From 5d0a0554c3036ce1b2534731bcf4c1abef79cc32 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 31 May 2016 09:28:28 +0200
Subject: tests: added chain verification with TLS features

That adds checks for the RFC7633 requirements for intermediate
and CA certificates (p. 4.2.2).
---
 tests/test-chains.h | 493 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 493 insertions(+)

(limited to 'tests/test-chains.h')

diff --git a/tests/test-chains.h b/tests/test-chains.h
index cc3f108e04..9ebd611680 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -1768,6 +1768,493 @@ static const char *name_constraints_but_no_name[] = {
     NULL
 };
 
+/* TLS feature extension chains */
+
+/* intermediate has no TLS feature extension */
+static const char *tls_feat_inter_no_ext[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEVDCCArygAwIBAgIMV005AgW7A3iI/11FMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTYwNTMxMDcxMDU4WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAvpoluWetj+fUghFJlE+S8DkK3FgN/tLNnTgFco47OQqj4lGzAx90Buwm1oy6\n"
+	"w2Q16OGlm1hK2DU/OBtOpGVV4mhpFPs9OVhrQJLYzRGPvTlpncYuzVlBr/ZypxKc\n"
+	"n1p7s7ShrSfEuOc40sSn9VepWvXSaJel+hgJ/26FXg6rJ7MHgo/uoXg62XQeoRLT\n"
+	"y0gblq+DNJHLG/0DmQhYbRTJU7UcONSd6GiglEPEXzmLl2yuK/orjZsW8TTxaa9a\n"
+	"IXlngmtW9vZhfW4geM/q1hvjt7DVigkYebk6Z4cvyJU1foGqUHO1UsWiNbuIv2j/\n"
+	"09lW9Q1c59lOVWcYIk6OcPUfBYlR8u3UKkLPu1y19n1AZGFFRgrDRnlOgXvPp6LV\n"
+	"lw65GDnaYMhlIfbSvsPu17Lpvrr+pA0UCH8qwe6rYvXJmn/58fmrHaaUv0L24+bT\n"
+	"l7yNfEetUbVhSN6iaywHajxvOIVQ+/uf6fADHXq7H/wEiBDP+IPJvgTaLlo/QZtm\n"
+	"abK1AgMBAAGjgakwgaYwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n"
+	"EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUF\n"
+	"BwMJMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFORhgbsoaEdhZNc4Iwwd7JmH\n"
+	"RNpGMB8GA1UdIwQYMBaAFHC97f64rqo3H3mRj8Y/xWtP9cgJMA0GCSqGSIb3DQEB\n"
+	"CwUAA4IBgQCLNjGS0q02w8lB2daNH5Cb2SmGuBw3G9ln10Wu1uckYo8WexgI/Ad8\n"
+	"QPT+YML+n6B7YjpyJompNkdRF1dGqcDeNGtfZYdMHziJV4GFaeIT+J6Z4BSJjHWB\n"
+	"39WBHbjdontArnp1vYBbINMFgbTZtM4Iuay1KYMsIhyvR1aXjVosIrld59XPTEhe\n"
+	"1dsWVOtOSMkQRVf9ggtxxR0RGTZ3/vQDVX9YabmXAkAu7dhQyTnzgAKs1ONvtyvx\n"
+	"mRnQFephAKM2vaOx9tJktaZ0tHfmcVbPqscxz/e1EOxXJZjs4oj26OBVao9+o/Yx\n"
+	"H3gT8yXCfkTRe6lfsGAE6/tIuplPp1e6Ll0EgsloYxk/OCE0CNhb5Od9RXslcxBk\n"
+	"JN872qYORQQxS2lAKZAvGAHr6PE0xFvzLv5XDl6LvEbiYj/rwuYFHSpP/N/zOX2S\n"
+	"CzN596uHrfip5nMZGxk36nreeRQbh3IhmC7he5omUwPnT09fkUc+t/5PdxR73zsd\n"
+	"WI1LdMAIDKo=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTA1N1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsSjvVMJnz8bcB/IK\n"
+	"hXDkbPjP8TVeUfUlkXiCKqeVwCpUs+g75MsM5ag7dahwKtVfEDrJ58pkhCyWQuZt\n"
+	"5PC1pNa8iPnrfRVWwZpNJniOVlqLLgGtCxTF4pmR+N8qhOb5aKBZJxKI6En9OP8y\n"
+	"UYShBfuTDjDw86nCafNED6dkostmrMOZObnOXj5bzSBdSSmPyOLXtCdKJFReXl+k\n"
+	"cTNDZjBt74+SW8nARZLB5XNZZVgJLRFb9R3p9a7AOnXEYK8KrhJojmsnmovRfj6e\n"
+	"MsSsYObqXzWUMKlChXe+nTlnqDcbrJ85o9cAcpdhuP1ITfdDbpUn3GTFs0suXp9h\n"
+	"bP7dbXUmcIO6RIENKekRgscxej37OkqYy0rfufFxSAyJ1JXBP92N1J4LumzaACin\n"
+	"/OP01B5HxaORieBKnEzHoo+9NnUsQ7DK9wUYTEGWX5rvPDe6a+RFpwQO9m3we/nU\n"
+	"6ixo0Ra5cO41flI092XX/LbynckCkZBynC8caRYqoPik7jNdAgMBAAGjeTB3MA8G\n"
+	"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n"
+	"AwcEADAdBgNVHQ4EFgQUcL3t/riuqjcfeZGPxj/Fa0/1yAkwHwYDVR0jBBgwFoAU\n"
+	"qwYw4ZvhWu39+Adqheg6ZcNM1AEwDQYJKoZIhvcNAQELBQADggGBAFY6AM1dyCDc\n"
+	"tzjVgncmWkuLtlTLJ11WQov0p9m3l/hmz/yWSXkQi9pDTKF1CclmIL52jgzA03vA\n"
+	"OF+vwb+PFN3NcE3SsTPpTTKYHY7LsGN5FQjR7myKTT1q/5AkzpsYeY+rjO7MXq24\n"
+	"sNY+uMaF9RYbrTm94KZQJNTxdQ08IQYDQrUgooO1Q0E++VJxF0MrRhpQiAC+W2pN\n"
+	"lJFderSUtTgGCxCaJbJDdUJrmFHoBMk9+w8iTfmRX2lQoBdYjhGNdrh+MhyIB0eM\n"
+	"fECyAGu+bH4vVobxYQAIhiUn/RRWvFaZj3dUeDuDxTtX50AuG5kZf72uVfrWrodw\n"
+	"cIOZOawocrspgc0vqh37Y44scWH0NzC11cRsiGcFCaPCkPzJbZmRoBXTZy5lc9jf\n"
+	"retbFL9dRgbh1fIXBRx/9vbYqGYhtj8RAB1hLikQqRJ2uh41fvc9hs9R5ILTZ8wB\n"
