libgo: Update to current version of master library.

From-SVN: r193688

29 files changed, 1698 insertions, 1185 deletions

diff --git a/libgo/go/crypto/cipher/cbc.go b/libgo/go/crypto/cipher/cbc.go
index a48929cf5d5..6fab9b42131 100644
--- a/libgo/go/crypto/cipher/cbc.go
+++ b/libgo/go/crypto/cipher/cbc.go
@@ -33,6 +33,9 @@ type cbcEncrypter cbc
 // mode, using the given Block. The length of iv must be the same as the
 // Block's block size.
 func NewCBCEncrypter(b Block, iv []byte) BlockMode {
+	if len(iv) != b.BlockSize() {
+		panic("cipher.NewCBCEncrypter: IV length must equal block size")
+	}
 	return (*cbcEncrypter)(newCBC(b, iv))
 }
 
@@ -58,6 +61,9 @@ type cbcDecrypter cbc
 // mode, using the given Block. The length of iv must be the same as the
 // Block's block size and must match the iv used to encrypt the data.
 func NewCBCDecrypter(b Block, iv []byte) BlockMode {
+	if len(iv) != b.BlockSize() {
+		panic("cipher.NewCBCDecrypter: IV length must equal block size")
+	}
 	return (*cbcDecrypter)(newCBC(b, iv))
 }
 
diff --git a/libgo/go/crypto/cipher/cfb.go b/libgo/go/crypto/cipher/cfb.go
index d14165a8656..99006b546d1 100644
--- a/libgo/go/crypto/cipher/cfb.go
+++ b/libgo/go/crypto/cipher/cfb.go
@@ -17,6 +17,9 @@ type cfb struct {
 // using the given Block. The iv must be the same length as the Block's block
 // size.
 func NewCFBEncrypter(block Block, iv []byte) Stream {
+	if len(iv) != block.BlockSize() {
+		panic("cipher.NewCBFEncrypter: IV length must equal block size")
+	}
 	return newCFB(block, iv, false)
 }
 
@@ -24,6 +27,9 @@ func NewCFBEncrypter(block Block, iv []byte) Stream {
 // using the given Block. The iv must be the same length as the Block's block
 // size.
 func NewCFBDecrypter(block Block, iv []byte) Stream {
+	if len(iv) != block.BlockSize() {
+		panic("cipher.NewCBFEncrypter: IV length must equal block size")
+	}
 	return newCFB(block, iv, true)
 }
 
diff --git a/libgo/go/crypto/cipher/ctr.go b/libgo/go/crypto/cipher/ctr.go
index 147b74fc2fd..d9ee9d82725 100644
--- a/libgo/go/crypto/cipher/ctr.go
+++ b/libgo/go/crypto/cipher/ctr.go
@@ -23,7 +23,7 @@ type ctr struct {
 // counter mode. The length of iv must be the same as the Block's block size.
 func NewCTR(block Block, iv []byte) Stream {
 	if len(iv) != block.BlockSize() {
-		panic("cipher.NewCTR: iv length must equal block size")
+		panic("cipher.NewCTR: IV length must equal block size")
 	}
 
 	return &ctr{
diff --git a/libgo/go/crypto/cipher/example_test.go b/libgo/go/crypto/cipher/example_test.go
new file mode 100644
index 00000000000..c888eb2c6a2
--- /dev/null
+++ b/libgo/go/crypto/cipher/example_test.go
@@ -0,0 +1,283 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cipher_test
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"os"
+)
+
+func ExampleNewCBCDecrypter() {
+	key := []byte("example key 1234")
+	ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b5baecb3d4b1b3e0e4beffdb3ded")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// The IV needs to be unique, but not secure. Therefore it's common to
+	// include it at the beginning of the ciphertext.
+	if len(ciphertext) < aes.BlockSize {
+		panic("ciphertext too short")
+	}
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+
+	// CBC mode always works in whole blocks.
+	if len(ciphertext)%aes.BlockSize != 0 {
+		panic("ciphertext is not a multiple of the block size")
+	}
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+
+	// CryptBlocks can work in-place if the two arguments are the same.
+	mode.CryptBlocks(ciphertext, ciphertext)
+
+	// If the original plaintext lengths are not a multiple of the block
+	// size, padding would have to be added when encrypting, which would be
+	// removed at this point. For an example, see
+	// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's
+	// critical to note that ciphertexts must be authenticated (i.e. by
+	// using crypto/hmac) before being decrypted in order to avoid creating
+	// a padding oracle.
+
+	fmt.Printf("%s\n", ciphertext)
+	// Output: exampleplaintext
+}
+
+func ExampleNewCBCEncrypter() {
+	key := []byte("example key 1234")
+	plaintext := []byte("exampleplaintext")
+
+	// CBC mode works on blocks so plaintexts may need to be padded to the
+	// next whole block. For an example of such padding, see
+	// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll
+	// assume that the plaintext is already of the correct length.
+	if len(plaintext)%aes.BlockSize != 0 {
+		panic("plaintext is not a multiple of the block size")
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// The IV needs to be unique, but not secure. Therefore it's common to
+	// include it at the beginning of the ciphertext.
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		panic(err)
+	}
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
+
+	// It's important to remember that ciphertexts must be authenticated
+	// (i.e. by using crypto/hmac) as well as being encrypted in order to
+	// be secure.
+
+	fmt.Printf("%x\n", ciphertext)
+}
+
+func ExampleNewCFBDecrypter() {
+	key := []byte("example key 1234")
+	ciphertext, _ := hex.DecodeString("22277966616d9bc47177bd02603d08c9a67d5380d0fe8cf3b44438dff7b9")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// The IV needs to be unique, but not secure. Therefore it's common to
+	// include it at the beginning of the ciphertext.
+	if len(ciphertext) < aes.BlockSize {
+		panic("ciphertext too short")
+	}
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+
+	stream := cipher.NewCFBDecrypter(block, iv)
+
+	// XORKeyStream can work in-place if the two arguments are the same.
+	stream.XORKeyStream(ciphertext, ciphertext)
+	fmt.Printf("%s", ciphertext)
+	// Output: some plaintext
+}
+
+func ExampleNewCFBEncrypter() {
+	key := []byte("example key 1234")
+	plaintext := []byte("some plaintext")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// The IV needs to be unique, but not secure. Therefore it's common to
+	// include it at the beginning of the ciphertext.
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		panic(err)
+	}
+
+	stream := cipher.NewCFBEncrypter(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
+
+	// It's important to remember that ciphertexts must be authenticated
+	// (i.e. by using crypto/hmac) as well as being encrypted in order to
+	// be secure.
+}
+
+func ExampleNewCTR() {
+	key := []byte("example key 1234")
+	plaintext := []byte("some plaintext")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// The IV needs to be unique, but not secure. Therefore it's common to
+	// include it at the beginning of the ciphertext.
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		panic(err)
+	}
+
+	stream := cipher.NewCTR(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
+
+	// It's important to remember that ciphertexts must be authenticated
+	// (i.e. by using crypto/hmac) as well as being encrypted in order to
+	// be secure.
+
+	// CTR mode is the same for both encryption and decryption, so we can
+	// also decrypt that ciphertext with NewCTR.
+
+	plaintext2 := make([]byte, len(plaintext))
+	stream = cipher.NewCTR(block, iv)
+	stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
+
+	fmt.Printf("%s\n", plaintext2)
+	// Output: some plaintext
+}
+
+func ExampleNewOFB() {
+	key := []byte("example key 1234")
+	plaintext := []byte("some plaintext")
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// The IV needs to be unique, but not secure. Therefore it's common to
+	// include it at the beginning of the ciphertext.
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		panic(err)
+	}
+
+	stream := cipher.NewOFB(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
+
+	// It's important to remember that ciphertexts must be authenticated
+	// (i.e. by using crypto/hmac) as well as being encrypted in order to
+	// be secure.
+
+	// OFB mode is the same for both encryption and decryption, so we can
+	// also decrypt that ciphertext with NewOFB.
+
+	plaintext2 := make([]byte, len(plaintext))
+	stream = cipher.NewOFB(block, iv)
+	stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
+
+	fmt.Printf("%s\n", plaintext2)
+	// Output: some plaintext
+}
+
+func ExampleStreamReader() {
+	key := []byte("example key 1234")
+
+	inFile, err := os.Open("encrypted-file")
+	if err != nil {
+		panic(err)
+	}
+	defer inFile.Close()
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// If the key is unique for each ciphertext, then it's ok to use a zero
+	// IV.
+	var iv [aes.BlockSize]byte
+	stream := cipher.NewOFB(block, iv[:])
+
+	outFile, err := os.OpenFile("decrypted-file", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		panic(err)
+	}
+	defer outFile.Close()
+
+	reader := &cipher.StreamReader{stream, inFile}
+	// Copy the input file to the output file, decrypting as we go.
+	if _, err := io.Copy(outFile, reader); err != nil {
+		panic(err)
+	}
+
+	// Note that this example is simplistic in that it omits any
+	// authentication of the encrypted data. It you were actually to use
+	// StreamReader in this manner, an attacker could flip arbitary bits in
+	// the output.
+}
+
+func ExampleStreamWriter() {
+	key := []byte("example key 1234")
+
+	inFile, err := os.Open("plaintext-file")
+	if err != nil {
+		panic(err)
+	}
+	defer inFile.Close()
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	// If the key is unique for each ciphertext, then it's ok to use a zero
+	// IV.
+	var iv [aes.BlockSize]byte
+	stream := cipher.NewOFB(block, iv[:])
+
+	outFile, err := os.OpenFile("encrypted-file", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		panic(err)
+	}
+	defer outFile.Close()
+
+	writer := &cipher.StreamWriter{stream, outFile, nil}
+	// Copy the input file to the output file, encrypting as we go.
+	if _, err := io.Copy(writer, inFile); err != nil {
+		panic(err)
+	}
+
+	// Note that this example is simplistic in that it omits any
+	// authentication of the encrypted data. It you were actually to use
+	// StreamReader in this manner, an attacker could flip arbitary bits in
+	// the decrypted result.
+}
diff --git a/libgo/go/crypto/hmac/hmac.go b/libgo/go/crypto/hmac/hmac.go
index a97ce09727a..b6f4919a7ce 100644
--- a/libgo/go/crypto/hmac/hmac.go
+++ b/libgo/go/crypto/hmac/hmac.go
@@ -2,13 +2,27 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as
-// defined in U.S. Federal Information Processing Standards Publication 198.
-// An HMAC is a cryptographic hash that uses a key to sign a message.
-// The receiver verifies the hash by recomputing it using the same key.
+/*
+Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as
+defined in U.S. Federal Information Processing Standards Publication 198.
+An HMAC is a cryptographic hash that uses a key to sign a message.
+The receiver verifies the hash by recomputing it using the same key.
+
+Receivers should be careful to use Equal to compare MACs in order to avoid
+timing side-channels:
+
+	// CheckMAC returns true if messageMAC is a valid HMAC tag for message.
+	func CheckMAC(message, messageMAC, key []byte) bool {
+		mac := hmac.New(sha256.New, key)
+		mac.Write(message)
+		expectedMAC := mac.Sum(nil)
+		return hmac.Equal(messageMAC, expectedMAC)
+	}
+*/
 package hmac
 
 import (
+	"crypto/subtle"
 	"hash"
 )
 
@@ -57,7 +71,7 @@ func (h *hmac) BlockSize() int { return h.blocksize }
 func (h *hmac) Reset() {
 	h.inner.Reset()
 	h.tmpPad(0x36)
-	h.inner.Write(h.tmp[0:h.blocksize])
+	h.inner.Write(h.tmp[:h.blocksize])
 }
 
 // New returns a new HMAC hash using the given hash.Hash type and key.
@@ -78,3 +92,11 @@ func New(h func() hash.Hash, key []byte) hash.Hash {
 	hm.Reset()
 	return hm
 }
+
+// Equal compares two MACs for equality without leaking timing information.
+func Equal(mac1, mac2 []byte) bool {
+	// We don't have to be constant time if the lengths of the MACs are
+	// different as that suggests that a completely different hash function
+	// was used.
+	return len(mac1) == len(mac2) && subtle.ConstantTimeCompare(mac1, mac2) == 1
+}
diff --git a/libgo/go/crypto/hmac/hmac_test.go b/libgo/go/crypto/hmac/hmac_test.go
index 07957414c88..d4860424eb1 100644
--- a/libgo/go/crypto/hmac/hmac_test.go
+++ b/libgo/go/crypto/hmac/hmac_test.go
@@ -491,3 +491,22 @@ func TestHMAC(t *testing.T) {
 		}
 	}
 }
+
+func TestEqual(t *testing.T) {
+	a := []byte("test")
+	b := []byte("test1")
+	c := []byte("test2")
+
+	if !Equal(b, b) {
+		t.Error("Equal failed with equal arguments")
+	}
+	if Equal(a, b) {
+		t.Error("Equal accepted a prefix of the second argument")
+	}
+	if Equal(b, a) {
+		t.Error("Equal accepted a prefix of the first argument")
+	}
+	if Equal(b, c) {
+		t.Error("Equal accepted unequal slices")
+	}
+}
diff --git a/libgo/go/crypto/md5/gen.go b/libgo/go/crypto/md5/gen.go
index 1a9c4ab33dd..966bdae267b 100644
--- a/libgo/go/crypto/md5/gen.go
+++ b/libgo/go/crypto/md5/gen.go
@@ -203,6 +203,8 @@ func block(dig *digest, p []byte) {
 			// less code and run 1.3x faster if we take advantage of that.
 			// My apologies.
 			X = (*[16]uint32)(unsafe.Pointer(&p[0]))
+		} else if uintptr(unsafe.Pointer(&p[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
+			X = (*[16]uint32)(unsafe.Pointer(&p[0]))
 		} else {
 			X = &xbuf
 			j := 0
diff --git a/libgo/go/crypto/md5/md5_test.go b/libgo/go/crypto/md5/md5_test.go
index b474a90d5a3..cac39ad054b 100644
--- a/libgo/go/crypto/md5/md5_test.go
+++ b/libgo/go/crypto/md5/md5_test.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"testing"
+	"unsafe"
 )
 
 type md5Test struct {
@@ -54,13 +55,19 @@ func TestGolden(t *testing.T) {
 	for i := 0; i < len(golden); i++ {
 		g := golden[i]
 		c := md5.New()
-		for j := 0; j < 3; j++ {
+		buf := make([]byte, len(g.in)+4)
+		for j := 0; j < 3+4; j++ {
 			if j < 2 {
 				io.WriteString(c, g.in)
-			} else {
+			} else if j == 2 {
 				io.WriteString(c, g.in[0:len(g.in)/2])
 				c.Sum(nil)
 				io.WriteString(c, g.in[len(g.in)/2:])
+			} else if j > 2 {
+				// test unaligned write
+				buf = buf[1:]
+				copy(buf, g.in)
+				c.Write(buf[:len(g.in)])
 			}
 			s := fmt.Sprintf("%x", c.Sum(nil))
 			if s != g.out {
@@ -80,26 +87,45 @@ func ExampleNew() {
 }
 
 var bench = md5.New()
-var buf = makeBuf()
+var buf = make([]byte, 8192+1)
+var sum = make([]byte, bench.Size())
 
-func makeBuf() []byte {
-	b := make([]byte, 8<<10)
-	for i := range b {
-		b[i] = byte(i)
+func benchmarkSize(b *testing.B, size int, unaligned bool) {
+	b.SetBytes(int64(size))
+	buf := buf
+	if unaligned {
+		if uintptr(unsafe.Pointer(&buf[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
+			buf = buf[1:]
+		}
+	}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		bench.Reset()
+		bench.Write(buf[:size])
+		bench.Sum(sum[:0])
 	}
-	return b
+}
+
+func BenchmarkHash8Bytes(b *testing.B) {
+	benchmarkSize(b, 8, false)
 }
 
 func BenchmarkHash1K(b *testing.B) {
-	b.SetBytes(1024)
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf[:1024])
-	}
+	benchmarkSize(b, 1024, false)
 }
 
 func BenchmarkHash8K(b *testing.B) {
-	b.SetBytes(int64(len(buf)))
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf)
-	}
+	benchmarkSize(b, 8192, false)
+}
+
+func BenchmarkHash8BytesUnaligned(b *testing.B) {
+	benchmarkSize(b, 8, true)
+}
+
+func BenchmarkHash1KUnaligned(b *testing.B) {
+	benchmarkSize(b, 1024, true)
+}
+
+func BenchmarkHash8KUnaligned(b *testing.B) {
+	benchmarkSize(b, 8192, true)
 }
diff --git a/libgo/go/crypto/md5/md5block.go b/libgo/go/crypto/md5/md5block.go
index 5dbdf5606b1..59f8f6f5afa 100644
--- a/libgo/go/crypto/md5/md5block.go
+++ b/libgo/go/crypto/md5/md5block.go
@@ -22,6 +22,8 @@ func block(dig *digest, p []byte) {
 			// less code and run 1.3x faster if we take advantage of that.
 			// My apologies.
 			X = (*[16]uint32)(unsafe.Pointer(&p[0]))
+		} else if uintptr(unsafe.Pointer(&p[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
+			X = (*[16]uint32)(unsafe.Pointer(&p[0]))
 		} else {
 			X = &xbuf
 			j := 0
diff --git a/libgo/go/crypto/rsa/rsa.go b/libgo/go/crypto/rsa/rsa.go
index 7faae674304..6addd04bce1 100644
--- a/libgo/go/crypto/rsa/rsa.go
+++ b/libgo/go/crypto/rsa/rsa.go
@@ -61,7 +61,7 @@ type PrivateKey struct {
 }
 
 type PrecomputedValues struct {
-	Dp, Dq *big.Int // D mod (P-1) (or mod Q-1) 
+	Dp, Dq *big.Int // D mod (P-1) (or mod Q-1)
 	Qinv   *big.Int // Q^-1 mod Q
 
 	// CRTValues is used for the 3rd and subsequent primes. Due to a
diff --git a/libgo/go/crypto/rsa/rsa_test.go b/libgo/go/crypto/rsa/rsa_test.go
index 62bbdc4aec3..f9fa56efe72 100644
--- a/libgo/go/crypto/rsa/rsa_test.go
+++ b/libgo/go/crypto/rsa/rsa_test.go
@@ -116,7 +116,7 @@ func BenchmarkRSA2048Decrypt(b *testing.B) {
 	}
 	priv.Precompute()
 
-	c := fromBase10("1000")
+	c := fromBase10("8472002792838218989464636159316973636630013835787202418124758118372358261975764365740026024610403138425986214991379012696600761514742817632790916315594342398720903716529235119816755589383377471752116975374952783629225022962092351886861518911824745188989071172097120352727368980275252089141512321893536744324822590480751098257559766328893767334861211872318961900897793874075248286439689249972315699410830094164386544311554704755110361048571142336148077772023880664786019636334369759624917224888206329520528064315309519262325023881707530002540634660750469137117568199824615333883758410040459705787022909848740188613313")
 
 	b.StartTimer()
 
@@ -141,7 +141,7 @@ func Benchmark3PrimeRSA2048Decrypt(b *testing.B) {
 	}
 	priv.Precompute()
 
-	c := fromBase10("1000")
+	c := fromBase10("8472002792838218989464636159316973636630013835787202418124758118372358261975764365740026024610403138425986214991379012696600761514742817632790916315594342398720903716529235119816755589383377471752116975374952783629225022962092351886861518911824745188989071172097120352727368980275252089141512321893536744324822590480751098257559766328893767334861211872318961900897793874075248286439689249972315699410830094164386544311554704755110361048571142336148077772023880664786019636334369759624917224888206329520528064315309519262325023881707530002540634660750469137117568199824615333883758410040459705787022909848740188613313")
 
 	b.StartTimer()
 
diff --git a/libgo/go/crypto/sha1/sha1_test.go b/libgo/go/crypto/sha1/sha1_test.go
index e3d03e52a31..58541127784 100644
--- a/libgo/go/crypto/sha1/sha1_test.go
+++ b/libgo/go/crypto/sha1/sha1_test.go
@@ -81,26 +81,26 @@ func ExampleNew() {
 }
 
 var bench = sha1.New()
-var buf = makeBuf()
+var buf = make([]byte, 8192)
 
-func makeBuf() []byte {
-	b := make([]byte, 8<<10)
-	for i := range b {
-		b[i] = byte(i)
+func benchmarkSize(b *testing.B, size int) {
+	b.SetBytes(int64(size))
+	sum := make([]byte, bench.Size())
+	for i := 0; i < b.N; i++ {
+		bench.Reset()
+		bench.Write(buf[:size])
+		bench.Sum(sum[:0])
 	}
-	return b
+}
+
+func BenchmarkHash8Bytes(b *testing.B) {
+	benchmarkSize(b, 8)
 }
 
 func BenchmarkHash1K(b *testing.B) {
-	b.SetBytes(1024)
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf[:1024])
-	}
+	benchmarkSize(b, 1024)
 }
 
 func BenchmarkHash8K(b *testing.B) {
-	b.SetBytes(int64(len(buf)))
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf)
-	}
+	benchmarkSize(b, 8192)
 }
diff --git a/libgo/go/crypto/sha1/sha1block.go b/libgo/go/crypto/sha1/sha1block.go
index b9fe21d9e3d..1c9507c68e5 100644
--- a/libgo/go/crypto/sha1/sha1block.go
+++ b/libgo/go/crypto/sha1/sha1block.go
@@ -16,7 +16,7 @@ const (
 )
 
 func block(dig *digest, p []byte) {
-	var w [80]uint32
+	var w [16]uint32
 
 	h0, h1, h2, h3, h4 := dig.h[0], dig.h[1], dig.h[2], dig.h[3], dig.h[4]
 	for len(p) >= chunk {
@@ -26,42 +26,56 @@ func block(dig *digest, p []byte) {
 			j := i * 4
 			w[i] = uint32(p[j])<<24 | uint32(p[j+1])<<16 | uint32(p[j+2])<<8 | uint32(p[j+3])
 		}
-		for i := 16; i < 80; i++ {
-			tmp := w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]
-			w[i] = tmp<<1 | tmp>>(32-1)
-		}
 
 		a, b, c, d, e := h0, h1, h2, h3, h4
 
 		// Each of the four 20-iteration rounds
 		// differs only in the computation of f and
 		// the choice of K (_K0, _K1, etc).
-		for i := 0; i < 20; i++ {
+		i := 0
+		for ; i < 16; i++ {
+			f := b&c | (^b)&d
+			a5 := a<<5 | a>>(32-5)
+			b30 := b<<30 | b>>(32-30)
+			t := a5 + f + e + w[i&0xf] + _K0
+			a, b, c, d, e = t, a, b30, c, d
+		}
+		for ; i < 20; i++ {
+			tmp := w[(i-3)&0xf] ^ w[(i-8)&0xf] ^ w[(i-14)&0xf] ^ w[(i)&0xf]
+			w[i&0xf] = tmp<<1 | tmp>>(32-1)
+
 			f := b&c | (^b)&d
 			a5 := a<<5 | a>>(32-5)
 			b30 := b<<30 | b>>(32-30)
-			t := a5 + f + e + w[i] + _K0
+			t := a5 + f + e + w[i&0xf] + _K0
 			a, b, c, d, e = t, a, b30, c, d
 		}
-		for i := 20; i < 40; i++ {
+		for ; i < 40; i++ {
+			tmp := w[(i-3)&0xf] ^ w[(i-8)&0xf] ^ w[(i-14)&0xf] ^ w[(i)&0xf]
+			w[i&0xf] = tmp<<1 | tmp>>(32-1)
 			f := b ^ c ^ d
 			a5 := a<<5 | a>>(32-5)
 			b30 := b<<30 | b>>(32-30)
-			t := a5 + f + e + w[i] + _K1
+			t := a5 + f + e + w[i&0xf] + _K1
 			a, b, c, d, e = t, a, b30, c, d
 		}
-		for i := 40; i < 60; i++ {
-			f := b&c | b&d | c&d
+		for ; i < 60; i++ {
+			tmp := w[(i-3)&0xf] ^ w[(i-8)&0xf] ^ w[(i-14)&0xf] ^ w[(i)&0xf]
+			w[i&0xf] = tmp<<1 | tmp>>(32-1)
+			f := ((b | c) & d) | (b & c)
+
 			a5 := a<<5 | a>>(32-5)
 			b30 := b<<30 | b>>(32-30)
-			t := a5 + f + e + w[i] + _K2
+			t := a5 + f + e + w[i&0xf] + _K2
 			a, b, c, d, e = t, a, b30, c, d
 		}
-		for i := 60; i < 80; i++ {
+		for ; i < 80; i++ {
+			tmp := w[(i-3)&0xf] ^ w[(i-8)&0xf] ^ w[(i-14)&0xf] ^ w[(i)&0xf]
+			w[i&0xf] = tmp<<1 | tmp>>(32-1)
 			f := b ^ c ^ d
 			a5 := a<<5 | a>>(32-5)
 			b30 := b<<30 | b>>(32-30)
-			t := a5 + f + e + w[i] + _K3
+			t := a5 + f + e + w[i&0xf] + _K3
 			a, b, c, d, e = t, a, b30, c, d
 		}
 
diff --git a/libgo/go/crypto/sha256/sha256_test.go b/libgo/go/crypto/sha256/sha256_test.go
index 8e66b4b306d..29bf1619aeb 100644
--- a/libgo/go/crypto/sha256/sha256_test.go
+++ b/libgo/go/crypto/sha256/sha256_test.go
@@ -125,26 +125,26 @@ func TestGolden(t *testing.T) {
 }
 
 var bench = New()
-var buf = makeBuf()
+var buf = make([]byte, 8192)
 
-func makeBuf() []byte {
-	b := make([]byte, 8<<10)
-	for i := range b {
-		b[i] = byte(i)
+func benchmarkSize(b *testing.B, size int) {
+	b.SetBytes(int64(size))
+	sum := make([]byte, bench.Size())
+	for i := 0; i < b.N; i++ {
+		bench.Reset()
+		bench.Write(buf[:size])
+		bench.Sum(sum[:0])
 	}
-	return b
+}
+
+func BenchmarkHash8Bytes(b *testing.B) {
+	benchmarkSize(b, 8)
 }
 
 func BenchmarkHash1K(b *testing.B) {
-	b.SetBytes(1024)
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf[:1024])
-	}
+	benchmarkSize(b, 1024)
 }
 
 func BenchmarkHash8K(b *testing.B) {
-	b.SetBytes(int64(len(buf)))
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf)
-	}
+	benchmarkSize(b, 8192)
 }
diff --git a/libgo/go/crypto/sha512/sha512_test.go b/libgo/go/crypto/sha512/sha512_test.go
index 977655ddb41..6eafb1b5fa9 100644
--- a/libgo/go/crypto/sha512/sha512_test.go
+++ b/libgo/go/crypto/sha512/sha512_test.go
@@ -125,26 +125,26 @@ func TestGolden(t *testing.T) {
 }
 
 var bench = New()
-var buf = makeBuf()
+var buf = make([]byte, 8192)
 
