check hosts in ssl certificates

2018-08-09 15:07:53 +02:00
parent 481115e0d0
commit 331f9ea96c
362 changed files with 2499 additions and 59344 deletions
--- a/vendor/github.com/cloudflare/cfssl/LICENSE
+++ b/vendor/github.com/cloudflare/cfssl/LICENSE
@ -0,0 +1,24 @@
+Copyright (c) 2014 CloudFlare Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/github.com/cloudflare/cfssl/auth/auth_test.go
+++ b/vendor/github.com/cloudflare/cfssl/auth/auth_test.go
@ -1,159 +0,0 @@
-package auth
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"testing"
-)
-
-var (
-	testProvider   Provider
-	testProviderAD Provider
-	testKey        = "0123456789ABCDEF0123456789ABCDEF"
-	testAD         = []byte{1, 2, 3, 4} // IP address 1.2.3.4
-)
-
-func TestNew(t *testing.T) {
-	_, err := New("ABC", nil)
-	if err == nil {
-		t.Fatal("expected failure with improperly-hex-encoded key")
-	}
-
-	testProvider, err = New(testKey, nil)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	testProviderAD, err = New(testKey, testAD)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-}
-
-var (
-	testRequest1A = &AuthenticatedRequest{
-		Request: []byte(`testing 1 2 3`),
-	}
-	testRequest1B = &AuthenticatedRequest{
-		Request: []byte(`testing 1 2 3`),
-	}
-	testRequest2 = &AuthenticatedRequest{
-		Request: []byte(`testing 3 2 1`),
-	}
-)
-
-// Sanity check: can a newly-generated token be verified?
-func TestVerifyTrue(t *testing.T) {
-	var err error
-
-	testRequest1A.Token, err = testProvider.Token(testRequest1A.Request)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	testRequest1B.Token, err = testProviderAD.Token(testRequest1B.Request)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	if !testProvider.Verify(testRequest1A) {
-		t.Fatal("failed to verify request 1A")
-	}
-
-	if !testProviderAD.Verify(testRequest1B) {
-		t.Fatal("failed to verify request 1B")
-	}
-}
-
-// Sanity check: ensure that additional data is actually used in
-// verification.
-func TestVerifyAD(t *testing.T) {
-	if testProvider.Verify(testRequest1B) {
-		t.Fatal("no-AD provider verifies request with AD")
-	}
-
-	if testProviderAD.Verify(testRequest1A) {
-		t.Fatal("AD provider verifies request without AD")
-	}
-}
-
-// Sanity check: verification fails if tokens are not the same length.
-func TestTokenLength(t *testing.T) {
-	token := testRequest1A.Token[:]
-	testRequest1A.Token = testRequest1A.Token[1:]
-
-	if testProvider.Verify(testRequest1A) {
-		t.Fatal("invalid token should not be verified")
-	}
-
-	testRequest1A.Token = token
-}
-
-// Sanity check: token fails validation if the request is changed.
-func TestBadRequest(t *testing.T) {
-	testRequest2.Token = testRequest1A.Token
-	if testProvider.Verify(testRequest2) {
-		t.Fatal("bad request should fail verification")
-	}
-}
-
-// Sanity check: a null request should fail to verify.
-func TestNullRequest(t *testing.T) {
-	if testProvider.Verify(nil) {
-		t.Fatal("null request should fail verification")
-	}
-}
-
-// Sanity check: verify a pre-generated authenticated request.
-func TestPreGenerated(t *testing.T) {
-	in, err := ioutil.ReadFile("testdata/authrequest.json")
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	var req AuthenticatedRequest
-	err = json.Unmarshal(in, &req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	if !testProvider.Verify(&req) {
-		t.Fatal("failed to verify pre-generated request")
-	}
-}
-
-var bmRequest []byte
-
-func TestLoadBenchmarkRequest(t *testing.T) {
-	in, err := ioutil.ReadFile("testdata/request.json")
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	bmRequest = in
-}
-
-func BenchmarkToken(b *testing.B) {
-	for i := 0; i < b.N; i++ {
-		_, err := testProvider.Token(bmRequest)
-		if err != nil {
-			b.Fatalf("%v", err)
-		}
-	}
-}
-
-func BenchmarkVerify(b *testing.B) {
-	token, _ := testProvider.Token(bmRequest)
-	req := &AuthenticatedRequest{
-		Token:   token,
-		Request: bmRequest,
-	}
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		if !testProvider.Verify(req) {
-			b.Fatal("failed to verify request")
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/auth/testdata/authrequest.json
+++ b/vendor/github.com/cloudflare/cfssl/auth/testdata/authrequest.json
@ -1 +0,0 @@
-{"token": "tSU1WTE/322iXrOBfJSQ9/u1dleqpwUmCj1LXYHw07Y=", "request": "ewoJImhvc3RuYW1lIjogImt5bGVpc29tLm5ldCIsCgkicmVxdWVzdCI6ICItLS0tLUJFR0lOIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQoJICAgIE1JSUQwVENDQWpzQ0FRQXdZREVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WQkFvVENXUnliM0J6YjI1a1pURVEKCSAgICBNQTRHQTFVRUN4TUhRMFl0UTJoaGRERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFCgkgICAgQ0JNS1EyRnNhV1p2Y201cFlUQ0NBYUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQU1jQwoJICAgIEdCbDVMVHJla0dGV2hvdGtkYlorUjFNbG9hcld4UXY5alA0QWVrdDhVT2ljeXBIdkZPNnhPdFN3SG8rcjMyaUUKCSAgICBxblM1eXYvMDFQMk1KdXlxbmRuY1RTTXNPbFQvN242N1RNMDB1MDFLLzljL3NvZ0tFS2pseXBsVFA3eUZkRy9jCgkgICAgT3UvOXFLYi9KYWxkMndFTEZZRTZ4cTJSREZ5eHlpWk9CM2c3WjdGeGE1ZDZhZGZHUndaek50VUw0LzhzK0x5aQoJICAgIHFkdzlJMWZrUWQ2MDRwb1pGTjB3clFzNGxmaFdUVWZnMHJIdWg1d2dHS1AzVnpacGJ0OEZiMXZOamZiSHRvaHgKCSAgICBHMlBDVTZKeStEYzFiU2ZVeldjUW5lbnA4NThXNEY4ejdwRjV5YmRuRlIzMTNIam9zcVhuRzI4eklUck9hZE1UCgkgICAgSGFKNnpPaGdFYWZVT1dYT3pqTm9mRkJGYTJJdUNBVCtJVFJZMXRDL2dxcHhHd0gveXVWTjE5Qkc4VXBuMCtIQQoJICAgIGllMm1LQ0hmU0JBS1QvWGU0dW1QZWF4U2JJcVdzVzhjaytkM2I0b3I5Ulp2NWNaUmNUM29pa0p0K1NRRzY5cFcKCSAgICA0T0FiYitBQnNzL05JdXJpNnowZTdERWVJTDV6bXlTSnFkdFlIZE5ZTjcrK3Y5eEJOc0w0SXNVNklFeTMrUUlECgkgICAgQVFBQm9DNHdMQVlKS29aSWh2Y05BUWtPTVI4d0hUQWJCZ05WSFJFRUZEQVNnaEJqWmk1a2NtOXdjMjl1WkdVdQoJICAgIGJtVjBNQXNHQ1NxR1NJYjNEUUVCREFPQ0FZRUFoTUFxQmlySStrMWFVM2xmQUdRaVNtOHl0T3paaWozODloSXIKCSAgICBuVXA4K1duVHVWVGI4WFozL1YrTDlFblRJbUY2dTF3ZWFqWGQzU3VlNDk1NzBMYlltSXV4QmtHcDUwL0JkVUR6CgkgICAgdUI2eHNoaEpXczEySnhVYjkxSW1tMGJUUncyek1xZXdnYTZmdHpaL0FLNG1zeFFBMlVJYmNXWmRzS2J1TTdzbwoJICAgIEpUZlZXOWlPd3FIdC82NFpqNHRCWmY5THpPRHI3a051S0tMbndqaXpIMTg3eGZJSWhkcmpGOFdTN0g5QVBCMU8KCSAgICBTdUVVRGZxaDBTV1IzbHRXdUF1VVdlbzZTS2NIVnVzeS9HNFlFK1BCeXcxZVY3RzRTYmVHNVowbytHT1VVSy9GCgkgICAgYjU1R21XMXhhNExBcnMxQSt6ZUZidkovQkFwc2JVMmI2V1ZtTmE3V3BIejdXWElGT0p1WUpnRWtWS1BKbkt1cwoJICAgIHFxczNGZ1VxejBadjdUSzhtTWlFVEpvWFpzNnpDdk15c1FldTNKL29qZ3RBanZNaHpRYzZQUy9udk90SmRJZysKCSAgICBIMHFYNDlmaHAxQnJZeXNsYWx6UUlGMCtIMHFTVWV5b1V5VjJ3YkxCQUxhcHhNZnZUVmxoTnduYWN0Y0tReHE0CgkgICAgK3dUKzJQVEowYk0vNUFWMFRPMVNQVDBBVmlKaAoJICAgIC0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLSIsCgkicHJvZmlsZSI6ICIiLAoJInJlbW90ZSI6ICIiLAoJImxhYmVsIjogInByaW1hcnkiCn0KCg=="}
--- a/vendor/github.com/cloudflare/cfssl/auth/testdata/request.json
+++ b/vendor/github.com/cloudflare/cfssl/auth/testdata/request.json
@ -1,30 +0,0 @@
-{
-	"hostname": "kyleisom.net",
-	"request": "-----BEGIN CERTIFICATE REQUEST-----
-	    MIID0TCCAjsCAQAwYDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWRyb3Bzb25kZTEQ
-	    MA4GA1UECxMHQ0YtQ2hhdDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UE
-	    CBMKQ2FsaWZvcm5pYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMcC
-	    GBl5LTrekGFWhotkdbZ+R1MloarWxQv9jP4Aekt8UOicypHvFO6xOtSwHo+r32iE
-	    qnS5yv/01P2MJuyqndncTSMsOlT/7n67TM00u01K/9c/sogKEKjlyplTP7yFdG/c
-	    Ou/9qKb/Jald2wELFYE6xq2RDFyxyiZOB3g7Z7Fxa5d6adfGRwZzNtUL4/8s+Lyi
-	    qdw9I1fkQd604poZFN0wrQs4lfhWTUfg0rHuh5wgGKP3VzZpbt8Fb1vNjfbHtohx
-	    G2PCU6Jy+Dc1bSfUzWcQnenp858W4F8z7pF5ybdnFR313HjosqXnG28zITrOadMT
-	    HaJ6zOhgEafUOWXOzjNofFBFa2IuCAT+ITRY1tC/gqpxGwH/yuVN19BG8Upn0+HA
-	    ie2mKCHfSBAKT/Xe4umPeaxSbIqWsW8ck+d3b4or9RZv5cZRcT3oikJt+SQG69pW
-	    4OAbb+ABss/NIuri6z0e7DEeIL5zmySJqdtYHdNYN7++v9xBNsL4IsU6IEy3+QID
-	    AQABoC4wLAYJKoZIhvcNAQkOMR8wHTAbBgNVHREEFDASghBjZi5kcm9wc29uZGUu
-	    bmV0MAsGCSqGSIb3DQEBDAOCAYEAhMAqBirI+k1aU3lfAGQiSm8ytOzZij389hIr
-	    nUp8+WnTuVTb8XZ3/V+L9EnTImF6u1weajXd3Sue49570LbYmIuxBkGp50/BdUDz
-	    uB6xshhJWs12JxUb91Imm0bTRw2zMqewga6ftzZ/AK4msxQA2UIbcWZdsKbuM7so
-	    JTfVW9iOwqHt/64Zj4tBZf9LzODr7kNuKKLnwjizH187xfIIhdrjF8WS7H9APB1O
-	    SuEUDfqh0SWR3ltWuAuUWeo6SKcHVusy/G4YE+PByw1eV7G4SbeG5Z0o+GOUUK/F
-	    b55GmW1xa4LArs1A+zeFbvJ/BApsbU2b6WVmNa7WpHz7WXIFOJuYJgEkVKPJnKus
-	    qqs3FgUqz0Zv7TK8mMiETJoXZs6zCvMysQeu3J/ojgtAjvMhzQc6PS/nvOtJdIg+
-	    H0qX49fhp1BrYyslalzQIF0+H0qSUeyoUyV2wbLBALapxMfvTVlhNwnactcKQxq4
-	    +wT+2PTJ0bM/5AV0TO1SPT0AViJh
-	    -----END CERTIFICATE REQUEST-----",
-	"profile": "",
-	"remote": "",
-	"label": "primary"
-}
-
--- a/vendor/github.com/cloudflare/cfssl/config/config_test.go
+++ b/vendor/github.com/cloudflare/cfssl/config/config_test.go
@ -1,537 +0,0 @@
-package config
-
-import (
-	"encoding/json"
-	"fmt"
-	"testing"
-	"time"
-)
-
-var expiry = 1 * time.Minute
-
-var invalidProfileConfig = &Config{
-	Signing: &Signing{
-		Profiles: map[string]*SigningProfile{
-			"invalid": {
-				Usage:  []string{"wiretapping"},
-				Expiry: expiry,
-			},
-			"empty": {},
-		},
-		Default: &SigningProfile{
-			Usage:  []string{"digital signature"},
-			Expiry: expiry,
-		},
-	},
-}
-
-var invalidDefaultConfig = &Config{
-	Signing: &Signing{
-		Profiles: map[string]*SigningProfile{
-			"key usage": {
-				Usage: []string{"digital signature"},
-			},
-		},
-		Default: &SigningProfile{
-			Usage: []string{"s/mime"},
-		},
-	},
-}
-
-var validConfig = &Config{
-	Signing: &Signing{
-		Profiles: map[string]*SigningProfile{
-			"valid": {
-				Usage:  []string{"digital signature"},
-				Expiry: expiry,
-			},
-		},
-		Default: &SigningProfile{
-			Usage:  []string{"digital signature"},
-			Expiry: expiry,
-		},
-	},
-}
-
-var validMixedConfig = `
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"auth_key": "sample",
-				"remote": "localhost"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var validMinimalRemoteConfig = `
-{
-	"signing": {
-		"default": {
-			"auth_key": "sample",
-			"remote": "localhost"
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var validMinimalRemoteConfig2 = `
-{
-	"signing": {
-		"default": {
-			"auth_remote":{
-			    "auth_key": "sample",
-			    "remote": "localhost"
-		    }
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var invalidConflictRemoteConfig = `
-{
-	"signing": {
-		"default": {
-			"auth_remote":{
-			    "auth_key": "sample",
-			    "remote": "localhost"
-		    },
-			"remote": "localhost"
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var invalidRemoteConfig = `
-{
-	"signing": {
-		"default": {
-			"auth_remotes_typos":{
-			    "auth_key": "sample",
-			    "remote": "localhost"
-		    }
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var invalidAuthRemoteConfigMissingRemote = `
-{
-	"signing": {
-		"default": {
-			"auth_remote":{
-			    "auth_key": "sample"
-		    }
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var invalidAuthRemoteConfigMissingKey = `
-{
-	"signing": {
-		"default": {
-			"auth_remote":{
-			    "remote": "localhost"
-		    }
-		}
-	},
-	"auth_keys": {
-		"sample": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}`
-
-var validMinimalLocalConfig = `
-{
-	"signing": {
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	}
-}`
-
-var validLocalConfigsWithCAConstraint = []string{
-	`{
-		"signing": {
-			"default": {
-				"usages": ["digital signature", "email protection"],
-				"ca_constraint": { "is_ca": true },
-				"expiry": "8000h"
-			}
-		}
-	}`,
-	`{
-		"signing": {
-			"default": {
-				"usages": ["digital signature", "email protection"],
-				"ca_constraint": { "is_ca": true, "max_path_len": 1 },
-				"expiry": "8000h"
-			}
-		}
-	}`,
-	`{
-		"signing": {
-			"default": {
-				"usages": ["digital signature", "email protection"],
-				"ca_constraint": { "is_ca": true, "max_path_len_zero": true },
-				"expiry": "8000h"
-			}
-		}
-	}`,
-}
-
-func TestInvalidProfile(t *testing.T) {
