summaryrefslogtreecommitdiff
path: root/debian/patches/openssl1.1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/openssl1.1.patch')
-rw-r--r--debian/patches/openssl1.1.patch1857
1 files changed, 0 insertions, 1857 deletions
diff --git a/debian/patches/openssl1.1.patch b/debian/patches/openssl1.1.patch
deleted file mode 100644
index b8461936..00000000
--- a/debian/patches/openssl1.1.patch
+++ /dev/null
@@ -1,1857 +0,0 @@
-From 20a2318b384c08dd100f81d998c11410adfa2c6b Mon Sep 17 00:00:00 2001
-From: Chris Wilson <chris+github@qwirx.com>
-Date: Sun, 2 Jun 2019 21:51:27 +0100
-Subject: [PATCH] Minimal fix for Debian bug 907135 [#36]
-
-Unfortunately, the changes required to implement the full solution to Debian
-bug 907135 were quite large and could not be reviewed in time for Debian 10's
-release date. This would have meant that Box Backup was not available at all in
-Debian 10.
-
-Therefore we have developed a workaround specifically for Debian 10 users
-(this patch), which contains only the minimal changes needed to:
-
-* reduce the security level for Box Backup to 1 (the previous default),
-* overriding the system default; ensure that all newly generated certificates
-* meet the new security requirements that will later be imposed.
-
-This interim version will hopefully be replaced by a version from the master
-branch that supports the SSLSecurityLevel configuration option, which we hope
-to see in debian-backports as soon as possible, and we recommend that anyone
-using the interim version upgrade to this master version as soon as possible.
-
-See
-https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2
-for more details.
----
- bin/bbackupd/bbackupd-config.in | 2 +-
- bin/bbstored/bbstored-certs.in | 8 +-
- infrastructure/cmake/CMakeLists.txt | 19 +-
- infrastructure/m4/boxbackup_tests.m4 | 3 +-
- lib/common/BoxPortsAndFiles.h.in | 4 +
- lib/common/Test.h | 2 +
- lib/server/TLSContext.cpp | 9 +
- test/backupstorefix/testbackupstorefix.cpp | 9 +-
- .../testfiles/testbackupstorefix.pl.in | 16 +-
- test/basicserver/testbasicserver.cpp | 97 +++++++++
- .../testfiles/seclevel2-sha1/bbackupd.conf | 196 ++++++++++++++++++
- .../seclevel2-sha1/bbackupd/1234567-csr.pem | 15 ++
- .../seclevel2-sha1/bbackupd/1234567-key.pem | 27 +++
- .../seclevel2-sha1/bbackupd/NotifySysadmin.sh | 70 +++++++
- .../testfiles/seclevel2-sha1/bbstored.conf | 23 ++
- .../seclevel2-sha1/bbstored/localhost-csr.pem | 15 ++
- .../seclevel2-sha1/bbstored/localhost-key.pem | 27 +++
- .../ca/clients/1234567-cert.pem | 17 ++
- .../seclevel2-sha1/ca/keys/clientRootCSR.pem | 15 ++
- .../seclevel2-sha1/ca/keys/clientRootKey.pem | 27 +++
- .../seclevel2-sha1/ca/keys/serverRootCSR.pem | 15 ++
- .../seclevel2-sha1/ca/keys/serverRootKey.pem | 27 +++
- .../seclevel2-sha1/ca/roots/clientCA.pem | 18 ++
- .../seclevel2-sha1/ca/roots/clientCA.srl | 1 +
- .../seclevel2-sha1/ca/roots/serverCA.pem | 18 ++
- .../seclevel2-sha1/ca/roots/serverCA.srl | 1 +
- .../ca/servers/localhost-cert.pem | 17 ++
- .../testfiles/seclevel2-sha1/raidfile.conf | 10 +
- .../testfiles/seclevel2-sha256/bbackupd.conf | 195 +++++++++++++++++
- .../seclevel2-sha256/bbackupd/1234567-csr.pem | 15 ++
- .../seclevel2-sha256/bbackupd/1234567-key.pem | 27 +++
- .../bbackupd/NotifySysadmin.sh | 70 +++++++
- .../testfiles/seclevel2-sha256/bbstored.conf | 23 ++
- .../bbstored/localhost-csr.pem | 15 ++
- .../bbstored/localhost-key.pem | 27 +++
- .../ca/clients/1234567-cert.pem | 17 ++
- .../ca/keys/clientRootCSR.pem | 15 ++
- .../ca/keys/clientRootKey.pem | 27 +++
- .../ca/keys/serverRootCSR.pem | 15 ++
- .../ca/keys/serverRootKey.pem | 27 +++
- .../seclevel2-sha256/ca/roots/clientCA.pem | 18 ++
- .../seclevel2-sha256/ca/roots/clientCA.srl | 1 +
- .../seclevel2-sha256/ca/roots/serverCA.pem | 18 ++
- .../seclevel2-sha256/ca/roots/serverCA.srl | 1 +
- .../ca/servers/localhost-cert-sha1.pem | 17 ++
- .../ca/servers/localhost-cert.pem | 17 ++
- .../testfiles/seclevel2-sha256/raidfile.conf | 10 +
- .../testfiles/srv3-seclevel2-sha1.conf | 8 +
- .../testfiles/srv3-seclevel2-sha256.conf | 8 +
- test/bbackupd/testbbackupd.cpp | 123 ++++++++++-
- 50 files changed, 1375 insertions(+), 27 deletions(-)
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem
- create mode 100755 test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored.conf
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha1/raidfile.conf
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem
- create mode 100755 test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored.conf
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem
- create mode 100644 test/basicserver/testfiles/seclevel2-sha256/raidfile.conf
- create mode 100644 test/basicserver/testfiles/srv3-seclevel2-sha1.conf
- create mode 100644 test/basicserver/testfiles/srv3-seclevel2-sha256.conf
-
---- a/bin/bbackupd/bbackupd-config.in
-+++ b/bin/bbackupd/bbackupd-config.in
-@@ -169,7 +169,7 @@ if(!-f $private_key)
- if(!-f $certificate_request)
- {
- die "Couldn't run openssl for CSR generation" unless
-- open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request");
-+ open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request");
- print CSR <<__E;
- .
- .
---- a/bin/bbstored/bbstored-certs.in
-+++ b/bin/bbstored/bbstored-certs.in
-@@ -122,7 +122,7 @@ sub cmd_init_create_root
-
- # make CSR
- die "Couldn't run openssl for CSR generation" unless
-- open(CSR,"|openssl req -new -key $key -sha1 -out $csr");
-+ open(CSR,"|openssl req -new -key $key -sha256 -out $csr");
- print CSR <<__E;
- .
- .
-@@ -140,7 +140,7 @@ __E
- die "Certificate request wasn't created.\n" unless -f $csr;
-
- # sign it to make a self-signed root CA key
-- if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
-+ if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
- {
- die "Couldn't generate root certificate."
- }
-@@ -201,7 +201,7 @@ __E
- my $out_cert = "$cert_dir/clients/$acc"."-cert.pem";
-
- # sign it!
-- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
-+ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
- {
- die "Signing failed"
- }
-@@ -257,7 +257,7 @@ __E
- my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem";
-
- # sign it!
-- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
-+ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
- {
- die "Signing failed"
- }
---- a/infrastructure/cmake/CMakeLists.txt
-+++ b/infrastructure/cmake/CMakeLists.txt
-@@ -71,13 +71,6 @@ function(move_file_if_exists source_file
- endif()
- endfunction()
-
--foreach(file_to_configure ${files_to_configure})
-- configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY)
-- replace_file_if_different(
-- "${base_dir}/${file_to_configure}"
-- "${base_dir}/${file_to_configure}.out")
--endforeach()
--
- # If BOXBACKUP_VERSION is defined when running CMake (as the AppVeyor config does), use it
- # as-is, since it contains the full version number, branch, and platform (Win32/Win64):
- if(BOXBACKUP_VERSION)
-@@ -375,6 +368,7 @@ file(WRITE "${boxconfig_h_file}" "// Aut
-
- if(WIN32)
- target_link_libraries(lib_common PUBLIC ws2_32 gdi32)
-+ list(APPEND CMAKE_REQUIRED_LIBRARIES ws2_32 gdi32)
- endif()
-
- # On Windows we want to statically link zlib to make debugging and distribution easier,
-@@ -430,6 +424,7 @@ else()
- endif()
- include_directories(${OPENSSL_INCLUDE_DIR})
- target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES})
-+list(APPEND CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
-
- # Link to PCRE
- if (WIN32)
-@@ -608,6 +603,9 @@ foreach(function_name ${detect_functions
- file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_${platform_var_name}\n")
- endforeach()
-
-+check_function_exists(SSL_CTX_set_security_level HAVE_SSL_CTX_SET_SECURITY_LEVEL)
-+file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_SSL_CTX_SET_SECURITY_LEVEL\n")
-+
- check_symbol_exists(dirfd "dirent.h" HAVE_DECL_DIRFD)
- file(APPEND "${boxconfig_h_file}" "#cmakedefine01 HAVE_DECL_DIRFD\n")
-
-@@ -824,6 +822,13 @@ file(TO_NATIVE_PATH "${PERL_EXECUTABLE}"
- string(REPLACE "\\" "\\\\" perl_path_escaped ${perl_executable_native})
- target_compile_definitions(test_backupstorefix PRIVATE -DPERL_EXECUTABLE="${perl_path_escaped}")
-
-+foreach(file_to_configure ${files_to_configure})
-+ configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY)
-+ replace_file_if_different(
-+ "${base_dir}/${file_to_configure}"
-+ "${base_dir}/${file_to_configure}.out")
-+endforeach()
-+
- # Configure test timeouts:
- # I've set the timeout to 4 times as long as it took to run on a particular run on Appveyor:
- # https://ci.appveyor.com/project/qris/boxbackup/build/job/xm10itascygtu93j
---- a/infrastructure/m4/boxbackup_tests.m4
-+++ b/infrastructure/m4/boxbackup_tests.m4
-@@ -142,7 +142,8 @@ AC_SEARCH_LIBS(
- Upgrade or read the documentation for alternatives]])
- fi
- ])
--
-+AC_CHECK_FUNCS([SSL_CTX_set_security_level], [HAVE_SSL_CTX_SET_SECURITY_LEVEL=1])
-+AC_SUBST([HAVE_SSL_CTX_SET_SECURITY_LEVEL])
-
- ### Checks for header files.