-func makeBuf() []byte {
-	b := make([]byte, 8<<10)
-	for i := range b {
-		b[i] = byte(i)
+func benchmarkSize(b *testing.B, size int) {
+	b.SetBytes(int64(size))
+	sum := make([]byte, bench.Size())
+	for i := 0; i < b.N; i++ {
+		bench.Reset()
+		bench.Write(buf[:size])
+		bench.Sum(sum[:0])
 	}
-	return b
+}
+
+func BenchmarkHash8Bytes(b *testing.B) {
+	benchmarkSize(b, 8)
 }
 
 func BenchmarkHash1K(b *testing.B) {
-	b.SetBytes(1024)
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf[:1024])
-	}
+	benchmarkSize(b, 1024)
 }
 
 func BenchmarkHash8K(b *testing.B) {
-	b.SetBytes(int64(len(buf)))
-	for i := 0; i < b.N; i++ {
-		bench.Write(buf)
-	}
+	benchmarkSize(b, 8192)
 }
diff --git a/libgo/go/crypto/tls/conn.go b/libgo/go/crypto/tls/conn.go
index fd2ef1ecfa8..44f3e66daed 100644
--- a/libgo/go/crypto/tls/conn.go
+++ b/libgo/go/crypto/tls/conn.go
@@ -513,7 +513,7 @@ Again:
 		// First message, be extra suspicious:
 		// this might not be a TLS client.
 		// Bail out before reading a full 'body', if possible.
-		// The current max version is 3.1. 
+		// The current max version is 3.1.
 		// If the version is >= 16.0, it's probably not real.
 		// Similarly, a clientHello message encodes in
 		// well under a kilobyte.  If the length is >= 12 kB,
@@ -604,9 +604,11 @@ Again:
 // sendAlert sends a TLS alert message.
 // c.out.Mutex <= L.
 func (c *Conn) sendAlertLocked(err alert) error {
-	c.tmp[0] = alertLevelError
-	if err == alertNoRenegotiation {
+	switch err {
+	case alertNoRenegotiation, alertCloseNotify:
 		c.tmp[0] = alertLevelWarning
+	default:
+		c.tmp[0] = alertLevelError
 	}
 	c.tmp[1] = byte(err)
 	c.writeRecord(recordTypeAlert, c.tmp[0:2])
diff --git a/libgo/go/crypto/tls/handshake_client_test.go b/libgo/go/crypto/tls/handshake_client_test.go
index e127049bb05..58ee6186a50 100644
--- a/libgo/go/crypto/tls/handshake_client_test.go
+++ b/libgo/go/crypto/tls/handshake_client_test.go
@@ -246,15 +246,15 @@ var ecdheAESClientScript = [][]byte{
 	},
 	{
 		0x16, 0x03, 0x01, 0x00, 0x54, 0x02, 0x00, 0x00,
-		0x50, 0x03, 0x01, 0x4f, 0x7f, 0x24, 0x25, 0x10,
-		0xa8, 0x9d, 0xb1, 0x33, 0xd6, 0x53, 0x81, 0xce,
-		0xb0, 0x69, 0xed, 0x1b, 0x9c, 0x5e, 0x40, 0x3a,
-		0x4d, 0x06, 0xbc, 0xc7, 0x84, 0x51, 0x5a, 0x30,
-		0x40, 0x50, 0x48, 0x20, 0xcd, 0x91, 0x80, 0x08,
-		0xff, 0x82, 0x38, 0xc6, 0x03, 0x2d, 0x45, 0x4c,
-		0x91, 0xbb, 0xcc, 0x27, 0x3d, 0x58, 0xff, 0x0d,
-		0x26, 0x34, 0x7b, 0x48, 0x7a, 0xce, 0x25, 0x20,
-		0x90, 0x0f, 0x35, 0x9f, 0xc0, 0x13, 0x00, 0x00,
+		0x50, 0x03, 0x01, 0x50, 0x77, 0x31, 0xf7, 0x5b,
+		0xdb, 0x3d, 0x7a, 0x62, 0x76, 0x70, 0x95, 0x33,
+		0x73, 0x71, 0x13, 0xfe, 0xa3, 0xb1, 0xd8, 0xb3,
+		0x4d, 0x0d, 0xdc, 0xfe, 0x58, 0x6e, 0x6a, 0x3a,
+		0xf9, 0xde, 0xdc, 0x20, 0x8e, 0xfa, 0x3d, 0x60,
+		0xd0, 0xda, 0xa4, 0x0e, 0x36, 0xf0, 0xde, 0xb6,
+		0x81, 0xb4, 0x80, 0x5e, 0xf9, 0xd2, 0x4c, 0xec,
+		0xd1, 0x9c, 0x2a, 0x81, 0xc3, 0x36, 0x0b, 0x0f,
+		0x4a, 0x3d, 0xdf, 0x75, 0xc0, 0x13, 0x00, 0x00,
 		0x08, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01,
 		0x02, 0x16, 0x03, 0x01, 0x02, 0x39, 0x0b, 0x00,
 		0x02, 0x35, 0x00, 0x02, 0x32, 0x00, 0x02, 0x2f,
@@ -329,23 +329,23 @@ var ecdheAESClientScript = [][]byte{
 		0xbb, 0x77, 0xba, 0xe4, 0x12, 0xbb, 0xf4, 0xc8,
 		0x5e, 0x9c, 0x81, 0xa8, 0x97, 0x60, 0x4c, 0x16,
 		0x03, 0x01, 0x00, 0x8b, 0x0c, 0x00, 0x00, 0x87,
-		0x03, 0x00, 0x17, 0x41, 0x04, 0x0b, 0xe5, 0x39,
-		0xde, 0x17, 0x7a, 0xaf, 0x96, 0xd5, 0x16, 0x01,
-		0xa8, 0x06, 0x80, 0x98, 0x75, 0x52, 0x56, 0x92,
-		0x15, 0xf9, 0x8d, 0xc0, 0x98, 0x62, 0xed, 0x54,
-		0xb7, 0xef, 0x03, 0x11, 0x34, 0x82, 0x65, 0xd1,
-		0xde, 0x25, 0x15, 0x4c, 0xf3, 0xdf, 0x4d, 0xbd,
-		0x6c, 0xed, 0x3d, 0xd6, 0x04, 0xcc, 0xd1, 0xf7,
-		0x6d, 0x32, 0xb1, 0x1c, 0x59, 0xca, 0xfb, 0xbc,
-		0x61, 0xeb, 0x4b, 0xe6, 0x00, 0x00, 0x40, 0x3e,
-		0xe6, 0x23, 0x54, 0x61, 0x3f, 0x63, 0x16, 0xeb,
-		0x5c, 0xc3, 0xba, 0x8a, 0x19, 0x13, 0x60, 0x9f,
-		0x23, 0xbf, 0x36, 0x1a, 0x32, 0x7a, 0xae, 0x34,
-		0x7f, 0x2f, 0x89, 0x85, 0xe1, 0x0e, 0x93, 0xd7,
-		0xf0, 0xab, 0xa1, 0x0d, 0x54, 0x95, 0x79, 0x0b,
-		0xb4, 0xf1, 0x1c, 0x1d, 0x0f, 0x8c, 0x16, 0xec,
-		0x82, 0x60, 0xee, 0xa3, 0x71, 0x2f, 0xaf, 0x3e,
-		0xf1, 0xbd, 0xb5, 0x1b, 0x7f, 0xe0, 0xd2, 0x16,
+		0x03, 0x00, 0x17, 0x41, 0x04, 0xec, 0x06, 0x1f,
+		0xa0, 0x5e, 0x29, 0x49, 0x71, 0x8b, 0x04, 0x9f,
+		0x47, 0x87, 0xb1, 0xcb, 0xae, 0x57, 0x8f, 0xd7,
+		0xf6, 0xf8, 0x59, 0x74, 0x64, 0x5d, 0x3a, 0x08,
+		0xaf, 0x20, 0xc6, 0xd9, 0xfc, 0x5e, 0x36, 0x8b,
+		0x62, 0x0e, 0xdb, 0xee, 0xd8, 0xcd, 0xef, 0x25,
+		0x8a, 0x38, 0x88, 0x2d, 0x5c, 0x71, 0x50, 0x22,
+		0xda, 0x3f, 0x94, 0x06, 0xc9, 0x68, 0x5b, 0x78,
+		0x3d, 0x95, 0xca, 0x54, 0x44, 0x00, 0x40, 0x36,
+		0xcf, 0x10, 0x81, 0xb4, 0x32, 0x45, 0x3c, 0xa5,
+		0x2d, 0x3e, 0xb0, 0xf8, 0xf4, 0x51, 0xf5, 0x28,
+		0x09, 0x85, 0x71, 0xa6, 0x79, 0x71, 0x4b, 0x4e,
+		0xda, 0x32, 0x5a, 0xc7, 0xb3, 0x57, 0xfd, 0xe8,
+		0x12, 0xab, 0xd8, 0x29, 0xfb, 0x8b, 0x43, 0x8f,
+		0x7e, 0x27, 0x63, 0x91, 0x84, 0x9c, 0x51, 0x0c,
+		0x26, 0x7e, 0x36, 0x3b, 0x37, 0x8d, 0x8f, 0x9e,
+		0xe2, 0x82, 0x62, 0xbb, 0xe5, 0xdf, 0xfc, 0x16,
 		0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
 	},
 	{
@@ -359,34 +359,34 @@ var ecdheAESClientScript = [][]byte{
 		0xe2, 0x32, 0x42, 0xe9, 0x58, 0xb6, 0xd7, 0x49,
 		0xa6, 0xb5, 0x68, 0x1a, 0x41, 0x03, 0x56, 0x6b,
 		0xdc, 0x5a, 0x89, 0x14, 0x03, 0x01, 0x00, 0x01,
-		0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x09, 0xac,
-		0xbe, 0x94, 0x75, 0x4d, 0x73, 0x45, 0xbd, 0xa8,
-		0x0c, 0xe3, 0x5f, 0x72, 0x0b, 0x40, 0x4f, 0xd0,
-		0xd2, 0xcb, 0x16, 0x50, 0xfe, 0xdd, 0x1a, 0x33,
-		0x5c, 0x18, 0x37, 0x98, 0x42, 0xfc, 0x25, 0x42,
-		0x33, 0xce, 0x60, 0xcf, 0x8e, 0x95, 0x6e, 0x48,
-		0xed, 0x00, 0x35, 0x50, 0x26, 0x7f,
+		0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x9a, 0xaa,
+		0xca, 0x5b, 0x57, 0xae, 0x34, 0x92, 0x80, 0x45,
+		0x7f, 0xe6, 0xf9, 0x09, 0x19, 0xd0, 0xf0, 0x1e,
+		0x4b, 0xc3, 0xda, 0x71, 0xce, 0x34, 0x33, 0x56,
+		0x9f, 0x20, 0x9f, 0xf9, 0xa8, 0x62, 0x6c, 0x38,
+		0x1b, 0x41, 0xf5, 0x54, 0xf2, 0x79, 0x42, 0x6c,
+		0xb5, 0x0e, 0xe7, 0xe1, 0xbc, 0x54,
 	},
 	{
 		0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-		0x01, 0x00, 0x30, 0xf6, 0x6a, 0xdb, 0x83, 0xd4,
-		0x3c, 0x77, 0x52, 0xad, 0xc0, 0x0f, 0x3a, 0x2c,
-		0x42, 0xb9, 0x60, 0x4b, 0xb2, 0xf6, 0x84, 0xfd,
-		0x4e, 0x96, 0xfc, 0x15, 0xe7, 0x94, 0x25, 0xb0,
-		0x59, 0x9f, 0xdd, 0xb6, 0x58, 0x03, 0x13, 0x8d,
-		0xeb, 0xb0, 0xad, 0x30, 0x31, 0x58, 0x6c, 0xa0,
-		0x8f, 0x57, 0x50,
+		0x01, 0x00, 0x30, 0x62, 0x82, 0x41, 0x75, 0x2b,
+		0xee, 0x0f, 0xdc, 0x6c, 0x48, 0x5a, 0x63, 0xd6,
+		0xcb, 0x0a, 0xfd, 0x0a, 0x0e, 0xde, 0x8b, 0x41,
+		0x19, 0x0c, 0x13, 0x6b, 0x12, 0xd1, 0xc2, 0x53,
+		0xeb, 0x1e, 0xf3, 0x7a, 0xbf, 0x23, 0xc5, 0xa6,
+		0x81, 0xa1, 0xdb, 0xab, 0x2f, 0x2c, 0xbc, 0x35,
+		0x96, 0x72, 0x83,
 	},
 	{
-		0x17, 0x03, 0x01, 0x00, 0x20, 0xab, 0x64, 0x3d,
-		0x79, 0x69, 0x3e, 0xba, 0xc4, 0x24, 0x7b, 0xe5,
-		0xe5, 0x23, 0x66, 0x6f, 0x32, 0xdf, 0x50, 0x7c,
-		0x06, 0x2a, 0x02, 0x82, 0x79, 0x40, 0xdb, 0xb1,
-		0x04, 0xc0, 0x2b, 0xdc, 0x3a, 0x15, 0x03, 0x01,
-		0x00, 0x20, 0xf8, 0xad, 0xca, 0xd7, 0x96, 0xf0,
-		0xd6, 0xa3, 0x62, 0xe1, 0x03, 0x44, 0xdb, 0xd0,
-		0xc9, 0x63, 0x3e, 0x1b, 0x70, 0x41, 0x57, 0x0c,
-		0xd8, 0x8e, 0x71, 0x49, 0x68, 0xe3, 0x04, 0x53,
-		0x5a, 0xbe,
+		0x17, 0x03, 0x01, 0x00, 0x20, 0xaf, 0x5d, 0x35,
+		0x57, 0x10, 0x60, 0xb3, 0x25, 0x7c, 0x26, 0x0f,
+		0xf3, 0x5e, 0xb3, 0x0d, 0xad, 0x14, 0x53, 0xcc,
+		0x0c, 0x08, 0xd9, 0xa2, 0x67, 0xab, 0xf4, 0x03,
+		0x17, 0x20, 0xf1, 0x7e, 0xca, 0x15, 0x03, 0x01,
+		0x00, 0x20, 0x30, 0xd0, 0xc1, 0xfb, 0x5f, 0xa6,
+		0x1b, 0xb4, 0x48, 0xc2, 0x0b, 0x98, 0xa8, 0x88,
+		0x7a, 0xba, 0xdf, 0x36, 0x06, 0xd8, 0xcc, 0xe9,
+		0x34, 0xdd, 0x64, 0xc8, 0x73, 0xc5, 0xa2, 0x34,
+		0x64, 0xb7,
 	},
 }
diff --git a/libgo/go/crypto/tls/handshake_server_test.go b/libgo/go/crypto/tls/handshake_server_test.go
index 8ca3c2cf191..2546f16e3cd 100644
--- a/libgo/go/crypto/tls/handshake_server_test.go
+++ b/libgo/go/crypto/tls/handshake_server_test.go
@@ -393,24 +393,19 @@ func loadPEMCert(in string) *x509.Certificate {
 // The recorded bytes are written to stdout.
 var rc4ServerScript = [][]byte{
 	{
-		0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00,
-		0x76, 0x03, 0x02, 0x4e, 0xdd, 0xe6, 0xa5, 0xf7,
-		0x00, 0x36, 0xf7, 0x83, 0xec, 0x93, 0x7c, 0xd2,
-		0x4d, 0xe7, 0x7b, 0xf5, 0x4c, 0xf7, 0xe3, 0x86,
-		0xe8, 0xec, 0x3b, 0xbd, 0x2c, 0x9a, 0x3f, 0x57,
-		0xf0, 0xa4, 0xd4, 0x00, 0x00, 0x34, 0x00, 0x33,
-		0x00, 0x45, 0x00, 0x39, 0x00, 0x88, 0x00, 0x16,
-		0x00, 0x32, 0x00, 0x44, 0x00, 0x38, 0x00, 0x87,
-		0x00, 0x13, 0x00, 0x66, 0x00, 0x90, 0x00, 0x91,
-		0x00, 0x8f, 0x00, 0x8e, 0x00, 0x2f, 0x00, 0x41,
-		0x00, 0x35, 0x00, 0x84, 0x00, 0x0a, 0x00, 0x05,
-		0x00, 0x04, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8b,
-		0x00, 0x8a, 0x01, 0x00, 0x00, 0x19, 0x00, 0x09,
-		0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
-		0x0e, 0x00, 0x0c, 0x00, 0x00, 0x09, 0x6c, 0x6f,
-		0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
+		0x16, 0x03, 0x01, 0x00, 0x54, 0x01, 0x00, 0x00,
+		0x50, 0x03, 0x01, 0x50, 0x77, 0x3d, 0xbd, 0x32,
+		0x13, 0xd7, 0xea, 0x33, 0x65, 0x02, 0xb8, 0x70,
+		0xb7, 0x84, 0xc4, 0x05, 0x1f, 0xa4, 0x24, 0xc4,
+		0x91, 0x69, 0x04, 0x32, 0x96, 0xfe, 0x5b, 0x49,
+		0x71, 0x60, 0x9a, 0x00, 0x00, 0x28, 0x00, 0x39,
+		0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+		0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+		0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+		0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+		0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+		0x00,
 	},
-
 	{
 		0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
 		0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -509,72 +504,65 @@ var rc4ServerScript = [][]byte{
 		0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x04, 0x0e,
 		0x00, 0x00, 0x00,
 	},
-
 	{
 		0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
-		0x82, 0x00, 0x80, 0x39, 0xe2, 0x0f, 0x49, 0xa0,
-		0xe6, 0xe4, 0x3b, 0x0c, 0x5f, 0xce, 0x39, 0x97,
-		0x6c, 0xb6, 0x41, 0xd9, 0xe1, 0x52, 0x8f, 0x43,
-		0xb3, 0xc6, 0x4f, 0x9a, 0xe2, 0x1e, 0xb9, 0x3b,
-		0xe3, 0x72, 0x17, 0x68, 0xb2, 0x0d, 0x7b, 0x71,
-		0x33, 0x96, 0x5c, 0xf9, 0xfe, 0x18, 0x8f, 0x2f,
-		0x2b, 0x82, 0xec, 0x03, 0xf2, 0x16, 0xa8, 0xf8,
-		0x39, 0xf9, 0xbb, 0x5a, 0xd3, 0x0c, 0xc1, 0x2a,
-		0x52, 0xa1, 0x90, 0x20, 0x6b, 0x24, 0xc9, 0x55,
-		0xee, 0x05, 0xd8, 0xb3, 0x43, 0x58, 0xf6, 0x7f,
-		0x68, 0x2d, 0xb3, 0xd1, 0x1b, 0x30, 0xaa, 0xdf,
-		0xfc, 0x85, 0xf1, 0xab, 0x14, 0x51, 0x91, 0x78,
-		0x29, 0x35, 0x65, 0xe0, 0x9c, 0xf6, 0xb7, 0x35,
-		0x33, 0xdb, 0x28, 0x93, 0x4d, 0x86, 0xbc, 0xfe,
-		0xaa, 0xd1, 0xc0, 0x2e, 0x4d, 0xec, 0xa2, 0x98,
-		0xca, 0x08, 0xb2, 0x91, 0x14, 0xde, 0x97, 0x3a,
-		0xc4, 0x6b, 0x49, 0x14, 0x03, 0x01, 0x00, 0x01,
-		0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0x7a, 0xcb,
-		0x3b, 0x0e, 0xbb, 0x7a, 0x56, 0x39, 0xaf, 0x83,
-		0xae, 0xfd, 0x25, 0xfd, 0x64, 0xb4, 0x0c, 0x0c,
-		0x17, 0x46, 0x54, 0x2c, 0x6a, 0x07, 0x83, 0xc6,
-		0x46, 0x08, 0x0b, 0xcd, 0x15, 0x53, 0xef, 0x40,
-		0x4e, 0x56,
+		0x82, 0x00, 0x80, 0x2d, 0x09, 0x7c, 0x7f, 0xfc,
+		0x84, 0xce, 0xb3, 0x30, 0x9b, 0xf9, 0xb7, 0xc8,
+		0xc3, 0xff, 0xee, 0x6f, 0x20, 0x8a, 0xf4, 0xfb,
+		0x86, 0x55, 0x1f, 0x6a, 0xb4, 0x81, 0x50, 0x3a,
+		0x46, 0x1b, 0xd3, 0xca, 0x4b, 0x11, 0xff, 0xef,
+		0x02, 0xbc, 0x18, 0xb8, 0x4a, 0x7d, 0x43, 0x23,
+		0x96, 0x92, 0x27, 0x7c, 0xca, 0xcf, 0xe6, 0x91,
+		0xe8, 0x14, 0x97, 0x68, 0xb4, 0xe5, 0xc0, 0xc9,
+		0x23, 0xdd, 0x54, 0x07, 0xa6, 0x2e, 0x8c, 0x98,
+		0xfc, 0xc6, 0x8c, 0x04, 0x6b, 0x1b, 0x5f, 0xd5,
+		0x3d, 0x8b, 0x6c, 0x55, 0x4f, 0x7a, 0xe6, 0x6c,
+		0x74, 0x2c, 0x1e, 0x34, 0xdb, 0xfb, 0x00, 0xb1,
+		0x4e, 0x10, 0x21, 0x16, 0xe0, 0x3e, 0xc5, 0x64,
+		0x84, 0x28, 0x2b, 0x2b, 0x29, 0x47, 0x51, 0x34,
+		0x76, 0x15, 0x20, 0x71, 0x0b, 0x30, 0xa1, 0x85,
+		0xd5, 0x15, 0x18, 0x14, 0x64, 0x4b, 0x40, 0x7c,
+		0x4f, 0xb3, 0x7b, 0x14, 0x03, 0x01, 0x00, 0x01,
+		0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xab, 0xee,
+		0xf5, 0x97, 0x5f, 0xc6, 0x78, 0xf3, 0xc6, 0x83,
+		0x5b, 0x55, 0x4f, 0xcb, 0x45, 0x3f, 0xfa, 0xf7,
+		0x05, 0x02, 0xc2, 0x63, 0x87, 0x18, 0xb5, 0x9a,
+		0x62, 0xe2, 0x3f, 0x88, 0x5a, 0x60, 0x61, 0x72,
+		0xfa, 0x9c,
 	},
-
 	{
 		0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-		0x01, 0x00, 0x24, 0xd3, 0x72, 0xeb, 0x29, 0xb9,
-		0x15, 0x29, 0xb5, 0xe5, 0xb7, 0xef, 0x5c, 0xb2,
-		0x9d, 0xf6, 0xc8, 0x47, 0xd6, 0xa0, 0x84, 0xf0,
-		0x8c, 0xcb, 0xe6, 0xbe, 0xbc, 0xfb, 0x38, 0x90,
-		0x89, 0x60, 0xa2, 0xe8, 0xaa, 0xb3, 0x12, 0x17,
-		0x03, 0x01, 0x00, 0x21, 0x67, 0x4a, 0x3d, 0x31,
-		0x6c, 0x5a, 0x1c, 0xf9, 0x6e, 0xf1, 0xd8, 0x12,
-		0x0e, 0xb9, 0xfd, 0xfc, 0x66, 0x91, 0xd1, 0x1d,
-		0x6e, 0xe4, 0x55, 0xdd, 0x11, 0xb9, 0xb8, 0xa2,
-		0x65, 0xa1, 0x95, 0x64, 0x1c, 0x15, 0x03, 0x01,
-		0x00, 0x16, 0x9b, 0xa0, 0x24, 0xe3, 0xcb, 0xae,
-		0xad, 0x51, 0xb3, 0x63, 0x59, 0x78, 0x49, 0x24,
-		0x06, 0x6e, 0xee, 0x7a, 0xd7, 0x74, 0x53, 0x04,
+		0x01, 0x00, 0x24, 0x72, 0xa4, 0xe4, 0xaa, 0xd2,
+		0xc4, 0x39, 0x7e, 0x2a, 0xc1, 0x6f, 0x34, 0x42,
+		0x28, 0xcb, 0x9d, 0x7a, 0x09, 0xca, 0x96, 0xad,
+		0x0e, 0x11, 0x51, 0x8a, 0x06, 0xb0, 0xe9, 0xca,
+		0xeb, 0xce, 0xe2, 0xd5, 0x2e, 0xc1, 0x8d, 0x17,
+		0x03, 0x01, 0x00, 0x21, 0x2e, 0x61, 0x86, 0x17,
+		0xdb, 0xa6, 0x30, 0xe2, 0x62, 0x06, 0x2a, 0x8b,
+		0x75, 0x2c, 0x2d, 0xcf, 0xf5, 0x01, 0x11, 0x52,
+		0x81, 0x38, 0xcf, 0xd5, 0xf7, 0xdc, 0x52, 0x31,
+		0x1f, 0x97, 0x43, 0xc2, 0x71, 0x15, 0x03, 0x01,
+		0x00, 0x16, 0xe0, 0x21, 0xfe, 0x36, 0x2e, 0x68,
+		0x2c, 0xf1, 0xbe, 0x04, 0xec, 0xd4, 0xc6, 0xdd,
+		0xac, 0x6f, 0x4c, 0x85, 0x32, 0x3f, 0x87, 0x1b,
 	},
 }
 