-	if invalidProfileConfig.Signing.Profiles["invalid"].validProfile(false) {
-		t.Fatal("invalid profile accepted as valid")
-	}
-
-	if invalidProfileConfig.Signing.Profiles["empty"].validProfile(false) {
-		t.Fatal("invalid profile accepted as valid")
-	}
-
-	if invalidProfileConfig.Valid() {
-		t.Fatal("invalid config accepted as valid")
-	}
-
-	if !invalidProfileConfig.Signing.Profiles["invalid"].validProfile(true) {
-		t.Fatal("invalid profile should be a valid default profile")
-	}
-}
-
-func TestRemoteProfiles(t *testing.T) {
-	var validRemoteProfile = &SigningProfile{
-		RemoteName:   "localhost",
-		RemoteServer: "localhost:8080",
-	}
-
-	var invalidRemoteProfile = &SigningProfile{
-		RemoteName: "localhost",
-	}
-
-	var invalidRemoteAuthProfile = &SigningProfile{
-		RemoteName:   "localhost",
-		RemoteServer: "localhost:8080",
-		AuthKeyName:  "blahblah",
-	}
-
-	if !validRemoteProfile.validProfile(true) ||
-		!validRemoteProfile.validProfile(false) {
-		t.Fatal("valid remote profile is rejected.")
-	}
-
-	if invalidRemoteProfile.validProfile(true) ||
-		invalidRemoteProfile.validProfile(false) {
-		t.Fatal("invalid remote profile is accepted.")
-	}
-
-	if invalidRemoteAuthProfile.validProfile(true) ||
-		invalidRemoteAuthProfile.validProfile(false) {
-		t.Fatal("invalid remote profile is accepted.")
-	}
-}
-
-func TestInvalidDefault(t *testing.T) {
-	if invalidDefaultConfig.Signing.Default.validProfile(true) {
-		t.Fatal("invalid default accepted as valid")
-	}
-
-	if invalidDefaultConfig.Valid() {
-		t.Fatal("invalid config accepted as valid")
-	}
-
-	if !invalidDefaultConfig.Signing.Default.validProfile(false) {
-		t.Fatal("invalid default profile should be a valid profile")
-	}
-}
-
-func TestValidConfig(t *testing.T) {
-	if !validConfig.Valid() {
-		t.Fatal("Valid config is not valid")
-	}
-	bytes, _ := json.Marshal(validConfig)
-	fmt.Printf("%v", string(bytes))
-}
-
-func TestDefaultConfig(t *testing.T) {
-	if !DefaultConfig().validProfile(false) {
-		t.Fatal("global default signing profile should be a valid profile.")
-	}
-
-	if !DefaultConfig().validProfile(true) {
-		t.Fatal("global default signing profile should be a valid default profile")
-	}
-}
-
-func TestParse(t *testing.T) {
-	var validProfiles = []*SigningProfile{
-		{
-			ExpiryString: "8760h",
-		},
-		{
-			ExpiryString: "168h",
-		},
-		{
-			ExpiryString: "300s",
-		},
-	}
-
-	var invalidProfiles = []*SigningProfile{
-		nil,
-		{},
-		{
-			ExpiryString: "",
-		},
-		{
-			ExpiryString: "365d",
-		},
-		{
-			ExpiryString: "1y",
-		},
-		{
-			ExpiryString: "one year",
-		},
-	}
-
-	for _, p := range validProfiles {
-		if p.populate(nil) != nil {
-			t.Fatalf("Failed to parse ExpiryString=%s", p.ExpiryString)
-		}
-	}
-
-	for _, p := range invalidProfiles {
-		if p.populate(nil) == nil {
-			if p != nil {
-				t.Fatalf("ExpiryString=%s should not be parseable", p.ExpiryString)
-			}
-			t.Fatalf("Nil profile should not be parseable")
-		}
-	}
-
-}
-
-func TestLoadFile(t *testing.T) {
-	validConfigFiles := []string{
-		"testdata/valid_config.json",
-		"testdata/valid_config_auth.json",
-		"testdata/valid_config_no_default.json",
-		"testdata/valid_config_auth_no_default.json",
-	}
-
-	for _, configFile := range validConfigFiles {
-		_, err := LoadFile(configFile)
-		if err != nil {
-			t.Fatal("Load valid config file failed.", configFile, "error is ", err)
-		}
-	}
-}
-
-func TestLoadInvalidConfigFile(t *testing.T) {
-	invalidConfigFiles := []string{"", "testdata/no_such_file",
-		"testdata/invalid_default.json",
-		"testdata/invalid_profiles.json",
-		"testdata/invalid_usage.json",
-		"testdata/invalid_config.json",
-		"testdata/invalid_auth.json",
-		"testdata/invalid_auth_bad_key.json",
-		"testdata/invalid_no_auth_keys.json",
-		"testdata/invalid_remote.json",
-		"testdata/invalid_no_remotes.json",
-	}
-	for _, configFile := range invalidConfigFiles {
-		_, err := LoadFile(configFile)
-		if err == nil {
-			t.Fatal("Invalid config is loaded.", configFile)
-		}
-	}
-}
-
-func TestNeedLocalSigner(t *testing.T) {
-
-	c, err := LoadConfig([]byte(validMixedConfig))
-	if err != nil {
-		t.Fatal("load valid config failed:", err)
-	}
-
-	// This signing config needs both local signer and remote signer.
-	if c.Signing.NeedsLocalSigner() != true {
-		t.Fatal("incorrect NeedsLocalSigner().")
-	}
-
-	if c.Signing.NeedsRemoteSigner() != true {
-		t.Fatal("incorrect NeedsRemoteSigner()")
-	}
-
-	remoteConfig, err := LoadConfig([]byte(validMinimalRemoteConfig))
-	if err != nil {
-		t.Fatal("Load valid config failed:", err)
-	}
-
-	if remoteConfig.Signing.NeedsLocalSigner() != false {
-		t.Fatal("incorrect NeedsLocalSigner().")
-	}
-
-	if remoteConfig.Signing.NeedsRemoteSigner() != true {
-		t.Fatal("incorrect NeedsRemoteSigner().")
-	}
-
-	localConfig, err := LoadConfig([]byte(validMinimalLocalConfig))
-	if localConfig.Signing.NeedsLocalSigner() != true {
-		t.Fatal("incorrect NeedsLocalSigner().")
-	}
-
-	if localConfig.Signing.NeedsRemoteSigner() != false {
-		t.Fatal("incorrect NeedsRemoteSigner().")
-	}
-
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestOverrideRemotes(t *testing.T) {
-	c, err := LoadConfig([]byte(validMixedConfig))
-	if err != nil {
-		t.Fatal("load valid config failed:", err)
-	}
-
-	host := "localhost:8888"
-	c.Signing.OverrideRemotes(host)
-
-	if c.Signing.Default.RemoteServer != host {
-		t.Fatal("should override default profile's RemoteServer")
-	}
-
-	for _, p := range c.Signing.Profiles {
-		if p.RemoteServer != host {
-			t.Fatal("failed to override profile's RemoteServer")
-		}
-	}
-
-}
-
-func TestAuthRemoteConfig(t *testing.T) {
-	c, err := LoadConfig([]byte(validMinimalRemoteConfig2))
-	if err != nil {
-		t.Fatal("load valid config failed:", err)
-	}
-
-	if c.Signing.Default.RemoteServer != "127.0.0.1:8888" {
-		t.Fatal("load valid config failed: incorrect remote server")
-	}
-
-	host := "localhost:8888"
-	c.Signing.OverrideRemotes(host)
-
-	if c.Signing.Default.RemoteServer != host {
-		t.Fatal("should override default profile's RemoteServer")
-	}
-
-	for _, p := range c.Signing.Profiles {
-		if p.RemoteServer != host {
-			t.Fatal("failed to override profile's RemoteServer")
-		}
-	}
-}
-
-func TestDuplicateRemoteConfig(t *testing.T) {
-	_, err := LoadConfig([]byte(invalidConflictRemoteConfig))
-	if err == nil {
-		t.Fatal("fail to reject invalid config")
-	}
-}
-
-func TestBadAuthRemoteConfig(t *testing.T) {
-	_, err := LoadConfig([]byte(invalidRemoteConfig))
-	if err == nil {
-		t.Fatal("load invalid config should failed")
-	}
-
-	_, err = LoadConfig([]byte(invalidAuthRemoteConfigMissingRemote))
-	if err == nil {
-		t.Fatal("load invalid config should failed")
-	}
-
-	_, err = LoadConfig([]byte(invalidAuthRemoteConfigMissingKey))
-	if err == nil {
-		t.Fatal("load invalid config should failed")
-	}
-
-	var p *Signing
-	if p.Valid() {
-		t.Fatal("nil Signing config should be invalid")
-	}
-}
-
-func TestValidCAConstraint(t *testing.T) {
-	for _, config := range validLocalConfigsWithCAConstraint {
-		_, err := LoadConfig([]byte(config))
-		if err != nil {
-			t.Fatal("can't parse valid ca constraint")
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_auth.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_auth.json
@ -1,27 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"remote": "localhost",
-				"auth_key": "garbage"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-		"garbage": {
-			"type":"stadardo",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_auth_bad_key.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_auth_bad_key.json
@ -1,27 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"remote": "localhost",
-				"auth_key": "garbage"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-		"garbage": {
-			"type":"standard",
-			"key":"BAD_KEY"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_config.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_config.json
@ -1,17 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_default.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_default.json
@ -1,18 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "invalid_expiry"
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_no_auth_keys.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_no_auth_keys.json
@ -1,23 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"remote": "localhost",
-				"auth_key": "garbage"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_no_remotes.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_no_remotes.json
@ -1,24 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"auth_key": "garbage",
-				"remote": "localhoster"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-		"garbage": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_profile.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_profile.json
@ -1,18 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "invalid_expiry"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_remotes.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_remotes.json
@ -1,27 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"auth_key": "garbage",
-				"remote": "localhoster"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-		"garbage": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_usage.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/invalid_usage.json
@ -1,18 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h"
-			},
-			"email": {
-				"usages": ["BAD_USAGE"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config.json
@ -1,24 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_key": {
-		"garbage": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config_auth.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config_auth.json
@ -1,29 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h",
-				"auth_key": "garbage",
-				"remote": "localhost"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		},
-		"default": {
-			"usages": ["digital signature", "email protection"],
-			"expiry": "8000h"
-		}
-	},
-	"auth_keys": {
-		"garbage": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config_auth_no_default.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config_auth_no_default.json
@ -1,19 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"auth_key": "garbage",
-				"remote": "localhost"
-			}
-		}
-	},
-	"auth_keys": {
-		"garbage": {
-			"type":"standard",
-			"key":"0123456789ABCDEF0123456789ABCDEF"
-		}
-	},
-	"remotes": {
-		"localhost": "127.0.0.1:8888"
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config_no_default.json
+++ b/vendor/github.com/cloudflare/cfssl/config/testdata/valid_config_no_default.json
@ -1,14 +0,0 @@
-{
-	"signing": {
-		"profiles": {
-			"CA": {
-				"usages": ["cert sign"],
-				"expiry": "720h"
-			},
-			"email": {
-				"usages": ["s/mime"],
-				"expiry": "720h"
-			}
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/csr/csr_test.go
+++ b/vendor/github.com/cloudflare/cfssl/csr/csr_test.go
@ -1,744 +0,0 @@
-package csr
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/asn1"
-	"encoding/pem"
-	"io/ioutil"
-	"testing"
-
-	"github.com/cloudflare/cfssl/errors"
-	"github.com/cloudflare/cfssl/helpers"
-)
-
-//TestNew validate the CertificateRequest created to return with a BasicKeyRequest
-//in KeyRequest field
-
-func TestNew(t *testing.T) {
-
-	if cr := New(); cr.KeyRequest == nil {
-		t.Fatalf("Should create a new, empty certificate request with BasicKeyRequest")
-	}
-}
-
-// TestBasicKeyRequest ensures that key generation returns the same type of
-// key specified in the BasicKeyRequest.