-
---- a/lib/common/BoxPortsAndFiles.h.in
-+++ b/lib/common/BoxPortsAndFiles.h.in
-@@ -20,6 +20,10 @@
- // directory within the RAIDFILE root for the backup store daemon
- #define BOX_RAIDFILE_ROOT_BBSTORED "backup"
-
-+// default security level if SSLSecurityLevel is not specified: see
-+// https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates
-+const int BOX_DEFAULT_SSL_SECURITY_LEVEL = 1;
-+
- // configuration file paths
- #ifdef WIN32
- // no default config file path, use these macros to call
---- a/lib/common/Test.h
-+++ b/lib/common/Test.h
-@@ -23,6 +23,7 @@
- #define BBACKUPQUERY "..\\..\\bin\\bbackupquery\\bbackupquery.exe"
- #define BBSTOREACCOUNTS "..\\..\\bin\\bbstoreaccounts\\bbstoreaccounts.exe"
- #define TEST_RETURN(actual, expected) TEST_EQUAL(expected, actual);
-+#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE(expected, actual, command);
- #else
- #define BBACKUPCTL "../../bin/bbackupctl/bbackupctl"
- #define BBACKUPD "../../bin/bbackupd/bbackupd"
-@@ -30,6 +31,7 @@
- #define BBACKUPQUERY "../../bin/bbackupquery/bbackupquery"
- #define BBSTOREACCOUNTS "../../bin/bbstoreaccounts/bbstoreaccounts"
- #define TEST_RETURN(actual, expected) TEST_EQUAL((expected << 8), actual);
-+#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE((expected << 8), actual, command);
- #endif
-
- extern int num_failures;
---- a/lib/server/TLSContext.cpp
-+++ b/lib/server/TLSContext.cpp
-@@ -14,6 +14,7 @@
-
- #include "autogen_ConnectionException.h"
- #include "autogen_ServerException.h"
-+#include "BoxPortsAndFiles.h"
- #include "CryptoUtils.h"
- #include "SSLLib.h"
- #include "TLSContext.h"
-@@ -84,6 +85,14 @@ void TLSContext::Initialise(bool AsServe
- THROW_EXCEPTION(ServerException, TLSAllocationFailed)
- }
-
-+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
-+ BOX_WARNING("This version of Box Backup overrides the system-wide SSLSecurityLevel for "
-+ "backwards compatibility. Please upgrade as soon as possible. See "
-+ "https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 "
-+ "for details");
-+ SSL_CTX_set_security_level(mpContext, BOX_DEFAULT_SSL_SECURITY_LEVEL);
-+#endif
-+
- // Setup our identity
- if(::SSL_CTX_use_certificate_chain_file(mpContext, CertificatesFile) != 1)
- {
---- a/test/backupstorefix/testbackupstorefix.cpp
-+++ b/test/backupstorefix/testbackupstorefix.cpp
-@@ -671,8 +671,13 @@ int test(int argc, const char *argv[])
- char name[256];
- while(::fgets(line, sizeof(line), f) != 0)
- {
-- TEST_THAT(::sscanf(line, "%x %s %s", &id,
-- flags, name) == 3);
-+ if(StartsWith("WARNING: This version of Box Backup overrides the "
-+ "system-wide SSLSecurityLevel", line))
-+ {
-+ continue;
-+ }
-+ TEST_EQUAL_LINE(3, ::sscanf(line, "%x %s %s", &id, flags, name),
-+ "Unexpected format in initial-listing.txt: <" << line << ">");
- bool isDir = (::strcmp(flags, "-d---") == 0);
- //TRACE3("%x,%d,%s\n", id, isDir, name);
- MEMLEAKFINDER_NO_LEAKS;
---- a/test/backupstorefix/testfiles/testbackupstorefix.pl.in
-+++ b/test/backupstorefix/testfiles/testbackupstorefix.pl.in
-@@ -148,18 +148,20 @@ elsif($ARGV[0] eq 'reroot')
- or die "can't open copy listing file";
- my $err = 0;
- my $count = 0;
-- while(<LISTING>)
-+ while(my $line = <LISTING>)
- {
-- print LISTING_COPY;
-- chomp;
-- s/\[FILENAME NOT ENCRYPTED\]//;
-- next if /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/;
-- my ($id,$type,$name) = split / /;
-+ print LISTING_COPY $line;
-+ chomp $line;
-+ $line =~s/\[FILENAME NOT ENCRYPTED\]//;
-+ next if $line =~ /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/;
-+ next if $line =~ /^WARNING: This version of Box Backup overrides the system-wide SSLSecurityLevel/;
-+ my ($id,$type,$name) = split / /, $line;
- $count++;
- if($name !~ /\Alost\+found0/)
- {
- # everything must be in a lost and found dir
-- $err = 1
-+ print "Expected '$name' to be in a lost+found directory, but it was not ($line)";
-+ $err = 1;
- }
- }
- close LISTING_COPY;
---- a/test/basicserver/testbasicserver.cpp
-+++ b/test/basicserver/testbasicserver.cpp
-@@ -449,6 +449,80 @@ void TestStreamReceive(TestProtocolClien
- TEST_THAT(count == (24273*3)); // over 64 k of data, definately
- }
-
-+bool test_security_level(int cert_level)
-+{
-+ int old_num_failures = num_failures;
-+
-+ // Context first
-+ TLSContext context;
-+ if(cert_level == 0)
-+ {
-+ context.Initialise(false /* client */,
-+ "testfiles/clientCerts.pem",
-+ "testfiles/clientPrivKey.pem",
-+ "testfiles/clientTrustedCAs.pem");
-+ }
-+ else if(cert_level == 1)
-+ {
-+ context.Initialise(false /* client */,
-+ "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem",
-+ "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem",
-+ "testfiles/seclevel2-sha1/ca/roots/serverCA.pem");
-+ }
-+ else if(cert_level == 2)
-+ {
-+ context.Initialise(false /* client */,
-+ "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem",
-+ "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem",
-+ "testfiles/seclevel2-sha256/ca/roots/serverCA.pem");
-+ }
-+ else
-+ {
-+ TEST_FAIL_WITH_MESSAGE("No certificates generated for level " << cert_level);
-+ return false;
-+ }
-+
-+ SocketStreamTLS conn;
-+ conn.Open(context, Socket::TypeINET, "localhost", 2003);
-+
-+ return (num_failures == old_num_failures); // no new failures -> good
-+}
-+
-+// Test the certificates that were distributed with the Box Backup source since ancient times,
-+// which have only 1024-bit keys, and thus fail with "ee key too small".
-+bool test_ancient_certificates()
-+{
-+ int old_num_failures = num_failures;
-+
-+ // Level -1 (allow weaker, with warning) should pass with any certificates:
-+ TEST_THAT(test_security_level(0)); // cert_level
-+
-+ return (num_failures == old_num_failures); // no new failures -> good
-+}
-+
-+// Test a set of more recent certificates, which have a longer key but are signed using the SHA1
-+// algorithm instead of SHA256, which fail with "ca md too weak" instead.
-+bool test_old_certificates()
-+{
-+ int old_num_failures = num_failures;
-+
-+ // Level -1 (allow weaker, with warning) should pass with any certificates:
-+ TEST_THAT(test_security_level(1)); // cert_level
-+
-+ return (num_failures == old_num_failures); // no new failures -> good
-+}
-+
-+
-+bool test_new_certificates()
-+{
-+ int old_num_failures = num_failures;
-+
-+ // Level -1 (allow weaker, with warning) should pass with any certificates:
-+ TEST_THAT(test_security_level(2)); // cert_level
-+
-+ return (num_failures == old_num_failures); // no new failures -> good
-+}
-+
-
- int test(int argc, const char *argv[])
- {
-@@ -682,6 +756,11 @@ int test(int argc, const char *argv[])
- TEST_THAT(ServerIsAlive(pid));
- #endif
-
-+ // Try testing with different security levels, check that the behaviour is
-+ // as documented at:
-+ // https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates
-+ TEST_THAT(test_ancient_certificates());
-+
- // Kill it
- TEST_THAT(KillServer(pid));
- ::sleep(1);
-@@ -691,6 +770,24 @@ int test(int argc, const char *argv[])
- TestRemoteProcessMemLeaks("test-srv3.memleaks");
- #endif
- }
-+
-+ cmd = TEST_EXECUTABLE " --test-daemon-args=";
-+ cmd += test_args;
-+ cmd += " srv3 testfiles/srv3-seclevel2-sha1.conf";
-+ pid = LaunchServer(cmd, "testfiles/srv3.pid");
-+
-+ TEST_THAT(pid != -1 && pid != 0);
-+ TEST_THAT(test_old_certificates());
-+ TEST_THAT(KillServer(pid));
-+
-+ cmd = TEST_EXECUTABLE " --test-daemon-args=";
-+ cmd += test_args;
-+ cmd += " srv3 testfiles/srv3-seclevel2-sha256.conf";
-+ pid = LaunchServer(cmd, "testfiles/srv3.pid");
-+
-+ TEST_THAT(pid != -1 && pid != 0);
-+ TEST_THAT(test_new_certificates());
-+ TEST_THAT(KillServer(pid));
- }
-
- //protocolserver:
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf
-@@ -0,0 +1,196 @@
-+
-+StoreHostname = localhost
-+AccountNumber = 0x1234567
-+KeysFile = ./bbackupd/1234567-FileEncKeys.raw
-+
-+CertificateFile = ./bbackupd/1234567-cert.pem
-+PrivateKeyFile = ./bbackupd/1234567-key.pem
-+TrustedCAsFile = ./bbackupd/serverCA.pem
-+SSLSecurityLevel = 2
-+
-+DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1
-+
-+
-+# This script is run whenever bbackupd changes state or encounters a
-+# problem which requires the system administrator to assist:
-+#
-+# 1) The store is full, and no more data can be uploaded.
-+# 2) Some files or directories were not readable.
-+# 3) A backup run starts or finishes.
-+#
-+# The default script emails the system administrator, except for backups
-+# starting and stopping, where it does nothing.
-+
-+NotifyScript = ./bbackupd/NotifySysadmin.sh
-+
-+
-+# The number of seconds between backup runs under normal conditions. To avoid
-+# cycles of load on the server, this time is randomly adjusted by a small
-+# percentage as the daemon runs.
-+
-+UpdateStoreInterval = 3600
-+
-+
-+# The minimum age of a file, in seconds, that will be uploaded. Avoids
-+# repeated uploads of a file which is constantly being modified.
-+
-+MinimumFileAge = 21600
-+
-+
-+# If a file is modified repeated, it won't be uploaded immediately in case
-+# it's modified again, due to the MinimumFileAge specified above. However, it
-+# should be uploaded eventually even if it is being modified repeatedly. This
-+# is how long we should wait, in seconds, after first noticing a change.
-+# (86400 seconds = 1 day)
-+
-+MaxUploadWait = 86400
-+
-+# If the connection is idle for some time (e.g. over 10 minutes or 600
-+# seconds, not sure exactly how long) then the server will give up and
-+# disconnect the client, resulting in Connection Protocol_Timeout errors
-+# on the server and TLSReadFailed or TLSWriteFailed errors on the client.
-+# Also, some firewalls and NAT gateways will kill idle connections after
-+# similar lengths of time.
-+#
-+# This can happen for example when most files are backed up already and
-+# don't need to be sent to the store again, while scanning a large
-+# directory, or while calculating diffs of a large file. To avoid this,
-+# KeepAliveTime specifies that special keep-alive messages should be sent
-+# when the connection is otherwise idle for a certain length of time,
-+# specified here in seconds.
-+#
-+# The default is that these messages are never sent, equivalent to setting
-+# this option to zero, but we recommend that all users enable this.
-+
-+KeepAliveTime = 120
-+
-+
-+# Files above this size (in bytes) are tracked, and if they are renamed they will simply be
-+# renamed on the server, rather than being uploaded again. (64k - 1)
-+
-+FileTrackingSizeThreshold = 65535
-+
-+
-+# The daemon does "changes only" uploads for files above this size (in bytes).
-+# Files less than it are uploaded whole without this extra processing.
-+
-+DiffingUploadSizeThreshold = 8192
-+
-+
-+# The limit on how much time is spent diffing files, in seconds. Most files
-+# shouldn't take very long, but if you have really big files you can use this
-+# to limit the time spent diffing them.
-+#
-+# * Reduce if you are having problems with processor usage.
-+#
-+# * Increase if you have large files, and think the upload of changes is too
-+# large and you want bbackupd to spend more time searching for unchanged
-+# blocks.
-+
-+MaximumDiffingTime = 120
-+
-+
-+# Uncomment this line to see exactly what the daemon is going when it's connected to the server.
-+
-+# ExtendedLogging = yes
-+
-+
-+# This specifies a program or script script which is run just before each
-+# sync, and ideally the full path to the interpreter. It will be run as the
-+# same user bbackupd is running as, usually root.
-+#
-+# The script must output (print) either "now" or a number to STDOUT (and a
-+# terminating newline, no quotes).
-+#
-+# If the result was "now", then the sync will happen. If it's a number, then
-+# no backup will happen for that number of seconds (bbackupd will pause) and
-+# then the script will be run again.
-+#
-+# Use this to temporarily stop bbackupd from syncronising or connecting to the
-+# store. For example, you could use this on a laptop to only backup when on a
-+# specific network, or when it has a working Internet connection.
-+
-+# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc
-+
-+
-+# Where the command socket is created in the filesystem.
-+
-+CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.sock
-+
-+# Uncomment the StoreObjectInfoFile to enable the experimental archiving
-+# of the daemon's state (including client store marker and configuration)
-+# between backup runs. This saves time and increases efficiency when
-+# bbackupd is frequently stopped and started, since it removes the need
-+# to rescan all directories on the remote server. However, it is new and
-+# not yet heavily tested, so use with caution.
-+
-+# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.state
-+
-+Server
-+{
-+ PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.pid
-+}
-+
-+
-+# BackupLocations specifies which locations on disc should be backed up. Each
-+# directory is in the format
-+#
-+# name
-+# {
-+# Path = /path/of/directory
-+# (optional exclude directives)
-+# }
-+#
-+# 'name' is derived from the Path by the config script, but should merely be
-+# unique.
-+#
-+# The exclude directives are of the form
-+#
-+# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname
-+#
-+# (The regex suffix is shown as 'sRegex' to make File or Dir plural)
-+#
-+# For example:
-+#
-+# ExcludeDir = /home/guest-user
-+# ExcludeFilesRegex = .(mp3|MP3)$
-+# AlwaysIncludeFile = /home/username/veryimportant.mp3
-+#
-+# This excludes the directory /home/guest-user from the backup along with all mp3
-+# files, except one MP3 file in particular.