 var des3ServerScript = [][]byte{
 	{
-		0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00,
-		0x76, 0x03, 0x02, 0x4e, 0x84, 0xf4, 0x3c, 0xe4,
-		0xb8, 0xc7, 0xa0, 0x30, 0x55, 0x2a, 0xbc, 0xb7,
-		0x04, 0x6b, 0x6f, 0x87, 0x93, 0x96, 0xbd, 0x1a,
-		0x7a, 0x1e, 0xce, 0xd2, 0x0d, 0xf3, 0x01, 0x03,
-		0xbe, 0x7b, 0x17, 0x00, 0x00, 0x34, 0x00, 0x33,
-		0x00, 0x45, 0x00, 0x39, 0x00, 0x88, 0x00, 0x16,
-		0x00, 0x32, 0x00, 0x44, 0x00, 0x38, 0x00, 0x87,
-		0x00, 0x13, 0x00, 0x66, 0x00, 0x90, 0x00, 0x91,
-		0x00, 0x8f, 0x00, 0x8e, 0x00, 0x2f, 0x00, 0x41,
-		0x00, 0x35, 0x00, 0x84, 0x00, 0x0a, 0x00, 0x05,
-		0x00, 0x04, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8b,
-		0x00, 0x8a, 0x01, 0x00, 0x00, 0x19, 0x00, 0x09,
-		0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
-		0x0e, 0x00, 0x0c, 0x00, 0x00, 0x09, 0x6c, 0x6f,
-		0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
+		0x16, 0x03, 0x01, 0x00, 0x54, 0x01, 0x00, 0x00,
+		0x50, 0x03, 0x01, 0x50, 0x77, 0x3d, 0xe3, 0x8e,
+		0x48, 0xe6, 0xbd, 0x6d, 0x72, 0x8a, 0x1a, 0x11,
+		0xb0, 0x8a, 0x7e, 0xff, 0x29, 0x07, 0xa8, 0x91,
+		0xbc, 0xea, 0x1e, 0x3e, 0x62, 0xc9, 0x8e, 0x72,
+		0x26, 0xd3, 0xca, 0x00, 0x00, 0x28, 0x00, 0x39,
+		0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+		0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+		0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+		0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+		0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+		0x00,
 	},
-
 	{
 		0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
 		0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -673,58 +661,49 @@ var des3ServerScript = [][]byte{
 		0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x04, 0x0e,
 		0x00, 0x00, 0x00,
 	},
-
 	{
 		0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
-		0x82, 0x00, 0x80, 0xae, 0xcf, 0x4f, 0x70, 0x0e,
-		0xe5, 0xe7, 0xba, 0xef, 0x0c, 0x66, 0xe9, 0xae,
-		0x76, 0xf4, 0xe0, 0xbc, 0x1c, 0x22, 0x5b, 0x72,
-		0xc9, 0x68, 0x63, 0x44, 0xec, 0x72, 0xc2, 0xca,
-		0xac, 0xc2, 0xf5, 0x5c, 0x28, 0xa1, 0xaf, 0xd0,
-		0xc2, 0xf7, 0x79, 0x71, 0x32, 0x73, 0x86, 0xea,
-		0x39, 0xf6, 0x04, 0x26, 0x19, 0x84, 0x1d, 0x7d,
-		0xa1, 0x21, 0xa6, 0x88, 0xbf, 0x33, 0x5a, 0x64,
-		0xb0, 0xc2, 0xcc, 0x19, 0x7a, 0x8b, 0x6e, 0x94,
-		0x9e, 0x2e, 0x20, 0xbe, 0xdc, 0xe9, 0x8e, 0xae,
-		0x5c, 0x39, 0xc8, 0xcd, 0x0e, 0x19, 0x9a, 0xa2,
-		0xfc, 0x3f, 0x61, 0x9a, 0xca, 0x58, 0x69, 0x0d,
-		0xa8, 0x7b, 0xbe, 0x98, 0x8f, 0xb9, 0x9d, 0x8b,
-		0x68, 0x65, 0xa9, 0x74, 0xcc, 0x8d, 0x0c, 0xb2,
-		0xc4, 0x0f, 0xdc, 0x56, 0x3e, 0x44, 0x61, 0x0a,
-		0x26, 0x93, 0x99, 0xef, 0x67, 0xff, 0x6e, 0x73,
-		0x01, 0xa1, 0x90, 0x14, 0x03, 0x01, 0x00, 0x01,
-		0x01, 0x16, 0x03, 0x01, 0x00, 0x60, 0x49, 0x36,
-		0xc8, 0x38, 0x95, 0xe4, 0x5d, 0x8e, 0x80, 0x10,
-		0x26, 0x9f, 0x87, 0x7d, 0xcd, 0xb9, 0x32, 0x6c,
-		0xff, 0xaa, 0xe0, 0x07, 0xec, 0x33, 0xe2, 0x36,
-		0x9d, 0xd5, 0x83, 0x2c, 0xf0, 0x0a, 0xa0, 0xa8,
-		0x12, 0x9f, 0xca, 0x72, 0xda, 0x70, 0x7d, 0x76,
-		0x80, 0x12, 0x88, 0x07, 0xaa, 0x27, 0x62, 0x33,
-		0xab, 0x55, 0xad, 0x3c, 0x2b, 0x54, 0xc4, 0x1c,
-		0x91, 0xfd, 0x8f, 0x9c, 0xa7, 0x8b, 0x75, 0x10,
-		0xa8, 0x6e, 0xfc, 0x30, 0x52, 0x8a, 0x61, 0x02,
-		0xdb, 0x9c, 0x6f, 0xc8, 0x19, 0x93, 0x5d, 0x41,
-		0x1d, 0x36, 0x68, 0x0b, 0xec, 0x30, 0xae, 0xfb,
-		0x90, 0xdb, 0x6d, 0x83, 0xb0, 0xf2,
+		0x82, 0x00, 0x80, 0x33, 0x52, 0xe2, 0xd6, 0x79,
+		0xf8, 0xe6, 0xd4, 0xe2, 0x08, 0xb0, 0x73, 0x36,
+		0xa7, 0x61, 0x72, 0x19, 0xfb, 0xd1, 0x1f, 0xf5,
+		0xbc, 0x7c, 0x84, 0xdd, 0xed, 0x99, 0xd7, 0x5e,
+		0x3d, 0x11, 0xc3, 0x19, 0xb0, 0x7f, 0x10, 0x94,
+		0x72, 0x64, 0xf3, 0x2c, 0x3f, 0x8d, 0x73, 0x39,
+		0x9e, 0xca, 0x2e, 0x09, 0xbd, 0xb7, 0x8d, 0x4c,
+		0x5b, 0x58, 0xff, 0x4f, 0x53, 0xa9, 0xd4, 0x7c,
+		0x34, 0xe0, 0xaa, 0xa8, 0x14, 0xc0, 0x14, 0x25,
+		0x0b, 0xaa, 0x55, 0xab, 0x10, 0x34, 0x45, 0x72,
+		0xe8, 0x26, 0x6f, 0xf5, 0xbb, 0x3a, 0xfa, 0xd8,
+		0x4f, 0x70, 0xe1, 0xc1, 0xb6, 0x11, 0x1e, 0xd1,
+		0xe0, 0x0b, 0xa1, 0x3a, 0xdc, 0x94, 0x89, 0x7f,
+		0x88, 0x5e, 0x5a, 0xf1, 0x0c, 0x98, 0xe2, 0xab,
+		0x0e, 0x3a, 0xa8, 0x2f, 0xbb, 0xc5, 0x02, 0x07,
+		0x15, 0x5e, 0x46, 0x82, 0x54, 0x9c, 0x09, 0xea,
+		0xb9, 0x56, 0xf7, 0x14, 0x03, 0x01, 0x00, 0x01,
+		0x01, 0x16, 0x03, 0x01, 0x00, 0x28, 0xb9, 0xbf,
+		0x9a, 0xb8, 0xe4, 0x14, 0x6b, 0xc6, 0xf0, 0x27,
+		0xb7, 0xdb, 0xb2, 0xbc, 0x16, 0xd1, 0x3c, 0x0b,
+		0xc1, 0xe6, 0x1c, 0xa1, 0x29, 0xc7, 0x37, 0xe6,
+		0x56, 0x1d, 0x16, 0xb5, 0xa8, 0x0d, 0x4d, 0xdb,
+		0x9d, 0xf8, 0xb2, 0x6a, 0x90, 0x96,
 	},
-
 	{
 		0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-		0x01, 0x00, 0x28, 0x07, 0xf3, 0x33, 0x84, 0xb1,
-		0x5d, 0x2b, 0x52, 0xa4, 0x63, 0x3c, 0x32, 0xe0,
-		0x0d, 0x22, 0xf5, 0x23, 0xec, 0xf9, 0xa6, 0xec,
-		0xc0, 0x12, 0x69, 0x88, 0xf6, 0x7d, 0x37, 0xcd,
-		0xc2, 0x74, 0x2f, 0xef, 0xf6, 0x49, 0x15, 0xea,
-		0x88, 0x3f, 0x55, 0x17, 0x03, 0x01, 0x00, 0x28,
-		0xaf, 0x00, 0x84, 0xff, 0x11, 0x01, 0x6d, 0xba,
-		0x39, 0x5e, 0x45, 0xe1, 0x52, 0x5e, 0xc1, 0xab,
-		0xde, 0x5b, 0x16, 0xdd, 0xd6, 0x61, 0x57, 0xb8,
-		0x66, 0x8b, 0x2d, 0xde, 0x51, 0x41, 0xc5, 0x09,
-		0xb3, 0x6a, 0x06, 0x43, 0xb4, 0x73, 0x5c, 0xf1,
-		0x15, 0x03, 0x01, 0x00, 0x18, 0xbd, 0x65, 0xb2,
-		0xce, 0x77, 0x2e, 0xf9, 0x11, 0xc4, 0x80, 0x43,
-		0x5a, 0x73, 0x8b, 0x73, 0xdd, 0xf0, 0x54, 0x44,
-		0x7c, 0x56, 0x19, 0x54, 0xda,
+		0x01, 0x00, 0x28, 0x5d, 0xc9, 0xad, 0xcf, 0xf8,
+		0x37, 0x05, 0xec, 0x5e, 0xb2, 0x77, 0xb3, 0x1a,
+		0x91, 0x75, 0x1d, 0x8d, 0xdd, 0x1a, 0xff, 0xb6,
+		0xca, 0xf7, 0x59, 0x04, 0xb2, 0x11, 0x0a, 0x25,
+		0x7e, 0xc5, 0x7d, 0xba, 0x8a, 0x50, 0xcc, 0xe9,
+		0x89, 0xa0, 0x91, 0x17, 0x03, 0x01, 0x00, 0x28,
+		0x30, 0x68, 0x28, 0x1e, 0x75, 0x82, 0x04, 0xe7,
+		0xd3, 0x3b, 0xb1, 0x17, 0x32, 0x10, 0x7f, 0xae,
+		0x77, 0xeb, 0xf1, 0x46, 0xcc, 0xe5, 0xe0, 0xbe,
+		0x07, 0x37, 0x0d, 0x84, 0x54, 0xa1, 0x88, 0xac,
+		0xe5, 0x06, 0x7b, 0xee, 0xe6, 0xa1, 0xee, 0xb0,
+		0x15, 0x03, 0x01, 0x00, 0x18, 0x73, 0xa9, 0xf8,
+		0x5a, 0xd4, 0xfc, 0xd9, 0xa9, 0x82, 0x97, 0x50,
+		0x14, 0x76, 0x6c, 0x27, 0x9f, 0xa2, 0xf1, 0x52,
+		0xa0, 0xe3, 0xbd, 0xcb, 0xd3,
 	},
 }
 
@@ -890,17 +869,19 @@ var aesServerScript = [][]byte{
 
 var sslv3ServerScript = [][]byte{
 	{
-		0x16, 0x03, 0x00, 0x00, 0x41, 0x01, 0x00, 0x00,
-		0x3d, 0x03, 0x00, 0x4e, 0x70, 0xe2, 0x18, 0x86,
-		0xd6, 0xc6, 0x6f, 0xf3, 0xc8, 0xf4, 0x02, 0xd6,
-		0x4d, 0xee, 0x17, 0x32, 0x4b, 0xd2, 0x78, 0xd8,
-		0xa1, 0x03, 0x5d, 0x68, 0x82, 0x89, 0xbe, 0xfd,
-		0x12, 0xb9, 0x06, 0x00, 0x00, 0x16, 0x00, 0x33,
-		0x00, 0x39, 0x00, 0x16, 0x00, 0x32, 0x00, 0x38,
-		0x00, 0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
-		0x00, 0x05, 0x00, 0x04, 0x01, 0x00,
+		0x16, 0x03, 0x00, 0x00, 0x54, 0x01, 0x00, 0x00,
+		0x50, 0x03, 0x00, 0x50, 0x77, 0x3d, 0x42, 0xae,
+		0x84, 0xbd, 0xc5, 0x07, 0xa5, 0xc4, 0xd6, 0x16,
+		0x4e, 0xd5, 0xc5, 0xfa, 0x02, 0x7a, 0x0f, 0x1d,
+		0xc1, 0xe1, 0xaa, 0xe3, 0x3b, 0x4b, 0x6f, 0x11,
+		0xfa, 0x1a, 0xa4, 0x00, 0x00, 0x28, 0x00, 0x39,
+		0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+		0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+		0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+		0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+		0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+		0x00,
 	},
-
 	{
 		0x16, 0x03, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00,
 		0x26, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -999,90 +980,71 @@ var sslv3ServerScript = [][]byte{
 		0xbd, 0xd9, 0x16, 0x03, 0x00, 0x00, 0x04, 0x0e,
 		0x00, 0x00, 0x00,
 	},
-
 	{
 		0x16, 0x03, 0x00, 0x00, 0x84, 0x10, 0x00, 0x00,
-		0x80, 0x74, 0x0e, 0x3a, 0xcf, 0xba, 0x9f, 0x1a,
-		0x9b, 0xb2, 0xa4, 0xc7, 0x5d, 0xf3, 0x0c, 0x80,
-		0x06, 0x80, 0xf3, 0x57, 0xb2, 0xd9, 0x36, 0x24,
-		0x6a, 0x06, 0x13, 0x40, 0xf9, 0x7c, 0xb9, 0x3e,
-		0x4b, 0x68, 0x4f, 0x21, 0x90, 0x2d, 0xbd, 0xca,
-		0xd4, 0x83, 0xf0, 0x7a, 0xeb, 0x7a, 0x74, 0x1b,
-		0xcd, 0xfe, 0x69, 0xef, 0xc0, 0x86, 0xa0, 0x24,
-		0x31, 0x65, 0x40, 0xd2, 0xdd, 0x6f, 0xb9, 0xd7,
-		0x8d, 0xc1, 0x69, 0x60, 0x44, 0x7a, 0x75, 0xfb,
-		0x42, 0x6a, 0x0f, 0x66, 0x45, 0x10, 0x73, 0xee,
-		0x87, 0x28, 0x37, 0x83, 0x86, 0xd8, 0x5a, 0xc8,
-		0x60, 0x87, 0xda, 0x33, 0x87, 0xaf, 0x34, 0x8b,
-		0xf5, 0x61, 0x63, 0x7a, 0x5c, 0x60, 0x26, 0xb9,
-		0xdb, 0xa1, 0xb7, 0xe3, 0x60, 0x38, 0x94, 0x5c,
-		0x83, 0x23, 0xd6, 0x8d, 0xc2, 0x14, 0x4a, 0x0f,
-		0x0e, 0x4f, 0xf9, 0x4e, 0x7b, 0x15, 0xcd, 0x18,
-		0x04, 0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16,
-		0x03, 0x00, 0x00, 0x3c, 0xbd, 0xbc, 0xec, 0xdc,
-		0x79, 0xb1, 0xae, 0x16, 0xc9, 0x26, 0x9a, 0xc0,
-		0xc0, 0x2c, 0x33, 0x36, 0x13, 0x91, 0x58, 0x5d,
-		0x7d, 0xee, 0x4e, 0xd8, 0x7e, 0xac, 0x88, 0x87,
-		0x0a, 0x75, 0x66, 0xb1, 0x44, 0x79, 0x2f, 0x42,
-		0xe8, 0x92, 0x74, 0x4c, 0xab, 0x36, 0xc8, 0x17,
-		0x5f, 0x02, 0x8a, 0x20, 0x53, 0xe9, 0x1d, 0xb4,
-		0xfe, 0x5c, 0x2b, 0xd9, 0x0a, 0xfb, 0xc6, 0x63,
+		0x80, 0x4a, 0x8d, 0xc4, 0x38, 0x7a, 0x9c, 0xd6,
+		0xe8, 0x72, 0x9e, 0xa3, 0xdf, 0x37, 0xb4, 0x6c,
+		0x58, 0x33, 0x59, 0xd9, 0xc9, 0x4b, 0x50, 0x33,
+		0x6c, 0xed, 0x73, 0x38, 0x2a, 0x46, 0x55, 0x31,
+		0xa9, 0x8e, 0x8e, 0xfc, 0x0b, 0x5d, 0x5f, 0x3c,
+		0x88, 0x28, 0x3f, 0x60, 0x51, 0x13, 0xf1, 0x59,
+		0x0c, 0xa3, 0x5e, 0xe0, 0xa3, 0x35, 0x06, 0xb1,
+		0x71, 0x59, 0x24, 0x4e, 0xed, 0x07, 0x15, 0x88,
+		0x50, 0xef, 0xc2, 0xb2, 0x2a, 0x52, 0x30, 0x6a,
+		0x7c, 0xbe, 0x2f, 0xc6, 0x8f, 0xa8, 0x83, 0xc5,
+		0x80, 0x14, 0x62, 0x74, 0x7f, 0x96, 0x9f, 0x41,
+		0x32, 0x74, 0xdd, 0x76, 0x2d, 0x7b, 0xeb, 0x7b,
+		0xea, 0xd0, 0x4f, 0x0c, 0xcf, 0x9a, 0x9c, 0xc5,
+		0x7a, 0xe4, 0xbc, 0xf8, 0xa6, 0xe1, 0x09, 0x8e,
+		0x7c, 0x53, 0x3a, 0xe3, 0x30, 0x8f, 0x76, 0xee,
+		0x58, 0xbb, 0xfd, 0x0b, 0x06, 0xb8, 0xdf, 0xb7,
+		0x31, 0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16,
+		0x03, 0x00, 0x00, 0x3c, 0x13, 0x91, 0xc6, 0x4a,
+		0x0c, 0x59, 0x25, 0xce, 0x54, 0xc0, 0x1d, 0xb9,
+		0x2a, 0xff, 0x4d, 0xca, 0x26, 0x0c, 0x8c, 0x04,
+		0x98, 0x7c, 0x7c, 0x38, 0xa3, 0xf5, 0xf9, 0x36,
+		0x1c, 0x04, 0x32, 0x47, 0x2d, 0x48, 0x0e, 0x96,
+		0xe8, 0x2b, 0x5e, 0x5a, 0xc6, 0x0a, 0x48, 0x41,
+		0x34, 0x5e, 0x62, 0xd5, 0x68, 0x4e, 0x44, 0x1d,
+		0xb2, 0xa1, 0x11, 0xad, 0x6e, 0x14, 0x85, 0x61,
 	},
-
 	{
 		0x14, 0x03, 0x00, 0x00, 0x01, 0x01, 0x16, 0x03,
-		0x00, 0x00, 0x3c, 0xaa, 0xa1, 0x98, 0xc4, 0x6b,
-		0x5a, 0x16, 0x3f, 0x5f, 0xa4, 0x96, 0x3e, 0x78,
-		0xe4, 0x6f, 0x49, 0x05, 0x47, 0xc4, 0x05, 0x60,
-		0xeb, 0x0b, 0x45, 0xe3, 0xbc, 0x50, 0x11, 0x24,
-		0x5f, 0x01, 0xd7, 0xb8, 0x8f, 0x60, 0x63, 0x66,
-		0xbd, 0x3e, 0xd9, 0xa8, 0x80, 0x43, 0x9f, 0x0b,
-		0x51, 0x61, 0xed, 0x13, 0xc6, 0x21, 0xd0, 0xfe,
-		0xbc, 0x17, 0x3c, 0x36, 0xb0, 0x82, 0x7f, 0x17,
-		0x03, 0x00, 0x00, 0x21, 0xee, 0x44, 0xf3, 0xa6,
-		0x88, 0x9d, 0x78, 0x44, 0xde, 0xdf, 0xeb, 0xc5,
-		0xad, 0xc4, 0xcc, 0x56, 0x5c, 0x54, 0x96, 0x52,
-		0x3f, 0xd9, 0x40, 0x6e, 0x79, 0xd8, 0x58, 0x78,
-		0x4f, 0x5a, 0xe9, 0x06, 0xef, 0x15, 0x03, 0x00,
-		0x00, 0x16, 0xd3, 0xc2, 0x52, 0x99, 0x2a, 0x84,
-		0xc4, 0x52, 0x5f, 0x3b, 0x19, 0xe7, 0xfc, 0x65,
-		0xaf, 0xd3, 0xb7, 0xa3, 0xcc, 0x4a, 0x1d, 0x2e,
+		0x00, 0x00, 0x3c, 0x88, 0xae, 0xa9, 0xd4, 0xa8,
+		0x10, 0x8d, 0x65, 0xa6, 0x3e, 0x1e, 0xed, 0xd2,
+		0xfc, 0xc4, 0x7c, 0xa8, 0x94, 0x4f, 0x11, 0xaf,
+		0xa6, 0x87, 0x09, 0x37, 0x54, 0xf7, 0x69, 0xd1,
+		0xb5, 0x25, 0x6b, 0xb5, 0xed, 0xcb, 0x25, 0x39,
+		0x73, 0xeb, 0x53, 0x6c, 0xc7, 0xb4, 0x29, 0x8f,
+		0xd6, 0x49, 0xd1, 0x95, 0x59, 0x80, 0x9a, 0x67,
+		0x5c, 0xb2, 0xe0, 0xbd, 0x1e, 0xff, 0xaa, 0x17,
+		0x03, 0x00, 0x00, 0x21, 0x65, 0x7b, 0x99, 0x09,
+		0x02, 0xc3, 0x9d, 0x54, 0xd6, 0xe7, 0x32, 0x62,
+		0xab, 0xc1, 0x09, 0x91, 0x30, 0x0a, 0xc9, 0xfa,
+		0x70, 0xec, 0x06, 0x7b, 0xa3, 0xe1, 0x5f, 0xb4,
+		0x63, 0xe6, 0x5c, 0xba, 0x1f, 0x15, 0x03, 0x00,
+		0x00, 0x16, 0x40, 0x70, 0xbe, 0xe6, 0xa6, 0xee,
+		0x8f, 0xd0, 0x87, 0xa0, 0x43, 0xa1, 0x92, 0xd7,
+		0xd0, 0x1a, 0x0c, 0x20, 0x7c, 0xbf, 0xa2, 0xb5,
 	},
 }
 
 var selectCertificateBySNIScript = [][]byte{
 	{
-		0x16, 0x03, 0x01, 0x00, 0xed, 0x01, 0x00, 0x00,
-		0xe9, 0x03, 0x02, 0x50, 0x5a, 0x1c, 0x90, 0x2b,
-		0xc8, 0xf1, 0xd9, 0x4b, 0xd0, 0x18, 0x69, 0xed,
-		0x5a, 0xbd, 0x68, 0xf6, 0xf7, 0xe3, 0xf0, 0x6e,
-		0xd1, 0xcc, 0xf1, 0x2d, 0x94, 0xa4, 0x01, 0x63,
-		0x91, 0xbe, 0xd0, 0x00, 0x00, 0x66, 0xc0, 0x14,
-		0xc0, 0x0a, 0xc0, 0x22, 0xc0, 0x21, 0x00, 0x39,
-		0x00, 0x38, 0x00, 0x88, 0x00, 0x87, 0xc0, 0x0f,
-		0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x12,
-		0xc0, 0x08, 0xc0, 0x1c, 0xc0, 0x1b, 0x00, 0x16,
-		0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
-		0xc0, 0x13, 0xc0, 0x09, 0xc0, 0x1f, 0xc0, 0x1e,
-		0x00, 0x33, 0x00, 0x32, 0x00, 0x9a, 0x00, 0x99,
-		0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
-		0x00, 0x2f, 0x00, 0x96, 0x00, 0x41, 0xc0, 0x11,
-		0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
-		0x00, 0x04, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
-		0x00, 0x14, 0x00, 0x11, 0x00, 0x08, 0x00, 0x06,
-		0x00, 0x03, 0x00, 0xff, 0x02, 0x01, 0x00, 0x00,
-		0x59, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00,
-		0x00, 0x0b, 0x73, 0x6e, 0x69, 0x74, 0x65, 0x73,
-		0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x0b, 0x00,
-		0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00,
-		0x34, 0x00, 0x32, 0x00, 0x0e, 0x00, 0x0d, 0x00,
-		0x19, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x18, 0x00,
-		0x09, 0x00, 0x0a, 0x00, 0x16, 0x00, 0x17, 0x00,
-		0x08, 0x00, 0x06, 0x00, 0x07, 0x00, 0x14, 0x00,
-		0x15, 0x00, 0x04, 0x00, 0x05, 0x00, 0x12, 0x00,
-		0x13, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00,
-		0x0f, 0x00, 0x10, 0x00, 0x11, 0x00, 0x0f, 0x00,
-		0x01, 0x01,
+		0x16, 0x03, 0x01, 0x00, 0x6a, 0x01, 0x00, 0x00,
+		0x66, 0x03, 0x01, 0x50, 0x77, 0x3d, 0xfe, 0xfb,
+		0x8d, 0xc2, 0x68, 0xeb, 0xf9, 0xfa, 0x54, 0x97,
+		0x86, 0x45, 0xa2, 0xa3, 0xed, 0xb1, 0x91, 0xb8,
+		0x28, 0xc0, 0x47, 0xaf, 0xfb, 0xcd, 0xdc, 0x0e,
+		0xb3, 0xea, 0xa5, 0x00, 0x00, 0x28, 0x00, 0x39,
+		0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+		0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+		0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+		0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+		0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+		0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x10, 0x00,
+		0x0e, 0x00, 0x00, 0x0b, 0x73, 0x6e, 0x69, 0x74,
+		0x65, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d,
 	},
 	{
 		0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
@@ -1160,79 +1122,62 @@ var selectCertificateBySNIScript = [][]byte{
 	},
 	{
 		0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
-		0x82, 0x00, 0x80, 0x45, 0x6d, 0x68, 0x61, 0xb9,
-		0x1a, 0xe5, 0xeb, 0x67, 0x22, 0x3b, 0x87, 0x19,
-		0x52, 0x86, 0x31, 0x91, 0xee, 0xcd, 0x17, 0x75,
-		0xc6, 0x44, 0xaf, 0x23, 0xef, 0xd9, 0xfa, 0xd2,
-		0x0b, 0xa2, 0xbb, 0xbf, 0x8b, 0x4b, 0x34, 0x50,
-		0xf6, 0x2e, 0x05, 0x09, 0x7e, 0xbf, 0xb3, 0xa6,
-		0x10, 0xe3, 0xc3, 0x49, 0x55, 0xa8, 0xdf, 0x6c,
-		0xaa, 0xab, 0x11, 0x4c, 0x80, 0x0a, 0x45, 0xf8,
-		0x37, 0xbb, 0xd3, 0x18, 0x4e, 0xec, 0x51, 0xbf,
-		0x1a, 0xf6, 0x11, 0x1b, 0xcf, 0x2c, 0xaf, 0x5f,
-		0x0b, 0x52, 0x4e, 0x92, 0x0c, 0x7a, 0xb2, 0x5d,
-		0xe2, 0x1f, 0x83, 0xbe, 0xf5, 0xbf, 0x05, 0xbf,
-		0x99, 0xd6, 0x9c, 0x86, 0x47, 0x5e, 0xb4, 0xff,
-		0xe7, 0xac, 0xad, 0x1e, 0x3c, 0xaa, 0x91, 0x39,
-		0xca, 0xad, 0xc5, 0x54, 0x64, 0x7e, 0xc2, 0x8a,
-		0x48, 0xee, 0xb6, 0x4e, 0xf9, 0x33, 0x82, 0x52,
-		0xe8, 0xed, 0x48, 0x14, 0x03, 0x01, 0x00, 0x01,
-		0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xc1, 0x2f,
-		0x34, 0x03, 0x2a, 0xf2, 0xfd, 0x83, 0x69, 0x23,
-		0x8c, 0x9e, 0x66, 0x3b, 0xbb, 0xd1, 0xab, 0xbb,
-		0x51, 0x89, 0x27, 0x88, 0x0f, 0x08, 0x3e, 0x00,
-		0xdc, 0xc7, 0x47, 0x82, 0x13, 0x34, 0xec, 0xca,
-		0x68, 0x6a,
+		0x82, 0x00, 0x80, 0x69, 0xc3, 0xd4, 0x0e, 0xcc,
+		0xdc, 0xbc, 0x5e, 0xc2, 0x64, 0xa6, 0xde, 0x3c,
+		0x0c, 0x7e, 0x0c, 0x6b, 0x80, 0x0f, 0xd4, 0x8f,
+		0x02, 0x4b, 0xb2, 0xba, 0x8d, 0x01, 0xeb, 0x6b,
+		0xa1, 0x2e, 0x79, 0x37, 0xba, 0xae, 0x24, 0xc2,
+		0x26, 0x72, 0x51, 0xe1, 0x82, 0x8e, 0x51, 0x41,
+		0x1c, 0x54, 0xa4, 0x26, 0xbe, 0x13, 0xcd, 0x1b,
+		0xc6, 0xed, 0x3d, 0x1f, 0xfd, 0x72, 0x80, 0x90,
+		0xdb, 0xbf, 0xd6, 0x39, 0x94, 0x5f, 0x48, 0xfb,
+		0x25, 0x5a, 0xc9, 0x60, 0x9b, 0xd7, 0xc6, 0x20,
+		0xa8, 0x66, 0x64, 0x13, 0xf3, 0x65, 0xc8, 0xb1,
+		0xd5, 0x33, 0x21, 0x0e, 0x73, 0x41, 0xc0, 0x18,
+		0x1a, 0x37, 0xfe, 0xcf, 0x28, 0x2a, 0xcd, 0xe4,
+		0x0b, 0xac, 0xdd, 0x25, 0x5e, 0xcb, 0x17, 0x51,
+		0x69, 0xd5, 0x8c, 0xf4, 0xb6, 0x21, 0x98, 0xef,
+		0x20, 0xdb, 0x14, 0x67, 0xf3, 0x7c, 0x95, 0x6a,
+		0x48, 0x2a, 0x6a, 0x14, 0x03, 0x01, 0x00, 0x01,
+		0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0x36, 0x1b,
+		0x09, 0xe5, 0xb9, 0xb9, 0x4d, 0x7d, 0xae, 0x87,
+		0xb6, 0x0f, 0xaf, 0xec, 0x22, 0xba, 0x0d, 0xa5,
+		0x96, 0x5e, 0x64, 0x65, 0xe7, 0xfb, 0xe3, 0xf3,
+		0x6b, 0x72, 0xa8, 0xdb, 0xed, 0xd8, 0x69, 0x9c,
+		0x08, 0xd8,
 	},
 	{
 		0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-		0x01, 0x00, 0x24, 0xda, 0x61, 0x76, 0x9f, 0x7a,
-		0x8a, 0xd0, 0x5f, 0x9b, 0x3d, 0xa7, 0xd5, 0xdd,
-		0x95, 0x4b, 0xd4, 0x64, 0x2d, 0x2d, 0x6a, 0x98,
-		0x9e, 0xfe, 0x77, 0x76, 0xe3, 0x02, 0x05, 0x0c,
-		0xb2, 0xa6, 0x15, 0x82, 0x28, 0x25, 0xc5, 0x17,
-		0x03, 0x01, 0x00, 0x21, 0x4e, 0x66, 0x2d, 0x50,
-		0x00, 0xa2, 0x44, 0x4d, 0xee, 0x5f, 0x81, 0x67,
-		0x21, 0x5d, 0x94, 0xc0, 0xfb, 0xdc, 0xbd, 0xf6,
-		0xa8, 0x32, 0x8e, 0x2c, 0x22, 0x58, 0x37, 0xb6,
-		0xa3, 0x1e, 0xf8, 0xdd, 0x83, 0x15, 0x03, 0x01,
-		0x00, 0x16, 0x68, 0x3b, 0x3a, 0xd0, 0x1e, 0xc4,
-		0x5e, 0x97, 0x6a, 0x47, 0x38, 0xfe, 0x17, 0x8e,
-		0xc0, 0xb6, 0x4a, 0x94, 0x00, 0xb5, 0x91, 0xbf,
+		0x01, 0x00, 0x24, 0x60, 0xf7, 0x09, 0x5f, 0xd1,
+		0xcb, 0xc9, 0xe1, 0x22, 0xb5, 0x2a, 0xcc, 0xde,
+		0x7c, 0xa7, 0xb8, 0x85, 0x00, 0xbc, 0xfd, 0x85,
+		0xe1, 0x91, 0x36, 0xbb, 0x07, 0x42, 0xad, 0x3d,
+		0x29, 0x62, 0x69, 0xc1, 0x45, 0x92, 0x6f, 0x17,
+		0x03, 0x01, 0x00, 0x21, 0x0d, 0xf9, 0xd5, 0x87,
+		0xb9, 0x57, 0x3c, 0x50, 0x19, 0xe4, 0x3a, 0x50,
+		0x45, 0xcc, 0x86, 0x89, 0xd4, 0x32, 0x79, 0x45,
+		0x7c, 0x9f, 0x96, 0xd4, 0x54, 0x56, 0x0c, 0x63,
+		0x72, 0x81, 0xc3, 0xd3, 0xe3, 0x15, 0x03, 0x01,
+		0x00, 0x16, 0x84, 0xec, 0x2e, 0xf6, 0xaf, 0x4f,
+		0xee, 0x48, 0x0f, 0xbe, 0xcd, 0x82, 0x5c, 0x56,
+		0x16, 0xe4, 0xfb, 0x89, 0xc5, 0x57, 0x3e, 0x91,
 	},
 }
 
