mv polarssl

2013-03-19 12:07:10 +09:00
parent 3debd620c4
commit eaeb980d92
230 changed files with 0 additions and 0 deletions
--- a/polarssl/programs/CMakeLists.txt
+++ b/polarssl/programs/CMakeLists.txt
@@ -0,0 +1,6 @@
+add_subdirectory(aes)
+add_subdirectory(hash)
+add_subdirectory(pkey)
+add_subdirectory(ssl)
+add_subdirectory(test)
+add_subdirectory(x509)
--- a/polarssl/programs/Makefile
+++ b/polarssl/programs/Makefile
@@ -0,0 +1,106 @@
+
+# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
+# To compile on MinGW: add "-lws2_32" to LDFLAGS
+
+CFLAGS	= -I../include -D_FILE_OFFSET_BITS=64 -Wall -Wdeclaration-after-statement
+OFLAGS	= -O
+LDFLAGS	= -L../library -lpolarssl
+
+APPS =	aes/aescrypt2		hash/hello		\
+	hash/md5sum			hash/sha1sum		\
+	hash/sha2sum		pkey/dh_client		\
+	pkey/dh_genprime	pkey/dh_server		\
+	pkey/mpi_demo		pkey/rsa_genkey		\
+	pkey/rsa_sign		pkey/rsa_verify		\
+	ssl/ssl_client1		ssl/ssl_client2		\
+	ssl/ssl_server		test/ssl_cert_test	\
+	test/benchmark		test/selftest		\
+	test/ssl_test		x509/cert_app
+
+.SILENT:
+
+all: $(APPS)
+
+aes/aescrypt2: aes/aescrypt2.c ../library/libpolarssl.a
+	echo   "  CC    aes/aescrypt2.c"
+	$(CC) $(CFLAGS) $(OFLAGS) aes/aescrypt2.c    $(LDFLAGS) -o $@
+
+hash/hello: hash/hello.c ../library/libpolarssl.a
+	echo   "  CC    hash/hello.c"
+	$(CC) $(CFLAGS) $(OFLAGS) hash/hello.c       $(LDFLAGS) -o $@
+
+hash/md5sum: hash/md5sum.c ../library/libpolarssl.a
+	echo   "  CC    hash/md5sum.c"
+	$(CC) $(CFLAGS) $(OFLAGS) hash/md5sum.c      $(LDFLAGS) -o $@
+
+hash/sha1sum: hash/sha1sum.c ../library/libpolarssl.a
+	echo   "  CC    hash/sha1sum.c"
+	$(CC) $(CFLAGS) $(OFLAGS) hash/sha1sum.c     $(LDFLAGS) -o $@
+
+hash/sha2sum: hash/sha2sum.c ../library/libpolarssl.a
+	echo   "  CC    hash/sha2sum.c"
+	$(CC) $(CFLAGS) $(OFLAGS) hash/sha2sum.c     $(LDFLAGS) -o $@
+
+pkey/dh_client: pkey/dh_client.c ../library/libpolarssl.a
+	echo   "  CC    pkey/dh_client.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/dh_client.c   $(LDFLAGS) -o $@
+
+pkey/dh_genprime: pkey/dh_genprime.c ../library/libpolarssl.a
+	echo   "  CC    pkey/dh_genprime.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/dh_genprime.c $(LDFLAGS) -o $@
+
+pkey/dh_server: pkey/dh_server.c ../library/libpolarssl.a
+	echo   "  CC    pkey/dh_server.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/dh_server.c   $(LDFLAGS) -o $@
+
+pkey/mpi_demo: pkey/mpi_demo.c ../library/libpolarssl.a
+	echo   "  CC    pkey/mpi_demo.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/mpi_demo.c    $(LDFLAGS) -o $@
+
+pkey/rsa_genkey: pkey/rsa_genkey.c ../library/libpolarssl.a
+	echo   "  CC    pkey/rsa_genkey.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_genkey.c  $(LDFLAGS) -o $@
+
+pkey/rsa_sign: pkey/rsa_sign.c ../library/libpolarssl.a
+	echo   "  CC    pkey/rsa_sign.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_sign.c    $(LDFLAGS) -o $@
+
+pkey/rsa_verify: pkey/rsa_verify.c ../library/libpolarssl.a
+	echo   "  CC    pkey/rsa_verify.c"
+	$(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_verify.c  $(LDFLAGS) -o $@
+
+ssl/ssl_client1: ssl/ssl_client1.c ../library/libpolarssl.a
+	echo   "  CC    ssl/ssl_client1.c"
+	$(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client1.c  $(LDFLAGS) -o $@
+
+ssl/ssl_client2: ssl/ssl_client2.c ../library/libpolarssl.a
+	echo   "  CC    ssl/ssl_client2.c"
+	$(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client2.c  $(LDFLAGS) -o $@
+
+ssl/ssl_server: ssl/ssl_server.c ../library/libpolarssl.a
+	echo   "  CC    ssl/ssl_server.c"
+	$(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_server.c   $(LDFLAGS) -o $@
+
+test/ssl_cert_test: test/ssl_cert_test.c ../library/libpolarssl.a
+	echo   "  CC    test/ssl_cert_test.c"
+	$(CC) $(CFLAGS) $(OFLAGS) test/ssl_cert_test.c   $(LDFLAGS) -o $@
+
+test/benchmark: test/benchmark.c ../library/libpolarssl.a
+	echo   "  CC    test/benchmark.c"
+	$(CC) $(CFLAGS) $(OFLAGS) test/benchmark.c   $(LDFLAGS) -o $@
+
+test/selftest: test/selftest.c ../library/libpolarssl.a
+	echo   "  CC    test/selftest.c"
+	$(CC) $(CFLAGS) $(OFLAGS) test/selftest.c    $(LDFLAGS) -o $@
+
+test/ssl_test: test/ssl_test.c ../library/libpolarssl.a
+	echo   "  CC    test/ssl_test.c"
+	$(CC) $(CFLAGS) $(OFLAGS) test/ssl_test.c    $(LDFLAGS) -o $@
+
+x509/cert_app: x509/cert_app.c ../library/libpolarssl.a
+	echo   "  CC    x509/cert_app.c"
+	$(CC) $(CFLAGS) $(OFLAGS) x509/cert_app.c    $(LDFLAGS) -o $@
+
+clean:
+	rm -f $(APPS)
+
--- a/polarssl/programs/aes/CMakeLists.txt
+++ b/polarssl/programs/aes/CMakeLists.txt
@@ -0,0 +1,2 @@
+add_executable(aescrypt2 aescrypt2.c)
+target_link_libraries(aescrypt2 polarssl)
--- a/polarssl/programs/aes/aescrypt2.c
+++ b/polarssl/programs/aes/aescrypt2.c
@@ -0,0 +1,401 @@
+/*
+ *  AES-256 file encryption program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#if defined(WIN32)
+#include <windows.h>
+#include <io.h>
+#else
+#include <sys/types.h>
+#include <unistd.h>
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#include "polarssl/aes.h"
+#include "polarssl/sha2.h"
+
+#define MODE_ENCRYPT    0
+#define MODE_DECRYPT    1
+
+#define USAGE   \
+    "\n  aescrypt2 <mode> <input filename> <output filename> <key>\n" \
+    "\n   <mode>: 0 = encrypt, 1 = decrypt\n" \
+    "\n  example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
+    "\n"
+
+int main( int argc, char *argv[] )
+{
+    int ret = 1, i, n;
+    int keylen, mode, lastn;
+    FILE *fkey, *fin, *fout;
+
+    char *p;
+    unsigned char IV[16];
+    unsigned char key[512];
+    unsigned char digest[32];
+    unsigned char buffer[1024];
+
+    aes_context aes_ctx;
+    sha2_context sha_ctx;
+
+#if defined(WIN32)
+       LARGE_INTEGER li_size;
+    __int64 filesize, offset;
+#else
+      off_t filesize, offset;
+#endif
+
+    /*
+     * Parse the command-line arguments.
+     */
+    if( argc != 5 )
+    {
+        printf( USAGE );
+
+#if defined(WIN32)
+        printf( "\n  Press Enter to exit this program.\n" );
+        fflush( stdout ); getchar();
+#endif
+
+        goto exit;
+    }
+
+    mode = atoi( argv[1] );
+
+    if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
+    {
+        fprintf( stderr, "invalide operation mode\n" );
+        goto exit;
+    }
+
+    if( strcmp( argv[2], argv[3] ) == 0 )
+    {
+        fprintf( stderr, "input and output filenames must differ\n" );
+        goto exit;
+    }
+
+    if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
+    {
+        fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
+        goto exit;
+    }
+
+    if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
+    {
+        fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
+        goto exit;
+    }
+
+    /*
+     * Read the secret key and clean the command line.
+     */
+    if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
+    {
+        keylen = fread( key, 1, sizeof( key ), fkey );
+        fclose( fkey );
+    }
+    else
+    {
+        if( memcmp( argv[4], "hex:", 4 ) == 0 )
+        {
+            p = &argv[4][4];
+            keylen = 0;
+
+            while( sscanf( p, "%02X", &n ) > 0 &&
+                   keylen < (int) sizeof( key ) )
+            {
+                key[keylen++] = (unsigned char) n;
+                p += 2;
+            }
+        }
+        else
+        {
+            keylen = strlen( argv[4] );
+
+            if( keylen > (int) sizeof( key ) )
+                keylen = (int) sizeof( key );
+
+            memcpy( key, argv[4], keylen );
+        }
+    }
+
+    memset( argv[4], 0, strlen( argv[4] ) );
+
+#if defined(WIN32)
+    /*
+     * Support large files (> 2Gb) on Win32
+     */
+    li_size.QuadPart = 0;
+    li_size.LowPart  =
+        SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
+                        li_size.LowPart, &li_size.HighPart, FILE_END );
+
+    if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
+    {
+        fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
+        goto exit;
+    }
+
+    filesize = li_size.QuadPart;
+#else
+    if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
+    {
+        perror( "lseek" );
+        goto exit;
+    }
+#endif
+
+    if( fseek( fin, 0, SEEK_SET ) < 0 )
+    {
+        fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
+        goto exit;
+    }
+
+    if( mode == MODE_ENCRYPT )
+    {
+        /*
+         * Generate the initialization vector as:
+         * IV = SHA-256( filesize || filename )[0..15]
+         */
+        for( i = 0; i < 8; i++ )
+            buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
+
+        p = argv[2];
+
+        sha2_starts( &sha_ctx, 0 );
+        sha2_update( &sha_ctx, buffer, 8 );
+        sha2_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
+        sha2_finish( &sha_ctx, digest );
+
+        memcpy( IV, digest, 16 );
+
+        /*
+         * The last four bits in the IV are actually used
+         * to store the file size modulo the AES block size.
+         */
+        lastn = (int)( filesize & 0x0F );
+
+        IV[15] = (unsigned char)
+            ( ( IV[15] & 0xF0 ) | lastn );
+
+        /*
+         * Append the IV at the beginning of the output.
+         */
+        if( fwrite( IV, 1, 16, fout ) != 16 )
+        {
+            fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+            goto exit;
+        }
+
+        /*
+         * Hash the IV and the secret key together 8192 times
+         * using the result to setup the AES context and HMAC.
+         */
+        memset( digest, 0,  32 );
+        memcpy( digest, IV, 16 );
+
+        for( i = 0; i < 8192; i++ )
+        {
+            sha2_starts( &sha_ctx, 0 );
+            sha2_update( &sha_ctx, digest, 32 );
+            sha2_update( &sha_ctx, key, keylen );
+            sha2_finish( &sha_ctx, digest );
+        }
+
+        memset( key, 0, sizeof( key ) );
+          aes_setkey_enc( &aes_ctx, digest, 256 );
+        sha2_hmac_starts( &sha_ctx, digest, 32, 0 );
+
+        /*
+         * Encrypt and write the ciphertext.
+         */
+        for( offset = 0; offset < filesize; offset += 16 )
+        {
+            n = ( filesize - offset > 16 ) ? 16 : (int)
+                ( filesize - offset );
+
+            if( fread( buffer, 1, n, fin ) != (size_t) n )
+            {
+                fprintf( stderr, "fread(%d bytes) failed\n", n );
+                goto exit;
+            }
+
+            for( i = 0; i < 16; i++ )
+                buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
+
+            aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, buffer, buffer );
+            sha2_hmac_update( &sha_ctx, buffer, 16 );
+
+            if( fwrite( buffer, 1, 16, fout ) != 16 )
+            {
+                fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+                goto exit;
+            }
+
+            memcpy( IV, buffer, 16 );
+        }
+
+        /*
+         * Finally write the HMAC.
+         */
+        sha2_hmac_finish( &sha_ctx, digest );
+
+        if( fwrite( digest, 1, 32, fout ) != 32 )
+        {
+            fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+            goto exit;
+        }
+    }
+
+    if( mode == MODE_DECRYPT )
+    {
+        unsigned char tmp[16];
+
+        /*
+         *  The encrypted file must be structured as follows:
+         *
+         *        00 .. 15              Initialization Vector
+         *        16 .. 31              AES Encrypted Block #1
+         *           ..
+         *      N*16 .. (N+1)*16 - 1    AES Encrypted Block #N
+         *  (N+1)*16 .. (N+1)*16 + 32   HMAC-SHA-256(ciphertext)
+         */
+        if( filesize < 48 )
+        {
+            fprintf( stderr, "File too short to be encrypted.\n" );
+            goto exit;
+        }
+
+        if( ( filesize & 0x0F ) != 0 )
+        {
+            fprintf( stderr, "File size not a multiple of 16.\n" );
+            goto exit;
+        }
+
+        /*
+         * Substract the IV + HMAC length.
+         */
+        filesize -= ( 16 + 32 );
+
+        /*
+         * Read the IV and original filesize modulo 16.
+         */
+        if( fread( buffer, 1, 16, fin ) != 16 )
+        {
+            fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+            goto exit;
+        }
+
+        memcpy( IV, buffer, 16 );
+        lastn = IV[15] & 0x0F;
+
+        /*
+         * Hash the IV and the secret key together 8192 times
+         * using the result to setup the AES context and HMAC.
+         */
+        memset( digest, 0,  32 );
+        memcpy( digest, IV, 16 );
+
+        for( i = 0; i < 8192; i++ )
+        {
+            sha2_starts( &sha_ctx, 0 );
+            sha2_update( &sha_ctx, digest, 32 );
+            sha2_update( &sha_ctx, key, keylen );
+            sha2_finish( &sha_ctx, digest );
+        }
+
+        memset( key, 0, sizeof( key ) );
+          aes_setkey_dec( &aes_ctx, digest, 256 );
+        sha2_hmac_starts( &sha_ctx, digest, 32, 0 );
+
+        /*
+         * Decrypt and write the plaintext.
+         */
+        for( offset = 0; offset < filesize; offset += 16 )
+        {
+            if( fread( buffer, 1, 16, fin ) != 16 )
+            {
+                fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+                goto exit;
+            }
+
+            memcpy( tmp, buffer, 16 );
+ 
+            sha2_hmac_update( &sha_ctx, buffer, 16 );
+            aes_crypt_ecb( &aes_ctx, AES_DECRYPT, buffer, buffer );
+   
+            for( i = 0; i < 16; i++ )
+                buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
+
+            memcpy( IV, tmp, 16 );
+
+            n = ( lastn > 0 && offset == filesize - 16 )
+                ? lastn : 16;
+
+            if( fwrite( buffer, 1, n, fout ) != (size_t) n )
+            {
+                fprintf( stderr, "fwrite(%d bytes) failed\n", n );
+                goto exit;
+            }
+        }
+
+        /*
+         * Verify the message authentication code.
+         */
+        sha2_hmac_finish( &sha_ctx, digest );
+
+        if( fread( buffer, 1, 32, fin ) != 32 )
+        {
+            fprintf( stderr, "fread(%d bytes) failed\n", 32 );
+            goto exit;
+        }
+
+        if( memcmp( digest, buffer, 32 ) != 0 )
+        {
+            fprintf( stderr, "HMAC check failed: wrong key, "
+                             "or file corrupted.\n" );
+            goto exit;
+        }
+    }
+
+    ret = 0;
+
+exit:
+
+    memset( buffer, 0, sizeof( buffer ) );
+    memset( digest, 0, sizeof( digest ) );
+
+    memset( &aes_ctx, 0, sizeof(  aes_context ) );
+    memset( &sha_ctx, 0, sizeof( sha2_context ) );
+
+    return( ret );
+}
--- a/polarssl/programs/hash/CMakeLists.txt
+++ b/polarssl/programs/hash/CMakeLists.txt
@@ -0,0 +1,11 @@
+add_executable(hello hello.c)
+target_link_libraries(hello polarssl)
+
+add_executable(md5sum md5sum.c)
+target_link_libraries(md5sum polarssl)
+
+add_executable(sha1sum sha1sum.c)
+target_link_libraries(sha1sum polarssl)
+
+add_executable(sha2sum sha2sum.c)
+target_link_libraries(sha2sum polarssl)
--- a/polarssl/programs/hash/hello.c
+++ b/polarssl/programs/hash/hello.c
@@ -0,0 +1,55 @@
+/*
+ *  Classic "Hello, world" demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <stdio.h>
+
+#include "polarssl/md5.h"
+
+int main( void )
+{
+    int i;
+    unsigned char digest[16];
+    char str[] = "Hello, world!";
+
+    printf( "\n  MD5('%s') = ", str );
+
+    md5( (unsigned char *) str, 13, digest );
+
+    for( i = 0; i < 16; i++ )
+        printf( "%02x", digest[i] );
+
+    printf( "\n\n" );
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( 0 );
+}
--- a/polarssl/programs/hash/md5sum.c
+++ b/polarssl/programs/hash/md5sum.c
@@ -0,0 +1,161 @@
+/*
+ *  md5sum demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/md5.h"
+
+static int md5_wrapper( char *filename, unsigned char *sum )
+{
+    int ret = md5_file( filename, sum );
+
+    if( ret == 1 )
+        fprintf( stderr, "failed to open: %s\n", filename );
+
+    if( ret == 2 )
+        fprintf( stderr, "failed to read: %s\n", filename );
+
+    return( ret );
+}
+
+static int md5_print( char *filename )
+{
+    int i;
+    unsigned char sum[16];
+
+    if( md5_wrapper( filename, sum ) != 0 )
+        return( 1 );
+
+    for( i = 0; i < 16; i++ )
+        printf( "%02x", sum[i] );
+
+    printf( "  %s\n", filename );
+    return( 0 );
+}
+
+static int md5_check( char *filename )
+{
+    int i;
+    size_t n;
+    FILE *f;
+    int nb_err1, nb_err2;
+    int nb_tot1, nb_tot2;
+    unsigned char sum[16];
+    char buf[33], line[1024];
+
+    if( ( f = fopen( filename, "rb" ) ) == NULL )
+    {
+        printf( "failed to open: %s\n", filename );
+        return( 1 );
+    }
+
+    nb_err1 = nb_err2 = 0;
+    nb_tot1 = nb_tot2 = 0;
+
+    memset( line, 0, sizeof( line ) );
+
+    n = sizeof( line );
+
+    while( fgets( line, n - 1, f ) != NULL )
+    {
+        n = strlen( line );
+
+        if( n < 36 )
+            continue;
+
+        if( line[32] != ' ' || line[33] != ' ' )
+            continue;
+
+        if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
+        if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
+
+        nb_tot1++;
+
+        if( md5_wrapper( line + 34, sum ) != 0 )
+        {
+            nb_err1++;
+            continue;
+        }
+
+        nb_tot2++;
+
+        for( i = 0; i < 16; i++ )
+            sprintf( buf + i * 2, "%02x", sum[i] );
+
+        if( memcmp( line, buf, 32 ) != 0 )
+        {
+            nb_err2++;
+            fprintf( stderr, "wrong checksum: %s\n", line + 34 );
+        }
+
+        n = sizeof( line );
+    }
+
+    if( nb_err1 != 0 )
+    {
+        printf( "WARNING: %d (out of %d) input files could "
+                "not be read\n", nb_err1, nb_tot1 );
+    }
+
+    if( nb_err2 != 0 )
+    {
+        printf( "WARNING: %d (out of %d) computed checksums did "
+                "not match\n", nb_err2, nb_tot2 );
+    }
+
+    return( nb_err1 != 0 || nb_err2 != 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+    int ret, i;
+
+    if( argc == 1 )
+    {
+        printf( "print mode:  md5sum <file> <file> ...\n" );
+        printf( "check mode:  md5sum -c <checksum file>\n" );
+
+#ifdef WIN32
+        printf( "\n  Press Enter to exit this program.\n" );
+        fflush( stdout ); getchar();
+#endif
+
+        return( 1 );
+    }
+
+    if( argc == 3 && strcmp( "-c", argv[1] ) == 0 )
+        return( md5_check( argv[2] ) );
+
+    ret = 0;
+    for( i = 1; i < argc; i++ )
+        ret |= md5_print( argv[i] );
+
+    return( ret );
+}
--- a/polarssl/programs/hash/sha1sum.c
+++ b/polarssl/programs/hash/sha1sum.c
@@ -0,0 +1,161 @@
+/*
+ *  sha1sum demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/sha1.h"
+
+static int sha1_wrapper( char *filename, unsigned char *sum )
+{
+    int ret = sha1_file( filename, sum );
+
+    if( ret == 1 )
+        fprintf( stderr, "failed to open: %s\n", filename );
+
+    if( ret == 2 )
+        fprintf( stderr, "failed to read: %s\n", filename );
+
+    return( ret );
+}
+
+static int sha1_print( char *filename )
+{
+    int i;
+    unsigned char sum[20];
+
+    if( sha1_wrapper( filename, sum ) != 0 )
+        return( 1 );
+
+    for( i = 0; i < 20; i++ )
+        printf( "%02x", sum[i] );
+
+    printf( "  %s\n", filename );
+    return( 0 );
+}
+
+static int sha1_check( char *filename )
+{
+    int i;
+    size_t n;
+    FILE *f;
+    int nb_err1, nb_err2;
+    int nb_tot1, nb_tot2;
+    unsigned char sum[20];
+    char buf[41], line[1024];
+
+    if( ( f = fopen( filename, "rb" ) ) == NULL )
+    {
+        printf( "failed to open: %s\n", filename );
+        return( 1 );
+    }
+
+    nb_err1 = nb_err2 = 0;
+    nb_tot1 = nb_tot2 = 0;
+
+    memset( line, 0, sizeof( line ) );
+
+    n = sizeof( line );
+
+    while( fgets( line, n - 1, f ) != NULL )
+    {
+        n = strlen( line );
+
+        if( n < 44 )
+            continue;
+
+        if( line[40] != ' ' || line[41] != ' ' )
+            continue;
+
+        if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
+        if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
+
+        nb_tot1++;
+
+        if( sha1_wrapper( line + 42, sum ) != 0 )
+        {
+            nb_err1++;
+            continue;
+        }
+
+        nb_tot2++;
+
+        for( i = 0; i < 20; i++ )
+            sprintf( buf + i * 2, "%02x", sum[i] );
+
+        if( memcmp( line, buf, 40 ) != 0 )
+        {
+            nb_err2++;
+            fprintf( stderr, "wrong checksum: %s\n", line + 42 );
+        }
+
+        n = sizeof( line );
+    }
+
+    if( nb_err1 != 0 )
+    {
+        printf( "WARNING: %d (out of %d) input files could "
+                "not be read\n", nb_err1, nb_tot1 );
+    }
+
+    if( nb_err2 != 0 )
+    {
+        printf( "WARNING: %d (out of %d) computed checksums did "
+                "not match\n", nb_err2, nb_tot2 );
+    }
+
+    return( nb_err1 != 0 || nb_err2 != 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+    int ret, i;
+
+    if( argc == 1 )
+    {
+        printf( "print mode:  sha1sum <file> <file> ...\n" );
+        printf( "check mode:  sha1sum -c <checksum file>\n" );
+
+#ifdef WIN32
+        printf( "\n  Press Enter to exit this program.\n" );
+        fflush( stdout ); getchar();
+#endif
+
+        return( 1 );
+    }
+
+    if( argc == 3 && strcmp( "-c", argv[1] ) == 0 )
+        return( sha1_check( argv[2] ) );
+
+    ret = 0;
+    for( i = 1; i < argc; i++ )
+        ret |= sha1_print( argv[i] );
+
+    return( ret );
+}
--- a/polarssl/programs/hash/sha2sum.c
+++ b/polarssl/programs/hash/sha2sum.c
@@ -0,0 +1,161 @@
+/*
+ *  sha2sum demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/sha2.h"
+
+static int sha2_wrapper( char *filename, unsigned char *sum )
+{
+    int ret = sha2_file( filename, sum, 0 );
+
+    if( ret == 1 )
+        fprintf( stderr, "failed to open: %s\n", filename );
+
+    if( ret == 2 )
+        fprintf( stderr, "failed to read: %s\n", filename );
+
+    return( ret );
+}
+
+static int sha2_print( char *filename )
+{
+    int i;
+    unsigned char sum[32];
+
+    if( sha2_wrapper( filename, sum ) != 0 )
+        return( 1 );
+
+    for( i = 0; i < 32; i++ )
+        printf( "%02x", sum[i] );
+
+    printf( "  %s\n", filename );
+    return( 0 );
+}
+
+static int sha2_check( char *filename )
+{
+    int i;
+    size_t n;
+    FILE *f;
+    int nb_err1, nb_err2;
+    int nb_tot1, nb_tot2;
+    unsigned char sum[32];
+    char buf[65], line[1024];
+
+    if( ( f = fopen( filename, "rb" ) ) == NULL )
+    {
+        printf( "failed to open: %s\n", filename );
+        return( 1 );
+    }
+
+    nb_err1 = nb_err2 = 0;
+    nb_tot1 = nb_tot2 = 0;
+
+    memset( line, 0, sizeof( line ) );
+
+    n = sizeof( line );
+
+    while( fgets( line, n - 1, f ) != NULL )
+    {
+        n = strlen( line );
+
+        if( n < 68 )
+            continue;
+
+        if( line[64] != ' ' || line[65] != ' ' )
+            continue;
+
+        if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
+        if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
+
+        nb_tot1++;
+
+        if( sha2_wrapper( line + 66, sum ) != 0 )
+        {
+            nb_err1++;
+            continue;
+        }
+
+        nb_tot2++;
+
+        for( i = 0; i < 32; i++ )
+            sprintf( buf + i * 2, "%02x", sum[i] );
+
+        if( memcmp( line, buf, 64 ) != 0 )
+        {
+            nb_err2++;
+            fprintf( stderr, "wrong checksum: %s\n", line + 66 );
+        }
+
+        n = sizeof( line );
+    }
+
+    if( nb_err1 != 0 )
+    {
+        printf( "WARNING: %d (out of %d) input files could "
+                "not be read\n", nb_err1, nb_tot1 );
+    }
+
+    if( nb_err2 != 0 )
+    {
+        printf( "WARNING: %d (out of %d) computed checksums did "
+                "not match\n", nb_err2, nb_tot2 );
+    }
+
+    return( nb_err1 != 0 || nb_err2 != 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+    int ret, i;
+
+    if( argc == 1 )
+    {
+        printf( "print mode:  sha2sum <file> <file> ...\n" );
+        printf( "check mode:  sha2sum -c <checksum file>\n" );
+
+#ifdef WIN32
+        printf( "\n  Press Enter to exit this program.\n" );
+        fflush( stdout ); getchar();
+#endif
+
+        return( 1 );
+    }
+
+    if( argc == 3 && strcmp( "-c", argv[1] ) == 0 )
+        return( sha2_check( argv[2] ) );
+
+    ret = 0;
+    for( i = 1; i < argc; i++ )
+        ret |= sha2_print( argv[i] );
+
+    return( ret );
+}
--- a/polarssl/programs/pkey/CMakeLists.txt
+++ b/polarssl/programs/pkey/CMakeLists.txt
@@ -0,0 +1,20 @@
+add_executable(dh_client dh_client.c)
+target_link_libraries(dh_client polarssl)
+
+add_executable(dh_genprime dh_genprime.c)
+target_link_libraries(dh_genprime polarssl)
+
+add_executable(dh_server dh_server.c)
+target_link_libraries(dh_server polarssl)
+
+add_executable(mpi_demo mpi_demo.c)
+target_link_libraries(mpi_demo polarssl)
+
+add_executable(rsa_genkey rsa_genkey.c)
+target_link_libraries(rsa_genkey polarssl)
+
+add_executable(rsa_sign rsa_sign.c)
+target_link_libraries(rsa_sign polarssl)
+
+add_executable(rsa_verify rsa_verify.c)
+target_link_libraries(rsa_verify polarssl)
--- a/polarssl/programs/pkey/dh_client.c
+++ b/polarssl/programs/pkey/dh_client.c
@@ -0,0 +1,254 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange (client side)
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/net.h"
+#include "polarssl/aes.h"
+#include "polarssl/dhm.h"
+#include "polarssl/rsa.h"
+#include "polarssl/sha1.h"
+#include "polarssl/havege.h"
+
+#define SERVER_NAME "localhost"
+#define SERVER_PORT 11999
+
+int main( void )
+{
+    FILE *f;
+
+    int ret, n, buflen;
+    int server_fd = -1;
+
+    unsigned char *p, *end;
+    unsigned char buf[1024];
+    unsigned char hash[20];
+
+    havege_state hs;
+    rsa_context rsa;
+    dhm_context dhm;
+    aes_context aes;
+
+    memset( &rsa, 0, sizeof( rsa ) );
+    memset( &dhm, 0, sizeof( dhm ) );
+
+    /*
+     * 1. Setup the RNG
+     */
+    printf( "\n  . Seeding the random number generator" );
+    fflush( stdout );
+
+    havege_init( &hs );
+
+    /*
+     * 2. Read the server's public RSA key
+     */
+    printf( "\n  . Reading public key from rsa_pub.txt" );
+    fflush( stdout );
+
+    if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
+    {
+        ret = 1;
+        printf( " failed\n  ! Could not open rsa_pub.txt\n" \
+                "  ! Please run rsa_genkey first\n\n" );
+        goto exit;
+    }
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+
+    if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_read_file returned %d\n\n", ret );
+        goto exit;
+    }
+
+    rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
+
+    fclose( f );
+
+    /*
+     * 3. Initiate the connection
+     */
+    printf( "\n  . Connecting to tcp/%s/%d", SERVER_NAME,
+                                             SERVER_PORT );
+    fflush( stdout );
+
+    if( ( ret = net_connect( &server_fd, SERVER_NAME,
+                                         SERVER_PORT ) ) != 0 )
+    {
+        printf( " failed\n  ! net_connect returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 4a. First get the buffer length
+     */
+    printf( "\n  . Receiving the server's DH parameters" );
+    fflush( stdout );
+
+    memset( buf, 0, sizeof( buf ) );
+
+    if( ( ret = net_recv( &server_fd, buf, 2 ) ) != 2 )
+    {
+        printf( " failed\n  ! net_recv returned %d\n\n", ret );
+        goto exit;
+    }
+
+    n = buflen = ( buf[0] << 8 ) | buf[1];
+    if( buflen < 1 || buflen > (int) sizeof( buf ) )
+    {
+        printf( " failed\n  ! Got an invalid buffer length\n\n" );
+        goto exit;
+    }
+
+    /*
+     * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
+     */
+    memset( buf, 0, sizeof( buf ) );
+
+    if( ( ret = net_recv( &server_fd, buf, n ) ) != n )
+    {
+        printf( " failed\n  ! net_recv returned %d\n\n", ret );
+        goto exit;
+    }
+
+    p = buf, end = buf + buflen;
+
+    if( ( ret = dhm_read_params( &dhm, &p, end ) ) != 0 )
+    {
+        printf( " failed\n  ! dhm_read_params returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( dhm.len < 64 || dhm.len > 256 )
+    {
+        ret = 1;
+        printf( " failed\n  ! Invalid DHM modulus size\n\n" );
+        goto exit;
+    }
+
+    /*
+     * 5. Check that the server's RSA signature matches
+     *    the SHA-1 hash of (P,G,Ys)
+     */
+    printf( "\n  . Verifying the server's RSA signature" );
+    fflush( stdout );
+
+    if( ( n = (int)( end - p ) ) != rsa.len )
+    {
+        ret = 1;
+        printf( " failed\n  ! Invalid RSA signature size\n\n" );
+        goto exit;
+    }
+
+    sha1( buf, (int)( p - 2 - buf ), hash );
+
+    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+                                  0, hash, p ) ) != 0 )
+    {
+        printf( " failed\n  ! rsa_pkcs1_verify returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 6. Send our public value: Yc = G ^ Xc mod P
+     */
+    printf( "\n  . Sending own public value to server" );
+    fflush( stdout );
+
+    n = dhm.len;
+    if( ( ret = dhm_make_public( &dhm, 256, buf, n,
+                                 havege_rand, &hs ) ) != 0 )
+    {
+        printf( " failed\n  ! dhm_make_public returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( ( ret = net_send( &server_fd, buf, n ) ) != n )
+    {
+        printf( " failed\n  ! net_send returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 7. Derive the shared secret: K = Ys ^ Xc mod P
+     */
+    printf( "\n  . Shared secret: " );
+    fflush( stdout );
+
+    n = dhm.len;
+    if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
+    {
+        printf( " failed\n  ! dhm_calc_secret returned %d\n\n", ret );
+        goto exit;
+    }
+
+    for( n = 0; n < 16; n++ )
+        printf( "%02x", buf[n] );
+
+    /*
+     * 8. Setup the AES-256 decryption key
+     *
+     * This is an overly simplified example; best practice is
+     * to hash the shared secret with a random value to derive
+     * the keying material for the encryption/decryption keys,
+     * IVs and MACs.