-+#
-+# In general, Exclude excludes a file or directory, unless the directory is
-+# explicitly mentioned in a AlwaysInclude directive. However, Box Backup
-+# does NOT scan inside excluded directories and will never back up an
-+# AlwaysIncluded file or directory inside an excluded directory or any
-+# subdirectory thereof.
-+#
-+# To back up a directory inside an excluded directory, use a configuration
-+# like this, to ensure that each directory in the path to the important
-+# files is included, but none of their contents will be backed up except
-+# the directories further down that path to the important one.
-+#
-+# ExcludeDirsRegex = ^/home/user/bigfiles/
-+# ExcludeFilesRegex = ^/home/user/bigfiles/
-+# AlwaysIncludeDir = /home/user/bigfiles/path
-+# AlwaysIncludeDir = /home/user/bigfiles/path/to
-+# AlwaysIncludeDir = /home/user/bigfiles/path/important
-+# AlwaysIncludeDir = /home/user/bigfiles/path/important/files
-+# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/
-+# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/
-+#
-+# If a directive ends in Regex, then it is a regular expression rather than a
-+# explicit full pathname. See
-+#
-+# man 7 re_format
-+#
-+# for the regex syntax on your platform.
-+
-+BackupLocations
-+{
-+ home-chris-boxbackup-test-basicserver-testfiles-seclevel2-sha1
-+ {
-+ Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1
-+ }
-+}
-+
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG
-+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSHZEUGZxLnDFr0B02Utd5rF6YwYmhzLG
-+WNBnC0FBrCN0qJgjEHpQ0jqMGA9vIvBuesYhBmk8hOyJFHNtJB8MJyeHvKSwdwlF
-+Isz+gr60RGAKj290nSdFgMvMgkdqz6Vg4R9t94fzhxjk/BJyNjr8r+64hffIOQmM
-+YlmADLX38BLRLAfbVVkq/bRgqBFtmvFYTZKl6of1jVSWQLcXGShWE45lc5Hpd+qv
-+DRjzsQukb3gJmKU4DMW1BCaS8W6v7R0MG/5CooiwMRrct8puH4IeIDrByBz/0mRP
-+fMPjR2qpjx4EmLRcC39lGVBTnXLYM1XGIYsX7f1ssYZZXSSajUp9AgMBAAGgADAN
-+BgkqhkiG9w0BAQUFAAOCAQEAbDRc2PW9WnUu7F1g/mWQW8aGhyzMcYTp28kVEtMC
-+dvvbNLFWtWPXktM9PjR6F+3QRQktdXwYXsTctmGL4vvSKFd66gw4HklGe+Opiiw/
-+o9F6E2PAFzRYbMio7UYevs/RhktaJRkVyd81e8LtFHuUD3vqBY84NVeKwmxnbdoK
-+jzBj3x3COkLLiPTWjb+RgxnPWcNtXhLAcATZeCKBo4U0gvRL1NTMCslIumdhtD8h
-+BQOdEaSP2sB8o3mMEh8W5tgja4zWv1GszJK9sJNL/EZag331/++5H06yf8vPhQW7
-+rqRHA33CUe7XiqAkXp+Rgq5W97qcKIlo4uKRzCsTYC/QUg==
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEpAIBAAKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY
-+IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v
-+dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH
-+21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil
-+OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0
-+XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABAoIBAHLetfI6uXlOW/M4
-+BVJYKGNhQ8WAg69zHGpJRfrVYX5Zo62pI97gPifV1c3+lNtD41s0m4uqcQlVXAzS
-+2lZn0yqjV6+ApDJ0opLrM++8X4kmEgMDDwx2GNBUAFm3RY4slAzU7e8iAtsfz2JC
-+a1yNYiH1G3RE5FgzaGPt0Xg/DgqorT6uR5/jIzlSpqRse9sXG4/uGEmfkogMwvU+
-+gmcMOs+Jm7HbLMIGxzBydNTFoup1YUVSCuIjdJBpWRCbBaeYeTSoQgdAPALtwJgz
-+v8quFaJOkJMKIaXOF+1VN8w5rPTJJdfHtYITz6i0V5A7qSHR5jckbm0UWcXnEdaZ
-+YvkKRUECgYEA4krb4xrXLuSbUv70dKXybyNxEFK+IVG6NZG4+iaW8B8oU8+q8FzM
-+HPYAdppYKkYrjslKWIOwZdTsYa4Z8U/uhmMv4OpcCq7nYv6W/g1N/AMd8pEJvV9m
-+EQ5hY1uMg3rgorYWGDyh3HcYl2q4/9EJiPKUVoZb9IPeO3Po3TgK8A8CgYEAwcTf
-+EHJVs5F2mnetRhETpC5IGUB9OKbPm+JR6+BNFsh1vaPosobfYOzO6PJm0H/z4jMN
-+n29oc1SAphUXegE6gbVO8/hd9S4OhTq8egFO9Y/BN3/lHUYe/RPs2BZ+Foh70PH7
-+9l6K/UDrwJ458hBrFM/DCcjRRcw12GBPUZ8xkLMCgYEAlND8GDc/igQnLYajhs7X
-+R0V8hmqTxN+1YKNLjZ6xJoqm/68TUG0Ggok5NsY78tkgrg8sSFeaOu2y4m4Xe33A
-+dDpoczZMf24UlyKsc7iWL4RxPmMpj5NcUR0u6KN9Hb5CWl762seM/qqHzpQNw5ZZ
-++ejlqp1DfeL21Axe+JRxhPsCgYEAiYEWtoocbRhd7RHeYWl+4bSCL4FHG2usyjdZ
-+4SREMFXCz/fACuiRHiwOTNqvwWf7ftqx4SFjIuylerZe+ZJjnWY3iAQJURME9OCQ
-+nZfOG46PE75rrVF0bi20lken5H+oNcdzAQtoYH2wjvj5r+CczKD/DDN45qoaz9jQ
-+kOCCgOcCgYBDeOUq+6UoZMmx1c/H4MnRWMpHu0hNfivDEeJMYkxLMA98clstohc7
-+T4B4gaoCewJ5XVR72k+Oqgvy++d4g5EpRjFE8hVNjw7Vo3WP0+X5iI+TmBuLKh/c
-+Wl10t7jLE25vyLJs4nmQd4hav9gWMbP5l99sVq61DM6bMuRcQnyeIA==
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh
-@@ -0,0 +1,70 @@
-+#!/bin/sh
-+
-+# This script is run whenever bbackupd changes state or encounters a
-+# problem which requires the system administrator to assist:
-+#
-+# 1) The store is full, and no more data can be uploaded.
-+# 2) Some files or directories were not readable.
-+# 3) A backup run starts or finishes.
-+#
-+# The default script emails the system administrator, except for backups
-+# starting and stopping, where it does nothing.
-+
-+SUBJECT="BACKUP PROBLEM on host debian-unstable"
-+SENDTO="chris"
-+
-+if [ "$1" = "" ]; then
-+ echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2
-+ exit 2
-+elif [ "$1" = store-full ]; then
-+ sendmail: $SENDTO <<EOM
-+Subject: $SUBJECT (store full)
-+To: $SENDTO
-+
-+
-+The store account for debian-unstable is full.
-+
-+=============================
-+FILES ARE NOT BEING BACKED UP
-+=============================
-+
-+Please adjust the limits on account 1234567 on server localhost.
-+
-+EOM
-+elif [ "$1" = read-error ]; then
-+sendmail: $SENDTO <<EOM
-+Subject: $SUBJECT (read errors)
-+To: $SENDTO
-+
-+
-+Errors occured reading some files or directories for backup on debian-unstable.
-+
-+===================================
-+THESE FILES ARE NOT BEING BACKED UP
-+===================================
-+
-+Check the logs on debian-unstable for the files and directories which caused
-+these errors, and take appropriate action.
-+
-+Other files are being backed up.
-+
-+EOM
-+elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then
-+ # do nothing by default
-+ true
-+else
-+sendmail: $SENDTO <<EOM
-+Subject: $SUBJECT (unknown)
-+To: $SENDTO
-+
-+
-+The backup daemon on debian-unstable reported an unknown error ($1).
-+
-+==========================
-+FILES MAY NOT BE BACKED UP
-+==========================
-+
-+Please check the logs on debian-unstable.
-+
-+EOM
-+fi
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf
-@@ -0,0 +1,23 @@
-+
-+RaidFileConf = ./raidfile.conf
-+AccountDatabase = ./bbstored/accounts.txt
-+
-+# Uncomment this line to see exactly what commands are being received from clients.
-+# ExtendedLogging = yes
-+
-+# scan all accounts for files which need deleting every 15 minutes.