-func TestBasicKeyRequest(t *testing.T) {
-	kr := NewBasicKeyRequest()
-	priv, err := kr.Generate()
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	switch priv.(type) {
-	case *rsa.PrivateKey:
-		if kr.Algo() != "rsa" {
-			t.Fatal("RSA key generated, but expected", kr.Algo())
-		}
-	case *ecdsa.PrivateKey:
-		if kr.Algo() != "ecdsa" {
-			t.Fatal("ECDSA key generated, but expected", kr.Algo())
-		}
-	}
-}
-
-// TestPKIXName validates building a pkix.Name structure from a
-// CertificateRequest.
-func TestPKIXName(t *testing.T) {
-	var cr = &CertificateRequest{
-		CN: "Test Common Name",
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare, Inc.",
-				OU: "Systems Engineering",
-			},
-			{
-				C:  "GB",
-				ST: "London",
-				L:  "London",
-				O:  "CloudFlare, Inc",
-				OU: "Systems Engineering",
-			},
-		},
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com"},
-		KeyRequest: NewBasicKeyRequest(),
-	}
-
-	name := cr.Name()
-	if len(name.Country) != 2 {
-		t.Fatal("Expected two countries in SubjInfo.")
-	} else if len(name.Province) != 2 {
-		t.Fatal("Expected two states in SubjInfo.")
-	} else if len(name.Locality) != 2 {
-		t.Fatal("Expected two localities in SubjInfo.")
-	} else if len(name.Country) != 2 {
-		t.Fatal("Expected two countries in SubjInfo.")
-	} else if len(name.Organization) != 2 {
-		t.Fatal("Expected two organization in SubjInfo.")
-	} else if len(name.OrganizationalUnit) != 2 {
-		t.Fatal("Expected two organizational units in SubjInfo.")
-	}
-}
-
-// TestParseRequest ensures that a valid certificate request does not
-// error.
-func TestParseRequest(t *testing.T) {
-	var cr = &CertificateRequest{
-		CN: "Test Common Name",
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare, Inc.",
-				OU: "Systems Engineering",
-			},
-			{
-				C:  "GB",
-				ST: "London",
-				L:  "London",
-				O:  "CloudFlare, Inc",
-				OU: "Systems Engineering",
-			},
-		},
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com"},
-		KeyRequest: NewBasicKeyRequest(),
-	}
-
-	_, _, err := ParseRequest(cr)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-}
-
-// TestParseRequestCA ensures that a valid CA certificate request does not
-// error and the resulting CSR includes the BasicConstraint extension
-func TestParseRequestCA(t *testing.T) {
-	var cr = &CertificateRequest{
-		CN: "Test Common Name",
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare, Inc.",
-				OU: "Systems Engineering",
-			},
-			{
-				C:  "GB",
-				ST: "London",
-				L:  "London",
-				O:  "CloudFlare, Inc",
-				OU: "Systems Engineering",
-			},
-		},
-		CA: &CAConfig{
-			PathLength:  0,
-			PathLenZero: true,
-		},
-		KeyRequest: NewBasicKeyRequest(),
-	}
-
-	csrBytes, _, err := ParseRequest(cr)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	block, _ := pem.Decode(csrBytes)
-	if block == nil {
-		t.Fatalf("%v", err)
-	}
-
-	if block.Type != "CERTIFICATE REQUEST" {
-		t.Fatalf("Incorrect block type: %s", block.Type)
-	}
-
-	csr, err := x509.ParseCertificateRequest(block.Bytes)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	found := false
-	for _, ext := range csr.Extensions {
-		if ext.Id.Equal(asn1.ObjectIdentifier{2, 5, 29, 19}) {
-			found = true
-			break
-		}
-	}
-
-	if !found {
-		t.Fatalf("CSR did not include BasicConstraint Extension")
-	}
-}
-
-// TestParseRequestCANoPathlen ensures that a valid CA certificate request
-// with an unspecified pathlen does not error and the resulting CSR includes
-// the BasicConstraint extension
-func TestParseRequestCANoPathlen(t *testing.T) {
-	var cr = &CertificateRequest{
-		CN: "Test Common Name",
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare, Inc.",
-				OU: "Systems Engineering",
-			},
-			{
-				C:  "GB",
-				ST: "London",
-				L:  "London",
-				O:  "CloudFlare, Inc",
-				OU: "Systems Engineering",
-			},
-		},
-		CA: &CAConfig{
-			PathLength:  0,
-			PathLenZero: false,
-		},
-		KeyRequest: NewBasicKeyRequest(),
-	}
-
-	csrBytes, _, err := ParseRequest(cr)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	block, _ := pem.Decode(csrBytes)
-	if block == nil {
-		t.Fatalf("%v", err)
-	}
-
-	if block.Type != "CERTIFICATE REQUEST" {
-		t.Fatalf("Incorrect block type: %s", block.Type)
-	}
-
-	csr, err := x509.ParseCertificateRequest(block.Bytes)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	found := false
-	for _, ext := range csr.Extensions {
-		if ext.Id.Equal(asn1.ObjectIdentifier{2, 5, 29, 19}) {
-			bc := &BasicConstraints{}
-			asn1.Unmarshal(ext.Value, bc)
-			if bc.IsCA == true && bc.MaxPathLen == -1 {
-				found = true
-				break
-			}
-		}
-	}
-
-	if !found {
-		t.Fatalf("CSR did not include BasicConstraint Extension")
-	}
-}
-
-func whichCurve(sz int) elliptic.Curve {
-	switch sz {
-	case 256:
-		return elliptic.P256()
-	case 384:
-		return elliptic.P384()
-	case 521:
-		return elliptic.P521()
-	}
-	return nil
-}
-
-// TestECGeneration ensures that the proper curve is used depending on
-// the bit size specified in a key request and that an appropriate
-// signature algorithm is returned.
-func TestECGeneration(t *testing.T) {
-	var eckey *ecdsa.PrivateKey
-
-	for _, sz := range []int{256, 384, 521} {
-		kr := &BasicKeyRequest{"ecdsa", sz}
-		priv, err := kr.Generate()
-		if err != nil {
-			t.Fatalf("%v", err)
-		}
-		eckey = priv.(*ecdsa.PrivateKey)
-		if eckey.Curve != whichCurve(sz) {
-			t.Fatal("Generated key has wrong curve.")
-		}
-		if sa := kr.SigAlgo(); sa == x509.UnknownSignatureAlgorithm {
-			t.Fatal("Invalid signature algorithm!")
-		}
-	}
-}
-
-func TestRSAKeyGeneration(t *testing.T) {
-	var rsakey *rsa.PrivateKey
-
-	for _, sz := range []int{2048, 3072, 4096} {
-		kr := &BasicKeyRequest{"rsa", sz}
-		priv, err := kr.Generate()
-		if err != nil {
-			t.Fatalf("%v", err)
-		}
-		rsakey = priv.(*rsa.PrivateKey)
-		if rsakey.PublicKey.N.BitLen() != kr.Size() {
-			t.Fatal("Generated key has wrong size.")
-		}
-		if sa := kr.SigAlgo(); sa == x509.UnknownSignatureAlgorithm {
-			t.Fatal("Invalid signature algorithm!")
-		}
-	}
-}
-
-// TestBadBasicKeyRequest ensures that generating a key from a BasicKeyRequest
-// fails with an invalid algorithm, or an invalid RSA or ECDSA key
-// size. An invalid ECDSA key size is any size other than 256, 384, or
-// 521; an invalid RSA key size is any size less than 2048 bits.
-func TestBadBasicKeyRequest(t *testing.T) {
-	kr := &BasicKeyRequest{"yolocrypto", 1024}
-
-	if _, err := kr.Generate(); err == nil {
-		t.Fatal("Key generation should fail with invalid algorithm")
-	} else if sa := kr.SigAlgo(); sa != x509.UnknownSignatureAlgorithm {
-		t.Fatal("The wrong signature algorithm was returned from SigAlgo!")
-	}
-
-	kr.A = "ecdsa"
-	if _, err := kr.Generate(); err == nil {
-		t.Fatal("Key generation should fail with invalid key size")
-	} else if sa := kr.SigAlgo(); sa != x509.ECDSAWithSHA1 {
-		t.Fatal("The wrong signature algorithm was returned from SigAlgo!")
-	}
-
-	kr.A = "rsa"
-	if _, err := kr.Generate(); err == nil {
-		t.Fatal("Key generation should fail with invalid key size")
-	} else if sa := kr.SigAlgo(); sa != x509.SHA1WithRSA {
-		t.Fatal("The wrong signature algorithm was returned from SigAlgo!")
-	}
-
-	kr = &BasicKeyRequest{"tobig", 9216}
-
-	kr.A = "rsa"
-	if _, err := kr.Generate(); err == nil {
-		t.Fatal("Key generation should fail with invalid key size")
-	} else if sa := kr.SigAlgo(); sa != x509.SHA512WithRSA {
-		t.Fatal("The wrong signature algorithm was returned from SigAlgo!")
-	}
-}
-
-// TestDefaultBasicKeyRequest makes sure that certificate requests without
-// explicit key requests fall back to the default key request.
-func TestDefaultBasicKeyRequest(t *testing.T) {
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:    "cloudflare.com",
-		Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com"},
-	}
-	_, priv, err := ParseRequest(req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	// If the default key type changes, this will need to be changed.
-	block, _ := pem.Decode(priv)
-	if block == nil {
-		t.Fatal("Bad private key was generated!")
-	}
-
-	DefaultKeyRequest := NewBasicKeyRequest()
-	switch block.Type {
-	case "RSA PRIVATE KEY":
-		if DefaultKeyRequest.Algo() != "rsa" {
-			t.Fatal("Invalid default key request.")
-		}
-	case "EC PRIVATE KEY":
-		if DefaultKeyRequest.Algo() != "ecdsa" {
-			t.Fatal("Invalid default key request.")
-		}
-	}
-}
-
-// TestRSACertRequest validates parsing a certificate request with an
-// RSA key.