+     */
+    printf( "...\n  . Receiving and decrypting the ciphertext" );
+    fflush( stdout );
+
+    aes_setkey_dec( &aes, buf, 256 );
+
+    memset( buf, 0, sizeof( buf ) );
+
+    if( ( ret = net_recv( &server_fd, buf, 16 ) ) != 16 )
+    {
+        printf( " failed\n  ! net_recv returned %d\n\n", ret );
+        goto exit;
+    }
+
+    aes_crypt_ecb( &aes, AES_DECRYPT, buf, buf );
+    buf[16] = '\0';
+    printf( "\n  . Plaintext is \"%s\"\n\n", (char *) buf );
+
+exit:
+
+    net_close( server_fd );
+    rsa_free( &rsa );
+    dhm_free( &dhm );
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/pkey/dh_genprime.c
+++ b/polarssl/programs/pkey/dh_genprime.c
@@ -0,0 +1,127 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange (prime generation)
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <stdio.h>
+
+#include "polarssl/bignum.h"
+#include "polarssl/config.h"
+#include "polarssl/havege.h"
+
+/*
+ * Note: G = 4 is always a quadratic residue mod P,
+ * so it is a generator of order Q (with P = 2*Q+1).
+ */
+#define DH_P_SIZE 1024
+#define GENERATOR "4"
+
+int main( void )
+{
+    int ret = 1;
+
+#if defined(POLARSSL_GENPRIME)
+    mpi G, P, Q;
+    havege_state hs;
+    FILE *fout;
+
+    mpi_init( &G, &P, &Q, NULL );
+    mpi_read_string( &G, 10, GENERATOR );
+
+    printf( "\n  . Seeding the random number generator..." );
+    fflush( stdout );
+
+    havege_init( &hs );
+
+    printf( " ok\n  . Generating the modulus, please wait..." );
+    fflush( stdout );
+
+    /*
+     * This can take a long time...
+     */
+    if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
+                               havege_rand, &hs ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_gen_prime returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n  . Verifying that Q = (P-1)/2 is prime..." );
+    fflush( stdout );
+
+    if( ( ret = mpi_sub_int( &Q, &P, 1 ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_sub_int returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( ( ret = mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_div_int returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( ( ret = mpi_is_prime( &Q, havege_rand, &hs ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_is_prime returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n  . Exporting the value in dh_prime.txt..." );
+    fflush( stdout );
+
+    if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
+    {
+        ret = 1;
+        printf( " failed\n  ! Could not create dh_prime.txt\n\n" );
+        goto exit;
+    }
+
+    if( ( ret = mpi_write_file( "P = ", &P, 16, fout ) != 0 ) ||
+        ( ret = mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
+    {
+        printf( " failed\n  ! mpi_write_file returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n\n" );
+    fclose( fout );
+
+exit:
+
+    mpi_free( &Q, &P, &G, NULL );
+#else
+    printf( "\n  ! Prime-number generation is not available.\n\n" );
+#endif
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/pkey/dh_prime.txt
+++ b/polarssl/programs/pkey/dh_prime.txt
@@ -0,0 +1,2 @@
+P = C3CF8BCFD9E88B0CC35EC526F3D63FA001DC9392E6CA81F3B414173955C582758B52038FAFBF402B8C29DC32F5231B0D2E25B252850C7DCDBFF46D0E7989E51DEA07A53BCF7947D4C95EBA28F9CBAFB0267EC3BCF57B15A49964236B56773851D6621E546F410D504F13827218CD14A1FDB69522DC72DD67D880E51B2E00894F
+G = 04
--- a/polarssl/programs/pkey/dh_server.c
+++ b/polarssl/programs/pkey/dh_server.c
@@ -0,0 +1,257 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange (server side)
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/net.h"
+#include "polarssl/aes.h"
+#include "polarssl/dhm.h"
+#include "polarssl/rsa.h"
+#include "polarssl/sha1.h"
+#include "polarssl/havege.h"
+
+#define SERVER_PORT 11999
+#define PLAINTEXT "==Hello there!=="
+
+int main( void )
+{
+    FILE *f;
+
+    int ret, n, buflen;
+    int listen_fd = -1;
+    int client_fd = -1;
+
+    unsigned char buf[1024];
+    unsigned char hash[20];
+    unsigned char buf2[2];
+
+    havege_state hs;
+    rsa_context rsa;
+    dhm_context dhm;
+    aes_context aes;
+
+    memset( &rsa, 0, sizeof( rsa ) );
+    memset( &dhm, 0, sizeof( dhm ) );
+
+    /*
+     * 1. Setup the RNG
+     */
+    printf( "\n  . Seeding the random number generator" );
+    fflush( stdout );
+
+    havege_init( &hs );
+
+    /*
+     * 2a. Read the server's private RSA key
+     */
+    printf( "\n  . Reading private key from rsa_priv.txt" );
+    fflush( stdout );
+
+    if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
+    {
+        ret = 1;
+        printf( " failed\n  ! Could not open rsa_priv.txt\n" \
+                "  ! Please run rsa_genkey first\n\n" );
+        goto exit;
+    }
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+
+    if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_read_file returned %d\n\n", ret );
+        goto exit;
+    }
+
+    rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
+    
+    fclose( f );
+
+    /*
+     * 2b. Get the DHM modulus and generator
+     */
+    printf( "\n  . Reading DH parameters from dh_prime.txt" );
+    fflush( stdout );
+
+    if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
+    {
+        ret = 1;
+        printf( " failed\n  ! Could not open dh_prime.txt\n" \
+                "  ! Please run dh_genprime first\n\n" );
+        goto exit;
+    }
+
+    if( mpi_read_file( &dhm.P, 16, f ) != 0 ||
+        mpi_read_file( &dhm.G, 16, f ) != 0 )
+    {
+        printf( " failed\n  ! Invalid DH parameter file\n\n" );
+        goto exit;
+    }
+
+    fclose( f );
+
+    /*
+     * 3. Wait for a client to connect
+     */
+    printf( "\n  . Waiting for a remote connection" );
+    fflush( stdout );
+
+    if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 )
+    {
+        printf( " failed\n  ! net_bind returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
+    {
+        printf( " failed\n  ! net_accept returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 4. Setup the DH parameters (P,G,Ys)
+     */
+    printf( "\n  . Sending the server's DH parameters" );
+    fflush( stdout );
+
+    memset( buf, 0, sizeof( buf ) );
+
+    if( ( ret = dhm_make_params( &dhm, 256, buf, &n,
+                                 havege_rand, &hs ) ) != 0 )
+    {
+        printf( " failed\n  ! dhm_make_params returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 5. Sign the parameters and send them
+     */
+    sha1( buf, n, hash );
+
+    buf[n    ] = (unsigned char)( rsa.len >> 8 );
+    buf[n + 1] = (unsigned char)( rsa.len      );
+
+    if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1,
+                                0, hash, buf + n + 2 ) ) != 0 )
+    {
+        printf( " failed\n  ! rsa_pkcs1_sign returned %d\n\n", ret );
+        goto exit;
+    }
+
+    buflen = n + 2 + rsa.len;
+    buf2[0] = (unsigned char)( buflen >> 8 );
+    buf2[1] = (unsigned char)( buflen      );
+
+    if( ( ret = net_send( &client_fd, buf2, 2 ) ) != 2 ||
+        ( ret = net_send( &client_fd, buf, buflen ) ) != buflen )
+    {
+        printf( " failed\n  ! net_send returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 6. Get the client's public value: Yc = G ^ Xc mod P
+     */
+    printf( "\n  . Receiving the client's public value" );
+    fflush( stdout );
+
+    memset( buf, 0, sizeof( buf ) );
+    n = dhm.len;
+
+    if( ( ret = net_recv( &client_fd, buf, n ) ) != n )
+    {
+        printf( " failed\n  ! net_recv returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( ( ret = dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
+    {
+        printf( " failed\n  ! dhm_read_public returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * 7. Derive the shared secret: K = Ys ^ Xc mod P
+     */
+    printf( "\n  . Shared secret: " );
+    fflush( stdout );
+
+    if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
+    {
+        printf( " failed\n  ! dhm_calc_secret returned %d\n\n", ret );
+        goto exit;
+    }
+
+    for( n = 0; n < 16; n++ )
+        printf( "%02x", buf[n] );
+
+    /*
+     * 8. Setup the AES-256 encryption key
+     *
+     * This is an overly simplified example; best practice is
+     * to hash the shared secret with a random value to derive
+     * the keying material for the encryption/decryption keys
+     * and MACs.
+     */
+    printf( "...\n  . Encrypting and sending the ciphertext" );
+    fflush( stdout );
+
+    aes_setkey_enc( &aes, buf, 256 );
+    memcpy( buf, PLAINTEXT, 16 );
+    aes_crypt_ecb( &aes, AES_ENCRYPT, buf, buf );
+
+    if( ( ret = net_send( &client_fd, buf, 16 ) ) != 16 )
+    {
+        printf( " failed\n  ! net_send returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( "\n\n" );
+
+exit:
+
+    net_close( client_fd );
+    rsa_free( &rsa );
+    dhm_free( &dhm );
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/pkey/mpi_demo.c
+++ b/polarssl/programs/pkey/mpi_demo.c
@@ -0,0 +1,81 @@
+/*
+ *  Simple MPI demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <stdio.h>
+
+#include "polarssl/bignum.h"
+
+int main( void )
+{
+    mpi E, P, Q, N, H, D, X, Y, Z;
+
+    mpi_init( &E, &P, &Q, &N, &H,
+              &D, &X, &Y, &Z, NULL );
+
+    mpi_read_string( &P, 10, "2789" );
+    mpi_read_string( &Q, 10, "3203" );
+    mpi_read_string( &E, 10,  "257" );
+    mpi_mul_mpi( &N, &P, &Q );
+
+    printf( "\n  Public key:\n\n" );
+    mpi_write_file( "  N = ", &N, 10, NULL );
+    mpi_write_file( "  E = ", &E, 10, NULL );
+
+    printf( "\n  Private key:\n\n" );
+    mpi_write_file( "  P = ", &P, 10, NULL );
+    mpi_write_file( "  Q = ", &Q, 10, NULL );
+
+    mpi_sub_int( &P, &P, 1 );
+    mpi_sub_int( &Q, &Q, 1 );
+    mpi_mul_mpi( &H, &P, &Q );
+    mpi_inv_mod( &D, &E, &H );
+
+    mpi_write_file( "  D = E^-1 mod (P-1)*(Q-1) = ",
+                    &D, 10, NULL );
+
+    mpi_read_string( &X, 10, "55555" );
+    mpi_exp_mod( &Y, &X, &E, &N, NULL );
+    mpi_exp_mod( &Z, &Y, &D, &N, NULL );
+
+    printf( "\n  RSA operation:\n\n" );
+    mpi_write_file( "  X (plaintext)  = ", &X, 10, NULL );
+    mpi_write_file( "  Y (ciphertext) = X^E mod N = ", &Y, 10, NULL );
+    mpi_write_file( "  Z (decrypted)  = Y^D mod N = ", &Z, 10, NULL );
+    printf( "\n" );
+
+    mpi_free( &Z, &Y, &X, &D, &H,
+              &N, &Q, &P, &E, NULL );
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( 0 );
+}
--- a/polarssl/programs/pkey/rsa_genkey.c
+++ b/polarssl/programs/pkey/rsa_genkey.c
@@ -0,0 +1,134 @@
+/*
+ *  Example RSA key generation program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <stdio.h>
+
+#include "polarssl/havege.h"
+#include "polarssl/bignum.h"
+#include "polarssl/x509.h"
+#include "polarssl/rsa.h"
+
+#define KEY_SIZE 1024
+#define EXPONENT 65537
+
+int main( void )
+{
+    int ret;
+    rsa_context rsa;
+    havege_state hs;
+    FILE *fpub  = NULL;
+    FILE *fpriv = NULL;
+
+    printf( "\n  . Seeding the random number generator..." );
+    fflush( stdout );
+
+    havege_init( &hs );
+
+    printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
+    fflush( stdout );
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+    
+    if( ( ret = rsa_gen_key( &rsa, havege_rand, &hs, KEY_SIZE, EXPONENT ) ) != 0 )
+    {
+        printf( " failed\n  ! rsa_gen_key returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n  . Exporting the public  key in rsa_pub.txt...." );
+    fflush( stdout );
+
+    if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
+    {
+        printf( " failed\n  ! could not open rsa_pub.txt for writing\n\n" );
+        ret = 1;
+        goto exit;
+    }
+
+    if( ( ret = mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 ||
+        ( ret = mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_write_file returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n  . Exporting the private key in rsa_priv.txt..." );
+    fflush( stdout );
+
+    if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
+    {
+        printf( " failed\n  ! could not open rsa_priv.txt for writing\n" );
+        ret = 1;
+        goto exit;
+    }
+
+    if( ( ret = mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 ||
+        ( ret = mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_write_file returned %d\n\n", ret );
+        goto exit;
+    }
+/*
+    printf( " ok\n  . Generating the certificate..." );
+
+    x509write_init_raw( &cert );
+    x509write_add_pubkey( &cert, &rsa );
+    x509write_add_subject( &cert, "CN='localhost'" );
+    x509write_add_validity( &cert, "2007-09-06 17:00:32",
+                                   "2010-09-06 17:00:32" );
+    x509write_create_selfsign( &cert, &rsa );
+    x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
+    x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
+    x509write_free_raw( &cert );
+*/
+    printf( " ok\n\n" );
+
+exit:
+
+    if( fpub  != NULL )
+        fclose( fpub );
+
+    if( fpriv != NULL )
+        fclose( fpriv );
+
+    rsa_free( &rsa );
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/pkey/rsa_priv.txt
+++ b/polarssl/programs/pkey/rsa_priv.txt
@@ -0,0 +1,8 @@
+N = 807E3526556FADF8D4CA64074ADA36862646D5ECB24E363821306588722AF2B58058CFB88E8C0BEA5C7084F3055D232F110E59C8837A0D132A4B907E91DB4A4924134A85E7445935E55A772C0B72E12C94501D9DF66B71BA030F842531721AEF43AE48F9505BF7504CDEEA3CAA6F94530835648D770AE2E6C628DD484D10AA57
+E = 010001
+D = 56B3D2AD612D10993D0CAC5E7755B340E6071A46B3322F47C4AD6175A683F06E2482C8F761C88229CBE268F38B0503BEB8A59453C6D3CE8AC6196310E4DEB1CA939DF7F7EE26C4697EEDD1E5122795BFC83861DE2E3EC9E3E84F42B3A9DD25EB09B30FDDFFACCE5091493BC5577530CE9CD9C8BA244EC5FD3DF91BCECFD73961
+P = F8DAD6A5651CED9011D979A076D70C4FBD095AAE2E53EF51415832C63AD61618F0BB369F29D1363345FE481FE6C28F0830FE33A1C41F8743A4E02DD682A2E099
+Q = 842EABF3171F972DE7D6B571B70F969F8F1C305851785BB042CDAE3B794014659A744EA7D16D881B7168463CEEAF52BA0F78755BBE89CFE1361076CE3E20886F
+DP = B1C694047FE1548CD1538D21E703E595A933DF86032E8F0E7B21E8D3D8004CB4F074ADA6B296F4A35863395F20D8E8992F76C9A7CC95C169BF852EF9C9455631
+DQ = 143C54E49D289FEB4E2FC78D461A23D3FF83B03F0511E8EF7DFAA0EEC7EC3073318716B7884F3D63FE239985208144A7E950669F09F76D14AC432EFCF9F3DF0F
+QP = C2F98F412476BDA2B14F5882D929090C62BB24ED74E8B78A3BE287EABDB3FADC445D041F1DE04EBE2D39A8913DAF03C23FF632D1B3FB6CCBDD65B2A576F127F5
--- a/polarssl/programs/pkey/rsa_pub.txt
+++ b/polarssl/programs/pkey/rsa_pub.txt
@@ -0,0 +1,2 @@
+N = 807E3526556FADF8D4CA64074ADA36862646D5ECB24E363821306588722AF2B58058CFB88E8C0BEA5C7084F3055D232F110E59C8837A0D132A4B907E91DB4A4924134A85E7445935E55A772C0B72E12C94501D9DF66B71BA030F842531721AEF43AE48F9505BF7504CDEEA3CAA6F94530835648D770AE2E6C628DD484D10AA57
+E = 010001
--- a/polarssl/programs/pkey/rsa_sign.c
+++ b/polarssl/programs/pkey/rsa_sign.c
@@ -0,0 +1,135 @@
+/*
+ *  RSA/SHA-1 signature creation program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/rsa.h"
+#include "polarssl/sha1.h"
+
+int main( int argc, char *argv[] )
+{
+    FILE *f;
+    int ret, i;
+    rsa_context rsa;
+    unsigned char hash[20];
+    unsigned char buf[512];
+
+    ret = 1;
+
+    if( argc != 2 )
+    {
+        printf( "usage: rsa_sign <filename>\n" );
+
+#ifdef WIN32
+        printf( "\n" );
+#endif
+
+        goto exit;
+    }
+
+    printf( "\n  . Reading private key from rsa_priv.txt" );
+    fflush( stdout );
+
+    if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
+    {
+        ret = 1;
+        printf( " failed\n  ! Could not open rsa_priv.txt\n" \
+                "  ! Please run rsa_genkey first\n\n" );
+        goto exit;
+    }
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+    
+    if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_read_file returned %d\n\n", ret );
+        goto exit;
+    }
+
+    rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
+
+    fclose( f );
+
+    /*
+     * Compute the SHA-1 hash of the input file,
+     * then calculate the RSA signature of the hash.
+     */
+    printf( "\n  . Generating the RSA/SHA-1 signature" );
+    fflush( stdout );
+
+    if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
+    {
+        printf( " failed\n  ! Could not open or read %s\n\n", argv[1] );
+        goto exit;
+    }
+
+    if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1,
+                                20, hash, buf ) ) != 0 )
+    {
+        printf( " failed\n  ! rsa_pkcs1_sign returned %d\n\n", ret );
+        goto exit;
+    }
+
+    /*
+     * Write the signature into <filename>-sig.txt
+     */
+    memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
+
+    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+    {
+        ret = 1;
+        printf( " failed\n  ! Could not create %s\n\n", argv[1] );
+        goto exit;
+    }
+
+    for( i = 0; i < rsa.len; i++ )
+        fprintf( f, "%02X%s", buf[i],
+                 ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+
+    fclose( f );
+
+    printf( "\n  . Done (created \"%s\")\n\n", argv[1] );
+
+exit:
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/pkey/rsa_verify.c
+++ b/polarssl/programs/pkey/rsa_verify.c
@@ -0,0 +1,138 @@
+/*
+ *  RSA/SHA-1 signature verification program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/rsa.h"
+#include "polarssl/sha1.h"
+
+int main( int argc, char *argv[] )
+{
+    FILE *f;
+    int ret, i, c;
+    rsa_context rsa;
+    unsigned char hash[20];
+    unsigned char buf[512];
+
+    ret = 1;
+    if( argc != 2 )
+    {
+        printf( "usage: rsa_verify <filename>\n" );
+
+#ifdef WIN32
+        printf( "\n" );
+#endif
+
+        goto exit;
+    }
+
+    printf( "\n  . Reading public key from rsa_pub.txt" );
+    fflush( stdout );
+
+    if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
+    {
+        printf( " failed\n  ! Could not open rsa_pub.txt\n" \
+                "  ! Please run rsa_genkey first\n\n" );
+        goto exit;
+    }
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+
+    if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+        ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+    {
+        printf( " failed\n  ! mpi_read_file returned %d\n\n", ret );
+        goto exit;
+    }
+
+    rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
+
+    fclose( f );
+
+    /*
+     * Extract the RSA signature from the text file
+     */
+    ret = 1;
+    i = strlen( argv[1] );
+    memcpy( argv[1] + i, ".sig", 5 );
+
+    if( ( f = fopen( argv[1], "rb" ) ) == NULL )
+    {
+        printf( "\n  ! Could not open %s\n\n", argv[1] );
+        goto exit;
+    }
+
+    argv[1][i] = '\0', i = 0;
+
+    while( fscanf( f, "%02X", &c ) > 0 &&
+           i < (int) sizeof( buf ) )
+        buf[i++] = (unsigned char) c;
+
+    fclose( f );
+
+    if( i != rsa.len )
+    {
+        printf( "\n  ! Invalid RSA signature format\n\n" );
+        goto exit;
+    }
+
+    /*
+     * Compute the SHA-1 hash of the input file and compare
+     * it with the hash decrypted from the RSA signature.
+     */
+    printf( "\n  . Verifying the RSA/SHA-1 signature" );
+    fflush( stdout );
+
+    if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
+    {
+        printf( " failed\n  ! Could not open or read %s\n\n", argv[1] );
+        goto exit;
+    }
+
+    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+                                  20, hash, buf ) ) != 0 )
+    {
+        printf( " failed\n  ! rsa_pkcs1_verify returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( "\n  . OK (the decrypted SHA-1 hash matches)\n\n" );
+
+    ret = 0;
+
+exit:
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/ssl/CA-HOWTO.txt
+++ b/polarssl/programs/ssl/CA-HOWTO.txt
@@ -0,0 +1,144 @@
+
+
+
+                How to setup your own Certificate Authority
+                ===========================================
+
+
+Note: this howto requires the openssl binary, as well as classic
+UNIX tools (cat, touch, echo). If you use Windows, please consider
+installing Cygwin -- see http://cygwin.com/
+
+
+    1. Configure OpenSSL
+    --------------------
+
+First of all, create sslconf.txt in the current directory
+(a basic example is provided at the end of this file).
+
+cat > sslconf.txt <<"EOF"
+[paste contents here]
+EOF
+
+Then you need to create the database and a starting serial number:
+
+touch index
+echo "01" > serial
+mkdir newcerts
+
+
+    2. Generate the CA certificate
+    ------------------------------
+
+openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
+            -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
+
+
+    3. Generate the private keys and certificate requests
+    -----------------------------------------------------
+
+openssl genrsa -out server1.key 2048
+openssl genrsa -out server2.key 2048
+openssl genrsa -out client1.key 2048
+openssl genrsa -out client2.key 2048
+
+openssl req -config sslconf.txt -new -key server1.key -out server1.req
+openssl req -config sslconf.txt -new -key server2.key -out server2.req
+openssl req -config sslconf.txt -new -key client1.key -out client1.req
+openssl req -config sslconf.txt -new -key client2.key -out client2.req
+
+
+    4. Issue and sign the certificates
+    ----------------------------------
+
+openssl ca -config sslconf.txt -in server1.req -out server1.crt
+openssl ca -config sslconf.txt -in server2.req -out server2.crt
+openssl ca -config sslconf.txt -in client1.req -out client1.crt
+openssl ca -config sslconf.txt -in client2.req -out client2.crt
+
+
+    5. To revoke a certificate and update the CRL
+    ---------------------------------------------
+
+openssl ca -config sslconf.txt -revoke server1.crt
+openssl ca -config sslconf.txt -revoke client1.crt
+openssl ca -config sslconf.txt -gencrl -out crl.pem
+
+
+    6. To display a certificate and verify its validity
+    ---------------------------------------------------
+
+openssl x509 -in server2.crt -text -noout
+cat test-ca.crt crl.pem > ca_crl.pem
+openssl verify -CAfile ca_crl.pem -crl_check server2.crt
+rm ca_crl.pem
+
+
+    7. To export a certificate into a .pfx file
+    -------------------------------------------
+
+openssl pkcs12 -export -in client2.crt -inkey client2.key \
+                      -out client2.pfx
+
+
+##================================================================
+##============== Example OpenSSL configuration file ==============
+##================================================================
+
+#  References:
+#
+#  /etc/ssl/openssl.conf
+#  http://www.openssl.org/docs/apps/config.html
+#  http://www.openssl.org/docs/apps/x509v3_config.html
+
+[ ca ]
+default_ca              = my_ca
+
+[ my_ca ]
+certificate             = test-ca.crt
+private_key             = test-ca.key
+database                = index
+serial                  = serial
+
+new_certs_dir           = newcerts
+default_crl_days        = 60
+default_days            = 730
+default_md              = sha1
+policy                  = my_policy
+x509_extensions         = v3_usr
+
+[ my_policy ]
+countryName             = optional
+stateOrProvinceName     = optional
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+distinguished_name      = my_req_dn
+x509_extensions         = v3_ca
+
+[ my_req_dn ]
+countryName             = Country Name..............
+countryName_min         = 2
+countryName_max         = 2
+stateOrProvinceName     = State or Province Name....
+localityName            = Locality Name.............
+0.organizationName      = Organization Name.........
+organizationalUnitName  = Org. Unit Name............
+commonName              = Common Name (required)....
+commonName_max          = 64
+emailAddress            = Email Address.............
+emailAddress_max        = 64
+
+[ v3_ca ]
+basicConstraints        = CA:TRUE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+
+[ v3_usr ]
+basicConstraints        = CA:FALSE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+
--- a/polarssl/programs/ssl/CMakeLists.txt
+++ b/polarssl/programs/ssl/CMakeLists.txt
@@ -0,0 +1,8 @@
+add_executable(ssl_client1 ssl_client1.c)
+target_link_libraries(ssl_client1 polarssl)
+
+add_executable(ssl_client2 ssl_client2.c)
+target_link_libraries(ssl_client2 polarssl)
+
+add_executable(ssl_server ssl_server.c)
+target_link_libraries(ssl_server polarssl)
--- a/polarssl/programs/ssl/ssl_client1.c
+++ b/polarssl/programs/ssl/ssl_client1.c
@@ -0,0 +1,171 @@
+/*
+ *  SSL client demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/havege.h"
+
+#define SERVER_PORT 4433
+#define SERVER_NAME "localhost"
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+#define DEBUG_LEVEL 1
+
+void my_debug( void *ctx, int level, const char *str )
+{
+    if( level < DEBUG_LEVEL )
+    {
+        fprintf( (FILE *) ctx, "%s", str );
+        fflush(  (FILE *) ctx  );
+    }
+}
+
+int main( void )
+{
+    int ret, len, server_fd;
+    unsigned char buf[1024];
+    havege_state hs;
+    ssl_context ssl;
+    ssl_session ssn;
+
+    /*
+     * 0. Initialize the RNG and the session data
+     */
+    havege_init( &hs );
+    memset( &ssn, 0, sizeof( ssl_session ) );
+
+    /*
+     * 1. Start the connection
+     */
+    printf( "\n  . Connecting to tcp/%s/%4d...", SERVER_NAME,
+                                                 SERVER_PORT );
+    fflush( stdout );
+
+    if( ( ret = net_connect( &server_fd, SERVER_NAME,
+                                         SERVER_PORT ) ) != 0 )
+    {
+        printf( " failed\n  ! net_connect returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 2. Setup stuff
+     */
+    printf( "  . Setting up the SSL/TLS structure..." );
+    fflush( stdout );
+
+    if( ( ret = ssl_init( &ssl ) ) != 0 )
+    {
+        printf( " failed\n  ! ssl_init returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+    ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+
+    ssl_set_rng( &ssl, havege_rand, &hs );
+    ssl_set_dbg( &ssl, my_debug, stdout );
+    ssl_set_bio( &ssl, net_recv, &server_fd,
+                       net_send, &server_fd );
+
+    ssl_set_ciphers( &ssl, ssl_default_ciphers );
+    ssl_set_session( &ssl, 1, 600, &ssn );
+
+    /*
+     * 3. Write the GET request
+     */
+    printf( "  > Write to server:" );
+    fflush( stdout );
+
+    len = sprintf( (char *) buf, GET_REQUEST );
+
+    while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
+        {
+            printf( " failed\n  ! ssl_write returned %d\n\n", ret );
+            goto exit;
+        }
+    }
+
+    len = ret;
+    printf( " %d bytes written\n\n%s", len, (char *) buf );
+
+    /*
+     * 7. Read the HTTP response
+     */
+    printf( "  < Read from server:" );
+    fflush( stdout );
+
+    do
+    {
+        len = sizeof( buf ) - 1;
+        memset( buf, 0, sizeof( buf ) );
+        ret = ssl_read( &ssl, buf, len );
+
+        if( ret == POLARSSL_ERR_NET_TRY_AGAIN )
+            continue;
+
+        if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
+            break;
+
+        if( ret <= 0 )
+        {
+            printf( "failed\n  ! ssl_read returned %d\n\n", ret );
+            break;
+        }
+
+        len = ret;
+        printf( " %d bytes read\n\n%s", len, (char *) buf );
+    }
+    while( 0 );
+
+    ssl_close_notify( &ssl );
+
+exit:
+
+    net_close( server_fd );
+    ssl_free( &ssl );
+
+    memset( &ssl, 0, sizeof( ssl ) );
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/ssl/ssl_client2.c
+++ b/polarssl/programs/ssl/ssl_client2.c
@@ -0,0 +1,374 @@
+/*
+ *  SSL client with certificate authentication
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/havege.h"
+#include "polarssl/certs.h"
+#include "polarssl/x509.h"
+
+#define DFL_SERVER_NAME         "localhost"
+#define DFL_SERVER_PORT         4433
+#define DFL_REQUEST_PAGE        "/"
+#define DFL_DEBUG_LEVEL         0
+#define DFL_CRT_FILE            ""
+#define DFL_KEY_FILE            ""
+
+#define GET_REQUEST "GET %s HTTP/1.0\r\n\r\n"
+
+/*
+ * global options
+ */
+struct options
+{
+    char *server_name;          /* hostname of the server (client only)     */
+    int server_port;            /* port on which the ssl service runs       */
+    int debug_level;            /* level of debugging                       */
+    char *request_page;         /* page on server to request                */
+    char *crt_file;             /* the file with the client certificate     */
+    char *key_file;             /* the file with the client key             */
+} opt;
+
+void my_debug( void *ctx, int level, const char *str )
+{
+    if( level < opt.debug_level )
+    {
+        fprintf( (FILE *) ctx, "%s", str );
+        fflush(  (FILE *) ctx  );
+    }
+}
+
+#define USAGE \
+    "\n usage: ssl_client2 param=<>...\n"                   \
+    "\n acceptable parameters:\n"                           \
+    "    server_name=%%s      default: localhost\n"         \
+    "    server_port=%%d      default: 4433\n"              \
+    "    debug_level=%%d      default: 0 (disabled)\n"      \
+    "    request_page=%%s     default: \".\"\n"             \
+    "    crt_file=%%s         default: \"\" (pre-loaded)\n" \
+    "    key_file=%%s         default: \"\" (pre-loaded)\n" \
+    "\n"
+
+int main( int argc, char *argv[] )
+{
+    int ret = 0, len, server_fd;
+    unsigned char buf[1024];
+    havege_state hs;
+    ssl_context ssl;
+    ssl_session ssn;
+    x509_cert cacert;
+    x509_cert clicert;
+    rsa_context rsa;
+    int i, j, n;
+    char *p, *q;
+
+    if( argc == 0 )
+    {
+    usage:
+        printf( USAGE );
+        goto exit;
+    }
+
+    opt.server_name         = DFL_SERVER_NAME;
+    opt.server_port         = DFL_SERVER_PORT;
+    opt.debug_level         = DFL_DEBUG_LEVEL;
+    opt.request_page        = DFL_REQUEST_PAGE;
+    opt.crt_file            = DFL_CRT_FILE;
+    opt.key_file            = DFL_KEY_FILE;
+
+    for( i = 1; i < argc; i++ )
+    {
+        n = strlen( argv[i] );
+
+        for( j = 0; j < n; j++ )
+        {
+            if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+                argv[i][j] |= 0x20;
+        }
+
+        p = argv[i];
+        if( ( q = strchr( p, '=' ) ) == NULL )
+            goto usage;
+        *q++ = '\0';
+
+        if( strcmp( p, "server_name" ) == 0 )
+            opt.server_name = q;
+        else if( strcmp( p, "server_port" ) == 0 )
+        {
+            opt.server_port = atoi( q );
+            if( opt.server_port < 1 || opt.server_port > 65535 )
+                goto usage;
+        }
+        else if( strcmp( p, "debug_level" ) == 0 )
+        {
+            opt.debug_level = atoi( q );
+            if( opt.debug_level < 0 || opt.debug_level > 65535 )
+                goto usage;
+        }
+        else if( strcmp( p, "request_page" ) == 0 )
+            opt.request_page = q;
+        else if( strcmp( p, "crt_file" ) == 0 )
+            opt.crt_file = q;
+        else if( strcmp( p, "key_file" ) == 0 )
+            opt.key_file = q;
+        else
+            goto usage;
+    }
+
+    /*
+     * 0. Initialize the RNG and the session data
+     */
+    havege_init( &hs );
+    memset( &ssn, 0, sizeof( ssl_session ) );
+
+    /*
+     * 1.1. Load the trusted CA
+     */
+    printf( "\n  . Loading the CA root certificate ..." );
+    fflush( stdout );
+
+    memset( &cacert, 0, sizeof( x509_cert ) );
+
+    /*
+     * Alternatively, you may load the CA certificates from a .pem or
+     * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
+     */
+    ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
+                         strlen( test_ca_crt ) );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_crt returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 1.2. Load own certificate and private key
+     *
+     * (can be skipped if client authentication is not required)
+     */
+    printf( "  . Loading the client cert. and key..." );
+    fflush( stdout );
+
+    memset( &clicert, 0, sizeof( x509_cert ) );
+
+    if( strlen( opt.crt_file ) )
+        ret = x509parse_crtfile( &clicert, opt.crt_file );
+    else 
+        ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
+                strlen( test_cli_crt ) );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_crt returned %d\n\n", ret );
+        goto exit;
+    }
+
+    if( strlen( opt.key_file ) )
+        ret = x509parse_keyfile( &rsa, opt.key_file, "" );
+    else
+        ret = x509parse_key( &rsa, (unsigned char *) test_cli_key,
+                strlen( test_cli_key ), NULL, 0 );
+
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_key returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 2. Start the connection
+     */
+    printf( "  . Connecting to tcp/%s/%-4d...", opt.server_name,
+                                                opt.server_port );
+    fflush( stdout );
+
+    if( ( ret = net_connect( &server_fd, opt.server_name,
+                                         opt.server_port ) ) != 0 )
+    {
+        printf( " failed\n  ! net_connect returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 3. Setup stuff
+     */
+    printf( "  . Setting up the SSL/TLS structure..." );
+    fflush( stdout );
+
+    havege_init( &hs );
+
+    if( ( ret = ssl_init( &ssl ) ) != 0 )
+    {
+        printf( " failed\n  ! ssl_init returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+    ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
+
+    ssl_set_rng( &ssl, havege_rand, &hs );
+    ssl_set_dbg( &ssl, my_debug, stdout );
+    ssl_set_bio( &ssl, net_recv, &server_fd,
+                       net_send, &server_fd );
+
+    ssl_set_ciphers( &ssl, ssl_default_ciphers );
+    ssl_set_session( &ssl, 1, 600, &ssn );
+
+    ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
+    ssl_set_own_cert( &ssl, &clicert, &rsa );
+
+    ssl_set_hostname( &ssl, opt.server_name );
+
+    /*
+     * 4. Handshake
+     */
+    printf( "  . Performing the SSL/TLS handshake..." );
+    fflush( stdout );
+
+    while( ( ret = ssl_handshake( &ssl ) ) != 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
+        {
+            printf( " failed\n  ! ssl_handshake returned %d\n\n", ret );
+            goto exit;
+        }
+    }
+
+    printf( " ok\n    [ Cipher is %s ]\n",
+            ssl_get_cipher( &ssl ) );
+
+    /*
+     * 5. Verify the server certificate
+     */
+    printf( "  . Verifying peer X.509 certificate..." );
+
+    if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
+    {
+        printf( " failed\n" );
+
+        if( ( ret & BADCERT_EXPIRED ) != 0 )
+            printf( "  ! server certificate has expired\n" );
+
+        if( ( ret & BADCERT_REVOKED ) != 0 )
+            printf( "  ! server certificate has been revoked\n" );
+
+        if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
+            printf( "  ! CN mismatch (expected CN=%s)\n", opt.server_name );
+
+        if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
+            printf( "  ! self-signed or not signed by a trusted CA\n" );
+
+        printf( "\n" );
+    }
+    else
+        printf( " ok\n" );
+
+    printf( "  . Peer certificate information    ...\n" );
+    x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ", ssl.peer_cert );
+    printf( "%s\n", buf );
+
+    /*
+     * 6. Write the GET request
+     */
+    printf( "  > Write to server:" );
+    fflush( stdout );
+
+    len = sprintf( (char *) buf, GET_REQUEST, opt.request_page );
+
+    while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
+        {
+            printf( " failed\n  ! ssl_write returned %d\n\n", ret );
+            goto exit;
+        }
+    }
+
+    len = ret;
+    printf( " %d bytes written\n\n%s", len, (char *) buf );
+
+    /*
+     * 7. Read the HTTP response
+     */
+    printf( "  < Read from server:" );
+    fflush( stdout );
+
+    do
+    {
+        len = sizeof( buf ) - 1;
+        memset( buf, 0, sizeof( buf ) );
+        ret = ssl_read( &ssl, buf, len );
+
+        if( ret == POLARSSL_ERR_NET_TRY_AGAIN )
+            continue;
+
+        if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
+            break;
+
+        if( ret <= 0 )
+        {
+            printf( "failed\n  ! ssl_read returned %d\n\n", ret );
+            break;
+        }
+
+        len = ret;
+        printf( " %d bytes read\n\n%s", len, (char *) buf );
+    }
+    while( 0 );
+
+    ssl_close_notify( &ssl );
+
+exit:
+
+    net_close( server_fd );
+    x509_free( &clicert );
+    x509_free( &cacert );
+    rsa_free( &rsa );
+    ssl_free( &ssl );
+
+    memset( &ssl, 0, sizeof( ssl ) );
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/ssl/ssl_server.c
+++ b/polarssl/programs/ssl/ssl_server.c
@@ -0,0 +1,410 @@
+/*
+ *  SSL server demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#ifdef WIN32
+#include <windows.h>
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "polarssl/havege.h"
+#include "polarssl/certs.h"
+#include "polarssl/x509.h"
+#include "polarssl/ssl.h"
+#include "polarssl/net.h"
+
+#define HTTP_RESPONSE \
+    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+    "<h2>PolarSSL Test Server</h2>\r\n" \
+    "<p>Successful connection using: %s</p>\r\n"
+
+/*
+ * Computing a "safe" DH-1024 prime can take a very
+ * long time, so a precomputed value is provided below.