 var issueSessionTicketTest = [][]byte{
 	{
-		0x16, 0x03, 0x01, 0x00, 0xdd, 0x01, 0x00, 0x00,
-		0xd9, 0x03, 0x02, 0x50, 0x5a, 0x32, 0xb6, 0x36,
-		0x0e, 0x94, 0x63, 0x57, 0x93, 0xd7, 0x1e, 0xb2,
-		0xa7, 0xd3, 0x20, 0x24, 0x30, 0x3f, 0x46, 0xf9,
-		0xfe, 0x22, 0x02, 0xa1, 0xff, 0x57, 0xf8, 0x8f,
-		0x95, 0x4c, 0xdd, 0x00, 0x00, 0x66, 0xc0, 0x14,
-		0xc0, 0x0a, 0xc0, 0x22, 0xc0, 0x21, 0x00, 0x39,
-		0x00, 0x38, 0x00, 0x88, 0x00, 0x87, 0xc0, 0x0f,
-		0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x12,
-		0xc0, 0x08, 0xc0, 0x1c, 0xc0, 0x1b, 0x00, 0x16,
-		0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
-		0xc0, 0x13, 0xc0, 0x09, 0xc0, 0x1f, 0xc0, 0x1e,
-		0x00, 0x33, 0x00, 0x32, 0x00, 0x9a, 0x00, 0x99,
-		0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
-		0x00, 0x2f, 0x00, 0x96, 0x00, 0x41, 0xc0, 0x11,
-		0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
-		0x00, 0x04, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
-		0x00, 0x14, 0x00, 0x11, 0x00, 0x08, 0x00, 0x06,
-		0x00, 0x03, 0x00, 0xff, 0x02, 0x01, 0x00, 0x00,
-		0x49, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01,
-		0x02, 0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, 0x00,
-		0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00,
-		0x0c, 0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00,
-		0x16, 0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00,
-		0x07, 0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00,
-		0x05, 0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00,
-		0x02, 0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00,
-		0x11, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0f, 0x00,
-		0x01, 0x01,
+		0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00,
+		0x56, 0x03, 0x01, 0x50, 0x77, 0x3e, 0x49, 0x7a,
+		0xb7, 0x86, 0x5c, 0x27, 0xd2, 0x97, 0x61, 0xe3,
+		0x49, 0x41, 0x48, 0xe7, 0x0e, 0xaa, 0x7e, 0x4d,
+		0xb8, 0xdc, 0x01, 0x97, 0xfb, 0xab, 0x53, 0xb2,
+		0x5e, 0x36, 0xf6, 0x00, 0x00, 0x28, 0x00, 0x39,
+		0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+		0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+		0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+		0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+		0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+		0x00, 0x00, 0x04, 0x00, 0x23, 0x00, 0x00,
 	},
 	{
 		0x16, 0x03, 0x01, 0x00, 0x30, 0x02, 0x00, 0x00,
@@ -1335,735 +1280,526 @@ var issueSessionTicketTest = [][]byte{
 	},
 	{
 		0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
-		0x82, 0x00, 0x80, 0x92, 0x3f, 0xcc, 0x4d, 0x2f,
-		0xb2, 0x12, 0xc4, 0xf5, 0x72, 0xf3, 0x5a, 0x3c,
-		0x5a, 0xbb, 0x99, 0x89, 0xe6, 0x21, 0x0f, 0xdf,
-		0xf3, 0xa3, 0xd0, 0xce, 0x76, 0x55, 0xfd, 0xec,
-		0x38, 0x80, 0xf0, 0x46, 0x0b, 0xfa, 0x61, 0x7c,
-		0xc2, 0xb5, 0xe2, 0x89, 0x7b, 0xeb, 0xcf, 0x3e,
-		0x97, 0xab, 0x72, 0xf6, 0xfd, 0xcf, 0x10, 0x82,
-		0x3a, 0x05, 0x55, 0x7c, 0x2d, 0x7f, 0x44, 0x38,
-		0x9d, 0xeb, 0xa4, 0x7e, 0x53, 0x35, 0xda, 0xe0,
-		0x7c, 0x24, 0x66, 0x42, 0x5d, 0x85, 0xcf, 0xa6,
-		0x98, 0x81, 0xec, 0x42, 0x94, 0x4e, 0x25, 0xb1,
-		0x64, 0xac, 0x89, 0x98, 0x74, 0xd2, 0xeb, 0x51,
-		0x5a, 0xb3, 0xbd, 0x14, 0xf6, 0xc6, 0xec, 0x0b,
-		0xdd, 0x8b, 0x89, 0xdc, 0xde, 0xf3, 0xd6, 0x62,
-		0xee, 0xe3, 0xcf, 0xf5, 0x39, 0x23, 0x46, 0x4f,
-		0xb8, 0xef, 0x14, 0x39, 0x06, 0x36, 0xad, 0x84,
-		0x42, 0xb9, 0xd7, 0x14, 0x03, 0x01, 0x00, 0x01,
-		0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xa1, 0xf0,
-		0x68, 0xf5, 0x29, 0x7e, 0x78, 0xaa, 0xbd, 0x59,
-		0xdc, 0x32, 0xab, 0x8e, 0x25, 0x54, 0x64, 0x9e,
-		0x2b, 0x08, 0xf9, 0xb8, 0xe3, 0x89, 0x09, 0xa4,
-		0xfd, 0x05, 0x78, 0x59, 0xcb, 0x33, 0xfc, 0x66,
-		0xb5, 0x73,
+		0x82, 0x00, 0x80, 0x68, 0x10, 0xdc, 0x80, 0xbc,
+		0xb3, 0x5a, 0x10, 0x75, 0x89, 0xcc, 0xe5, 0x9f,
+		0xbf, 0xe2, 0xce, 0xa4, 0x9f, 0x7f, 0x60, 0xc4,
+		0xfe, 0x5c, 0xb5, 0x02, 0x2d, 0xa5, 0xa9, 0x1e,
+		0x2c, 0x10, 0x79, 0x15, 0x0f, 0xed, 0x96, 0xb3,
+		0xa8, 0x5e, 0x21, 0xbc, 0x5b, 0xdc, 0x58, 0x04,
+		0x7d, 0x37, 0xdb, 0xa0, 0x31, 0xe8, 0x4f, 0x04,
+		0xbc, 0x46, 0x7c, 0xdb, 0x2e, 0x93, 0x07, 0xaf,
+		0xa6, 0x36, 0xd3, 0x39, 0x8d, 0x1d, 0x95, 0xa8,
+		0x50, 0x4b, 0xc4, 0x2b, 0xde, 0xd7, 0x04, 0x6d,
+		0x77, 0x6c, 0x4d, 0x70, 0x51, 0x88, 0x16, 0x31,
+		0x40, 0xb5, 0xba, 0x90, 0x47, 0x64, 0x0c, 0x87,
+		0xa5, 0x19, 0xf9, 0x89, 0x24, 0x3c, 0x5e, 0x4b,
+		0xaa, 0xe0, 0x60, 0x47, 0x0f, 0x2e, 0xcc, 0xc2,
+		0xd5, 0x21, 0xed, 0x72, 0xd0, 0xa9, 0xdd, 0x2a,
+		0x2b, 0xef, 0x08, 0x3a, 0x65, 0xea, 0x8b, 0x52,
+		0x77, 0x2d, 0xcc, 0x14, 0x03, 0x01, 0x00, 0x01,
+		0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xe2, 0x95,
+		0x62, 0x3c, 0x18, 0xe5, 0xc7, 0x2c, 0xda, 0x16,
+		0x9b, 0x28, 0x0d, 0xf7, 0x88, 0x7b, 0x5d, 0x33,
+		0x55, 0x3b, 0x01, 0x73, 0xf2, 0xc6, 0x4e, 0x96,
+		0x01, 0x01, 0x83, 0x65, 0xd4, 0xef, 0x12, 0x13,
+		0x1d, 0x42,
 	},
 	{
 		0x16, 0x03, 0x01, 0x00, 0x72, 0x04, 0x00, 0x00,
 		0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x65,
-		0xe8, 0x4b, 0xd1, 0xef, 0xba, 0xfc, 0x00, 0xd4,
-		0x2f, 0xf5, 0x6f, 0xba, 0xdc, 0xb7, 0xd7, 0x87,
-		0x59, 0x58, 0x05, 0x06, 0x36, 0x8f, 0x47, 0xc7,
-		0x9e, 0x4c, 0xf8, 0xb5, 0xd7, 0x55, 0x84, 0x64,
-		0x0b, 0x4c, 0x0b, 0xad, 0x8d, 0x9b, 0x79, 0x4d,
-		0xd7, 0x61, 0xf7, 0x2b, 0x89, 0x46, 0x2b, 0x52,
-		0x1a, 0x3f, 0x51, 0x58, 0xce, 0x59, 0x23, 0xef,
-		0x60, 0x55, 0x07, 0xc0, 0x46, 0x97, 0xad, 0x0a,
-		0xe3, 0x55, 0x10, 0x06, 0xff, 0x57, 0x0c, 0xb1,
-		0x49, 0xac, 0x80, 0xc6, 0xc3, 0x95, 0x5f, 0x12,
-		0xe2, 0xe5, 0xaa, 0x9f, 0x78, 0xc2, 0x20, 0x14,
+		0xe8, 0x4b, 0xd1, 0xef, 0xba, 0xfb, 0x41, 0x92,
+		0x6d, 0x37, 0x5f, 0xf8, 0x7d, 0x90, 0x0f, 0x01,
+		0xf8, 0x8c, 0xee, 0xbc, 0xd9, 0x0c, 0x97, 0x7e,
+		0x23, 0x46, 0xe2, 0x6b, 0x52, 0xc6, 0xc6, 0x97,
+		0x1d, 0xab, 0xde, 0xa0, 0x86, 0x94, 0xc8, 0x2e,
+		0x8b, 0x2e, 0x42, 0x5f, 0xc2, 0x70, 0x35, 0xc9,
+		0xee, 0x37, 0xeb, 0x70, 0xaa, 0x59, 0x23, 0x6c,
+		0xc8, 0xc1, 0x84, 0x89, 0x39, 0x87, 0x73, 0x0a,
+		0x7e, 0xba, 0xca, 0xed, 0x63, 0xba, 0x4e, 0x4f,
+		0xf3, 0x31, 0x4b, 0xf0, 0xee, 0x91, 0xa5, 0xb4,
+		0x62, 0x01, 0x9e, 0xbd, 0xbc, 0xb3, 0x35, 0x14,
 		0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01,
-		0x00, 0x24, 0x47, 0x51, 0xf1, 0x13, 0xc8, 0xa6,
-		0xd2, 0x2c, 0xad, 0x35, 0xff, 0x53, 0xe2, 0x72,
-		0x01, 0xcb, 0x33, 0xcd, 0xf4, 0xa0, 0x9c, 0x03,
-		0x47, 0xfe, 0xcd, 0xc1, 0x46, 0x8d, 0x41, 0x5e,
-		0x54, 0xf7, 0xc3, 0x85, 0x2b, 0x2f, 0x17, 0x03,
-		0x01, 0x00, 0x21, 0xf4, 0xbf, 0x94, 0x3e, 0x93,
-		0x0b, 0x1b, 0x75, 0x3a, 0xd9, 0xd0, 0x57, 0x75,
-		0xf3, 0xa7, 0x82, 0xc9, 0x6b, 0x9e, 0x43, 0x98,
-		0x44, 0x9e, 0x9f, 0xad, 0x03, 0xa8, 0xb9, 0xa3,
-		0x0a, 0xd1, 0xc4, 0xb4, 0x15, 0x03, 0x01, 0x00,
-		0x16, 0xee, 0x57, 0xbd, 0xd3, 0xb7, 0x20, 0x29,
-		0xd1, 0x24, 0xe2, 0xdc, 0x24, 0xc3, 0x73, 0x86,
-		0x81, 0x8e, 0x40, 0xc3, 0x6e, 0x99, 0x9e,
+		0x00, 0x24, 0x3f, 0x66, 0xe4, 0x98, 0xc1, 0x3f,
+		0xc6, 0x2c, 0x81, 0xfb, 0xa9, 0x9f, 0x27, 0xe9,
+		0x63, 0x20, 0x1e, 0x0e, 0x4f, 0xfc, 0x5d, 0x12,
+		0xee, 0x77, 0x73, 0xc6, 0x96, 0x51, 0xf2, 0x26,
+		0x35, 0x3f, 0xce, 0x6a, 0xa9, 0xfd, 0x17, 0x03,
+		0x01, 0x00, 0x21, 0x8d, 0xd5, 0x67, 0x60, 0x5d,
+		0xa7, 0x93, 0xcc, 0x39, 0x78, 0x59, 0xab, 0xdb,
+		0x10, 0x96, 0xf2, 0xad, 0xa2, 0x85, 0xe2, 0x93,
+		0x43, 0x43, 0xcf, 0x82, 0xbd, 0x1f, 0xdc, 0x7a,
+		0x72, 0xd6, 0x83, 0x3b, 0x15, 0x03, 0x01, 0x00,
+		0x16, 0x89, 0x55, 0xf6, 0x42, 0x71, 0xa9, 0xe9,
+		0x05, 0x68, 0xe8, 0xce, 0x0d, 0x21, 0xe9, 0xec,
+		0xf2, 0x27, 0x67, 0xa7, 0x94, 0xf8, 0x34,
 	},
 }
-
 var serverResumeTest = [][]byte{
 	{
-		0x16, 0x03, 0x01, 0x01, 0x65, 0x01, 0x00, 0x01,
-		0x61, 0x03, 0x01, 0x50, 0x5a, 0x32, 0xe2, 0xde,
-		0x19, 0x5c, 0xb6, 0x51, 0x87, 0xa4, 0x30, 0x2e,
-		0x95, 0x26, 0xd6, 0xed, 0xbf, 0xbf, 0x24, 0xbb,
-		0xd1, 0x1a, 0x29, 0x9f, 0x37, 0xfd, 0xfb, 0xae,
-		0xc2, 0xba, 0x2b, 0x20, 0xb5, 0x7a, 0x00, 0x96,
-		0x92, 0x51, 0xfc, 0x41, 0x16, 0x29, 0xc0, 0x54,
-		0x5e, 0xa7, 0xa9, 0x1f, 0xf8, 0xbf, 0x79, 0xfa,
-		0x49, 0x5a, 0x15, 0x28, 0x72, 0x9a, 0x59, 0xf9,
-		0x9b, 0xc4, 0x3a, 0xa8, 0x00, 0x66, 0xc0, 0x14,
-		0xc0, 0x0a, 0xc0, 0x22, 0xc0, 0x21, 0x00, 0x39,
-		0x00, 0x38, 0x00, 0x88, 0x00, 0x87, 0xc0, 0x0f,
-		0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x12,
-		0xc0, 0x08, 0xc0, 0x1c, 0xc0, 0x1b, 0x00, 0x16,
-		0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
-		0xc0, 0x13, 0xc0, 0x09, 0xc0, 0x1f, 0xc0, 0x1e,
-		0x00, 0x33, 0x00, 0x32, 0x00, 0x9a, 0x00, 0x99,
-		0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
-		0x00, 0x2f, 0x00, 0x96, 0x00, 0x41, 0xc0, 0x11,
-		0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
-		0x00, 0x04, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
-		0x00, 0x14, 0x00, 0x11, 0x00, 0x08, 0x00, 0x06,
-		0x00, 0x03, 0x00, 0xff, 0x02, 0x01, 0x00, 0x00,
-		0xb1, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01,
-		0x02, 0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, 0x00,
-		0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00,
-		0x0c, 0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00,
-		0x16, 0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00,
-		0x07, 0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00,
-		0x05, 0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00,
-		0x02, 0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00,
-		0x11, 0x00, 0x23, 0x00, 0x68, 0x00, 0x00, 0x00,
+		0x16, 0x03, 0x01, 0x00, 0xc2, 0x01, 0x00, 0x00,
+		0xbe, 0x03, 0x01, 0x50, 0x77, 0x3e, 0x4f, 0x1f,
+		0x6f, 0xa5, 0x81, 0xeb, 0xb8, 0x80, 0x55, 0xa4,
+		0x76, 0xc2, 0x7f, 0x27, 0xf2, 0xe7, 0xc9, 0x7a,
+		0x01, 0x3c, 0xd8, 0xc1, 0xde, 0x99, 0x1f, 0x7c,
+		0xab, 0x35, 0x98, 0x00, 0x00, 0x28, 0x00, 0x39,
+		0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+		0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+		0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+		0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+		0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+		0x00, 0x00, 0x6c, 0x00, 0x23, 0x00, 0x68, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x00, 0x65, 0xe8, 0x4b,
-		0xd1, 0xef, 0xba, 0xfc, 0x00, 0xd4, 0x2f, 0xf5,
-		0x6f, 0xba, 0xdc, 0xb7, 0xd7, 0x87, 0x59, 0x58,
-		0x05, 0x06, 0x36, 0x8f, 0x47, 0xc7, 0x9e, 0x4c,
-		0xf8, 0xb5, 0xd7, 0x55, 0x84, 0x64, 0x0b, 0x4c,
-		0x0b, 0xad, 0x8d, 0x9b, 0x79, 0x4d, 0xd7, 0x61,
-		0xf7, 0x2b, 0x89, 0x46, 0x2b, 0x52, 0x1a, 0x3f,
-		0x51, 0x58, 0xce, 0x59, 0x23, 0xef, 0x60, 0x55,
-		0x07, 0xc0, 0x46, 0x97, 0xad, 0x0a, 0xe3, 0x55,
-		0x10, 0x06, 0xff, 0x57, 0x0c, 0xb1, 0x49, 0xac,
-		0x80, 0xc6, 0xc3, 0x95, 0x5f, 0x12, 0xe2, 0xe5,
-		0xaa, 0x9f, 0x78, 0xc2, 0x20, 0x00, 0x0f, 0x00,
-		0x01, 0x01,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x65,
+		0xe8, 0x4b, 0xd1, 0xef, 0xba, 0xfb, 0x41, 0x92,
+		0x6d, 0x37, 0x5f, 0xf8, 0x7d, 0x90, 0x0f, 0x01,
+		0xf8, 0x8c, 0xee, 0xbc, 0xd9, 0x0c, 0x97, 0x7e,
+		0x23, 0x46, 0xe2, 0x6b, 0x52, 0xc6, 0xc6, 0x97,
+		0x1d, 0xab, 0xde, 0xa0, 0x86, 0x94, 0xc8, 0x2e,
+		0x8b, 0x2e, 0x42, 0x5f, 0xc2, 0x70, 0x35, 0xc9,
+		0xee, 0x37, 0xeb, 0x70, 0xaa, 0x59, 0x23, 0x6c,
+		0xc8, 0xc1, 0x84, 0x89, 0x39, 0x87, 0x73, 0x0a,
+		0x7e, 0xba, 0xca, 0xed, 0x63, 0xba, 0x4e, 0x4f,
+		0xf3, 0x31, 0x4b, 0xf0, 0xee, 0x91, 0xa5, 0xb4,
+		0x62, 0x01, 0x9e, 0xbd, 0xbc, 0xb3, 0x35,
 	},
 	{
-		0x16, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00,
-		0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
+		0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x20, 0xb5, 0x7a, 0x00, 0x96,
-		0x92, 0x51, 0xfc, 0x41, 0x16, 0x29, 0xc0, 0x54,
-		0x5e, 0xa7, 0xa9, 0x1f, 0xf8, 0xbf, 0x79, 0xfa,
-		0x49, 0x5a, 0x15, 0x28, 0x72, 0x9a, 0x59, 0xf9,
-		0x9b, 0xc4, 0x3a, 0xa8, 0x00, 0x05, 0x00, 0x14,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x14,
 		0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01,
-		0x00, 0x24, 0x2c, 0x86, 0xdd, 0x85, 0x21, 0xa7,
-		0xda, 0x25, 0xf5, 0x55, 0x62, 0x2d, 0x82, 0x6b,
-		0x9d, 0x67, 0x22, 0x28, 0xf4, 0x55, 0x33, 0xd0,
-		0x77, 0xc0, 0x9e, 0xb7, 0xf4, 0x96, 0x07, 0x8c,
-		0xf5, 0xea, 0x5b, 0x50, 0xa4, 0xb7,
+		0x00, 0x24, 0xc5, 0x35, 0x74, 0x19, 0x05, 0xc5,
+		0x85, 0x68, 0x48, 0xe8, 0xb5, 0xe9, 0xaf, 0x78,
+		0xbd, 0x35, 0x6f, 0xe9, 0x79, 0x34, 0x1b, 0xf0,
+		0x35, 0xd4, 0x4e, 0x55, 0x2e, 0x3c, 0xd5, 0xaf,
+		0xfc, 0xba, 0xf5, 0x1e, 0x83, 0x32,
 	},
 	{
 		0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-		0x01, 0x00, 0x24, 0x15, 0x14, 0x9c, 0x21, 0xdd,
-		0x47, 0x61, 0x52, 0xf9, 0x22, 0x15, 0x55, 0x3c,
-		0xbd, 0xd7, 0xff, 0xf9, 0xbd, 0x84, 0xec, 0x97,
-		0x2d, 0x4e, 0xa9, 0x6a, 0xb9, 0x9b, 0x96, 0xc6,
-		0x9e, 0x5c, 0x77, 0xa8, 0x5d, 0x7a, 0x08,
+		0x01, 0x00, 0x24, 0x27, 0x28, 0x88, 0xe1, 0x7e,
+		0x0d, 0x9c, 0x12, 0x50, 0xf6, 0x7a, 0xa7, 0x32,
+		0x21, 0x68, 0xba, 0xd8, 0x0a, 0xdc, 0x39, 0xef,
+		0x68, 0x95, 0x82, 0xae, 0xbd, 0x12, 0x79, 0xa1,
+		0x99, 0xfd, 0xd0, 0x10, 0x8e, 0x4b, 0xd8,
 	},
 	{
-		0x17, 0x03, 0x01, 0x00, 0x21, 0x04, 0xab, 0x0f,
-		0x7c, 0x54, 0x20, 0xab, 0x34, 0xa3, 0x73, 0x92,
-		0xc5, 0xaa, 0xdd, 0x5b, 0xf5, 0x0c, 0xe4, 0x4f,
-		0xf1, 0x93, 0x07, 0xe5, 0xe8, 0x72, 0xc2, 0x03,
-		0x60, 0xfa, 0x64, 0x01, 0x00, 0x25, 0x15, 0x03,
-		0x01, 0x00, 0x16, 0xc7, 0xd9, 0xff, 0x67, 0xfc,
-		0x7a, 0xac, 0x8a, 0xe6, 0x23, 0xfe, 0x32, 0xbf,
-		0x84, 0xe1, 0xe2, 0xf5, 0x6a, 0xc8, 0xda, 0x30,
-		0x8f,
+		0x17, 0x03, 0x01, 0x00, 0x21, 0xc5, 0x7e, 0x0a,
+		0x52, 0x6a, 0xb9, 0xaa, 0x1d, 0xae, 0x9e, 0x24,
+		0x9c, 0x34, 0x1e, 0xdb, 0x50, 0x95, 0xee, 0x76,
+		0xd7, 0x28, 0x88, 0x08, 0xe3, 0x2e, 0x58, 0xf7,
+		0xdb, 0x34, 0x75, 0xa5, 0x7f, 0x9d, 0x15, 0x03,
+		0x01, 0x00, 0x16, 0x2c, 0xc1, 0x29, 0x5f, 0x12,
+		0x1d, 0x19, 0xab, 0xb3, 0xf4, 0x35, 0x1c, 0x62,
+		0x6a, 0x80, 0x29, 0x0d, 0x0e, 0xef, 0x7d, 0x6e,
+		0x50,
 	},
 }
 
