_file = $OPT_c if $OPT_c && FileTest.file?($OPT_c)
+  sock.ca_path = $OPT_c if $OPT_c && FileTest.directory?($OPT_c)
+  # verify server.
+  sock.verify_mode = VERIFY_PEER if $OPT_v
+  sock.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc
+
+  sock.connect             # start ssl session.
+  STDERR.puts "SSLSocket connected."
+  STDERR.puts cert.to_str if cert = sock.peer_cert
+end
+
+# I expect most servers accept the absoluteURI in requests.
+sock.write "GET #{scheme}://#{host}:#{port}#{path} HTTP/1.0\r\n"
+sock.write "Connection: close\r\n"
+sock.write "\r\n"
+
+while line = sock.gets
+  STDERR.print line
+  break if line == "\r\n"
+end
+
+while data = sock.read(100)
+  print data
+end
+
+sock.close
+
diff --git a/test/ssl/wget2.rb b/test/ssl/wget2.rb
new file mode 100644
index 0000000..e163b7b
--- /dev/null
+++ b/test/ssl/wget2.rb
@@ -0,0 +1,43 @@
+#!/usr/local/bin/ruby
+
+require 'net/https'
+require 'getopts'
+begin require 'verify_cb'; rescue LoadError; end
+
+getopts 'v', 'p:'
+
+uri = ARGV[0]
+if %r!(https?)://(.*?)(?::(\d+))?(/.*)! =~ uri
+  scheme = $1
+  host   = $2
+  port   = $3 ? $3.to_i : Socket.getservbyname(scheme)
+  path   = $4 || "/"
+else
+  STDERR.print "Invalid URI.\n"
+  exit 2
+end
+
+# parse HTTP_PROXY environment variable.
+if proxy = ENV['HTTP_PROXY']
+  if %r!(http)://(.*?)(?::(\d+))?(/.*)! =~ proxy
+    p_scheme = $1
+    p_host   = $2
+    p_port   = $3 ? $3.to_i : Socket.getservbyname(p_scheme)
+  else
+    STDERR.print "Invalid HTTP_PROXY.\n"
+    exit 2
+  end
+end
+
+h = Net::HTTP.new(host, port, p_host, p_port)
+h.set_pipe($stderr) if $DEBUG
+if scheme == "https"
+  h.use_ssl = true
+  h.verify_mode = SSL::VERIFY_PEER if $OPT_v
+  h.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc
+end
+h.get2(path){ |resp|
+  STDERR.puts h.peer_cert.inspect if h.peer_cert
+  print resp.body
+}
+