+	"FSUydAfxdpY+G2wUtyaPK0oiM8JDxPMH97SrCAwtJgRf4uxzsLAomA==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEDzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTA1N1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuYWDaJGAT00JPLa5\n"
+	"yW0kFBSRzIIneMsur8aDSMTuyDWPBByXZSyWr3WjlRFSE9CR94SGfSzn89rdgWKT\n"
+	"mQwZyMO/U9BeUWAeYlKvHX8NkflKtSmTGDizdD+37WgTSZOwhtZHC74gGpLPwm8o\n"
+	"rkV8AEWZyDkQJQNMoOIfsieI0hxXQWVIPC2FuAn+A71o8YagTp6H0N0ptk3FbEf0\n"
+	"xO8cadOiqY7xO1UfqaaV8yaG+frVQA8oDDzvUtoWWnFJ3Jo21rpLIm8A2XNn/iwZ\n"
+	"ZKo5jr3qOH57FP/fpMlUChgFp1qWIEOTehHUUO0+q0K1TcRyIKv+uS0Gesc+65Pp\n"
+	"ro7a+3sR0UlQisrxwZrVhv5OTMhtc6xJEXqIDq7omvBA3tS/+qQzudGjh/Qh/Fuj\n"
+	"IffGSEVGOaYlpY9KcFfb7NBybT4HmSFhh5hxHIJL2aIMxenpECkEvqYD31DyOux5\n"
+	"4K9CQ4v6WsT+p3xeGCbOXR4jPS83ttSL24Ld+11h3hdxO0lPAgMBAAGjdDByMBoG\n"
+	"CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud\n"
+	"JQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFKsGMOGb\n"
+	"4Vrt/fgHaoXoOmXDTNQBMA0GCSqGSIb3DQEBCwUAA4IBgQBEtFTPWI7+qZe6b9EU\n"
+	"5wLQqk10CIFiTCmTSD1qNHzN3xXqkndoIqEJfEwdPp+Wwy7pQse7+gccp4as9XWb\n"
+	"u6Uzlj9zcYXbZNwwZd1JgYbo8lCvQZ6Oh33qYvhewc1HVD3X0PKYQsNCvLknrmHq\n"
+	"0bnZ9jsOSrN4YekT8nCWKMSmP3IUiZR2Co+01kFN32eddtpLdeJ0AA3B89JZ/kQH\n"
+	"5HooELMFI05QywE1JTbXBL5QkLqTu40Ye1inq5BCyvHTKn82nlJV/dmpZeNeC8Sx\n"
+	"WUs1iQSvp+4U6MqQ8VzawidpbBEWRwuuk1PjZKAUW1ZkLW3fJw9TY0sdAB/d1Hbv\n"
+	"srlWwkR6NtjOKRVhWQmk2PYdMQnry3FaCH1F2sgGETTJpKSgCQcTTr/VXL/ZOuY9\n"
+	"uvqSbFutsa7G/CdiSqkw+UWL4zfsE8ngIoiUM92SCrldWrizIwGV2ruB3mug6ykM\n"
+	"8N51iCYSz7HcZvOnJSivqfSGADfm938tc/Ptgi92+IyyfGU=\n"
+	"-----END CERTIFICATE-----\n",
+	NULL
+};
+
+/* end certificate has no extension */
+static const char *tls_feat_no_ext[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEVDCCArygAwIBAgIMV005AgW7A3iI/11FMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTYwNTMxMDcxMDU4WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAvpoluWetj+fUghFJlE+S8DkK3FgN/tLNnTgFco47OQqj4lGzAx90Buwm1oy6\n"
+	"w2Q16OGlm1hK2DU/OBtOpGVV4mhpFPs9OVhrQJLYzRGPvTlpncYuzVlBr/ZypxKc\n"
+	"n1p7s7ShrSfEuOc40sSn9VepWvXSaJel+hgJ/26FXg6rJ7MHgo/uoXg62XQeoRLT\n"
+	"y0gblq+DNJHLG/0DmQhYbRTJU7UcONSd6GiglEPEXzmLl2yuK/orjZsW8TTxaa9a\n"
+	"IXlngmtW9vZhfW4geM/q1hvjt7DVigkYebk6Z4cvyJU1foGqUHO1UsWiNbuIv2j/\n"
+	"09lW9Q1c59lOVWcYIk6OcPUfBYlR8u3UKkLPu1y19n1AZGFFRgrDRnlOgXvPp6LV\n"
+	"lw65GDnaYMhlIfbSvsPu17Lpvrr+pA0UCH8qwe6rYvXJmn/58fmrHaaUv0L24+bT\n"
+	"l7yNfEetUbVhSN6iaywHajxvOIVQ+/uf6fADHXq7H/wEiBDP+IPJvgTaLlo/QZtm\n"
+	"abK1AgMBAAGjgakwgaYwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n"
+	"EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUF\n"
+	"BwMJMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFORhgbsoaEdhZNc4Iwwd7JmH\n"
+	"RNpGMB8GA1UdIwQYMBaAFHC97f64rqo3H3mRj8Y/xWtP9cgJMA0GCSqGSIb3DQEB\n"
+	"CwUAA4IBgQCLNjGS0q02w8lB2daNH5Cb2SmGuBw3G9ln10Wu1uckYo8WexgI/Ad8\n"
+	"QPT+YML+n6B7YjpyJompNkdRF1dGqcDeNGtfZYdMHziJV4GFaeIT+J6Z4BSJjHWB\n"
+	"39WBHbjdontArnp1vYBbINMFgbTZtM4Iuay1KYMsIhyvR1aXjVosIrld59XPTEhe\n"
+	"1dsWVOtOSMkQRVf9ggtxxR0RGTZ3/vQDVX9YabmXAkAu7dhQyTnzgAKs1ONvtyvx\n"
+	"mRnQFephAKM2vaOx9tJktaZ0tHfmcVbPqscxz/e1EOxXJZjs4oj26OBVao9+o/Yx\n"
+	"H3gT8yXCfkTRe6lfsGAE6/tIuplPp1e6Ll0EgsloYxk/OCE0CNhb5Od9RXslcxBk\n"
+	"JN872qYORQQxS2lAKZAvGAHr6PE0xFvzLv5XDl6LvEbiYj/rwuYFHSpP/N/zOX2S\n"
+	"CzN596uHrfip5nMZGxk36nreeRQbh3IhmC7he5omUwPnT09fkUc+t/5PdxR73zsd\n"
+	"WI1LdMAIDKo=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTA1N1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsSjvVMJnz8bcB/IK\n"
+	"hXDkbPjP8TVeUfUlkXiCKqeVwCpUs+g75MsM5ag7dahwKtVfEDrJ58pkhCyWQuZt\n"
+	"5PC1pNa8iPnrfRVWwZpNJniOVlqLLgGtCxTF4pmR+N8qhOb5aKBZJxKI6En9OP8y\n"
+	"UYShBfuTDjDw86nCafNED6dkostmrMOZObnOXj5bzSBdSSmPyOLXtCdKJFReXl+k\n"
+	"cTNDZjBt74+SW8nARZLB5XNZZVgJLRFb9R3p9a7AOnXEYK8KrhJojmsnmovRfj6e\n"
+	"MsSsYObqXzWUMKlChXe+nTlnqDcbrJ85o9cAcpdhuP1ITfdDbpUn3GTFs0suXp9h\n"
+	"bP7dbXUmcIO6RIENKekRgscxej37OkqYy0rfufFxSAyJ1JXBP92N1J4LumzaACin\n"
+	"/OP01B5HxaORieBKnEzHoo+9NnUsQ7DK9wUYTEGWX5rvPDe6a+RFpwQO9m3we/nU\n"