+ * You may run dh_genprime to generate a new value.
+ */
+char *my_dhm_P = 
+    "E4004C1F94182000103D883A448B3F80" \
+    "2CE4B44A83301270002C20D0321CFD00" \
+    "11CCEF784C26A400F43DFB901BCA7538" \
+    "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
+    "F6AC8E1DA6BCC3B4E1F96B0564965300" \
+    "FFA1D0B601EB2800F489AA512C4B248C" \
+    "01F76949A60BB7F00A40B1EAB64BDD48" \
+    "E8A700D60B7F1200FA8E77B0A979DABF";
+
+char *my_dhm_G = "4";
+
+/*
+ * Sorted by order of preference
+ */
+int my_ciphers[] =
+{
+    SSL_EDH_RSA_AES_256_SHA,
+    SSL_EDH_RSA_CAMELLIA_256_SHA,
+    SSL_EDH_RSA_AES_128_SHA,
+    SSL_EDH_RSA_CAMELLIA_128_SHA,
+    SSL_EDH_RSA_DES_168_SHA,
+    SSL_RSA_AES_256_SHA,
+    SSL_RSA_CAMELLIA_256_SHA,
+    SSL_RSA_AES_128_SHA,
+    SSL_RSA_CAMELLIA_128_SHA,
+    SSL_RSA_DES_168_SHA,
+    SSL_RSA_RC4_128_SHA,
+    SSL_RSA_RC4_128_MD5,
+    0
+};
+
+#define DEBUG_LEVEL 0
+
+void my_debug( void *ctx, int level, const char *str )
+{
+    if( level < DEBUG_LEVEL )
+    {
+        fprintf( (FILE *) ctx, "%s", str );
+        fflush(  (FILE *) ctx  );
+    }
+}
+
+/*
+ * These session callbacks use a simple chained list
+ * to store and retrieve the session information.
+ */
+ssl_session *s_list_1st = NULL;
+ssl_session *cur, *prv;
+
+static int my_get_session( ssl_context *ssl )
+{
+    time_t t = time( NULL );
+
+    if( ssl->resume == 0 )
+        return( 1 );
+
+    cur = s_list_1st;
+    prv = NULL;
+
+    while( cur != NULL )
+    {
+        prv = cur;
+        cur = cur->next;
+
+        if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
+            continue;
+
+        if( ssl->session->cipher != prv->cipher ||
+            ssl->session->length != prv->length )
+            continue;
+
+        if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
+            continue;
+
+        memcpy( ssl->session->master, prv->master, 48 );
+        return( 0 );
+    }
+
+    return( 1 );
+}
+
+static int my_set_session( ssl_context *ssl )
+{
+    time_t t = time( NULL );
+
+    cur = s_list_1st;
+    prv = NULL;
+
+    while( cur != NULL )
+    {
+        if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
+            break; /* expired, reuse this slot */
+
+        if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
+            break; /* client reconnected */
+
+        prv = cur;
+        cur = cur->next;
+    }
+
+    if( cur == NULL )
+    {
+        cur = (ssl_session *) malloc( sizeof( ssl_session ) );
+        if( cur == NULL )
+            return( 1 );
+
+        if( prv == NULL )
+              s_list_1st = cur;
+        else  prv->next  = cur;
+    }
+
+    memcpy( cur, ssl->session, sizeof( ssl_session ) );
+
+    return( 0 );
+}
+
+int main( void )
+{
+    int ret, len;
+    int listen_fd;
+    int client_fd;
+    unsigned char buf[1024];
+
+    havege_state hs;
+    ssl_context ssl;
+    ssl_session ssn;
+    x509_cert srvcert;
+    rsa_context rsa;
+
+    /*
+     * 1. Load the certificates and private RSA key
+     */
+    printf( "\n  . Loading the server cert. and key..." );
+    fflush( stdout );
+
+    memset( &srvcert, 0, sizeof( x509_cert ) );
+
+    /*
+     * This demonstration program uses embedded test certificates.
+     * Instead, you may want to use x509parse_crtfile() to read the
+     * server and CA certificates, as well as x509parse_keyfile().
+     */
+    ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
+                         strlen( test_srv_crt ) );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_crt returned %d\n\n", ret );
+        goto exit;
+    }
+
+    ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
+                         strlen( test_ca_crt ) );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_crt returned %d\n\n", ret );
+        goto exit;
+    }
+
+    ret =  x509parse_key( &rsa, (unsigned char *) test_srv_key,
+                          strlen( test_srv_key ), NULL, 0 );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_key returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 2. Setup the listening TCP socket
+     */
+    printf( "  . Bind on https://localhost:4433/ ..." );
+    fflush( stdout );
+
+    if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
+    {
+        printf( " failed\n  ! net_bind returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 3. Wait until a client connects
+     */
+#ifdef WIN32
+    ShellExecute( NULL, "open", "https://localhost:4433/",
+                  NULL, NULL, SW_SHOWNORMAL );
+#endif
+
+    client_fd = -1;
+    memset( &ssl, 0, sizeof( ssl ) );
+
+accept:
+
+    net_close( client_fd );
+    ssl_free( &ssl );
+
+    printf( "  . Waiting for a remote connection ..." );
+    fflush( stdout );
+
+    if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
+    {
+        printf( " failed\n  ! net_accept returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 4. Setup stuff
+     */
+    printf( "  . Setting up the RNG and SSL data...." );
+    fflush( stdout );
+
+    havege_init( &hs );
+
+    if( ( ret = ssl_init( &ssl ) ) != 0 )
+    {
+        printf( " failed\n  ! ssl_init returned %d\n\n", ret );
+        goto accept;
+    }
+
+    printf( " ok\n" );
+
+    ssl_set_endpoint( &ssl, SSL_IS_SERVER );
+    ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+
+    ssl_set_rng( &ssl, havege_rand, &hs );
+    ssl_set_dbg( &ssl, my_debug, stdout );
+    ssl_set_bio( &ssl, net_recv, &client_fd,
+                       net_send, &client_fd );
+    ssl_set_scb( &ssl, my_get_session,
+                       my_set_session );
+
+    ssl_set_ciphers( &ssl, my_ciphers );
+    ssl_set_session( &ssl, 1, 0, &ssn );
+
+    memset( &ssn, 0, sizeof( ssl_session ) );
+
+    ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
+    ssl_set_own_cert( &ssl, &srvcert, &rsa );
+    ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
+
+    /*
+     * 5. Handshake
+     */
+    printf( "  . Performing the SSL/TLS handshake..." );
+    fflush( stdout );
+
+    while( ( ret = ssl_handshake( &ssl ) ) != 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
+        {
+            printf( " failed\n  ! ssl_handshake returned %d\n\n", ret );
+            goto accept;
+        }
+    }
+
+    printf( " ok\n" );
+
+    /*
+     * 6. Read the HTTP Request
+     */
+    printf( "  < Read from client:" );
+    fflush( stdout );
+
+    do
+    {
+        len = sizeof( buf ) - 1;
+        memset( buf, 0, sizeof( buf ) );
+        ret = ssl_read( &ssl, buf, len );
+
+        if( ret == POLARSSL_ERR_NET_TRY_AGAIN )
+            continue;
+
+        if( ret <= 0 )
+        {
+            switch( ret )
+            {
+                case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
+                    printf( " connection was closed gracefully\n" );
+                    break;
+
+                case POLARSSL_ERR_NET_CONN_RESET:
+                    printf( " connection was reset by peer\n" );
+                    break;
+
+                default:
+                    printf( " ssl_read returned %d\n", ret );
+                    break;
+            }
+
+            break;
+        }
+
+        len = ret;
+        printf( " %d bytes read\n\n%s", len, (char *) buf );
+    }
+    while( 0 );
+
+    /*
+     * 7. Write the 200 Response
+     */
+    printf( "  > Write to client:" );
+    fflush( stdout );
+
+    len = sprintf( (char *) buf, HTTP_RESPONSE,
+                   ssl_get_cipher( &ssl ) );
+
+    while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
+    {
+        if( ret == POLARSSL_ERR_NET_CONN_RESET )
+        {
+            printf( " failed\n  ! peer closed the connection\n\n" );
+            goto accept;
+        }
+
+        if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
+        {
+            printf( " failed\n  ! ssl_write returned %d\n\n", ret );
+            goto exit;
+        }
+    }
+
+    len = ret;
+    printf( " %d bytes written\n\n%s\n", len, (char *) buf );
+
+    ssl_close_notify( &ssl );
+    goto accept;
+
+exit:
+
+    net_close( client_fd );
+    x509_free( &srvcert );
+    rsa_free( &rsa );
+    ssl_free( &ssl );
+
+    cur = s_list_1st;
+    while( cur != NULL )
+    {
+        prv = cur;
+        cur = cur->next;
+        memset( prv, 0, sizeof( ssl_session ) );
+        free( prv );
+    }
+
+    memset( &ssl, 0, sizeof( ssl_context ) );
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/ssl/test-ca/cert_digest.key
+++ b/polarssl/programs/ssl/test-ca/cert_digest.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz1BT9bAJhnguZRmOjCkHU
+QjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGDJ39LlZIuoNbGhJRLs+Sm
+zP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHzaCYOYnXplXiBSBy5lpTH9
+2XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ8apGTnR//h2wkR+JSoTL
+33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1yleCiBkGMYeRQV3SWsSm1
+oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQABAoIBAAbw6iTJrYFuAyr7
+AzbzVDdnFAlWeN2Ah/mnHZMRhJUOwW6qYtpvqGsTIqERu4uJWgBiWG7fHPXd342L
+pUw7C0rsAf821o8hWa3u/V9/RqWZ08VpucUPa3MlGO3XDjlqWmmOI6RwiKbZAaaI
+m+eX40PwzjyHK41PRDn7SUUtuciWJA8zz7f6mYqt3abRoaVpqEAs4OfreKvn60lN
+SUgwrCVTVot7c+l+8QaXcvlH600um8Y/avLUbktxZMsSY47i0NIYmBGZahfvHLsE
+MmJwlkTInSXPHvKjAoCA4Ny7QWLsx6+xdcig3ZjvFeHaus48hR9dohV1V488XtXP
+u3ROIxkCgYEA8LpsoSjFCLL+6nz9Ca156UHD0oGUxVkxPH6ieHMnTCOT1ljl4WD2
+pO26NxZI46eWkl48qNMvQujufRS6KUB59KfLK4Is7yYFLkacoxkRuiUT9r3sKhYs
+MXU6ObiOA25gYCeu/OuRBbS6B/h03CuhVdkjbir28bbRUKuoi2fdLWsCgYEA6gmg
+N2/e00G6YHdNIQRIcfoOvGKvZeEvwJCTwV1BxKKRNgCKMYUT6/50fJW7Nwo+Kfem
+4JCRz1/s9/N/F4pHo8DOHxRkQ+g55pi02S2kPJNYd4Mn1kxQ6s857PZkWCyyltD
+y+WRXN3N9ZrAto7+5Etwr2d3tb5zNotdKAYtoTUCgYBeoqs53/E1rkiQnnpLZ6tZ
+i8UT6GU4AAxfH9l3SK3WPNZNmb0lkRzlUZ+3MEePV77V474tEHiv8SpwecmFlhdb
+mutAO3i2u1emDZReeeiCKTlj8t343aaZ+t/c+TS7HJU+t9sPCvyEJbxMjdxDAdP3
+D9nh4XobJCe9cv5bb4V/6QKBgCLM1Z8Iqnh9UIphkv1y1pbkGObYQb6DcodOuDnL
+dSkZB0ChaesdH646wvV3ikQP6Nhys8i4QMS5F1EW2VlKYxDhMRhoG/TW/xURNtq6
+Ig+BiBIiY3waViH6x26oppRgbZV7ZqRd+XR2otZ/cWJz9uDZeuMKHpnOvPECXhLC
+gGx1AoGAfYLKfsB9Im+x1+JwmRz1bMHV93XrQbt6OFt4MQhfcnZqebO7KT3E5/XF
+NgjWiQcwTXPKzDxKE2YVpm/WKjh1ewypZ0eJa3PjbPG6aLlVtXGyNauQhyzlUwbZ
+nmvjOi6uZv+U+hhvfsTcRIGMfwtohqSouG8wbz59ILXQoZNESaM=
+-----END RSA PRIVATE KEY-----
--- a/polarssl/programs/ssl/test-ca/cert_md2.crt
+++ b/polarssl/programs/ssl/test-ca/cert_md2.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: md2WithRSAEncryption
+        28:5a:dd:48:fb:ec:80:fe:de:b7:20:c0:4c:05:a9:4b:51:e9:
+        a7:d1:4b:5e:76:42:d2:5d:9a:14:19:3b:cb:f9:91:d7:0f:11:
+        c9:cd:dd:00:8b:2c:76:73:22:a0:19:49:81:63:40:30:48:27:
+        62:90:ca:b8:dc:33:35:b3:4b:58:ca:dc:07:66:87:2e:ea:44:
+        2a:6a:13:67:7a:32:5e:48:1d:88:88:c5:70:e6:e7:ec:1b:2f:
+        a7:f4:61:71:29:f6:66:93:30:60:7e:b3:4c:01:c8:2c:53:ce:
+        00:11:ec:bf:f6:f2:ce:51:97:d8:ed:ed:dc:c9:6b:b8:19:15:
+        c8:9a:61:6d:12:9a:99:25:d8:03:1d:a6:4c:20:a5:f8:46:a3:
+        05:32:bb:1a:8e:1a:65:0d:f3:13:35:1d:6f:73:28:31:12:d7:
+        c4:9e:73:a0:a7:ce:82:25:d1:40:e8:1b:77:60:f3:3e:81:7f:
+        19:ee:cf:97:4d:c8:c3:35:9b:72:98:3b:c3:35:43:14:0a:04:
+        21:7b:f7:db:e6:5f:ce:21:d1:ce:bf:b7:ef:c1:63:21:c2:78:
+        e1:37:aa:b1:e0:31:b3:b6:63:4c:fd:66:c8:e6:cf:f8:d9:97:
+        2f:cf:92:81:3f:d4:bf:ec:e2:ad:6e:39:c7:a6:a8:e0:32:b0:
+        2e:0d:e1:30
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
+1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
+J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
+CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
+8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
+leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQIFAAOC
+AQEAKFrdSPvsgP7etyDATAWpS1Hpp9FLXnZC0l2aFBk7y/mR1w8Ryc3dAIssdnMi
+oBlJgWNAMEgnYpDKuNwzNbNLWMrcB2aHLupEKmoTZ3oyXkgdiIjFcObn7Bsvp/Rh
+cSn2ZpMwYH6zTAHILFPOABHsv/byzlGX2O3t3MlruBkVyJphbRKamSXYAx2mTCCl
+EajBTK7Go4aZQ3zEzUdb3MoMRLXxJ5zoKfOgiXRQOgbd2DzPoF/Ge7Pl03IwzWb
+cpg7wzVDFAoEIXv32+ZfziHRzr+378FjIcJ44TeqseAxs7ZjTP1myObP+NmXL8+S
+gT/Uv+zirW45x6ao4DKwLg3hMA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_md4.crt
+++ b/polarssl/programs/ssl/test-ca/cert_md4.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+        Signature Algorithm: md4WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: md4WithRSAEncryption
+        3d:34:e7:aa:98:28:91:95:d4:df:be:66:4e:92:7f:25:f7:ce:
+        23:59:db:30:52:3f:67:a0:ab:06:18:be:32:ad:f9:d5:24:87:
+        90:c5:ac:42:a6:8f:2a:e3:b3:36:c4:9c:38:e4:2e:6a:64:26:
+        33:39:e0:46:4e:f5:09:a7:d2:cd:6a:16:30:49:80:81:4c:19:
+        43:2e:55:0d:b8:18:d6:db:8e:e0:3e:25:ca:a2:74:76:b7:1c:
+        97:13:db:21:83:50:38:eb:f7:36:d5:74:3d:fc:90:d8:7f:d6:
+        ad:2d:5d:ab:99:fc:45:41:c1:55:22:f7:57:c0:c5:24:a0:67:
+        a0:e8:03:f1:98:87:7a:be:d9:57:04:06:ba:57:29:ca:6e:33:
+        28:16:7d:fa:5c:2b:ae:40:78:01:6f:77:9f:54:94:fb:bb:73:
+        3f:f1:ca:81:4f:65:49:2c:1a:62:15:fe:0e:43:d3:81:10:b2:
+        b6:e9:92:f9:b8:be:cf:50:85:a4:65:af:ed:fa:58:6c:5c:90:
+        b1:ae:90:7a:a4:68:93:cf:85:6b:73:98:c0:a7:97:d7:03:59:
+        0c:97:33:1b:9d:5a:4a:9d:31:71:c3:e4:57:21:1e:9a:67:16:
+        89:ff:de:42:88:97:05:cf:ab:63:3b:a4:fc:7f:7b:4d:54:b7:
+        f5:bb:68:c4
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCjANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
+1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
+J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
+CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
+8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
+leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQMFAAOC
+AQEAPTTnqpgokZXU375mTpJ/JffOI1nbMFI/Z6CrBhi+Mq351SSHkMWsQqaPKuOz
+NsScOOQuamQmMzngRk71CafSzWoWMEmAgUwZQy5VDbgY1tuO4D4lyqJ0drcclxPb
+IYNQOOv3NtV0PfyQ2H/WrS1dq5n8RUHBVSL3V8DFJKBnoOgD8ZiHer7ZVwQGulcp
+ym4zKBZ9+lwrrkB4AW93n1SU+7tzP/HKgU9lSSwaYhX+DkPTgRCytumS+bi+z1CF
+pGWv7fpYbFyQsa6QeqRok8+Fa3OYwKeX1wNZDJczG51aSp0xccPkVyEemmcWif/e
+QoiXBc+rYzuk/H97TVS39btoxA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_md5.crt
+++ b/polarssl/programs/ssl/test-ca/cert_md5.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: md5WithRSAEncryption
+        7d:c7:ae:4b:1d:56:8c:c8:2a:40:13:24:91:38:b0:72:77:6a:
+        a3:fd:7e:0d:30:ca:96:7e:55:85:ff:fb:cd:a7:29:bd:a3:f8:
+        bc:df:e3:ee:f8:f0:5d:4b:91:0e:f6:e2:c5:9c:3f:74:26:d1:
+        d2:37:13:59:09:d6:39:43:ce:d7:67:70:92:c8:98:2b:5a:f5:
+        09:e1:ea:d9:43:f1:92:61:b8:43:74:d8:a9:f0:af:b6:df:11:
+        61:cd:8f:35:39:1f:d1:17:70:f9:2b:86:3e:df:4b:c6:81:0b:
+        f5:cc:de:62:dd:f7:7f:14:2a:1a:e7:98:3d:6e:db:1c:47:df:
+        8d:31:49:7b:78:b0:81:89:c8:b5:f5:e9:e4:9e:00:a5:20:70:
+        e5:32:56:e6:a7:be:68:ba:bf:d4:8e:8f:c8:42:31:30:b3:39:
+        fa:3e:9c:70:53:64:d6:96:af:f7:8a:e7:de:20:3a:f0:66:71:
+        98:ec:c0:f8:52:c9:07:be:29:0e:0d:6e:7e:4e:36:9c:bb:a1:
+        5a:ea:1e:6f:d9:8e:81:0c:58:88:1a:be:1b:01:14:ad:ad:4a:
+        58:7a:10:53:43:1b:6d:2d:17:44:94:ba:31:5d:09:4e:85:5c:
+        c7:f2:c2:53:a5:1d:58:dc:4e:de:3c:88:b3:13:5a:7f:5d:a5:
+        c6:e6:3a:f7
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCzANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
+1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
+J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
+CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
+8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
+leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQQFAAOC
+AQEAfceuSx1WjMgqQBMkkTiwcndqo/1+DTDKln5Vhf/7zacpvaP4vN/j7vjwXUuR
+DvbixZw/dCbR0jcTWQnWOUPO12dwksiYK1r1CeHq2UPxkmG4Q3TYqfCvtt8RYc2P
+NTkf0Rdw+SuGPt9LxoEL9czeYt33fxQqGueYPW7bHEffjTFJe3iwgYnItfXp5J4A
+pSBw5TJW5qe+aLq/1I6PyEIxMLM5+j6ccFNk1pav94rn3iA68GZxmOzA+FLJB74p
+Dg1ufk42nLuhWuoeb9mOgQxYiBq+GwEUra1KWHoQU0MbbS0XRJS6MV0JToVcx/LC
+U6UdWNxO3jyIsxNaf12lxuY69w==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_sha1.crt
+++ b/polarssl/programs/ssl/test-ca/cert_sha1.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        0b:3d:49:a6:2a:23:fa:f1:5d:dd:c0:7e:b4:a4:47:cb:78:a8:
+        58:62:e5:80:e2:50:19:41:0e:22:98:fc:51:40:f1:64:88:4c:
+        2f:90:f9:eb:5e:93:51:bc:53:31:df:86:07:b0:bb:43:57:4d:
+        dc:0e:4d:6a:67:90:57:e1:3f:3c:df:a9:f6:fb:02:c8:fc:88:
+        91:35:c9:6c:a1:dd:2d:4f:0e:36:e9:d2:6b:1d:9b:3e:e9:01:
+        bd:11:cd:e0:fa:c3:8f:8d:07:ae:e4:aa:a2:80:3d:ad:10:02:
+        d9:f2:e8:c5:37:3f:95:f9:fa:b0:c6:57:b7:ad:16:a6:c8:ec:
+        f8:d5:46:d4:26:53:5e:33:52:ff:aa:c0:b8:c2:3c:b5:cb:30:
+        d9:6c:6f:6e:68:c8:5c:61:62:28:51:72:3b:57:17:1d:05:8c:
+        d8:4f:63:f4:51:25:e4:4d:37:3c:2e:dc:5e:d9:c9:e2:b0:16:
+        f9:25:cb:02:65:28:4f:b7:b6:16:c0:d9:04:1c:0e:b6:70:79:
+        3b:a6:aa:42:ee:37:97:3c:11:26:39:7b:b9:be:29:0c:06:e6:
+        f7:05:9f:38:19:22:d5:6e:44:52:1b:24:c8:6f:1f:8c:bc:71:
+        c2:7a:c3:17:ac:58:fd:c6:2e:5c:1c:83:c9:bc:a3:c7:81:1a:
+        09:d5:0d:49
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA9MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGzAZBgNVBAMTElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwTdIHGEvZnXaFmcu3cebZYXDJY
+s9QU/WwCYZ4LmUZjowpB1EIzIebtQwdaHaI7ZCmoKsFmKABZ2AxJLTC3PYy7YGIx
+gyd/S5WSLqDWxoSUS7Pkpsz/MjrF7EzJJFi/szN3arUXiwIQKY6VqpFgF0NCh6h8
+2gmDmJ16ZV4gUgcuZaUx/dl0HgDJrp2BVosICvUenNyiXmzb/xGDFfTRJFebD+s1
+yfGqRk50f/4dsJEfiUqEy9914813gmIJ5Z9tKd4uJdhItiC+UZdMLSBlLSpQniRd
+cpXgogZBjGHkUFd0lrEptaGIN/FcnrKejoONcju1XP67EolyXKH52BgpsicCAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUt1HU5SDVRVT0xVEb4IK1YQWvm7Yw
+HwYDVR0jBBgwFoAUzyIxJ5HYwlT/HtrZ7orFiTKtDCEwDQYJKoZIhvcNAQEFBQAD
+ggEBAAs9SaYqI/rxXd3AfrSkR8t4qFhi5YDiUBlBDiKY/FFA8WSITC+Q+etek1G8
+UzHfhgewu0NXTdwOTWpnkFfhPzzfqfb7Asj8iJE1yWyh3S1PDjbp0msdmz7pAb0R
+zeD6w4+NB67kqqKAPa0QAtny6MU3P5X5+rDGV7etFqbI7PjVRtQmU14zUv+qwLjC
+PLXLMNlsb25oyFxhYihRcjtXFx0FjNhPY/RRJeRNNzwu3F7ZyeKwFvklywJlKE+3
+thbA2QQcDrZweTumqkLuN5c8ESY5e7m+KQwG5vcFnzgZItVuRFIbJMhvH4y8ccJ6
+wxesWP3GLlwcg8m8o8eBGgnVDUk=
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_sha224.crt
+++ b/polarssl/programs/ssl/test-ca/cert_sha224.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: sha224WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha224WithRSAEncryption
+        81:8e:2e:bb:77:a3:7c:53:02:9e:9c:d7:66:e3:f5:3f:a6:19:
+        ff:09:8c:7d:4b:10:5f:c3:bd:ad:fc:cc:5c:dc:92:ef:1e:c3:
+        74:70:a6:88:0d:4c:4d:2c:45:0b:76:90:b5:2f:13:93:ee:79:
+        ea:2a:91:f5:ab:6c:dc:5d:3d:f1:b8:3d:bb:d1:a8:40:3d:16:
+        11:97:50:59:39:41:54:9f:c3:a6:d9:81:36:6d:85:90:a1:fb:
+        c3:6b:3d:5f:24:95:c5:1e:e4:bc:bc:22:b6:9d:6b:60:c1:3a:
+        35:21:13:19:ff:82:0e:4f:e5:50:53:db:cc:51:1b:bc:4d:12:
+        ca:79:cc:cc:a0:6e:b5:9a:5a:25:c2:c6:e3:e2:fb:04:ba:d4:
+        0d:69:ce:d3:8c:60:54:d2:32:75:8a:4d:08:ee:b0:01:15:ef:
+        80:9a:ae:dd:e5:47:5a:a3:99:e8:eb:aa:38:51:6c:5a:94:6f:
+        7b:6c:c6:34:eb:66:5a:da:83:53:eb:32:6c:1e:8d:7e:20:09:
+        4c:9b:05:57:e8:27:71:84:53:5f:be:c3:e9:87:9f:8a:a0:41:
+        67:5e:c5:7e:a8:c4:31:31:aa:f4:4b:95:c7:eb:83:01:da:8a:
+        7f:0c:f3:07:b2:5f:8e:28:2e:85:a0:d8:ef:d8:35:6b:cd:42:
+        92:cc:44:0e
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBDTANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQ4F
+AAOCAQEAgY4uu3ejfFMCnpzXZuP1P6YZ/wmMfUsQX8O9rfzMXNyS7x7DdHCmiA1M
+TSxFC3aQtS8Tk+556iqR9ats3F098bg9u9GoQD0WEZdQWTlBVJ/DptmBNm2FkKH7
+w2s9XySVxR7kvLwitp1rYME6NSETGf+CDk/lUFPbzFEbvE0SynnMzKButZpaJcLG
+4+L7BLrUDWnO04xgVNIydYpNCO6wARXvgJqu3eVHWqOZ6OuqOFFsWpRve2zGNOtm
+WtqDU+sybB6NfiAJTJsFV+gncYRTX77D6YefiqBBZ17FfqjEMTGq9EuVx+uDAdqK
+fwzzB7JfjiguhaDY79g1a81CksxEDg==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_sha256.crt
+++ b/polarssl/programs/ssl/test-ca/cert_sha256.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14 (0xe)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha256WithRSAEncryption
+        0f:4c:70:2a:ad:b8:43:ea:97:3d:5d:d6:0a:d8:e1:42:b9:3d:
+        42:42:a1:dd:df:37:e3:0c:ab:40:aa:10:3c:f6:88:c1:e9:82:
+        ac:35:f6:f7:66:d1:ee:71:bd:b5:9f:48:dc:e2:09:8a:3e:0e:
+        1d:da:12:e4:f3:53:a1:a1:d9:b2:32:df:e2:83:5d:c8:df:fa:
+        1a:6c:f4:c0:94:cc:20:6b:2b:74:9e:c1:35:d7:2a:ea:99:f8:
+        31:50:e9:c1:5d:3b:14:d4:12:96:b2:06:a3:4d:0f:f5:a9:8f:
+        44:08:61:15:0a:92:bd:29:0b:8d:c1:87:0a:40:de:29:b8:4f:
+        92:e4:b8:fa:d3:ec:5f:55:5e:32:69:57:60:6b:6a:02:89:2a:
+        d4:8e:91:5e:fd:45:d0:21:07:92:d6:c0:9b:ed:d0:d1:07:b9:
+        84:65:01:47:ed:95:03:a5:67:66:30:83:21:87:bb:4c:08:1b:
+        79:97:ec:ad:f8:89:7f:01:29:07:6a:d4:58:c6:11:d4:bc:1d:
+        4f:03:3b:ef:11:a5:e7:8b:4b:29:b5:c5:7d:57:8a:6b:e5:11:
+        0a:39:aa:ef:bf:53:82:ea:34:24:42:84:11:91:ba:cb:71:7e:
+        fa:f7:d3:1e:2b:c4:14:10:0a:16:0a:b7:a5:e2:89:ca:79:dd:
+        d1:ad:d2:00
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQsF
+AAOCAQEAD0xwKq24Q+qXPV3WCtjhQrk9QkKh3d834wyrQKoQPPaIwemCrDX292bR
+7nG9tZ9I3OIJij4OHdoS5PNToaHZsjLf4oNdyN/6Gmz0wJTMIGsrdJ7BNdcq6pn4
+MVDpwV07FNQSlrIGo00P9amPRAhhFQqSvSkLjcGHCkDeKbhPkuS4+tPsX1VeMmlX
+YGtqAokq1I6RXv1F0CEHktbAm+3Q0Qe5hGUBR+2VA6VnZjCDIYe7TAgbeZfsrfiJ
+fwEpB2rUWMYR1LwdTwM77xGl54tLKbXFfVeKa+URCjmq779Tguo0JEKEEZG6y3F+
+vfTHivEFBAKFgq3peKJynnd0a3SAA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_sha384.crt
+++ b/polarssl/programs/ssl/test-ca/cert_sha384.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha384WithRSAEncryption
+        21:92:8d:39:05:a4:16:00:35:0b:de:ce:a8:17:9f:b8:a1:8b:
+        ad:5c:17:40:a8:5a:3b:c9:e5:5a:48:0d:e4:c3:6f:22:5a:eb:
+        19:85:10:a2:af:8f:71:e7:ca:a9:4f:be:01:3d:ba:8b:91:40:
+        25:f3:51:b6:d9:54:ae:4a:1d:2a:da:dd:9f:f8:70:07:31:35:
+        c0:ea:5e:ca:c5:76:38:08:f1:63:0d:8d:f7:96:3a:97:cb:a0:
+        f0:33:0f:2a:91:e4:13:30:73:68:74:92:e5:08:af:27:b8:14:
+        8e:b5:f6:a8:95:f2:52:c9:d1:bc:35:fa:97:ef:74:9e:dc:cc:
+        df:b3:d2:cd:8e:f1:fa:81:6d:b0:38:37:10:4a:1d:f7:ed:10:
+        33:da:e0:2f:ae:bb:a8:6a:02:f9:44:d7:46:a6:fb:89:b3:d7:
+        5b:dc:55:7d:a9:51:c5:f2:79:d8:60:b7:52:7c:9d:e5:13:ed:
+        98:1d:39:1b:fa:da:b9:70:53:51:22:22:03:1c:6e:f6:5d:88:
+        d8:a8:5e:95:8d:27:69:97:d5:a6:3f:ae:83:9b:02:e9:45:21:
+        e6:df:d5:84:ec:78:3a:e2:e7:a9:8a:e9:62:fa:fc:dc:94:86:
+        66:30:48:ea:dc:e2:5f:c0:52:d1:be:d0:03:c4:e3:7c:52:ce:
+        79:f1:26:84
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBDzANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQwF
+AAOCAQEAIZKNOQWkFgA1C97OqBefuKGLrVwXQKhaO8nlWkgN5MNvIlrrGYUQoq+P
+cefKqU++AT26i5FAJfNRttlUrkodKtrdn/hwBzE1wOpeysV2OAjxYw2N95Y6l8ug
+8DMPKpHkEzBzaHSS5QivJ7gUjrX2qJXyUsnRvDX6l+90ntzM37PSzY7x+oFtsDg3
+EEod9+0QM9rgL667qGoC+UTXRqb7ibPXW9xVfalRxfJ52GC3Unyd5RPtmB05G/ra
+uXBTUSIiAxxu9l2I2KhelY0naZfVpj+ug5sC6UUh5t/VhOx4OuLnqYrpYvr83JSG
+ZjBI6tziX8BS0b7QA8TjfFLOefEmhA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/cert_sha512.crt
+++ b/polarssl/programs/ssl/test-ca/cert_sha512.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:57:00 2009 GMT
+            Not After : Jul 12 10:57:00 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha512WithRSAEncryption
+        19:13:61:13:81:ff:a2:c4:cf:45:dc:4f:40:e5:ce:a6:78:fb:
+        ff:49:a2:f7:58:d5:36:c0:e4:78:2a:0c:68:97:21:62:76:5e:
+        7f:4c:11:aa:31:13:17:22:d9:26:93:14:5e:60:6a:48:dd:56:
+        d2:b5:5d:9b:9a:d8:e0:c4:4a:42:53:de:43:2b:3e:82:0c:b7:
+        dd:f7:c5:5c:89:63:28:a9:8d:96:40:3a:0b:5b:df:7d:1e:4d:
+        b2:84:d8:38:1b:80:b6:28:d0:48:d0:42:30:f1:31:ec:ed:2e:
+        a2:e3:9d:e2:88:3f:b9:27:8d:34:76:dd:a7:de:71:5e:05:da:
+        78:9b:2b:51:f4:d2:f5:81:a5:f8:d4:78:d8:42:ba:91:24:30:
+        67:18:3c:ba:03:4f:ac:98:2c:ee:15:50:25:33:be:bb:4f:64:
+        54:28:51:9a:d1:9b:b6:8e:5a:db:4c:3f:89:0c:c6:e7:d4:27:
+        e4:4a:8d:55:11:df:46:23:9e:8a:cb:79:f3:bb:f1:1b:c0:2c:
+        5f:bd:31:09:e6:f7:31:c8:9d:4c:7a:99:74:38:78:39:d5:c1:
+        e5:d0:48:f7:fd:00:a5:1b:c2:bb:e9:9a:a3:1f:3f:fd:47:eb:
+        78:ed:3e:59:bb:16:65:1c:62:e0:a2:78:b5:bd:50:79:b9:5d:
+        4f:79:a6:37
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBEDANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NzAwWhcNMTEwNzEyMTA1NzAwWjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQ0F
+AAOCAQEAGRNhE4H/osTPRdxPQOXOpnj7/0mi91jVNsDkeCoMaJchYnZef0wRqjET
+FyLZJpMUXmBqSN1W0rVdm5rY4MRKQlPeQys+ggy33ffFXIljKKmNlkA6C1vffR5N
+soTYOBuAtijQSNBCMPEx7O0uouOd4og/uSeNNHbdp95xXgXaeJsrUfTS9YGl+NR4
+2EK6kSQwZxg8ugNPrJgs7hVQJTO+u09kVChRmtGbto5a20w/iQzG59Qn5EqNVRHf
+RiOeist587vxG8AsX70xCeb3McidTHqZdDh4OdXB5dBI9/0ApRvCu+maox8//Ufr
+eO0+WbsWZRxi4KJ4tb1QebldT3mmNw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/client1.crt
+++ b/polarssl/programs/ssl/test-ca/client1.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:cc:e9:b3:06:08:93:8e:83:e4:e8:d0:35:a4:81:
+                    1d:a2:f0:f4:0a:33:46:dd:93:92:1b:da:51:5d:2e:
+                    62:5d:36:78:c4:72:22:86:08:f4:a6:51:3e:02:de:
+                    da:86:82:d4:65:2a:4e:2a:80:c7:dd:f8:ed:79:f8:
+                    17:39:79:4b:1a:c6:0d:e5:b0:9b:f5:cc:4e:76:64:
+                    2c:e6:47:ec:76:d6:cd:36:e0:f5:1b:24:36:21:a6:
+                    72:71:39:0f:7a:d8:af:90:e8:3f:5d:19:ab:d3:f2:
+                    1b:4a:fa:69:4b:7c:12:42:26:44:c3:46:27:6d:f7:
+                    e2:66:59:56:fa:ec:a8:e7:dd:76:d5:36:6e:13:a0:
+                    1f:9d:9e:29:ce:b5:bc:30:45:fb:d1:76:e0:3c:d4:
+                    7b:ce:7a:32:a6:0e:63:aa:63:44:57:91:41:e9:2f:
+                    c4:e8:5d:ad:d0:cf:1b:4b:8d:68:30:f2:7e:50:bc:
+                    86:c1:cd:6c:10:28:7c:a5:d7:c2:f8:90:ce:6d:f7:
+                    69:a6:25:50:a2:28:ad:57:75:82:23:ed:af:27:ea:
+                    32:1e:89:b0:9d:07:0c:6a:f9:98:14:8b:8c:6d:fb:
+                    15:83:7f:42:98:5f:4e:82:b0:1a:cc:c0:ce:6a:61:
+                    e0:a8:a6:e0:d5:ec:17:16:9d:ce:41:ef:27:e3:e4:
+                    8e:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                F3:A4:F7:F2:0C:11:57:C9:D8:29:46:80:72:CA:23:87:7E:EA:90:27
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        76:09:20:d6:88:9c:e7:ee:ae:bb:82:57:1e:ee:bf:bc:71:47:
+        79:04:49:84:5d:f3:99:3f:de:86:da:a4:0c:e4:47:63:9c:d8:
+        dd:2f:b8:d6:0f:4d:67:e7:04:c2:83:82:ce:6e:4c:ed:1a:1c:
+        70:27:b2:9b:da:7a:12:a1:1c:d3:dc:e4:ac:60:ae:21:71:f5:
+        dc:cc:01:c9:2f:c0:4c:51:fc:8e:c4:de:ac:c0:01:e0:82:b5:
+        80:f4:38:7d:21:ea:9c:92:46:cd:f6:1d:f9:60:3d:cb:0a:00:
+        88:6d:aa:5a:c1:08:50:d1:36:04:0a:ee:07:9a:6d:0d:ff:4d:
+        9e:af:97:d3:eb:88:5b:c8:0d:ed:0a:5c:6b:4b:b7:0b:ca:d5:
+        fd:9b:34:f4:be:d0:e0:6c:01:0d:6b:bc:41:f2:a3:13:05:0b:
+        cd:34:59:ba:15:7f:6e:a8:00:53:2a:d5:b7:3a:51:e5:cf:16:
+        04:66:ba:6b:73:4c:bd:4f:14:0f:64:30:00:7b:12:25:eb:73:
+        c5:2d:03:7c:37:91:3e:12:53:ad:a4:f4:fa:73:7b:b7:67:fa:
+        a5:9c:bd:2e:32:87:7b:8f:54:97:28:b8:5e:80:7d:6f:8a:47:
+        e1:f9:b9:61:ef:91:e6:74:54:af:e9:43:03:8f:8b:b6:f7:b5:
+        8d:24:5e:01
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOmzBgiTjoPk6NA1pIEdovD0CjNG
+3ZOSG9pRXS5iXTZ4xHIihgj0plE+At7ahoLUZSpOKoDH3fjtefgXOXlLGsYN5bCb
+9cxOdmQs5kfsdtbNNuD1GyQ2IaZycTkPetivkOg/XRmr0/IbSvppS3wSQiZEw0Yn
+bffiZllW+uyo59121TZuE6AfnZ4pzrW8MEX70XbgPNR7znoypg5jqmNEV5FB6S/E
+6F2t0M8bS41oMPJ+ULyGwc1sECh8pdfC+JDObfdppiVQoiitV3WCI+2vJ+oyHomw
+nQcMavmYFIuMbfsVg39CmF9OgrAazMDOamHgqKbg1ewXFp3OQe8n4+SO+wIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTzpPfyDBFXydgpRoByyiOHfuqQJzAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEAdgkg1oic5+6uu4JXHu6/vHFHeQRJhF3zmT/ehtqkDORHY5zY3S+41g9NZ+cE
+woOCzm5M7RoccCeym9p6EqEc09zkrGCuIXH13MwByS/ATFH8jsTerMAB4IK1gPQ4
+fSHqnJJGzfYd+WA9ywoAiG2qWsEIUNE2BAruB5ptDf9Nnq+X0+uIW8gN7Qpca0u3
+C8rV/Zs09L7Q4GwBDWu8QfKjEwULzTRZuhV/bqgAUyrVtzpR5c8WBGa6a3NMvU8U
+D2QwAHsSJetzxS0DfDeRPhJTraT0+nN7t2f6pZy9LjKHe49Ulyi4XoB9b4pH4fm5
+Ye+R5nRUr+lDA4+Ltve1jSReAQ==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/client1.key
+++ b/polarssl/programs/ssl/test-ca/client1.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzOmzBgiTjoPk6NA1pIEdovD0CjNG3ZOSG9pRXS5iXTZ4xHIi
+hgj0plE+At7ahoLUZSpOKoDH3fjtefgXOXlLGsYN5bCb9cxOdmQs5kfsdtbNNuD1
+GyQ2IaZycTkPetivkOg/XRmr0/IbSvppS3wSQiZEw0YnbffiZllW+uyo59121TZu
+E6AfnZ4pzrW8MEX70XbgPNR7znoypg5jqmNEV5FB6S/E6F2t0M8bS41oMPJ+ULyG
+wc1sECh8pdfC+JDObfdppiVQoiitV3WCI+2vJ+oyHomwnQcMavmYFIuMbfsVg39C
+mF9OgrAazMDOamHgqKbg1ewXFp3OQe8n4+SO+wIDAQABAoIBAEVCTB8i8PS/gbRr
+A2aJuYGkXWfBMxebVEwTu2J6VgbZbXJAfYi+KCq61PHVbxj9yVo0NV1KT8On6mRK
+RVdItujivjm/OseWeYKskzx2XOdB7PS6jj3RPHadMpswRRopeRXKWfhWv+wQLcdm
+4gYAdo9jLeSupo8VtLERS0Pej6xmZBrk/SKpFswXa7K4ddpHLN9Jzfo+4TRF/1n5
+wmjHhUzi9yhJcVbfV7/EqUItDnmpFauBul//Qx7syQCJ7yGVIc0aJ3ESvQl3qQvD
+inxcwiS+myRiilolFqiRf4Q4OCYfsoa1gSxz+Ohl9sv3PeDXKwvppG1Ch4FO3yH3
+idRxT4kCgYEA9Y6fsEEnStmPlRB7Ru9jJCtarlkBpM/dk1rS6cEtGe1XKqaZI9m5
+fmI8W5C3L5Q0c5FiqzOVIOT14x0SFrWewIQOnpJfH12ULJ3CuwXaDXWHKb1JBpj8
+Yt/stgwdDdqdbSWmVhbYW/eHH3iXz/SAgmr4x0WpbMDacqSegc6wrCUCgYEA1aCV
+GZy6qpGqbh4pWNN/lrpE9BgHRNesfpCM2EqFzehecuSZf+V6lZVUr/TTjjT9AzGi
+TGy+S9BTY04NNAcTty/dWHOvGaeL6PcJTW89LGAgcT+jB3VFvoAC9FexXuq9JV/Y
+q8OP+CT8W5aRAle6PL9pVOAY0e5qa92WaM6/1J8CgYEAvzw+0wY6sokyz/VQ/JJs
+VHvLGGLK6+7ScfLWtSMzm7CCJP4v34KtembI+MqAT3aNTr+X5xq59i8565D1SGhT
+ZTyzIf1+RTAcuI54XCyXf8na5L+8Qn4ceGhJshFHA0YROjKLExqhjyX7vp+tI1AY
+UPk8G/z9kGu09HmN1CwC3V0CgYEAyJ8NR0dcOpGgF9g1hljhqsD1vrLOKMXPFfFU
+hE/ARzahdI7g5S6yp8XdCX4IK7Xxos07GUDKmdJkbY9AcQrwZgoKemXyHEqv5zIQ
+x2rfbUw9S32y8m8c96GqpKOyTGxxA6d2iSCYlTbO1IibWDLhEOnF1tK6HHUl9nTc
+K0N2/gsCgYEAh8ZztJznIBzBAI4oplSd2XwFrCRh2y+ZcLTA6+G9E3Kux8Qngh/i
+X22q/ekzdd7fk3wBKjSprfkJ635UnroH/X/6OzMZvAs6JeTSQuc2p4xHHt88fIL8
+4Y/vd9vztAAnMj1NvLuWI6ZmtKfzZ76cTQVfwpQykzXl+P64U8IF1Ds=
+-----END RSA PRIVATE KEY-----
--- a/polarssl/programs/ssl/test-ca/client2.crt
+++ b/polarssl/programs/ssl/test-ca/client2.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a1:d7:d3:0c:2c:ff:bc:85:83:e2:b2:3c:c2:5b:
+                    15:fe:92:7c:09:b8:7b:de:90:39:19:4d:51:26:1b:
+                    c8:bd:d3:9f:64:ab:66:79:2e:1e:2c:3f:d8:07:09:
+                    f0:49:34:9e:f7:de:dd:4a:67:b5:96:bc:9e:7a:bc:
+                    6a:e4:15:f2:45:0c:3d:26:32:33:a7:e5:fe:f1:19:
+                    e0:e3:1d:86:30:a8:e4:b1:5f:60:65:56:49:18:55:
+                    4c:ee:f2:0b:3b:64:ce:22:b4:2d:d6:18:e1:f5:96:
+                    03:51:9c:f4:ff:a8:26:23:ce:9a:27:e5:21:83:16:
+                    b3:cc:a7:5b:e1:6d:67:2c:5e:e1:23:bb:56:29:1f:
+                    2e:e4:ff:c2:01:43:b4:b9:5a:e4:6d:2b:a7:31:fb:
+                    ee:0b:db:98:49:75:53:37:75:1d:92:75:d5:dc:d7:
+                    2c:e1:e7:2a:c4:be:15:f6:ff:4e:a4:38:87:cb:66:
+                    78:ab:4d:ba:4a:e0:aa:15:16:74:2e:9b:c8:93:96:
+                    ea:bf:c6:6c:40:54:39:db:bb:54:4c:dc:9d:53:4a:
+                    00:86:5b:ef:fd:4a:59:c6:1e:b8:e4:69:01:03:3b:
+                    f1:3a:03:0a:d4:9f:26:50:60:9b:8b:3d:74:13:07:
+                    6e:f9:cd:e7:d6:ea:97:e1:0f:8b:08:99:ec:c4:29:
+                    70:33
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                8C:06:38:93:D9:14:06:29:DF:CC:CD:71:11:43:37:8E:F0:43:38:1B
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        66:b6:b9:b3:22:9f:81:09:92:f2:9f:22:ec:df:47:3c:c5:18:
+        e4:01:83:4f:69:5b:11:88:73:71:a6:ef:25:95:d1:23:e0:4d:
+        9a:25:bb:d6:ac:a8:88:86:cc:06:6e:a9:c9:47:2c:06:a5:dc:
+        b2:4a:b6:5b:6c:4c:0f:f9:5c:bc:b4:e8:d2:4a:79:d5:27:67:
+        9f:2c:38:ef:5b:54:b4:bc:13:0e:ba:72:73:54:37:3d:39:fc:
+        e1:17:eb:59:3e:ec:b8:83:56:d1:cb:32:ce:13:01:88:61:70:
+        8e:f9:ce:97:95:46:38:ba:a1:77:8e:ee:a4:86:a3:30:12:b7:
+        10:df:7b:74:18:45:3c:57:aa:54:da:e5:c5:c0:b5:7b:4d:5d:
+        c0:c2:e7:0d:d0:f2:ab:36:5b:02:a8:3e:1f:6e:4a:aa:b2:05:
+        9f:35:aa:d6:26:f1:5f:27:a2:97:6e:9c:56:95:1e:4e:fb:5b:
+        4b:4f:58:f7:7b:8d:54:1c:e5:d3:4a:78:92:58:f5:a2:5f:98:
+        63:54:d7:fd:6d:14:5f:49:12:99:d0:32:d5:2a:c0:c6:97:a4:
+        d1:f5:c2:9d:dc:b4:6c:f0:ba:fb:e7:3e:f5:86:61:bb:86:e9:
+        e4:99:0a:ed:ee:dc:fa:84:ea:87:e0:c3:7e:76:e4:17:a3:58:
+        25:07:82:bf
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodfTDCz/vIWD4rI8wlsV/pJ8Cbh7
+3pA5GU1RJhvIvdOfZKtmeS4eLD/YBwnwSTSe997dSme1lryeerxq5BXyRQw9JjIz
+p+X+8Rng4x2GMKjksV9gZVZJGFVM7vILO2TOIrQt1hjh9ZYDUZz0/6gmI86aJ+Uh
+gxazzKdb4W1nLF7hI7tWKR8u5P/CAUO0uVrkbSunMfvuC9uYSXVTN3UdknXV3Ncs
+4ecqxL4V9v9OpDiHy2Z4q026SuCqFRZ0LpvIk5bqv8ZsQFQ527tUTNydU0oAhlvv
+/UpZxh645GkBAzvxOgMK1J8mUGCbiz10Ewdu+c3n1uqX4Q+LCJnsxClwMwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSMBjiT2RQGKd/MzXERQzeO8EM4GzAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEAZra5syKfgQmS8p8i7N9HPMUY5AGDT2lbEYhzcabvJZXRI+BNmiW71qyoiIbM
+Bm6pyUcsBqXcskq2W2xMD/lcvLTo0kp51Sdnnyw471tUtLwTDrpyc1Q3PTn84Rfr
+WT7suINW0csyzhMBiGFwjvnOl5VGOLqhd47upIajMBK3EN97dBhFPFeqVNrlxcC1
+e01dwMLnDdDyqzZbAqg+H25KqrIFnzWq1ibxXyeil26cVpUeTvtbS09Y93uNVBzl
+00p4klj1ol+YY1TX/W0UX0kSmdAy1SrAxpek0fXCndy0bPC6++c+9YZhu4bp5JkK
+7e7c+oTqh+DDfnbkF6NYJQeCvw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/client2.key
+++ b/polarssl/programs/ssl/test-ca/client2.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAodfTDCz/vIWD4rI8wlsV/pJ8Cbh73pA5GU1RJhvIvdOfZKtm
+eS4eLD/YBwnwSTSe997dSme1lryeerxq5BXyRQw9JjIzp+X+8Rng4x2GMKjksV9g
+ZVZJGFVM7vILO2TOIrQt1hjh9ZYDUZz0/6gmI86aJ+UhgxazzKdb4W1nLF7hI7tW
+KR8u5P/CAUO0uVrkbSunMfvuC9uYSXVTN3UdknXV3Ncs4ecqxL4V9v9OpDiHy2Z4
+q026SuCqFRZ0LpvIk5bqv8ZsQFQ527tUTNydU0oAhlvv/UpZxh645GkBAzvxOgMK
+1J8mUGCbiz10Ewdu+c3n1uqX4Q+LCJnsxClwMwIDAQABAoIBAQCepSN6QfoF4JMh
+ezpYAlWTECCKns69on52MPYk9wNWIMWUNvfiPbTSB1tJuxJRkEVsEIi3UOYN9qMb
+COt23ZR43sBqWreME8ZOrOFngB90P3q97BJgA67vLV6Ws6kS9YOjPR/ZSNbml8B1
+FfiLS1bnrrQp+09YYr6pFDzawxVpxaCfr6mpfDbXhoBw0NGpf54V4rIm4eNIf9Ro
+QS54g/d0thID9OhMrc2NIpfRs4GkebsxOIKZP+uKF6CoS8IujyKjab/Vb3XBSknD
+ObmiDx+udh8gRRGSpIG8rgoMcM8JhPAYitjYo3AiRTPTAUb4nSgQVOVxnRRZX8C1
+QhvKOntBAoGBANAmX4KzOncoELOZPAZpkBlAhLNEqKT6RrfVokR9JAz3Jqhe+3tF
+a0taSHF0aDi7YI5PgRGsV2Bowf81IIS3z2UqHCf+Eo0745jPiY33V+KSQkydJruN
+u/n89imdhcIZdvZoxoVB8aRFDarBlzVq/FozqcpbtiGNs2ogbf+xS1dRAoGBAMcM
+Swc0S0G2ncec34beGNH9mloyseMVspGhUWy/3rKLLBVf7XtEM4eDMopgMeceWQw9
+wZo4Hr9Ip8k3Z4Ue8wV+MxtSLuGaxHGnHVxJtEE9OarhKlvEqHVAeeWvK4Cr0+ip
+/zxnWDAA7QulMuWiK0LBEYOvTUXFet4z/l27/rZDAoGAchjWufosziw0G36fnJQ4
+3N603t9/4g8evJ5qOEiwfjrsAdcu2r+OtNtkYmyAxLhRkTCbe2iQ7NP/ozkn/hgT
+o0yV6oYm/Swa8iSxLhSrJBMwLHboSF7E759uABnMvDzhLOj6CQnAv17qwvMjQ7DF
+a1xucfIbwADAnCfyo/o3ZkECgYEApfbGCDe+GAif/fP7HITKxSxjKpniYKmSvoJ3
+VemVUeFg3GGjrYfsPy1RUrdqZH6VWPOVHXV1jaCS5d9gXUq07vuOuVUI6esVqH3i
+qTR7K3pVPvmHTATpQPqFqNEpwJuEkRZNTpwMl9ntzCvuCDHzSDGa3OWp1GcYT3Wi
+vZ0mf+kCgYBEPLnXD1BH7BlzEsMfXCtw28VtTetixcHcZVKwzQ4UH035DFYHch3p
+/rABUO+IwxfcHjrvUJyZgHTyzfhtjWV62SsTNrOa1JFhQ+frWxIU5VEA7rVnLeaO
+3vMGjy6jnBSaKoktW8ikY+4FHq+t5z63UN3RF367Iz0dWzIVocbxAQ==
+-----END RSA PRIVATE KEY-----
--- a/polarssl/programs/ssl/test-ca/client2.pfx
+++ b/polarssl/programs/ssl/test-ca/client2.pfx
--- a/polarssl/programs/ssl/test-ca/crl.pem
+++ b/polarssl/programs/ssl/test-ca/crl.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxMjExMDMz
+MloXDTExMDcxMjExMDMzMlowKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQEFBQADggEBAHNDiBinDWNwdRsALyrq48Gg
+/OOk5hEtRzoKk1hxX+c66g/KvuIZMlnvEY/lbVsB4YGQ2QSF+aw3s0Y5ZQZZVyL0
+Ix4RCMk4QR8XSev7ln3r0FQOCCwheul851EcWF7FOXsErS78+bBfYv0KMlGG+yNw
+gmY8PSTLvcjydSdJHmlHo2gLuAb7vLVcuqRY/saKY9PDjYXk3ezU6hrgWi8mCres
+ex8zK1oeL704Wr5KPxhzmhFoaHlm5rAvOCldFw95Z6SBq8UzWXEOrPIFbePSAru0
+DVD+/PElBgJ38+edT6mVr3wjJOzxBYaexDwaVAbgE3dNrRhhcHU/KnxtjuaM9Wg=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_md2.pem
+++ b/polarssl/programs/ssl/test-ca/crl_md2.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQECBQADggEBAF8F5y82zgtxcwQ4aFvrkanT
+ygyd5+RW/Y//vpck44V+CYx1d1r+QkauaXel9qUKBPsg2dUwQ+jwV/m+Sp2MHaX5
+NfW7XUb7Ji4yhwgh9/9vFPqqnKBf9esLJuJoQ4mLhcGB5J1yCcavLrynvB4PJEnG
+graTbbyizelXBmk3ApvNYxczJZxt7EzpVbrFaev7myGmOffdDkIMc2WDpDkyLTlU
+kITjB7fMJhD/dgNskKZ4fgkKKKPCMJrJPO67Wzwqx/6vsrZcACB9X+143WZr4GVO
+Fw2SaMnqfVLlUEndoOpbLCU4ugcc82kQQF3TsovXJYW7XqoWl2u/ENCwShl9rl4=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_md4.pem
+++ b/polarssl/programs/ssl/test-ca/crl_md4.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQEDBQADggEBAJYibk/Hs6MAtkMGGib8PqZ6
+hfCYt+TQ56Vk90fTTzQ7DH4Ws8sTna2+FpeZCmImjiw6whaR8P/Mz+lRVAqySPAu
+E+r+aKJErr4PLhPKZ2UEaJF/MYWfUgomrLGPuHHd30YHXduqeBz4FowLZwNXxenS
+5RfbGl2U1fo3F/OCrEhNPhNEnEttKBCsKKHNArI9+QBDl7RU9aTsglX9gpIrPdh
+oC7PLZlrBwhyzLr9rCATGDDTzz/b3OP1IOvlmiHU4PC9RhTDMiXZKNkgOXfqWLXD
+BIE2oidYRgFURKrkMrl1MMZ9lLbHMIYW6U6Sx5ywbuMM+/SwiOhI1nDo1Gh3f3k=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_md5.pem
+++ b/polarssl/programs/ssl/test-ca/crl_md5.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQEEBQADggEBAKBhOdz7QlqIiDd9fNR+RohK
+HJ7f6fzicHqDx/aOwdEsDa5TAxWpreOkwNBvjA+sE95bbwTN5IBSnlCl6URmhpM6
+jeiT4XZluyKE/pZKxXFLol+CRk2LGp21qWEeajqQ0UwBXbStOOVrGfYdlNQM/lWh
+cj65W1WYISm6Y5i5V85lCAKvj4h4oAjCzuL0VcJbzAubCzvoWSngEkC3JUdzcKBF
+a2kM9JDDvBXD5SDZJo7ZiDK82easRosuxcDdPTvakB8aVspfzXl+C59AhheT/+XN
+xQiE4EGzxQzWfSp/3Rp+ZYNDEO+1zZvsRwhOWaYUTkSlWFXGHGKJTU3iX7y62I4=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_sha1.pem
+++ b/polarssl/programs/ssl/test-ca/crl_sha1.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQEFBQADggEBAD3twE679gqh7/kJUZuv9bpl
+p6m2kezMVkscqLsaZdu8/1Somt0XCU+Z4ExkROEuVddKTMPnH4r/KuCD5442ke8a
+VogVx78Nj6e6EhD/j2kCtqYnYdzAf9xLC52zOIGjp+dbm7YGkQAWFOA7dfPNS5sP
+eOoq9+U0PGbbRwIne1roQCXrA71hbahlz2fa59uRLHf+Dnz9C3ALf/d2QE4iUvY7
+Z3VEfvGo6XbT+QzkNWiwtzjVW+loCVk5ElyfXn4eKr9x9jGNpGs7tvZq2K81fsH5
+JCLuuBQeMJpdOy7dG5c/bhQjesh87b07K8IEDOHiw7QZKW0mHCE1X50uDW2D7BE=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_sha224.pem
+++ b/polarssl/programs/ssl/test-ca/crl_sha224.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQEOBQADggEBADXKKOJjiqKLHD/itK7gX4P+
+JFXbq6fWXCVEQPMw6CEkcpfFyPGVRDHuRPeHnLGJzwucbHc9XLhHHxh2YymYn08+
+tYOAXUwo9oyhkGLc+EqEXFoyTxHf8uamw1wQd+r2FA18axIMyH06gnxfjjF1UfbE
+pX0nowcdDVYKYBnU3cbMN2Npc5O7WIyeP0vXo5CN0Ekr4HZRlOF6mc8hwv7jQ0ll
+WGrppzDPHqQ3u2kGcVGdH2ldErRdEVkPj6R7Y2+afD5AoWjb/rDqmeuEZWPAqJKu
+1P4My0URRbXsaUVn+oX99xgLr25CazeO5vaqg+KkauCyKjaBkfRfz6L5rlnOioI=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_sha256.pem
+++ b/polarssl/programs/ssl/test-ca/crl_sha256.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQELBQADggEBAHqSgokH5DKieTA6L9cuZDz2
+qUgzZvVAfmo3l0UP8E/VjERWY6zVS18vlmFt0QErN8Pk5e7mNB9XqXlluemd66P/
+FiL04fsqPc+yQ4LBGxil15X1gPPuj+ifpuLo6zsCMSh7GFeHYga5O67KblJj4oYZ
+1+7Ing2sN62zy9eXysXSDmTUoZvBTvtsTwJYtQ/sA6DJGLY+4ykUQBqMbnGRoScA
+Syv89RrnBh9RHCAjGAzc9imuRH8gDNowmW1HWV0+YFkK1JQPivopavzesIwmg369
+EPNIEKHpQfo/1esIewQp4FfNZnr999xAukq/iiFLnyceqz+WxN7FV/45TIHP5Y0=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_sha384.pem
+++ b/polarssl/programs/ssl/test-ca/crl_sha384.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQEMBQADggEBAHwvI/q2bW6sHfZ7pE6z36/T
+xjJNJVqzfd1i2fsf3rMj90uMhDuxCokk7c7vo15p8bD47qV0CRZCOsijDIQ7cfXY
+U7MSiLJzllM6pmytdz7ym6AjFnXWCjBBUrIKq0JZ8VIlfQp0PzDUhVDXaoiGbpB+
+ZUj+z5QfwzEf/tI3qnff73hbPD6xqzUtaya8fL7+78CvLWSorjjVvgs9TUqOAYPa
+SLU/lPeynpjc49gH0jOWapvJh8f4+xnf+jMPwwHjouV8uCN9m8n7nw1CcpDuHFgn
+5C3vnnos3Eoyu0mdsOATyXaqSLy0R2hKJLWoREfv4dt7CqU/W8SHN0JxuWYhWC4=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/crl_sha512.pem
+++ b/polarssl/programs/ssl/test-ca/crl_sha512.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
+N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
+MDIwOTIxMTIzNlowDQYJKoZIhvcNAQENBQADggEBABDNSzzunnzHZspQ5zDy8TCR
+BydIUTJVLc7hhI9sQbWsSMR0hlgspkalFFTteFXyOPv1V1tbksHB5Tj8vbKgXYlg
+Q6/KdeAC21/ZgabAmwz333dctbtwE6y94cw8AyM/TettNx0PnUKrUvPMuLzt595g
+DwPwV4ZLUeVdYEtrZU7ZOcCpteWl0GkAEhfySwv+HPUkWRs3ZaRueE8RdYJYK0Sz
+PgSgu3o++v9ETZJzMBXkEo/LLZ07OmiT8fFPK2gieUp0cWA8nzjjL3TutPfUtA2R
+fjuAjUmskx5U9peLDm0BjF0F9pd5+Tsibh0C0z79gPu6C6w799sEvIm/XaQX2es=
+-----END X509 CRL-----
--- a/polarssl/programs/ssl/test-ca/gen_test_ca.sh
+++ b/polarssl/programs/ssl/test-ca/gen_test_ca.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
+
+touch index
+echo "01" > serial
+
+PASSWORD=PolarSSLTest
+
+echo "Generating CA"
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Test CA" >> sslconf_use.txt
+
+openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
+            -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
+	    -passout pass:$PASSWORD
+
+echo "Generating rest"
+openssl genrsa -out server1.key 2048
+openssl genrsa -out server2.key 2048
+openssl genrsa -out client1.key 2048
+openssl genrsa -out client2.key 2048
+openssl genrsa -out cert_digest.key 2048
+
+echo "Generating requests"
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=localhost" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md2.req -md2
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD4" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md4.req -md4
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD5" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md5.req -md5
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha1.req -sha1
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha224.req -sha224
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha256.req -sha256
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha384.req -sha384
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
+
+echo "Signing requests"
+for i in server1 server2 client1 client2;
+do
+  openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
+	-batch -in $i.req
+done
+
+for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
+do
+  openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
+	-batch -in cert_$i.req -md $i
+done
+
+echo "Revoking firsts"
+openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
+
+for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
+do
+  openssl ca -batch -config sslconf.txt -gencrl -out crl_$i.pem -md $i -passin pass:$PASSWORD
+done
+
+echo "Verifying second"
+openssl x509 -in server2.crt -text -noout
+cat test-ca.crt crl.pem > ca_crl.pem
+openssl verify -CAfile ca_crl.pem -crl_check server2.crt
+rm ca_crl.pem
+
+echo "Generating PKCS12"
+openssl pkcs12 -export -in client2.crt -inkey client2.key \
+                      -out client2.pfx -passout pass:$PASSWORD
+
+rm *.old *.req sslconf_use.txt
--- a/polarssl/programs/ssl/test-ca/index
+++ b/polarssl/programs/ssl/test-ca/index
@@ -0,0 +1,16 @@
+R	110209211235Z	090209211236Z	01	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Server 1
+V	110209211235Z		02	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Server 2
+R	110209211235Z	090209211236Z	03	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Client 1
+V	110209211235Z		04	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Client 2
+V	110209211235Z		05	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA224
+V	110209211235Z		06	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA256
+V	110209211236Z		07	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA384
+V	110209211236Z		08	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA512
+V	110712105659Z		09	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert MD2
+V	110712105659Z		0A	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert MD4
+V	110712105659Z		0B	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert MD5
+V	110712105659Z		0C	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA1
+V	110712105659Z		0D	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA224
+V	110712105659Z		0E	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA256
+V	110712105659Z		0F	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA384
+V	110712105700Z		10	unknown	/C=NL/O=PolarSSL/CN=PolarSSL Cert SHA512
--- a/polarssl/programs/ssl/test-ca/index.attr
+++ b/polarssl/programs/ssl/test-ca/index.attr
@@ -0,0 +1 @@
+unique_subject = no
--- a/polarssl/programs/ssl/test-ca/newcerts/01.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/01.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Server 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ae:92:63:59:74:68:a4:aa:89:50:42:f2:e7:27:
+                    09:2c:a5:86:99:09:28:52:5d:6e:32:f5:93:18:35:
+                    0e:2b:28:6d:11:20:49:f2:21:0d:d6:fc:e6:dc:de:
+                    40:93:7b:29:ee:4b:4c:28:4f:e4:8c:38:12:de:10:
+                    69:f7:ba:40:e8:74:80:a6:19:36:63:e0:37:93:39:
+                    f6:00:8e:3c:5a:fd:dc:8e:50:c1:41:7c:bf:ff:c9:
+                    bb:e2:ad:7c:8d:b1:a4:1a:8b:3e:1f:1a:28:9b:e6:
+                    93:4b:74:c3:e9:ab:2c:c8:93:cf:f6:02:a1:c9:4b:
+                    9e:f9:f6:fa:a6:95:98:6c:32:85:c0:f4:e7:b0:ec:
+                    50:af:17:52:49:21:80:9f:0d:c8:37:73:74:42:3e:
+                    06:7f:29:29:1d:6a:9a:71:0f:70:ea:c8:49:0d:d7:
+                    3b:7e:c2:ed:9b:33:dd:64:e9:8f:df:85:81:c3:b1:
+                    c5:50:b6:55:2c:c8:88:ed:fd:c4:cf:14:4f:49:d8:
+                    76:5c:1d:95:ef:34:e8:d7:74:aa:1e:d2:ff:1d:19:
+                    27:19:de:af:b5:7a:71:c3:fb:38:11:ca:da:78:2c:
+                    9b:32:3e:5f:31:eb:c9:6e:43:eb:3d:a5:c1:36:e2:
+                    86:49:1c:68:d7:5b:f1:01:d0:29:16:d0:3a:44:36:
+                    5c:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                81:10:4A:56:11:3A:A2:FD:28:DE:80:54:BC:21:6E:64:28:6F:E7:05
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        64:48:d7:f4:06:42:fd:9b:7d:f4:c3:81:26:ff:1d:c3:f9:0b:
+        dc:be:5d:78:45:e5:48:1a:f7:07:cb:35:2b:7f:b6:50:22:cf:
+        a6:24:f5:e3:a5:5d:a7:d0:55:d3:c1:f4:a9:6e:f2:4c:f7:2b:
+        02:0f:d0:c8:62:82:93:a6:86:07:f3:fb:14:c8:db:f2:df:fb:
+        06:2c:7f:ad:39:89:78:ed:cb:b6:70:0d:7a:b8:ba:48:ae:13:
+        46:b0:e0:7b:e8:fc:31:eb:4e:97:2b:96:bf:6b:7b:ae:f2:3e:
+        9f:f9:c2:96:59:49:f3:90:34:15:e3:2e:cb:38:9c:33:a3:4a:
+        4e:00:9e:97:7d:3d:2e:d7:1f:23:4b:5e:db:62:a5:3c:ca:4e:
+        b7:a6:83:79:24:9c:ce:08:e4:8b:e7:9a:b1:ca:9f:03:9c:a8:
+        6c:81:4e:5b:fb:53:19:a1:9f:b5:07:64:85:57:01:2c:95:3c:
+        3c:7e:87:0d:43:c6:08:d5:26:7a:5b:d3:2b:bb:0e:92:fc:be:
+        85:88:16:c8:98:2d:75:23:9d:95:c5:4a:a5:95:be:77:81:cd:
+        46:14:cc:96:2f:90:2a:84:04:51:80:d1:e3:39:5f:de:d4:c2:
+        2c:bd:a7:23:3a:8d:b3:83:73:62:b0:7b:92:14:53:a1:e3:c4:
+        3c:68:cc:ab
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpJjWXRopKqJUELy5ycJLKWGmQko
+Ul1uMvWTGDUOKyhtESBJ8iEN1vzm3N5Ak3sp7ktMKE/kjDgS3hBp97pA6HSAphk2
+Y+A3kzn2AI48Wv3cjlDBQXy//8m74q18jbGkGos+Hxoom+aTS3TD6assyJPP9gKh
+yUue+fb6ppWYbDKFwPTnsOxQrxdSSSGAnw3IN3N0Qj4GfykpHWqacQ9w6shJDdc7
+fsLtmzPdZOmP34WBw7HFULZVLMiI7f3EzxRPSdh2XB2V7zTo13SqHtL/HRknGd6v
+tXpxw/s4EcraeCybMj5fMevJbkPrPaXBNuKGSRxo11vxAdApFtA6RDZcdwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSBEEpWETqi/SjegFS8IW5kKG/nBTAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEAZEjX9AZC/Zt99MOBJv8dw/kL3L5deEXlSBr3B8s1K3+2UCLPpiT146Vdp9BV
+08H0qW7yTPcrAg/QyGKCk6aGB/P7FMjb8t/7Bix/rTmJeO3LtnANeri6SK4TRrDg
+e+j8MetOlyuWv2t7rvI+n/nClllJ85A0FeMuyzicM6NKTgCel309LtcfI0te22Kl
+PMpOt6aDeSSczgjki+eascqfA5yobIFOW/tTGaGftQdkhVcBLJU8PH6HDUPGCNUm
+elvTK7sOkvy+hYgWyJgtdSOdlcVKpZW+d4HNRhTMli+QKoQEUYDR4zlf3tTCLL2n
+IzqNs4NzYrB7khRToePEPGjMqw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/02.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/02.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Server 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b0:19:1d:43:4a:e1:f1:67:80:7b:44:3f:25:b9:
+                    10:f0:f1:ac:af:59:fb:5c:e3:e7:32:49:f3:b7:a0:
+                    c1:90:27:83:04:2c:0b:1b:f8:3d:1e:d8:c2:40:67:
+                    7a:4a:c0:cd:ab:51:77:34:ee:ae:ac:09:6b:7a:cb:
+                    20:23:b3:44:b1:7e:78:a0:95:50:59:36:97:04:57:
+                    9a:76:65:e0:08:7a:09:5e:61:16:59:c2:35:eb:e0:
+                    a1:fd:92:f5:d5:76:c3:57:f3:64:19:25:ff:a9:e3:
+                    48:5a:c9:b7:ad:77:c5:81:24:2d:c7:99:d5:a5:15:
+                    12:67:69:00:2a:cd:4e:4f:46:40:51:78:36:b5:26:
+                    15:9c:73:9c:dc:bd:f9:fe:ac:62:dc:0a:c8:a0:9e:
+                    aa:06:e9:e5:94:c2:bd:2f:46:d4:54:08:d7:d6:98:
+                    69:1f:de:63:fc:09:70:f2:99:c8:63:27:f7:00:96:
+                    1e:ad:c3:ee:ce:80:e8:75:ce:50:6b:6c:49:c8:c4:
+                    92:04:a0:25:7c:19:6e:d6:e0:43:45:2a:d7:2a:44:
+                    4a:03:b9:72:17:a4:c7:01:b9:4e:88:8c:82:63:0f:
+                    bb:c2:89:98:86:8e:6d:d5:5e:bb:0b:bf:8c:d0:6f:
+                    97:15:39:fe:11:c9:cb:de:c5:5b:2c:47:65:07:20:
+                    b6:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                92:0C:8B:3F:E9:D3:EE:6F:08:23:62:0B:D1:68:FD:AC:A6:11:8F:5F
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        0d:22:8f:f2:f6:17:f7:bb:d8:8e:9d:96:58:37:3d:81:ce:ef:
+        bc:ae:e1:8e:70:3a:13:9b:c4:1f:22:8e:6a:90:39:a8:ba:7b:
+        53:ff:94:2f:ed:96:4d:56:d7:d7:b6:28:b2:d4:38:90:be:87:
+        be:09:22:2b:32:6f:b8:fa:59:c3:fa:c3:8c:d7:85:55:bc:09:
+        b1:e6:d3:a7:b2:9f:79:45:5c:2a:d9:b3:34:0f:91:e1:ea:cd:
+        30:a0:94:72:c2:02:35:0e:00:6a:0d:3f:46:8c:ca:30:6e:11:
+        d4:a3:85:f2:5b:d7:e0:0b:07:65:77:b6:56:46:7e:0a:a2:5d:
+        1c:6a:43:b7:60:c5:99:86:ae:8a:ca:cd:ba:7a:2e:5b:79:fb:
+        8b:86:7c:ad:eb:66:33:08:4c:c7:f7:86:5e:70:4c:fa:9a:3e:
+        4a:53:72:cb:43:03:9c:f6:f7:c9:be:d0:33:81:00:aa:1a:5b:
+        5c:71:3a:3b:7a:20:d4:2f:89:97:79:92:29:14:0b:ec:65:ba:
+        fb:aa:5a:65:a7:e5:3a:3d:bc:45:61:3f:0d:54:36:27:2c:0e:
+        fb:a8:8a:a2:41:96:b1:07:b6:be:0b:8b:08:47:42:a7:5f:00:
+        c2:13:a4:01:10:c6:96:23:13:4e:66:49:16:10:23:1e:9d:1b:
+        c0:5e:55:6b
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBkdQ0rh8WeAe0Q/JbkQ8PGsr1n7
+XOPnMknzt6DBkCeDBCwLG/g9HtjCQGd6SsDNq1F3NO6urAlressgI7NEsX54oJVQ
+WTaXBFeadmXgCHoJXmEWWcI16+Ch/ZL11XbDV/NkGSX/qeNIWsm3rXfFgSQtx5nV
+pRUSZ2kAKs1OT0ZAUXg2tSYVnHOc3L35/qxi3ArIoJ6qBunllMK9L0bUVAjX1php
+H95j/Alw8pnIYyf3AJYercPuzoDodc5Qa2xJyMSSBKAlfBlu1uBDRSrXKkRKA7ly
+F6THAblOiIyCYw+7womYho5t1V67C7+M0G+XFTn+EcnL3sVbLEdlByC2zwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSSDIs/6dPubwgjYgvRaP2sphGPXzAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEADSKP8vYX97vYjp2WWDc9gc7vvK7hjnA6E5vEHyKOapA5qLp7U/+UL+2WTVbX
+17YostQ4kL6HvgkiKzJvuPpZw/rDjNeFVbwJsebTp7KfeUVcKtmzNA+R4erNMKCU
+csICNQ4Aag0/RozKMG4R1KOF8lvX4AsHZXe2VkZ+CqJdHGpDt2DFmYauisrNunou
+W3n7i4Z8retmMwhMx/eGXnBM+po+SlNyy0MDnPb3yb7QM4EAqhpbXHE6O3og1C+J
+l3mSKRQL7GW6+6paZaflOj28RWE/DVQ2JywO+6iKokGWsQe2vguLCEdCp18AwhOk
+ARDGliMTTmZJFhAjHp0bwF5Vaw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/03.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/03.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:cc:e9:b3:06:08:93:8e:83:e4:e8:d0:35:a4:81:
+                    1d:a2:f0:f4:0a:33:46:dd:93:92:1b:da:51:5d:2e:
+                    62:5d:36:78:c4:72:22:86:08:f4:a6:51:3e:02:de:
+                    da:86:82:d4:65:2a:4e:2a:80:c7:dd:f8:ed:79:f8:
+                    17:39:79:4b:1a:c6:0d:e5:b0:9b:f5:cc:4e:76:64:
+                    2c:e6:47:ec:76:d6:cd:36:e0:f5:1b:24:36:21:a6:
+                    72:71:39:0f:7a:d8:af:90:e8:3f:5d:19:ab:d3:f2:
+                    1b:4a:fa:69:4b:7c:12:42:26:44:c3:46:27:6d:f7:
+                    e2:66:59:56:fa:ec:a8:e7:dd:76:d5:36:6e:13:a0:
+                    1f:9d:9e:29:ce:b5:bc:30:45:fb:d1:76:e0:3c:d4:
+                    7b:ce:7a:32:a6:0e:63:aa:63:44:57:91:41:e9:2f:
+                    c4:e8:5d:ad:d0:cf:1b:4b:8d:68:30:f2:7e:50:bc:
+                    86:c1:cd:6c:10:28:7c:a5:d7:c2:f8:90:ce:6d:f7:
+                    69:a6:25:50:a2:28:ad:57:75:82:23:ed:af:27:ea:
+                    32:1e:89:b0:9d:07:0c:6a:f9:98:14:8b:8c:6d:fb:
+                    15:83:7f:42:98:5f:4e:82:b0:1a:cc:c0:ce:6a:61:
+                    e0:a8:a6:e0:d5:ec:17:16:9d:ce:41:ef:27:e3:e4:
+                    8e:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                F3:A4:F7:F2:0C:11:57:C9:D8:29:46:80:72:CA:23:87:7E:EA:90:27
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        76:09:20:d6:88:9c:e7:ee:ae:bb:82:57:1e:ee:bf:bc:71:47:
+        79:04:49:84:5d:f3:99:3f:de:86:da:a4:0c:e4:47:63:9c:d8:
+        dd:2f:b8:d6:0f:4d:67:e7:04:c2:83:82:ce:6e:4c:ed:1a:1c:
+        70:27:b2:9b:da:7a:12:a1:1c:d3:dc:e4:ac:60:ae:21:71:f5:
+        dc:cc:01:c9:2f:c0:4c:51:fc:8e:c4:de:ac:c0:01:e0:82:b5:
+        80:f4:38:7d:21:ea:9c:92:46:cd:f6:1d:f9:60:3d:cb:0a:00:
+        88:6d:aa:5a:c1:08:50:d1:36:04:0a:ee:07:9a:6d:0d:ff:4d:
+        9e:af:97:d3:eb:88:5b:c8:0d:ed:0a:5c:6b:4b:b7:0b:ca:d5:
+        fd:9b:34:f4:be:d0:e0:6c:01:0d:6b:bc:41:f2:a3:13:05:0b:
+        cd:34:59:ba:15:7f:6e:a8:00:53:2a:d5:b7:3a:51:e5:cf:16:
+        04:66:ba:6b:73:4c:bd:4f:14:0f:64:30:00:7b:12:25:eb:73:
+        c5:2d:03:7c:37:91:3e:12:53:ad:a4:f4:fa:73:7b:b7:67:fa:
+        a5:9c:bd:2e:32:87:7b:8f:54:97:28:b8:5e:80:7d:6f:8a:47:
+        e1:f9:b9:61:ef:91:e6:74:54:af:e9:43:03:8f:8b:b6:f7:b5:
+        8d:24:5e:01
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOmzBgiTjoPk6NA1pIEdovD0CjNG
+3ZOSG9pRXS5iXTZ4xHIihgj0plE+At7ahoLUZSpOKoDH3fjtefgXOXlLGsYN5bCb
+9cxOdmQs5kfsdtbNNuD1GyQ2IaZycTkPetivkOg/XRmr0/IbSvppS3wSQiZEw0Yn
+bffiZllW+uyo59121TZuE6AfnZ4pzrW8MEX70XbgPNR7znoypg5jqmNEV5FB6S/E
+6F2t0M8bS41oMPJ+ULyGwc1sECh8pdfC+JDObfdppiVQoiitV3WCI+2vJ+oyHomw
+nQcMavmYFIuMbfsVg39CmF9OgrAazMDOamHgqKbg1ewXFp3OQe8n4+SO+wIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTzpPfyDBFXydgpRoByyiOHfuqQJzAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEAdgkg1oic5+6uu4JXHu6/vHFHeQRJhF3zmT/ehtqkDORHY5zY3S+41g9NZ+cE
+woOCzm5M7RoccCeym9p6EqEc09zkrGCuIXH13MwByS/ATFH8jsTerMAB4IK1gPQ4
+fSHqnJJGzfYd+WA9ywoAiG2qWsEIUNE2BAruB5ptDf9Nnq+X0+uIW8gN7Qpca0u3
+C8rV/Zs09L7Q4GwBDWu8QfKjEwULzTRZuhV/bqgAUyrVtzpR5c8WBGa6a3NMvU8U
+D2QwAHsSJetzxS0DfDeRPhJTraT0+nN7t2f6pZy9LjKHe49Ulyi4XoB9b4pH4fm5
+Ye+R5nRUr+lDA4+Ltve1jSReAQ==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/04.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/04.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a1:d7:d3:0c:2c:ff:bc:85:83:e2:b2:3c:c2:5b:
+                    15:fe:92:7c:09:b8:7b:de:90:39:19:4d:51:26:1b:
+                    c8:bd:d3:9f:64:ab:66:79:2e:1e:2c:3f:d8:07:09:
+                    f0:49:34:9e:f7:de:dd:4a:67:b5:96:bc:9e:7a:bc:
+                    6a:e4:15:f2:45:0c:3d:26:32:33:a7:e5:fe:f1:19:
+                    e0:e3:1d:86:30:a8:e4:b1:5f:60:65:56:49:18:55:
+                    4c:ee:f2:0b:3b:64:ce:22:b4:2d:d6:18:e1:f5:96:
+                    03:51:9c:f4:ff:a8:26:23:ce:9a:27:e5:21:83:16:
+                    b3:cc:a7:5b:e1:6d:67:2c:5e:e1:23:bb:56:29:1f:
+                    2e:e4:ff:c2:01:43:b4:b9:5a:e4:6d:2b:a7:31:fb:
+                    ee:0b:db:98:49:75:53:37:75:1d:92:75:d5:dc:d7:
+                    2c:e1:e7:2a:c4:be:15:f6:ff:4e:a4:38:87:cb:66:
+                    78:ab:4d:ba:4a:e0:aa:15:16:74:2e:9b:c8:93:96:
+                    ea:bf:c6:6c:40:54:39:db:bb:54:4c:dc:9d:53:4a:
+                    00:86:5b:ef:fd:4a:59:c6:1e:b8:e4:69:01:03:3b:
+                    f1:3a:03:0a:d4:9f:26:50:60:9b:8b:3d:74:13:07:
+                    6e:f9:cd:e7:d6:ea:97:e1:0f:8b:08:99:ec:c4:29:
+                    70:33
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                8C:06:38:93:D9:14:06:29:DF:CC:CD:71:11:43:37:8E:F0:43:38:1B
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        66:b6:b9:b3:22:9f:81:09:92:f2:9f:22:ec:df:47:3c:c5:18:
+        e4:01:83:4f:69:5b:11:88:73:71:a6:ef:25:95:d1:23:e0:4d:
+        9a:25:bb:d6:ac:a8:88:86:cc:06:6e:a9:c9:47:2c:06:a5:dc:
+        b2:4a:b6:5b:6c:4c:0f:f9:5c:bc:b4:e8:d2:4a:79:d5:27:67:
+        9f:2c:38:ef:5b:54:b4:bc:13:0e:ba:72:73:54:37:3d:39:fc:
+        e1:17:eb:59:3e:ec:b8:83:56:d1:cb:32:ce:13:01:88:61:70:
+        8e:f9:ce:97:95:46:38:ba:a1:77:8e:ee:a4:86:a3:30:12:b7:
+        10:df:7b:74:18:45:3c:57:aa:54:da:e5:c5:c0:b5:7b:4d:5d:
+        c0:c2:e7:0d:d0:f2:ab:36:5b:02:a8:3e:1f:6e:4a:aa:b2:05:
+        9f:35:aa:d6:26:f1:5f:27:a2:97:6e:9c:56:95:1e:4e:fb:5b:
+        4b:4f:58:f7:7b:8d:54:1c:e5:d3:4a:78:92:58:f5:a2:5f:98:
+        63:54:d7:fd:6d:14:5f:49:12:99:d0:32:d5:2a:c0:c6:97:a4:
+        d1:f5:c2:9d:dc:b4:6c:f0:ba:fb:e7:3e:f5:86:61:bb:86:e9:
+        e4:99:0a:ed:ee:dc:fa:84:ea:87:e0:c3:7e:76:e4:17:a3:58:
+        25:07:82:bf
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodfTDCz/vIWD4rI8wlsV/pJ8Cbh7
+3pA5GU1RJhvIvdOfZKtmeS4eLD/YBwnwSTSe997dSme1lryeerxq5BXyRQw9JjIz
+p+X+8Rng4x2GMKjksV9gZVZJGFVM7vILO2TOIrQt1hjh9ZYDUZz0/6gmI86aJ+Uh
+gxazzKdb4W1nLF7hI7tWKR8u5P/CAUO0uVrkbSunMfvuC9uYSXVTN3UdknXV3Ncs
+4ecqxL4V9v9OpDiHy2Z4q026SuCqFRZ0LpvIk5bqv8ZsQFQ527tUTNydU0oAhlvv
+/UpZxh645GkBAzvxOgMK1J8mUGCbiz10Ewdu+c3n1uqX4Q+LCJnsxClwMwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSMBjiT2RQGKd/MzXERQzeO8EM4GzAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEAZra5syKfgQmS8p8i7N9HPMUY5AGDT2lbEYhzcabvJZXRI+BNmiW71qyoiIbM
+Bm6pyUcsBqXcskq2W2xMD/lcvLTo0kp51Sdnnyw471tUtLwTDrpyc1Q3PTn84Rfr
+WT7suINW0csyzhMBiGFwjvnOl5VGOLqhd47upIajMBK3EN97dBhFPFeqVNrlxcC1
+e01dwMLnDdDyqzZbAqg+H25KqrIFnzWq1ibxXyeil26cVpUeTvtbS09Y93uNVBzl
+00p4klj1ol+YY1TX/W0UX0kSmdAy1SrAxpek0fXCndy0bPC6++c+9YZhu4bp5JkK
+7e7c+oTqh+DDfnbkF6NYJQeCvw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/05.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/05.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: sha224WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ae:00:73:61:1b:bb:0c:65:6c:d0:9b:f3:86:79:
+                    67:a9:1b:7d:ba:88:de:36:8b:07:ff:91:bf:23:cb:
+                    ce:67:c5:1d:5b:6c:8c:a8:6e:46:d4:66:10:2b:01:
+                    e3:d6:a7:2a:3a:46:b4:f8:fb:04:16:f2:a9:b2:37:
+                    ec:73:78:2e:d8:58:25:b8:26:86:da:8c:5a:f3:28:
+                    20:33:cb:36:93:ba:16:34:a2:b5:96:d8:09:2e:7e:
+                    74:02:17:20:dd:b4:f7:c6:bc:c7:6f:fa:b1:31:93:
+                    9f:74:d4:ab:56:2f:a4:2e:08:1c:94:16:fc:55:ec:
+                    6a:15:3b:61:93:22:d6:5a:e8:4c:9f:5e:2d:6f:b4:
+                    9d:c2:8e:f5:4e:37:1f:66:aa:8d:19:d2:d9:ea:20:
+                    63:48:7c:7e:00:e9:28:ac:40:49:0e:69:b5:06:ed:
+                    44:57:88:44:48:dd:6d:3e:6d:1b:3b:cb:4d:99:ad:
+                    62:4d:6b:d1:8e:94:b3:b5:19:b9:6f:97:ef:f1:fe:
+                    61:1c:eb:5d:ee:55:7f:a0:11:97:85:f7:8f:ef:5d:
+                    a2:ba:78:da:3f:a5:3c:01:46:95:d3:b6:98:c9:1c:
+                    49:28:f8:9c:e3:15:1e:b3:71:63:98:a0:32:9b:66:
+                    58:86:f3:62:a4:6c:31:ec:44:03:0a:32:a7:ec:ad:
+                    f8:c3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                05:1D:6A:93:67:7B:A3:13:00:85:45:5B:3C:4A:68:CC:E0:88:B1:B3
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha224WithRSAEncryption
+        76:40:3b:c3:40:ab:66:45:79:9e:ca:85:81:f8:b9:95:34:d3:
+        ff:8e:7c:c9:dc:6a:43:bf:28:da:21:d1:16:04:f3:c8:0b:8d:
+        87:99:a0:af:3b:3b:d8:f1:cb:1b:c1:ce:b1:6f:d4:27:f3:f4:
+        60:d5:27:f8:8b:0e:7d:4d:fa:b4:61:1b:23:58:9c:4f:9a:76:
+        34:d4:2c:0c:fb:8b:a4:66:bb:8e:b4:ba:bd:fe:a4:d2:d3:04:
+        4f:cc:b8:17:5e:0c:a7:a8:db:d0:7f:c2:82:15:33:28:e7:e8:
+        5d:64:65:17:94:ba:83:73:2a:31:09:c8:ff:26:60:73:9b:03:
+        9f:cb:02:62:56:1e:d8:43:c4:ce:52:3b:0f:75:cd:0e:36:43:
+        01:42:4e:06:1d:a4:ec:f6:e8:98:f2:79:b8:25:22:eb:bc:67:
+        06:2c:5f:ba:04:06:fe:d2:81:8b:51:e8:05:77:c7:f8:0a:56:
+        cb:d3:cf:e9:9c:7e:ae:06:73:f5:55:f6:ef:d4:b6:bb:48:18:
+        11:10:09:b1:be:b6:c1:1f:6a:b2:e7:b1:4c:27:a6:9b:56:fb:
+        ec:be:b6:ea:ce:a3:d9:7d:d3:41:d4:6e:3a:4e:60:ae:f2:87:
+        06:6d:7f:42:a0:af:71:dd:f1:eb:94:b7:c8:cf:f9:f3:51:c7:
+        3c:70:4c:c0
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBBTANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgBzYRu7DGVs0JvzhnlnqRt9
+uojeNosH/5G/I8vOZ8UdW2yMqG5G1GYQKwHj1qcqOka0+PsEFvKpsjfsc3gu2Fgl
+uCaG2oxa8yggM8s2k7oWNKK1ltgJLn50Ahcg3bT3xrzHb/qxMZOfdNSrVi+kLggc
+lBb8VexqFTthkyLWWuhMn14tb7Sdwo71TjcfZqqNGdLZ6iBjSHx+AOkorEBJDmm1
+Bu1EV4hESN1tPm0bO8tNma1iTWvRjpSztRm5b5fv8f5hHOtd7lV/oBGXhfeP712i
+unjaP6U8AUaV07aYyRxJKPic4xUes3FjmKAym2ZYhvNipGwx7EQDCjKn7K34wwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQFHWqTZ3ujEwCFRVs8SmjM4Iix
+szAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQ4F
+AAOCAQEAdkA7w0CrZkV5nsqFgfi5lTTT/458ydxqQ78o2iHRFgTzyAuNh5mgrzs7
+2PHLG8HOsW/UJ/P0YNUn+IsOfU36tGEbI1icT5p2NNQsDPuLpGa7jrS6vf6k0tME
+T8y4F14Mp6jb0H/CghUzKOfoXWRlF5S6g3MqMQnI/yZgc5sDn8sCYlYe2EPEzlI7
+D3XNDjZDAUJOBh2k7PbomPJ5uCUi67xnBixfugQG/tKBi1HoBXfH+ApWy9PP6Zx+
+rgZz9VX279S2u0gYERAJsb62wR9qsuexTCemm1b77L626s6j2X3TQdRuOk5grvKH
+Bm1/QqCvcd3x65S3yM/581HHPHBMwA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/06.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/06.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c2:98:cc:33:36:f4:f5:08:e1:98:b2:dc:8a:41:
+                    fd:4c:3f:80:96:f5:65:6f:5d:d4:2a:09:df:36:70:
+                    4e:39:66:5f:9d:40:f9:16:12:c0:61:f0:de:cd:1e:
+                    8e:87:bd:e6:7f:f8:87:e9:34:c4:ee:bf:92:3b:79:
+                    4f:94:68:bd:40:74:fb:11:75:93:10:a4:5c:86:63:
+                    1e:59:58:5d:c9:0b:6b:4d:7f:6e:7b:d7:44:48:89:
+                    5d:99:1e:7f:8f:e2:e9:f8:92:8b:68:3f:f8:bb:e7:
+                    f0:74:ae:6a:f6:6e:f5:ea:40:15:b2:d1:ea:f6:37:
+                    c9:f4:68:50:d4:20:88:2a:5e:d5:24:8e:30:6b:a9:
+                    8e:ab:c1:c2:51:30:46:68:b0:6b:7b:f9:17:25:07:
+                    3e:20:02:60:27:fb:36:dc:65:1b:bb:7d:46:3f:25:
+                    e3:46:ef:bd:f1:5e:1e:7f:1a:59:33:bd:8e:8f:29:
+                    0e:e5:cf:b7:8a:f2:76:49:49:3d:e6:ab:e4:2f:d5:
+                    10:16:fe:72:b5:4b:ba:ef:92:77:38:df:2a:67:bd:
+                    21:2f:cf:57:2c:d0:25:d8:99:9a:48:1b:80:63:2d:
+                    49:c9:8f:e7:c0:ca:18:58:39:f5:be:4e:09:d2:71:
+                    6c:59:6c:e4:bb:e2:68:03:2c:b1:78:5b:9d:cb:98:
+                    d9:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                98:F0:55:08:76:0E:DC:A1:77:06:6F:FC:A9:8E:4E:8F:A5:E0:3E:B1
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha256WithRSAEncryption
+        16:c0:b6:24:4d:95:69:52:6a:97:8a:b3:4f:a7:70:ea:42:e4:
+        f1:19:34:62:9c:a9:c1:fb:47:60:b8:9b:0f:1f:d0:15:a0:a4:
+        2a:f6:ce:5f:6d:37:3d:e2:3d:7e:32:57:af:99:ef:8f:d3:da:
+        ac:a5:13:7f:c0:8a:b7:de:0c:42:16:68:f8:c9:8a:6b:cd:7f:
+        b8:70:39:2a:10:ef:b4:df:b6:3e:ef:32:ec:99:47:eb:d8:97:
+        51:a0:ea:09:a6:c9:7a:d1:96:84:67:42:17:db:2b:f9:2a:00:
+        6b:de:ff:4c:bf:77:19:12:e6:cd:d2:98:7d:81:20:b2:92:89:
+        87:89:63:13:14:36:94:9c:3d:8e:dc:1b:c2:bd:d5:57:ed:08:
+        9d:08:ee:55:7c:3d:7d:f6:c3:64:50:5d:97:b1:a0:2f:c6:c9:
+        f8:87:67:62:27:50:fc:f4:9e:15:9f:3f:e9:77:50:de:60:6c:
+        3e:74:53:8d:f6:28:33:f9:eb:a7:8a:d5:b6:67:30:44:d1:b8:
+        04:39:7d:42:d6:1e:dd:b8:e3:c2:e8:50:ff:2c:6e:60:f1:f4:
+        48:0c:30:1d:af:5c:ce:5b:10:06:e7:6b:4e:39:a9:b7:0d:8b:
+        68:6d:06:39:cf:94:a8:70:21:2f:f1:37:21:98:50:2c:c8:b2:
+        d7:00:84:94
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpjMMzb09QjhmLLcikH9TD+A
+lvVlb13UKgnfNnBOOWZfnUD5FhLAYfDezR6Oh73mf/iH6TTE7r+SO3lPlGi9QHT7
+EXWTEKRchmMeWVhdyQtrTX9ue9dESIldmR5/j+Lp+JKLaD/4u+fwdK5q9m716kAV
+stHq9jfJ9GhQ1CCIKl7VJI4wa6mOq8HCUTBGaLBre/kXJQc+IAJgJ/s23GUbu31G
+PyXjRu+98V4efxpZM72OjykO5c+3ivJ2SUk95qvkL9UQFv5ytUu675J3ON8qZ70h
+L89XLNAl2JmaSBuAYy1JyY/nwMoYWDn1vk4J0nFsWWzku+JoAyyxeFudy5jZzwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSY8FUIdg7coXcGb/ypjk6PpeA+
+sTAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQsF
+AAOCAQEAFsC2JE2VaVJql4qzT6dw6kLk8Rk0YpypwftHYLibDx/QFaCkKvbOX203
+PeI9fjJXr5nvj9ParKUTf8CKt94MQhZo+MmKa81/uHA5KhDvtN+2Pu8y7JlH69iX
+UaDqCabJetGWhGdCF9sr+SoAa97/TL93GRLmzdKYfYEgspKJh4ljExQ2lJw9jtwb
+wr3VV+0InQjuVXw9ffbDZFBdl7GgL8bJ+IdnYidQ/PSeFZ8/6XdQ3mBsPnRTjfYo
+M/nrp4rVtmcwRNG4BDl9QtYe3bjjwuhQ/yxuYPH0SAwwHa9czlsQBudrTjmptw2L
+aG0GOc+UqHAhL/E3IZhQLMiy1wCElA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/07.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/07.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:36 2009 GMT
+            Not After : Feb  9 21:12:36 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ff:62:ef:85:d6:4b:1c:78:d5:aa:95:7f:5b:2c:
+                    8b:ec:93:47:f8:cb:25:95:77:c0:64:bf:11:91:30:
+                    4c:21:44:3e:1e:05:5d:8c:cc:ea:4f:0b:6d:2e:34:
+                    f5:11:01:6b:37:d5:65:98:a5:a6:60:29:f5:eb:df:
+                    29:92:e9:61:41:65:6b:18:cd:48:a8:ef:5d:0b:21:
+                    de:5b:ff:89:74:bb:69:e2:60:1f:c0:e3:21:2f:f9:
+                    91:c4:6e:2a:f4:f1:d1:b4:c2:cc:51:73:3b:2c:47:
+                    40:04:89:90:03:27:98:08:8b:dc:fe:91:f9:12:59:
+                    5a:5b:b6:31:25:59:50:ea:b8:cd:b3:e1:c2:f4:14:
+                    5f:47:49:01:e2:63:d6:17:00:68:4a:7b:16:84:73:
+                    22:61:bf:59:60:03:8c:40:e6:cf:6e:1e:50:eb:ae:
+                    d9:e5:ed:f7:31:41:72:6c:33:67:99:81:a1:09:89:
+                    3e:69:c8:cf:b8:67:48:ca:31:22:52:4f:64:cb:23:
+                    b4:84:8a:82:a3:10:6d:c3:09:29:69:29:ee:9e:fe:
+                    e5:2d:5f:71:5c:80:bf:b3:91:25:27:8a:5e:95:18:
+                    50:d2:3e:f1:3c:15:3b:0c:11:a1:c0:cf:3b:08:75:
+                    5c:e0:ba:68:db:76:73:0d:8e:af:55:49:e4:27:5b:
+                    9d:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                3A:69:55:A1:E7:5F:50:E0:CC:72:E3:DF:FF:C2:E5:67:C7:FF:9B:48
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha384WithRSAEncryption
+        a7:3a:b2:73:3b:a1:60:66:a6:72:5c:ce:2c:73:22:7a:4e:6b:
+        ba:52:28:0e:46:5f:3f:fa:c1:64:91:02:ab:57:30:32:80:e4:
+        3f:70:42:e0:53:21:b0:93:7b:b6:f1:62:aa:da:35:8e:65:b7:
+        2f:ca:54:8f:91:9c:fe:a9:6c:7c:ad:ec:21:ab:7f:54:c0:b1:
+        0c:66:87:9b:d2:29:6b:95:15:dd:57:c7:b2:df:ac:73:5b:40:
+        66:2d:71:ac:26:36:90:15:94:c0:4a:56:9b:06:e9:a6:cb:52:
+        25:d6:fa:8e:d2:52:bf:90:f7:42:f6:69:03:cc:0c:d2:8e:c2:
+        20:d3:f9:d0:e3:c5:76:d6:37:e2:02:6f:47:79:36:58:5c:ec:
+        2d:74:5b:1d:12:d1:12:e0:07:47:92:c5:b5:44:da:6e:43:6a:
+        2c:e1:cc:3c:b9:98:59:41:26:06:17:63:20:9a:64:77:0a:22:
+        4b:5d:4e:14:89:d0:b0:4c:d2:fe:de:45:97:e9:42:e9:62:f3:
+        2a:ba:a8:67:80:c6:13:17:e3:55:2b:cc:e7:da:b8:12:98:ec:
+        f3:25:c4:f7:d2:bb:8a:c6:e6:a2:fd:9a:d2:46:d3:f9:d4:6c:
+        3a:11:29:59:fe:f6:96:d0:1c:86:cb:53:35:76:b6:7b:dc:c3:
+        62:2f:84:77
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBBzANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM2WhcNMTEwMjA5MjExMjM2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/2LvhdZLHHjVqpV/WyyL7JNH
+MsllXfAZL8RkTBMIUQ+HgVdjMzqTwttLjT1EQFrN9VlmKWmYCn1698pkulhQWVr
+GM1IqO9dCyHeW/+JdLtp4mAfwOMhL/mRxG4q9PHRtMLMUXM7LEdABImQAyeYCIvc
+/pH5EllaW7YxJVlQ6rjNs+HC9BRfR0kB4mPWFwBoSnsWhHMiYb9ZYAOMQObPbh5Q
+667Z5e33MUFybDNnmYGhCYk+acjPuGdIyjEiUk9kyyO0hIqCoxBtwwkpaSnunv7l
+LV9xXIC/s5ElJ4pelRhQ0j7xPBU7DBGhwM87CHVc4Lpo23ZzDY6vVUnkJ1udZQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ6aVWh519Q4Mxy49//wuVnx/+b
+SDAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQwF
+AAOCAQEApzqyczuhYGamclzOLHMiek5rulIoDkZfP/rBZJECq1cwMoDkP3BC4FMh
+sJN7tvFiqto1jmW3L8pUj5Gc/qlsfK3sIat/VMCxDGaHm9Ipa5UV3VfHst+sc1tA
+Zi1xrCY2kBWUwEpWmwbppstSJdb6jtJSv5D3QvZpA8wM0o7CINP50OPFdtY34gJv
+R3k2WFzsLXRbHRLREuAHR5LFtUTabkNqLOHMPLmYWUEmBhdjIJpkdwoiS11OFInQ
+sEzS/t5Fl+lC6WLzKrqoZ4DGExfjVSvM59q4Epjs8yXE99K7isbmov2a0kbT+dRs
+OhEpWf72ltAchstTNXa2e9zDYi+Edw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/08.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/08.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:36 2009 GMT
+            Not After : Feb  9 21:12:36 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:93:26:13:f4:89:9e:ef:75:e0:1b:11:cf:68:a8:
+                    19:f3:b0:4c:cf:41:e5:72:b0:6b:7e:ba:f2:83:8f:
+                    87:0c:34:4e:06:08:19:99:7b:f9:34:4f:58:89:11:
+                    7a:a6:84:a7:49:7d:30:d2:9d:93:3c:2e:00:84:e0:
+                    34:0c:6e:54:38:3b:0e:74:f9:79:6f:a2:ff:44:fa:
+                    60:0d:f5:22:5a:b8:37:72:75:58:2a:2c:10:8b:42:
+                    a8:88:99:77:79:db:7e:fa:bf:95:b9:b6:06:42:2b:
+                    a8:a6:90:2f:f8:e6:0c:f5:59:4b:50:1f:91:56:92:
+                    e0:b0:5c:c6:87:94:78:a3:85:91:ba:51:89:bd:49:
+                    91:f7:02:6a:d6:d5:8a:63:c0:37:43:96:b2:6b:11:
+                    d1:50:c6:de:1f:4a:c4:2b:f0:af:67:3c:62:43:57:
+                    42:83:ce:31:18:95:60:23:80:8b:27:24:33:00:2a:
+                    3f:ef:4a:b9:57:b4:81:2a:07:86:cd:8d:ce:57:71:
+                    67:b5:7d:60:41:8e:2f:91:10:ad:42:5b:76:b8:66:
+                    2f:c5:b4:62:0a:26:e8:ec:48:5e:fa:32:88:a6:52:
+                    f5:9a:65:6c:18:59:2e:dc:79:7c:e0:22:b2:cc:f9:
+                    98:b3:2c:df:b6:74:5d:2a:12:21:c7:0b:1d:5e:91:
+                    84:df
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                7D:3F:1C:F1:A5:A0:D8:77:06:FE:75:D2:72:97:6C:3A:FF:3A:26:10
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha512WithRSAEncryption
+        2f:f2:12:80:1a:4f:0c:e6:f9:a6:a3:3c:8e:d2:51:f0:f7:b2:
+        47:6d:e9:55:5a:39:e8:95:fc:c0:37:a6:f9:a2:b4:37:7a:51:
+        23:06:ef:51:90:6e:d9:1c:14:33:7d:a8:9c:64:08:70:70:b4:
+        eb:a6:84:64:2c:85:00:92:20:94:83:bc:0a:fa:5d:d0:b0:1b:
+        c0:1a:92:0d:b6:15:dd:dd:79:de:ea:25:f5:0f:7e:ea:37:dc:
+        ab:43:48:6c:ad:a4:bc:a7:f6:bf:16:74:de:7d:78:44:b0:d3:
+        68:60:a0:48:2a:e6:f2:aa:6e:26:e0:a0:40:e9:08:9c:71:e7:
+        f7:d5:b2:d8:20:25:79:0c:e4:3b:05:57:82:ae:87:80:15:47:
+        f9:0e:fa:10:c4:a0:6c:a7:cc:41:c4:5f:e5:1d:c7:10:94:db:
+        d9:19:c6:8e:3a:88:dd:22:95:4d:c3:0f:fe:a6:a8:5e:f1:80:
+        a4:a5:d6:ee:d4:25:7f:94:8f:b1:b8:ff:2b:84:b9:8a:a0:73:
+        02:67:1c:d9:7f:47:d8:f1:82:5c:c9:19:13:c8:fb:d0:32:06:
+        2f:3f:6f:cc:08:7c:2e:94:71:05:5c:5a:ca:b0:29:01:ad:d6:
+        99:c1:6c:84:f2:84:3d:c6:0b:85:76:47:19:42:2c:c8:48:e3:
+        60:30:e9:6d
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM2WhcNMTEwMjA5MjExMjM2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyYT9Ime73XgGxHPaKgZ87BM
+z0HlcrBrfrryg4+HDDROBggZmXv5NE9YiRF6poSnSX0w0p2TPC4AhOA0DG5UODsO
+dPl5b6L/RPpgDfUiWrg3cnVYKiwQi0KoiJl3edt++r+VubYGQiuoppAv+OYM9VlL
+UB+RVpLgsFzGh5R4o4WRulGJvUmR9wJq1tWKY8A3Q5ayaxHRUMbeH0rEK/CvZzxi
+Q1dCg84xGJVgI4CLJyQzACo/70q5V7SBKgeGzY3OV3FntX1gQY4vkRCtQlt2uGYv
+xbRiCibo7Ehe+jKIplL1mmVsGFku3Hl84CKyzPmYsyzftnRdKhIhxwsdXpGE3wID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR9PxzxpaDYdwb+ddJyl2w6/zom
+EDAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQ0F
+AAOCAQEAL/ISgBpPDOb5pqM8jtJR8PeyR23pVVo56JX8wDem+aK0N3pRIwbvUZBu
+2RwUM32onGQIcHC066aEZCyFAJIglIO8Cvpd0LAbwBqSDbYV3d153uol9Q9+6jfc
+q0NIbK2kvKf2vxZ03n14RLDTaGCgSCrm8qpuJuCgQOkInHHn99Wy2CAleQzkOwVX
+gq6HgBVH+Q76EMSgbKfMQcRf5R3HEJTb2RnGjjqI3SKVTcMP/qaoXvGApKXW7tQl
+f5SPsbj/K4S5iqBzAmcc2X9H2PGCXMkZE8j70DIGLz9vzAh8LpRxBVxayrApAa3W
+mcFshPKEPcYLhXZHGUIsyEjjYDDpbQ==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/09.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/09.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: md2WithRSAEncryption
+        28:5a:dd:48:fb:ec:80:fe:de:b7:20:c0:4c:05:a9:4b:51:e9:
+        a7:d1:4b:5e:76:42:d2:5d:9a:14:19:3b:cb:f9:91:d7:0f:11:
+        c9:cd:dd:00:8b:2c:76:73:22:a0:19:49:81:63:40:30:48:27:
+        62:90:ca:b8:dc:33:35:b3:4b:58:ca:dc:07:66:87:2e:ea:44:
+        2a:6a:13:67:7a:32:5e:48:1d:88:88:c5:70:e6:e7:ec:1b:2f:
+        a7:f4:61:71:29:f6:66:93:30:60:7e:b3:4c:01:c8:2c:53:ce:
+        00:11:ec:bf:f6:f2:ce:51:97:d8:ed:ed:dc:c9:6b:b8:19:15:
+        c8:9a:61:6d:12:9a:99:25:d8:03:1d:a6:4c:20:a5:f8:46:a3:
+        05:32:bb:1a:8e:1a:65:0d:f3:13:35:1d:6f:73:28:31:12:d7:
+        c4:9e:73:a0:a7:ce:82:25:d1:40:e8:1b:77:60:f3:3e:81:7f:
+        19:ee:cf:97:4d:c8:c3:35:9b:72:98:3b:c3:35:43:14:0a:04:
+        21:7b:f7:db:e6:5f:ce:21:d1:ce:bf:b7:ef:c1:63:21:c2:78:
+        e1:37:aa:b1:e0:31:b3:b6:63:4c:fd:66:c8:e6:cf:f8:d9:97:
+        2f:cf:92:81:3f:d4:bf:ec:e2:ad:6e:39:c7:a6:a8:e0:32:b0:
+        2e:0d:e1:30
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
+1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
+J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
+CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
+8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
+leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQIFAAOC
+AQEAKFrdSPvsgP7etyDATAWpS1Hpp9FLXnZC0l2aFBk7y/mR1w8Ryc3dAIssdnMi
+oBlJgWNAMEgnYpDKuNwzNbNLWMrcB2aHLupEKmoTZ3oyXkgdiIjFcObn7Bsvp/Rh
+cSn2ZpMwYH6zTAHILFPOABHsv/byzlGX2O3t3MlruBkVyJphbRKamSXYAx2mTCCl
+EajBTK7Go4aZQ3zEzUdb3MoMRLXxJ5zoKfOgiXRQOgbd2DzPoF/Ge7Pl03IwzWb
+cpg7wzVDFAoEIXv32+ZfziHRzr+378FjIcJ44TeqseAxs7ZjTP1myObP+NmXL8+S
+gT/Uv+zirW45x6ao4DKwLg3hMA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/0A.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/0A.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+        Signature Algorithm: md4WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: md4WithRSAEncryption
+        3d:34:e7:aa:98:28:91:95:d4:df:be:66:4e:92:7f:25:f7:ce:
+        23:59:db:30:52:3f:67:a0:ab:06:18:be:32:ad:f9:d5:24:87:
+        90:c5:ac:42:a6:8f:2a:e3:b3:36:c4:9c:38:e4:2e:6a:64:26:
+        33:39:e0:46:4e:f5:09:a7:d2:cd:6a:16:30:49:80:81:4c:19:
+        43:2e:55:0d:b8:18:d6:db:8e:e0:3e:25:ca:a2:74:76:b7:1c:
+        97:13:db:21:83:50:38:eb:f7:36:d5:74:3d:fc:90:d8:7f:d6:
+        ad:2d:5d:ab:99:fc:45:41:c1:55:22:f7:57:c0:c5:24:a0:67:
+        a0:e8:03:f1:98:87:7a:be:d9:57:04:06:ba:57:29:ca:6e:33:
+        28:16:7d:fa:5c:2b:ae:40:78:01:6f:77:9f:54:94:fb:bb:73:
+        3f:f1:ca:81:4f:65:49:2c:1a:62:15:fe:0e:43:d3:81:10:b2:
+        b6:e9:92:f9:b8:be:cf:50:85:a4:65:af:ed:fa:58:6c:5c:90:
+        b1:ae:90:7a:a4:68:93:cf:85:6b:73:98:c0:a7:97:d7:03:59:
+        0c:97:33:1b:9d:5a:4a:9d:31:71:c3:e4:57:21:1e:9a:67:16:
+        89:ff:de:42:88:97:05:cf:ab:63:3b:a4:fc:7f:7b:4d:54:b7:
+        f5:bb:68:c4
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCjANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
+1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
+J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
+CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
+8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
+leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQMFAAOC
+AQEAPTTnqpgokZXU375mTpJ/JffOI1nbMFI/Z6CrBhi+Mq351SSHkMWsQqaPKuOz
+NsScOOQuamQmMzngRk71CafSzWoWMEmAgUwZQy5VDbgY1tuO4D4lyqJ0drcclxPb
+IYNQOOv3NtV0PfyQ2H/WrS1dq5n8RUHBVSL3V8DFJKBnoOgD8ZiHer7ZVwQGulcp
+ym4zKBZ9+lwrrkB4AW93n1SU+7tzP/HKgU9lSSwaYhX+DkPTgRCytumS+bi+z1CF
+pGWv7fpYbFyQsa6QeqRok8+Fa3OYwKeX1wNZDJczG51aSp0xccPkVyEemmcWif/e
+QoiXBc+rYzuk/H97TVS39btoxA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/0B.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/0B.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: md5WithRSAEncryption
+        7d:c7:ae:4b:1d:56:8c:c8:2a:40:13:24:91:38:b0:72:77:6a:
+        a3:fd:7e:0d:30:ca:96:7e:55:85:ff:fb:cd:a7:29:bd:a3:f8:
+        bc:df:e3:ee:f8:f0:5d:4b:91:0e:f6:e2:c5:9c:3f:74:26:d1:
+        d2:37:13:59:09:d6:39:43:ce:d7:67:70:92:c8:98:2b:5a:f5:
+        09:e1:ea:d9:43:f1:92:61:b8:43:74:d8:a9:f0:af:b6:df:11:
+        61:cd:8f:35:39:1f:d1:17:70:f9:2b:86:3e:df:4b:c6:81:0b:
+        f5:cc:de:62:dd:f7:7f:14:2a:1a:e7:98:3d:6e:db:1c:47:df:
+        8d:31:49:7b:78:b0:81:89:c8:b5:f5:e9:e4:9e:00:a5:20:70:
+        e5:32:56:e6:a7:be:68:ba:bf:d4:8e:8f:c8:42:31:30:b3:39:
+        fa:3e:9c:70:53:64:d6:96:af:f7:8a:e7:de:20:3a:f0:66:71:
+        98:ec:c0:f8:52:c9:07:be:29:0e:0d:6e:7e:4e:36:9c:bb:a1:
+        5a:ea:1e:6f:d9:8e:81:0c:58:88:1a:be:1b:01:14:ad:ad:4a:
+        58:7a:10:53:43:1b:6d:2d:17:44:94:ba:31:5d:09:4e:85:5c:
+        c7:f2:c2:53:a5:1d:58:dc:4e:de:3c:88:b3:13:5a:7f:5d:a5:
+        c6:e6:3a:f7
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCzANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
+1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
+J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
+CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
+8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
+leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQQFAAOC
+AQEAfceuSx1WjMgqQBMkkTiwcndqo/1+DTDKln5Vhf/7zacpvaP4vN/j7vjwXUuR
+DvbixZw/dCbR0jcTWQnWOUPO12dwksiYK1r1CeHq2UPxkmG4Q3TYqfCvtt8RYc2P
+NTkf0Rdw+SuGPt9LxoEL9czeYt33fxQqGueYPW7bHEffjTFJe3iwgYnItfXp5J4A
+pSBw5TJW5qe+aLq/1I6PyEIxMLM5+j6ccFNk1pav94rn3iA68GZxmOzA+FLJB74p
+Dg1ufk42nLuhWuoeb9mOgQxYiBq+GwEUra1KWHoQU0MbbS0XRJS6MV0JToVcx/LC
+U6UdWNxO3jyIsxNaf12lxuY69w==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/0C.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/0C.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        0b:3d:49:a6:2a:23:fa:f1:5d:dd:c0:7e:b4:a4:47:cb:78:a8:
+        58:62:e5:80:e2:50:19:41:0e:22:98:fc:51:40:f1:64:88:4c:
+        2f:90:f9:eb:5e:93:51:bc:53:31:df:86:07:b0:bb:43:57:4d:
+        dc:0e:4d:6a:67:90:57:e1:3f:3c:df:a9:f6:fb:02:c8:fc:88:
+        91:35:c9:6c:a1:dd:2d:4f:0e:36:e9:d2:6b:1d:9b:3e:e9:01:
+        bd:11:cd:e0:fa:c3:8f:8d:07:ae:e4:aa:a2:80:3d:ad:10:02:
+        d9:f2:e8:c5:37:3f:95:f9:fa:b0:c6:57:b7:ad:16:a6:c8:ec:
+        f8:d5:46:d4:26:53:5e:33:52:ff:aa:c0:b8:c2:3c:b5:cb:30:
+        d9:6c:6f:6e:68:c8:5c:61:62:28:51:72:3b:57:17:1d:05:8c:
+        d8:4f:63:f4:51:25:e4:4d:37:3c:2e:dc:5e:d9:c9:e2:b0:16:
+        f9:25:cb:02:65:28:4f:b7:b6:16:c0:d9:04:1c:0e:b6:70:79:
+        3b:a6:aa:42:ee:37:97:3c:11:26:39:7b:b9:be:29:0c:06:e6:
+        f7:05:9f:38:19:22:d5:6e:44:52:1b:24:c8:6f:1f:8c:bc:71:
+        c2:7a:c3:17:ac:58:fd:c6:2e:5c:1c:83:c9:bc:a3:c7:81:1a:
+        09:d5:0d:49
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA9MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGzAZBgNVBAMTElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwTdIHGEvZnXaFmcu3cebZYXDJY
+s9QU/WwCYZ4LmUZjowpB1EIzIebtQwdaHaI7ZCmoKsFmKABZ2AxJLTC3PYy7YGIx
+gyd/S5WSLqDWxoSUS7Pkpsz/MjrF7EzJJFi/szN3arUXiwIQKY6VqpFgF0NCh6h8
+2gmDmJ16ZV4gUgcuZaUx/dl0HgDJrp2BVosICvUenNyiXmzb/xGDFfTRJFebD+s1
+yfGqRk50f/4dsJEfiUqEy9914813gmIJ5Z9tKd4uJdhItiC+UZdMLSBlLSpQniRd
+cpXgogZBjGHkUFd0lrEptaGIN/FcnrKejoONcju1XP67EolyXKH52BgpsicCAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUt1HU5SDVRVT0xVEb4IK1YQWvm7Yw
+HwYDVR0jBBgwFoAUzyIxJ5HYwlT/HtrZ7orFiTKtDCEwDQYJKoZIhvcNAQEFBQAD
+ggEBAAs9SaYqI/rxXd3AfrSkR8t4qFhi5YDiUBlBDiKY/FFA8WSITC+Q+etek1G8
+UzHfhgewu0NXTdwOTWpnkFfhPzzfqfb7Asj8iJE1yWyh3S1PDjbp0msdmz7pAb0R
+zeD6w4+NB67kqqKAPa0QAtny6MU3P5X5+rDGV7etFqbI7PjVRtQmU14zUv+qwLjC
+PLXLMNlsb25oyFxhYihRcjtXFx0FjNhPY/RRJeRNNzwu3F7ZyeKwFvklywJlKE+3
+thbA2QQcDrZweTumqkLuN5c8ESY5e7m+KQwG5vcFnzgZItVuRFIbJMhvH4y8ccJ6
+wxesWP3GLlwcg8m8o8eBGgnVDUk=
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/0D.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/0D.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: sha224WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha224WithRSAEncryption
+        81:8e:2e:bb:77:a3:7c:53:02:9e:9c:d7:66:e3:f5:3f:a6:19:
+        ff:09:8c:7d:4b:10:5f:c3:bd:ad:fc:cc:5c:dc:92:ef:1e:c3:
+        74:70:a6:88:0d:4c:4d:2c:45:0b:76:90:b5:2f:13:93:ee:79:
+        ea:2a:91:f5:ab:6c:dc:5d:3d:f1:b8:3d:bb:d1:a8:40:3d:16:
+        11:97:50:59:39:41:54:9f:c3:a6:d9:81:36:6d:85:90:a1:fb:
+        c3:6b:3d:5f:24:95:c5:1e:e4:bc:bc:22:b6:9d:6b:60:c1:3a:
+        35:21:13:19:ff:82:0e:4f:e5:50:53:db:cc:51:1b:bc:4d:12:
+        ca:79:cc:cc:a0:6e:b5:9a:5a:25:c2:c6:e3:e2:fb:04:ba:d4:
+        0d:69:ce:d3:8c:60:54:d2:32:75:8a:4d:08:ee:b0:01:15:ef:
+        80:9a:ae:dd:e5:47:5a:a3:99:e8:eb:aa:38:51:6c:5a:94:6f:
+        7b:6c:c6:34:eb:66:5a:da:83:53:eb:32:6c:1e:8d:7e:20:09:
+        4c:9b:05:57:e8:27:71:84:53:5f:be:c3:e9:87:9f:8a:a0:41:
+        67:5e:c5:7e:a8:c4:31:31:aa:f4:4b:95:c7:eb:83:01:da:8a:
+        7f:0c:f3:07:b2:5f:8e:28:2e:85:a0:d8:ef:d8:35:6b:cd:42:
+        92:cc:44:0e
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBDTANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQ4F
+AAOCAQEAgY4uu3ejfFMCnpzXZuP1P6YZ/wmMfUsQX8O9rfzMXNyS7x7DdHCmiA1M
+TSxFC3aQtS8Tk+556iqR9ats3F098bg9u9GoQD0WEZdQWTlBVJ/DptmBNm2FkKH7
+w2s9XySVxR7kvLwitp1rYME6NSETGf+CDk/lUFPbzFEbvE0SynnMzKButZpaJcLG
+4+L7BLrUDWnO04xgVNIydYpNCO6wARXvgJqu3eVHWqOZ6OuqOFFsWpRve2zGNOtm
+WtqDU+sybB6NfiAJTJsFV+gncYRTX77D6YefiqBBZ17FfqjEMTGq9EuVx+uDAdqK
+fwzzB7JfjiguhaDY79g1a81CksxEDg==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/0E.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/0E.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14 (0xe)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha256WithRSAEncryption
+        0f:4c:70:2a:ad:b8:43:ea:97:3d:5d:d6:0a:d8:e1:42:b9:3d:
+        42:42:a1:dd:df:37:e3:0c:ab:40:aa:10:3c:f6:88:c1:e9:82:
+        ac:35:f6:f7:66:d1:ee:71:bd:b5:9f:48:dc:e2:09:8a:3e:0e:
+        1d:da:12:e4:f3:53:a1:a1:d9:b2:32:df:e2:83:5d:c8:df:fa:
+        1a:6c:f4:c0:94:cc:20:6b:2b:74:9e:c1:35:d7:2a:ea:99:f8:
+        31:50:e9:c1:5d:3b:14:d4:12:96:b2:06:a3:4d:0f:f5:a9:8f:
+        44:08:61:15:0a:92:bd:29:0b:8d:c1:87:0a:40:de:29:b8:4f:
+        92:e4:b8:fa:d3:ec:5f:55:5e:32:69:57:60:6b:6a:02:89:2a:
+        d4:8e:91:5e:fd:45:d0:21:07:92:d6:c0:9b:ed:d0:d1:07:b9:
+        84:65:01:47:ed:95:03:a5:67:66:30:83:21:87:bb:4c:08:1b:
+        79:97:ec:ad:f8:89:7f:01:29:07:6a:d4:58:c6:11:d4:bc:1d:
+        4f:03:3b:ef:11:a5:e7:8b:4b:29:b5:c5:7d:57:8a:6b:e5:11:
+        0a:39:aa:ef:bf:53:82:ea:34:24:42:84:11:91:ba:cb:71:7e:
+        fa:f7:d3:1e:2b:c4:14:10:0a:16:0a:b7:a5:e2:89:ca:79:dd:
+        d1:ad:d2:00
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQsF
+AAOCAQEAD0xwKq24Q+qXPV3WCtjhQrk9QkKh3d834wyrQKoQPPaIwemCrDX292bR
+7nG9tZ9I3OIJij4OHdoS5PNToaHZsjLf4oNdyN/6Gmz0wJTMIGsrdJ7BNdcq6pn4
+MVDpwV07FNQSlrIGo00P9amPRAhhFQqSvSkLjcGHCkDeKbhPkuS4+tPsX1VeMmlX
+YGtqAokq1I6RXv1F0CEHktbAm+3Q0Qe5hGUBR+2VA6VnZjCDIYe7TAgbeZfsrfiJ
+fwEpB2rUWMYR1LwdTwM77xGl54tLKbXFfVeKa+URCjmq779Tguo0JEKEEZG6y3F+
+vfTHivEFBAKFgq3peKJynnd0a3SAA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/0F.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/0F.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:56:59 2009 GMT
+            Not After : Jul 12 10:56:59 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha384WithRSAEncryption
+        21:92:8d:39:05:a4:16:00:35:0b:de:ce:a8:17:9f:b8:a1:8b:
+        ad:5c:17:40:a8:5a:3b:c9:e5:5a:48:0d:e4:c3:6f:22:5a:eb:
+        19:85:10:a2:af:8f:71:e7:ca:a9:4f:be:01:3d:ba:8b:91:40:
+        25:f3:51:b6:d9:54:ae:4a:1d:2a:da:dd:9f:f8:70:07:31:35:
+        c0:ea:5e:ca:c5:76:38:08:f1:63:0d:8d:f7:96:3a:97:cb:a0:
+        f0:33:0f:2a:91:e4:13:30:73:68:74:92:e5:08:af:27:b8:14:
+        8e:b5:f6:a8:95:f2:52:c9:d1:bc:35:fa:97:ef:74:9e:dc:cc:
+        df:b3:d2:cd:8e:f1:fa:81:6d:b0:38:37:10:4a:1d:f7:ed:10:
+        33:da:e0:2f:ae:bb:a8:6a:02:f9:44:d7:46:a6:fb:89:b3:d7:
+        5b:dc:55:7d:a9:51:c5:f2:79:d8:60:b7:52:7c:9d:e5:13:ed:
+        98:1d:39:1b:fa:da:b9:70:53:51:22:22:03:1c:6e:f6:5d:88:
+        d8:a8:5e:95:8d:27:69:97:d5:a6:3f:ae:83:9b:02:e9:45:21:
+        e6:df:d5:84:ec:78:3a:e2:e7:a9:8a:e9:62:fa:fc:dc:94:86:
+        66:30:48:ea:dc:e2:5f:c0:52:d1:be:d0:03:c4:e3:7c:52:ce:
+        79:f1:26:84
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBDzANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQwF
+AAOCAQEAIZKNOQWkFgA1C97OqBefuKGLrVwXQKhaO8nlWkgN5MNvIlrrGYUQoq+P
+cefKqU++AT26i5FAJfNRttlUrkodKtrdn/hwBzE1wOpeysV2OAjxYw2N95Y6l8ug
+8DMPKpHkEzBzaHSS5QivJ7gUjrX2qJXyUsnRvDX6l+90ntzM37PSzY7x+oFtsDg3
+EEod9+0QM9rgL667qGoC+UTXRqb7ibPXW9xVfalRxfJ52GC3Unyd5RPtmB05G/ra
+uXBTUSIiAxxu9l2I2KhelY0naZfVpj+ug5sC6UUh5t/VhOx4OuLnqYrpYvr83JSG
+ZjBI6tziX8BS0b7QA8TjfFLOefEmhA==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/newcerts/10.pem
+++ b/polarssl/programs/ssl/test-ca/newcerts/10.pem
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Jul 12 10:57:00 2009 GMT
+            Not After : Jul 12 10:57:00 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
+                    79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
+                    99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
+                    1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
+                    2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
+                    2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
+                    ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
+                    29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
+                    98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
+                    1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
+                    5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
+                    c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
+                    cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
+                    25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
+                    9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
+                    96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
+                    72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
+                    b2:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha512WithRSAEncryption
+        19:13:61:13:81:ff:a2:c4:cf:45:dc:4f:40:e5:ce:a6:78:fb:
+        ff:49:a2:f7:58:d5:36:c0:e4:78:2a:0c:68:97:21:62:76:5e:
+        7f:4c:11:aa:31:13:17:22:d9:26:93:14:5e:60:6a:48:dd:56:
+        d2:b5:5d:9b:9a:d8:e0:c4:4a:42:53:de:43:2b:3e:82:0c:b7:
+        dd:f7:c5:5c:89:63:28:a9:8d:96:40:3a:0b:5b:df:7d:1e:4d:
+        b2:84:d8:38:1b:80:b6:28:d0:48:d0:42:30:f1:31:ec:ed:2e:
+        a2:e3:9d:e2:88:3f:b9:27:8d:34:76:dd:a7:de:71:5e:05:da:
+        78:9b:2b:51:f4:d2:f5:81:a5:f8:d4:78:d8:42:ba:91:24:30:
+        67:18:3c:ba:03:4f:ac:98:2c:ee:15:50:25:33:be:bb:4f:64:
+        54:28:51:9a:d1:9b:b6:8e:5a:db:4c:3f:89:0c:c6:e7:d4:27:
+        e4:4a:8d:55:11:df:46:23:9e:8a:cb:79:f3:bb:f1:1b:c0:2c:
+        5f:bd:31:09:e6:f7:31:c8:9d:4c:7a:99:74:38:78:39:d5:c1:
+        e5:d0:48:f7:fd:00:a5:1b:c2:bb:e9:9a:a3:1f:3f:fd:47:eb:
+        78:ed:3e:59:bb:16:65:1c:62:e0:a2:78:b5:bd:50:79:b9:5d:
+        4f:79:a6:37
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBEDANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwNzEyMTA1NzAwWhcNMTEwNzEyMTA1NzAwWjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhc
+Mliz1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtg
+YjGDJ39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KH
+qHzaCYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP
+6zXJ8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCe
+JF1yleCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+b
+tjAfBgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQ0F
+AAOCAQEAGRNhE4H/osTPRdxPQOXOpnj7/0mi91jVNsDkeCoMaJchYnZef0wRqjET
+FyLZJpMUXmBqSN1W0rVdm5rY4MRKQlPeQys+ggy33ffFXIljKKmNlkA6C1vffR5N
+soTYOBuAtijQSNBCMPEx7O0uouOd4og/uSeNNHbdp95xXgXaeJsrUfTS9YGl+NR4
+2EK6kSQwZxg8ugNPrJgs7hVQJTO+u09kVChRmtGbto5a20w/iQzG59Qn5EqNVRHf
+RiOeist587vxG8AsX70xCeb3McidTHqZdDh4OdXB5dBI9/0ApRvCu+maox8//Ufr
+eO0+WbsWZRxi4KJ4tb1QebldT3mmNw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/serial
+++ b/polarssl/programs/ssl/test-ca/serial
@@ -0,0 +1 @@
+11
--- a/polarssl/programs/ssl/test-ca/server1.crt
+++ b/polarssl/programs/ssl/test-ca/server1.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:35 2009 GMT
+            Not After : Feb  9 21:12:35 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Server 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ae:92:63:59:74:68:a4:aa:89:50:42:f2:e7:27:
+                    09:2c:a5:86:99:09:28:52:5d:6e:32:f5:93:18:35:
+                    0e:2b:28:6d:11:20:49:f2:21:0d:d6:fc:e6:dc:de:
+                    40:93:7b:29:ee:4b:4c:28:4f:e4:8c:38:12:de:10:
+                    69:f7:ba:40:e8:74:80:a6:19:36:63:e0:37:93:39:
+                    f6:00:8e:3c:5a:fd:dc:8e:50:c1:41:7c:bf:ff:c9:
+                    bb:e2:ad:7c:8d:b1:a4:1a:8b:3e:1f:1a:28:9b:e6:
+                    93:4b:74:c3:e9:ab:2c:c8:93:cf:f6:02:a1:c9:4b:
+                    9e:f9:f6:fa:a6:95:98:6c:32:85:c0:f4:e7:b0:ec:
+                    50:af:17:52:49:21:80:9f:0d:c8:37:73:74:42:3e:
+                    06:7f:29:29:1d:6a:9a:71:0f:70:ea:c8:49:0d:d7:
+                    3b:7e:c2:ed:9b:33:dd:64:e9:8f:df:85:81:c3:b1:
+                    c5:50:b6:55:2c:c8:88:ed:fd:c4:cf:14:4f:49:d8:
+                    76:5c:1d:95:ef:34:e8:d7:74:aa:1e:d2:ff:1d:19:
+                    27:19:de:af:b5:7a:71:c3:fb:38:11:ca:da:78:2c:
+                    9b:32:3e:5f:31:eb:c9:6e:43:eb:3d:a5:c1:36:e2:
+                    86:49:1c:68:d7:5b:f1:01:d0:29:16:d0:3a:44:36:
+                    5c:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                81:10:4A:56:11:3A:A2:FD:28:DE:80:54:BC:21:6E:64:28:6F:E7:05
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        64:48:d7:f4:06:42:fd:9b:7d:f4:c3:81:26:ff:1d:c3:f9:0b:
+        dc:be:5d:78:45:e5:48:1a:f7:07:cb:35:2b:7f:b6:50:22:cf:
+        a6:24:f5:e3:a5:5d:a7:d0:55:d3:c1:f4:a9:6e:f2:4c:f7:2b:
+        02:0f:d0:c8:62:82:93:a6:86:07:f3:fb:14:c8:db:f2:df:fb:
+        06:2c:7f:ad:39:89:78:ed:cb:b6:70:0d:7a:b8:ba:48:ae:13:
+        46:b0:e0:7b:e8:fc:31:eb:4e:97:2b:96:bf:6b:7b:ae:f2:3e:
+        9f:f9:c2:96:59:49:f3:90:34:15:e3:2e:cb:38:9c:33:a3:4a:
+        4e:00:9e:97:7d:3d:2e:d7:1f:23:4b:5e:db:62:a5:3c:ca:4e:
+        b7:a6:83:79:24:9c:ce:08:e4:8b:e7:9a:b1:ca:9f:03:9c:a8:
+        6c:81:4e:5b:fb:53:19:a1:9f:b5:07:64:85:57:01:2c:95:3c:
+        3c:7e:87:0d:43:c6:08:d5:26:7a:5b:d3:2b:bb:0e:92:fc:be:
+        85:88:16:c8:98:2d:75:23:9d:95:c5:4a:a5:95:be:77:81:cd:
+        46:14:cc:96:2f:90:2a:84:04:51:80:d1:e3:39:5f:de:d4:c2:
+        2c:bd:a7:23:3a:8d:b3:83:73:62:b0:7b:92:14:53:a1:e3:c4:
+        3c:68:cc:ab
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjM1WhcNMTEwMjA5MjExMjM1WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpJjWXRopKqJUELy5ycJLKWGmQko
+Ul1uMvWTGDUOKyhtESBJ8iEN1vzm3N5Ak3sp7ktMKE/kjDgS3hBp97pA6HSAphk2
+Y+A3kzn2AI48Wv3cjlDBQXy//8m74q18jbGkGos+Hxoom+aTS3TD6assyJPP9gKh
+yUue+fb6ppWYbDKFwPTnsOxQrxdSSSGAnw3IN3N0Qj4GfykpHWqacQ9w6shJDdc7
+fsLtmzPdZOmP34WBw7HFULZVLMiI7f3EzxRPSdh2XB2V7zTo13SqHtL/HRknGd6v
+tXpxw/s4EcraeCybMj5fMevJbkPrPaXBNuKGSRxo11vxAdApFtA6RDZcdwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSBEEpWETqi/SjegFS8IW5kKG/nBTAf
+BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQUFAAOC
+AQEAZEjX9AZC/Zt99MOBJv8dw/kL3L5deEXlSBr3B8s1K3+2UCLPpiT146Vdp9BV
+08H0qW7yTPcrAg/QyGKCk6aGB/P7FMjb8t/7Bix/rTmJeO3LtnANeri6SK4TRrDg
+e+j8MetOlyuWv2t7rvI+n/nClllJ85A0FeMuyzicM6NKTgCel309LtcfI0te22Kl
+PMpOt6aDeSSczgjki+eascqfA5yobIFOW/tTGaGftQdkhVcBLJU8PH6HDUPGCNUm
+elvTK7sOkvy+hYgWyJgtdSOdlcVKpZW+d4HNRhTMli+QKoQEUYDR4zlf3tTCLL2n
+IzqNs4NzYrB7khRToePEPGjMqw==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/server1.key
+++ b/polarssl/programs/ssl/test-ca/server1.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArpJjWXRopKqJUELy5ycJLKWGmQkoUl1uMvWTGDUOKyhtESBJ
+8iEN1vzm3N5Ak3sp7ktMKE/kjDgS3hBp97pA6HSAphk2Y+A3kzn2AI48Wv3cjlDB
+QXy//8m74q18jbGkGos+Hxoom+aTS3TD6assyJPP9gKhyUue+fb6ppWYbDKFwPTn
+sOxQrxdSSSGAnw3IN3N0Qj4GfykpHWqacQ9w6shJDdc7fsLtmzPdZOmP34WBw7HF
+ULZVLMiI7f3EzxRPSdh2XB2V7zTo13SqHtL/HRknGd6vtXpxw/s4EcraeCybMj5f
+MevJbkPrPaXBNuKGSRxo11vxAdApFtA6RDZcdwIDAQABAoIBAQCCjSFVPbQgKRTl
+fBvReCTpSaR+ABYyeoK2A2cMvGirJ+Fg5GfIdqW1+I3h8SgT4xC5j4AVyaGepzSc
+82N8CsMN1Ep9bO97A6wsIzVwtu42EhGGMKhGBDhF3yTuYVV7VbTm0OkVM2fZJzdS
+P7Ffp06ndbsZPGCnfDEYuHY8bDV/+4/TUH+O6EwcU+khxg0ihg6fcfORC2I9yBDX
+F6TJz9y2RmuRSi0F//eYsD5laeiQvQMZmLEeOsCyWdZBSnLv1tn4EDv1adnOceCF
+CG2CD+hgj4i5NPQO2lCWX/nBr8cXr+dQ3lPjvNQb3MPitzt3OZTi2fOh+9ENhu2Y
+FbnPG0exAoGBAN97s4Cq2pZ9BdyhbZuYapEMW33FIZjn8j4rPSZIkuureM6sG7bk
+LljD61p4exshz3Epk3AoOjIJc+KnquAeT3lW+8qPDnXDbhfwrhm/eLfFwrLEESg9
+AOHKes3JBmrtzN1Lcn56fvblK20C2JWKjln5agz4gAHxgjhLyOZbcs9vAoGBAMf4
+1i8fJFUrCvBA0sPRe+zJIex0ahuWxi9UL3Mdx8p9+qhNLMNZwlL4s+8IR9W9amlC
+ajPsLrEHZMFLVEwVpd4g+5p80HMvAvJw3AoWwGhsV1SZglk9cw1F7nWW2mah4QIp
+Onjscs3Msk4wNpIq/SA863PR3csMEC9HkQaBej95AoGAYrJPyQArfxCB2TlVncTH
+M33Anh/EQbIV0ozn+ZNNh1T4ClYJ+1B0g3Eq7I6O16Gr6m8RFRQ+90AjdLLVjRr1
+wEHA+2kIWsvPQDVjvi1IU+i7npVmel3OmOkCKQWhlvGkawrZ6q+QiNsWvZLnMcu6
+KFQ1GLtaVQFioBggBlPWtXMCgYA8SMLhD8VXO5OfnBst10BBwNzOOMYoLQrwB7QK
+QycQ32uqQyHEfpG7i6hK3jcxs1maA+CaaJAm5DC2qOvvx/LqBQ10pD3/C2QbDHT5
+QaSdllO5eFG4b3L4xGU/48tRd2mqyh0LiVSOwC/crGI3LGiEyHi+wLzZUniqmCub
+R3tAGQKBgQCx4lSit0oIB7ssYPMBrZd15Xlgjyu1Qeivn4sLwsB2R/YIoRO7ux74
+1mG3BZlLh9jD4B32g35BD+CzFXb7i7BmwWbg4QSuLd93NcBf5b7ZHTbotRqXvwbI
+tIVq6q3B4eEtnEG45aZ9cfYbl9fR8RLBGALZNFCVuAU4uS81jSCWHg==
+-----END RSA PRIVATE KEY-----
--- a/polarssl/programs/ssl/test-ca/server2.crt
+++ b/polarssl/programs/ssl/test-ca/server2.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb 10 22:15:12 2009 GMT
+            Not After : Feb 10 22:15:12 2011 GMT
+        Subject: C=NL, O=PolarSSL, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b0:19:1d:43:4a:e1:f1:67:80:7b:44:3f:25:b9:
+                    10:f0:f1:ac:af:59:fb:5c:e3:e7:32:49:f3:b7:a0:
+                    c1:90:27:83:04:2c:0b:1b:f8:3d:1e:d8:c2:40:67:
+                    7a:4a:c0:cd:ab:51:77:34:ee:ae:ac:09:6b:7a:cb:
+                    20:23:b3:44:b1:7e:78:a0:95:50:59:36:97:04:57:
+                    9a:76:65:e0:08:7a:09:5e:61:16:59:c2:35:eb:e0:
+                    a1:fd:92:f5:d5:76:c3:57:f3:64:19:25:ff:a9:e3:
+                    48:5a:c9:b7:ad:77:c5:81:24:2d:c7:99:d5:a5:15:
+                    12:67:69:00:2a:cd:4e:4f:46:40:51:78:36:b5:26:
+                    15:9c:73:9c:dc:bd:f9:fe:ac:62:dc:0a:c8:a0:9e:
+                    aa:06:e9:e5:94:c2:bd:2f:46:d4:54:08:d7:d6:98:
+                    69:1f:de:63:fc:09:70:f2:99:c8:63:27:f7:00:96:
+                    1e:ad:c3:ee:ce:80:e8:75:ce:50:6b:6c:49:c8:c4:
+                    92:04:a0:25:7c:19:6e:d6:e0:43:45:2a:d7:2a:44:
+                    4a:03:b9:72:17:a4:c7:01:b9:4e:88:8c:82:63:0f:
+                    bb:c2:89:98:86:8e:6d:d5:5e:bb:0b:bf:8c:d0:6f:
+                    97:15:39:fe:11:c9:cb:de:c5:5b:2c:47:65:07:20:
+                    b6:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                92:0C:8B:3F:E9:D3:EE:6F:08:23:62:0B:D1:68:FD:AC:A6:11:8F:5F
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+
+    Signature Algorithm: sha1WithRSAEncryption
+        69:51:68:d7:42:cc:0c:ba:7d:28:6b:0a:36:75:81:ce:56:a7:
+        9a:84:80:f7:69:14:33:56:1c:f0:b4:7d:a1:37:53:f1:7b:ec:
+        4c:41:81:be:d4:3c:ed:01:63:61:a4:78:2c:f9:c3:03:d2:ab:
+        07:5b:22:b6:7b:63:6a:f9:24:f9:4f:d8:97:71:4d:82:f4:1a:
+        59:20:2b:9a:b1:cb:88:65:fa:93:bb:aa:f4:e7:50:31:d0:c8:
+        b1:e0:b8:cc:a6:5f:7e:ff:54:25:de:89:df:12:c5:fe:0f:0e:
+        c0:14:bb:3f:97:b7:b5:68:af:ab:05:73:6d:62:d0:c4:2b:ab:
+        2d:c2:bc:2f:d3:be:0b:e7:55:8a:25:c2:ac:1c:f6:40:88:8f:
+        21:8c:bd:21:db:b9:9f:b7:b3:44:5b:cb:8c:cc:a5:08:f7:ee:
+        f9:1f:92:bd:0f:f5:2e:c1:73:6c:98:7a:9d:4b:93:4e:b1:ec:
+        7e:b7:4b:7f:d3:c4:2c:0d:01:fe:ba:67:63:6a:a5:ec:29:bd:
+        00:3a:46:b5:43:5b:f8:27:94:e5:7b:a2:80:9a:96:1b:7b:4b:
+        73:fb:3b:c6:22:dc:11:7e:27:a6:95:be:3b:10:de:ea:81:6d:
+        3b:71:df:07:13:9c:2c:23:a6:27:d6:06:b9:f8:c7:42:93:5a:
+        92:0f:32:97
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAh+gAwIBAgIBCTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjEwMjIxNTEyWhcNMTEwMjEwMjIxNTEyWjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALAZHUNK4fFngHtEPyW5EPDxrK9Z+1zj5zJJ87eg
+wZAngwQsCxv4PR7YwkBnekrAzatRdzTurqwJa3rLICOzRLF+eKCVUFk2lwRXmnZl
+4Ah6CV5hFlnCNevgof2S9dV2w1fzZBkl/6njSFrJt613xYEkLceZ1aUVEmdpACrN
+Tk9GQFF4NrUmFZxznNy9+f6sYtwKyKCeqgbp5ZTCvS9G1FQI19aYaR/eY/wJcPKZ
+yGMn9wCWHq3D7s6A6HXOUGtsScjEkgSgJXwZbtbgQ0Uq1ypESgO5chekxwG5ToiM
+gmMPu8KJmIaObdVeuwu/jNBvlxU5/hHJy97FWyxHZQcgts8CAwEAAaNNMEswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUkgyLP+nT7m8II2IL0Wj9rKYRj18wHwYDVR0jBBgw
+FoAUzyIxJ5HYwlT/HtrZ7orFiTKtDCEwDQYJKoZIhvcNAQEFBQADggEBAGlRaNdC