 var clientauthTests = []clientauthTest{
-	// Server doesn't asks for cert
-	// go test -run "TestRunServer" -serve -clientauth 0
-	// gnutls-cli --insecure --debug 100 -p 10443 localhost 2>&1 |
-	//   python parse-gnutls-cli-debug-log.py
-	{"NoClientCert", NoClientCert, nil,
-		[][]byte{{
-			0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00,
-			0x76, 0x03, 0x02, 0x4e, 0xe0, 0x92, 0x5d, 0xcd,
-			0xfe, 0x0c, 0x69, 0xd4, 0x7d, 0x8e, 0xa6, 0x88,
-			0xde, 0x72, 0x04, 0x29, 0x6a, 0x4a, 0x16, 0x23,
-			0xd7, 0x8f, 0xbc, 0xfa, 0x80, 0x73, 0x2e, 0x12,
-			0xb7, 0x0b, 0x39, 0x00, 0x00, 0x34, 0x00, 0x33,
-			0x00, 0x45, 0x00, 0x39, 0x00, 0x88, 0x00, 0x16,
-			0x00, 0x32, 0x00, 0x44, 0x00, 0x38, 0x00, 0x87,
-			0x00, 0x13, 0x00, 0x66, 0x00, 0x90, 0x00, 0x91,
-			0x00, 0x8f, 0x00, 0x8e, 0x00, 0x2f, 0x00, 0x41,
-			0x00, 0x35, 0x00, 0x84, 0x00, 0x0a, 0x00, 0x05,
-			0x00, 0x04, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8b,
-			0x00, 0x8a, 0x01, 0x00, 0x00, 0x19, 0x00, 0x09,
-			0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
-			0x0e, 0x00, 0x0c, 0x00, 0x00, 0x09, 0x6c, 0x6f,
-			0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
-		},
-
-			{
-				0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
-				0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x16,
-				0x03, 0x01, 0x02, 0xbe, 0x0b, 0x00, 0x02, 0xba,
-				0x00, 0x02, 0xb7, 0x00, 0x02, 0xb4, 0x30, 0x82,
-				0x02, 0xb0, 0x30, 0x82, 0x02, 0x19, 0xa0, 0x03,
-				0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x85, 0xb0,
-				0xbb, 0xa4, 0x8a, 0x7f, 0xb8, 0xca, 0x30, 0x0d,
-				0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-				0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x45, 0x31,
-				0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-				0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
-				0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
-				0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
-				0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
-				0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
-				0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
-				0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
-				0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d,
-				0x31, 0x30, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39,
-				0x30, 0x39, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31,
-				0x31, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39, 0x30,
-				0x39, 0x33, 0x38, 0x5a, 0x30, 0x45, 0x31, 0x0b,
-				0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-				0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
-				0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f,
-				0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
-				0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
-				0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72,
-				0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
-				0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
-				0x4c, 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d,
-				0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-				0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
-				0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00,
-				0xbb, 0x79, 0xd6, 0xf5, 0x17, 0xb5, 0xe5, 0xbf,
-				0x46, 0x10, 0xd0, 0xdc, 0x69, 0xbe, 0xe6, 0x2b,
-				0x07, 0x43, 0x5a, 0xd0, 0x03, 0x2d, 0x8a, 0x7a,
-				0x43, 0x85, 0xb7, 0x14, 0x52, 0xe7, 0xa5, 0x65,
-				0x4c, 0x2c, 0x78, 0xb8, 0x23, 0x8c, 0xb5, 0xb4,
-				0x82, 0xe5, 0xde, 0x1f, 0x95, 0x3b, 0x7e, 0x62,
-				0xa5, 0x2c, 0xa5, 0x33, 0xd6, 0xfe, 0x12, 0x5c,
-				0x7a, 0x56, 0xfc, 0xf5, 0x06, 0xbf, 0xfa, 0x58,
-				0x7b, 0x26, 0x3f, 0xb5, 0xcd, 0x04, 0xd3, 0xd0,
-				0xc9, 0x21, 0x96, 0x4a, 0xc7, 0xf4, 0x54, 0x9f,
-				0x5a, 0xbf, 0xef, 0x42, 0x71, 0x00, 0xfe, 0x18,
-				0x99, 0x07, 0x7f, 0x7e, 0x88, 0x7d, 0x7d, 0xf1,
-				0x04, 0x39, 0xc4, 0xa2, 0x2e, 0xdb, 0x51, 0xc9,
-				0x7c, 0xe3, 0xc0, 0x4c, 0x3b, 0x32, 0x66, 0x01,
-				0xcf, 0xaf, 0xb1, 0x1d, 0xb8, 0x71, 0x9a, 0x1d,
-				0xdb, 0xdb, 0x89, 0x6b, 0xae, 0xda, 0x2d, 0x79,
-				0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7,
-				0x30, 0x81, 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55,
-				0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb1, 0xad,
-				0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb, 0x69,
-				0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e, 0x18,
-				0x88, 0x39, 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d,
-				0x23, 0x04, 0x6e, 0x30, 0x6c, 0x80, 0x14, 0xb1,
-				0xad, 0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb,
-				0x69, 0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e,
-				0x18, 0x88, 0x39, 0xa1, 0x49, 0xa4, 0x47, 0x30,
-				0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-				0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13,
-				0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
-				0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
-				0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
-				0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e,
-				0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
-				0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50,
-				0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09,
-				0x00, 0x85, 0xb0, 0xbb, 0xa4, 0x8a, 0x7f, 0xb8,
-				0xca, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
-				0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
-				0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-				0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
-				0x81, 0x00, 0x08, 0x6c, 0x45, 0x24, 0xc7, 0x6b,
-				0xb1, 0x59, 0xab, 0x0c, 0x52, 0xcc, 0xf2, 0xb0,
-				0x14, 0xd7, 0x87, 0x9d, 0x7a, 0x64, 0x75, 0xb5,
-				0x5a, 0x95, 0x66, 0xe4, 0xc5, 0x2b, 0x8e, 0xae,
-				0x12, 0x66, 0x1f, 0xeb, 0x4f, 0x38, 0xb3, 0x6e,
-				0x60, 0xd3, 0x92, 0xfd, 0xf7, 0x41, 0x08, 0xb5,
-				0x25, 0x13, 0xb1, 0x18, 0x7a, 0x24, 0xfb, 0x30,
-				0x1d, 0xba, 0xed, 0x98, 0xb9, 0x17, 0xec, 0xe7,
-				0xd7, 0x31, 0x59, 0xdb, 0x95, 0xd3, 0x1d, 0x78,
-				0xea, 0x50, 0x56, 0x5c, 0xd5, 0x82, 0x5a, 0x2d,
-				0x5a, 0x5f, 0x33, 0xc4, 0xb6, 0xd8, 0xc9, 0x75,
-				0x90, 0x96, 0x8c, 0x0f, 0x52, 0x98, 0xb5, 0xcd,
-				0x98, 0x1f, 0x89, 0x20, 0x5f, 0xf2, 0xa0, 0x1c,
-				0xa3, 0x1b, 0x96, 0x94, 0xdd, 0xa9, 0xfd, 0x57,
-				0xe9, 0x70, 0xe8, 0x26, 0x6d, 0x71, 0x99, 0x9b,
-				0x26, 0x6e, 0x38, 0x50, 0x29, 0x6c, 0x90, 0xa7,
-				0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x04, 0x0e,
-				0x00, 0x00, 0x00,
-			},
-
-			{
-				0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
-				0x82, 0x00, 0x80, 0x10, 0xe1, 0x00, 0x3d, 0x0a,
-				0x6b, 0x02, 0x7f, 0x97, 0xde, 0xfb, 0x65, 0x46,
-				0x1a, 0x50, 0x4e, 0x34, 0x9a, 0xae, 0x14, 0x7e,
-				0xec, 0xef, 0x85, 0x15, 0x3b, 0x39, 0xc2, 0x45,
-				0x04, 0x40, 0x92, 0x71, 0xd6, 0x7e, 0xf6, 0xfd,
-				0x4d, 0x84, 0xf7, 0xc4, 0x77, 0x99, 0x3d, 0xe2,
-				0xc3, 0x8d, 0xb0, 0x4c, 0x74, 0xc8, 0x51, 0xec,
-				0xb2, 0xe8, 0x6b, 0xa1, 0xd2, 0x4d, 0xd8, 0x61,
-				0x92, 0x7a, 0x24, 0x57, 0x44, 0x4f, 0xa2, 0x1e,
-				0x74, 0x0b, 0x06, 0x4b, 0x80, 0x34, 0x8b, 0xfe,
-				0xc2, 0x0e, 0xc1, 0xcd, 0xab, 0x0c, 0x3f, 0x54,
-				0xe2, 0x44, 0xe9, 0x6c, 0x2b, 0xba, 0x7b, 0x64,
-				0xf1, 0x93, 0x65, 0x75, 0xf2, 0x35, 0xff, 0x27,
-				0x03, 0xd5, 0x64, 0xe6, 0x8e, 0xe7, 0x7b, 0x56,
-				0xb6, 0x61, 0x73, 0xeb, 0xa2, 0xdc, 0xa4, 0x6e,
-				0x52, 0xac, 0xbc, 0xba, 0x11, 0xa3, 0xd2, 0x61,
-				0x4a, 0xe0, 0xbb, 0x14, 0x03, 0x01, 0x00, 0x01,
-				0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xd2, 0x5a,
-				0x0c, 0x2a, 0x27, 0x96, 0xba, 0xa9, 0x67, 0xd2,
-				0x51, 0x68, 0x32, 0x68, 0x22, 0x1f, 0xb9, 0x27,
-				0x79, 0x59, 0x28, 0xdf, 0x38, 0x1f, 0x92, 0x21,
-				0x5d, 0x0f, 0xf4, 0xc0, 0xee, 0xb7, 0x10, 0x5a,
-				0xa9, 0x45,
-			},
-
-			{
-				0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-				0x01, 0x00, 0x24, 0x13, 0x6f, 0x6c, 0x71, 0x83,
-				0x59, 0xcf, 0x32, 0x72, 0xe9, 0xce, 0xcc, 0x7a,
-				0x6c, 0xf0, 0x72, 0x39, 0x16, 0xae, 0x40, 0x61,
-				0xfa, 0x92, 0x4c, 0xe7, 0xf2, 0x1a, 0xd7, 0x0c,
-				0x84, 0x76, 0x6c, 0xe9, 0x11, 0x43, 0x19, 0x17,
-				0x03, 0x01, 0x00, 0x21, 0xc0, 0xa2, 0x13, 0x28,
-				0x94, 0x8c, 0x5c, 0xd6, 0x79, 0xb9, 0xfe, 0xae,
-				0x45, 0x4b, 0xc0, 0x7c, 0xae, 0x2d, 0xb4, 0x0d,
-				0x31, 0xc4, 0xad, 0x22, 0xd7, 0x1e, 0x99, 0x1c,
-				0x4c, 0x69, 0xab, 0x42, 0x61, 0x15, 0x03, 0x01,
-				0x00, 0x16, 0xe1, 0x0c, 0x67, 0xf3, 0xf4, 0xb9,
-				0x8e, 0x81, 0x8e, 0x01, 0xb8, 0xa0, 0x69, 0x8c,
-				0x03, 0x11, 0x43, 0x3e, 0xee, 0xb7, 0x4d, 0x69,
-			}}},
 	// Server asks for cert with empty CA list, client doesn't give it.
 	// go test -run "TestRunServer" -serve -clientauth 1
-	// gnutls-cli --insecure --debug 100 -p 10443 localhost
-	{"RequestClientCert, none given", RequestClientCert, nil,
-		[][]byte{{
-			0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00,
-			0x76, 0x03, 0x02, 0x4e, 0xe0, 0x93, 0xe2, 0x47,
-			0x06, 0xa0, 0x61, 0x0c, 0x51, 0xdd, 0xf0, 0xef,
-			0xf4, 0x30, 0x72, 0xe1, 0xa6, 0x50, 0x68, 0x82,
-			0x3c, 0xfb, 0xcb, 0x72, 0x5e, 0x73, 0x9d, 0xda,
-			0x27, 0x35, 0x72, 0x00, 0x00, 0x34, 0x00, 0x33,
-			0x00, 0x45, 0x00, 0x39, 0x00, 0x88, 0x00, 0x16,
-			0x00, 0x32, 0x00, 0x44, 0x00, 0x38, 0x00, 0x87,
-			0x00, 0x13, 0x00, 0x66, 0x00, 0x90, 0x00, 0x91,
-			0x00, 0x8f, 0x00, 0x8e, 0x00, 0x2f, 0x00, 0x41,
-			0x00, 0x35, 0x00, 0x84, 0x00, 0x0a, 0x00, 0x05,
-			0x00, 0x04, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8b,
-			0x00, 0x8a, 0x01, 0x00, 0x00, 0x19, 0x00, 0x09,
-			0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
-			0x0e, 0x00, 0x0c, 0x00, 0x00, 0x09, 0x6c, 0x6f,
-			0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
+	{"RequestClientCert, none given", RequestClientCert, nil, [][]byte{
+		{
+			0x16, 0x03, 0x01, 0x00, 0x54, 0x01, 0x00, 0x00,
+			0x50, 0x03, 0x01, 0x50, 0x77, 0x43, 0x9e, 0x31,
+			0xe6, 0x36, 0x5e, 0x5e, 0x24, 0xe4, 0x0d, 0x26,
+			0x34, 0xa7, 0x1c, 0x2e, 0x59, 0x6d, 0xa5, 0x3e,
+			0x72, 0xf3, 0xa3, 0x1c, 0xbc, 0xb3, 0x27, 0xaf,
+			0x92, 0x5b, 0x7d, 0x00, 0x00, 0x28, 0x00, 0x39,
+			0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+			0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+			0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+			0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+			0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+			0x00,
 		},
-
-			{
-				0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
-				0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x16,
-				0x03, 0x01, 0x02, 0xbe, 0x0b, 0x00, 0x02, 0xba,
-				0x00, 0x02, 0xb7, 0x00, 0x02, 0xb4, 0x30, 0x82,
-				0x02, 0xb0, 0x30, 0x82, 0x02, 0x19, 0xa0, 0x03,
-				0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x85, 0xb0,
-				0xbb, 0xa4, 0x8a, 0x7f, 0xb8, 0xca, 0x30, 0x0d,
-				0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-				0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x45, 0x31,
-				0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-				0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
-				0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
-				0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
-				0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
-				0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
-				0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
-				0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
-				0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d,
-				0x31, 0x30, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39,
-				0x30, 0x39, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31,
-				0x31, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39, 0x30,
-				0x39, 0x33, 0x38, 0x5a, 0x30, 0x45, 0x31, 0x0b,
-				0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-				0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
-				0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f,
-				0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
-				0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
-				0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72,
-				0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
-				0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
-				0x4c, 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d,
-				0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-				0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
-				0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00,
-				0xbb, 0x79, 0xd6, 0xf5, 0x17, 0xb5, 0xe5, 0xbf,
-				0x46, 0x10, 0xd0, 0xdc, 0x69, 0xbe, 0xe6, 0x2b,
-				0x07, 0x43, 0x5a, 0xd0, 0x03, 0x2d, 0x8a, 0x7a,
-				0x43, 0x85, 0xb7, 0x14, 0x52, 0xe7, 0xa5, 0x65,
-				0x4c, 0x2c, 0x78, 0xb8, 0x23, 0x8c, 0xb5, 0xb4,
-				0x82, 0xe5, 0xde, 0x1f, 0x95, 0x3b, 0x7e, 0x62,
-				0xa5, 0x2c, 0xa5, 0x33, 0xd6, 0xfe, 0x12, 0x5c,
-				0x7a, 0x56, 0xfc, 0xf5, 0x06, 0xbf, 0xfa, 0x58,
-				0x7b, 0x26, 0x3f, 0xb5, 0xcd, 0x04, 0xd3, 0xd0,
-				0xc9, 0x21, 0x96, 0x4a, 0xc7, 0xf4, 0x54, 0x9f,
-				0x5a, 0xbf, 0xef, 0x42, 0x71, 0x00, 0xfe, 0x18,
-				0x99, 0x07, 0x7f, 0x7e, 0x88, 0x7d, 0x7d, 0xf1,
-				0x04, 0x39, 0xc4, 0xa2, 0x2e, 0xdb, 0x51, 0xc9,
-				0x7c, 0xe3, 0xc0, 0x4c, 0x3b, 0x32, 0x66, 0x01,
-				0xcf, 0xaf, 0xb1, 0x1d, 0xb8, 0x71, 0x9a, 0x1d,
-				0xdb, 0xdb, 0x89, 0x6b, 0xae, 0xda, 0x2d, 0x79,
-				0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7,
-				0x30, 0x81, 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55,
-				0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb1, 0xad,
-				0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb, 0x69,
-				0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e, 0x18,
-				0x88, 0x39, 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d,
-				0x23, 0x04, 0x6e, 0x30, 0x6c, 0x80, 0x14, 0xb1,
-				0xad, 0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb,
-				0x69, 0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e,
-				0x18, 0x88, 0x39, 0xa1, 0x49, 0xa4, 0x47, 0x30,
-				0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-				0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13,
-				0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
-				0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
-				0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
-				0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e,
-				0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
-				0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50,
-				0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09,
-				0x00, 0x85, 0xb0, 0xbb, 0xa4, 0x8a, 0x7f, 0xb8,
-				0xca, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
-				0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
-				0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-				0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
-				0x81, 0x00, 0x08, 0x6c, 0x45, 0x24, 0xc7, 0x6b,
-				0xb1, 0x59, 0xab, 0x0c, 0x52, 0xcc, 0xf2, 0xb0,
-				0x14, 0xd7, 0x87, 0x9d, 0x7a, 0x64, 0x75, 0xb5,
-				0x5a, 0x95, 0x66, 0xe4, 0xc5, 0x2b, 0x8e, 0xae,
-				0x12, 0x66, 0x1f, 0xeb, 0x4f, 0x38, 0xb3, 0x6e,
-				0x60, 0xd3, 0x92, 0xfd, 0xf7, 0x41, 0x08, 0xb5,
-				0x25, 0x13, 0xb1, 0x18, 0x7a, 0x24, 0xfb, 0x30,
-				0x1d, 0xba, 0xed, 0x98, 0xb9, 0x17, 0xec, 0xe7,
-				0xd7, 0x31, 0x59, 0xdb, 0x95, 0xd3, 0x1d, 0x78,
-				0xea, 0x50, 0x56, 0x5c, 0xd5, 0x82, 0x5a, 0x2d,
-				0x5a, 0x5f, 0x33, 0xc4, 0xb6, 0xd8, 0xc9, 0x75,
-				0x90, 0x96, 0x8c, 0x0f, 0x52, 0x98, 0xb5, 0xcd,
-				0x98, 0x1f, 0x89, 0x20, 0x5f, 0xf2, 0xa0, 0x1c,
-				0xa3, 0x1b, 0x96, 0x94, 0xdd, 0xa9, 0xfd, 0x57,
-				0xe9, 0x70, 0xe8, 0x26, 0x6d, 0x71, 0x99, 0x9b,
-				0x26, 0x6e, 0x38, 0x50, 0x29, 0x6c, 0x90, 0xa7,
-				0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x08, 0x0d,
-				0x00, 0x00, 0x04, 0x01, 0x01, 0x00, 0x00, 0x16,
-				0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
-			},
-
-			{
-				0x16, 0x03, 0x01, 0x00, 0x07, 0x0b, 0x00, 0x00,
-				0x03, 0x00, 0x00, 0x00, 0x16, 0x03, 0x01, 0x00,
-				0x86, 0x10, 0x00, 0x00, 0x82, 0x00, 0x80, 0x64,
-				0x28, 0xb9, 0x3f, 0x48, 0xaf, 0x06, 0x22, 0x39,
-				0x56, 0xd8, 0x6f, 0x63, 0x5d, 0x03, 0x48, 0x63,
-				0x01, 0x13, 0xa2, 0xd6, 0x76, 0xc0, 0xab, 0xda,
-				0x25, 0x30, 0x75, 0x6c, 0xaa, 0xb4, 0xdc, 0x35,
-				0x72, 0xdc, 0xf2, 0x43, 0xe4, 0x1d, 0x82, 0xfb,
-				0x6c, 0x64, 0xe2, 0xa7, 0x8f, 0x32, 0x67, 0x6b,
-				0xcd, 0xd2, 0xb2, 0x36, 0x94, 0xbc, 0x6f, 0x46,
-				0x79, 0x29, 0x42, 0xe3, 0x1a, 0xbf, 0xfb, 0x41,
-				0xd5, 0xe3, 0xb4, 0x2a, 0xf6, 0x95, 0x6f, 0x0c,
-				0x87, 0xb9, 0x03, 0x18, 0xa1, 0xea, 0x4a, 0xe2,
-				0x2e, 0x0f, 0x50, 0x00, 0xc1, 0xe8, 0x8c, 0xc8,
-				0xa2, 0xf6, 0xa4, 0x05, 0xf4, 0x38, 0x3e, 0xd9,
-				0x6e, 0x63, 0x96, 0x0c, 0x34, 0x73, 0x90, 0x03,
-				0x55, 0xa6, 0x34, 0xb0, 0x5e, 0x8c, 0x48, 0x40,
-				0x25, 0x45, 0x84, 0xa6, 0x21, 0x3f, 0x81, 0x97,
-				0xa7, 0x11, 0x09, 0x14, 0x95, 0xa5, 0xe5, 0x14,
-				0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01,
-				0x00, 0x24, 0x16, 0xaa, 0x01, 0x2c, 0xa8, 0xc1,
-				0x28, 0xaf, 0x35, 0xc1, 0xc1, 0xf3, 0x0a, 0x25,
-				0x66, 0x6e, 0x27, 0x11, 0xa3, 0xa4, 0xd9, 0xe9,
-				0xea, 0x15, 0x09, 0x9d, 0x28, 0xe3, 0x5b, 0x2b,
-				0xa6, 0x25, 0xa7, 0x14, 0x24, 0x3a,
-			},
-
-			{
-				0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-				0x01, 0x00, 0x24, 0x9a, 0xa8, 0xd6, 0x77, 0x46,
-				0x45, 0x68, 0x9d, 0x5d, 0xa9, 0x68, 0x03, 0xe5,
-				0xaf, 0xe8, 0xc8, 0x21, 0xc5, 0xc6, 0xc1, 0x50,
-				0xe0, 0xd8, 0x52, 0xce, 0xa3, 0x4f, 0x2d, 0xf4,
-				0xe3, 0xa7, 0x7d, 0x35, 0x80, 0x84, 0x12, 0x17,
-				0x03, 0x01, 0x00, 0x21, 0x8a, 0x82, 0x0c, 0x54,
-				0x1b, 0xeb, 0x77, 0x90, 0x2c, 0x3e, 0xbc, 0xf0,
-				0x23, 0xcc, 0xa8, 0x9f, 0x25, 0x08, 0x12, 0xed,
-				0x43, 0xf1, 0xf9, 0x06, 0xad, 0xa9, 0x4b, 0x97,
-				0x82, 0xb7, 0xc4, 0x0b, 0x4c, 0x15, 0x03, 0x01,
-				0x00, 0x16, 0x05, 0x2d, 0x9d, 0x45, 0x03, 0xb7,
-				0xc2, 0xd1, 0xb5, 0x1a, 0x43, 0xcf, 0x1a, 0x37,
-				0xf4, 0x70, 0xcc, 0xb4, 0xed, 0x07, 0x76, 0x3a,
-			}}},
+		{
+			0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
+			0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x16,
+			0x03, 0x01, 0x02, 0xbe, 0x0b, 0x00, 0x02, 0xba,
+			0x00, 0x02, 0xb7, 0x00, 0x02, 0xb4, 0x30, 0x82,
+			0x02, 0xb0, 0x30, 0x82, 0x02, 0x19, 0xa0, 0x03,
+			0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x85, 0xb0,
+			0xbb, 0xa4, 0x8a, 0x7f, 0xb8, 0xca, 0x30, 0x0d,
+			0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+			0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x45, 0x31,
+			0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+			0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
+			0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
+			0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
+			0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
+			0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
+			0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
+			0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
+			0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d,
+			0x31, 0x30, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39,
+			0x30, 0x39, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31,
+			0x31, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39, 0x30,
+			0x39, 0x33, 0x38, 0x5a, 0x30, 0x45, 0x31, 0x0b,
+			0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+			0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
+			0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f,
+			0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
+			0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
+			0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72,
+			0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
+			0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
+			0x4c, 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d,
+			0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+			0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
+			0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00,
+			0xbb, 0x79, 0xd6, 0xf5, 0x17, 0xb5, 0xe5, 0xbf,
+			0x46, 0x10, 0xd0, 0xdc, 0x69, 0xbe, 0xe6, 0x2b,
+			0x07, 0x43, 0x5a, 0xd0, 0x03, 0x2d, 0x8a, 0x7a,
+			0x43, 0x85, 0xb7, 0x14, 0x52, 0xe7, 0xa5, 0x65,
+			0x4c, 0x2c, 0x78, 0xb8, 0x23, 0x8c, 0xb5, 0xb4,
+			0x82, 0xe5, 0xde, 0x1f, 0x95, 0x3b, 0x7e, 0x62,
+			0xa5, 0x2c, 0xa5, 0x33, 0xd6, 0xfe, 0x12, 0x5c,
+			0x7a, 0x56, 0xfc, 0xf5, 0x06, 0xbf, 0xfa, 0x58,
+			0x7b, 0x26, 0x3f, 0xb5, 0xcd, 0x04, 0xd3, 0xd0,
+			0xc9, 0x21, 0x96, 0x4a, 0xc7, 0xf4, 0x54, 0x9f,
+			0x5a, 0xbf, 0xef, 0x42, 0x71, 0x00, 0xfe, 0x18,
+			0x99, 0x07, 0x7f, 0x7e, 0x88, 0x7d, 0x7d, 0xf1,
+			0x04, 0x39, 0xc4, 0xa2, 0x2e, 0xdb, 0x51, 0xc9,
+			0x7c, 0xe3, 0xc0, 0x4c, 0x3b, 0x32, 0x66, 0x01,
+			0xcf, 0xaf, 0xb1, 0x1d, 0xb8, 0x71, 0x9a, 0x1d,
+			0xdb, 0xdb, 0x89, 0x6b, 0xae, 0xda, 0x2d, 0x79,
+			0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7,
+			0x30, 0x81, 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55,
+			0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb1, 0xad,
+			0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb, 0x69,
+			0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e, 0x18,
+			0x88, 0x39, 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d,
+			0x23, 0x04, 0x6e, 0x30, 0x6c, 0x80, 0x14, 0xb1,
+			0xad, 0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb,
+			0x69, 0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e,
+			0x18, 0x88, 0x39, 0xa1, 0x49, 0xa4, 0x47, 0x30,
+			0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+			0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13,
+			0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
+			0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
+			0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
+			0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e,
+			0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
+			0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50,
+			0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09,
+			0x00, 0x85, 0xb0, 0xbb, 0xa4, 0x8a, 0x7f, 0xb8,
+			0xca, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+			0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+			0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+			0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
+			0x81, 0x00, 0x08, 0x6c, 0x45, 0x24, 0xc7, 0x6b,
+			0xb1, 0x59, 0xab, 0x0c, 0x52, 0xcc, 0xf2, 0xb0,
+			0x14, 0xd7, 0x87, 0x9d, 0x7a, 0x64, 0x75, 0xb5,
+			0x5a, 0x95, 0x66, 0xe4, 0xc5, 0x2b, 0x8e, 0xae,
+			0x12, 0x66, 0x1f, 0xeb, 0x4f, 0x38, 0xb3, 0x6e,
+			0x60, 0xd3, 0x92, 0xfd, 0xf7, 0x41, 0x08, 0xb5,
+			0x25, 0x13, 0xb1, 0x18, 0x7a, 0x24, 0xfb, 0x30,
+			0x1d, 0xba, 0xed, 0x98, 0xb9, 0x17, 0xec, 0xe7,
+			0xd7, 0x31, 0x59, 0xdb, 0x95, 0xd3, 0x1d, 0x78,
+			0xea, 0x50, 0x56, 0x5c, 0xd5, 0x82, 0x5a, 0x2d,
+			0x5a, 0x5f, 0x33, 0xc4, 0xb6, 0xd8, 0xc9, 0x75,
+			0x90, 0x96, 0x8c, 0x0f, 0x52, 0x98, 0xb5, 0xcd,
+			0x98, 0x1f, 0x89, 0x20, 0x5f, 0xf2, 0xa0, 0x1c,
+			0xa3, 0x1b, 0x96, 0x94, 0xdd, 0xa9, 0xfd, 0x57,
+			0xe9, 0x70, 0xe8, 0x26, 0x6d, 0x71, 0x99, 0x9b,
+			0x26, 0x6e, 0x38, 0x50, 0x29, 0x6c, 0x90, 0xa7,
+			0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x08, 0x0d,
+			0x00, 0x00, 0x04, 0x01, 0x01, 0x00, 0x00, 0x16,
+			0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
+		},
+		{
+			0x16, 0x03, 0x01, 0x00, 0x07, 0x0b, 0x00, 0x00,
+			0x03, 0x00, 0x00, 0x00, 0x16, 0x03, 0x01, 0x00,
+			0x86, 0x10, 0x00, 0x00, 0x82, 0x00, 0x80, 0x04,
+			0x58, 0x63, 0x26, 0x32, 0x1b, 0x34, 0xbe, 0x10,
+			0xe4, 0xe4, 0x3e, 0xcd, 0x36, 0x7f, 0xa8, 0xa8,
+			0xe0, 0x19, 0xe8, 0x94, 0x13, 0xd9, 0x35, 0xc4,
+			0x71, 0xb4, 0x91, 0xd4, 0xbc, 0x74, 0x57, 0x9f,
+			0x93, 0xb7, 0x5d, 0x3b, 0x9c, 0xff, 0x5d, 0x79,
+			0xdb, 0x86, 0xfc, 0xdc, 0x74, 0x1e, 0x0c, 0xc6,
+			0xe8, 0x93, 0xcf, 0xaf, 0xba, 0x1d, 0xfd, 0x8a,
+			0xeb, 0xef, 0xbf, 0xfa, 0xa6, 0xe7, 0x53, 0x98,
+			0x60, 0x4e, 0x0e, 0x60, 0x7d, 0xea, 0x40, 0x8d,
+			0x1d, 0x8f, 0xa3, 0xc6, 0x83, 0xbc, 0xef, 0xb7,
+			0x9a, 0x4a, 0xe7, 0x99, 0xee, 0x0b, 0xc7, 0x46,
+			0x75, 0x45, 0x66, 0xe8, 0x5f, 0x4b, 0x08, 0xa4,
+			0xc1, 0x36, 0xd0, 0x36, 0x2c, 0xf2, 0x9a, 0x44,
+			0x1e, 0x5f, 0x22, 0xf4, 0xbe, 0x66, 0x66, 0x17,
+			0xd8, 0xb6, 0x0a, 0x89, 0xed, 0x22, 0x80, 0xdb,
+			0xad, 0x05, 0xd1, 0xb5, 0x93, 0xa1, 0x1c, 0x14,
+			0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01,
+			0x00, 0x24, 0x62, 0x6f, 0x3d, 0x30, 0x56, 0x97,
+			0xde, 0x03, 0x67, 0xa9, 0x63, 0x21, 0xb6, 0xe6,
+			0x05, 0x69, 0x94, 0xfb, 0x50, 0xc1, 0x99, 0xdd,
+			0xf6, 0xe8, 0x60, 0xbd, 0xe6, 0xba, 0xe3, 0x50,
+			0x0a, 0xcd, 0xde, 0x14, 0x16, 0xc4,
+		},
+		{
+			0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
+			0x01, 0x00, 0x24, 0xf0, 0x21, 0xf6, 0x84, 0x6a,
+			0xe3, 0x6b, 0x8a, 0xc5, 0x46, 0x50, 0xca, 0x40,
+			0xea, 0x4e, 0x82, 0xc1, 0x70, 0x25, 0xd8, 0x7d,
+			0x60, 0xf5, 0x51, 0x7f, 0x64, 0x03, 0x9f, 0x53,
+			0xec, 0xfb, 0x57, 0xa9, 0xfc, 0x26, 0x15, 0x17,
+			0x03, 0x01, 0x00, 0x21, 0xa6, 0xc6, 0x94, 0x2b,
+			0xa9, 0xcb, 0x93, 0xff, 0xb6, 0xa6, 0xe7, 0xc5,
+			0x37, 0x86, 0x15, 0x37, 0x57, 0xce, 0xef, 0x54,
+			0x96, 0x5d, 0x50, 0xa0, 0x50, 0x69, 0x5e, 0x82,
+			0x61, 0x8d, 0x42, 0xfb, 0x78, 0x15, 0x03, 0x01,
+			0x00, 0x16, 0x45, 0xd1, 0x86, 0x68, 0x59, 0xc1,
+			0xaf, 0xac, 0x5c, 0x46, 0x8a, 0x68, 0x69, 0x0c,
+			0xd7, 0x67, 0xbf, 0xf0, 0x3e, 0xee, 0x45, 0x55,
+		},
+	}},
 	// Server asks for cert with empty CA list, client gives one
 	// go test -run "TestRunServer" -serve -clientauth 1