+	"6ixo0Ra5cO41flI092XX/LbynckCkZBynC8caRYqoPik7jNdAgMBAAGjeTB3MA8G\n"
+	"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n"
+	"AwcEADAdBgNVHQ4EFgQUcL3t/riuqjcfeZGPxj/Fa0/1yAkwHwYDVR0jBBgwFoAU\n"
+	"qwYw4ZvhWu39+Adqheg6ZcNM1AEwDQYJKoZIhvcNAQELBQADggGBAFY6AM1dyCDc\n"
+	"tzjVgncmWkuLtlTLJ11WQov0p9m3l/hmz/yWSXkQi9pDTKF1CclmIL52jgzA03vA\n"
+	"OF+vwb+PFN3NcE3SsTPpTTKYHY7LsGN5FQjR7myKTT1q/5AkzpsYeY+rjO7MXq24\n"
+	"sNY+uMaF9RYbrTm94KZQJNTxdQ08IQYDQrUgooO1Q0E++VJxF0MrRhpQiAC+W2pN\n"
+	"lJFderSUtTgGCxCaJbJDdUJrmFHoBMk9+w8iTfmRX2lQoBdYjhGNdrh+MhyIB0eM\n"
+	"fECyAGu+bH4vVobxYQAIhiUn/RRWvFaZj3dUeDuDxTtX50AuG5kZf72uVfrWrodw\n"
+	"cIOZOawocrspgc0vqh37Y44scWH0NzC11cRsiGcFCaPCkPzJbZmRoBXTZy5lc9jf\n"
+	"retbFL9dRgbh1fIXBRx/9vbYqGYhtj8RAB1hLikQqRJ2uh41fvc9hs9R5ILTZ8wB\n"
+	"FSUydAfxdpY+G2wUtyaPK0oiM8JDxPMH97SrCAwtJgRf4uxzsLAomA==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEDzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTA1N1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuYWDaJGAT00JPLa5\n"
+	"yW0kFBSRzIIneMsur8aDSMTuyDWPBByXZSyWr3WjlRFSE9CR94SGfSzn89rdgWKT\n"
+	"mQwZyMO/U9BeUWAeYlKvHX8NkflKtSmTGDizdD+37WgTSZOwhtZHC74gGpLPwm8o\n"
+	"rkV8AEWZyDkQJQNMoOIfsieI0hxXQWVIPC2FuAn+A71o8YagTp6H0N0ptk3FbEf0\n"
+	"xO8cadOiqY7xO1UfqaaV8yaG+frVQA8oDDzvUtoWWnFJ3Jo21rpLIm8A2XNn/iwZ\n"
+	"ZKo5jr3qOH57FP/fpMlUChgFp1qWIEOTehHUUO0+q0K1TcRyIKv+uS0Gesc+65Pp\n"
+	"ro7a+3sR0UlQisrxwZrVhv5OTMhtc6xJEXqIDq7omvBA3tS/+qQzudGjh/Qh/Fuj\n"
+	"IffGSEVGOaYlpY9KcFfb7NBybT4HmSFhh5hxHIJL2aIMxenpECkEvqYD31DyOux5\n"
+	"4K9CQ4v6WsT+p3xeGCbOXR4jPS83ttSL24Ld+11h3hdxO0lPAgMBAAGjdDByMBoG\n"
+	"CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud\n"
+	"JQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFKsGMOGb\n"
+	"4Vrt/fgHaoXoOmXDTNQBMA0GCSqGSIb3DQEBCwUAA4IBgQBEtFTPWI7+qZe6b9EU\n"
+	"5wLQqk10CIFiTCmTSD1qNHzN3xXqkndoIqEJfEwdPp+Wwy7pQse7+gccp4as9XWb\n"
+	"u6Uzlj9zcYXbZNwwZd1JgYbo8lCvQZ6Oh33qYvhewc1HVD3X0PKYQsNCvLknrmHq\n"
+	"0bnZ9jsOSrN4YekT8nCWKMSmP3IUiZR2Co+01kFN32eddtpLdeJ0AA3B89JZ/kQH\n"
+	"5HooELMFI05QywE1JTbXBL5QkLqTu40Ye1inq5BCyvHTKn82nlJV/dmpZeNeC8Sx\n"
+	"WUs1iQSvp+4U6MqQ8VzawidpbBEWRwuuk1PjZKAUW1ZkLW3fJw9TY0sdAB/d1Hbv\n"
+	"srlWwkR6NtjOKRVhWQmk2PYdMQnry3FaCH1F2sgGETTJpKSgCQcTTr/VXL/ZOuY9\n"
+	"uvqSbFutsa7G/CdiSqkw+UWL4zfsE8ngIoiUM92SCrldWrizIwGV2ruB3mug6ykM\n"
+	"8N51iCYSz7HcZvOnJSivqfSGADfm938tc/Ptgi92+IyyfGU=\n"
+	"-----END CERTIFICATE-----\n",
+	NULL
+};
+
+
+/* Intermediate has a subset of the CA's list */
+static const char *tls_feat_inter_subset_fail[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEVDCCArygAwIBAgIMV0040zaREv8gAlokMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTYwNTMxMDcxMDExWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAu9k3BDe42/37mb/ssFl4bKlL/+o3pYymHNdKy0SyWXDkuWTyzn6Wz4C14btr\n"
+	"sVzGovYETfYuo79qPBVI+vDBI/vTmt6/OCNjdRYC7V6YE/036URzOaGTvQLF1WYn\n"
+	"rJ/yu5qoqGb4F75Zu4HUydTAPA867FmPs/koa4h0PakzLEBYOLq4rEp8P1BjzQk7\n"
+	"vYjsg49L4ZjXIdcTq0yL0nEaK/LDm25O+qPrqNDkb5Yiy9jszE9Jtz3yUSgPmPTq\n"
+	"RA/5aCk2jX4CR5SUhpzFtbbifOvMP1gStrKOMUwl8Klmz1yBZCJCgwYsTFiJ1zXM\n"
+	"D7wTZsXLYklbclYQD1ErHfFttuYcxk1x3Wsn4vQA57lJtLGihD61Ezw0XTf/aQTf\n"
+	"72+qqtw/YqIWZ1+OlMEqJOr1BJCiD5FQA4jop2QVHHFBiGgE0V4g6z+7WcEIz5EX\n"
+	"B1i4oxjEJDo9EBwvKApgfROFGP/7jT7CQE6j7C5UIUb7y/8FusUng3D6cxodBp/d\n"
+	"6vfnAgMBAAGjgakwgaYwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n"
+	"EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUF\n"
+	"BwMJMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDcImxqA52OObH/M5ETjMTOV\n"
+	"GwadMB8GA1UdIwQYMBaAFJmQkztmLOUShyo/JGZ9/BTbo43VMA0GCSqGSIb3DQEB\n"
+	"CwUAA4IBgQBWfnTfEbcJwPsSmlgmMUstDTGTTCu8NBp4PVK4yAUUHH+hhzgmA6+k\n"
+	"6kZjoV4hRclepbjCex9DSkk+rHX/rBGjmDGLTmsJNRiL1981ySsezM+00MZz07NL\n"
+	"I9qfM2ib9FHBeC2qhV4zHGBb3TqyRBnKCEF+pIEoybWjvQnP97FmWSoRrtfAemGE\n"
+	"lbZ6sm8buUQtgdnX7UNg0anV66LXbzitMZIpbQEwx7ZFGwpLPMPaeF+S/xJ22T8c\n"
+	"AKY6rUDFSwmyW8b4U6x91MrBrBbdSYA02G7cf7ssR8NF1YFmfUHDjsqXLrDwAV3n\n"