+zAy6fShrCjZ1gc5Wp5qEgPdpFDNWHPC0faE3U/F77ExBgb7UPO0BY2GkeCz5wwPS
+qwdbIrZ7Y2r5JPlP2JdxTYL0GlkgK5qxy4hl+pO7qvTnUDHQyLHguMymX37/VCXe
+id8Sxf4PDsAUuz+Xt7Vor6sFc21i0MQrqy3CvC/TvgvnVYolwqwc9kCIjyGMvSHb
+uZ+3s0Rby4zMpQj37vkfkr0P9S7Bc2yYep1Lk06x7H63S3/TxCwNAf66Z2Nqpewp
+vQA6RrVDW/gnlOV7ooCalht7S3P7O8Yi3BF+J6aVvjsQ3uqBbTtx3wcTnCwjpifW
+Brn4x0KTWpIPMpc=
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/server2.key
+++ b/polarssl/programs/ssl/test-ca/server2.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAsBkdQ0rh8WeAe0Q/JbkQ8PGsr1n7XOPnMknzt6DBkCeDBCwL
+G/g9HtjCQGd6SsDNq1F3NO6urAlressgI7NEsX54oJVQWTaXBFeadmXgCHoJXmEW
+WcI16+Ch/ZL11XbDV/NkGSX/qeNIWsm3rXfFgSQtx5nVpRUSZ2kAKs1OT0ZAUXg2
+tSYVnHOc3L35/qxi3ArIoJ6qBunllMK9L0bUVAjX1phpH95j/Alw8pnIYyf3AJYe
+rcPuzoDodc5Qa2xJyMSSBKAlfBlu1uBDRSrXKkRKA7lyF6THAblOiIyCYw+7womY
+ho5t1V67C7+M0G+XFTn+EcnL3sVbLEdlByC2zwIDAQABAoIBAF1B/5hKiNuCV61w
+GA0PNCSVqED440BvRVoBhftCPB/ufNjxxjRaw2uZmU3oPwBlmMXYj8vNd12OY4gV
+GIEvh/qDorhQOsv0OAfJqPh4vStgDaQYwHBqhInVXZRfhqc0jQD/2Yvj7sB2qDPE
+Teyk2Eiq8z+YfWc+gI+ZMMh6D7W0+mukxeBuhF/+W1p5lPiLpTilJ9QwveVzeH3/
+Wn8V5DNKtHXrBXoygrXfzqZWiOWZUruSgZFSgRhspGT9R7fSy1HogUykJE62h6ei
+wMvi9AdQxLEBadwMZjCuOLU1TnymHMX5GMno8Zq7TISX7PfKA7fj5xIuueP1kyFg
+UOb7VPkCgYEA3mx/VLBIFteCwSd1zv5bGVUk/O0HXNKqd3WUjgtacxNIYVjqostL
+CSyQGClNAHvVS/1ba38eAhY7BKazwX/kPJ3x+lo0tgCZQ5uqo/4amI5OJNlWTH1O
+7Xw5woyyjI84nJ1rtUSjG9/SxMpK21ZeTNvl2/kYVEt9AsmQLu6ogrUCgYEAyq5f
+lTulZJd4NpjLz+gCSqdA5qaoGJ5x+J49uMgAGAthKLD5vrWV1XEI6t4bOhku69sp
+MhDmauq6HYlbvhEfkaDXKBwHis/LkGCrWQ2TlTWRo6iqCfgGGSdoEOd04Z/3tpbN
+9JVwpUJU+qjz/BZnF3Kx4gNKGy95W7wUlRyIMfMCgYAxLxTJCWIniuhjBfLLHvvO
+EkHnnBJwuDTxzZJYBrKtl6n9vMfFz+Z71NrYPOnGHZwA/bllf+qG05uhX6uIMlup
+9MyZRga1u8NQDLvqJUA/xbQly66I0t8wGeVWb9xzYnbOARFRTQ8SbY1xfXfoq2f
+mVCu39o9aaPvJds4RZYFsQKBgQCTY16qvSc3EVcgDNkZpZQVCa+Oi17uGDq1Gw2z
+U+2Njqjm2FulLZN6FarwcPfHtgyDA2rft5533Z3eYMbQXs9gLWCJEGkDrrxPj5zL
+M65A8SWpp7uPaEe2/wsUT9yVPqj6pIu88vdpleUKKtbSWNA7IvLscovvXQSZixpE
+nO0FtQKBgEDDqxchzGIpKfi0sPSdt9TfOZADdI7Tc28U7ktWcVnArtGGyecwatr7
+nZUP68MPjezyldQPT0OYQgnIHm6smDbEEGVomIHuIPwFT8bFNX6fCh1NQWzTaNtv
+alggV/is0bHz2sGVtWTy0N8jAyFmlDxCWBcqaQ2hVP2910rQgUVd
+-----END RSA PRIVATE KEY-----
--- a/polarssl/programs/ssl/test-ca/sslconf.txt
+++ b/polarssl/programs/ssl/test-ca/sslconf.txt
@@ -0,0 +1,49 @@
+##================================================================
+##============== Example OpenSSL configuration file ==============
+##================================================================
+
+#  References:
+#
+#  /etc/ssl/openssl.conf
+#  http://www.openssl.org/docs/apps/config.html
+#  http://www.openssl.org/docs/apps/x509v3_config.html
+
+[ ca ]
+default_ca              = my_ca
+
+[ my_ca ]
+certificate             = test-ca.crt
+private_key             = test-ca.key
+database                = index
+serial                  = serial
+
+new_certs_dir           = newcerts
+default_crl_days        = 60
+default_days            = 730
+default_md              = sha1
+policy                  = my_policy
+x509_extensions         = v3_usr
+
+[ my_policy ]
+countryName             = supplied
+organizationName        = match
+commonName              = supplied
+
+[ req ]
+distinguished_name      = my_req_dn
+x509_extensions         = v3_ca
+prompt			= no
+
+[ v3_ca ]
+basicConstraints        = CA:TRUE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+
+[ v3_usr ]
+basicConstraints        = CA:FALSE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+
+[ my_req_dn ]
+C=NL
+O=PolarSSL
--- a/polarssl/programs/ssl/test-ca/test-ca.crt
+++ b/polarssl/programs/ssl/test-ca/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Validity
+            Not Before: Feb  9 21:12:25 2009 GMT
+            Not After : Feb 10 21:12:25 2019 GMT
+        Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b0:c7:44:7a:99:90:ef:25:b5:dc:0d:9f:95:14:
+                    1f:b1:a6:77:b0:b9:9f:d7:a9:fe:b6:68:98:e5:50:
+                    4d:33:9e:a1:d3:bf:1e:fb:71:b3:e0:35:aa:79:e0:
+                    0f:d0:6f:27:3a:8c:b3:2b:01:69:f4:98:26:47:b7:
+                    ba:40:30:d6:15:2f:0c:e4:9a:bf:3b:1e:e0:97:b6:
+                    ae:99:d3:a2:89:05:e6:82:3f:5b:ed:8d:3d:ba:ce:
+                    8b:a6:f9:e7:0d:8a:89:2d:0f:07:03:52:40:6b:ac:
+                    fa:21:9c:28:f2:e0:63:6e:dd:45:68:c6:37:9c:75:
+                    bc:78:74:9c:e1:f3:ea:b4:2a:d5:a6:f8:a3:e6:a2:
+                    be:4c:5a:31:b2:c0:1d:12:80:fb:33:be:2a:8c:a8:
+                    09:c1:05:0e:0b:71:2e:fb:7b:ae:d2:bc:c0:5b:f5:
+                    3a:59:d3:a2:3a:d6:f4:9f:e5:55:c4:37:0f:49:45:
+                    3d:aa:88:6a:7b:b1:b0:33:82:0f:07:17:94:56:af:
+                    af:e1:5f:1f:d2:c0:3f:f5:4d:16:e1:b6:99:28:46:
+                    43:67:e0:5f:63:a2:44:c1:26:84:01:89:73:c8:53:
+                    a0:24:da:20:97:08:09:8e:d5:77:43:1e:3a:6d:92:
+                    40:55:87:12:5c:8d:79:4e:f0:8d:a9:65:d1:9e:60:
+                    e7:eb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+            X509v3 Authority Key Identifier: 
+                keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
+                DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+                serial:00
+
+    Signature Algorithm: sha1WithRSAEncryption
+        1c:15:97:39:41:00:07:a3:07:3a:30:82:cb:9e:01:c8:09:f3:
+        e9:5f:40:fc:31:f5:81:98:6c:21:a5:88:59:5f:98:5c:4d:9c:
+        6c:4e:f5:0b:9b:c4:04:e1:16:6f:59:08:4d:57:fe:0e:4f:53:
+        c2:10:6c:d0:0d:1d:e7:b9:84:79:1f:94:94:a9:84:83:f8:c9:
+        2f:1c:4f:df:92:19:1e:66:10:8e:37:d5:7c:14:ef:d9:c5:c8:
+        c8:b2:c1:1e:b7:ea:b6:ca:ba:68:c4:63:72:e9:ea:3b:96:1f:
+        10:27:1a:2d:52:0f:68:7b:ea:80:05:ef:7d:b6:f7:50:e8:84:
+        f3:57:38:0d:6a:59:98:c8:fb:c9:56:1f:a1:fa:f9:94:29:80:
+        4c:97:00:8d:ad:40:61:68:ce:cd:7d:63:ec:e3:d0:18:5b:ac:
+        95:f8:95:a8:24:f2:50:f2:f2:8d:57:e8:e3:aa:86:8c:fd:8a:
+        9e:5c:02:7b:85:9f:37:87:70:75:b4:14:3d:1e:76:49:0f:ef:
+        6a:ef:95:a3:ac:af:51:ac:60:4c:69:cf:aa:13:3f:a1:7d:d8:
+        9f:9a:7e:35:9c:b5:69:70:68:69:cd:4a:28:4b:b7:8f:31:ee:
+        07:d7:92:f5:54:5d:b5:c9:78:e1:a6:e6:15:37:f7:dd:3d:38:
+        47:44:b1:e2
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDkwMjA5MjExMjI1WhcNMTkwMjEwMjExMjI1WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwx0R6mZDvJbXcDZ+VFB+xpnewuZ/X
+qf62aJjlUE0znqHTvx77cbPgNap54A/Qbyc6jLMrAWn0mCZHt7pAMNYVLwzkmr87
+HuCXtq6Z06KJBeaCP1vtjT26zoum+ecNioktDwcDUkBrrPohnCjy4GNu3UVoxjec
+dbx4dJzh8+q0KtWm+KPmor5MWjGywB0SgPszviqMqAnBBQ4LcS77e67SvMBb9TpZ
+06I61vSf5VXENw9JRT2qiGp7sbAzgg8HF5RWr6/hXx/SwD/1TRbhtpkoRkNn4F9j
+okTBJoQBiXPIU6Ak2iCXCAmO1XdDHjptkkBVhxJcjXlO8I2pZdGeYOfrAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUzyIxJ5HYwlT/HtrZ7orFiTKt
+DCEwYwYDVR0jBFwwWoAUzyIxJ5HYwlT/HtrZ7orFiTKtDCGhP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAHBWXOUEAB6MHOjCCy54ByAnz6V9A
+/DH1gZhsIaWIWV+YXE2cbE71C5vEBOEWb1kITVf+Dk9TwhBs0A0d57mEeR+UlKmE
+g/jJLxxP35IZHmYQjjfVfBTv2cXIyLLBHrfqtsq6aMRjcunqO5YfECcaLVIPaHvq
+gAXvfbb3UOiE81c4DWpZmMj7yVYfofr5lCmATJcAja1AYWjOzX1j7OPQGFuslfiV
+qCTyUPLyjVfo46qGjP2KnlwCe4WfN4dwdbQUPR52SQ/vau+Vo6yvUaxgTGnPqhM/
+oX3Yn5p+NZy1aXBoac1KKEu3jzHuB9eS9VRdtcl44abmFTf33T04R0Sx4g==
+-----END CERTIFICATE-----
--- a/polarssl/programs/ssl/test-ca/test-ca.key
+++ b/polarssl/programs/ssl/test-ca/test-ca.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB254D9A7718A8E2
+
+IOUSKEqvYM6tDkyyoAIxiDjZ/lzwCJAbONOxPnvNWL1bxMNYOMcwJxTh7P/EoC6Z
+L+ubHlAAUystPRi+h63aZh8qBEai1KOixy5PjqbEKYczagBi5kTIyhCFwwiTiKzB
+ygfFjC69wpkgWufKKJQ5skCYF8Pc7RlwKQeAnoPx/3xOFJUK3AHjHAbUhYWrDrqE
+CywZYdnaGc9TiXNPcGmwLlgBLjp2zUOS2+lSt+rOjVh3BcaK9z1PRZSXsp20zC8D
+1V3gRpbMPly+6BTOrxNuiiQzPK66Mn5g6BCyheanY3ArkM9PVZHmdFe4hvj/cu1L
+Ps82XShxEF1IZ1XtqH3gtsJdpAJ7lp6f7/tvjDOokfw+tId3omT7iJJtRKBqYV/u
+ujalWa4BU6Ek7yzexBfAe3C82xcn3TDoyXTCdJ3Jgz51cKO+22wTn/CsKh7excBM
+ecl0hwhJumunc+Ftmf81qAAZuN4EPF/SxpwQgfBypZ+OqTWBTAvmIwg5dMq2U8Mj
+iIXphhA7xbXiMS/yL+aK0vo8GbWVE7Qpwo1BiMfhxc2wxv/W8UpHH2O2WoWTfhUk
+wpK2Nm9jteU3SHg76plc5Qf6JqiF7wVuW6mrs8hut0s+q352waAHkOocVA/3xy2A
+qL99o/EkzniepORBFhHAJmYx9BolsVP5GQzokfRZkCkLRDm5b7rjx8J1kbWkiy7o
+NqyLVfvOjdDBi8cgU1g1K1BVukCD3bL1TNFjfT55xccCYrsosLb7BJFOX8c38DKF
+mXV9fQALqna0SKXoMRdU45JMVYQUp8CoLxWq9cCktzI7BCb0cWkTCwhgW3gOwSlO
+zDXXzX9iJhb8ZTYIw53Fbi8+shG3DMoixqv8GvFqU3MmxeLEjde+eFHn/kdDugxF
+CM6GLRJTf7URUr/H7ILLRxfgrbAk8XlT9CA8ykK+GKIbat0Q8NchW3k2PPNHo+s0
+ya65JH6GfDWP29lM1WFxMC0e6Zxjs/ArId2IWCKXLiEjEnzcuAhYZ9d/e6nPbuSQ
+oFEA1OfzGcmHJxWMuSX+boF02K/3Eun+fTQjUmD13qQza36MZVRfhlmcg/ztQy4R
+JSwr/wJUu/gZql1T+S4sWBq/TZEW7TaAcBs/TE4mqHHrJH2jKmwPswvl58RE2GKS
+JHa3CIpAiyqh09dSOsVS+inEISLgRoKQKHuscL0NhRYxB1Nv1sY5OTU8up2fRe4l
+LUYwJ57/pEb2//W2XQRW3nUdV5kYTOdIZPaK4T+diK5LhpA2QydXx5aC9GBLEr7r
+E+jO7IOJeESxOwjnreYJR2mNgT7QYch227iichheQ0OKRB+vKqnG/6uelH2QH4vJ
+NhvEtLZfyrpC3/dEClbDA9akSxOEyzSx1B/t6K43qZe2IZejLGW8nhsi2ZPDxHjz
+qrBef1sd91ySRAevsdsGHzCBiC8Ht0H4G76BLj3s611ww8vsOapJlpH2FrFKQo8R
+LAdnwehGccL2rJtq1cb9nxwe1xKUQ2K6iew9ITImDup6q0YA9dvFLtoZAtfxMf4R
+7qq3iAZUX0ZftEsM6sioiDhI/HBkUQOQd/2oxaYcEc480cMxf1DueA==
+-----END RSA PRIVATE KEY-----
--- a/polarssl/programs/test/CMakeLists.txt
+++ b/polarssl/programs/test/CMakeLists.txt
@@ -0,0 +1,12 @@
+add_executable(selftest selftest.c)
+target_link_libraries(selftest polarssl)
+
+add_executable(benchmark benchmark.c)
+target_link_libraries(benchmark polarssl)
+
+add_executable(ssl_test ssl_test.c)
+target_link_libraries(ssl_test polarssl)
+
+add_executable(ssl_cert_test ssl_cert_test.c)
+target_link_libraries(ssl_cert_test polarssl)
+
--- a/polarssl/programs/test/benchmark.c
+++ b/polarssl/programs/test/benchmark.c
@@ -0,0 +1,363 @@
+/*
+ *  Benchmark demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "polarssl/config.h"
+
+#include "polarssl/md4.h"
+#include "polarssl/md5.h"
+#include "polarssl/sha1.h"
+#include "polarssl/sha2.h"
+#include "polarssl/sha4.h"
+#include "polarssl/arc4.h"
+#include "polarssl/des.h"
+#include "polarssl/aes.h"
+#include "polarssl/camellia.h"
+#include "polarssl/rsa.h"
+#include "polarssl/timing.h"
+
+#define BUFSIZE 1024
+
+static int myrand( void *rng_state )
+{
+    if( rng_state != NULL )
+        rng_state  = NULL;
+
+    return( rand() );
+}
+
+unsigned char buf[BUFSIZE];
+
+int main( void )
+{
+    int keysize;
+    unsigned long i, j, tsc;
+    unsigned char tmp[64];
+#if defined(POLARSSL_ARC4_C)
+    arc4_context arc4;
+#endif
+#if defined(POLARSSL_DES_C)
+    des3_context des3;
+    des_context des;
+#endif
+#if defined(POLARSSL_AES_C)
+    aes_context aes;
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+    camellia_context camellia;
+#endif
+#if defined(POLARSSL_RSA_C)
+    rsa_context rsa;
+#endif
+
+    memset( buf, 0xAA, sizeof( buf ) );
+
+    printf( "\n" );
+
+#if defined(POLARSSL_MD4_C)
+    printf( "  MD4       :  " );
+    fflush( stdout );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        md4( buf, BUFSIZE, tmp );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        md4( buf, BUFSIZE, tmp );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_MD5_C)
+    printf( "  MD5       :  " );
+    fflush( stdout );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        md5( buf, BUFSIZE, tmp );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        md5( buf, BUFSIZE, tmp );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+    printf( "  SHA-1     :  " );
+    fflush( stdout );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        sha1( buf, BUFSIZE, tmp );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        sha1( buf, BUFSIZE, tmp );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_SHA2_C)
+    printf( "  SHA-256   :  " );
+    fflush( stdout );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        sha2( buf, BUFSIZE, tmp, 0 );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        sha2( buf, BUFSIZE, tmp, 0 );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_SHA4_C)
+    printf( "  SHA-512   :  " );
+    fflush( stdout );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        sha4( buf, BUFSIZE, tmp, 0 );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        sha4( buf, BUFSIZE, tmp, 0 );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_ARC4_C)
+    printf( "  ARC4      :  " );
+    fflush( stdout );
+
+    arc4_setup( &arc4, tmp, 32 );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        arc4_crypt( &arc4, BUFSIZE, buf, buf );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        arc4_crypt( &arc4, BUFSIZE, buf, buf );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_DES_C)
+    printf( "  3DES      :  " );
+    fflush( stdout );
+
+    des3_set3key_enc( &des3, tmp );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+
+    printf( "  DES       :  " );
+    fflush( stdout );
+
+    des_setkey_enc( &des, tmp );
+
+    set_alarm( 1 );
+    for( i = 1; ! alarmed; i++ )
+        des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+    tsc = hardclock();
+    for( j = 0; j < 1024; j++ )
+        des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+#endif
+
+#if defined(POLARSSL_AES_C)
+    for( keysize = 128; keysize <= 256; keysize += 64 )
+    {
+        printf( "  AES-%d   :  ", keysize );
+        fflush( stdout );
+
+        memset( buf, 0, sizeof( buf ) );
+        memset( tmp, 0, sizeof( tmp ) );
+        aes_setkey_enc( &aes, tmp, keysize );
+
+        set_alarm( 1 );
+
+        for( i = 1; ! alarmed; i++ )
+            aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+        tsc = hardclock();
+        for( j = 0; j < 4096; j++ )
+            aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+        printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                        ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+    }
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+    for( keysize = 128; keysize <= 256; keysize += 64 )
+    {
+        printf( "  CAMELLIA-%d   :  ", keysize );
+        fflush( stdout );
+
+        memset( buf, 0, sizeof( buf ) );
+        memset( tmp, 0, sizeof( tmp ) );
+        camellia_setkey_enc( &camellia, tmp, keysize );
+
+        set_alarm( 1 );
+
+        for( i = 1; ! alarmed; i++ )
+            camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+        tsc = hardclock();
+        for( j = 0; j < 4096; j++ )
+            camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf );
+
+        printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
+                        ( hardclock() - tsc ) / ( j * BUFSIZE ) );
+    }
+#endif
+
+#if defined(POLARSSL_RSA_C)
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+    rsa_gen_key( &rsa, myrand, NULL, 1024, 65537 );
+
+    printf( "  RSA-1024  :  " );
+    fflush( stdout );
+    set_alarm( 3 );
+
+    for( i = 1; ! alarmed; i++ )
+    {
+        buf[0] = 0;
+        rsa_public( &rsa, buf, buf );
+    }
+
+    printf( "%9lu  public/s\n", i / 3 );
+
+    printf( "  RSA-1024  :  " );
+    fflush( stdout );
+    set_alarm( 3 );
+
+    for( i = 1; ! alarmed; i++ )
+    {
+        buf[0] = 0;
+        rsa_private( &rsa, buf, buf );
+    }
+
+    printf( "%9lu private/s\n", i / 3 );
+
+    rsa_free( &rsa );
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+    rsa_gen_key( &rsa, myrand, NULL, 2048, 65537 );
+
+    printf( "  RSA-2048  :  " );
+    fflush( stdout );
+    set_alarm( 3 );
+
+    for( i = 1; ! alarmed; i++ )
+    {
+        buf[0] = 0;
+        rsa_public( &rsa, buf, buf );
+    }
+
+    printf( "%9lu  public/s\n", i / 3 );
+
+    printf( "  RSA-2048  :  " );
+    fflush( stdout );
+    set_alarm( 3 );
+
+    for( i = 1; ! alarmed; i++ )
+    {
+        buf[0] = 0;
+        rsa_private( &rsa, buf, buf );
+    }
+
+    printf( "%9lu private/s\n", i / 3 );
+
+    rsa_free( &rsa );
+
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+    rsa_gen_key( &rsa, myrand, NULL, 4096, 65537 );
+
+    printf( "  RSA-4096  :  " );
+    fflush( stdout );
+    set_alarm( 3 );
+
+    for( i = 1; ! alarmed; i++ )
+    {
+        buf[0] = 0;
+        rsa_public( &rsa, buf, buf );
+    }
+
+    printf( "%9lu  public/s\n", i / 3 );
+
+    printf( "  RSA-4096  :  " );
+    fflush( stdout );
+    set_alarm( 3 );
+
+    for( i = 1; ! alarmed; i++ )
+    {
+        buf[0] = 0;
+        rsa_private( &rsa, buf, buf );
+    }
+
+    printf( "%9lu private/s\n", i / 3 );
+
+    rsa_free( &rsa );
+#endif
+
+    printf( "\n" );
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( 0 );
+}
--- a/polarssl/programs/test/selftest.c
+++ b/polarssl/programs/test/selftest.c
@@ -0,0 +1,148 @@
+/*
+ *  Self-test demonstration program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/config.h"
+
+#include "polarssl/md2.h"
+#include "polarssl/md4.h"
+#include "polarssl/md5.h"
+#include "polarssl/sha1.h"
+#include "polarssl/sha2.h"
+#include "polarssl/sha4.h"
+#include "polarssl/arc4.h"
+#include "polarssl/des.h"
+#include "polarssl/aes.h"
+#include "polarssl/camellia.h"
+#include "polarssl/base64.h"
+#include "polarssl/bignum.h"
+#include "polarssl/rsa.h"
+#include "polarssl/x509.h"
+#include "polarssl/xtea.h"
+
+int main( int argc, char *argv[] )
+{
+    int ret, v;
+
+    if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 )
+        v = 0;
+    else
+    {
+        v = 1;
+        printf( "\n" );
+    }
+
+#if defined(POLARSSL_MD2_C)
+    if( ( ret = md2_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_MD4_C)
+    if( ( ret = md4_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_MD5_C)
+    if( ( ret = md5_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+    if( ( ret = sha1_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_SHA2_C)
+    if( ( ret = sha2_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_SHA4_C)
+    if( ( ret = sha4_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_ARC4_C)
+    if( ( ret = arc4_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_DES_C)
+    if( ( ret = des_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_AES_C)
+    if( ( ret = aes_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_BASE64_C)
+    if( ( ret = base64_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_BIGNUM_C)
+    if( ( ret = mpi_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_RSA_C)
+    if( ( ret = rsa_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_X509_PARSE_C)
+    if( ( ret = x509_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_XTEA_C)
+    if( ( ret = xtea_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+    if( ( ret = camellia_self_test( v ) ) != 0 )
+        return( ret );
+#endif
+
+    if( v != 0 )
+    {
+        printf( "  [ All tests passed ]\n\n" );
+#ifdef WIN32
+        printf( "  Press Enter to exit this program.\n" );
+        fflush( stdout ); getchar();
+#endif
+    }
+
+    return( ret );
+}
--- a/polarssl/programs/test/ssl_cert_test.c
+++ b/polarssl/programs/test/ssl_cert_test.c
@@ -0,0 +1,234 @@
+/*
+ *  SSL certificate functionality tests
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "polarssl/certs.h"
+#include "polarssl/x509.h"
+
+#if defined _MSC_VER && !defined snprintf
+#define snprintf _snprintf
+#endif
+
+#define MAX_CLIENT_CERTS    8
+
+char *client_certificates[MAX_CLIENT_CERTS] =
+{
+    "client1.crt",
+    "client2.crt",
+    "server1.crt",
+    "server2.crt",
+    "cert_sha224.crt",
+    "cert_sha256.crt",
+    "cert_sha384.crt",
+    "cert_sha512.crt"
+};
+
+char *client_private_keys[MAX_CLIENT_CERTS] =
+{
+    "client1.key",
+    "client2.key",
+    "server1.key",
+    "server2.key",
+    "cert_sha224.key",
+    "cert_sha256.key",
+    "cert_sha384.key",
+    "cert_sha512.key"
+};
+
+int main( void )
+{
+    int ret, i;
+    x509_cert cacert;
+    x509_crl crl;
+    char buf[10240];
+
+    memset( &cacert, 0, sizeof( x509_cert ) );
+    memset( &crl, 0, sizeof( x509_crl ) );
+
+    /*
+     * 1.1. Load the trusted CA
+     */
+    printf( "\n  . Loading the CA root certificate ..." );
+    fflush( stdout );
+
+    /*
+     * Alternatively, you may load the CA certificates from a .pem or
+     * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
+     */
+    ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_crtfile returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    x509parse_cert_info( buf, 1024, "CRT: ", &cacert );
+    printf("%s\n", buf );
+
+    /*
+     * 1.2. Load the CRL
+     */
+    printf( "  . Loading the CRL ..." );
+    fflush( stdout );
+
+    ret = x509parse_crlfile( &crl, "ssl/test-ca/crl.pem" );
+    if( ret != 0 )
+    {
+        printf( " failed\n  !  x509parse_crlfile returned %d\n\n", ret );
+        goto exit;
+    }
+
+    printf( " ok\n" );
+
+    x509parse_crl_info( buf, 1024, "CRL: ", &crl );
+    printf("%s\n", buf );
+
+    for( i = 0; i < MAX_CLIENT_CERTS; i++ )
+    {
+        /*
+         * 1.3. Load own certificate
+         */
+        char    name[512];
+        int flags;
+        x509_cert clicert;
+        rsa_context rsa;
+
+        memset( &clicert, 0, sizeof( x509_cert ) );
+        memset( &rsa, 0, sizeof( rsa_context ) );
+
+        snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
+
+        printf( "  . Loading the client certificate %s...", name );
+        fflush( stdout );
+
+        ret = x509parse_crtfile( &clicert, name );
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  x509parse_crt returned %d\n\n", ret );
+            goto exit;
+        }
+
+        printf( " ok\n" );
+
+        /*
+         * 1.4. Verify certificate validity with CA certificate
+         */
+        printf( "  . Verify the client certificate with CA certificate..." );
+        fflush( stdout );
+
+        ret = x509parse_verify( &clicert, &cacert, &crl, NULL, &flags );
+        if( ret != 0 )
+        {
+            if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
+            {
+                if( flags & BADCERT_CN_MISMATCH )
+                    printf( " CN_MISMATCH " );
+                if( flags & BADCERT_EXPIRED )
+                    printf( " EXPIRED " );
+                if( flags & BADCERT_REVOKED )
+                    printf( " REVOKED " );
+                if( flags & BADCERT_NOT_TRUSTED )
+                    printf( " NOT_TRUSTED " );
+                if( flags & BADCRL_NOT_TRUSTED )
+                    printf( " CRL_NOT_TRUSTED " );
+                if( flags & BADCRL_EXPIRED )
+                    printf( " CRL_EXPIRED " );
+            } else {
+                printf( " failed\n  !  x509parse_verify returned %d\n\n", ret );
+                goto exit;
+            }
+        }
+
+        printf( " ok\n" );
+
+        /*
+         * 1.5. Load own private key
+         */
+        snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
+
+        printf( "  . Loading the client private key %s...", name );
+        fflush( stdout );
+
+        ret = x509parse_keyfile( &rsa, name, NULL );
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  x509parse_key returned %d\n\n", ret );
+            goto exit;
+        }
+
+        printf( " ok\n" );
+
+        /*
+         * 1.5. Verify certificate validity with private key
+         */
+        printf( "  . Verify the client certificate with private key..." );
+        fflush( stdout );
+
+        ret = mpi_cmp_mpi(&rsa.N, &clicert.rsa.N);
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  mpi_cmp_mpi for N returned %d\n\n", ret );
+            goto exit;
+        }
+
+        ret = mpi_cmp_mpi(&rsa.E, &clicert.rsa.E);
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  mpi_cmp_mpi for E returned %d\n\n", ret );
+            goto exit;
+        }
+
+        ret = rsa_check_privkey( &rsa );
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  rsa_check_privkey returned %d\n\n", ret );
+            goto exit;
+        }
+
+        printf( " ok\n" );
+
+        x509_free( &clicert );
+        rsa_free( &rsa );
+    }
+
+exit:
+    x509_free( &cacert );
+    x509_crl_free( &crl );
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/test/ssl_test.c
