# Test on OS X 10.8, with go tip
#
#
##########################
# test 1 openssl s_server and tls_error.go
# server output
$ openssl s_server -accept 4446 -cert server1_cert.pem -key server1_key.pem -CAfile ca-cert.pem -tls1 -www
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
8583:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 42
8583:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:854:
ACCEPT
^C

# test 1 client output
$ go run tls_error.go -cafile ca-cert.pem -host server1.ca1.example -port 4446 -verify true
Loading CA certificate file
Loaded  1  root certificates.
Connecting to server1.ca1.example:4446
Enabling SSL/TLS
Connection successful, calling Handshake()
panic: x509: certificate signed by unknown authority

goroutine 1 [running]:
main.main()
	/Users/jonathan.hanks/Documents/Programming/go/src/authtest/tls_error.go:73 +0x7e6

goroutine 3 [syscall]:
syscall.Syscall6()
	/Users/jonathan.hanks/Documents/Programming/go/tip/go/src/pkg/syscall/asm_darwin_amd64.s:38 +0x5
syscall.kevent(0x8, 0x0, 0x0, 0xc200078188, 0xa, ...)
	/Users/jonathan.hanks/Documents/Programming/go/tip/go/src/pkg/syscall/zsyscall_darwin_amd64.go:199 +0x86
syscall.Kevent(0x8, 0x0, 0x0, 0x0, 0xc200078188, ...)
	/Users/jonathan.hanks/Documents/Programming/go/tip/go/src/pkg/syscall/syscall_bsd.go:553 +0x9b
net.(*pollster).WaitFD(0xc200078180, 0xc200068b40, 0x0, 0x0, 0x0, ...)
	/Users/jonathan.hanks/Documents/Programming/go/tip/go/src/pkg/net/fd_darwin.go:96 +0x175
net.(*pollServer).Run(0xc200068b40, 0x0)
	/Users/jonathan.hanks/Documents/Programming/go/tip/go/src/pkg/net/fd_unix.go:205 +0x10d
created by net.newPollServer
	/Users/jonathan.hanks/Documents/Programming/go/tip/go/src/pkg/net/newpollserver_unix.go:33 +0x307
exit status 2

##########################
# test 2 openssl s_server and openssl s_client
# server output
$ openssl s_server -accept 4446 -cert server1_cert.pem -key server1_key.pem -CAfile ca-cert.pem -tls1 -www
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ACCEPT
^C

# test 2 client output
$ openssl s_client -connect server1.ca1.example:4446 -verify 3 -CAfile ca-cert.pem -tls1
verify depth is 3
CONNECTED(00000003)
depth=1 /C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
verify return:1
depth=0 /C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
verify return:1
---
Certificate chain
 0 s:/C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
   i:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
 1 s:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
   i:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICwjCCAm6gAwIBAgIEUQjDOTALBgkqhkiG9w0BAQUwbTELMAkGA1UEBhMCVVMx
EDAOBgNVBAoTB1Rlc3RDQTExDDAKBgNVBAsTA0NBMTEMMAoGA1UEBxMDVVNBMRIw
EAYDVQQIEwlTb21lcGxhY2UxHDAaBgNVBAMTE3Rlc3RjYTEuY2ExLmV4YW1wbGUw
HhcNMTMwMTMwMDY1MjQ0WhcNMTQwMTMwMDY1MjQ3WjBzMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHVGVzdENBMTEMMAoGA1UECxMDQ0ExMRIwEAYDVQQHEwlTb21lcGxh
Y2UxEjAQBgNVBAgTCVNvbWV3aGVyZTEcMBoGA1UEAxMTc2VydmVyMS5jYTEuZXhh
bXBsZTBZMAsGCSqGSIb3DQEBAQNKADBHAkDFh9iDHfxntnbMPddgpCTw0LwmGYlA
vppfmT+r+A3K5lBdZ/cvDJmKJvfm5Sqv53tN0RVwJnciu3lzS66eFIbHAgMBAAGj
gfQwgfEwMwYDVR0RBCwwKoITc2VydmVyMS5jYTEuZXhhbXBsZYITc2VydmVyMS5j
YTEuZXhhbXBsZTAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwMQYDVR0l
BCowKAYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYD
VR0OBBYEFLTg+PkAU4Y/lJHTD9azpDoo6OC+MB8GA1UdIwQYMBaAFFoU0+n4fTOx
kNEul2ISP2onY3LFMCgGA1UdHwQhMB8wHaAboBmGF3Rlc3RjYTEuY2ExLmV4YW1w
bGUvY3JsMAsGCSqGSIb3DQEBBQNBAG3Dw/JjQ82R1k0mKxahtBFsQwdSIqo0+fzl
HHFHSvgp7PIfqCW094aE7HAqIzIWDVe3d08Du3PDcrwOJTm8R2A=
-----END CERTIFICATE-----
subject=/C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
issuer=/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
---
No client certificate CA names sent
---
SSL handshake has read 1830 bytes and written 235 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 512 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: A16F000EB599DDD16DF600FBC0393DFA015171979FADF8BB42DAFD1825C4A137
    Session-ID-ctx: 
    Master-Key: 9D06DDF71C30BDDEC55AA3CE2D0351A18F541E9D3B728C0CD7AD0E56EA1B534AA07590A73C62C6AD50B01AD6139ECDE6
    Key-Arg   : None
    TLS session ticket:
    0000 - 97 2f 2c 5d f8 23 a2 6a-45 6b dd ae f3 81 6b 15   ./,].#.jEk....k.
    0010 - 56 96 d3 8e e4 1c 2a 05-84 53 18 49 54 2d a3 84   V.....*..S.IT-..
    0020 - 30 60 f7 00 0c 5c b5 0d-90 91 33 ce 7c a3 e6 2f   0`...\....3.|../
    0030 - 6e b5 09 c2 ac 12 1d dc-d8 25 86 13 ae 28 af 0a   n........%...(..
    0040 - bc aa b4 c3 f3 77 a8 00-7c be b7 c1 96 05 f2 fb   .....w..|.......
    0050 - 40 d9 db 83 85 60 a2 c6-85 74 ca dd b7 66 60 22   @....`...t...f`"
    0060 - ce 00 e6 f1 41 62 61 97-d1 8e 81 be 97 0e 5e 57   ....Aba.......^W
    0070 - fb f2 cc 7a d1 64 fd c9-a6 36 22 02 a7 9f 3a bc   ...z.d...6"...:.
    0080 - 64 f7 ad c8 d5 d1 37 fa-70 40 2e 52 c8 eb b6 19   d.....7.p@.R....
    0090 - ff da aa aa c2 dd a0 2b-a8 b9 78 68 84 1d cb 21   .......+..xh...!

    Compression: 1 (zlib compression)
    Start Time: 1359588277
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
^C