+	"kYjSJUOt3kFlxyEXYqrEGpF7yRGXi8qIeHTf3VrLAXr6gdmCo5JvIui8YNSDVjYH\n"
+	"i+O9ZSNLML4sB5uRqmx13tzMW6+4vw5xLXlWtQEBIs66PHSvLcf3eLuiGPks1h4Y\n"
+	"vluP/8fy/jOAl0iKYRChFt8HAOW5UGyrGWM0UQIktSgF0wiOuBUGhhjfU6bX/O93\n"
+	"rzUDbO06Zm4=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIELDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTAxMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvp6O9pump7UD7iYs\n"
+	"wGyb5/Ed1gZE41M1mmoEszhLQaH+hi5LtP2QN+9XZ4vUw41awN4annFPsGwIRfkG\n"
+	"lrtMEjhdkzxSbHOtaQsOsg25nwG8gwZ89UZ+d+0vAodo6ZOMbDQiu/Xb8+xAFkoP\n"
+	"I5j6s4JwNFjItb6I3DkSTq0RrHXDPusNyo5xA0BRw7kS4iNi/pgtBvvrIvze72lo\n"
+	"pQAoFQz5rEOAVKWo520hEt5DNKMRAq03wt6VG4k+bnuZTHq6/sTwd02iyvKvFRXz\n"
+	"BNW/uR0OD7xDjCYI5xRr5hCbDeutMmMs+P2tSqojH4uC9Mp+PML3tVyg1gllbkUf\n"
+	"sOiSTu8VtnPyKTbo4JBW2VgeoKU5A9J3YaxQ99FaiPWJU86z5oM/OSkX75WwVhoz\n"
+	"h138fc6dxSiCiERgpMLbq9bAo6azpOfc2Go94fXv8Aa0jdcdWlc6tJwmgJpkxPPy\n"
+	"PHNPmBtWut4bAG5rYbEB8TRGrXCrEgde/1ueFyJko5/st6HlAgMBAAGjgZAwgY0w\n"
+	"FAYIKwYBBQUHARgECDAGAgEFAgEGMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAww\n"
+	"CgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUmZCTO2Ys5RKH\n"
+	"Kj8kZn38FNujjdUwHwYDVR0jBBgwFoAUX4rUea3XaMY/fmSMP1T6m56IDn4wDQYJ\n"
+	"KoZIhvcNAQELBQADggGBAJKN6IkCHHnDupnuS5UfUWEAJBfc8rAOOnUrXLEaVAiR\n"
+	"RoWXIdl85rOFybFQv50zaFKxcynWQDaNSUjgfHt2LtdkFUBJvl9aaJSLybQYVGCV\n"
+	"j88r6Lr/tugH2qtUMAJcgl1pL2TVFq7fFmI6otYkyMrJhogsmcOFjuS+pv6//7Jx\n"
+	"pt7PUHaYUNd2BmeDVw68/0RRTCtCRK/JglTtiHwCjtTMR+iGVzZBpDBQUMuNRDq/\n"
+	"Sbly2sCkFV6jA/RiVNuw91QXIFDv6a72FO1OI0kJbKyRjXTybpirORBlStiUj4Uf\n"
+	"v/hHY4D/Ag2r5dMMDdJPB9caMesX13iFSzYyp0HQtADh/U8wmh0lLIflrZLSwaOr\n"
+	"jDfZi2gmcwReqeBlA6/o8O9lIU3Z0KXIxygtaJ0dzUTzL3PcL/Ym73kJQcrv8v7I\n"
+	"oh4eOHlpp+SpaPdF/owzAqNIhcFLe8Mqqv1MjMiel1puz3REatA0RTX1gfRDgYdf\n"
+	"wY0xOzfOV9rblZffsrg7Yw==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEDzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTAxMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2mL83Nvll9NITzU4\n"
+	"rVyAE1OaqJeDmpDS35ch1Ixaklz9q1BwdwsgOxsxFY5xMWAAsveL9mhRyIsLB0dZ\n"
+	"tKvqr4JJwI0FgFD8Qvz2LRm6WkqXnJRNrVSa70YZBLBwDBSz7uiK/NM4mIvyU6FT\n"
+	"rkatbsPA5PUiPv3NR102afP6n5/otnxsIxb6BcFUS4hZUG9NN6BQAWIu9EIlm/Vi\n"
+	"Qy00fIybbQLsp4/mVjcaqCzC3geTU5UPCpCcZsA5Pv1k6GeOe2v+4OcnBx/uvbEN\n"
+	"8/kAZzbU+z8xXZAKP9fm08bYtUJUnySIP8iSMn0P2slFPc5m8rIP1jCJtUJWv9ZA\n"
+	"6yaqEcbZj0d3PLzCtpOYnGxwr18+GPtzMYNXMqK07PDXKBD0vTR3uBNw5KiS2wde\n"
+	"T78XwpaRhNeMfGAssmIBgkF8j/MIPS6P3TfOW7fCKMavOfdhFV20UCPW6cc7Zc6F\n"
+	"IjMvmapAJhGF8cH49hGmRXzCFHihcuiv7YXzrdMsg1r//sdHAgMBAAGjdDByMBoG\n"
+	"CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud\n"
+	"JQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFF+K1Hmt\n"
+	"12jGP35kjD9U+pueiA5+MA0GCSqGSIb3DQEBCwUAA4IBgQCm+jHGLcUXHO4ZvHX8\n"
+	"oWLPVbxOSgdNsiWkiHLz4BQ6hR7OxiUyQUm4xYqkbeZ+bWNjXMR3j172SSG87Chy\n"
+	"oDY8QAKSLFzoS3w8c8+RiU1cOPaz/0SqrQSWLu0POhf2iIEiUOZI7djX9f1M58pE\n"
+	"l5/+VbOH6o4atDBPmUm1z3vl7pRJDr5Scsqhh3okUgkgOMYruaU7vTvOuWcfk4L6\n"
+	"PP1mkkgsHNwpCzNBj+LfArF9/py80riMQ8ndhXT8DPyyt3Si8gxCwwjR+CrLifiz\n"
+	"6zMf3gaOspfWxygdEVjtByjvSsPzeI4ZER5AL7kglzsTdw6wKSFetKAGa5wY36H8\n"
+	"edZb9Io+RQ8SqbS18njNwBAZRTXEgwBMqvp5u5zWincI1XtcAfWDf3I4qZOXhFww\n"
+	"1wZC0X7pp/N9NksSwkBKjbbIJ79FEusBXNNKAkwD24glljxbR8L2gYMxeW91jreq\n"
+	"sjGOtMIbeLLqWJySx7Sqb2lBCf/fOmmKNljf8qTWt49BS4w=\n"
+	"-----END CERTIFICATE-----\n",
+	NULL
+};
+
+
+/* Intermediate has unrelated values to the CA's */
+static const char *tls_feat_inter_unrelated_fail[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEVDCCArygAwIBAgIMV0048x6V+yyOmIP9MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTYwNTMxMDcxMDQzWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAvIrXdUdPOdDBJgWV09TDDs32JHNDRYkzRnjlf4UzOVmm3qkWiIxZvOfNgryL\n"
+	"FfupoSefhwivTaM4cHtDFVzAJpEK+WqxMLfzm1BFzf390uAANoYbIYwpwkvbOq8n\n"
+	"dHxGIUhILaBdSvx8nvx845FxrCPqADyai0JOeA0HdtlRn9w4hc7U+q/Mg+w7scVR\n"