+++ b/polarssl/programs/test/ssl_test.c
@@ -0,0 +1,595 @@
+/*
+ *  SSL/TLS stress testing program
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/havege.h"
+#include "polarssl/timing.h"
+#include "polarssl/certs.h"
+
+#define OPMODE_NONE             0
+#define OPMODE_CLIENT           1
+#define OPMODE_SERVER           2
+
+#define IOMODE_BLOCK            0
+#define IOMODE_NONBLOCK         1
+
+#define COMMAND_READ            1
+#define COMMAND_WRITE           2
+#define COMMAND_BOTH            3
+
+#define DFL_OPMODE              OPMODE_NONE
+#define DFL_IOMODE              IOMODE_BLOCK
+#define DFL_SERVER_NAME         "localhost"
+#define DFL_SERVER_PORT         4433
+#define DFL_COMMAND             COMMAND_READ
+#define DFL_BUFFER_SIZE         1024
+#define DFL_MAX_BYTES           0
+#define DFL_DEBUG_LEVEL         0
+#define DFL_CONN_TIMEOUT        0
+#define DFL_MAX_CONNECTIONS     0
+#define DFL_SESSION_REUSE       1
+#define DFL_SESSION_LIFETIME    86400
+#define DFL_FORCE_CIPHER        0
+
+/*
+ * server-specific data
+ */
+char *dhm_G = "4";
+char *dhm_P = 
+"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
+"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
+"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
+"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
+
+int server_fd = -1;
+
+/*
+ * global options
+ */
+struct options
+{
+    int opmode;                 /* operation mode (client or server)    */
+    int iomode;                 /* I/O mode (blocking or non-blocking)  */
+    char *server_name;          /* hostname of the server (client only) */
+    int server_port;            /* port on which the ssl service runs   */
+    int command;                /* what to do: read or write operation  */
+    int buffer_size;            /* size of the send/receive buffer      */
+    int max_bytes;              /* max. # of bytes before a reconnect   */
+    int debug_level;            /* level of debugging                   */
+    int conn_timeout;           /* max. delay before a reconnect        */
+    int max_connections;        /* max. number of reconnections         */
+    int session_reuse;          /* flag to reuse the keying material    */
+    int session_lifetime;       /* if reached, session data is expired  */
+    int force_cipher[2];        /* protocol/cipher to use, or all       */
+};
+
+/*
+ * Although this PRNG has good statistical properties (eg. passes
+ * DIEHARD), it is not cryptographically secure.
+ */
+unsigned long int lcppm5( unsigned long int *state )
+{
+    unsigned long int u, v;
+
+    u = v = state[4] ^ 1;
+    state[u & 3] ^= u;
+    u ^= (v << 12) ^ (v >> 12);
+    u ^= v * state[0]; v >>= 8;
+    u ^= v * state[1]; v >>= 8;
+    u ^= v * state[2]; v >>= 8;
+    u ^= v * state[3];
+    u &= 0xFFFFFFFF;
+    state[4] = u;
+
+    return( u );
+}
+
+void my_debug( void *ctx, int level, const char *str )
+{
+    if( level < ((struct options *) ctx)->debug_level )
+        fprintf( stderr, "%s", str );
+}
+
+/*
+ * perform a single SSL connection
+ */
+static int ssl_test( struct options *opt )
+{
+    int ret, i;
+    int client_fd;
+    int bytes_to_read;
+    int bytes_to_write;
+    int offset_to_read = 0;
+    int offset_to_write = 0;
+
+    long int nb_read;
+    long int nb_written;
+
+    unsigned long read_state[5];
+    unsigned long write_state[5];
+
+    unsigned char *read_buf = NULL;
+    unsigned char *write_buf = NULL;
+
+    struct hr_time t;
+    havege_state hs;
+    ssl_context ssl;
+    ssl_session ssn;
+    x509_cert srvcert;
+    rsa_context rsa;
+
+    ret = 1;
+
+    havege_init( &hs );
+    get_timer( &t, 1 );
+
+    memset( read_state, 0, sizeof( read_state ) );
+    memset( write_state, 0, sizeof( write_state ) );
+
+    memset( &srvcert, 0, sizeof( x509_cert ) );
+    memset( &rsa, 0, sizeof( rsa_context ) );
+
+    if( opt->opmode == OPMODE_CLIENT )
+    {
+        if( ( ret = net_connect( &client_fd, opt->server_name,
+                                             opt->server_port ) ) != 0 )
+        {
+            printf( "  ! net_connect returned %d\n\n", ret );
+            return( ret );
+        }
+
+        if( ( ret = ssl_init( &ssl ) ) != 0 )
+        {
+            printf( "  ! ssl_init returned %d\n\n", ret );
+            return( ret );
+        }
+
+        ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+    }
+
+    if( opt->opmode == OPMODE_SERVER )
+    {
+        ret =  x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
+                              strlen( test_srv_crt ) );
+        if( ret != 0 )
+        {
+            printf( "  !  x509parse_crt returned %d\n\n", ret );
+            goto exit;
+        }
+
+        ret =  x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
+                              strlen( test_ca_crt ) );
+        if( ret != 0 )
+        {
+            printf( "  !  x509parse_crt returned %d\n\n", ret );
+            goto exit;
+        }
+
+        ret =  x509parse_key( &rsa, (unsigned char *) test_srv_key,
+                              strlen( test_srv_key ), NULL, 0 );
+        if( ret != 0 )
+        {
+            printf( "  !  x509parse_key returned %d\n\n", ret );
+            goto exit;
+        }
+
+        if( server_fd < 0 )
+        {
+            if( ( ret = net_bind( &server_fd, NULL,
+                                   opt->server_port ) ) != 0 )
+            {
+                printf( "  ! net_bind returned %d\n\n", ret );
+                return( ret );
+            }
+        }
+
+        if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
+        {
+            printf( "  ! net_accept returned %d\n\n", ret );
+            return( ret );
+        }
+
+        if( ( ret = ssl_init( &ssl ) ) != 0 )
+        {
+            printf( "  ! ssl_init returned %d\n\n", ret );
+            return( ret );
+        }
+
+        ssl_set_endpoint( &ssl, SSL_IS_SERVER );
+        ssl_set_dh_param( &ssl, dhm_P, dhm_G );
+        ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
+        ssl_set_own_cert( &ssl, &srvcert, &rsa );
+    }
+
+    ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+
+    ssl_set_rng( &ssl, havege_rand, &hs );
+    ssl_set_dbg( &ssl, my_debug, opt );
+    ssl_set_bio( &ssl, net_recv, &client_fd,
+                       net_send, &client_fd );
+
+    ssl_set_session( &ssl, opt->session_reuse,
+                           opt->session_lifetime, &ssn );
+
+    if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
+          ssl_set_ciphers( &ssl, ssl_default_ciphers );
+    else  ssl_set_ciphers( &ssl, opt->force_cipher );
+
+    if( opt->iomode == IOMODE_NONBLOCK )
+        net_set_nonblock( client_fd );
+
+     read_buf = (unsigned char *) malloc( opt->buffer_size );
+    write_buf = (unsigned char *) malloc( opt->buffer_size );
+
+    if( read_buf == NULL || write_buf == NULL )
+    {
+        printf( "  ! malloc(%d bytes) failed\n\n", opt->buffer_size );
+        goto exit;
+    }
+
+    nb_read = bytes_to_read = 0;
+    nb_written = bytes_to_write = 0;
+
+    while( 1 )
+    {
+        if( opt->command & COMMAND_WRITE )
+        {
+            if( bytes_to_write == 0 )
+            {
+                while( bytes_to_write == 0 )
+                    bytes_to_write = rand() % opt->buffer_size;
+
+                for( i = 0; i < bytes_to_write; i++ )
+                    write_buf[i] = (unsigned char) lcppm5( write_state );
+
+                offset_to_write = 0;
+            }
+
+            ret = ssl_write( &ssl, write_buf + offset_to_write,
+                             bytes_to_write );
+
+            if( ret >= 0 )
+            {
+                nb_written += ret;
+                bytes_to_write  -= ret;
+                offset_to_write += ret;
+            }
+
+            if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
+                ret == POLARSSL_ERR_NET_CONN_RESET )
+            {
+                ret = 0;
+                goto exit;
+            }
+
+            if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
+            {
+                printf( "  ! ssl_write returned %d\n\n", ret );
+                break;
+            }
+        }
+
+        if( opt->command & COMMAND_READ )
+        {
+            if( bytes_to_read == 0 )
+            {
+                bytes_to_read = rand() % opt->buffer_size;
+                offset_to_read = 0;
+            }
+
+            ret = ssl_read( &ssl, read_buf + offset_to_read,
+                            bytes_to_read );
+
+            if( ret >= 0 )
+            {
+                for( i = 0; i < ret; i++ )
+                {
+                    if( read_buf[offset_to_read + i] !=
+                        (unsigned char) lcppm5( read_state ) )
+                    {
+                        ret = 1;
+                        printf( "  ! plaintext mismatch\n\n" );
+                        goto exit;
+                    }
+                }
+
+                nb_read += ret;
+                bytes_to_read -= ret;
+                offset_to_read += ret;
+            }
+
+            if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
+                ret == POLARSSL_ERR_NET_CONN_RESET )
+            {
+                ret = 0;
+                goto exit;
+            }
+
+            if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
+            {
+                printf( "  ! ssl_read returned %d\n\n", ret );
+                break;
+            }
+        }
+
+        ret = 0;
+
+        if( opt->max_bytes != 0 &&
+            ( opt->max_bytes <= nb_read ||
+              opt->max_bytes <= nb_written ) )
+            break;
+
+        if( opt->conn_timeout != 0 &&
+            opt->conn_timeout <= (int) get_timer( &t, 0 ) )
+            break;
+    }
+
+exit:
+
+    fflush( stdout );
+
+    if( read_buf != NULL )
+        free( read_buf );
+
+    if( write_buf != NULL )
+        free( write_buf );
+
+    ssl_close_notify( &ssl );
+    x509_free( &srvcert );
+    rsa_free( &rsa );
+    ssl_free( &ssl );
+    net_close( client_fd );
+
+    return( ret );
+}
+
+#define USAGE \
+    "\n usage: ssl_test opmode=<> command=<>...\n"               \
+    "\n acceptable parameters:\n"                                \
+    "    opmode=client/server        default: <none>\n"          \
+    "    iomode=block/nonblock       default: block\n"           \
+    "    server_name=%%s              default: localhost\n"      \
+    "    server_port=%%d              default: 4433\n"           \
+    "    command=read/write/both     default: read\n"            \
+    "    buffer_size=%%d (bytes)      default: 1024\n"           \
+    "    max_bytes=%%d (bytes)        default: 0 (no limit)\n"   \
+    "    debug_level=%%d              default: 0 (disabled)\n"   \
+    "    conn_timeout=%%d (ms)        default: 0 (no timeout)\n" \
+    "    max_connections=%%d          default: 0 (no limit)\n"   \
+    "    session_reuse=on/off        default: on (enabled)\n"    \
+    "    session_lifetime=%%d (s)     default: 86400\n"          \
+    "    force_cipher=<name>         default: all enabled\n"     \
+    " acceptable cipher names:\n"                                \
+    "    SSL_RSA_RC4_128_MD5         SSL_RSA_RC4_128_SHA\n"      \
+    "    SSL_RSA_DES_168_SHA         SSL_EDH_RSA_DES_168_SHA\n"  \
+    "    SSL_RSA_AES_128_SHA         SSL_EDH_RSA_AES_256_SHA\n"  \
+    "    SSL_RSA_AES_256_SHA         SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
+    "    SSL_RSA_CAMELLIA_128_SHA    SSL_RSA_CAMELLIA_256_SHA\n\n"
+
+int main( int argc, char *argv[] )
+{
+    int i, j, n;
+    int ret = 1;
+    int nb_conn;
+    char *p, *q;
+    struct options opt;
+
+    if( argc == 1 )
+    {
+    usage:
+        printf( USAGE );
+        goto exit;
+    }
+
+    opt.opmode                  = DFL_OPMODE;
+    opt.iomode                  = DFL_IOMODE;
+    opt.server_name             = DFL_SERVER_NAME;
+    opt.server_port             = DFL_SERVER_PORT;
+    opt.command                 = DFL_COMMAND;
+    opt.buffer_size             = DFL_BUFFER_SIZE;
+    opt.max_bytes               = DFL_MAX_BYTES;
+    opt.debug_level             = DFL_DEBUG_LEVEL;
+    opt.conn_timeout            = DFL_CONN_TIMEOUT;
+    opt.max_connections         = DFL_MAX_CONNECTIONS;
+    opt.session_reuse           = DFL_SESSION_REUSE;
+    opt.session_lifetime        = DFL_SESSION_LIFETIME;
+    opt.force_cipher[0]         = DFL_FORCE_CIPHER;
+
+    for( i = 1; i < argc; i++ )
+    {
+        n = strlen( argv[i] );
+
+        for( j = 0; j < n; j++ )
+        {
+            if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+                argv[i][j] |= 0x20;
+        }
+
+        p = argv[i];
+        if( ( q = strchr( p, '=' ) ) == NULL )
+            continue;
+        *q++ = '\0';
+
+        if( strcmp( p, "opmode" ) == 0 )
+        {
+            if( strcmp( q, "client" ) == 0 )
+                opt.opmode = OPMODE_CLIENT;
+            else
+            if( strcmp( q, "server" ) == 0 )
+                opt.opmode = OPMODE_SERVER;
+            else goto usage;
+        }
+
+        if( strcmp( p, "iomode" ) == 0 )
+        {
+            if( strcmp( q, "block" ) == 0 )
+                opt.iomode = IOMODE_BLOCK;
+            else
+            if( strcmp( q, "nonblock" ) == 0 )
+                opt.iomode = IOMODE_NONBLOCK;
+            else goto usage;
+        }
+
+        if( strcmp( p, "server_name" ) == 0 )
+            opt.server_name = q;
+
+        if( strcmp( p, "server_port" ) == 0 )
+        {
+            opt.server_port = atoi( q );
+            if( opt.server_port < 1 || opt.server_port > 65535 )
+                goto usage;
+        }
+
+        if( strcmp( p, "command" ) == 0 )
+        {
+            if( strcmp( q, "read" ) == 0 )
+                opt.command = COMMAND_READ;
+            else
+            if( strcmp( q, "write" ) == 0 )
+                opt.command = COMMAND_WRITE;
+            else
+            if( strcmp( q, "both" ) == 0 )
+            {
+                opt.iomode  = IOMODE_NONBLOCK;
+                opt.command = COMMAND_BOTH;
+            }
+            else goto usage;
+        }
+
+        if( strcmp( p, "buffer_size" ) == 0 )
+        {
+            opt.buffer_size = atoi( q );
+            if( opt.buffer_size < 1 || opt.buffer_size > 1048576 )
+                goto usage;
+        }
+
+        if( strcmp( p, "max_bytes" ) == 0 )
+            opt.max_bytes = atoi( q );
+
+        if( strcmp( p, "debug_level" ) == 0 )
+            opt.debug_level = atoi( q );
+
+        if( strcmp( p, "conn_timeout" ) == 0 )
+            opt.conn_timeout = atoi( q );
+
+        if( strcmp( p, "max_connections" ) == 0 )
+            opt.max_connections = atoi( q );
+
+        if( strcmp( p, "session_reuse" ) == 0 )
+        {
+            if( strcmp( q, "on" ) == 0 )
+                opt.session_reuse = 1;
+            else
+            if( strcmp( q, "off" ) == 0 )
+                opt.session_reuse = 0;
+            else
+                goto usage;
+        }
+
+        if( strcmp( p, "session_lifetime" ) == 0 )
+            opt.session_lifetime = atoi( q );
+
+        if( strcmp( p, "force_cipher" ) == 0 )
+        {
+            opt.force_cipher[0] = -1;
+
+            if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
+
+            if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
+
+            if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
+
+            if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
+
+            if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
+
+            if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
+
+            if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
+
+            if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
+
+            if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
+
+            if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
+                opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
+
+            if( opt.force_cipher[0] < 0 )
+                goto usage;
+
+            opt.force_cipher[1] = 0;
+        }
+    }
+
+    switch( opt.opmode )
+    {
+        case OPMODE_CLIENT:
+            break;
+
+        case OPMODE_SERVER:
+            break;
+
+        default:
+            goto usage;
+    }
+
+    nb_conn = 0;
+
+    do {
+        nb_conn++;
+        ret = ssl_test( &opt );
+        if( opt.max_connections != 0 &&
+            opt.max_connections <= nb_conn )
+            break;
+    }
+    while( ret == 0 );
+
+exit:
+
+#ifdef WIN32
+    printf( "  Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}
--- a/polarssl/programs/x509/CMakeLists.txt
+++ b/polarssl/programs/x509/CMakeLists.txt
@@ -0,0 +1,2 @@
+add_executable(cert_app cert_app.c)
+target_link_libraries(cert_app polarssl)
--- a/polarssl/programs/x509/cert_app.c
+++ b/polarssl/programs/x509/cert_app.c
@@ -0,0 +1,281 @@
+/*
+ *  Certificate reading application
+ *
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "polarssl/havege.h"
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/x509.h"
+
+#define MODE_NONE               0
+#define MODE_FILE               1
+#define MODE_SSL                2
+
+#define DFL_MODE                MODE_NONE
+#define DFL_FILENAME            "cert.crt"
+#define DFL_SERVER_NAME         "localhost"
+#define DFL_SERVER_PORT         4433
+#define DFL_DEBUG_LEVEL         0
+
+/*
+ * global options
+ */
+struct options
+{
+    int mode;                   /* the mode to run the application in   */
+    char *filename;             /* filename of the certificate file     */
+    char *server_name;          /* hostname of the server (client only) */
+    int server_port;            /* port on which the ssl service runs   */
+    int debug_level;            /* level of debugging                   */
+} opt;
+
+void my_debug( void *ctx, int level, const char *str )
+{
+    if( level < opt.debug_level )
+    {
+        fprintf( (FILE *) ctx, "%s", str );
+        fflush(  (FILE *) ctx  );
+    }
+}
+
+#define USAGE \
+    "\n usage: cert_app param=<>...\n"                  \
+    "\n acceptable parameters:\n"                       \
+    "    mode=file|ssl       default: none\n"          \
+    "    filename=%%s         default: cert.crt\n"      \
+    "    server_name=%%s      default: localhost\n"     \
+    "    server_port=%%d      default: 4433\n"          \
+    "    debug_level=%%d      default: 0 (disabled)\n"  \
+    "\n"
+
+int main( int argc, char *argv[] )
+{
+    int ret = 0, server_fd;
+    unsigned char buf[1024];
+    havege_state hs;
+    ssl_context ssl;
+    ssl_session ssn;
+    x509_cert clicert;
+    rsa_context rsa;
+    int i, j, n;
+    char *p, *q;
+
+    if( argc == 0 )
+    {
+    usage:
+        printf( USAGE );
+        goto exit;
+    }
+
+    opt.mode                = DFL_MODE;
+    opt.filename            = DFL_FILENAME;
+    opt.server_name         = DFL_SERVER_NAME;
+    opt.server_port         = DFL_SERVER_PORT;
+    opt.debug_level         = DFL_DEBUG_LEVEL;
+
+    for( i = 1; i < argc; i++ )
+    {
+        n = strlen( argv[i] );
+
+        for( j = 0; j < n; j++ )
+        {
+            if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+                argv[i][j] |= 0x20;
+        }
+
+        p = argv[i];
+        if( ( q = strchr( p, '=' ) ) == NULL )
+            goto usage;
+        *q++ = '\0';
+
+        if( strcmp( p, "mode" ) == 0 )
+        {
+            if( strcmp( q, "file" ) == 0 )
+                opt.mode = MODE_FILE;
+            else if( strcmp( q, "ssl" ) == 0 )
+                opt.mode = MODE_SSL;
+            else
+                goto usage;
+        }
+        else if( strcmp( p, "filename" ) == 0 )
+            opt.filename = q;
+        else if( strcmp( p, "server_name" ) == 0 )
+            opt.server_name = q;
+        else if( strcmp( p, "server_port" ) == 0 )
+        {
+            opt.server_port = atoi( q );
+            if( opt.server_port < 1 || opt.server_port > 65535 )
+                goto usage;
+        }
+        else if( strcmp( p, "debug_level" ) == 0 )
+        {
+            opt.debug_level = atoi( q );
+            if( opt.debug_level < 0 || opt.debug_level > 65535 )
+                goto usage;
+        }
+        else
+            goto usage;
+    }
+
+    if( opt.mode == MODE_FILE )
+    {
+        x509_cert crt;
+
+        memset( &crt, 0, sizeof( x509_cert ) );
+
+        /*
+         * 1.1. Load the certificate
+         */
+        printf( "\n  . Loading the certificate ..." );
+        fflush( stdout );
+
+        ret = x509parse_crtfile( &crt, opt.filename );
+
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  x509parse_crt returned %d\n\n", ret );
+            x509_free( &crt );
+            goto exit;
+        }
+
+        printf( " ok\n" );
+
+        /*
+         * 1.2 Print the certificate
+         */
+        printf( "  . Peer certificate information    ...\n" );
+        ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ", &crt );
+        if( ret == -1 )
+        {
+            printf( " failed\n  !  x509parse_cert_info returned %d\n\n", ret );
+            x509_free( &crt );
+            goto exit;
+        }
+
+        printf( "%s\n", buf );
+
+        x509_free( &crt );
+    }
+    else if( opt.mode == MODE_SSL )
+    {
+        /*
+         * 1. Initialize the RNG and the session data
+         */
+        havege_init( &hs );
+        memset( &ssn, 0, sizeof( ssl_session ) );
+
+        /*
+         * 2. Start the connection
+         */
+        printf( "  . SSL connection to tcp/%s/%-4d...", opt.server_name,
+                                                        opt.server_port );
+        fflush( stdout );
+
+        if( ( ret = net_connect( &server_fd, opt.server_name,
+                                             opt.server_port ) ) != 0 )
+        {
+            printf( " failed\n  ! net_connect returned %d\n\n", ret );
+            goto exit;
+        }
+
+        /*
+         * 3. Setup stuff
+         */
+        if( ( ret = ssl_init( &ssl ) ) != 0 )
+        {
+            printf( " failed\n  ! ssl_init returned %d\n\n", ret );
+            goto exit;
+        }
+
+        ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+        ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+
+        ssl_set_rng( &ssl, havege_rand, &hs );
+        ssl_set_dbg( &ssl, my_debug, stdout );
+        ssl_set_bio( &ssl, net_recv, &server_fd,
+                net_send, &server_fd );
+
+        ssl_set_ciphers( &ssl, ssl_default_ciphers );
+        ssl_set_session( &ssl, 1, 600, &ssn );
+
+        ssl_set_own_cert( &ssl, &clicert, &rsa );
+
+        ssl_set_hostname( &ssl, opt.server_name );
+
+        /*
+         * 4. Handshake
+         */
+        while( ( ret = ssl_handshake( &ssl ) ) != 0 )
+        {
+            if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
+            {
+                printf( " failed\n  ! ssl_handshake returned %d\n\n", ret );
+                goto exit;
+            }
+        }
+
+        printf( " ok\n" );
+
+        /*
+         * 5. Print the certificate
+         */
+        printf( "  . Peer certificate information    ...\n" );
+        ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ", ssl.peer_cert );
+        if( ret == -1 )
+        {
+            printf( " failed\n  !  x509parse_cert_info returned %d\n\n", ret );
+            goto exit;
+        }
+
+        printf( "%s\n", buf );
+
+        ssl_close_notify( &ssl );
+    }
+    else
+        goto usage;
+
+exit:
+
+    net_close( server_fd );
+    x509_free( &clicert );
+    rsa_free( &rsa );
+    ssl_free( &ssl );
+
+    memset( &ssl, 0, sizeof( ssl ) );
+
+#ifdef WIN32
+    printf( "  + Press Enter to exit this program.\n" );
+    fflush( stdout ); getchar();
+#endif
+
+    return( ret );
+}