-func TestRSACertRequest(t *testing.T) {
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com"},
-		KeyRequest: &BasicKeyRequest{"rsa", 2048},
-	}
-	_, _, err := ParseRequest(req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-}
-
-// TestBadCertRequest checks for failure conditions of ParseRequest.
-func TestBadCertRequest(t *testing.T) {
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com"},
-		KeyRequest: &BasicKeyRequest{"yolo-crypto", 2048},
-	}
-	_, _, err := ParseRequest(req)
-	if err == nil {
-		t.Fatal("ParseRequest should fail with a bad key algorithm.")
-	}
-}
-
-// testValidator is a stripped-down validator that checks to make sure
-// the request has a common name. It should mimic some of the
-// functionality expected in an actual validator.
-func testValidator(req *CertificateRequest) error {
-	if req.CN == "" {
-		return errors.NewBadRequestMissingParameter("CN")
-	}
-
-	return nil
-}
-
-// TestGenerator ensures that a valid request is processed properly
-// and returns a certificate request and key.
-func TestGenerator(t *testing.T) {
-	g := &Generator{testValidator}
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com"},
-		KeyRequest: &BasicKeyRequest{"rsa", 2048},
-	}
-
-	csrBytes, _, err := g.ProcessRequest(req)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	block, _ := pem.Decode([]byte(csrBytes))
-	if block == nil {
-		t.Fatalf("bad CSR in PEM")
-	}
-
-	if block.Type != "CERTIFICATE REQUEST" {
-		t.Fatalf("bad CSR in PEM")
-	}
-
-	csr, err := x509.ParseCertificateRequest(block.Bytes)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(csr.DNSNames) != 2 {
-		t.Fatal("SAN parsing error")
-	}
-
-	if len(csr.IPAddresses) != 1 {
-		t.Fatal("SAN parsing error")
-	}
-
-	if len(csr.EmailAddresses) != 1 {
-		t.Fatal("SAN parsing error")
-	}
-
-}
-
-// TestBadGenerator ensures that a request that fails the validator is
-// not processed.
-func TestBadGenerator(t *testing.T) {
-	g := &Generator{testValidator}
-	missingCN := &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		// Missing CN
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com"},
-		KeyRequest: &BasicKeyRequest{"rsa", 2048},
-	}
-
-	_, _, err := g.ProcessRequest(missingCN)
-	if err == nil {
-		t.Fatalf("Request should have failed.")
-	}
-}
-
-func TestWeakCSR(t *testing.T) {
-	weakKey := &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com"},
-		KeyRequest: &BasicKeyRequest{"rsa", 1024},
-	}
-	g := &Generator{testValidator}
-
-	_, _, err := g.ProcessRequest(weakKey)
-	if err == nil {
-		t.Fatalf("Request should have failed.")
-	}
-}
-
-var testEmpty = []struct {
-	name Name
-	ok   bool
-}{
-	{
-		Name{},
-		true,
-	},
-	{
-		Name{C: "OK"},
-		false,
-	},
-	{
-		Name{ST: "OK"},
-		false,
-	},
-	{
-		Name{L: "OK"},
-		false,
-	},
-	{
-		Name{O: "OK"},
-		false,
-	},
-	{
-		Name{OU: "OK"},
-		false,
-	},
-}
-
-func TestIsNameEmpty(t *testing.T) {
-	for i, c := range testEmpty {
-		if IsNameEmpty(c.name) != c.ok {
-			t.Fatalf("%d: expected IsNameEmpty to return %v, but have %v", i, c.ok, !c.ok)
-		}
-	}
-}
-
-func TestGenerate(t *testing.T) {
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com"},
-		KeyRequest: &BasicKeyRequest{"ecdsa", 256},
-	}
-
-	key, err := req.KeyRequest.Generate()
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	priv, ok := key.(crypto.Signer)
-	if !ok {
-		t.Fatal("Private key is not a signer.")
-	}
-
-	csrPEM, err := Generate(priv, req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	csr, _, err := helpers.ParseCSR(csrPEM)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	if len(csr.DNSNames) != 2 {
-		t.Fatal("SAN parsing error")
-	}
-
-	if len(csr.IPAddresses) != 1 {
-		t.Fatal("SAN parsing error")
-	}
-
-	if len(csr.EmailAddresses) != 1 {
-		t.Fatal("SAN parsing error")
-	}
-}
-
-// TestReGenerate ensures Regenerate() is abel to use the provided CSR as a template for signing a new
-// CSR using priv.
-func TestReGenerate(t *testing.T) {
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1"},
-		KeyRequest: &BasicKeyRequest{"ecdsa", 256},
-	}
-
-	_, key, err := ParseRequest(req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	priv, err := helpers.ParsePrivateKeyPEM(key)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	csr, err := Generate(priv, req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	if _, _, err = helpers.ParseCSR(csr); err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	_, err = Regenerate(priv, csr)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-}
-
-// TestBadReGenerator ensures that a request that fails the ParseCSR is
-// not processed.
-func TestBadReGenerate(t *testing.T) {
-	var req = &CertificateRequest{
-		Names: []Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         "cloudflare.com",
-		Hosts:      []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1"},
-		KeyRequest: &BasicKeyRequest{"ecdsa", 256},
-	}
-
-	_, key, err := ParseRequest(req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	priv, err := helpers.ParsePrivateKeyPEM(key)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	csr, err := Generate(priv, req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	block := pem.Block{
-		Type: "CERTIFICATE REQUEST",
-		Headers: map[string]string{
-			"Location": "UCSD",
-		},
-		Bytes: csr,
-	}
-
-	csr = pem.EncodeToMemory(&block)
-
-	_, err = Regenerate(priv, csr)
-	if err == nil {
-		t.Fatalf("%v", err)
-	}
-}
-
-var testECDSACertificateFile = "testdata/test-ecdsa-ca.pem"
-
-func TestExtractCertificateRequest(t *testing.T) {
-	certPEM, err := ioutil.ReadFile(testECDSACertificateFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// must parse ok
-	cert, err := helpers.ParseCertificatePEM(certPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	req := ExtractCertificateRequest(cert)
-
-	if req.CN != "" {
-		t.Fatal("Bad Certificate Request!")
-	}
-
-	if len(req.Names) != 1 {
-		t.Fatal("Bad Certificate Request!")
-	}
-
-	name := req.Names[0]
-	if name.C != "US" || name.ST != "California" || name.O != "CloudFlare, Inc." ||
-		name.OU != "Test Certificate Authority" || name.L != "San Francisco" {
-		t.Fatal("Bad Certificate Request!")
-	}
-
-	if req.CA == nil || req.CA.PathLength != 2 {
-		t.Fatal("Bad Certificate Request!")
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/csr/testdata/test-ecdsa-ca.pem
+++ b/vendor/github.com/cloudflare/cfssl/csr/testdata/test-ecdsa-ca.pem
@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIICUDCCAfagAwIBAgIIec5PjdpJcNYwCgYIKoZIzj0EAwIwejELMAkGA1UEBhMC
-VVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3QgQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYD
-VQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIzMDEwMFoXDTE1MTAwODIzMDYwMFow
-ejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNV
-BAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0D
-AQcDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI7Lzf
-GbMU+KqWTgOwGhrPvpusep3fjw+dAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud
-EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFDpLhSKBN3njfb6cXQCdRLzCZt0ZMB8G
-A1UdIwQYMBaAFDpLhSKBN3njfb6cXQCdRLzCZt0ZMAoGCCqGSM49BAMCA0gAMEUC
-IFU3BmzntGGeXZu2qWZx249nYn37S0AkCnQ3rUtI31bdAiEAsPICnZ+GB8yCN26N
-OL+N8dHvXiOvZ9/Vl488pyWOccY=
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/errors/error_test.go
+++ b/vendor/github.com/cloudflare/cfssl/errors/error_test.go
@ -1,338 +0,0 @@
-package errors
-
-import (
-	"crypto/x509"
-	"encoding/json"
-	"errors"
-	"testing"
-)
-
-func TestNew(t *testing.T) {
-	err := New(CertificateError, Unknown)
-	if err == nil {
-		t.Fatal("Error creation failed.")
-	}
-	if err.ErrorCode != int(CertificateError)+int(Unknown) {
-		t.Fatal("Error code construction failed.")
-	}
-	if err.Message != "Unknown certificate error" {
-		t.Fatal("Error message construction failed.")
-	}
-
-	code := New(OCSPError, ReadFailed).ErrorCode
-	if code != 8001 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(OCSPError, IssuerMismatch).ErrorCode
-	if code != 8100 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(OCSPError, InvalidStatus).ErrorCode
-	if code != 8200 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(CertificateError, Unknown).ErrorCode
-	if code != 1000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, ReadFailed).ErrorCode
-	if code != 1001 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, DecodeFailed).ErrorCode
-	if code != 1002 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, ParseFailed).ErrorCode
-	if code != 1003 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, SelfSigned).ErrorCode
-	if code != 1100 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, VerifyFailed).ErrorCode
-	if code != 1200 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, BadRequest).ErrorCode
-	if code != 1300 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CertificateError, MissingSerial).ErrorCode
-	if code != 1400 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(PrivateKeyError, Unknown).ErrorCode
-	if code != 2000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, ReadFailed).ErrorCode
-	if code != 2001 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, DecodeFailed).ErrorCode
-	if code != 2002 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, ParseFailed).ErrorCode
-	if code != 2003 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, Encrypted).ErrorCode
-	if code != 2100 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, NotRSAOrECC).ErrorCode
-	if code != 2200 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, KeyMismatch).ErrorCode
-	if code != 2300 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, GenerationFailed).ErrorCode
-	if code != 2400 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PrivateKeyError, Unavailable).ErrorCode
-	if code != 2500 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(IntermediatesError, Unknown).ErrorCode
-	if code != 3000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(IntermediatesError, ReadFailed).ErrorCode
-	if code != 3001 {
-		t.Fatal("Improper error code")
-	}
-	code = New(IntermediatesError, DecodeFailed).ErrorCode
-	if code != 3002 {
-		t.Fatal("Improper error code")
-	}
-	code = New(IntermediatesError, ParseFailed).ErrorCode
-	if code != 3003 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(RootError, Unknown).ErrorCode
-	if code != 4000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(RootError, ReadFailed).ErrorCode
-	if code != 4001 {
-		t.Fatal("Improper error code")
-	}
-	code = New(RootError, DecodeFailed).ErrorCode
-	if code != 4002 {
-		t.Fatal("Improper error code")
-	}
-	code = New(RootError, ParseFailed).ErrorCode
-	if code != 4003 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(PolicyError, Unknown).ErrorCode
-	if code != 5000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PolicyError, NoKeyUsages).ErrorCode
-	if code != 5100 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PolicyError, InvalidPolicy).ErrorCode
-	if code != 5200 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PolicyError, InvalidRequest).ErrorCode
-	if code != 5300 {
-		t.Fatal("Improper error code")
-	}
-	code = New(PolicyError, UnknownProfile).ErrorCode
-	if code != 5400 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(DialError, Unknown).ErrorCode
-	if code != 6000 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(APIClientError, AuthenticationFailure).ErrorCode
-	if code != 7100 {
-		t.Fatal("Improper error code")
-	}
-	code = New(APIClientError, JSONError).ErrorCode
-	if code != 7200 {
-		t.Fatal("Improper error code")
-	}
-	code = New(APIClientError, ClientHTTPError).ErrorCode
-	if code != 7400 {
-		t.Fatal("Improper error code")
-	}
-	code = New(APIClientError, IOError).ErrorCode
-	if code != 7300 {
-		t.Fatal("Improper error code")
-	}
-	code = New(APIClientError, ServerRequestFailed).ErrorCode
-	if code != 7500 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(CSRError, Unknown).ErrorCode
-	if code != 9000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CSRError, ReadFailed).ErrorCode
-	if code != 9001 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CSRError, DecodeFailed).ErrorCode
-	if code != 9002 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CSRError, ParseFailed).ErrorCode
-	if code != 9003 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CSRError, KeyMismatch).ErrorCode
-	if code != 9300 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CSRError, BadRequest).ErrorCode
-	if code != 9300 {
-		t.Fatal("Improper error code")
-	}
-
-	code = New(CTError, Unknown).ErrorCode
-	if code != 10000 {
-		t.Fatal("Improper error code")
-	}
-	code = New(CTError, PrecertSubmissionFailed).ErrorCode
-	if code != 10100 {
-		t.Fatal("Improper error code")
-	}
-}
-
-func TestWrap(t *testing.T) {
-	msg := "Arbitrary error message"
-	err := Wrap(CertificateError, Unknown, errors.New(msg))
-	if err == nil {
-		t.Fatal("Error creation failed.")
-	}
-	if err.ErrorCode != int(CertificateError)+int(Unknown) {
-		t.Fatal("Error code construction failed.")