+	"W8XH7BxXI2ifyJXJh+BtNB4aFeZYERcwwV7f7c6Zy0yhbsNby18I1UYmFnt8TCIU\n"
+	"/OSQzoaxlM9/9Mckmx2BEL7S78e0Z4zIfBzM31hhQAjtqJulIOE/ffbvdQPRyx6/\n"
+	"cT3smxDjS4lmZdCsStDMfVBrY+vOOdGKmyLdOj0lY1Ji3G28405pMhczDjyxcDWQ\n"
+	"voH/zU2QSA/idjlxeyHgIKoN8xJQCop9tpm8yyW1P5T4eZ4UbYRJdAZ8VPkzOPLn\n"
+	"xWHsNAcdgI+TcYwPxVU12CzaUt0Zo7Z5wKbNSXbB4xO4+R9iHNUUMS+qqGNbOdyN\n"
+	"Y8xbAgMBAAGjgakwgaYwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n"
+	"EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUF\n"
+	"BwMJMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJVizUISGTweasa8Pw2/F/Nw\n"
+	"EzTuMB8GA1UdIwQYMBaAFP3Nj/JbYd6NUZmiaUep6koL5oG6MA0GCSqGSIb3DQEB\n"
+	"CwUAA4IBgQAJKYmvNlgI4pMVrD4ZWrcmeEZ+wUJDXeegQbc1aqJh6EdsxYyaq5bR\n"
+	"InZ8a4EQ4Id4mTXByKBccJQt0Y2gYJKpzlnhw02Bz5fPjnRgxM+RMXQVFuf+AsAO\n"
+	"fMAvLFiVe4kRcQchHJkPsVCtsSMr6i1t3B9Lu6g+xjbvlLC05Ith85FVM5XI74xP\n"
+	"8C5YW83qSX5gt2l5mXziJq2woimH/3elsP6S3u6rZyZqZq34aKxbd/vZ4gzuhPrr\n"
+	"F05et0YVSr/aw6/+K3YGBNitInDfco0vcPzNufb4UA0RSIhLlKnV99JKREBDezLV\n"
+	"2XEt0MEIE9fWNtKNM6M1SZLsLDDEyOmH8fhLQ/tLl+eraFUD1Z5itZJeqCqJfELj\n"
+	"vGn5svmHXwCkp3GYwIDBh+1zVOHKxEGD8cn5NltQx+PMFo8bSOmwZ7svqm/kwOdE\n"
+	"LtGCSFyhaRTpyoaQ+pMteCPhqHZm9+M/McWCpZY6TKLuSEcrGve+moVnywrL9RDl\n"
+	"tB2h66YQzNI=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIELzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTA0M1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA295UXzZbSrgI40kC\n"
+	"KIUqjIe+AMczrn/E2hdTDuBYGjWpNcEv01ifN0SKxnnrok4An0K9VtY1BupXj23X\n"
+	"7TdFevLtXWhAhsWnEs912d7ifSP8Ewsctwo5lCcfauufdvRGEU09Dwz9ig1AO/Ri\n"
+	"4MVB8b/yi7ALiHhHNQaUxeW6v+t4jMvBZjDURq++x32NpvLuiDovj7DZkqqIZhjZ\n"
+	"MjDinZN2ejTIcD7eclqIV8vN9VsR4acC1gGbmB7WSkgYxAbICYv6abDwjhH8CD0J\n"
+	"DTNk27xLNASCSxIwCXqIO5ggo9tEMwcRHKfFzmTcPsgFMk/466cS6Y/Xi4ocJ4r6\n"
+	"YX7tPpWef9f5g9xZft7g7giTIWWmqbHlGrQDd/t7Y+7z/Fk92XUHzicyRgSAHyM8\n"
+	"BpRaeUCNCec8ut8qspMpKlXVjqbzOsfmgcew3bq/3VrlwawZ4i/e1I7sIG+2RcPQ\n"
+	"Dj06HAka15OBm0/vTQJdHkuLUu60ugN9lnQP0/+dKJyUgWvfAgMBAAGjgZMwgZAw\n"
+	"FwYIKwYBBQUHARgECzAJAgEEAgEDAgECMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0l\n"
+	"BAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU/c2P8lth\n"
+	"3o1RmaJpR6nqSgvmgbowHwYDVR0jBBgwFoAUWDXTpXIYe8dckvlSGdsb6cIyQM0w\n"
+	"DQYJKoZIhvcNAQELBQADggGBAEWUhpYVgqt4etdIgiyazyf4yGE6NmwBqSak66nj\n"
+	"96q+M41WH69cgx7wkIIyyinGiVe6ckRMl0FeKF7N7NqyloDW8mWOkywELkqei598\n"
+	"ZVRcss5rVtegipeMb4CUnhPJyg9rbqbRua31xUZqWfON4uutpW/BQx4FHiL6xH+f\n"
+	"/13Qn7wRWHClzLzOoPXALiCNou2k8dPzWIO5ao3hvrHCgS3GC/QnaKM2KAUGtiKr\n"
+	"cThOSh4U6iiOhCI9EdhNT4wRWzoDrHwiG6UZxTZijyg4A+CUHC3LPRPj/WN8hR4F\n"
+	"HAZ/95pnjpu+pGatOfq6RooP0TnGuzsXmlxq3Vy6n2M40IGqBRZrdWccTP0UCv0v\n"
+	"X1Ey7FJwEHp/bMDAdULqIMhfRCO8s6vSiRlmiiGt8fOB1+pU6hQ0fSeJRWnYInvw\n"
+	"ft5tQZ+nXP92RWa4PGOW0SSpYOApbgQSRincmaJ4KXGUas/ReGp7/2Z6fKRl2Bf4\n"
+	"yvycfbFt3H49U48rSNIn2Z0h0A==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEDzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MTA0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2nAEBLVpjNByAOpW\n"
+	"Ekppi7i7nfmBuCac/S2sAW78xvLgJjgRcT4bH87lO6WrwZmQMkguWHr5/OgyesPX\n"
+	"mt28Xdd4zco+0n9dsXx9RchS3NEKs/ZZJNzifyYqsOEYZT1qG+6G46fyvSVoqQsM\n"
+	"D5qPjd7n/gfzRiwy1bt7uXnJ2HMal4VF4+k5P6kac7kQ2upJhimEIxiTLaJvGxOn\n"
+	"ftWQ6AajC0zeJcEbXgAi9s/42XGLGiNKBiTaGGs+nrkrW3OahKMn4BRJr4Gq6OiX\n"
+	"sHqzhwA8XeWrbOBXAlHh4lK0crtXWW9ab92cxjE4Q7tc/2zGWt2bLgO7u/wVzf7J\n"
+	"4ZOlNJxfQB0n+oJzQoRkcy4erBzuoSGzMDp69bSpaAOUYYEZqRccN4QfnJP8xbo4\n"
+	"YGvMBmGr71/4092Sf4Ev5rJMrel2zdEYmJtOcR7DXjuHUiJWv50XgiWW717y6LjK\n"
+	"hEtQ6HSA9pqWx8grLij13K1KbaAxufYE91iCZxx3u/YU9M5tAgMBAAGjdDByMBoG\n"
+	"CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud\n"
+	"JQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFFg106Vy\n"
+	"GHvHXJL5UhnbG+nCMkDNMA0GCSqGSIb3DQEBCwUAA4IBgQA/uRJjVoleDbXxiM3S\n"
+	"y9iVWLm2gBZ4nTo5UsFZc6gVJKbLLreoMs4ACSaLWwBqz14jyPW/hb05WWH1+tz9\n"
+	"CAh7l7jwBm5VkhrhQoCyO33YMSj81rOa462sFAnCbjwVnRbD9yfhuU+DV+tN7gIa\n"