-	// gnutls-cli --insecure --debug 100 -p 10443 localhost
-	{"RequestClientCert, client gives it", RequestClientCert,
-		[]*x509.Certificate{clientCertificate},
-		[][]byte{{
-			0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00,
-			0x76, 0x03, 0x02, 0x4e, 0xe7, 0x44, 0xda, 0x58,
-			0x7d, 0x46, 0x4a, 0x48, 0x97, 0x9f, 0xe5, 0x91,
-			0x11, 0x64, 0xa7, 0x1e, 0x4d, 0xb7, 0xfe, 0x9b,
-			0xc6, 0x63, 0xf8, 0xa4, 0xb5, 0x0b, 0x18, 0xb5,
-			0xbd, 0x19, 0xb3, 0x00, 0x00, 0x34, 0x00, 0x33,
-			0x00, 0x45, 0x00, 0x39, 0x00, 0x88, 0x00, 0x16,
-			0x00, 0x32, 0x00, 0x44, 0x00, 0x38, 0x00, 0x87,
-			0x00, 0x13, 0x00, 0x66, 0x00, 0x90, 0x00, 0x91,
-			0x00, 0x8f, 0x00, 0x8e, 0x00, 0x2f, 0x00, 0x41,
-			0x00, 0x35, 0x00, 0x84, 0x00, 0x0a, 0x00, 0x05,
-			0x00, 0x04, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8b,
-			0x00, 0x8a, 0x01, 0x00, 0x00, 0x19, 0x00, 0x09,
-			0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
-			0x0e, 0x00, 0x0c, 0x00, 0x00, 0x09, 0x6c, 0x6f,
-			0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
+	{"RequestClientCert, client gives it", RequestClientCert, []*x509.Certificate{clientCertificate}, [][]byte{
+		{
+			0x16, 0x03, 0x01, 0x00, 0x54, 0x01, 0x00, 0x00,
+			0x50, 0x03, 0x01, 0x50, 0x77, 0x43, 0x47, 0xfd,
+			0x1d, 0xb0, 0x60, 0x4c, 0x25, 0x86, 0x45, 0x4a,
+			0xe5, 0x3f, 0x80, 0x56, 0x18, 0x91, 0x5c, 0xe2,
+			0x62, 0xc5, 0x77, 0xc2, 0x92, 0xdd, 0xdc, 0x39,
+			0x23, 0x1d, 0xc5, 0x00, 0x00, 0x28, 0x00, 0x39,
+			0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13,
+			0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f,
+			0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
+			0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
+			0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01,
+			0x00,
 		},
-
-			{
-				0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
-				0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x16,
-				0x03, 0x01, 0x02, 0xbe, 0x0b, 0x00, 0x02, 0xba,
-				0x00, 0x02, 0xb7, 0x00, 0x02, 0xb4, 0x30, 0x82,
-				0x02, 0xb0, 0x30, 0x82, 0x02, 0x19, 0xa0, 0x03,
-				0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x85, 0xb0,
-				0xbb, 0xa4, 0x8a, 0x7f, 0xb8, 0xca, 0x30, 0x0d,
-				0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-				0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x45, 0x31,
-				0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-				0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
-				0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
-				0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
-				0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
-				0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
-				0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
-				0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
-				0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d,
-				0x31, 0x30, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39,
-				0x30, 0x39, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31,
-				0x31, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39, 0x30,
-				0x39, 0x33, 0x38, 0x5a, 0x30, 0x45, 0x31, 0x0b,
-				0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-				0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
-				0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f,
-				0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
-				0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
-				0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72,
-				0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
-				0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
-				0x4c, 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d,
-				0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-				0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
-				0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00,
-				0xbb, 0x79, 0xd6, 0xf5, 0x17, 0xb5, 0xe5, 0xbf,
-				0x46, 0x10, 0xd0, 0xdc, 0x69, 0xbe, 0xe6, 0x2b,
-				0x07, 0x43, 0x5a, 0xd0, 0x03, 0x2d, 0x8a, 0x7a,
-				0x43, 0x85, 0xb7, 0x14, 0x52, 0xe7, 0xa5, 0x65,
-				0x4c, 0x2c, 0x78, 0xb8, 0x23, 0x8c, 0xb5, 0xb4,
-				0x82, 0xe5, 0xde, 0x1f, 0x95, 0x3b, 0x7e, 0x62,
-				0xa5, 0x2c, 0xa5, 0x33, 0xd6, 0xfe, 0x12, 0x5c,
-				0x7a, 0x56, 0xfc, 0xf5, 0x06, 0xbf, 0xfa, 0x58,
-				0x7b, 0x26, 0x3f, 0xb5, 0xcd, 0x04, 0xd3, 0xd0,
-				0xc9, 0x21, 0x96, 0x4a, 0xc7, 0xf4, 0x54, 0x9f,
-				0x5a, 0xbf, 0xef, 0x42, 0x71, 0x00, 0xfe, 0x18,
-				0x99, 0x07, 0x7f, 0x7e, 0x88, 0x7d, 0x7d, 0xf1,
-				0x04, 0x39, 0xc4, 0xa2, 0x2e, 0xdb, 0x51, 0xc9,
-				0x7c, 0xe3, 0xc0, 0x4c, 0x3b, 0x32, 0x66, 0x01,
-				0xcf, 0xaf, 0xb1, 0x1d, 0xb8, 0x71, 0x9a, 0x1d,
-				0xdb, 0xdb, 0x89, 0x6b, 0xae, 0xda, 0x2d, 0x79,
-				0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7,
-				0x30, 0x81, 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55,
-				0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb1, 0xad,
-				0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb, 0x69,
-				0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e, 0x18,
-				0x88, 0x39, 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d,
-				0x23, 0x04, 0x6e, 0x30, 0x6c, 0x80, 0x14, 0xb1,
-				0xad, 0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb,
-				0x69, 0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e,
-				0x18, 0x88, 0x39, 0xa1, 0x49, 0xa4, 0x47, 0x30,
-				0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-				0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13,
-				0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
-				0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
-				0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
-				0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e,
-				0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
-				0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50,
-				0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09,
-				0x00, 0x85, 0xb0, 0xbb, 0xa4, 0x8a, 0x7f, 0xb8,
-				0xca, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
-				0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
-				0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-				0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
-				0x81, 0x00, 0x08, 0x6c, 0x45, 0x24, 0xc7, 0x6b,
-				0xb1, 0x59, 0xab, 0x0c, 0x52, 0xcc, 0xf2, 0xb0,
-				0x14, 0xd7, 0x87, 0x9d, 0x7a, 0x64, 0x75, 0xb5,
-				0x5a, 0x95, 0x66, 0xe4, 0xc5, 0x2b, 0x8e, 0xae,
-				0x12, 0x66, 0x1f, 0xeb, 0x4f, 0x38, 0xb3, 0x6e,
-				0x60, 0xd3, 0x92, 0xfd, 0xf7, 0x41, 0x08, 0xb5,
-				0x25, 0x13, 0xb1, 0x18, 0x7a, 0x24, 0xfb, 0x30,
-				0x1d, 0xba, 0xed, 0x98, 0xb9, 0x17, 0xec, 0xe7,
-				0xd7, 0x31, 0x59, 0xdb, 0x95, 0xd3, 0x1d, 0x78,
-				0xea, 0x50, 0x56, 0x5c, 0xd5, 0x82, 0x5a, 0x2d,
-				0x5a, 0x5f, 0x33, 0xc4, 0xb6, 0xd8, 0xc9, 0x75,
-				0x90, 0x96, 0x8c, 0x0f, 0x52, 0x98, 0xb5, 0xcd,
-				0x98, 0x1f, 0x89, 0x20, 0x5f, 0xf2, 0xa0, 0x1c,
-				0xa3, 0x1b, 0x96, 0x94, 0xdd, 0xa9, 0xfd, 0x57,
-				0xe9, 0x70, 0xe8, 0x26, 0x6d, 0x71, 0x99, 0x9b,
-				0x26, 0x6e, 0x38, 0x50, 0x29, 0x6c, 0x90, 0xa7,
-				0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x08, 0x0d,
-				0x00, 0x00, 0x04, 0x01, 0x01, 0x00, 0x00, 0x16,
-				0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
-			},
-
-			{
-				0x16, 0x03, 0x01, 0x01, 0xfb, 0x0b, 0x00, 0x01,
-				0xf7, 0x00, 0x01, 0xf4, 0x00, 0x01, 0xf1, 0x30,
-				0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x58, 0xa0,
-				0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x30,
-				0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-				0x0d, 0x01, 0x01, 0x05, 0x30, 0x26, 0x31, 0x10,
-				0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
-				0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f,
-				0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
-				0x03, 0x13, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30,
-				0x2e, 0x30, 0x2e, 0x31, 0x30, 0x1e, 0x17, 0x0d,
-				0x31, 0x31, 0x31, 0x32, 0x30, 0x38, 0x30, 0x37,
-				0x35, 0x35, 0x31, 0x32, 0x5a, 0x17, 0x0d, 0x31,
-				0x32, 0x31, 0x32, 0x30, 0x37, 0x30, 0x38, 0x30,
-				0x30, 0x31, 0x32, 0x5a, 0x30, 0x26, 0x31, 0x10,
-				0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
-				0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f,
-				0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
-				0x03, 0x13, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30,
-				0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81, 0x9c, 0x30,
-				0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-				0x0d, 0x01, 0x01, 0x01, 0x03, 0x81, 0x8c, 0x00,
-				0x30, 0x81, 0x88, 0x02, 0x81, 0x80, 0x4e, 0xd0,
-				0x7b, 0x31, 0xe3, 0x82, 0x64, 0xd9, 0x59, 0xc0,
-				0xc2, 0x87, 0xa4, 0x5e, 0x1e, 0x8b, 0x73, 0x33,
-				0xc7, 0x63, 0x53, 0xdf, 0x66, 0x92, 0x06, 0x84,
-				0xf6, 0x64, 0xd5, 0x8f, 0xe4, 0x36, 0xa7, 0x1d,
-				0x2b, 0xe8, 0xb3, 0x20, 0x36, 0x45, 0x23, 0xb5,
-				0xe3, 0x95, 0xae, 0xed, 0xe0, 0xf5, 0x20, 0x9c,
-				0x8d, 0x95, 0xdf, 0x7f, 0x5a, 0x12, 0xef, 0x87,
-				0xe4, 0x5b, 0x68, 0xe4, 0xe9, 0x0e, 0x74, 0xec,
-				0x04, 0x8a, 0x7f, 0xde, 0x93, 0x27, 0xc4, 0x01,
-				0x19, 0x7a, 0xbd, 0xf2, 0xdc, 0x3d, 0x14, 0xab,
-				0xd0, 0x54, 0xca, 0x21, 0x0c, 0xd0, 0x4d, 0x6e,
-				0x87, 0x2e, 0x5c, 0xc5, 0xd2, 0xbb, 0x4d, 0x4b,
-				0x4f, 0xce, 0xb6, 0x2c, 0xf7, 0x7e, 0x88, 0xec,
-				0x7c, 0xd7, 0x02, 0x91, 0x74, 0xa6, 0x1e, 0x0c,
-				0x1a, 0xda, 0xe3, 0x4a, 0x5a, 0x2e, 0xde, 0x13,
-				0x9c, 0x4c, 0x40, 0x88, 0x59, 0x93, 0x02, 0x03,
-				0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30,
-				0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01,
-				0xff, 0x04, 0x04, 0x03, 0x02, 0x00, 0xa0, 0x30,
-				0x0d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x06,
-				0x04, 0x04, 0x01, 0x02, 0x03, 0x04, 0x30, 0x0f,
-				0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x08, 0x30,
-				0x06, 0x80, 0x04, 0x01, 0x02, 0x03, 0x04, 0x30,
-				0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-				0x0d, 0x01, 0x01, 0x05, 0x03, 0x81, 0x81, 0x00,
-				0x36, 0x1f, 0xb3, 0x7a, 0x0c, 0x75, 0xc9, 0x6e,
-				0x37, 0x46, 0x61, 0x2b, 0xd5, 0xbd, 0xc0, 0xa7,
-				0x4b, 0xcc, 0x46, 0x9a, 0x81, 0x58, 0x7c, 0x85,
-				0x79, 0x29, 0xc8, 0xc8, 0xc6, 0x67, 0xdd, 0x32,
-				0x56, 0x45, 0x2b, 0x75, 0xb6, 0xe9, 0x24, 0xa9,
-				0x50, 0x9a, 0xbe, 0x1f, 0x5a, 0xfa, 0x1a, 0x15,
-				0xd9, 0xcc, 0x55, 0x95, 0x72, 0x16, 0x83, 0xb9,
-				0xc2, 0xb6, 0x8f, 0xfd, 0x88, 0x8c, 0x38, 0x84,
-				0x1d, 0xab, 0x5d, 0x92, 0x31, 0x13, 0x4f, 0xfd,
-				0x83, 0x3b, 0xc6, 0x9d, 0xf1, 0x11, 0x62, 0xb6,
-				0x8b, 0xec, 0xab, 0x67, 0xbe, 0xc8, 0x64, 0xb0,
-				0x11, 0x50, 0x46, 0x58, 0x17, 0x6b, 0x99, 0x1c,
-				0xd3, 0x1d, 0xfc, 0x06, 0xf1, 0x0e, 0xe5, 0x96,
-				0xa8, 0x0c, 0xf9, 0x78, 0x20, 0xb7, 0x44, 0x18,
-				0x51, 0x8d, 0x10, 0x7e, 0x4f, 0x94, 0x67, 0xdf,
-				0xa3, 0x4e, 0x70, 0x73, 0x8e, 0x90, 0x91, 0x85,
-				0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
-				0x82, 0x00, 0x80, 0xa7, 0x2f, 0xed, 0xfa, 0xc2,
-				0xbd, 0x46, 0xa1, 0xf2, 0x69, 0xc5, 0x1d, 0xa1,
-				0x34, 0xd6, 0xd0, 0x84, 0xf5, 0x5d, 0x8c, 0x82,
-				0x8d, 0x98, 0x82, 0x9c, 0xd9, 0x07, 0xe0, 0xf7,
-				0x55, 0x49, 0x4d, 0xa1, 0x48, 0x59, 0x02, 0xd3,
-				0x84, 0x37, 0xaf, 0x01, 0xb3, 0x3a, 0xf4, 0xed,
-				0x99, 0xbe, 0x67, 0x36, 0x19, 0x55, 0xf3, 0xf9,
-				0xcb, 0x94, 0xe5, 0x7b, 0x8b, 0x77, 0xf2, 0x5f,
-				0x4c, 0xfe, 0x01, 0x1f, 0x7b, 0xd7, 0x23, 0x49,
-				0x0c, 0xcb, 0x6c, 0xb0, 0xe7, 0x77, 0xd6, 0xcf,
-				0xa8, 0x7d, 0xdb, 0xa7, 0x14, 0xe2, 0xf5, 0xf3,
-				0xff, 0xba, 0x23, 0xd2, 0x9a, 0x36, 0x14, 0x60,
-				0x2a, 0x91, 0x5d, 0x2b, 0x35, 0x3b, 0xb6, 0xdd,
-				0xcb, 0x6b, 0xdc, 0x18, 0xdc, 0x33, 0xb8, 0xb3,
-				0xc7, 0x27, 0x7e, 0xfc, 0xd2, 0xf7, 0x97, 0x90,
-				0x5e, 0x17, 0xac, 0x14, 0x8e, 0x0f, 0xca, 0xb5,
-				0x6f, 0xc9, 0x2d, 0x16, 0x03, 0x01, 0x00, 0x86,
-				0x0f, 0x00, 0x00, 0x82, 0x00, 0x80, 0x44, 0x7f,
-				0xa2, 0x59, 0x60, 0x0b, 0x5a, 0xc4, 0xaf, 0x1e,
-				0x60, 0xa5, 0x24, 0xea, 0xc1, 0xc3, 0x22, 0x21,
-				0x6b, 0x22, 0x8b, 0x2a, 0x11, 0x82, 0x68, 0x7d,
-				0xb9, 0xdd, 0x9c, 0x27, 0x4c, 0xc2, 0xc8, 0xa2,
-				0x8b, 0x6b, 0x77, 0x8d, 0x3a, 0x2b, 0x8d, 0x2f,
-				0x6a, 0x2b, 0x43, 0xd2, 0xd1, 0xc6, 0x41, 0x79,
-				0xa2, 0x4f, 0x2b, 0xc2, 0xf7, 0xb2, 0x10, 0xad,
-				0xa6, 0x01, 0x51, 0x51, 0x25, 0xe7, 0x58, 0x7a,
-				0xcf, 0x3b, 0xc4, 0x29, 0xb5, 0xe5, 0xa7, 0x83,
-				0xe6, 0xcb, 0x1e, 0xf3, 0x02, 0x0f, 0x53, 0x3b,
-				0xb5, 0x39, 0xef, 0x9c, 0x42, 0xe0, 0xa6, 0x9b,
-				0x2b, 0xdd, 0x60, 0xae, 0x0a, 0x73, 0x35, 0xbe,
-				0x26, 0x10, 0x1b, 0xe9, 0xe9, 0x61, 0xab, 0x20,
-				0xa5, 0x48, 0xc6, 0x60, 0xa6, 0x50, 0x3c, 0xfb,
-				0xa7, 0xca, 0xb0, 0x80, 0x95, 0x1e, 0xce, 0xc7,
-				0xbb, 0x68, 0x44, 0xdc, 0x0e, 0x0e, 0x14, 0x03,
-				0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01, 0x00,
-				0x24, 0xb6, 0xcd, 0x0c, 0x78, 0xfd, 0xd6, 0xff,
-				0xbe, 0x97, 0xd5, 0x0a, 0x7d, 0x4f, 0xa1, 0x03,
-				0x78, 0xc8, 0x61, 0x6f, 0xf2, 0x4b, 0xa8, 0x56,
-				0x4f, 0x3c, 0xa2, 0xd9, 0xd0, 0x20, 0x13, 0x1b,
-				0x8b, 0x36, 0xb7, 0x33, 0x9c,
-			},
-
-			{
-				0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
-				0x01, 0x00, 0x24, 0xa3, 0x43, 0x94, 0xe7, 0xdf,
-				0xb6, 0xc3, 0x03, 0x9f, 0xc1, 0x59, 0x0c, 0xc3,
-				0x13, 0xae, 0xed, 0xcf, 0xff, 0xf1, 0x80, 0xf3,
-				0x13, 0x63, 0x1c, 0xf0, 0xca, 0xad, 0x9e, 0x71,
-				0x46, 0x5f, 0x6b, 0xeb, 0x10, 0x3f, 0xe3, 0x17,
-				0x03, 0x01, 0x00, 0x21, 0xe9, 0x80, 0x95, 0x6e,
-				0x05, 0x55, 0x2f, 0xed, 0x4d, 0xde, 0x17, 0x3a,
-				0x32, 0x9b, 0x2a, 0x74, 0x30, 0x4f, 0xe0, 0x9f,
-				0x4e, 0xd3, 0x06, 0xbd, 0x3a, 0x43, 0x75, 0x8b,
-				0x5b, 0x9a, 0xd8, 0x2e, 0x56, 0x15, 0x03, 0x01,
-				0x00, 0x16, 0x53, 0xf5, 0xff, 0xe0, 0xa1, 0x6c,
-				0x33, 0xf4, 0x4e, 0x89, 0x68, 0xe1, 0xf7, 0x61,
-				0x13, 0xb3, 0x12, 0xa1, 0x8e, 0x5a, 0x7a, 0x02,
-			},
+		{
+			0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00,
+			0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x16,
+			0x03, 0x01, 0x02, 0xbe, 0x0b, 0x00, 0x02, 0xba,
+			0x00, 0x02, 0xb7, 0x00, 0x02, 0xb4, 0x30, 0x82,
+			0x02, 0xb0, 0x30, 0x82, 0x02, 0x19, 0xa0, 0x03,
+			0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x85, 0xb0,
+			0xbb, 0xa4, 0x8a, 0x7f, 0xb8, 0xca, 0x30, 0x0d,
+			0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+			0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x45, 0x31,
+			0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+			0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
+			0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
+			0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
+			0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
+			0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
+			0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
+			0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
+			0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d,
+			0x31, 0x30, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39,
+			0x30, 0x39, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31,
+			0x31, 0x30, 0x34, 0x32, 0x34, 0x30, 0x39, 0x30,
+			0x39, 0x33, 0x38, 0x5a, 0x30, 0x45, 0x31, 0x0b,
+			0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+			0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
+			0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f,
+			0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
+			0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
+			0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72,
+			0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
+			0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
+			0x4c, 0x74, 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d,
+			0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+			0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
+			0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00,
+			0xbb, 0x79, 0xd6, 0xf5, 0x17, 0xb5, 0xe5, 0xbf,
+			0x46, 0x10, 0xd0, 0xdc, 0x69, 0xbe, 0xe6, 0x2b,
+			0x07, 0x43, 0x5a, 0xd0, 0x03, 0x2d, 0x8a, 0x7a,
+			0x43, 0x85, 0xb7, 0x14, 0x52, 0xe7, 0xa5, 0x65,
+			0x4c, 0x2c, 0x78, 0xb8, 0x23, 0x8c, 0xb5, 0xb4,
+			0x82, 0xe5, 0xde, 0x1f, 0x95, 0x3b, 0x7e, 0x62,
+			0xa5, 0x2c, 0xa5, 0x33, 0xd6, 0xfe, 0x12, 0x5c,
+			0x7a, 0x56, 0xfc, 0xf5, 0x06, 0xbf, 0xfa, 0x58,
+			0x7b, 0x26, 0x3f, 0xb5, 0xcd, 0x04, 0xd3, 0xd0,
+			0xc9, 0x21, 0x96, 0x4a, 0xc7, 0xf4, 0x54, 0x9f,
+			0x5a, 0xbf, 0xef, 0x42, 0x71, 0x00, 0xfe, 0x18,
+			0x99, 0x07, 0x7f, 0x7e, 0x88, 0x7d, 0x7d, 0xf1,
+			0x04, 0x39, 0xc4, 0xa2, 0x2e, 0xdb, 0x51, 0xc9,
+			0x7c, 0xe3, 0xc0, 0x4c, 0x3b, 0x32, 0x66, 0x01,
+			0xcf, 0xaf, 0xb1, 0x1d, 0xb8, 0x71, 0x9a, 0x1d,
+			0xdb, 0xdb, 0x89, 0x6b, 0xae, 0xda, 0x2d, 0x79,
+			0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7,
+			0x30, 0x81, 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55,
+			0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb1, 0xad,
+			0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb, 0x69,
+			0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e, 0x18,
+			0x88, 0x39, 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d,
+			0x23, 0x04, 0x6e, 0x30, 0x6c, 0x80, 0x14, 0xb1,
+			0xad, 0xe2, 0x85, 0x5a, 0xcf, 0xcb, 0x28, 0xdb,
+			0x69, 0xce, 0x23, 0x69, 0xde, 0xd3, 0x26, 0x8e,
+			0x18, 0x88, 0x39, 0xa1, 0x49, 0xa4, 0x47, 0x30,
+			0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+			0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13,
+			0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
+			0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
+			0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
+			0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e,
+			0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
+			0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50,
+			0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09,
+			0x00, 0x85, 0xb0, 0xbb, 0xa4, 0x8a, 0x7f, 0xb8,
+			0xca, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+			0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+			0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+			0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
+			0x81, 0x00, 0x08, 0x6c, 0x45, 0x24, 0xc7, 0x6b,
+			0xb1, 0x59, 0xab, 0x0c, 0x52, 0xcc, 0xf2, 0xb0,
+			0x14, 0xd7, 0x87, 0x9d, 0x7a, 0x64, 0x75, 0xb5,
+			0x5a, 0x95, 0x66, 0xe4, 0xc5, 0x2b, 0x8e, 0xae,
+			0x12, 0x66, 0x1f, 0xeb, 0x4f, 0x38, 0xb3, 0x6e,
+			0x60, 0xd3, 0x92, 0xfd, 0xf7, 0x41, 0x08, 0xb5,
+			0x25, 0x13, 0xb1, 0x18, 0x7a, 0x24, 0xfb, 0x30,
+			0x1d, 0xba, 0xed, 0x98, 0xb9, 0x17, 0xec, 0xe7,
+			0xd7, 0x31, 0x59, 0xdb, 0x95, 0xd3, 0x1d, 0x78,
+			0xea, 0x50, 0x56, 0x5c, 0xd5, 0x82, 0x5a, 0x2d,
+			0x5a, 0x5f, 0x33, 0xc4, 0xb6, 0xd8, 0xc9, 0x75,
+			0x90, 0x96, 0x8c, 0x0f, 0x52, 0x98, 0xb5, 0xcd,
+			0x98, 0x1f, 0x89, 0x20, 0x5f, 0xf2, 0xa0, 0x1c,
+			0xa3, 0x1b, 0x96, 0x94, 0xdd, 0xa9, 0xfd, 0x57,
+			0xe9, 0x70, 0xe8, 0x26, 0x6d, 0x71, 0x99, 0x9b,
+			0x26, 0x6e, 0x38, 0x50, 0x29, 0x6c, 0x90, 0xa7,
+			0xbd, 0xd9, 0x16, 0x03, 0x01, 0x00, 0x08, 0x0d,
+			0x00, 0x00, 0x04, 0x01, 0x01, 0x00, 0x00, 0x16,
+			0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
 		},
-	},
+		{
+			0x16, 0x03, 0x01, 0x01, 0xfb, 0x0b, 0x00, 0x01,
+			0xf7, 0x00, 0x01, 0xf4, 0x00, 0x01, 0xf1, 0x30,
+			0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x58, 0xa0,
+			0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x30,
+			0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+			0x0d, 0x01, 0x01, 0x05, 0x30, 0x26, 0x31, 0x10,
+			0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+			0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f,
+			0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
+			0x03, 0x13, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30,
+			0x2e, 0x30, 0x2e, 0x31, 0x30, 0x1e, 0x17, 0x0d,
+			0x31, 0x31, 0x31, 0x32, 0x30, 0x38, 0x30, 0x37,
+			0x35, 0x35, 0x31, 0x32, 0x5a, 0x17, 0x0d, 0x31,
+			0x32, 0x31, 0x32, 0x30, 0x37, 0x30, 0x38, 0x30,
+			0x30, 0x31, 0x32, 0x5a, 0x30, 0x26, 0x31, 0x10,
+			0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+			0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f,
+			0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
+			0x03, 0x13, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30,
+			0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81, 0x9c, 0x30,
+			0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+			0x0d, 0x01, 0x01, 0x01, 0x03, 0x81, 0x8c, 0x00,
+			0x30, 0x81, 0x88, 0x02, 0x81, 0x80, 0x4e, 0xd0,
+			0x7b, 0x31, 0xe3, 0x82, 0x64, 0xd9, 0x59, 0xc0,
+			0xc2, 0x87, 0xa4, 0x5e, 0x1e, 0x8b, 0x73, 0x33,
+			0xc7, 0x63, 0x53, 0xdf, 0x66, 0x92, 0x06, 0x84,
+			0xf6, 0x64, 0xd5, 0x8f, 0xe4, 0x36, 0xa7, 0x1d,
+			0x2b, 0xe8, 0xb3, 0x20, 0x36, 0x45, 0x23, 0xb5,
+			0xe3, 0x95, 0xae, 0xed, 0xe0, 0xf5, 0x20, 0x9c,
+			0x8d, 0x95, 0xdf, 0x7f, 0x5a, 0x12, 0xef, 0x87,
+			0xe4, 0x5b, 0x68, 0xe4, 0xe9, 0x0e, 0x74, 0xec,
+			0x04, 0x8a, 0x7f, 0xde, 0x93, 0x27, 0xc4, 0x01,
+			0x19, 0x7a, 0xbd, 0xf2, 0xdc, 0x3d, 0x14, 0xab,
+			0xd0, 0x54, 0xca, 0x21, 0x0c, 0xd0, 0x4d, 0x6e,
+			0x87, 0x2e, 0x5c, 0xc5, 0xd2, 0xbb, 0x4d, 0x4b,
+			0x4f, 0xce, 0xb6, 0x2c, 0xf7, 0x7e, 0x88, 0xec,
+			0x7c, 0xd7, 0x02, 0x91, 0x74, 0xa6, 0x1e, 0x0c,
+			0x1a, 0xda, 0xe3, 0x4a, 0x5a, 0x2e, 0xde, 0x13,
+			0x9c, 0x4c, 0x40, 0x88, 0x59, 0x93, 0x02, 0x03,
+			0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30,
+			0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01,
+			0xff, 0x04, 0x04, 0x03, 0x02, 0x00, 0xa0, 0x30,
+			0x0d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x06,
+			0x04, 0x04, 0x01, 0x02, 0x03, 0x04, 0x30, 0x0f,
+			0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x08, 0x30,
+			0x06, 0x80, 0x04, 0x01, 0x02, 0x03, 0x04, 0x30,
+			0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+			0x0d, 0x01, 0x01, 0x05, 0x03, 0x81, 0x81, 0x00,
+			0x36, 0x1f, 0xb3, 0x7a, 0x0c, 0x75, 0xc9, 0x6e,
+			0x37, 0x46, 0x61, 0x2b, 0xd5, 0xbd, 0xc0, 0xa7,
+			0x4b, 0xcc, 0x46, 0x9a, 0x81, 0x58, 0x7c, 0x85,
+			0x79, 0x29, 0xc8, 0xc8, 0xc6, 0x67, 0xdd, 0x32,
+			0x56, 0x45, 0x2b, 0x75, 0xb6, 0xe9, 0x24, 0xa9,
+			0x50, 0x9a, 0xbe, 0x1f, 0x5a, 0xfa, 0x1a, 0x15,
+			0xd9, 0xcc, 0x55, 0x95, 0x72, 0x16, 0x83, 0xb9,
+			0xc2, 0xb6, 0x8f, 0xfd, 0x88, 0x8c, 0x38, 0x84,
+			0x1d, 0xab, 0x5d, 0x92, 0x31, 0x13, 0x4f, 0xfd,
+			0x83, 0x3b, 0xc6, 0x9d, 0xf1, 0x11, 0x62, 0xb6,
+			0x8b, 0xec, 0xab, 0x67, 0xbe, 0xc8, 0x64, 0xb0,
+			0x11, 0x50, 0x46, 0x58, 0x17, 0x6b, 0x99, 0x1c,
+			0xd3, 0x1d, 0xfc, 0x06, 0xf1, 0x0e, 0xe5, 0x96,
+			0xa8, 0x0c, 0xf9, 0x78, 0x20, 0xb7, 0x44, 0x18,
+			0x51, 0x8d, 0x10, 0x7e, 0x4f, 0x94, 0x67, 0xdf,
+			0xa3, 0x4e, 0x70, 0x73, 0x8e, 0x90, 0x91, 0x85,
+			0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00,
+			0x82, 0x00, 0x80, 0x81, 0x46, 0x43, 0xf9, 0xe7,
+			0xda, 0x8c, 0x92, 0x3a, 0x78, 0x1a, 0x86, 0xb3,
+			0xbe, 0x83, 0x22, 0xb6, 0xaa, 0x57, 0x37, 0x68,
+			0x9e, 0x54, 0x3f, 0xd3, 0xce, 0x4d, 0x5e, 0x2a,
+			0xdc, 0xb0, 0x49, 0x02, 0xbb, 0xc0, 0x45, 0x58,
+			0x79, 0x10, 0xc7, 0x94, 0x60, 0x9f, 0x1b, 0x5f,
+			0x18, 0x31, 0x37, 0x9c, 0xe0, 0xe6, 0xdf, 0x5e,
+			0x70, 0x44, 0xf6, 0x8b, 0xdf, 0xf1, 0xf6, 0x43,
+			0xc8, 0x2f, 0xd1, 0xce, 0xd0, 0xd6, 0x64, 0x4f,
+			0xe8, 0x2b, 0xfa, 0xd3, 0xd0, 0xd1, 0x2e, 0xaa,
+			0x9b, 0x1d, 0x13, 0x5c, 0xbe, 0x57, 0x41, 0x6c,
+			0x5e, 0x8d, 0xea, 0xa9, 0x3c, 0x58, 0xa0, 0x30,
+			0x92, 0x77, 0x7a, 0xed, 0x64, 0x58, 0xe5, 0x7f,
+			0x6a, 0x93, 0x89, 0x66, 0x3d, 0x13, 0x16, 0x56,
+			0xa0, 0xad, 0xdc, 0x68, 0x95, 0x87, 0x81, 0xd0,
+			0x90, 0x4d, 0x5f, 0xfe, 0x3e, 0x83, 0x15, 0x2e,
+			0x50, 0x3c, 0xdd, 0x16, 0x03, 0x01, 0x00, 0x86,
+			0x0f, 0x00, 0x00, 0x82, 0x00, 0x80, 0x2b, 0xf8,
+			0x56, 0x48, 0xbb, 0x02, 0x37, 0x15, 0x02, 0x74,
+			0x33, 0x53, 0x65, 0xa7, 0x7c, 0x2f, 0xc6, 0x5d,
+			0x80, 0x59, 0xc1, 0xc2, 0x3b, 0xa9, 0xde, 0x4e,
+			0x70, 0x51, 0xd2, 0xde, 0x58, 0x7f, 0xd8, 0xb9,
+			0xb6, 0x3b, 0xc8, 0xaa, 0xfc, 0x3d, 0x53, 0x2d,
+			0x61, 0x4d, 0xf5, 0x60, 0x12, 0xc2, 0xa5, 0x39,
+			0x0c, 0xa7, 0xc6, 0xac, 0x26, 0x4b, 0xf4, 0x5f,
+			0xe9, 0xf4, 0xf2, 0x73, 0x48, 0xe4, 0x3b, 0xee,
+			0xf2, 0xee, 0xc0, 0xee, 0xfb, 0x5b, 0x60, 0xc2,
+			0x74, 0xe6, 0xf6, 0x43, 0x3e, 0xa4, 0xf7, 0x97,
+			0x3d, 0xfc, 0xe9, 0x44, 0x21, 0x18, 0x46, 0x05,
+			0x33, 0xf8, 0xfe, 0x35, 0x5b, 0xe6, 0x8f, 0xef,
+			0x4d, 0x4c, 0x87, 0xf6, 0xb4, 0x6e, 0x6b, 0x39,
+			0xd8, 0xaa, 0x1b, 0x33, 0xc9, 0x1c, 0x66, 0x48,
+			0xbe, 0xfa, 0xb5, 0x92, 0x09, 0xfd, 0xb9, 0xb9,
+			0xca, 0xe6, 0x6d, 0x71, 0xc6, 0x89, 0x14, 0x03,
+			0x01, 0x00, 0x01, 0x01, 0x16, 0x03, 0x01, 0x00,
+			0x24, 0xe3, 0x2b, 0xef, 0x17, 0xd5, 0xa6, 0x4c,
+			0x2e, 0x10, 0xac, 0x9c, 0xfe, 0x0f, 0x18, 0x43,
+			0x95, 0x00, 0x81, 0xf7, 0x7c, 0x00, 0x5b, 0x89,
+			0x52, 0x41, 0xe4, 0x8a, 0x8a, 0x34, 0x31, 0x09,
+			0x48, 0x7c, 0xc5, 0xc3, 0x83,
+		},
+		{
+			0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
+			0x01, 0x00, 0x24, 0x24, 0xaa, 0xaa, 0x56, 0x8b,
+			0x41, 0x87, 0x01, 0xbe, 0x80, 0x05, 0x51, 0x36,
+			0x08, 0xfc, 0xaf, 0xff, 0x7f, 0xf4, 0x74, 0x84,
+			0x88, 0xdc, 0xb8, 0x8e, 0x70, 0x6c, 0x22, 0x04,
+			0xee, 0x45, 0x8d, 0xda, 0xed, 0xc6, 0x05, 0x17,
+			0x03, 0x01, 0x00, 0x21, 0x91, 0x49, 0x4b, 0xed,
+			0xa3, 0x41, 0xe9, 0x88, 0x3b, 0xa3, 0x01, 0xee,
+			0x77, 0x4e, 0x12, 0xb4, 0xcd, 0x5e, 0xcc, 0x45,
+			0x02, 0x5a, 0x20, 0xd6, 0xe8, 0xac, 0xcb, 0x60,
+			0xcb, 0x1b, 0xef, 0xf9, 0xc2, 0x15, 0x03, 0x01,
+			0x00, 0x16, 0xd4, 0xcd, 0x92, 0x3c, 0x10, 0x93,
+			0x68, 0xc3, 0xdd, 0xaf, 0xe9, 0xcb, 0x5d, 0x94,
+			0x1a, 0x06, 0x81, 0xa7, 0x78, 0x0f, 0xc3, 0x03,
+		},
+	}},
 }
 