-	}
-	if err.Message != msg {
-		t.Fatal("Error message construction failed.")
-	}
-
-	err = Wrap(CertificateError, VerifyFailed, x509.CertificateInvalidError{Reason: x509.Expired})
-	if err == nil {
-		t.Fatal("Error creation failed.")
-	}
-	if err.ErrorCode != int(CertificateError)+int(VerifyFailed)+certificateInvalid+int(x509.Expired) {
-		t.Fatal("Error code construction failed.")
-	}
-	if err.Message != "x509: certificate has expired or is not yet valid" {
-		t.Fatal("Error message construction failed.")
-	}
-
-	err = Wrap(CertificateError, VerifyFailed, x509.UnknownAuthorityError{})
-	if err == nil {
-		t.Fatal("Error creation failed.")
-	}
-
-	err = Wrap(RootError, Unknown, errors.New(msg))
-	if err == nil {
-		t.Fatal("Error creation failed.")
-	}
-	if err.ErrorCode != int(RootError)+int(Unknown) {
-		t.Fatal("Error code construction failed.")
-	}
-	if err.Message != msg {
-		t.Fatal("Error message construction failed.")
-	}
-}
-
-func TestMarshal(t *testing.T) {
-	msg := "Arbitrary error message"
-	err := Wrap(CertificateError, Unknown, errors.New(msg))
-	bytes, _ := json.Marshal(err)
-	var received Error
-	json.Unmarshal(bytes, &received)
-	if received.ErrorCode != int(CertificateError)+int(Unknown) {
-		t.Fatal("Error code construction failed.")
-	}
-	if received.Message != msg {
-		t.Fatal("Error message construction failed.")
-	}
-}
-
-func TestErrorString(t *testing.T) {
-	msg := "Arbitrary error message"
-	err := Wrap(CertificateError, Unknown, errors.New(msg))
-	str := err.Error()
-	if str != `{"code":1000,"message":"`+msg+`"}` {
-		t.Fatal("Incorrect Error():", str)
-	}
-}
-
-func TestHTTP(t *testing.T) {
-	err := NewMethodNotAllowed("GET")
-	if err == nil {
-		t.Fatal("New Mathod Check failed")
-	}
-
-	err = NewBadRequest(errors.New("Bad Request"))
-	if err == nil {
-		t.Fatal("New Bad Request Check failed")
-	}
-
-	if err.StatusCode != 400 {
-		t.Fatal("New Bad Request error code construction failed")
-	}
-
-	err = NewBadRequestString("Bad Request String")
-	if err == nil {
-		t.Fatal("New Bad Request String Check failed")
-	}
-
-	if err.StatusCode != 400 {
-		t.Fatal("New Bad Request String error code construction failed")
-	}
-
-	err = NewBadRequestMissingParameter("Request Missing Parameter")
-	if err == nil {
-		t.Fatal("New Bad Request Missing Parameter Check failed")
-	}
-
-	if err.StatusCode != 400 {
-		t.Fatal("New Bad Request Missing Parameter error code construction failed")
-	}
-
-	err = NewBadRequestUnwantedParameter("Unwanted Parameter Present In Request")
-	if err == nil {
-		t.Fatal("New Bad Request Unwanted Parameter Check failed")
-	}
-
-	if err.StatusCode != 400 {
-		t.Fatal("New Bad Request Unwanted Parameter error code construction failed")
-	}
-
-}
-
-func TestHTTPErrorString(t *testing.T) {
-	method := "GET"
-	err := NewMethodNotAllowed(method)
-	str := err.Error()
-	if str != `Method is not allowed:"`+method+`"` {
-		t.Fatal("Incorrect Error():", str)
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/helpers/helpers_test.go
+++ b/vendor/github.com/cloudflare/cfssl/helpers/helpers_test.go
@ -1,629 +0,0 @@
-package helpers
-
-import (
-	"bytes"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/asn1"
-	"encoding/pem"
-	"io/ioutil"
-	"math"
-	"testing"
-	"time"
-
-	"golang.org/x/crypto/ocsp"
-
-	"github.com/google/certificate-transparency-go"
-)
-
-const (
-	testCertFile                 = "testdata/cert.pem"
-	testCertDERFile              = "testdata/cert.der"
-	testBundleFile               = "testdata/bundle.pem"
-	testExtraWSCertFile          = "testdata/cert_with_whitespace.pem"
-	testExtraWSBundleFile        = "testdata/bundle_with_whitespace.pem"
-	testMessedUpBundleFile       = "testdata/messed_up_bundle.pem"
-	testMessedUpCertFile         = "testdata/messedupcert.pem"
-	testEmptyCertFile            = "testdata/emptycert.pem"
-	testPrivateRSAKey            = "testdata/priv_rsa_key.pem"
-	testPrivateECDSAKey          = "testdata/private_ecdsa_key.pem"
-	testUnsupportedECDSAKey      = "testdata/secp256k1-key.pem"
-	testMessedUpPrivateKey       = "testdata/messed_up_priv_key.pem"
-	testEncryptedPrivateKey      = "testdata/enc_priv_key.pem"
-	testEmptyPem                 = "testdata/empty.pem"
-	testNoHeaderCert             = "testdata/noheadercert.pem"
-	testSinglePKCS7              = "testdata/cert_pkcs7.pem"  // openssl crl2pkcs7 -nocrl -out cert_pkcs7.pem -in cert.pem
-	testEmptyPKCS7DER            = "testdata/empty_pkcs7.der" // openssl crl2pkcs7 -nocrl -out empty_pkcs7.der -outform der
-	testEmptyPKCS7PEM            = "testdata/empty_pkcs7.pem" // openssl crl2pkcs7 -nocrl -out empty_pkcs7.pem -outform pem
-	testMultiplePKCS7            = "testdata/bundle_pkcs7.pem"
-	testPKCS12EmptyPswd          = "testdata/emptypasswordpkcs12.p12"
-	testPKCS12Passwordispassword = "testdata/passwordpkcs12.p12"
-	testPKCS12MultipleCerts      = "testdata/multiplecerts.p12"
-	testCSRPEM                   = "testdata/test.csr.pem"
-	testCSRPEMBad                = "testdata/test.bad.csr.pem"
-)
-
-func TestParseCertificatesDER(t *testing.T) {
-	var password = []string{"password", "", ""}
-	for i, testFile := range []string{testPKCS12Passwordispassword, testPKCS12EmptyPswd, testCertDERFile} {
-		testDER, err := ioutil.ReadFile(testFile)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if _, _, err := ParseCertificatesDER(testDER, password[i]); err != nil {
-			t.Fatal(err)
-		}
-		// Incorrect Password for PKCS12 formatted files
-		if _, _, err := ParseCertificatesDER(testDER, "incorrectpassword"); err == nil && i != 2 {
-			t.Fatal(err)
-		}
-	}
-
-	testDER, err := ioutil.ReadFile(testEmptyPKCS7DER)
-	if err != nil {
-		t.Fatal(err)
-	}
-	// PKCS7 with no certificates
-	if _, _, err := ParseCertificatesDER(testDER, ""); err == nil {
-		t.Fatal(err)
-	}
-}
-
-func TestKeyLength(t *testing.T) {
-	expNil := 0
-	recNil := KeyLength(nil)
-	if expNil != recNil {
-		t.Fatal("KeyLength on nil did not return 0")
-	}
-
-	expNonsense := 0
-	inNonsense := "string?"
-	outNonsense := KeyLength(inNonsense)
-	if expNonsense != outNonsense {
-		t.Fatal("KeyLength malfunctioning on nonsense input")
-	}
-
-	//test the ecdsa branch
-	ecdsaPriv, _ := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
-	ecdsaIn, _ := ecdsaPriv.Public().(*ecdsa.PublicKey)
-	expEcdsa := ecdsaIn.Curve.Params().BitSize
-	outEcdsa := KeyLength(ecdsaIn)
-	if expEcdsa != outEcdsa {
-		t.Fatal("KeyLength malfunctioning on ecdsa input")
-	}
-
-	//test the rsa branch
-	rsaPriv, _ := rsa.GenerateKey(rand.Reader, 256)
-	rsaIn, _ := rsaPriv.Public().(*rsa.PublicKey)
-	expRsa := rsaIn.N.BitLen()
-	outRsa := KeyLength(rsaIn)
-
-	if expRsa != outRsa {
-		t.Fatal("KeyLength malfunctioning on rsa input")
-	}
-}
-
-func TestExpiryTime(t *testing.T) {
-	// nil case
-	var expNil time.Time
-	inNil := []*x509.Certificate{}
-	outNil := ExpiryTime(inNil)
-	if expNil != outNil {
-		t.Fatal("Expiry time is malfunctioning on empty input")
-	}
-
-	//read a pem file and use that expiry date
-	bytes, _ := ioutil.ReadFile(testBundleFile)
-	certs, err := ParseCertificatesPEM(bytes)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-	expected := time.Date(2014, time.April, 15, 0, 0, 0, 0, time.UTC)
-	out := ExpiryTime(certs)
-	if out != expected {
-		t.Fatalf("Expected %v, got %v", expected, out)
-	}
-}
-
-func TestMonthsValid(t *testing.T) {
-	var cert = &x509.Certificate{
-		NotBefore: time.Date(2015, time.April, 01, 0, 0, 0, 0, time.UTC),
-		NotAfter:  time.Date(2015, time.April, 01, 0, 0, 0, 0, time.UTC),
-	}
-
-	if MonthsValid(cert) != 0 {
-		t.Fail()
-	}
-
-	cert.NotAfter = time.Date(2016, time.April, 01, 0, 0, 0, 0, time.UTC)
-	if MonthsValid(cert) != 12 {
-		t.Fail()
-	}
-
-	// extra days should be rounded up to 1 month
-	cert.NotAfter = time.Date(2016, time.April, 02, 0, 0, 0, 0, time.UTC)
-	if MonthsValid(cert) != 13 {
-		t.Fail()
-	}
-}
-
-func TestHasValidExpiry(t *testing.T) {
-	// Issue period > April 1, 2015
-	var cert = &x509.Certificate{
-		NotBefore: time.Date(2015, time.April, 01, 0, 0, 0, 0, time.UTC),
-		NotAfter:  time.Date(2016, time.April, 01, 0, 0, 0, 0, time.UTC),
-	}
-
-	if !ValidExpiry(cert) {
-		t.Fail()
-	}
-
-	cert.NotAfter = time.Date(2019, time.April, 01, 01, 0, 0, 0, time.UTC)
-	if ValidExpiry(cert) {
-		t.Fail()
-	}
-
-	// Issue period < July 1, 2012
-	cert.NotBefore = time.Date(2009, time.March, 01, 0, 0, 0, 0, time.UTC)
-	if ValidExpiry(cert) {
-		t.Fail()
-	}
-
-	// Issue period July 1, 2012 - April 1, 2015
-	cert.NotBefore = time.Date(2012, time.July, 01, 0, 0, 0, 0, time.UTC)
-	cert.NotAfter = time.Date(2017, time.July, 01, 0, 0, 0, 0, time.UTC)
-	if !ValidExpiry(cert) {
-		t.Fail()
-	}
-}
-
-func TestHashAlgoString(t *testing.T) {
-	if HashAlgoString(x509.MD2WithRSA) != "MD2" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.MD5WithRSA) != "MD5" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.SHA1WithRSA) != "SHA1" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.SHA256WithRSA) != "SHA256" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.SHA384WithRSA) != "SHA384" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.SHA512WithRSA) != "SHA512" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.DSAWithSHA1) != "SHA1" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.DSAWithSHA256) != "SHA256" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.ECDSAWithSHA1) != "SHA1" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.ECDSAWithSHA256) != "SHA256" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.ECDSAWithSHA384) != "SHA384" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(x509.ECDSAWithSHA512) != "SHA512" {
-		t.Fatal("standin")
-	}
-	if HashAlgoString(math.MaxInt32) != "Unknown Hash Algorithm" {
-		t.Fatal("standin")
-	}
-}
-
-func TestSignatureString(t *testing.T) {
-	if SignatureString(x509.MD2WithRSA) != "MD2WithRSA" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.MD5WithRSA) != "MD5WithRSA" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.SHA1WithRSA) != "SHA1WithRSA" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.SHA256WithRSA) != "SHA256WithRSA" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.SHA384WithRSA) != "SHA384WithRSA" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.SHA512WithRSA) != "SHA512WithRSA" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.DSAWithSHA1) != "DSAWithSHA1" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.DSAWithSHA256) != "DSAWithSHA256" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.ECDSAWithSHA1) != "ECDSAWithSHA1" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.ECDSAWithSHA256) != "ECDSAWithSHA256" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.ECDSAWithSHA384) != "ECDSAWithSHA384" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(x509.ECDSAWithSHA512) != "ECDSAWithSHA512" {