-+
-+TimeBetweenHousekeeping = 900
-+
-+Server
-+{
-+ PidFile = /var/run/bbstored.pid
-+ User = chris
-+ ListenAddresses = inet:localhost
-+ CertificateFile = ./bbstored/localhost-cert.pem
-+ PrivateKeyFile = ./bbstored/localhost-key.pem
-+ TrustedCAsFile = ./bbstored/clientCA.pem
-+ SSLSecurityLevel = 2
-+}
-+
-+
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
-+AQEFAAOCAQ8AMIIBCgKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr
-+/yoUBQz7/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M
-+36V5/k7wfF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodU
-+oqysEK3DF4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYa
-+sP0KqFH8CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4
-+iuekRol6dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABoAAwDQYJKoZI
-+hvcNAQEFBQADggEBACN8kdjf8P/OBMVytAKxWlXDAtG5A8qZz4e+aNM4JfXF//fP
-+pS5c+m0rpt6aop4N5n5MWyL54eJlhh+yyNdm2RmHvybJKHLTRCPzP3gtHaVZ4v2V
-+xWbDW+LuLMhDp70Ci1/CGWv+fQ2jmKPAtXGcbIsvjI+swLRtJDTwNV6B/dbS5QyF
-+6n8O+pSLS6l7vsXginavB+VLAWWdtCbZAgId9Io0BePN/LpVb2bLgzGfzBInSCFl
-+4bBN3dqC7nFkXdk+EXseA0L1NYUpXZoperzxMgDG74IMPwIomkb3elNP7xpz3Zgg
-+Y5xwL05H5Jj5aW3Ao9mY3LKK8ZmAQnljOsyQsKc=
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEowIBAAKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr/yoUBQz7
-+/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M36V5/k7w
-+fF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodUoqysEK3D
-+F4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYasP0KqFH8
-+CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4iuekRol6
-+dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABAoIBACvo7mCprwvs5QuA
-+eKdG9OvnQD8LwzXpIUcOkxz0+Y3wN9dHkQS4jp36+BH2yjsJUR8x0gbpeZCIWlP3
-+E5Uvb1Cg5D6ckqeJX/wQLxSmEZualJwhztHxVCgO+xvSOsrcT/wTGa6hQwkxIn8b
-+6WOaMH7gHxtynUdJGMgOo8GAGQf1yVganOo8hk/jARjln3Cyg+0018a8P0bZHI5L
-+2EJgXSvVo5N4s0sVxMTDUX80YMmpH5M1duCYRitJwZCDMg5xOjootvfzw9pDD40/
-+JsQHxdCfotDEBOVym7mKqxOUowwA+8vKG5yOkG7Fb7QmO9UkujqBCQs7n9q+0wj5
-+3OV872ECgYEA+YwqJ+vk8EK6Eo4ZJmYNhreKDtfTCiv4CRpxWimyf8fShhPSpcur
-+JSMl7OLuJhqsWIoGs5v1QSMhaSckLVq5lSZ7czVyC/ZFmhXN8LmfdYJ3LuSfEhG/
-+ma9c2qXXC9EbTgdRg5lFSIugBFEHv+656Jn6Oj4hN/V8bd0EDgSY7Q0CgYEA0HRR
-+esMH2YSGztoauzl0FmOHrH53diTpCNBzh2ZEwQgHcTbHK3VfDqN0bsUx4SwZW/Wj
-+o7elnrBDHdVa8LMbUq7DH5YzRnfbGJHcKhUCTI3eT0wfpKvnyptIwRaKozS313rx
-++5ZePf51krnYTs6p73Nvu7ALUwTLLi57PZQKJwUCgYB2B0JlEWB99sF1RzpD/B7H
-+qgWlUZUiiXtOKvCT+YbQgx1ihvupqTPwY7hrW0XSRelgEyBqUQhl34zM5FNrFC8U
-+iVf4PL4NRFTVNRzrj5AJD0T5q+5EqJpbwSKE081rbGKivDlkqdioIEn14LFuqSXL
-+CxDb/UjO49APUmq5ipkd/QKBgQCfSxPsrNb1yMk/jvn4coochchq72WYudH+c1Sl
-+dmg53knZoROISTPvusbB0x0vxgRG+qom9LKyVl2jkaPh5eyOPZBMNfpO8k5SMzw8
-+SDuuhocIr9JKgzco44swSmp9F08ZchEywZCY7TepfS0n49OGcP9EPN4afcJKMyjo
-+QJWVhQKBgH47nr45MgQJIoeUzmDPL/N9jAlG4+MvfsGvZxtGeRij68TYFStPEccO
-+GJH09GQZgxvz8YbamC4KEA67PlwOdm/4ITs4HAE+tX6gaYeXG8XTw/azQdx0ZhXu
-+EIhyRvSeCfXq/hi4Qef2yIx3YLarPXw1E38Xtl0MOl+yGg827Imt
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem
-@@ -0,0 +1,17 @@
-+-----BEGIN CERTIFICATE-----
-+MIICsTCCAZkCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5
-+c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDU3NDBaFw0zMzAxMDQyMDU3NDBa
-+MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC
-+AQ8AMIIBCgKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY
-+IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v
-+dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH
-+21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil
-+OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0
-+XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABMA0GCSqGSIb3DQEBBQUA
-+A4IBAQBvwLWvNs2FhwNhjCA0A4r6hbKcdZDqmHT+EJpf1Os/f5A1fTah5u2UvNiQ
-+jYkI7u5dds/pSRDQ+1itbq2ltHq59QolMDN80xbrqgW2SCYIzBqR5i+plIIlGaM+
-+Cih9QUrbZO1qBSA9nvuqFOGdi4tca+rkkuogWWNsngEydS32EmcI/cTcrubMKnYT
-+aW3+z46D42uZwljlhjnDDRbbvwpqd1h4NPbJcadelZnG3fsO0MCWi8LLp8Sepot7
-+oDoseZ55JtYSjQuLFzfvgbvdkl/AQS1J+0Tjf2pq1zjIJmZ8qCuCP694z2BzRMTp
-+y0vJrXoCFTpVaNZZJx+x8ZqKjp3J
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v
-+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcxnm27tjpmhPdI23hV
-+VLerRKdYRutug9EaVwoegRzsnx/+6vBrnXQFbqenA2MR9yMhje+CJqZJcKoEyN6o
-+hSuv2vpMUOxLquUjhzv184rxp8dVcz1E6zpnxo5vJw8NoxN65SEjMKxFcO8e/RwQ
-+Pb8Yot1wEantMZKUu9qQ45lPCJH1VdPES09D6yMc62P7gOkybR4MZE7t2Wm9Bbx6
-+H3Ag9OaSuYJOhf3614SvZQFmUlr07X/RFGsAixXi7CWqMjPKZDpG0PALVnKeKrfj
-+5gftcEUVVh2jRtfwN7DcTQu1f0Cv3Ixvv7T0lOK1BXGt5S8/l1RLeCNkzzIDyyEM
-+92UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB9d+4iZAtngEGpbtuHEhWssZKP
-+fisCUA+XokqrQ5Bw8wpE/zh4WHBfKDE0mrXARiJABKJqTVUI/fI9cGVWvRj17yxv
-+aIuZdYsZgAWhy6U2u0I8Kyul4URnDJq+JiqKOwYDjduZRi6axsjqVoWqeyRn0M1o
-+05d5O+TzS6uH9JhdYzpBeQVRweH4Dq374ApJu55RW+RQ7CpFQpW1cCqm3nMybNoM
-+uMMDTXeV09jh8DE63VE5GLi2N9/DaAD8VrrGuZWRFUhEvxHe8Qs8gCX7ep+9rUlS
-++Vn0880ItjjBRQwDaSkJqQaGL0Wq4eBSTx9WcvIer9XFfwUYKOFVIPwQqDqn
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEowIBAAKCAQEAxzGebbu2OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q
-+8GuddAVup6cDYxH3IyGN74ImpklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1Vz
-+PUTrOmfGjm8nDw2jE3rlISMwrEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV
-+08RLT0PrIxzrY/uA6TJtHgxkTu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTt
-+f9EUawCLFeLsJaoyM8pkOkbQ8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/c
-+jG+/tPSU4rUFca3lLz+XVEt4I2TPMgPLIQz3ZQIDAQABAoIBAQC1TQJIGmw4J4uq
-+j5PCqNgc/DPWpNCYBNTRg8npGe6mZvBGbP1lqm17Zl5bFfZNO9LXFPldH/cRrxJu
-+jUBO+M+M/divrLqS+CQpvvadqrTqqBzvn2TuRUZcuIvOpHjGiMD/QAJA8QiiI+ow
-+muIBov6wajoClrhdE9jk858vxmSB6gE4czdTrXvZQXC+9EyuaqrLQeTuJbz1JNGN
-+jR61iSZWBfI6Ige+PSKpIQW/pU1+2QHyUNhTqN9V8Cxw0tVnOCZxNlWbXIaqsowa
-+s4lzfYVvK1NsHitX3wIRJv3gPt3JYN8VIwpq86w1CDxvmEQUuj6VYGDj1n278z4h
-+4CaZGNFBAoGBAP/b++wVZ1D0glBRhXghCMqGi/bzBySD+XDzd2DwVRM6jkX4Krof
-+MPflg2AMGXOvYYEoDtNWPHYzLts45zpOY111DA4OKqLL1QgTOOtjjd4b/+AaQOKt
-+m/Gvr9WFdqCjtO2rcv4546nB4M6bf6umHqoeKK947mi08jmW9VvZhaC5AoGBAMdN
-+qIYmnR17s9He9/jgU9zfp+21fC9GSDI9MrdaGP9E4EAeg95Sn3ppplzVeIW+c2b/
-+0MuhdbR2dn7JoXcJKlO2qcadvsRWURvR0ofWbjcKoKdAHlShsNIfT8cWfk7E1DL3
-+04JTWFcLA7M5RkdT9y2/N4NNKAZ37ZWO10r5jz4NAoGAXWh8gmYV//IkGRqJ9Z9p
-+zDZupst20hf0Ww4niRZ0mL6J7nV5c9WrVPVPjyMbr6ZZnIN5ViJnlGd/Nb2CfUDc
-++eOfcQou+pwbvAT4hMclpe7m7XPoOFlVU1jmgrdk5aSeix5KrxGHUhRb9FHEvG+7
-+RjQYemdV8pgMzoWUMeIp7NECgYB/39rN3/6UySbR9E6EF2KXZ8T2Jqh8KIrv+QYO
-+UDeTqVx8p1eSkM6UGy9LhwfiQBUJM/+Cd6Du3ccfiD0aA/5tYdjCf7nDfWJjCBgd
-+Yb6rgB0d0mzjfi7WUpK8OTlnTrCb1xiVGOaoSn/gQVJPN5dzeamjjCCvLcl5WQHX
-+sBFxDQKBgAYnvJcaXYiyDW2fpdKodzf0AwPBaR2yUJsO2Zm2RpigrpAkpSo5lk5N
-+GTWEbWUeENlgapQot5pxKbX07wSpifG3eAULusJuwd9+Ys04GZMYR9T+JXxjLQq7
-+hxlWFoj/8o8zh5tGWocqvmTgIiFngwLpHRFStrAhmFSWtHlsgruV
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v
-+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmT9t4A51xpeJ3h6ddg
-+l2wYFYSp2YdquKX85hipesYp0EIlrPHDdHXFjDS50ZhI62+2hxr/qCtSWwsAiNoK
-+xSopXMVd6BO6eYPM0KqW4BMnqsKewv39uDiIHVQblB/3/4nd2Jx3sxGIdFivCDuo
-+nqYm4BT5vEvHWG1Z+FtGqdPGZk4UG53Rx6ewHCYwpXUgCxJE814fruw+aWXPI0U3
-+QYCgehOTP5+zcONaFP9aSVd5GXqCtF+MgZYSSK4exL33gKsaDXwhiTJ2IgOs4YpN
-+HG4fu/ct4ppwArHvaHMuLKS6IgFjCHYCqMD/N2+ZpszPWzI5KGprfHZxl0uTLGTd
-+HdsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCflWlk+xCivLP+EK8oh0VCuTo2
-+qLMuPOR8GU+gVUN1z68T4j/ZsI0NKox++9NOzGwTE/cSpN+nfLNdhPwOM+TrRtS/
-+iDrTSDMSVK4SjIQ9iEaINbfOZOv52l9vkyCR/u0TrnnkjXknzU9ZQmnDvj2e8K/B
-+lq7LjvxeMxvLeZKfISr5XGcnUvhGcJkG6Cdkk6OIYUL7oDmBjS3IBzNTVTVmMB/U
-+fHMURt/+ljmYKwNN8J7bG8nsMc/UnqqSLqBpPovup/+Ol8pbAjPNaLrQTz5PrN/k
-+0PwqzbSJ52HEQY+kwpWLpx47p8ArQhD+YTaCUxyqzBWAI573rMdiAh/ZKVVi
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEpAIBAAKCAQEAyZP23gDnXGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs
-+8cN0dcWMNLnRmEjrb7aHGv+oK1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C
-+/f24OIgdVBuUH/f/id3YnHezEYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQb
-+ndHHp7AcJjCldSALEkTzXh+u7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0
-+X4yBlhJIrh7EvfeAqxoNfCGJMnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMI
-+dgKowP83b5mmzM9bMjkoamt8dnGXS5MsZN0d2wIDAQABAoIBAQCKVJ3+74PV6RM6
-+1YORp9mB9m0d4ylCQryAPDLzDasRPjSKkCxEpKrQ/0YeEL6C0NewjAPfRT50rEmK
-+HU3Mw8NWEZh2YOEYWMl25yDzUCJpQrluYWDSyECZmt71jw9xeNDGHZW+mm4qRAgD
-+q+nsduSYhOkVu+O55Q0Lzcgfaziz+KNlZNFyjQpyrwCoj9lssL+ZYfhFZV2OnPof
-+QLQpCEmrqzFaE9oFDjXxRkvmEBgtxPqSHNg2ZoFuVRAwcal8WHJbf7twCyQKB4i4
-+UFV/SX70qw4pfX53rfUoxUNEJgnnJIpOV0q2N/FO3CPYMjvdSoqkhbaIa2D4c37h
-+8aB0HCjxAoGBAPukpme3nRy7ybr5P8XomkIy+36sH8hLRoDZCNnz8UJa1OmrA8tG
-+yKch9vlBMDXjzDQ0Uq8OFSjFN7uQF5zLx4UU2eL/ptEWEmDpPZui7YmI5Ep/ZK4k
-+reK4op0tJ2fy7Fhq6IoBKvUVN3waWXzmObq77IKIQ5t1Z+MyfHEAtvKHAoGBAM0R
-+aXluyt3+RwOE2RdlwgSDnHYNvKAUfmkOIVprFEb13LQABbna5BmNIa/rZ+RDtNza
-+2/Tzqpmq8OVQkF9ATqjba+Y6GAoDwaAcvVwDrjoYtlI8zjnFEhhgVl455QlEZc5O
-+qxOPYx4Kt60Cc6ee8L9gPvJUIAQLyyCjv1IWYQsNAoGBANWkPALiSGkUpXgwFIyZ
-+ph192zb4OyN5hSnvGSyxhqqnIwwfPOFf/wqmM1/6kEuwUrYflfM5KY2rol2DQAjG
-+mWXLBhFKqv3ol0Hfw4ZXFQQnTGpTLc8LJPXPe3+lzkbaXv3SBgrkYuwgTzL1y/PW
-+Ijz/PxSzS3K4grLJMg1eZfQRAoGAOuatbPutuWW38ALQeC/6MmG7Jw17CF/aj0JH
-+wjjPcjJcWjdHbcK5kb0/18+934qzAFy8oPb8IXdACh3B2hoWfdnIfDBjhzzc+KhI
-+m41TFczTUXu1oFJCiE3jgN0QNEE5HLDr4opk5dQePctefN7iN5XlfqU7LO5WQeHG
-+qkVTSmECgYB+pEKVBHyKyJtdnWhrVr8vhlJH7fh6VUkL4gnuoiFcfPn2gyw6UX7E
-+9tls3aoxx47jvaJuoaNjiaT8ZZ4C0mx/L7XNHxiQHRb89nPC+WvapplDw+1XA0JK
-+k/JenbDUXuEPrdoJh30lwwYqNBEJTstFbYILDhbaw4Ud6hRUrIfQOA==
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem
-@@ -0,0 +1,18 @@
-+-----BEGIN CERTIFICATE-----
-+MIICzzCCAbcCFDMFGbY+8snuTNZA311AVJo5GvwmMA0GCSqGSIb3DQEBBQUAMCQx
-+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1
-+NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs
-+aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzGebbu2
-+OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q8GuddAVup6cDYxH3IyGN74Im
-+pklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1VzPUTrOmfGjm8nDw2jE3rlISMw
-+rEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV08RLT0PrIxzrY/uA6TJtHgxk
-+Tu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTtf9EUawCLFeLsJaoyM8pkOkbQ
-+8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/cjG+/tPSU4rUFca3lLz+XVEt4
-+I2TPMgPLIQz3ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCUifYeul9/GHa2LV6/