+	"lFqxRcDh5AaJGXOsZSvq9vRBoDf3Ex8bz39SLhDffwio+WO9F6O0/Xb3ZH/3yvQr\n"
+	"Mc9IXT2cDlyGuVwHVtbhlif6sTPKVkQQzscES5XfdAW6qvMr/qX8RwaCohoghOr7\n"
+	"EsRpKakc39QadsjkUWo2DDqFmkjjfGOU3LZky0FiBaSNoqRf++UN3hAlrlOulppU\n"
+	"wUXDyCBcRx4cA5ne/djg38/7RZ+KKvjDSQgCMoty8er1pgVz54JPbzx6YqkVn5yJ\n"
+	"RfvRb9WzvZUc9r0SNJRrUNy5LF1JjAujPqYdzR6SiLxYokGBr6IUYnmuLiZWC1HV\n"
+	"Byjjr5zOGusBRCrHqp34K9BK0mfmh4hkp1T0cQfANonfd3A=\n"
+	"-----END CERTIFICATE-----\n",
+	NULL
+};
+
+	/* All feat extensions ok */
+static const char *tls_feat_ok[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEVDCCArygAwIBAgIMV004jgOV2pqz2XJGMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTYwNTMxMDcwOTAyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAu9h+LBQAa5jzsAQxwzi6uV5lV5g00Scs7TYO+sfMmBbHnXKSa1xmF1j7BQtq\n"
+	"lv5pkAkRdeSrpU/farqPyMOIjDYASFtSL6TwynZw+hFWugIkoiNpZkMDlj7MzF3g\n"
+	"vF9uAZtAa5IJo4lS7AZFPxyxJ6rKLDJ2y0Aezb9sEZ11oOUtfNGdAZOO7Q5tRuVy\n"
+	"EVu6eTTEu4gzCFI4B6ULQvR2c+oirTKp1/BYHAf83ZmjBIRrybxuLx9pPM/5orpD\n"
+	"5NJyQe9fPsjajKzpPVwrb5xBqJcMJJfhhsSf7ABQpVgKdJ+gwEdrD70urNBtvy0n\n"
+	"D22sPkJqztL0ZCAsUDPEsKgcvogs2Q7t4h0AOTq52d4xhUQciMgAozSJvbtMRvnw\n"
+	"mxZ1Awknv47Vng19aEKSy8NinNgOsWN5KHnXggqyxZvztl9p1RGNncw1wapLHYn9\n"
+	"Ob6sZr1Pubu68lKYHdRjieZ6vcphCC4NjseBCiy+PwrF33B0Ql90KbwqxQWEskLC\n"
+	"UGIPAgMBAAGjgakwgaYwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n"
+	"EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUF\n"
+	"BwMJMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJ0YWmCqdWs8vY03+6wibhvI\n"
+	"qbamMB8GA1UdIwQYMBaAFJoje+dWMrHAJ8+Mp9TOKJCAGR0sMA0GCSqGSIb3DQEB\n"
+	"CwUAA4IBgQBGs/AO0rKyiuCWzo1dkrvM27LMyKzdMiIR+eMA2Y6Iz5OhwWWqg9N8\n"
+	"Q/BDpgmOf3VKC3wm4GPftUYSbKv3RhL/BaCZrum+p8WjTChyl0qG30YnSjPRHSyZ\n"
+	"CKFjrcxwwEiovw3viuvh7hzeUJ8Lwd/t9jSQ6VIvIknUyq2YtAg8ewlZ9hssv1gL\n"
+	"18YJXJcEiM0X61eptRGNbNRogXOUzQ4Mu8TPiF/nTBXIayvcP3GisqaSJJCm2pZ4\n"
+	"J+LhHOPCu7Ar0iPkXj+a1LJxGTbQKAXf5Ad8YFoC/IFmezUd16LDYxqYmYCwTdkD\n"
+	"JrO2FIp25zKygAGMsY/DR6S/vzt16StUL50+41plnbFh8DIwg4Aby+jnUe8ZNths\n"
+	"NHrzZ7T4ly0mJb1Ckls5F3P08STVCahJgQc/YFdhE5529th1HBZAtjPNxLmmEu6p\n"
+	"P5xW0rslNtvM4XjHNgsuUFzF/Sz3pRvC0Bct+vMCvohGgpgP2GN22uoHYL9GduQL\n"
+	"LLJepYZ4YhE=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEMjCCApqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MDkwMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtAhQm2wNTuCHDUct\n"
+	"MwElvSGErRo8iM00gajPkzAmLDRAkx0Da5xZM/Fsym5nXR3NmYT9nOSr20UoWuLH\n"
+	"EfYvcaDKxYBEJHS/3CBbSKgLw/U1cpDCdFecSbPD/u6TsdQKfMKUif4L3AVgBjF0\n"
+	"no/nbwTVkhSUou5zIahbLRQTmEap2Lqojn20R4z+ufgLH8frDSHF9DigRjhxQiRg\n"
+	"wxpBlXzj23pUhzfbLoC9IQYIROutemZiF3iy6AaPlaD6gCoxmql5WV8hbF0XmLcA\n"
+	"mV/Hd19LDx1UBo+nX4bfWkG9uZc3wTDLNm7dTPwauUPyriEL38uM3I30SToaQHwY\n"
+	"FnH55e47zmouyQkJ1mM7aNqQq/xbiJYTZsj3+dAbv3vKhyAT295LRRTp4mju/Uz6\n"
+	"WEeZPzlLixVMfgp6TDgmkwDcnPLHp3ZIi0uUT1iyQcHHmZIXSknG9x1l493v4i15\n"
+	"vvz6vf5ATYvaAjOq90pUwTR316BJwbhnMm0S8H8fQlA5lUnDAgMBAAGjgZYwgZMw\n"
+	"GgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMA8GA1UdEwEB/wQFMAMBAf8wEwYD\n"
+	"VR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUmiN7\n"
+	"51YyscAnz4yn1M4okIAZHSwwHwYDVR0jBBgwFoAUtGNyxKnr3S+q0eeKC4b72Rm/\n"
+	"j+cwDQYJKoZIhvcNAQELBQADggGBADw5dRcUyvrpXX1MaNM3lY6GwnYcE4PWAkeX\n"
+	"wwcqgjpcDn3i/aPAuGC5d2mgM0Ti7ESOZhwhzTPf3RgenrccIVKyZHXsNMnAAx8f\n"
+	"1cipQ5xmB6fTAQl7LbAggewdj5p5jxAKECOmez2+YWfeUZ7cWq8YZs1rA2LHN6wL\n"
+	"xL5g9xltgBqZDFqXEXTNhZRNnGybpPDC7GH/hhswtWWPRCVb31QeHiwz6pBSNXfR\n"
+	"IodANUbs7I5V1vrNyVGrldlqWrEbb3o7JGMo4MOCs4145+iwIVD4Tiqsx6DoiM0h\n"
+	"ZOQjf9ObKbu7LG7phT/UdLWn8cXRwYPlAh+UP30PMgFu0nZes4Iv58L35GzKHkp0\n"
+	"dMAhSRN7tTvk8/1Dsb2+Lt1l2p5PS69U/k5pV7d3TsRZyZCir8G2QokOr/vRZzju\n"
+	"nnqPAHo01YXsDX3D7AkabIgWSzGEcTBSV6mPSxUPqz8ZIkeJLOOdlwftH1/X+8kF\n"
+	"unAIY2D5uUuuaqgktXtid1Omh80jiw==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEDzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MDkwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuRdqWajxoOt73FeL\n"