-		t.Fatal("Signature String functioning improperly")
-	}
-	if SignatureString(math.MaxInt32) != "Unknown Signature" {
-		t.Fatal("Signature String functioning improperly")
-	}
-}
-
-func TestParseCertificatePEM(t *testing.T) {
-	for _, testFile := range []string{testCertFile, testExtraWSCertFile, testSinglePKCS7} {
-		certPEM, err := ioutil.ReadFile(testFile)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if _, err := ParseCertificatePEM(certPEM); err != nil {
-			t.Log(testFile)
-			t.Fatal(err)
-		}
-	}
-	for _, testFile := range []string{testBundleFile, testMessedUpCertFile, testEmptyPKCS7PEM, testEmptyCertFile, testMultiplePKCS7} {
-		certPEM, err := ioutil.ReadFile(testFile)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if _, err := ParseCertificatePEM(certPEM); err == nil {
-			t.Fatal("Incorrect cert failed to raise error")
-		}
-	}
-}
-
-func TestParseCertificatesPEM(t *testing.T) {
-	// expected cases
-	for _, testFile := range []string{testBundleFile, testExtraWSBundleFile, testSinglePKCS7, testMultiplePKCS7} {
-		bundlePEM, err := ioutil.ReadFile(testFile)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if _, err := ParseCertificatesPEM(bundlePEM); err != nil {
-			t.Log(testFile)
-			t.Fatal(err)
-		}
-	}
-
-	// test failure cases
-	// few lines deleted, then headers removed
-	for _, testFile := range []string{testMessedUpBundleFile, testEmptyPKCS7PEM, testNoHeaderCert} {
-		bundlePEM, err := ioutil.ReadFile(testFile)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if _, err := ParseCertificatesPEM(bundlePEM); err == nil {
-			t.Fatal("Incorrectly-formatted file failed to produce an error")
-		}
-	}
-}
-
-func TestSelfSignedCertificatePEM(t *testing.T) {
-	testPEM, _ := ioutil.ReadFile(testCertFile)
-	_, err := ParseSelfSignedCertificatePEM(testPEM)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	// a few lines deleted from the pem file
-	wrongPEM, _ := ioutil.ReadFile(testMessedUpCertFile)
-	_, err2 := ParseSelfSignedCertificatePEM(wrongPEM)
-	if err2 == nil {
-		t.Fatal("Improper pem file failed to raise an error")
-	}
-
-	// alter the signature of a valid certificate
-	blk, _ := pem.Decode(testPEM)
-	blk.Bytes[len(blk.Bytes)-10]++ // some hacking to get to the sig
-	alteredBytes := pem.EncodeToMemory(blk)
-	_, err = ParseSelfSignedCertificatePEM(alteredBytes)
-	if err == nil {
-		t.Fatal("Incorrect cert failed to produce an error")
-	}
-
-}
-
-func TestParsePrivateKeyPEM(t *testing.T) {
-
-	// expected cases
-	testRSAPEM, _ := ioutil.ReadFile(testPrivateRSAKey)
-	_, err := ParsePrivateKeyPEM(testRSAPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	testECDSAPEM, _ := ioutil.ReadFile(testPrivateECDSAKey)
-	_, err = ParsePrivateKeyPEM(testECDSAPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// error cases
-	errCases := []string{
-		testMessedUpPrivateKey,  // a few lines deleted
-		testEmptyPem,            // empty file
-		testEncryptedPrivateKey, // encrypted key
-		testUnsupportedECDSAKey, // ECDSA curve not currently supported by Go standard library
-	}
-
-	for _, fname := range errCases {
-		testPEM, _ := ioutil.ReadFile(fname)
-		_, err = ParsePrivateKeyPEM(testPEM)
-		if err == nil {
-			t.Fatal("Incorrect private key failed to produce an error")
-		}
-	}
-
-}
-
-// Imported from signers/local/testdata/
-const ecdsaTestCSR = "testdata/ecdsa256.csr"
-
-func TestParseCSRPEM(t *testing.T) {
-	in, err := ioutil.ReadFile(ecdsaTestCSR)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	_, _, err = ParseCSR(in)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	in[12]++
-	_, _, err = ParseCSR(in)
-	if err == nil {
-		t.Fatalf("Expected an invalid CSR.")
-	}
-	in[12]--
-}
-
-func TestParseCSRPEMMore(t *testing.T) {
-	csrPEM, err := ioutil.ReadFile(testCSRPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := ParseCSRPEM(csrPEM); err != nil {
-		t.Fatal(err)
-	}
-
-	csrPEM, err = ioutil.ReadFile(testCSRPEMBad)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if _, err := ParseCSRPEM(csrPEM); err == nil {
-		t.Fatal(err)
-	}
-
-	if _, err := ParseCSRPEM([]byte("not even pem")); err == nil {
-		t.Fatal("Expected an invalid CSR.")
-	}
-}
-
-// Imported from signers/local/testdata/
-const rsaOldTestCSR = "testdata/rsa-old.csr"
-
-func TestParseOldCSR(t *testing.T) {
-	in, err := ioutil.ReadFile(rsaOldTestCSR)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	_, _, err = ParseCSR(in)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-}
-
-// Imported from signers/local/testdata/
-const clientCertFile = "testdata/ca.pem"
-const clientKeyFile = "testdata/ca_key.pem"
-
-func TestClientCertParams(t *testing.T) {
-	_, err := LoadClientCertificate(testCertFile, testPrivateRSAKey)
-	if err == nil {
-		t.Fatal("Unmatched cert/key should generate error")
-	}
-
-	cert, err := LoadClientCertificate("", "")
-	if err != nil || cert != nil {
-		t.Fatal("Certificate atempted to loaded with missing key and cert")
-	}
-	cert, err = LoadClientCertificate(clientCertFile, "")
-	if err != nil || cert != nil {
-		t.Fatal("Certificate atempted to loaded with missing key")
-	}
-	cert, err = LoadClientCertificate("", clientKeyFile)
-	if err != nil || cert != nil {
-		t.Fatal("Certificate atempted to loaded with missing cert")
-	}
-
-	cert, err = LoadClientCertificate(clientCertFile, clientKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if cert == nil {
-		t.Fatal("cert not created")
-	}
-}
-
-func TestLoadPEMCertPool(t *testing.T) {
-	certPool, err := PEMToCertPool([]byte{})
-	if certPool != nil || err != nil {
-		t.Fatal("Empty file name should not generate error or a cert pool")
-	}
-
-	in, err := ioutil.ReadFile(testEmptyPem)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-	certPool, err = PEMToCertPool(in)
-	if certPool != nil {
-		t.Fatal("Empty file should not generate a cert pool")
-	} else if err == nil {
-		t.Fatal("Expected error for empty file")
-	}
-
-	in, err = ioutil.ReadFile(testEmptyCertFile)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-	certPool, err = PEMToCertPool(in)
-	if certPool != nil {
-		t.Fatal("Empty cert should not generate a cert pool")
-	} else if err == nil {
-		t.Fatal("Expected error for empty cert")
-	}
-
-	in, err = ioutil.ReadFile(clientCertFile)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-	certPool, err = PEMToCertPool(in)
-	if err != nil {
-		t.Fatalf("%v", err)
-	} else if certPool == nil {
-		t.Fatal("cert pool not created")
-	}
-}
-
-// sctEquals returns true if all fields of both SCTs are equivalent.
-func sctEquals(sctA, sctB ct.SignedCertificateTimestamp) bool {
-	if sctA.SCTVersion == sctB.SCTVersion &&
-		sctA.LogID == sctB.LogID &&
-		sctA.Timestamp == sctB.Timestamp &&
-		bytes.Equal(sctA.Extensions, sctB.Extensions) &&
-		sctA.Signature.Algorithm == sctB.Signature.Algorithm &&
-		bytes.Equal(sctA.Signature.Signature, sctA.Signature.Signature) {
-		return true
-	}
-	return false
-}
-
-// NOTE: TestDeserializeSCTList tests both DeserializeSCTList and
-// SerializeSCTList.
-func TestDeserializeSCTList(t *testing.T) {
-	// Here we make sure that empty SCT lists return an error
-	emptyLists := [][]byte{nil, {}}
-	for _, emptyList := range emptyLists {
-		_, err := DeserializeSCTList(emptyList)
-		if err == nil {
-			t.Fatalf("DeserializeSCTList(%v) should raise an error\n", emptyList)
-		}
-	}
-
-	// Here we make sure that an SCT list with a zero SCT is deserialized
-	// correctly
-	var zeroSCT ct.SignedCertificateTimestamp
-	serializedSCT, err := SerializeSCTList([]ct.SignedCertificateTimestamp{zeroSCT})
-	if err != nil {
-		t.Fatal(err)
-	}
-	deserializedSCTList, err := DeserializeSCTList(serializedSCT)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !sctEquals(zeroSCT, (deserializedSCTList)[0]) {
-		t.Fatal("SCTs don't match")
-	}
-
-	// Here we verify that an error is raised when the SCT list length
-	// field is greater than its actual length
-	serializedSCT, err = SerializeSCTList([]ct.SignedCertificateTimestamp{zeroSCT})
-	if err != nil {
-		t.Fatal(err)
-	}
-	serializedSCT[0] = 15
-	_, err = DeserializeSCTList(serializedSCT)
-	if err == nil {
-		t.Fatalf("DeserializeSCTList should raise an error when " +
-			"the SCT list length field and the list length don't match\n")
-	}
-
-	// Here we verify that an error is raised when the SCT list length
-	// field is less than its actual length
-	serializedSCT[0] = 0
-	serializedSCT[1] = 0
-	_, err = DeserializeSCTList(serializedSCT)
-	if err == nil {
-		t.Fatalf("DeserializeSCTList should raise an error when " +
-			"the SCT list length field and the list length don't match\n")
-	}
-
-	// Here we verify that an error is raised when the SCT length field is
-	// greater than its actual length
-	serializedSCT[0] = 0
-	serializedSCT[1] = 49
-	serializedSCT[2] = 1
-	_, err = DeserializeSCTList(serializedSCT)
-	if err == nil {
-		t.Fatalf("DeserializeSCTList should raise an error when " +
-			"the SCT length field and the SCT length don't match\n")
-	}
-
-	// Here we verify that an error is raised when the SCT length field is
-	// less than its actual length
-	serializedSCT[2] = 0
-	serializedSCT[3] = 0
-	_, err = DeserializeSCTList(serializedSCT)
-	if err == nil {
-		t.Fatalf("DeserializeSCTList should raise an error when " +
-			"the SCT length field and the SCT length don't match\n")
-	}
-}
-
-func TestSCTListFromOCSPResponse(t *testing.T) {
-	var response ocsp.Response
-	lst, err := SCTListFromOCSPResponse(&response)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(lst) != 0 {
-		t.Fatal("SCTListFromOCSPResponse should return an empty SCT list for an empty extension")
-	}
-
-	var zeroSCT ct.SignedCertificateTimestamp
-	serializedSCTList, err := SerializeSCTList([]ct.SignedCertificateTimestamp{zeroSCT})
-	if err != nil {
-		t.Fatal("failed to serialize SCT list")
-	}
-	serializedSCTList, err = asn1.Marshal(serializedSCTList)
-	if err != nil {
-		t.Fatal("failed to serialize SCT list")
-	}
-	// The value of Id below is the object identifier of the OCSP Stapling
-	// SCT extension (see section 3.3. of RFC 6962).