-+k9ZKOjcSmmDud8sTwfum3CuHLb9ODcKMaNz/vzPYeVyN7MZvXJIAqxaxrrToye46
-+pDRQnguPNI5XU+Vb2l3Xvm7WBRGcxkAInkYBB7GwxmfffPS9/JrdPzxD6h3z8IOT
-+jwzULNmNDse7Wf1hrgS1qKcCzJA1b1rLnZcrU+z3OUvLiR/8Bo/IuwXZVoNqDdq7
-+NzrqYT4x0J4P5PuBQHPB/fHMFDc1HoCgLG9b42th71kDoxG7IH2r02FzVjF8qIvD
-+eQes3VbI7BDT/f0L2r1FHcA7FVRUqTWnEWby/PjTZiRCSPKUG7RqAplrOKmk9JuN
-+PkkW
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl
-@@ -0,0 +1 @@
-+01
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem
-@@ -0,0 +1,18 @@
-+-----BEGIN CERTIFICATE-----
-+MIICzzCCAbcCFGAQPLcwEruVZrE+h1tmI7s9CffgMA0GCSqGSIb3DQEBBQUAMCQx
-+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1
-+NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl
-+cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZP23gDn
-+XGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs8cN0dcWMNLnRmEjrb7aHGv+o
-+K1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C/f24OIgdVBuUH/f/id3YnHez
-+EYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQbndHHp7AcJjCldSALEkTzXh+u
-+7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0X4yBlhJIrh7EvfeAqxoNfCGJ
-+MnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMIdgKowP83b5mmzM9bMjkoamt8
-+dnGXS5MsZN0d2wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCHI5RDuqx9hu0anQRC
-+dREc+3agRxq4C+Fo0mrsF1CWooO9lGyWvJqygiBGqOSjMi3D8AoyQXhxcvf1EniP
-+CHCpqlP+h+6qILbtBizTTtHhceTpXiU5Se/yJvm9814jJrXVp10akShXzBlc4W/2
-+O0NX6b1B0De2z+YJydB+meZws7wgGD3eZCBr2uF2seYTNitKmNfUfq9UXxxCKcMu
-+eeRzWGM1UDFaRbN7FKNo6YpUE21olZEjxF8xOfyuWOYxv8qNTck89SurOwj4as/o
-+CLJLVQ7i/keqt1XXXOSpp46CkRoEmmuxHuql44dToQOLZH1RcZLOMHSPO3OdNo5Z
-+o2Do
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl
-@@ -0,0 +1 @@
-+01
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem
-@@ -0,0 +1,17 @@
-+-----BEGIN CERTIFICATE-----
-+MIICrDCCAZQCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5
-+c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDU3MzhaFw0zMzAxMDQyMDU3Mzha
-+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-+AQoCggEBAMszRTCOAQqXf7xrz7Hm/FPzWWA0Gep1e5xcAz7Mq/8qFAUM+/4BABT/
-+WaPvAvYfPTdnT7sVTYMpcm4lztYnMvDbB/sZE7SVz0qov0POzN+lef5O8HxeisfW
-+srgdntcYPOOH7mN5ZWGnDsqANTVj9w2kD/jM7cbryqiuCZ6HVKKsrBCtwxeBdahU
-+h4dX7puZ2PhgT2mY4Z+p7P6a0D/A3um3LRI1ABGEiqlIzSaWGrD9CqhR/AqGNWRm
-+v3+Z9Amf/VU+TfjZtEwNR8F9kHh9Idcqfyx+drQ+v/E/V6oCuIrnpEaJenZI+t41
-+z51UiuDUhZLE8ybEAgATlM+JFymbnEECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-+dYM0WTSCb0AN6eGhlbyNsENnUwLYjDE7ojVD2pY0Ab4ik04DIfTm5piqEkz5HBaI
-+1ZIEtYlImnvQ9cax1m+8LrVS2tflPpZ0CqWT+In7EncuI1lONZJfYELITDgU3LWx
-+FEfNQJaOv0Uc8u8GG29d22a50/jTfZr20puM7mYQkLaUJLHgoTImYg6M8W3Ggkyt
-+DO/yrtPUWm424wCYx+f3DgOrraFtiRLdqUpy5+bRqmzTuEFMAARqt4uudF6MR36n
-+hBIXg1jYKGrZMLwi60vfdtwe+zpAV/7SRGLbekhB6iAcVIXuom2aD7rlIcJHW/wd
-+hk9u7ie0JVDdu0R4I5Z9vw==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf
-@@ -0,0 +1,10 @@
-+
-+disc0
-+{
-+ SetNumber = 0
-+ BlockSize = 1024
-+ Dir0 = .
-+ Dir1 = .
-+ Dir2 = .
-+}
-+
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf
-@@ -0,0 +1,195 @@
-+
-+StoreHostname = localhost
-+AccountNumber = 0x1234567
-+KeysFile = ./bbackupd/1234567-FileEncKeys.raw
-+
-+CertificateFile = ./bbackupd/1234567-cert.pem
-+PrivateKeyFile = ./bbackupd/1234567-key.pem
-+TrustedCAsFile = ./bbackupd/serverCA.pem
-+
-+DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2
-+
-+
-+# This script is run whenever bbackupd changes state or encounters a
-+# problem which requires the system administrator to assist:
-+#
-+# 1) The store is full, and no more data can be uploaded.
-+# 2) Some files or directories were not readable.
-+# 3) A backup run starts or finishes.
-+#
-+# The default script emails the system administrator, except for backups
-+# starting and stopping, where it does nothing.
-+
-+NotifyScript = ./bbackupd/NotifySysadmin.sh
-+
-+
-+# The number of seconds between backup runs under normal conditions. To avoid
-+# cycles of load on the server, this time is randomly adjusted by a small
-+# percentage as the daemon runs.
-+
-+UpdateStoreInterval = 3600
-+
-+
-+# The minimum age of a file, in seconds, that will be uploaded. Avoids
-+# repeated uploads of a file which is constantly being modified.
-+
-+MinimumFileAge = 21600
-+
-+
-+# If a file is modified repeated, it won't be uploaded immediately in case
-+# it's modified again, due to the MinimumFileAge specified above. However, it
-+# should be uploaded eventually even if it is being modified repeatedly. This
-+# is how long we should wait, in seconds, after first noticing a change.
-+# (86400 seconds = 1 day)
-+
-+MaxUploadWait = 86400
-+
-+# If the connection is idle for some time (e.g. over 10 minutes or 600
-+# seconds, not sure exactly how long) then the server will give up and
-+# disconnect the client, resulting in Connection Protocol_Timeout errors
-+# on the server and TLSReadFailed or TLSWriteFailed errors on the client.
-+# Also, some firewalls and NAT gateways will kill idle connections after
-+# similar lengths of time.
-+#
-+# This can happen for example when most files are backed up already and
-+# don't need to be sent to the store again, while scanning a large
-+# directory, or while calculating diffs of a large file. To avoid this,
-+# KeepAliveTime specifies that special keep-alive messages should be sent
-+# when the connection is otherwise idle for a certain length of time,
-+# specified here in seconds.
-+#
-+# The default is that these messages are never sent, equivalent to setting
-+# this option to zero, but we recommend that all users enable this.
-+
-+KeepAliveTime = 120
-+
-+
-+# Files above this size (in bytes) are tracked, and if they are renamed they will simply be
-+# renamed on the server, rather than being uploaded again. (64k - 1)
-+
-+FileTrackingSizeThreshold = 65535
-+
-+
-+# The daemon does "changes only" uploads for files above this size (in bytes).
-+# Files less than it are uploaded whole without this extra processing.
-+
-+DiffingUploadSizeThreshold = 8192
-+
-+
-+# The limit on how much time is spent diffing files, in seconds. Most files
-+# shouldn't take very long, but if you have really big files you can use this
-+# to limit the time spent diffing them.
-+#
-+# * Reduce if you are having problems with processor usage.
-+#
-+# * Increase if you have large files, and think the upload of changes is too
-+# large and you want bbackupd to spend more time searching for unchanged
-+# blocks.
-+
-+MaximumDiffingTime = 120
-+
-+
-+# Uncomment this line to see exactly what the daemon is going when it's connected to the server.
-+
-+# ExtendedLogging = yes
-+
-+
-+# This specifies a program or script script which is run just before each
-+# sync, and ideally the full path to the interpreter. It will be run as the
-+# same user bbackupd is running as, usually root.
-+#
-+# The script must output (print) either "now" or a number to STDOUT (and a
-+# terminating newline, no quotes).
-+#
-+# If the result was "now", then the sync will happen. If it's a number, then
-+# no backup will happen for that number of seconds (bbackupd will pause) and
-+# then the script will be run again.
-+#
-+# Use this to temporarily stop bbackupd from syncronising or connecting to the
-+# store. For example, you could use this on a laptop to only backup when on a
-+# specific network, or when it has a working Internet connection.
-+
-+# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc
-+
-+
-+# Where the command socket is created in the filesystem.
-+
-+CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.sock
-+
-+# Uncomment the StoreObjectInfoFile to enable the experimental archiving
-+# of the daemon's state (including client store marker and configuration)
-+# between backup runs. This saves time and increases efficiency when
-+# bbackupd is frequently stopped and started, since it removes the need
-+# to rescan all directories on the remote server. However, it is new and
-+# not yet heavily tested, so use with caution.
-+
-+# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.state
-+
-+Server
-+{
-+ PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.pid
-+}
-+
-+
-+# BackupLocations specifies which locations on disc should be backed up. Each
-+# directory is in the format
-+#
-+# name
-+# {
-+# Path = /path/of/directory
-+# (optional exclude directives)
-+# }
-+#
-+# 'name' is derived from the Path by the config script, but should merely be
-+# unique.
-+#
-+# The exclude directives are of the form
-+#
-+# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname
-+#
-+# (The regex suffix is shown as 'sRegex' to make File or Dir plural)
-+#
-+# For example:
-+#
-+# ExcludeDir = /home/guest-user
-+# ExcludeFilesRegex = .(mp3|MP3)$
-+# AlwaysIncludeFile = /home/username/veryimportant.mp3
-+#
-+# This excludes the directory /home/guest-user from the backup along with all mp3
-+# files, except one MP3 file in particular.
-+#
-+# In general, Exclude excludes a file or directory, unless the directory is
-+# explicitly mentioned in a AlwaysInclude directive. However, Box Backup
-+# does NOT scan inside excluded directories and will never back up an
-+# AlwaysIncluded file or directory inside an excluded directory or any
-+# subdirectory thereof.
-+#
-+# To back up a directory inside an excluded directory, use a configuration
-+# like this, to ensure that each directory in the path to the important
-+# files is included, but none of their contents will be backed up except
-+# the directories further down that path to the important one.
-+#
-+# ExcludeDirsRegex = ^/home/user/bigfiles/
-+# ExcludeFilesRegex = ^/home/user/bigfiles/
-+# AlwaysIncludeDir = /home/user/bigfiles/path
-+# AlwaysIncludeDir = /home/user/bigfiles/path/to
-+# AlwaysIncludeDir = /home/user/bigfiles/path/important
-+# AlwaysIncludeDir = /home/user/bigfiles/path/important/files
-+# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/
-+# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/
-+#
-+# If a directive ends in Regex, then it is a regular expression rather than a
-+# explicit full pathname. See
-+#
-+# man 7 re_format
-+#
-+# for the regex syntax on your platform.