 // cert.pem and key.pem were generated with generate_cert.go
@@ -2088,7 +1824,7 @@ GFGNEH5PlGffo05wc46QkYU=
 
 /* corresponding key.pem for cert.pem is:
 -----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgE7QezHjgmTZWcDCh6ReHotzM8djU99mkgaE9mTVj+Q2px0r6LMg
+MIICWgIBAAKBgE7QezHjgmTZWcDCh6ReHotzM8djU99mkgaE9mTVj+Q2px0r6LMg
 NkUjteOVru3g9SCcjZXff1oS74fkW2jk6Q507ASKf96TJ8QBGXq98tw9FKvQVMoh
 DNBNbocuXMXSu01LT862LPd+iOx81wKRdKYeDBra40paLt4TnExAiFmTAgMBAAEC
 gYBxvXd8yNteFTns8A/2yomEMC4yeosJJSpp1CsN3BJ7g8/qTnrVPxBy+RU+qr63
@@ -2100,6 +1836,6 @@ RkKVpenBHyrGg0oeN5La7URILWKj7CPXAkBKo6F+d+phNjwIFoN1Xb/RA32w/D1I
 saG9sF+UEhRt9AxUfW/U/tIQ9V0ZHHcSg1XaCM5Nvp934brdKdvTOKnJAkBD5h/3
 Rybatlvg/fzBEaJFyq09zhngkxlZOUtBVTqzl17RVvY2orgH02U4HbCHy4phxOn7
 qTdQRYlHRftgnWK1AkANibn9PRYJ7mJyJ9Dyj2QeNcSkSTzrt0tPvUMf4+meJymN
-1Ntu5+S1DLLzfxlaljWG6ylW6DNxujCyuXIV2rvAMAA=
+1Ntu5+S1DLLzfxlaljWG6ylW6DNxujCyuXIV2rvA
 -----END RSA PRIVATE KEY-----
 */
diff --git a/libgo/go/crypto/tls/prf_test.go b/libgo/go/crypto/tls/prf_test.go
index ce6e36de8a1..773a2b2ffc8 100644
--- a/libgo/go/crypto/tls/prf_test.go
+++ b/libgo/go/crypto/tls/prf_test.go
@@ -51,7 +51,7 @@ func TestKeysFromPreMasterSecret(t *testing.T) {
 
 		masterSecret := masterFromPreMasterSecret(test.version, in, clientRandom, serverRandom)
 		if s := hex.EncodeToString(masterSecret); s != test.masterSecret {
-			t.Errorf("#%d: bad master secret %s, want %s", s, test.masterSecret)
+			t.Errorf("#%d: bad master secret %s, want %s", i, s, test.masterSecret)
 			continue
 		}
 
diff --git a/libgo/go/crypto/tls/tls.go b/libgo/go/crypto/tls/tls.go
index 80f852edf7b..182506c59ef 100644
--- a/libgo/go/crypto/tls/tls.go
+++ b/libgo/go/crypto/tls/tls.go
@@ -6,6 +6,8 @@
 package tls
 
 import (
+	"crypto"
+	"crypto/ecdsa"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
@@ -153,30 +155,16 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
 			err = errors.New("crypto/tls: failed to parse key PEM data")
 			return
 		}
-		if keyDERBlock.Type != "CERTIFICATE" {
+		if strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
 			break
 		}
 	}
 
-	// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
-	// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
-	var key *rsa.PrivateKey
-	if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
-		var privKey interface{}
-		if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
-			err = errors.New("crypto/tls: failed to parse key: " + err.Error())
-			return
-		}
-
-		var ok bool
-		if key, ok = privKey.(*rsa.PrivateKey); !ok {
-			err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
-			return
-		}
+	cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
+	if err != nil {
+		return
 	}
 
-	cert.PrivateKey = key
-
 	// We don't need to parse the public key for TLS, but we so do anyway
 	// to check that it looks sane and matches the private key.
 	x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
@@ -184,10 +172,54 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
 		return
 	}
 
-	if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
-		err = errors.New("crypto/tls: private key does not match public key")
+	switch pub := x509Cert.PublicKey.(type) {
+	case *rsa.PublicKey:
+		priv, ok := cert.PrivateKey.(*rsa.PrivateKey)
+		if !ok {
+			err = errors.New("crypto/tls: private key type does not match public key type")
+			return
+		}
+		if pub.N.Cmp(priv.N) != 0 {
+			err = errors.New("crypto/tls: private key does not match public key")
+			return
+		}
+	case *ecdsa.PublicKey:
+		priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
+		if !ok {
+			err = errors.New("crypto/tls: private key type does not match public key type")
+			return
+
+		}
+		if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
+			err = errors.New("crypto/tls: private key does not match public key")
+			return
+		}
+	default:
+		err = errors.New("crypto/tls: unknown public key algorithm")
 		return
 	}
 
 	return
 }
+
+// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
+// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
+// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
+func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
+	if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
+		return key, nil
+	}
+	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
+		switch key := key.(type) {
+		case *rsa.PrivateKey, *ecdsa.PrivateKey:
+			return key, nil
+		default:
+			return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
+		}
+	}
+	if key, err := x509.ParseECPrivateKey(der); err == nil {
+		return key, nil
+	}
+
+	return nil, errors.New("crypto/tls: failed to parse private key")
+}
diff --git a/libgo/go/crypto/tls/tls_test.go b/libgo/go/crypto/tls/tls_test.go
index 5df43c385fd..31b858d8327 100644
--- a/libgo/go/crypto/tls/tls_test.go
+++ b/libgo/go/crypto/tls/tls_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 )
 
-var certPEM = `-----BEGIN CERTIFICATE-----
+var rsaCertPEM = `-----BEGIN CERTIFICATE-----
 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF
@@ -22,7 +22,7 @@ r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V
 -----END CERTIFICATE-----
 `
 
-var keyPEM = `-----BEGIN RSA PRIVATE KEY-----
+var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo
 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G
 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N
@@ -33,15 +33,61 @@ D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
 -----END RSA PRIVATE KEY-----
 `
 
+var ecdsaCertPEM = `-----BEGIN CERTIFICATE-----
+MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG
+EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk
+Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR
+lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl
+01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8
+XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo
+A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb
+H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1
++jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA==
+-----END CERTIFICATE-----
+`
+
+var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS-----
+BgUrgQQAIw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0
+NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL
+06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz
+VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q
+kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==
+-----END EC PRIVATE KEY-----
+`
+
+var keyPairTests = []struct {
+	algo string
+	cert *string
+	key  *string
+}{
+	{"ECDSA", &ecdsaCertPEM, &ecdsaKeyPEM},
+	{"RSA", &rsaCertPEM, &rsaKeyPEM},
+}
+
 func TestX509KeyPair(t *testing.T) {
-	_, err := X509KeyPair([]byte(keyPEM+certPEM), []byte(keyPEM+certPEM))
-	if err != nil {
-		t.Errorf("Failed to load key followed by cert: %s", err)
+	var pem []byte
+	for _, test := range keyPairTests {
+		pem = []byte(*test.cert + *test.key)
+		if _, err := X509KeyPair(pem, pem); err != nil {
+			t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err)
+		}
+		pem = []byte(*test.key + *test.cert)
+		if _, err := X509KeyPair(pem, pem); err != nil {
+			t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err)
+		}
 	}
+}
 
-	_, err = X509KeyPair([]byte(certPEM+keyPEM), []byte(certPEM+keyPEM))
-	if err != nil {
-		t.Errorf("Failed to load cert followed by key: %s", err)
-		println(err.Error())
+func TestX509MixedKeyPair(t *testing.T) {
+	if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil {
+		t.Error("Load of RSA certificate succeeded with ECDSA private key")
+	}
+	if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil {
+		t.Error("Load of ECDSA certificate succeeded with RSA private key")
 	}
 }
diff --git a/libgo/go/crypto/x509/cert_pool.go b/libgo/go/crypto/x509/cert_pool.go
index 616a0b3c1e8..505f4d4f776 100644
--- a/libgo/go/crypto/x509/cert_pool.go
+++ b/libgo/go/crypto/x509/cert_pool.go
@@ -103,7 +103,7 @@ func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) {
 }
 
 // Subjects returns a list of the DER-encoded subjects of
-// all of the certificates in the pool. 
+// all of the certificates in the pool.
 func (s *CertPool) Subjects() (res [][]byte) {
 	res = make([][]byte, len(s.certs))
 	for i, c := range s.certs {
diff --git a/libgo/go/crypto/x509/pem_decrypt.go b/libgo/go/crypto/x509/pem_decrypt.go
index 21f62e5d76b..194c81bf688 100644
--- a/libgo/go/crypto/x509/pem_decrypt.go
+++ b/libgo/go/crypto/x509/pem_decrypt.go
@@ -16,13 +16,64 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"errors"
+	"io"
 	"strings"
 )
 
-// rfc1423Algos represents how to create a block cipher for a decryption mode.
+type PEMCipher int
+
+// Possible values for the EncryptPEMBlock encryption algorithm.
+const (
+	_ PEMCipher = iota
+	PEMCipherDES
+	PEMCipher3DES
+	PEMCipherAES128
+	PEMCipherAES192
+	PEMCipherAES256
+)
+
+// rfc1423Algo holds a method for enciphering a PEM block.
 type rfc1423Algo struct {
-	cipherFunc func([]byte) (cipher.Block, error)
+	cipher     PEMCipher
+	name       string
+	cipherFunc func(key []byte) (cipher.Block, error)
 	keySize    int
+	blockSize  int
+}
+
+// rfc1423Algos holds a slice of the possible ways to encrypt a PEM
+// block.  The ivSize numbers were taken from the OpenSSL source.
+var rfc1423Algos = []rfc1423Algo{{
+	cipher:     PEMCipherDES,
+	name:       "DES-CBC",
+	cipherFunc: des.NewCipher,
+	keySize:    8,
+	blockSize:  des.BlockSize,
+}, {
+	cipher:     PEMCipher3DES,
+	name:       "DES-EDE3-CBC",
+	cipherFunc: des.NewTripleDESCipher,
+	keySize:    24,
+	blockSize:  des.BlockSize,
+}, {
+	cipher:     PEMCipherAES128,
+	name:       "AES-128-CBC",
+	cipherFunc: aes.NewCipher,
+	keySize:    16,
+	blockSize:  aes.BlockSize,
+}, {
+	cipher:     PEMCipherAES192,
+	name:       "AES-192-CBC",
+	cipherFunc: aes.NewCipher,
+	keySize:    24,
+	blockSize:  aes.BlockSize,
+}, {
+	cipher:     PEMCipherAES256,
+	name:       "AES-256-CBC",
+	cipherFunc: aes.NewCipher,
+	keySize:    32,
+	blockSize:  aes.BlockSize,
+},
 }
 