-	response.Extensions = []pkix.Extension{{
-		Id:       asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 5},
-		Critical: false,
-		Value:    serializedSCTList,
-	}}
-	lst, err = SCTListFromOCSPResponse(&response)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !sctEquals(zeroSCT, lst[0]) {
-		t.Fatal("SCTs don't match")
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/bundle.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/bundle.pem
@ -1,53 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIEczCCAl2gAwIBAgIIDARj8BWNsscwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
-EwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdp
-bmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
-cm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5jb20wHhcNMTQwMzAyMDAw
-MDAwWhcNMTkwNDAxMDAwMDAwWjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNs
-b3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcT
-DVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAMTFGNs
-b3VkZmxhcmUtaW50ZXIuY29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIVkjNJGw
-f3F0XWJH7yQSVtxuoBidi5JNsQ7FhxEQcZEl3b+/1iF60TBY2Yi6KwJuA6nIE73P
-IXGyfNhThw4D8CiZbackQ/ufgz2DyvxyWFDPzLr7TXeM/0wSp/imoxWeo4GIMIGF
-MA4GA1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRB
-+YoiUjIm34/wBwHdJGE4Wufs/DAfBgNVHSMEGDAWgBTXXUgpaSwO9HOrQBxGqOOS
-FHsHEDAfBgNVHREEGDAWghRjbG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0B
-AQsDggIBACRqAC5EJEe+8ihv1WzCUMEMb7KtS0BqoNbdXE32ia66PgJSQmHcmeJd
-FI1UjL0DlljTM2tc+8KxR/1/qnKiI+W/D4wFTWOY/JWFOd15q7lXuKGl+8PMkAHF
-A145JCr6oZoO9G9wUwVUrbmXAbyPCOfzsEQ2+mD9F1ZpoEjzVhtGf0R+vnYrRw8j
-4WCv5AIcYRAf7HZxbhMILF1bccNlqyUtdH+/MTHXpjkjJjA5KbsHBrAEfjAXkD7c
-WWOay6m7mVWb3PPFmGorP6t29baEETK9ZTZSrfD9rnExjjUCftWJEn0M4Pp98DvT
-br6+bg8jwtq73qdyOfNsC/Sod18UuHH7MTQA22yqAF5jIlcYtAHGlNnl+sDPZACs
-369/Z9rOL9vPFL+Z3F/uJtqZzvN1QiCkj8jWzR0u9fh3eQwZADM2RwgwS4Gs2Ygh
-PsypDo33sFOwfX93KqKBsTHssn8SSDDaSnZ8bu1ATEdshbVieecuQx40UadPuJpw
-EPVqTR5AhviXQ9bKrTnU5T7EgkW9vNydkpLQQlMg3QE8hsndv4loGZbZGfNtqQHS
-/mg1t07S+7OEa4YaMW+wVOBOqTdW7OXlZFLfCcF5SYLM0SnlTMklRMxiqI4JqZXH
-0thnUGD0JjfLX4rTaZUzT3lrXXWzpS2jzutXQkjGv4nhGGprIDuT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIEkDCCA/ugAwIBAgIIWnP9jF/2nogwCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
-MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
-A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDAzMDEwMDAwMDBaFw0xNDA0MTUwMDAw
-MDBaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
-CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
-MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
-b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlCnV+vj0sVPy8SqHL
-AlI+xwnPhWgzj2VevD6Nz1Zu1BeQ5m5y4CWCf+GmRGTP7+a/C510Fw6rpmInB0Ng
-xxwQ2rC08fJtCnijlGH/VjEPIHY5lRaAomcM8Rgx6JOuv9BpZJKpr9pyUMV53JeW
-RbWuLH5nEMdyk9NpetS2gWxt4/D20QlhK/tHkROrcLmEUddwIGdwE8JzI88c77Fu
-u6pgMtHKvl4GGH0yvb4T7PvCdH8V2tCH7bt8roXd9MSyFVy7uORkfouip7EsVREU
-mlcY5EvpR141KXbZqiOQiusJ+u76mEUQNk8wCR1/CW/ii9v1BKOVjXwCfEtIXjg0
-APJx1VNSSH6XoDpUETL+eQ4J0FL9XNbsDuYar7+zD0N1/5vSo3HLNRQR9f0lbsys
-sWBEN+CxK19xyPumr21Z0bU0f1B5H52VSF0q3I1Ju9wRo994a7YipdGcmZ2lChmT
-7r3mzlBTYl3poU26q34v8wG9U7Jv4fsZJ+RGebDI+TR3QG6Yod06l9oEYZxWXBY7
-STOs8wuTu3huSnan/IpWnV017Vsc61D5G+QrqcxZdXckt3anZKCF75JpUnJ7vuow
-TmmHlb8KIMa9mOvcuGX4P6mz8gTi2arl/aL27kj9Q0Jgv/y1ebe2Bx2P9TF6+VND
-DL3J/vSVlFeqLt2reAIBKnytLwIDAQABo4GIMIGFMA4GA1UdDwEB/wQEAwIApDAS
-BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTXXUgpaSwO9HOrQBxGqOOSFHsH
-EDAfBgNVHSMEGDAWgBS4Xu+uZ1C31vMH5Wq+VbNnOg2SPjAfBgNVHREEGDAWghRj
-bG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0BAQsDgYEAfPLKCAHnPzgMYLX/
-fWznVvOEFAAYZByPFx4QdMBbDZUtxHyvJIBs6PdxrdSuDwSiMqE7qQIi+jzzwGl9
-fC7vf45B2zCX0OW51QL2oWNBdKlGgB+b2pwyME82lX/Pr7V1GY10u+ep1xdZDnch
-DaMsXjQQTJu0iuG3qKEuCmUwOmc=
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/bundle_pkcs7.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/bundle_pkcs7.pem
@ -1,52 +0,0 @@
-----BEGIN PKCS7-----
-MIIJOAYJKoZIhvcNAQcCoIIJKTCCCSUCAQExADALBgkqhkiG9w0BBwGgggkLMIIE
-czCCAl2gAwIBAgIIDARj8BWNsscwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQGEwJV
-UzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVl
-cmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
-YTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5jb20wHhcNMTQwMzAyMDAwMDAw
-WhcNMTkwNDAxMDAwMDAwWjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNsb3Vk
-RmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcTDVNh
-biBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAMTFGNsb3Vk
-ZmxhcmUtaW50ZXIuY29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIVkjNJGwf3F0
-XWJH7yQSVtxuoBidi5JNsQ7FhxEQcZEl3b+/1iF60TBY2Yi6KwJuA6nIE73PIXGy
-fNhThw4D8CiZbackQ/ufgz2DyvxyWFDPzLr7TXeM/0wSp/imoxWeo4GIMIGFMA4G
-A1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRB+Yoi
-UjIm34/wBwHdJGE4Wufs/DAfBgNVHSMEGDAWgBTXXUgpaSwO9HOrQBxGqOOSFHsH
-EDAfBgNVHREEGDAWghRjbG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0BAQsD
-ggIBACRqAC5EJEe+8ihv1WzCUMEMb7KtS0BqoNbdXE32ia66PgJSQmHcmeJdFI1U
-jL0DlljTM2tc+8KxR/1/qnKiI+W/D4wFTWOY/JWFOd15q7lXuKGl+8PMkAHFA145
-JCr6oZoO9G9wUwVUrbmXAbyPCOfzsEQ2+mD9F1ZpoEjzVhtGf0R+vnYrRw8j4WCv
-5AIcYRAf7HZxbhMILF1bccNlqyUtdH+/MTHXpjkjJjA5KbsHBrAEfjAXkD7cWWOa
-y6m7mVWb3PPFmGorP6t29baEETK9ZTZSrfD9rnExjjUCftWJEn0M4Pp98DvTbr6+
-bg8jwtq73qdyOfNsC/Sod18UuHH7MTQA22yqAF5jIlcYtAHGlNnl+sDPZACs369/
-Z9rOL9vPFL+Z3F/uJtqZzvN1QiCkj8jWzR0u9fh3eQwZADM2RwgwS4Gs2YghPsyp
-Do33sFOwfX93KqKBsTHssn8SSDDaSnZ8bu1ATEdshbVieecuQx40UadPuJpwEPVq
-TR5AhviXQ9bKrTnU5T7EgkW9vNydkpLQQlMg3QE8hsndv4loGZbZGfNtqQHS/mg1
-t07S+7OEa4YaMW+wVOBOqTdW7OXlZFLfCcF5SYLM0SnlTMklRMxiqI4JqZXH0thn
-UGD0JjfLX4rTaZUzT3lrXXWzpS2jzutXQkjGv4nhGGprIDuTMIIEkDCCA/ugAwIB
-AgIIWnP9jF/2nogwCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
-DApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApD
-bG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQGA1UEAwwNQ0ZTU0xf
-VEVTVF9DQTAeFw0xNDAzMDEwMDAwMDBaFw0xNDA0MTUwMDAwMDBaMIGMMQswCQYD
-VQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBF
-bmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2Fs
-aWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5jb20wggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQDlCnV+vj0sVPy8SqHLAlI+xwnPhWgzj2Ve
-vD6Nz1Zu1BeQ5m5y4CWCf+GmRGTP7+a/C510Fw6rpmInB0NgxxwQ2rC08fJtCnij
-lGH/VjEPIHY5lRaAomcM8Rgx6JOuv9BpZJKpr9pyUMV53JeWRbWuLH5nEMdyk9Np
-etS2gWxt4/D20QlhK/tHkROrcLmEUddwIGdwE8JzI88c77Fuu6pgMtHKvl4GGH0y
-vb4T7PvCdH8V2tCH7bt8roXd9MSyFVy7uORkfouip7EsVREUmlcY5EvpR141KXbZ
-qiOQiusJ+u76mEUQNk8wCR1/CW/ii9v1BKOVjXwCfEtIXjg0APJx1VNSSH6XoDpU
-ETL+eQ4J0FL9XNbsDuYar7+zD0N1/5vSo3HLNRQR9f0lbsyssWBEN+CxK19xyPum
-r21Z0bU0f1B5H52VSF0q3I1Ju9wRo994a7YipdGcmZ2lChmT7r3mzlBTYl3poU26
-q34v8wG9U7Jv4fsZJ+RGebDI+TR3QG6Yod06l9oEYZxWXBY7STOs8wuTu3huSnan
-/IpWnV017Vsc61D5G+QrqcxZdXckt3anZKCF75JpUnJ7vuowTmmHlb8KIMa9mOvc
-uGX4P6mz8gTi2arl/aL27kj9Q0Jgv/y1ebe2Bx2P9TF6+VNDDL3J/vSVlFeqLt2r
-eAIBKnytLwIDAQABo4GIMIGFMA4GA1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAG
-AQH/AgEBMB0GA1UdDgQWBBTXXUgpaSwO9HOrQBxGqOOSFHsHEDAfBgNVHSMEGDAW
-gBS4Xu+uZ1C31vMH5Wq+VbNnOg2SPjAfBgNVHREEGDAWghRjbG91ZGZsYXJlLWlu
-dGVyLmNvbTALBgkqhkiG9w0BAQsDgYEAfPLKCAHnPzgMYLX/fWznVvOEFAAYZByP
-Fx4QdMBbDZUtxHyvJIBs6PdxrdSuDwSiMqE7qQIi+jzzwGl9fC7vf45B2zCX0OW5
-1QL2oWNBdKlGgB+b2pwyME82lX/Pr7V1GY10u+ep1xdZDnchDaMsXjQQTJu0iuG3
-qKEuCmUwOmehADEA
-----END PKCS7-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/bundle_with_whitespace.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/bundle_with_whitespace.pem
@ -1,56 +0,0 @@
-    
-----BEGIN CERTIFICATE-----
-MIIEczCCAl2gAwIBAgIIDARj8BWNsscwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
-EwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdp
-bmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
-cm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5jb20wHhcNMTQwMzAyMDAw
-MDAwWhcNMTkwNDAxMDAwMDAwWjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNs
-b3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcT
-DVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAMTFGNs
-b3VkZmxhcmUtaW50ZXIuY29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIVkjNJGw
-f3F0XWJH7yQSVtxuoBidi5JNsQ7FhxEQcZEl3b+/1iF60TBY2Yi6KwJuA6nIE73P
-IXGyfNhThw4D8CiZbackQ/ufgz2DyvxyWFDPzLr7TXeM/0wSp/imoxWeo4GIMIGF
-MA4GA1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRB
-+YoiUjIm34/wBwHdJGE4Wufs/DAfBgNVHSMEGDAWgBTXXUgpaSwO9HOrQBxGqOOS