-+
-+BackupLocations
-+{
-+ home-chris-boxbackup-test-basicserver-testfiles-seclevel2
-+ {
-+ Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2
-+ }
-+}
-+
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG
-+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeKRy4ppAb1cByCRkt2f1j+6iv7AWdF92p
-+nPlzXPbLhP/edfuyVPFyBY46p+z6j4p9TrccMjUi4RPMx6dqyL2/o3Qzg3PhoHPq
-+2fexEkrBSJ1bbL6hXjadzE53wiONj/8nSzFyzqR3/IhKNM0ssR10cqq64VgoiWOR
-+GHYTTEbQy1k9WvoReC+diTEqIDBLif1EQJ+c/3iUopqtaVZWNS1LV5DX/u2Y1anX
-+gO1s8jQaYlTtyNZyOi9lwXYXj4mH0mil2Hfh3IKD6GqB4HpFDUZ0/NHFRDvjdwfW
-+4RTad55l8dWparOyie/QzFRj6Ua1746FsbUw2pERdmHAMshLpxkNAgMBAAGgADAN
-+BgkqhkiG9w0BAQsFAAOCAQEAuW/o02Ga2yICJSJIrq44T+dIddakxhUPfIvAEWXs
-+7Cap9qzmBNOAfzFqvbdVgsqC9/WCnpumf9ZpjkXvUy/6EB77HbtiJAXukT2DvFbo
-+7mvbuh10YGv/AdZxLR2tMXmk9YqV6kgXdXFn18u8Vv35aYa4hru5q16m9QVhkeW+
-+UAJCsjhYVISVWW5Pss5mgL058viMHt3T5X3+2ybMdsfLe5BfRbsPxnFClKfBg6QS
-+3yH5JxQdfJlg64z4uQNHNbsWJ5mRBPEYawZ2ge+HmWb6xnuGLR3Dg5ZbbB0hvAO6
-+kw7sZ1at9bX+MWz7rTvgKyxFXcGVXZ40/UQlgfzMiLEAHg==
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEpAIBAAKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7
-+slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+
-+oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6
-+EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW
-+cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz
-+sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABAoIBAF1cH5LFhGf+ItqJ
-+Ukh/hEnBFzme0RkcT22Y5weA+MG8SZ6eLEDcC38kMIobya3eJo/URYUW4FehCKYU
-+/RkV9Q+UzB9dzZPyzuPR55JFIp8pOd+SymWb5w3XLt6K+k/iRJKpucUKa/l0aX3t
-+xI9UexFVosPYMSkP24S9J9miQ1w4X8D1laJPi5KWrbdzDZxy5geoNmS0veQl6mRf
-+91Owxsa15wQpxNoVesAiGbrHb5ljMsBovYgljRL6rqA9THXPXfcDkWkabfGai/kD
-+AktxqPGUELxjD7gSO5G4ygCcGTeIEJbOfwgDtr59V518kVzwVNAxOKb7lfDM/l4D
-+v0H3liECgYEA+nh1RjwOm2db+yW0hQ2DTCA84by2AyKP7nCwD7CjrGaXrm7zfQ+U
-+VqSgpDg+xH9/Caa9P1n6zSZSEiXrCePQL6UsREj8sd+st7Uah9eQOc3vywxizGN6
-+VMqqmctn+gKKxkmv8T6YtWblDDqOA/7yYlCaH0l7WUO+HKAl7MhaGgUCgYEA4xCo
-+2bGwbaT7lLdFtOU2+erM2lbA4NzBkR7Mjpq16JiPPFdSF680XBRL0uNR0r2GFucM
-+gG8Z+ktV1QosY22546Z3fl7+jcyZC4uramDicpAxnmEGIdPnqIkEPhZzKvV0uRGj
-+tXs2qnJ9ztK7hf+PRwdQEvqCNLkoy+pQPG/bSWkCgYAvH36g6ietYTLS+3MNHU+4
-+gNAzgDeWO2hs6dKWARuqEdszvDgfLVExQ+PdQZ+9hGc4P6CXTKx88Fq8g1nHEI9Y
-+h3DeoAS6ymRKY85MBGhkF7SntPrZjVW0ojSansQ/Kz9EsxRhBO/iISuys0mIwuyD
-+RrrYbBDC6JXZ+N9pvwAEqQKBgQCI4DgI0pY54iRN55S7kRjs2l+Wlok6g5ijtF82
-+74gMqDpf83tnD5SOlSWIAMQIN3snPyxIF7EfMl6RR8quPSy7UFPj97uXGuh/DzjL
-+rY+T49wlTvN1XNnevIm0K7BNCx3LmhiHg7jWUqIIFPw5sG5cMMpSRnRK9/rhwWOQ
-+qxUTUQKBgQDYUi6255mUI23dYxCyY7P6rIcGiKqhiAJ5HbGShMFhpA94WS3m6YmJ
-+sQTip0kykY168klOcRqt8y3RLS5UB1aYBMYvtFuk5wbUcuXFeGcIsuUIZeR3iueg
-+G0MEhf9hgmBK/xkpfoiLJ+E0hFHqER57N6KCuEK0NWC1Vgqo8X79MQ==
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh
-@@ -0,0 +1,70 @@
-+#!/bin/sh
-+
-+# This script is run whenever bbackupd changes state or encounters a
-+# problem which requires the system administrator to assist:
-+#
-+# 1) The store is full, and no more data can be uploaded.
-+# 2) Some files or directories were not readable.
-+# 3) A backup run starts or finishes.
-+#
-+# The default script emails the system administrator, except for backups
-+# starting and stopping, where it does nothing.
-+
-+SUBJECT="BACKUP PROBLEM on host debian-unstable"
-+SENDTO="chris"
-+
-+if [ "$1" = "" ]; then
-+ echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2
-+ exit 2
-+elif [ "$1" = store-full ]; then
-+ sendmail: $SENDTO <<EOM
-+Subject: $SUBJECT (store full)
-+To: $SENDTO
-+
-+
-+The store account for debian-unstable is full.
-+
-+=============================
-+FILES ARE NOT BEING BACKED UP
-+=============================
-+
-+Please adjust the limits on account 1234567 on server localhost.
-+
-+EOM
-+elif [ "$1" = read-error ]; then
-+sendmail: $SENDTO <<EOM
-+Subject: $SUBJECT (read errors)
-+To: $SENDTO
-+
-+
-+Errors occured reading some files or directories for backup on debian-unstable.
-+
-+===================================
-+THESE FILES ARE NOT BEING BACKED UP
-+===================================
-+
-+Check the logs on debian-unstable for the files and directories which caused
-+these errors, and take appropriate action.
-+
-+Other files are being backed up.
-+
-+EOM
-+elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then
-+ # do nothing by default
-+ true
-+else
-+sendmail: $SENDTO <<EOM
-+Subject: $SUBJECT (unknown)
-+To: $SENDTO
-+
-+
-+The backup daemon on debian-unstable reported an unknown error ($1).
-+
-+==========================
-+FILES MAY NOT BE BACKED UP
-+==========================
-+
-+Please check the logs on debian-unstable.
-+
-+EOM
-+fi
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf
-@@ -0,0 +1,23 @@
-+
-+RaidFileConf = ./raidfile.conf
-+AccountDatabase = ./bbstored/accounts.txt
-+
-+# Uncomment this line to see exactly what commands are being received from clients.
-+# ExtendedLogging = yes
-+
-+# scan all accounts for files which need deleting every 15 minutes.
-+
-+TimeBetweenHousekeeping = 900
-+
-+Server
-+{
-+ PidFile = /var/run/bbstored.pid
-+ User = chris
-+ ListenAddresses = inet:localhost
-+ CertificateFile = ./bbstored/localhost-cert.pem
-+ PrivateKeyFile = ./bbstored/localhost-key.pem
-+ TrustedCAsFile = ./bbstored/clientCA.pem
-+ SSLSecurityLevel = 2
-+}
-+
-+
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
-+AQEFAAOCAQ8AMIIBCgKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuX
-+UrO4+xJIBYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXw
-+uw3IDQESFbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d
-+4hbAq/uPd5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCB
-+i0MfyCIq2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5bt
-+AVIok/NIWX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABoAAwDQYJKoZI
-+hvcNAQEFBQADggEBAJVk9eAleSiTsV3Pdq3L01WEyndnmpbU1FcExJWg5xb95xbX
-+Ojxi6g/NhBodAWl6GHJEUTQ+eJHrZ/hTLD6ZHeX9CGxmxOIvpKJCoOiQU7zamLaq
-+K6aP8BoG21h2MccnbKlrSFF/c89SzH78r2fgWpUqFUCxobemKfvUbdHSaNlOWxh9
-+yO3q1P/ZK0wl/V0CG9kdkUfpl9OLATilBiJayrpX92Ef/U6JkX3ZFEG9vTGBSXXU
-+5QQM7BrPDgMsaTNDv9N1oPCVrUKfQ7Ts2pTEKU/oMA8fYZKX2GFZ/LDXj4C7clQ4
-+LJakbh26NhrohTjecHvJCxIDAk2xLipwmXLmVoU=
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEowIBAAKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuXUrO4+xJI
-+BYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXwuw3IDQES
-+FbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d4hbAq/uP
-+d5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCBi0MfyCIq
-+2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5btAVIok/NI
-+WX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABAoIBAGc/FF6bIlU5R8rs
-+0m1QcK7VHL3GwUOUfybZ9llVvhJ/uANm5I39K5peislor9ihN/hT791MpY2swoF2
-+kXBfIFySRJWNo26LHmzE+sA41QXHfUeMBdLEX3VK8Bt/gGYyOMwk8DK8RlmD6LxW
-+kaeAHQ4T5+YWxcFct4IuKQUlKR565lHr6LRDaYmlDHzjksi/fx0ceMlD/RBje7YD
-+HXPDdetNkSBvpHEcH2lINnrY0kBb5HQv57ipOdA8MfQ+Xf06SjqjhA6ZUOdsMjsn
-+QVleXQsT1HQ5Ji///JbqVL5j68qkjza2HroyXgOgQdu+fuksHTXvMjvAnW7/z3u2
-+SpUd6WECgYEA/aBM7DKWeQdzlRCfosgv6SZ+ME0Lt5oBaHbbUYizi8DuylB196MJ
-+xnP1QLa7MAYna6ASxDXIClqxG4x+d4lHpErmbYR4F0pa8/9teSbtUw3OXGe9ahZy
-+HcpK3LSVV5ns8CjRsclNX86cn/Gxubw48gxjcjIA4qKUJv9KxCSAdoMCgYEA95Tu
-+qhkXDGhBSSTqs51K8mHbTS4CrpCK6+5J++NP7AT4t2IHIaaQ7DtttAI9xFvwxD9U
-+zFP2/lZVq1KSFATAoDhItUoC0SMlaFcrIxsIyq/UOqTTluf3in29rFHq3UN1rz9M
-+X90Tfl5EhUvruVJOiJ5iYt97DJeVgOlWkU7qt1kCgYACEwWOCPviEYWIepJTqn95
-+0K7HhlnKLqBEUnSIvi15vyI01WOhmtvBm8EtvlDZm7NG1hBROn9gVk2MhCGkqKLF
-+XTd1PdgdmKYVyMkEbKUUQNCnQNHzxCs6wyTJmVB/XurpK+xLH/JaDj6JsFhbxIZS
-+tHc7v9zx/ZJonz3lTMcgMQKBgG+WPqOHv22mJ5ax/t6JjFgGZvM4Q5kuKI8BzXKs
-+Fz+HVhpBInm2Oydd+aniQLiZv8CT0sJtLaugeehHxPMk2TTdaVfcTby5HIkUkKq3
-+6pR//yWXWI5xao6O8cgS+8pSN16PJvsmBz0ze6qgd1QFlsPYrvtlQm6Ae6+oe43u
-+hbexAoGBAIKGmPAoQsBPEWkSs3nWyAPDHQ45NBoB23G0j01amf11Y/sQWhH+Mqfp
-+mcU40xr/XwMlTVgALfW1Q048ftJ4D2oYPsUEG3Yiayqe8epl6V55QjGMpdEe/+mQ
-+5VpndGimuUwxr9cyNShn6dngEg6D0hXfNqu4NFmt/2PH3x0D8eer
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem
-@@ -0,0 +1,17 @@
-+-----BEGIN CERTIFICATE-----
-+MIICsTCCAZkCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5
-+c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDUxNTlaFw0zMzAxMDQyMDUxNTla
-+MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC
-+AQ8AMIIBCgKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7
-+slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+
-+oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6
-+EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW
-+cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz
-+sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABMA0GCSqGSIb3DQEBCwUA
-+A4IBAQAEpEobzo6qm+GJw3Jgi7Gc/XBVBbib5Tp7fH0oyyzX7sSnbUWNUYNHLjMH
-+CFFmeNsj2/x4P7JFK2shVy7lRnBt6RUi5zLtQyjhEF8OqV1rxb74hQHl4+7CiRUP
-+Q1SRTJpdbdDwwAzd5UyDTAX3Glg73krDEHY+k0UCr0kczqcffVzgNmCklMzrCzZk
-+Nz9KkUF+cMkFDz/5BRBj6I4M9b5ebkVYM32Gz0mAh/G/DcL5KGzWPL9KJ31pgkAP
-+P8yrvZe2HwscKTJKnAK78M+75zzNv3539/V3y55lNNiyKF2q9Up4k3BE5PY9LDFJ
-+fVZvMdAltZlFV1tlZksrsRoq3jsc
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v
-+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWLP1hzvhUgHs8gp6+w
-+v3aIbsEHXjWOKfTpB4u+eubM4oA9XtXT0NiCLZQPy2BAtIOkazJ6sae6w2Qq2naj
-+MDyTBclAgok3TLVI6whMkgxdB878uaKQb3sk7xg6yNI6iI7S70cTRM9JKF8ZPBMZ
-+6ftPgoPooe1ka2kFTjhNgE6jO/DjAyWGpf7Q4cb2ELBdgrU+ehbz4Zz0hHZ0Ts5p
-+KO8SxEkBX4FRP4sUkbuDM92UNcxyBxlrLg21ktDlIciftef9J94qQyx5HnotMWWp
-+rj4Zi2mA8/i14op90CXPq/figj8zYkPyyx9KytKDSKcGgByxjNMBWzIAZ17doRgq
-+1KkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVUqpA7BizyLkDut8sLYI4qyJA
-+8Os+6IiSDyjyjf3C/hTbrbA31mtF0g3gbZFXnehVhop04zQYy3071OBYzuMx+/2F
-+olylk7HWrScaKE0MDSSamfVTlSGiO2P+zPg32WKoZsOPPjSyrGF/l+A4TlTQJmFK
-+SgapRRQVm3VDlkWO77c4EjpqoREPeSHVt+0m2490BY7aUT+kRlXl2nViSV52SS5j
-+EDnb4N/9t60NRS2zaLtAr0DcRWemR+PzVKqKdNyhXdCeieQ9xzGGHK1vXpW/6kCo
-+OHi/Xt4MHkt3hHxQQKOrK5dcsoqP9WxlnwOuuy9m9mVH4HUhi+S0KFtOytoX
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEowIBAAKCAQEApYs/WHO+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e
-+1dPQ2IItlA/LYEC0g6RrMnqxp7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5
-+opBveyTvGDrI0jqIjtLvRxNEz0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMD
-+JYal/tDhxvYQsF2CtT56FvPhnPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIH
-+GWsuDbWS0OUhyJ+15/0n3ipDLHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNi
-+Q/LLH0rK0oNIpwaAHLGM0wFbMgBnXt2hGCrUqQIDAQABAoIBAFOJ4X2RaureOq3r
-+nLNcTkJStxFR1ojQJPwiXFx40yyFWAe+8IyXR1z61GVTUx5PiMilwDLJF7280b1K
-+otQbpcvrpY/ZrgXwkhUppvGZMlpq1/XsMwGGQbuy97USdSUhxKfOalFDuAWitWzI
-+HzjEav8XMJXAX3acpldpBgADnCwSA5izEfwt2oGNtcYTHjxG4tR96UvgAxbVbxrU
-+jg6zd0/Q7eI4MGYc5l2mGFcbAUbeqCOQmTB8eQY9cdXCotXgQSa2EKEt1aG7dEbA
-+omwwm8+hGYIX4i/E3crFHO5qlbQqtqktvic1Axj3I4NEy+a4Gpja3y6k8gY4TWbS
-+4+0BZMECgYEA2o6mRCyDNI13VhRdlAO6VDSAdf//8EMeMrANvAGl70de0Ri10ZL6
-+GdJLx31le94tVa5Dy+Qi9d9eYci9qIjMK1kUrLcVgvF63tbbOSpz37gESJe+wJYc
-+xEW2eGRTUwHoYVqRjEi36kAKeWL4mxXeqzJE/ZUQZt2felr4dBJPyBsCgYEAweeS
-+vV5TJsPlEazUZcRA2dMY8JG9tD1JFVVrlSC4xnLBOEXsC4dw74RsOhoMr69lBn6X
-+xwcKtzsrx/s9NHI1s2AJXlz310Uj+gRB6/6foyyQDOtijfweZpm3zUNY5OwQ1VBZ
-+M9J1YVI6xaa3BehQ0PHvx4U/WM9oFMc0upXaaosCgYEAmfo+MXGazn+MP90BQLKP
-+p5uFlZzSWBcxQ0y9oGMY4MdLicz667e89Ewwj09NHEOfdOndYdxMtSS1ffbLh904
-+2qFb64LhaOtwQWbl9BRwpoEio3IlNdGMWssyjwc/nQ+PBGeme0sQJ70OpA6ST9DM
-+m5hC+tT2RUKGhNFqkXwFMVkCgYBY3Jlg82ND9q55xSypXqEhsh5R0ViQyy08+6KL
-++yzytRBbi5+7QNy+x38ZuWpq8QRpT4abDV0Zz6Imybqo2FZH2BEzD4P9QZBVObJE
-+RrI+A2QYp57I1uvPtU6IYP7SGmU0fNgEacSlTxvkDJz/thGjT9zFIQmA17wpGYnO
-+oHIyNQKBgEbA0apflhYExq2OZP3mjUM7Baf8MhGylUFnND68YKEr2aR5ihYuWxME
-+yLSGIDORaVQBiVklze9MXPvJv6WF0nE3VrR5j0AsSoAF0MZBcCJcn5bod0pFRZXG
-+PkxibqTmzJXJjGRuAKxbNR2+WFxKqc2hsev3hwOSXKYH4DbdCxQg
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN CERTIFICATE REQUEST-----
-+MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v
-+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqKzGuRMYTGC4GtM4Y
-+sa/EcpfgdRDt1V54c7Qjarfz/6Uvb7dn+21IDgnSMImnBzKuE11KBS2WAPPSxyF9
-+Z+rNlry38pAVprnVv40dAUaohShxrkzgIYlZ866RonFYQ9mujMdynzGHB0jKH66T
-+/enqFhEYzOuBcHyb7obgX+HmT95yAVhm6TvMuF8FR5CvrSqdnj141qJWdRmNeXH/
-+Eonz1mcFizHRuFZ0ymxjoegwxQkeSnoYyH2vUh3RkQ/iNZPhu9DdDjgZ6Z0m8mUc
-+xMGqtwTqiYS8KEcAHvcEPoS44BO1aGTnJEwhABTLuEkTPCXl1HkRoq50ts+Cr9w6
-+vu8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhVOO7/mqt2AWFaOlMrXICPm5n
-+judbMjQhOzaTmYr+Tb2lDlsQyiSm/EONpjC1F8PP6ig3oK8dzmIn9/qLOau6xM2Y
-+JiaTTJXRX+/JC/AaZvvaiA0etc2JwAcfBijAudEKivA/qKh01SvCgB+IEx5rlR6S
-+TPjLRO4ygig3qGHeHUsiPBzR4PZA669Is3/P4W8pIlDbCQHI91brQV4TlHJET2V5
-++y4et7ZduWvS6yEn29aiPq5UT36kWtJ9rhBFIiu2oUNnDiL7YUDIbdsl0I9LDPjw
-+equwfb+dwjjO/bFQKB1RX4j5jUXj25bpe9FdB6iy36+3tLd1a0Oh4j6SEn2n
-+-----END CERTIFICATE REQUEST-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem
-@@ -0,0 +1,27 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEowIBAAKCAQEA0yorMa5ExhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9v
-+t2f7bUgOCdIwiacHMq4TXUoFLZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGu
-+TOAhiVnzrpGicVhD2a6Mx3KfMYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIB
-+WGbpO8y4XwVHkK+tKp2ePXjWolZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5K
-+ehjIfa9SHdGRD+I1k+G70N0OOBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7Vo
-+ZOckTCEAFMu4SRM8JeXUeRGirnS2z4Kv3Dq+7wIDAQABAoIBADUc0ih40MuRWe+Z
-+uDhudaLkIn6Y8lkDuTs9yLxyfBEwygheWhcjjFX8XauStqqo3GKe7jf0ukCxDiRF
-+y9hclpq0g0mMavJav8jWPovb08pV8Mgvb8veRBEsEuLBtr4TmV1TTg2MgwYOFIL2
-+c+mRR7hiLJK4TjKeKBDvl5tNLFDBC/2clHXnLCRb8rOKqwmseoPavi992QZ7+Yyq
-+n0Dx5DOpr1cOcJEr4va8Sornd3LjLuNMjm7XzgIryR5pvLM0ns8Fy2ihyKl7Hd3s
-+ek9c5fh0jbhz6s28K8laWm9bhozdMQ12y1U5z0PJV+VOwTX/M9UCK1+CpvmjTim5
-+NeD93QECgYEA924yXRdUXpOlxJifJ49n88gytHOVcgitrdlZNCAE7aKdYcQW7VSY
-+7IjUyXH/Mi2zlWKpXYGllOoDW71PhLiMuEtaNfLdToXgHEMGvj+vGw9ZRqs6HY2w
-+wGyOrxg5VcSOfSpAom4gCGRqxWhHtY/rzFOy7oZePJuRbjcqrAeGQmECgYEA2npt
-+dGHwp20S5tyd7n1H6Fe2m1t/vjxGsGFfwbFggGIu9lVQxgAQiimzHgBDOjSzs163
-+PmuWWUDmHllB9AmJw4wrbAyiHNOmdi4rgY0ez5G6Q9sviFQeFJZzHhe6G1+CcafL
-++oSU+Ej7zznMpyU85vcxFz70JvRZ4BeD0PtZI08CgYEAsXEGjzoG2Fh8PdPR91Xh
-+j7NXoY9ucjwFCbLgRQBdaGoBAbbVVlgf3yl1qA2nnL2nlw8NNLCgJX348JZ/60dK
-+K3Rmel/0E7bwdHQg5tjW48oLFSIAaGdPhX+Uh78QhxCRuvNNLO9a64nQBEf3fR58
-+VKkFngcgl8hc8DSB1qMCxqECgYAOZ54J219DmrRxVkBvdgEkt4vJqHm+sDi07mai
-+3bAQJukTwsJFm8F7ao5tvvSvxMPIYslQK0XJcrb5b0ci8PINW5ONVzPlFKtYBWlG
-+7GgIpYITcUMsCOfG0bibVlMl9OEj3z1ash0kVaOMoTH2H0VpsQiikLsGSnwWg1Zk
-+k/3njwKBgD6Nu6kj4BSWGZacLtePJQzxlsnYiDm9SSmrtqJ1lnpbqo4/Zp5bCHS9
-+qMOUv+Hcwpsb3IYI8np1ekZfKi7xFXcRjxKRYnDURQgQKwPeHZ06ht7X0DdTXuiY
-+K97byeb9hks3QNE1k1EuXue7IXS657Fq5IZrN+NQ6vkqq/X7e91X
-+-----END RSA PRIVATE KEY-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem
-@@ -0,0 +1,18 @@
-+-----BEGIN CERTIFICATE-----
-+MIICzzCCAbcCFAiy3jWfhXnxRqZJCbjzFQzsU3p/MA0GCSqGSIb3DQEBCwUAMCQx
-+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1
-+MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs
-+aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs/WHO+
-+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e1dPQ2IItlA/LYEC0g6RrMnqx
-+p7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5opBveyTvGDrI0jqIjtLvRxNE
-+z0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMDJYal/tDhxvYQsF2CtT56FvPh
-+nPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIHGWsuDbWS0OUhyJ+15/0n3ipD
-+LHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNiQ/LLH0rK0oNIpwaAHLGM0wFb
-+MgBnXt2hGCrUqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvHW8APi1lhEguSXDc
-+X/k5ETL1YJzlEfIn4HKL7kcKo5IOdyHaIigGCWM7atwKeGBtTRl8CTY4wt1L7d+A
-+LDzF07MlKL/KiX1yPw9ZzHBhKNLYgmKsRL5cgW/YLYEAGD0lTwW7llsqZ40jJ1+X
-+CWomYEzVpGW76MprYge4Oj+4PRXaZikkn7pzlZVcGJbzr1Q+JaFNLRkAMPK4pRXj
-+AOSLQpIuc0DzftzC8tHbyLMifrHYdibHaujsvu1mV4NeYhO63ZB8S5Xyz1JlpsEQ
-+rieLH1/9dnWue7yBCpI+QMRq+zK92HxiCCaM0d6xpSsbI5IawkqmoWj9gYol0EnX
-+ImLj
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl
-@@ -0,0 +1 @@
-+01
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem
-@@ -0,0 +1,18 @@
-+-----BEGIN CERTIFICATE-----
-+MIICzzCCAbcCFFv62JnwctULelqlEY+sZTPEb7ekMA0GCSqGSIb3DQEBCwUAMCQx
-+IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1
-+MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl
-+cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yorMa5E
-+xhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9vt2f7bUgOCdIwiacHMq4TXUoF
-+LZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGuTOAhiVnzrpGicVhD2a6Mx3Kf
-+MYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIBWGbpO8y4XwVHkK+tKp2ePXjW
-+olZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5KehjIfa9SHdGRD+I1k+G70N0O
-+OBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7VoZOckTCEAFMu4SRM8JeXUeRGi
-+rnS2z4Kv3Dq+7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAI6THIONT6lgNq3Bvg
-+TCBqkBA1W/k372Pktt6IDFW44dT0J9/oq2o6ZNHycpKS3VwS4C05XbU/v5hE/k2O
-+Cu3/y3en+dJIv4Wl2JTPaSRF/4J46sXNtizVAJDKoE3ZHt1viCjsWyllGXoaavce
-+fWYppf3g6ImhyAkzlCfyVph2F0vmLZL41K3C040e+GpXdzG1Yy1+2USPhz0Ch+kd
-+jqIErNp9OnPRd1yRb1YD+dQ7Wei5vB3OXMk3UQiG9AJ2qmxlEem5lTSpt9fTvWfU
-+OAjTynvWbHTULjxvOeenW7cD5ILSr2zVDYQ53KTWjP9NfmsQTAFzkqJztPpB2A0o
-+CKG2
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl
-@@ -0,0 +1 @@
-+02