 // deriveKey uses a key derivation function to stretch the password into a key
@@ -41,20 +92,9 @@ func (c rfc1423Algo) deriveKey(password, salt []byte) []byte {
 		digest = hash.Sum(digest[:0])
 		copy(out[i:], digest)
 	}
-
 	return out
 }
 
-// rfc1423Algos is a mapping of encryption algorithm to an rfc1423Algo that can
-// create block ciphers for that mode.
-var rfc1423Algos = map[string]rfc1423Algo{
-	"DES-CBC":      {des.NewCipher, 8},
-	"DES-EDE3-CBC": {des.NewTripleDESCipher, 24},
-	"AES-128-CBC":  {aes.NewCipher, 16},
-	"AES-192-CBC":  {aes.NewCipher, 24},
-	"AES-256-CBC":  {aes.NewCipher, 32},
-}
-
 // IsEncryptedPEMBlock returns if the PEM block is password encrypted.
 func IsEncryptedPEMBlock(b *pem.Block) bool {
 	_, ok := b.Headers["DEK-Info"]
@@ -81,17 +121,16 @@ func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error) {
 	}
 
 	mode, hexIV := dek[:idx], dek[idx+1:]
+	ciph := cipherByName(mode)
+	if ciph == nil {
+		return nil, errors.New("x509: unknown encryption mode")
+	}
 	iv, err := hex.DecodeString(hexIV)
 	if err != nil {
 		return nil, err
 	}
-	if len(iv) < 8 {
-		return nil, errors.New("x509: not enough bytes in IV")
-	}
-
-	ciph, ok := rfc1423Algos[mode]
-	if !ok {
-		return nil, errors.New("x509: unknown encryption mode")
+	if len(iv) != ciph.blockSize {
+		return nil, errors.New("x509: incorrect IV size")
 	}
 
 	// Based on the OpenSSL implementation. The salt is the first 8 bytes
@@ -107,27 +146,88 @@ func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error) {
 	dec.CryptBlocks(data, b.Bytes)
 
 	// Blocks are padded using a scheme where the last n bytes of padding are all
-	// equal to n. It can pad from 1 to 8 bytes inclusive. See RFC 1423.
+	// equal to n. It can pad from 1 to blocksize bytes inclusive. See RFC 1423.
 	// For example:
 	//	[x y z 2 2]
 	//	[x y 7 7 7 7 7 7 7]
 	// If we detect a bad padding, we assume it is an invalid password.
 	dlen := len(data)
-	if dlen == 0 {
+	if dlen == 0 || dlen%ciph.blockSize != 0 {
 		return nil, errors.New("x509: invalid padding")
 	}
-	last := data[dlen-1]
-	if dlen < int(last) {
+	last := int(data[dlen-1])
+	if dlen < last {
 		return nil, IncorrectPasswordError
 	}
-	if last == 0 || last > 8 {
+	if last == 0 || last > ciph.blockSize {
 		return nil, IncorrectPasswordError
 	}
-	for _, val := range data[dlen-int(last):] {
-		if val != last {
+	for _, val := range data[dlen-last:] {
+		if int(val) != last {
 			return nil, IncorrectPasswordError
 		}
 	}
+	return data[:dlen-last], nil
+}
+
+// EncryptPEMBlock returns a PEM block of the specified type holding the
+// given DER-encoded data encrypted with the specified algorithm and
+// password.
+func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error) {
+	ciph := cipherByKey(alg)
+	if ciph == nil {
+		return nil, errors.New("x509: unknown encryption mode")
+	}
+	iv := make([]byte, ciph.blockSize)
+	if _, err := io.ReadFull(rand, iv); err != nil {
+		return nil, errors.New("x509: cannot generate IV: " + err.Error())
+	}
+	// The salt is the first 8 bytes of the initialization vector,
+	// matching the key derivation in DecryptPEMBlock.
+	key := ciph.deriveKey(password, iv[:8])
+	block, err := ciph.cipherFunc(key)
+	if err != nil {
+		return nil, err
+	}
+	enc := cipher.NewCBCEncrypter(block, iv)
+	pad := ciph.blockSize - len(data)%ciph.blockSize
+	encrypted := make([]byte, len(data), len(data)+pad)
+	// We could save this copy by encrypting all the whole blocks in
+	// the data separately, but it doesn't seem worth the additional
+	// code.
+	copy(encrypted, data)
+	// See RFC 1423, section 1.1
+	for i := 0; i < pad; i++ {
+		encrypted = append(encrypted, byte(pad))
+	}
+	enc.CryptBlocks(encrypted, encrypted)
+
+	return &pem.Block{
+		Type: blockType,
+		Headers: map[string]string{
+			"Proc-Type": "4,ENCRYPTED",
+			"DEK-Info":  ciph.name + "," + hex.EncodeToString(iv),
+		},
+		Bytes: encrypted,
+	}, nil
+}
+
+func cipherByName(name string) *rfc1423Algo {
+	for i := range rfc1423Algos {
+		alg := &rfc1423Algos[i]
+		if alg.name == name {
+			return alg
+		}
+	}
+	return nil
+}
 
-	return data[:dlen-int(last)], nil
+func cipherByKey(key PEMCipher) *rfc1423Algo {
+	for i := range rfc1423Algos {
+		alg := &rfc1423Algos[i]
+		if alg.cipher == key {
+			return alg
+		}
+	}
+	return nil
 }
diff --git a/libgo/go/crypto/x509/pem_decrypt_test.go b/libgo/go/crypto/x509/pem_decrypt_test.go
index 2cb99836eae..59ba6f90019 100644
--- a/libgo/go/crypto/x509/pem_decrypt_test.go
+++ b/libgo/go/crypto/x509/pem_decrypt_test.go
@@ -5,34 +5,79 @@
 package x509
 
 import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
 	"encoding/pem"
 	"testing"
 )
 
 func TestDecrypt(t *testing.T) {
-	for _, data := range testData {
+	for i, data := range testData {
+		t.Logf("test %d. %s", i, data.kind)
 		block, rest := pem.Decode(data.pemData)
 		if len(rest) > 0 {
-			t.Error(data.kind, "extra data")
+			t.Error("extra data")
 		}
 		der, err := DecryptPEMBlock(block, data.password)
 		if err != nil {
-			t.Error(data.kind, err)
+			t.Error("decrypt failed: ", err)
 			continue
 		}
 		if _, err := ParsePKCS1PrivateKey(der); err != nil {
-			t.Error(data.kind, "Invalid private key")
+			t.Error("invalid private key: ", err)
+		}
+		plainDER, err := base64.StdEncoding.DecodeString(data.plainDER)
+		if err != nil {
+			t.Fatal("cannot decode test DER data: ", err)
+		}
+		if !bytes.Equal(der, plainDER) {
+			t.Error("data mismatch")
+		}
+	}
+}
+
+func TestEncrypt(t *testing.T) {
+	for i, data := range testData {
+		t.Logf("test %d. %s", i, data.kind)
+		plainDER, err := base64.StdEncoding.DecodeString(data.plainDER)
+		if err != nil {
+			t.Fatal("cannot decode test DER data: ", err)
+		}
+		password := []byte("kremvax1")
+		block, err := EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", plainDER, password, data.kind)
+		if err != nil {
+			t.Error("encrypt: ", err)
+			continue
+		}
+		if !IsEncryptedPEMBlock(block) {
+			t.Error("PEM block does not appear to be encrypted")
+		}
+		if block.Type != "RSA PRIVATE KEY" {
+			t.Errorf("unexpected block type; got %q want %q", block.Type, "RSA PRIVATE KEY")
+		}
+		if block.Headers["Proc-Type"] != "4,ENCRYPTED" {
+			t.Errorf("block does not have correct Proc-Type header")
+		}
+		der, err := DecryptPEMBlock(block, password)
+		if err != nil {
+			t.Error("decrypt: ", err)
+			continue
+		}
+		if !bytes.Equal(der, plainDER) {
+			t.Errorf("data mismatch")
 		}
 	}
 }
 
 var testData = []struct {
-	kind     string
+	kind     PEMCipher
 	password []byte
 	pemData  []byte
+	plainDER string
 }{
 	{
-		kind:     "DES-CBC",
+		kind:     PEMCipherDES,
 		password: []byte("asdf"),
 		pemData: []byte(`
 -----BEGIN RSA PRIVATE KEY-----
@@ -47,9 +92,17 @@ XOH9VfTjb52q/I8Suozq9coVQwg4tXfIoYUdT//O+mB7zJb9HI9Ps77b9TxDE6Gm
 4C9brwZ3zg2vqXcwwV6QRZMtyll9rOpxkbw6NPlpfBqkc3xS51bbxivbO/Nve4KD
 r12ymjFNF4stXCfJnNqKoZ50BHmEEUDu5Wb0fpVn82XrGw7CYc4iug==
 -----END RSA PRIVATE KEY-----`),
+		plainDER: `
+MIIBPAIBAAJBAPASZe+tCPU6p80AjHhDkVsLYa51D35e/YGa8QcZyooeZM8EHozo
+KD0fNiKI+53bHdy07N+81VQ8/ejPcRoXPlsCAwEAAQJBAMTxIuSq27VpR+zZ7WJf
+c6fvv1OBvpMZ0/d1pxL/KnOAgq2rD5hDtk9b0LGhTPgQAmrrMTKuSeGoIuYE+gKQ
+QvkCIQD+GC1m+/do+QRurr0uo46Kx1LzLeSCrjBk34wiOp2+dwIhAPHfTLRXS2fv
+7rljm0bYa4+eDZpz+E8RcXEgzhhvcQQ9AiAI5eHZJGOyml3MXnQjiPi55WcDOw0w
+glcRgT6QCEtz2wIhANSyqaFtosIkHKqrDUGfz/bb5tqMYTAnBruVPaf/WEOBAiEA
+9xORWeRG1tRpso4+dYy4KdDkuLPIO01KY6neYGm3BCM=`,
 	},
 	{
-		kind:     "DES-EDE3-CBC",
+		kind:     PEMCipher3DES,
 		password: []byte("asdf"),
 		pemData: []byte(`
 -----BEGIN RSA PRIVATE KEY-----
@@ -64,9 +117,17 @@ ldw5w7WC7d13x2LsRkwo8ZrDKgIV+Y9GNvhuCCkTzNP0V3gNeJpd201HZHR+9n3w
 3z0VjR/MGqsfcy1ziEWMNOO53At3zlG6zP05aHMnMcZoVXadEK6L1gz++inSSDCq
 gI0UJP4e3JVB7AkgYymYAwiYALAkoEIuanxoc50njJk=
 -----END RSA PRIVATE KEY-----`),
+		plainDER: `
+MIIBOwIBAAJBANOCXKdoNS/iP/MAbl9cf1/SF3P+Ns7ZeNL27CfmDh0O6Zduaax5
+NBiumd2PmjkaCu7lQ5JOibHfWn+xJsc3kw0CAwEAAQJANX/W8d1Q/sCqzkuAn4xl
+B5a7qfJWaLHndu1QRLNTRJPn0Ee7OKJ4H0QKOhQM6vpjRrz+P2u9thn6wUxoPsef
+QQIhAP/jCkfejFcy4v15beqKzwz08/tslVjF+Yq41eJGejmxAiEA05pMoqfkyjcx
+fyvGhpoOyoCp71vSGUfR2I9CR65oKh0CIC1Msjs66LlfJtQctRq6bCEtFCxEcsP+
+eEjYo/Sk6WphAiEAxpgWPMJeU/shFT28gS+tmhjPZLpEoT1qkVlC14u0b3ECIQDX
+tZZZxCtPAm7shftEib0VU77Lk8MsXJcx2C4voRsjEw==`,
 	},
 	{
-		kind:     "AES-128-CBC",
+		kind:     PEMCipherAES128,
 		password: []byte("asdf"),
 		pemData: []byte(`
 -----BEGIN RSA PRIVATE KEY-----
@@ -81,9 +142,17 @@ GZbBpf1jDH/pr0iGonuAdl2PCCZUiy+8eLsD2tyviHUkFLOB+ykYoJ5t8ngZ/B6D
 080LzLHPCrXKdlr/f50yhNWq08ZxMWQFkui+FDHPDUaEELKAXV8/5PDxw80Rtybo
 AVYoCVIbZXZCuCO81op8UcOgEpTtyU5Lgh3Mw5scQL0=
 -----END RSA PRIVATE KEY-----`),
+		plainDER: `
+MIIBOgIBAAJBAMBlj5FxYtqbcy8wY89d/S7n0+r5MzD9F63BA/Lpl78vQKtdJ5dT
+cDGh/rBt1ufRrNp0WihcmZi7Mpl/3jHjiWECAwEAAQJABNOHYnKhtDIqFYj1OAJ3
+k3GlU0OlERmIOoeY/cL2V4lgwllPBEs7r134AY4wMmZSBUj8UR/O4SNO668ElKPE
+cQIhAOuqY7/115x5KCdGDMWi+jNaMxIvI4ETGwV40ykGzqlzAiEA0P9oEC3m9tHB
+kbpjSTxaNkrXxDgdEOZz8X0uOUUwHNsCIAwzcSCiGLyYJTULUmP1ESERfW1mlV78
+XzzESaJpIM/zAiBQkSTcl9VhcJreQqvjn5BnPZLP4ZHS4gPwJAGdsj5J4QIhAOVR
+B3WlRNTXR2WsJ5JdByezg9xzdXzULqmga0OE339a`,
 	},
 	{
-		kind:     "AES-192-CBC",
+		kind:     PEMCipherAES192,
 		password: []byte("asdf"),
 		pemData: []byte(`
 -----BEGIN RSA PRIVATE KEY-----
@@ -98,9 +167,17 @@ ReUtTw8exmKsY4gsSjhkg5uiw7/ZB1Ihto0qnfQJgjGc680qGkT1d6JfvOfeYAk6
 xn5RqS/h8rYAYm64KnepfC9vIujo4NqpaREDmaLdX5MJPQ+SlytITQvgUsUq3q/t
 Ss85xjQEZH3hzwjQqdJvmA4hYP6SUjxYpBM+02xZ1Xw=
 -----END RSA PRIVATE KEY-----`),
+		plainDER: `
+MIIBOwIBAAJBAMGcRrZiNNmtF20zyS6MQ7pdGx17aFDl+lTl+qnLuJRUCMUG05xs
+OmxmL/O1Qlf+bnqR8Bgg65SfKg21SYuLhiMCAwEAAQJBAL94uuHyO4wux2VC+qpj
+IzPykjdU7XRcDHbbvksf4xokSeUFjjD3PB0Qa83M94y89ZfdILIqS9x5EgSB4/lX
+qNkCIQD6cCIqLfzq/lYbZbQgAAjpBXeQVYsbvVtJrPrXJAlVVQIhAMXpDKMeFPMn
+J0g2rbx1gngx0qOa5r5iMU5w/noN4W2XAiBjf+WzCG5yFvazD+dOx3TC0A8+4x3P
+uZ3pWbaXf5PNuQIgAcdXarvhelH2w2piY1g3BPeFqhzBSCK/yLGxR82KIh8CIQDD
++qGKsd09NhQ/G27y/DARzOYtml1NvdmCQAgsDIIOLA==`,
 	},
 	{
-		kind:     "AES-256-CBC",
+		kind:     PEMCipherAES256,
 		password: []byte("asdf"),
 		pemData: []byte(`
 -----BEGIN RSA PRIVATE KEY-----
@@ -115,5 +192,32 @@ Pz3RZScwIuubzTGJ1x8EzdffYOsdCa9Mtgpp3L136+23dOd6L/qK2EG2fzrJSHs/
 sv5Z/KwlX+3MDEpPQpUwGPlGGdLnjI3UZ+cjgqBcoMiNc6HfgbBgYJSU6aDSHuCk
 clCwByxWkBNgJ2GrkwNrF26v+bGJJJNR4SKouY1jQf0=
 -----END RSA PRIVATE KEY-----`),
+		plainDER: `
+MIIBOgIBAAJBAKy3GFkstoCHIEeUU/qO8207m8WSrjksR+p9B4tf1w5k+2O1V/GY
+AQ5WFCApItcOkQe/I0yZZJk/PmCqMzSxrc8CAwEAAQJAOCAz0F7AW9oNelVQSP8F
+Sfzx7O1yom+qWyAQQJF/gFR11gpf9xpVnnyu1WxIRnDUh1LZwUsjwlDYb7MB74id
+oQIhANPcOiLwOPT4sIUpRM5HG6BF1BI7L77VpyGVk8xNP7X/AiEA0LMHZtk4I+lJ
+nClgYp4Yh2JZ1Znbu7IoQMCEJCjwKDECIGd8Dzm5tViTkUW6Hs3Tlf73nNs65duF
+aRnSglss8I3pAiEAonEnKruawgD8RavDFR+fUgmQiPz4FnGGeVgfwpGG1JECIBYq
+PXHYtPqxQIbD2pScR5qum7iGUh11lEUPkmt+2uqS`,
+	},
+	{
+		// generated with:
+		// openssl genrsa -aes128 -passout pass:asdf -out server.orig.key 128
+		kind:     PEMCipherAES128,
+		password: []byte("asdf"),
+		pemData: []byte(`
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,74611ABC2571AF11B1BF9B69E62C89E7
+
+6ei/MlytjE0FFgZOGQ+jrwomKfpl8kdefeE0NSt/DMRrw8OacHAzBNi3pPEa0eX3
+eND9l7C9meCirWovjj9QWVHrXyugFuDIqgdhQ8iHTgCfF3lrmcttVrbIfMDw+smD
+hTP8O1mS/MHl92NE0nhv0w==
+-----END RSA PRIVATE KEY-----`),
+		plainDER: `
+MGMCAQACEQC6ssxmYuauuHGOCDAI54RdAgMBAAECEQCWIn6Yv2O+kBcDF7STctKB
+AgkA8SEfu/2i3g0CCQDGNlXbBHX7kQIIK3Ww5o0cYbECCQDCimPb0dYGsQIIeQ7A
+jryIst8=`,
 	},
 }
diff --git a/libgo/go/crypto/x509/pkcs8.go b/libgo/go/crypto/x509/pkcs8.go
index 8c3b65f8078..30caacb3c54 100644
--- a/libgo/go/crypto/x509/pkcs8.go
+++ b/libgo/go/crypto/x509/pkcs8.go
@@ -11,8 +11,9 @@ import (
 	"fmt"
 )
 
-// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See 
-// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn.
+// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See
+// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
+// and RFC5208.
 type pkcs8 struct {
 	Version    int
 	Algo       pkix.AlgorithmIdentifier
@@ -21,7 +22,7 @@ type pkcs8 struct {
 }
 
 // ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. See
-// http://www.rsa.com/rsalabs/node.asp?id=2130
+// http://www.rsa.com/rsalabs/node.asp?id=2130 and RFC5208.
 func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
 	var privKey pkcs8
 	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
@@ -34,6 +35,19 @@ func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
 			return nil, errors.New("crypto/x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error())
 		}
 		return key, nil
+
+	case privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA):
+		bytes := privKey.Algo.Parameters.FullBytes
+		namedCurveOID := new(asn1.ObjectIdentifier)
+		if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil {
+			namedCurveOID = nil
+		}
+		key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey)
+		if err != nil {
+			return nil, errors.New("crypto/x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
+		}
+		return key, nil
+
 	default:
 		return nil, fmt.Errorf("crypto/x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm)
 	}
diff --git a/libgo/go/crypto/x509/pkcs8_test.go b/libgo/go/crypto/x509/pkcs8_test.go
index 372005f908c..4114efd0e0d 100644
--- a/libgo/go/crypto/x509/pkcs8_test.go
+++ b/libgo/go/crypto/x509/pkcs8_test.go
@@ -9,12 +9,20 @@ import (
 	"testing"
 )
 
-var pkcs8PrivateKeyHex = `30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031`
+var pkcs8RSAPrivateKeyHex = `30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031`
+
+// Generated using:
+//   openssl ecparam -genkey -name secp521r1 | openssl pkcs8 -topk8 -nocrypt
+var pkcs8ECPrivateKeyHex = `3081ed020100301006072a8648ce3d020106052b810400230481d53081d20201010441850d81618c5da1aec74c2eed608ba816038506975e6427237c2def150c96a3b13efbfa1f89f1be15cdf4d0ac26422e680e65a0ddd4ad3541ad76165fbf54d6e34ba18189038186000400da97bcedba1eb6d30aeb93c9f9a1454598fa47278df27d6f60ea73eb672d8dc528a9b67885b5b5dcef93c9824f7449ab512ee6a27e76142f56b94b474cfd697e810046c8ca70419365245c1d7d44d0db82c334073835d002232714548abbae6e5700f5ef315ee08b929d8581383dcf2d1c98c2f8a9fccbf79c9579f7b2fd8a90115ac2`
 
 func TestPKCS8(t *testing.T) {
-	derBytes, _ := hex.DecodeString(pkcs8PrivateKeyHex)
-	_, err := ParsePKCS8PrivateKey(derBytes)
-	if err != nil {
-		t.Errorf("failed to decode PKCS8 key: %s", err)
+	derBytes, _ := hex.DecodeString(pkcs8RSAPrivateKeyHex)
+	if _, err := ParsePKCS8PrivateKey(derBytes); err != nil {
+		t.Errorf("failed to decode PKCS8 with RSA private key: %s", err)
+	}
+
+	derBytes, _ = hex.DecodeString(pkcs8ECPrivateKeyHex)
+	if _, err := ParsePKCS8PrivateKey(derBytes); err != nil {
+		t.Errorf("failed to decode PKCS8 with EC private key: %s", err)
 	}
 }
diff --git a/libgo/go/crypto/x509/sec1.go b/libgo/go/crypto/x509/sec1.go
new file mode 100644
index 00000000000..8a2840fbef5
--- /dev/null
+++ b/libgo/go/crypto/x509/sec1.go
@@ -0,0 +1,69 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package x509
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/asn1"
+	"errors"
+	"fmt"
+	"math/big"
+)
+
+const ecPrivKeyVersion = 1
+
+// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
+// References:
+//   RFC5915
+//   SEC1 - http://www.secg.org/download/aid-780/sec1-v2.pdf
+// Per RFC5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
+// most cases it is not.
+type ecPrivateKey struct {
+	Version       int
+	PrivateKey    []byte
+	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
+	PublicKey     asn1.BitString        `asn1:"optional,explicit,tag:1"`
+}
+
+// ParseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
+func ParseECPrivateKey(der []byte) (key *ecdsa.PrivateKey, err error) {
+	return parseECPrivateKey(nil, der)
+}
+
+// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
+// The OID for the named curve may be provided from another source (such as
+// the PKCS8 container) - if it is provided then use this instead of the OID
+// that may exist in the EC private key structure.
+func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
+	var privKey ecPrivateKey
+	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
+		return nil, errors.New("crypto/x509: failed to parse EC private key: " + err.Error())
+	}
+	if privKey.Version != ecPrivKeyVersion {
+		return nil, fmt.Errorf("crypto/x509: unknown EC private key version %d", privKey.Version)
+	}
+
+	var curve elliptic.Curve
+	if namedCurveOID != nil {
+		curve = namedCurveFromOID(*namedCurveOID)
+	} else {
+		curve = namedCurveFromOID(privKey.NamedCurveOID)
+	}
+	if curve == nil {
+		return nil, errors.New("crypto/x509: unknown elliptic curve")
+	}
+
+	k := new(big.Int).SetBytes(privKey.PrivateKey)
+	if k.Cmp(curve.Params().N) >= 0 {
+		return nil, errors.New("crypto/x509: invalid elliptic curve private key value")
+	}
+	priv := new(ecdsa.PrivateKey)
+	priv.Curve = curve
+	priv.D = k
+	priv.X, priv.Y = curve.ScalarBaseMult(privKey.PrivateKey)
+
+	return priv, nil
+}
diff --git a/libgo/go/crypto/x509/sec1_test.go b/libgo/go/crypto/x509/sec1_test.go
new file mode 100644
index 00000000000..7135699d283
--- /dev/null
+++ b/libgo/go/crypto/x509/sec1_test.go
@@ -0,0 +1,22 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package x509
+
+import (
+	"encoding/hex"
+	"testing"
+)
+
+// Generated using:
+//   openssl ecparam -genkey -name secp384r1 -outform PEM
+var ecPrivateKeyHex = `3081a40201010430bdb9839c08ee793d1157886a7a758a3c8b2a17a4df48f17ace57c72c56b4723cf21dcda21d4e1ad57ff034f19fcfd98ea00706052b81040022a16403620004feea808b5ee2429cfcce13c32160e1c960990bd050bb0fdf7222f3decd0a55008e32a6aa3c9062051c4cba92a7a3b178b24567412d43cdd2f882fa5addddd726fe3e208d2c26d733a773a597abb749714df7256ead5105fa6e7b3650de236b50`
+
+func TestParseECPrivateKey(t *testing.T) {
+	derBytes, _ := hex.DecodeString(ecPrivateKeyHex)
+	_, err := ParseECPrivateKey(derBytes)
+	if err != nil {
+		t.Errorf("failed to decode EC private key: %s", err)
+	}
+}
diff --git a/libgo/go/crypto/x509/x509.go b/libgo/go/crypto/x509/x509.go
index cfefbc5acec..7983217696e 100644
--- a/libgo/go/crypto/x509/x509.go
+++ b/libgo/go/crypto/x509/x509.go
@@ -156,8 +156,8 @@ const (
 //
 // pkcs-1 OBJECT IDENTIFIER ::= {
 //    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-// 
-// 
+//
+//
 // RFC 3279 2.2.1 RSA Signature Algorithms
 //
 // md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
@@ -165,19 +165,19 @@ const (
 // md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
 //
 // sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
-// 
+//
 // dsaWithSha1 OBJECT IDENTIFIER ::= {
-//    iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3 } 
+//    iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3 }
 //
 // RFC 3279 2.2.3 ECDSA Signature Algorithm
-// 
+//
 // ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
 // 	  iso(1) member-body(2) us(840) ansi-x962(10045)
 //    signatures(4) ecdsa-with-SHA1(1)}
 //
 //
 // RFC 4055 5 PKCS #1 Version 1.5
-// 
+//
 // sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
 //
 // sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
@@ -1224,7 +1224,7 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interf
 		SerialNumber:       template.SerialNumber,
 		SignatureAlgorithm: signatureAlgorithm,
 		Issuer:             asn1.RawValue{FullBytes: asn1Issuer},
-		Validity:           validity{template.NotBefore, template.NotAfter},
+		Validity:           validity{template.NotBefore.UTC(), template.NotAfter.UTC()},
 		Subject:            asn1.RawValue{FullBytes: asn1Subject},
 		PublicKey:          publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey},
 		Extensions:         extensions,
@@ -1314,8 +1314,8 @@ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [
 			Algorithm: oidSignatureSHA1WithRSA,
 		},
 		Issuer:              c.Subject.ToRDNSequence(),
-		ThisUpdate:          now,
-		NextUpdate:          expiry,
+		ThisUpdate:          now.UTC(),
+		NextUpdate:          expiry.UTC(),
 		RevokedCertificates: revokedCerts,
 	}