+	"BLGusyOzoa4dVi65tOnv2YfOd/GqZtawazD5t8Jh+T58+ampMWOJ6wVpenpb62sn\n"
+	"onJzjlhu4oDzrJ+WYVoy/gckzvhmwCd+JQW4ziKQLtdog4KPjqUNxtZ6k4jX/xGa\n"
+	"U0xez5VFt1KiibnKN8sYzB4S6mnPfWj94rqOSf4ycAywDTOI0A9PU/1nSsdurhnT\n"
+	"P1SpwVGR/3z8k0sbpgjqLHnGgHoyxKnll4Z/klsUJHwBEZEvuHZaiiWtYrQQuC2G\n"
+	"8D0ZWy8CwSM3bth0+kyZFnFNe3hVQ6D9PuHxZt5NrRcimwFWxFNHmxR0aLk8ExSo\n"
+	"RB/EexdhfbfxtoqBB7TwP7UwujwirV5pUvUcH1EyMphgPUzo3oxeurPZChmAjXa1\n"
+	"B68C3VCfgDn1EcsmdMAXcU1u+ey0Z+of5gko8K7kvd79Y0WMZFPFQEU8KQWKyDk4\n"
+	"mu0RMlSZb9dJcsRqoMRkbp+wKx0taZWQ6U/SgrUoJQM+FMpXAgMBAAGjdDByMBoG\n"
+	"CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud\n"
+	"JQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFLRjcsSp\n"
+	"690vqtHniguG+9kZv4/nMA0GCSqGSIb3DQEBCwUAA4IBgQCKLXA0khkzZAAnW3JZ\n"
+	"VX5IqZaN2rBGYoBLx18Jw6FLhT1/vJ0v8QyRPu1/4iz+nrX1+cE23yFhkWrDU4YB\n"
+	"kzZIz7IQrssJwicmEh3TKcFRbqh/zruQRCBBdxTFzY9A2VQf7/7VPSzBI4AymajG\n"
+	"9z5cdvWHdF+N5FspLql1sF2+AbkZo8YfCOarGPMZYdaQLqYq1BOsKYGVzmj096IR\n"
+	"BAqDiRhCn5+j4HV9Pc0uSt1gJNGc5XA9rzl1qQ+TREQsEkZLrU0K8wHECf3sRXZu\n"
+	"G+mEKXYRAd3fvfKZrhFcZn3gXXoD9zu3GTykVpL2MkdNKlh0KvbHca4k5Tk7qMcp\n"
+	"KwozGmTRvYfeV3EaZpGO+VM7SHmpe/XgBNXQME8CDlbNCXtmGPOV+tiBHPPrzKSV\n"
+	"TtBEBmaHhE8OTDiqbYk1PM1/ITI7zXVr9yEcmz6cir5R7bFZJoKoAx3mgPIp/xEI\n"
+	"+iLLM49f5I5Ep+6nHNl4ZITtK7HkoAkm47ssCD8vhRKvbyI=\n"
+	"-----END CERTIFICATE-----\n",
+	NULL
+};
+
+static const char *tls_feat_superset[] = {
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEWjCCAsKgAwIBAgIMV004sDcgryQ5FXjYMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
+	"BgNVBAMTBENBLTEwIBcNMTYwNTMxMDcwOTM2WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n"
+	"ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n"
+	"AYEAu6Uyopr7IX5SyFvxs8qrSzHEed4jJyrEhARMeD5arDACdVU8vi7FlRvP0FFd\n"
+	"8PpxkTlZetoyEymqd2MnkQGA/YDlxB3ngAxo72lPK+pw9WGtElYqbJsCOoiSHdtB\n"
+	"1qbp0epPF2U/ewjHlA1iKJImdEm3Lrkn5FPvzCnp9a9PigT7XjOhABosD9mAycsD\n"
+	"wpW4ozAGU8hXD6dgDVLnOqFLYDG3RDf94ExnyQC+8MhnP0L8Rwd+W0vbixQqZRH6\n"
+	"kruWb9MuHQljMsPoLNP0wzxloh9uukt+MkojuVAUZFaUTNQervyLslx3oSEs5tdG\n"
+	"nW/4ot3qjkq7kJAaPulNUZiyt1hYUJbAKiL5YD+u4ft9Mu44qYXFq5dKkIHeAzMd\n"
+	"oe6DlXBXcZoJ74GWlBcDRMc3ogNr1zuLG//1H4/31PfHv93jhoS/gTdGxZbBwCec\n"
+	"PnAiBG+a2NdXGE5h0QkkoEgdXhsuwfzLPm4FI02lPt3FHVPfjvUdJ/uRdGh+mTlT\n"
+	"ukL3AgMBAAGjga8wgawwIAYIKwYBBQUHARgEFDASAgEEAgEFAgEGAgEHAgEIAgEJ\n"
+	"MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoG\n"
+	"CCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFD5FxvdU8KQ5Zhmm\n"
+	"Sp5w9PlEk9WcMB8GA1UdIwQYMBaAFLTAyh7vGGisFpmjiRK8pkyKWVytMA0GCSqG\n"
+	"SIb3DQEBCwUAA4IBgQCDY9tk6aT00ir0vh3hlXnGVTsMsduaSw51gVBJGqCdLccc\n"
+	"AJKzPIl8qm0YEnGzGRFREPSiyYAItL5tp5JnvtOPQb8jcZDej2Tu/Osudgwdz9KY\n"
+	"WTnxEnW7ohuu69vOEftc42emK659OE/hytsQyJ7AO0YD6Y4741UtuvD3wt61f1YE\n"
+	"RGRgbG+kZrFWxJtwDDFOR1NWlUrz7OWUodebY/85JT2bfd878ZyKa95nBu+Lt5or\n"
+	"SWQ3AemBMXonbsLBZmsaM/zT/+7XDnoAiSn6l9kEZXZYOvvg0wcmp5J93Y39Knzs\n"
+	"YanT/tFbfjQtXoAwCHyQ/ZPGEv+7NM5ntvQVivGbPd2pOz4LsryE3PNCJABS78C1\n"
+	"OaU29g89UR5+4P5Hd/6JAD/6v4n7SYW1HtwkdBEB6Sgz3Mvy53OwecWkXMQm0KJi\n"
+	"reVoWSxicYh+uvbz7rXcidXpOnByyDeTE/C7t4rPIhiJVwm032M+jdpd5tFmjnQM\n"
+	"dndTvtl/Dtze0HLadx4=\n"
+	"-----END CERTIFICATE-----\n",
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEMjCCApqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MDkzNloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnF5apqyno7J9LIsb\n"
+	"mEb2cG8dbT9Nt6SC7SiZ+WlVQtZlrzRWdkbsMar43EEHzSS96X1I5BRoOsPGjNc9\n"
+	"4T62t9Y5qXNuUVtcI+Ycky28YHkU06hbxuozyYXpto8yENIvBJGGiZRBFYDul9nS\n"
+	"KX2o4bdj6l/W0RKcAnMu7JEOAqYJ7QlzaFZgsSgtm6bZTXyD2kS5m+cZi30iHq2Y\n"
+	"HB0+S7JGF0VavmzX1t8gs+bmUM3KLviHro4bayGDsIoOsFazAAlN07rYgncHLC6Q\n"
+	"4P/4BLDTEvzumc9PoZP8zmkB+z/0Uk25r/GF4n3hMHi0pRA1Wvhi8CzfnfRVnvBV\n"
+	"YnuISXenu2Ea5CbKoXjwM/Jcbw2bp/9oKvN18+HVks6X1Ct5w1tOc6cMvZ0/Lgky\n"
+	"J9Y98R0ejAorpSMhdklYyfIPImCWJ39/iyMmICGwhQKmhJCMgZcK5gmWOkhw0dg2\n"