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem
-@@ -0,0 +1,17 @@
-+-----BEGIN CERTIFICATE-----
-+MIICrDCCAZQCAQIwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5
-+c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjkxOTI3NDRaFw0zMzAxMDUxOTI3NDRa
-+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-+AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+
-+2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz
-+YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE
-+HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf
-+2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN
-+a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-+E8KZNWzkbNwhcVEHR34IxVYPy1uppI/jtVOsQGGSVC1UscAWyGiQWPxqMhwYxsVn
-+gz7QYj1oKye1VRuJNTekARvBRFZzWhAi0qGlpiC5yilZB8IlhYUABmgPjg+PuhAF
-+xSd+IGVlm/+sisClsPG9DpesyK6+C2ukpVXyaXWR+1/IrQuUpWKLT1pPamVH3zWK
-+anT+62bbk0XuxsVqCkGx+aPLesCHAfTNuAxWfkbXXcA+HoGNy3IpmpJGhyCnf1je
-+eL6Wf6sAY44y7wQlwHimbi4kOge+UFLIKkqhHSDO2pzyPc02Gs1bBRd94+v2z5h7
-+OkIcTqwiJLjLLIWV4WsdwA==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem
-@@ -0,0 +1,17 @@
-+-----BEGIN CERTIFICATE-----
-+MIICrDCCAZQCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5
-+c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDUxNTdaFw0zMzAxMDQyMDUxNTda
-+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-+AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+
-+2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz
-+YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE
-+HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf
-+2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN
-+a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
-+fu1wVNuZLkO0e8+oYAnznL7oknE8QJGAd/P2/MqgfsnBXHS0UVl+5L8DQdvCBarr
-+vDO/CVL9/ZGj30CipA556cz1pYDtx5TV2GLtfKHKJhoftbgswmt1pPowIIa8zlBA
-+SOERy2ooXGnrA5kii+fifkiWy1R0FmJTKZ2jX41Xq60FwXWX7cyCq/xRI+V08HrY
-+mNJ2rmAjyWpWZpPNOtQ/SYIX1s2KoPw4XMxfiP5fiMOl3RqEVBkW0h9Hxikl8wKY
-+EmA/ESm1F6lnRXvGXWDGQIFCRf2Rv0KlPvNPA/GLZMr0ibYIjc4KnIxKFg//GQF3
-+LUYpyJyToT8hE49ypG18mQ==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf
-@@ -0,0 +1,10 @@
-+
-+disc0
-+{
-+ SetNumber = 0
-+ BlockSize = 1024
-+ Dir0 = .
-+ Dir1 = .
-+ Dir2 = .
-+}
-+
---- /dev/null
-+++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf
-@@ -0,0 +1,8 @@
-+Server
-+{
-+ PidFile = testfiles/srv3.pid
-+ ListenAddresses = inet:localhost,unix:testfiles/srv3.sock
-+ CertificateFile = testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem
-+ PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem
-+ TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem
-+}
---- /dev/null
-+++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf
-@@ -0,0 +1,8 @@
-+Server
-+{
-+ PidFile = testfiles/srv3.pid
-+ ListenAddresses = inet:localhost,unix:testfiles/srv3.sock
-+ CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem
-+ PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem
-+ TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem
-+}
---- a/test/bbackupd/testbbackupd.cpp
-+++ b/test/bbackupd/testbbackupd.cpp
-@@ -26,6 +26,10 @@
- #include <sys/wait.h>
- #endif
-
-+#ifdef HAVE_PWD_H
-+ #include <pwd.h>
-+#endif
-+
- #ifdef HAVE_SYS_XATTR_H
- #include <cerrno>
- #include <sys/xattr.h>
-@@ -428,7 +432,8 @@ bool kill_running_daemons()
- }
-
- bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true,
-- bool do_start_bbstored = true)
-+ bool do_start_bbstored = true,
-+ const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf")
- {
- Timers::Cleanup(false); // don't throw exception if not initialised
- Timers::Init();
-@@ -469,8 +474,7 @@ bool setup_test_bbackupd(BackupDaemon& b
- #endif
- }
-
-- TEST_THAT_OR(configure_bbackupd(bbackupd, "testfiles/bbackupd.conf"),
-- FAIL);
-+ TEST_THAT_OR(configure_bbackupd(bbackupd, bbackupd_conf_file), FAIL);
- spDaemon = &bbackupd;
- return true;
- }
-@@ -985,13 +989,14 @@ bool test_entry_deleted(BackupStoreDirec
-
- bool compare(BackupQueries::ReturnCode::Type expected_status,
- const std::string& bbackupquery_options = "",
-- const std::string& compare_options = "-acQ")
-+ const std::string& compare_options = "-acQ",
-+ const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf")
- {
- std::string cmd = BBACKUPQUERY;
- cmd += " ";
- cmd += (expected_status == BackupQueries::ReturnCode::Compare_Same)
- ? "-Wwarning" : "-Werror";
-- cmd += " -c testfiles/bbackupd.conf ";
-+ cmd += " -c " + bbackupd_conf_file;
- cmd += " " + bbackupquery_options;
- cmd += " \"compare " + compare_options + "\" quit";
-
-@@ -4039,6 +4044,113 @@ bool test_parse_syncallowscript_output()
- TEARDOWN_TEST_BBACKUPD();
- }
-
-+
-+bool test_bbackupd_config_script()
-+{
-+ SETUP_TEST_BBACKUPD();
-+
-+#ifdef WIN32
-+ BOX_NOTICE("skipping test on this platform"); // TODO: write a PowerShell version
-+#else
-+ char buf[PATH_MAX];
-+ if (getcwd(buf, sizeof(buf)) == NULL)
-+ {
-+ BOX_LOG_SYS_ERROR("getcwd");
-+ }
-+ std::string current_dir = buf;
-+
-+ TEST_THAT(mkdir("testfiles/tmp", 0777) == 0);
-+ TEST_THAT(mkdir("testfiles/TestDir1", 0777) == 0);
-+
-+ // Generate a new configuration for our test bbackupd, from scratch:
-+ std::string cmd = "../../../bin/bbackupd/bbackupd-config " +
-+ current_dir + "/testfiles/tmp " // config-dir
-+ "lazy " // backup-mode
-+ "12345 " // account-num
-+ "localhost " + // server-hostname
-+ current_dir + "/testfiles " + // working-dir
-+ current_dir + "/testfiles/TestDir1"; // backup directories
-+ TEST_RETURN(system(cmd.c_str()), 0)
-+
-+ // Open the generated config file and add a StorePort line:
-+ {
-+ FileStream conf_file("testfiles/tmp/bbackupd.conf", O_WRONLY | O_APPEND);
-+ conf_file.IOStream::Write("StorePort = 22011\n");
-+ conf_file.Close();
-+ }
-+
-+ // Generate a new configuration for our test bbstored, from scratch:
-+ struct passwd *result = getpwuid(getuid());
-+ TEST_THAT_OR(result != NULL, FAIL); // failed to get username for current user
-+ std::string username = result->pw_name;
-+
-+ cmd = "../../../bin/bbstored/bbstored-config testfiles/tmp localhost " + username + " "
-+ "testfiles/raidfile.conf";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ cmd = "sed -i.orig -e 's/\\(ListenAddresses = inet:localhost\\)/\\1:22011/' "
-+ "-e 's@PidFile = .*/run/bbstored.pid@PidFile = testfiles/bbstored.pid@' "
-+ "testfiles/tmp/bbstored.conf";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ // Create a server certificate authority, and sign the client and server certificates:
-+ cmd = "../../../bin/bbstored/bbstored-certs testfiles/tmp/ca init";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign "
-+ "testfiles/tmp/bbackupd/12345-csr.pem";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign-server "
-+ "testfiles/tmp/bbstored/localhost-csr.pem";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ // Copy the certificate files into the right places
-+ cmd = "cp testfiles/tmp/ca/clients/12345-cert.pem testfiles/tmp/bbackupd";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ cmd = "cp testfiles/tmp/ca/roots/serverCA.pem testfiles/tmp/bbackupd";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ cmd = "cp testfiles/tmp/ca/servers/localhost-cert.pem testfiles/tmp/bbstored";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ cmd = "cp testfiles/tmp/ca/roots/clientCA.pem testfiles/tmp/bbstored";
-+ TEST_RETURN(system(cmd.c_str()), 0)
-+
-+ cmd = BBSTOREACCOUNTS " -c testfiles/tmp/bbstored.conf create 12345 0 1M 2M";
-+ TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd)
-+
-+ bbstored_pid = StartDaemon(bbstored_pid, BBSTORED " " + bbstored_args +
-+ " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf",
-+ "testfiles/bbstored.pid");
-+
-+ {
-+ Capture capture;
-+ Logging::TempLoggerGuard guard(&capture);
-+
-+ BackupDaemon bbackupd;
-+ TEST_THAT(
-+ setup_test_bbackupd(
-+ bbackupd,
-+ true, // do_unpack_files
-+ false, // !do_start_bbstored
-+ "testfiles/tmp/bbackupd.conf")
-+ );
-+
-+ bbackupd.RunSyncNow();
-+ }
-+
-+ TEST_THAT(compare(BackupQueries::ReturnCode::Compare_Same,
-+ "-otestfiles/tmp/bbackupquery.log", "-acQ", "testfiles/tmp/bbackupd.conf"));
-+
-+ TEST_THAT(StopServer());
-+#endif // !WIN32
-+
-+ TEARDOWN_TEST_BBACKUPD();
-+}
-+
-+
- int test(int argc, const char *argv[])
- {
- // SSL library
-@@ -4104,6 +4216,7 @@ int test(int argc, const char *argv[])
- TEST_THAT(test_backup_many_files());
- TEST_THAT(test_parse_incomplete_command());
- TEST_THAT(test_parse_syncallowscript_output());
-+ TEST_THAT(test_bbackupd_config_script());
-
- TEST_THAT(kill_running_daemons());
-