+	"eNP6eU1YFRqt+YnJcC4KeOtExaCP4tx2Gt+d0Zc08azZILRXAgMBAAGjgZYwgZMw\n"
+	"GgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMA8GA1UdEwEB/wQFMAMBAf8wEwYD\n"
+	"VR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUtMDK\n"
+	"Hu8YaKwWmaOJErymTIpZXK0wHwYDVR0jBBgwFoAUiE3iLMwkfbHWUo7kPFuF0lOj\n"
+	"qRYwDQYJKoZIhvcNAQELBQADggGBAJXscoOqKBAQyyii3R9LR0vr/DbQc9jFZ500\n"
+	"MpyELYY4Ggzphb7VUDBF/bC27ZMSrTlCC4Rw8wi2ARmsRfU4uBjij9ltL6TcMFK8\n"
+	"ppttyhP3Xw6ewGMhAqETi2Xn3LgKJdAmPiS+1L818BS1Riqz5lGwuTUsIu9ss0Uh\n"
+	"EkK7iEyvWhkEFuujSiI6qDtv+nWuz6dVFlkz7tqcNBTsYbjvvKLwB1CZLQEQKahJ\n"
+	"uihuwDvyr7/g40VB2pgcXivpoKN/doj18cC4/RO+3a+j7cUkXC6J7BEnWKmh5wkv\n"
+	"H0C8iizjHV7pRVRm8F18vY5SuoswGth9SFzLQbnD0RXnoPwzob1ISYK8uWyuLY5z\n"
+	"Kd1d2bqbboTTHlqM5MWDG0p0J6EDj+Qa8Q5aQKiX2IUGaZtXFx+ISXPW+WXIdTDm\n"
+	"pQHUne8/CWF+rbAeWsCRuD3aV7qQlhGsHBVqBkO0gA3A63+KBAJHC8srRQVCbAt3\n"
+	"TUoZI1vR1QrD0NL/zshX09E+4eINcw==\n"
+	"-----END CERTIFICATE-----\n",
+	NULL,
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIEDzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
+	"MCAXDTE2MDUzMTA3MDkzNloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n"
+	"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzqW5FsKC8zySjDt0\n"
+	"z2JNyq9zK7fEy9Ty/i8KCSb6ryQxyV0vXm5zDaDxTVrqK8MyrAyUKlUEnu1CGdw5\n"
+	"5jKlTYY+PzCUVvVaqTEd5INkZFbRzqEZrOp+ENs8LYH73sp6UckYhU4QxyplEoFf\n"
+	"sqfmew1x6y5KHgmMtMclNkqNWA0qg/XEkrQ/cwL1aAngaXiLZS9trfA/iYFyyBg7\n"
+	"UR2JYqO520OTlDNPutrwyqDt5n9yijvxoQJqri8D4sIdStZVK+PjlqKzlYs8GGa8\n"
+	"baPUnw7XL6/Q+yDHDvkCa0pc6CJT+9a3W/ZJAzxwDygqFeSRLYUsqOAVH3akNUFb\n"
+	"lsp2gLNoSRWGOzXxEOK5hiDSK6/yZ0ONGtAxSexY+6pbM1IMQR8bCwM+lkOfY9gw\n"
+	"zey0YN2gBJ2uYB8Rf1znwTnpySh/yPRODQo83b7kNHQeOJB+W1GS+Rti6a79fATM\n"
+	"elnlkST5cTnJbwE2TXHS8naOTkn4UMGpiGeu+kOGoV0qTknVAgMBAAGjdDByMBoG\n"
+	"CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud\n"
+	"JQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFIhN4izM\n"
+	"JH2x1lKO5DxbhdJTo6kWMA0GCSqGSIb3DQEBCwUAA4IBgQCTaiLV0gQVVaYAmFQf\n"
+	"4DMFVBn7McffwZCj6S+jA4jxmJWjxIMdiR2aFq2pqo8c11WBtonBaDz8xGb9x4QL\n"
+	"EQ+JBuPUrlqT2C7L8+5I97TK6FzSPNhUiDQDNQUKkNnJ0KtshDxJkgBFZd1zDMkk\n"
+	"GEpMsb4dWqbG+K5x75mdFQH6fQbqU+tGcHypXJqROPU3ssEeDTVsmkOZ2J5rVrk5\n"
+	"a8/OV8LpvVRuIrqxhDAl6w9HuR3qV4CxOUd8/SI86zjLXXVSBvQXsYnz7BJOmSHo\n"
+	"I6S2emdhgNmW0H6tFHYogqrU5EdJVMYruo/otO0kRzHWNVB4j4/h4+AJczWLsiCn\n"
+	"I6ayyCgK48qeEjBBwFimpQ6r+EFnPqSWlNMi9GPdr0f6GWb9zxPhz+xQ4fftqc8c\n"
+	"GOgJ25se4Ip68JyASxUqO03vgqUShgisOnptaOMjCKV21+Xc7Zhc0xBA86I+kXQX\n"
+	"ASkyQt6XS1cHoZs99dhKwTou3Qpz5hoBcX7bDrBwUxUMi5M=\n"
+	"-----END CERTIFICATE-----\n",
+	NULL
+};
+
 static struct
 {
   const char *name;
@@ -1885,6 +2372,12 @@ static struct
   { "kp-fin", kp_fail2, &kp_fail2[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_PURPOSE_MISMATCH, GNUTLS_KP_TLS_WWW_SERVER, 1412850586},
   { "kp-ok", kp_ok, &kp_ok[3], 0, 0, GNUTLS_KP_OCSP_SIGNING, 1412850586},
   { "name constraints no name", name_constraints_but_no_name, &name_constraints_but_no_name[2], 0, 0, 0, 1427270515},
+  { "tls features - ok", tls_feat_ok, &tls_feat_ok[3], 0, 0, 0, 1464679470},
+  { "tls features - end is superset", tls_feat_superset, &tls_feat_superset[3], 0, 0, 0, 1464679470},
+  { "tls features - intermediate no ext", tls_feat_inter_no_ext, &tls_feat_inter_no_ext[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1464679470},
+  { "tls features - end no ext", tls_feat_no_ext, &tls_feat_no_ext[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1464679470},
+  { "tls features - intermediate is subset", tls_feat_inter_subset_fail, &tls_feat_inter_subset_fail[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1464679470},
+  { "tls features - intermediate has unrelated vals", tls_feat_inter_unrelated_fail, &tls_feat_inter_unrelated_fail[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1464679470},
   { NULL, NULL, NULL, 0, 0}
 };
 /* *INDENT-ON* */
-- 
cgit v1.2.1