-FHsHEDAfBgNVHREEGDAWghRjbG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0B
-AQsDggIBACRqAC5EJEe+8ihv1WzCUMEMb7KtS0BqoNbdXE32ia66PgJSQmHcmeJd
-FI1UjL0DlljTM2tc+8KxR/1/qnKiI+W/D4wFTWOY/JWFOd15q7lXuKGl+8PMkAHF
-A145JCr6oZoO9G9wUwVUrbmXAbyPCOfzsEQ2+mD9F1ZpoEjzVhtGf0R+vnYrRw8j
-4WCv5AIcYRAf7HZxbhMILF1bccNlqyUtdH+/MTHXpjkjJjA5KbsHBrAEfjAXkD7c
-WWOay6m7mVWb3PPFmGorP6t29baEETK9ZTZSrfD9rnExjjUCftWJEn0M4Pp98DvT
-br6+bg8jwtq73qdyOfNsC/Sod18UuHH7MTQA22yqAF5jIlcYtAHGlNnl+sDPZACs
-369/Z9rOL9vPFL+Z3F/uJtqZzvN1QiCkj8jWzR0u9fh3eQwZADM2RwgwS4Gs2Ygh
-PsypDo33sFOwfX93KqKBsTHssn8SSDDaSnZ8bu1ATEdshbVieecuQx40UadPuJpw
-EPVqTR5AhviXQ9bKrTnU5T7EgkW9vNydkpLQQlMg3QE8hsndv4loGZbZGfNtqQHS
-/mg1t07S+7OEa4YaMW+wVOBOqTdW7OXlZFLfCcF5SYLM0SnlTMklRMxiqI4JqZXH
-0thnUGD0JjfLX4rTaZUzT3lrXXWzpS2jzutXQkjGv4nhGGprIDuT
-----END CERTIFICATE-----
-
-----BEGIN CERTIFICATE-----
-MIIEkDCCA/ugAwIBAgIIWnP9jF/2nogwCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
-MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
-A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDAzMDEwMDAwMDBaFw0xNDA0MTUwMDAw
-MDBaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
-CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
-MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
-b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlCnV+vj0sVPy8SqHL
-AlI+xwnPhWgzj2VevD6Nz1Zu1BeQ5m5y4CWCf+GmRGTP7+a/C510Fw6rpmInB0Ng
-xxwQ2rC08fJtCnijlGH/VjEPIHY5lRaAomcM8Rgx6JOuv9BpZJKpr9pyUMV53JeW
-RbWuLH5nEMdyk9NpetS2gWxt4/D20QlhK/tHkROrcLmEUddwIGdwE8JzI88c77Fu
-u6pgMtHKvl4GGH0yvb4T7PvCdH8V2tCH7bt8roXd9MSyFVy7uORkfouip7EsVREU
-mlcY5EvpR141KXbZqiOQiusJ+u76mEUQNk8wCR1/CW/ii9v1BKOVjXwCfEtIXjg0
-APJx1VNSSH6XoDpUETL+eQ4J0FL9XNbsDuYar7+zD0N1/5vSo3HLNRQR9f0lbsys
-sWBEN+CxK19xyPumr21Z0bU0f1B5H52VSF0q3I1Ju9wRo994a7YipdGcmZ2lChmT
-7r3mzlBTYl3poU26q34v8wG9U7Jv4fsZJ+RGebDI+TR3QG6Yod06l9oEYZxWXBY7
-STOs8wuTu3huSnan/IpWnV017Vsc61D5G+QrqcxZdXckt3anZKCF75JpUnJ7vuow
-TmmHlb8KIMa9mOvcuGX4P6mz8gTi2arl/aL27kj9Q0Jgv/y1ebe2Bx2P9TF6+VND
-DL3J/vSVlFeqLt2reAIBKnytLwIDAQABo4GIMIGFMA4GA1UdDwEB/wQEAwIApDAS
-BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTXXUgpaSwO9HOrQBxGqOOSFHsH
-EDAfBgNVHSMEGDAWgBS4Xu+uZ1C31vMH5Wq+VbNnOg2SPjAfBgNVHREEGDAWghRj
-bG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0BAQsDgYEAfPLKCAHnPzgMYLX/
-fWznVvOEFAAYZByPFx4QdMBbDZUtxHyvJIBs6PdxrdSuDwSiMqE7qQIi+jzzwGl9
-fC7vf45B2zCX0OW51QL2oWNBdKlGgB+b2pwyME82lX/Pr7V1GY10u+ep1xdZDnch
-DaMsXjQQTJu0iuG3qKEuCmUwOmc=
-----END CERTIFICATE-----
-
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/ca.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/ca.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIEmzCCA4OgAwIBAgIMAMSvNBgypwaaSQ5iMA0GCSqGSIb3DQEBBQUAMIGMMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVT
-VCBSb290IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTIx
-MjEyMDIxMDMxWhcNMjIxMDIxMDIxMDMxWjCBjDELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoT
-CkNGU1NMIFRFU1QxGzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqG
-SIb3DQEJARYPdGVzdEB0ZXN0LmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAsRp1xSfIDoD/40Bo4Hls3sFn4dav5NgxbZGpVyGF7dJI9u0eEnL4
-BUGssPaUFLWC83CZxujUEiEfE0oKX+uOhhGv3+j5xSTNM764m2eSiN53cdZtK05d
-hwq9uS8LtjKOQeN1mQ5qmiqxBMdjkKgMsVw5lMCgoYKo57kaKFyXzdpNVDzqw+pt
-HWmuNtDQjK3qT5Ma06mYPmIGYhIZYLY7oJGg9ZEaNR0GIw4zIT5JRsNiaSb5wTLw
-aa0n/4vLJyVjLJcYmJBvZWj8g+taK+C4INu/jGux+bmsC9hq14tbOaTNAn/NE0qN
-8oHwcRBEqfOdEYdZkxI5NWPiKNW/Q+AeXQIDAQABo4H6MIH3MB0GA1UdDgQWBBS3
-0veEuqg51fusEM4p/YuWpBPsvTCBxAYDVR0jBIG8MIG5gBS30veEuqg51fusEM4p
-/YuWpBPsvaGBkqSBjzCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
-aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoTCkNGU1NMIFRFU1Qx
-GzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqGSIb3DQEJARYPdGVz
-dEB0ZXN0LmxvY2FsggwAxK80GDKnBppJDmIwDwYDVR0TBAgwBgEB/wIBADANBgkq
-hkiG9w0BAQUFAAOCAQEAJ7r1EZYDwed6rS0+YKHdkRGRQ5Rz6A9DIVBPXrSMAGj3
-F5EF2m/GJbhpVbnNJTVlgP9DDyabOZNxzdrCr4cHMkYYnocDdgAodnkw6GZ/GJTc
-depbVTR4TpihFNzeDEGJePrEwM1DouGswpu97jyuCYZ3z1a60+a+3C1GwWaJ7Aet
-Uqm+yLTUrMISsfnDPqJdM1NeqW3jiZ4IgcqJkieCCSpag9Xuzrp9q6rjmePvlQkv
-qz020JGg6VijJ+c6Tf5y0XqbAhkBTqYtVamu9gEth9utn12EhdNjTZMPKMjjgFUd
-H0N6yOEuQMl4ky7RxZBM0iPyeob6i4z2LEQilgv9MQ==
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/ca_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/ca_key.pem
@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxGnXFJ8gOgP/j
-QGjgeWzewWfh1q/k2DFtkalXIYXt0kj27R4ScvgFQayw9pQUtYLzcJnG6NQSIR8T
-Sgpf646GEa/f6PnFJM0zvribZ5KI3ndx1m0rTl2HCr25Lwu2Mo5B43WZDmqaKrEE
-x2OQqAyxXDmUwKChgqjnuRooXJfN2k1UPOrD6m0daa420NCMrepPkxrTqZg+YgZi
-EhlgtjugkaD1kRo1HQYjDjMhPklGw2JpJvnBMvBprSf/i8snJWMslxiYkG9laPyD
-61or4Lgg27+Ma7H5uawL2GrXi1s5pM0Cf80TSo3ygfBxEESp850Rh1mTEjk1Y+Io
-1b9D4B5dAgMBAAECggEAKHhjcSomDSptTwDo9mLI/h40HudwSlsc8GzYxZBjinUD
-N2n39T9QbeMUE1xFenX/9qFEgq+xxnLLJx1EQacSapCgIAqdCO/f9HMgvGJumdg8
-c0cMq1i9Bp7tu+OESZ5D48qWlOM2eQRIb08g8W11eRIaFmPuUPoKnuktkQuXpPJc
-YbS/+JuA8SDwe6sV0cMCQuS+iHFfeGwWCKrDUkhLwcL3waW3od2XFyOeFFWFhl0h
-HmM/mWKRuRdqR7hrmArTwFZVkB+o/1ywVYXIv+JQm0eNZ5PKLNJGL2f5oxbMR/JI
-AoK0bAlJmYaFp96h1KpbPwLEL/0hHSWA7sAyJIgQAQKBgQDaEAZor/w4ZUTekT1+
-cbId0yA+ikDXQOfXaNCSh9Pex+Psjd5zVVOqyVFJ29daRju3d7rmpN4Cm5V4h0l1
-/2ad207rjCAnpCHtaddJWNyJzF2IL2IaoCZQRp0k7zOjBGQpoWDTwBaEin5CCv3P
-kkdQkKz6FDP1xskHSLZr21/QCQKBgQDP6jXutEgGjf3yKpMFk/69EamJdon8clbt
-hl7cOyWtobnZhdOWVZPe00Oo3Jag2aWgFFsm3EtwnUCnR4d4+fXRKS2LkhfIUZcz
-cKy17Ileggdd8UGhL4RDrF/En9tJL86WcVkcoOrqLcGB2FLWrVhVpHFK74eLMCH/
-uc/+ioPItQKBgHYoDsD08s7AGMQcoNx90MyWVLduhFnegoFW+wUa8jOZzieka6/E
-wVQeR5yksZjpy3vLNYu6M83n7eLkM2rrm/fXGHlLcTTpm7SgEBZfPwivotKjEh5p
-PrlqucWEk082lutz1RqHz+u7e1Rfzk2F7nx6GDBdeBYpw03eGXJx6QW5AoGBAIJq
-4puyAEAET1fZNtHX7IGCk7sDXTi6LCbgE57HhzHr8V0t4fQ6CABMuvMwM1gATjEk
-s6yjoLqqGUUUzDipanViBAy5fiuManC868lN7zkWDTLzQ3ytBqVAee4na/DziP27
-ae9YTSLJwskE/alloLRP6zTbHUXE0n7LelmrX1DFAoGBAMFLl+Lu+WFgCHxBjn43
-rHpJbQZQmsFhAMhkN4hsj6dJfAGn2gRLRiVRAika+8QF65xMZiVQWUVSUZADWERi
-0SXGjzN1wYxO3Qzy3LYwws6fxFAq5lo79eb38yFT2lHdqK3x/QgiDSRVl+R6cExV
-xQB518/lp2eIeMpglWByDwJX
-----END PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert.der
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert.der
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert.pem
@ -1,13 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIB7DCCAZKgAwIBAgIIE/Qz49ebG7kwCgYIKoZIzj0EAwIwTDELMAkGA1UEBhMC
-VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
-EDAOBgNVBAoTB2FjbWUuY28wHhcNMTcwNTIzMTk1MTQ0WhcNMTcwODIzMDE1NjQ0
-WjBMMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
-U2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHYWNtZS5jbzBZMBMGByqGSM49AgEGCCqG
-SM49AwEHA0IABEW8F+k/avvdBm/KRsuDnTZ3p+VuVdsqDF+aD9nIYeOhx5sj574y
-hEIZOpgbEsi3BvqY63y2jYyPFodf25+CA9GjXjBcMA4GA1UdDwEB/wQEAwIFoDAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-HQ4EFgQUzDpu+HN89EC1M8aNl7f0Ln5JnnIwCgYIKoZIzj0EAwIDSAAwRQIgC4/r
-urbw/pzE3LDA6GpIts6TVyzgftLLEfU2BzQsjp0CIQDo+sn8t7XC6JN4KKRr2ABl
-ZI+JifgG+2KCy9ln2LxGJQ==
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert_pkcs7.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert_pkcs7.pem
@ -1,14 +0,0 @@
-----BEGIN PKCS7-----
-MIICHQYJKoZIhvcNAQcCoIICDjCCAgoCAQExADALBgkqhkiG9w0BBwGgggHwMIIB
-7DCCAZKgAwIBAgIIE/Qz49ebG7kwCgYIKoZIzj0EAwIwTDELMAkGA1UEBhMCVVMx
-EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAO
-BgNVBAoTB2FjbWUuY28wHhcNMTcwNTIzMTk1MTQ0WhcNMTcwODIzMDE1NjQ0WjBM
-MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2Fu
-IEZyYW5jaXNjbzEQMA4GA1UEChMHYWNtZS5jbzBZMBMGByqGSM49AgEGCCqGSM49
-AwEHA0IABEW8F+k/avvdBm/KRsuDnTZ3p+VuVdsqDF+aD9nIYeOhx5sj574yhEIZ
-OpgbEsi3BvqY63y2jYyPFodf25+CA9GjXjBcMA4GA1UdDwEB/wQEAwIFoDAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
-FgQUzDpu+HN89EC1M8aNl7f0Ln5JnnIwCgYIKoZIzj0EAwIDSAAwRQIgC4/rurbw
-/pzE3LDA6GpIts6TVyzgftLLEfU2BzQsjp0CIQDo+sn8t7XC6JN4KKRr2ABlZI+J
-ifgG+2KCy9ln2LxGJaEAMQA=
-----END PKCS7-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert_with_whitespace.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/cert_with_whitespace.pem
@ -1,15 +0,0 @@
-
-----BEGIN CERTIFICATE-----
-MIIB7DCCAZKgAwIBAgIIE/Qz49ebG7kwCgYIKoZIzj0EAwIwTDELMAkGA1UEBhMC
-VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
-EDAOBgNVBAoTB2FjbWUuY28wHhcNMTcwNTIzMTk1MTQ0WhcNMTcwODIzMDE1NjQ0
-WjBMMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
-U2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHYWNtZS5jbzBZMBMGByqGSM49AgEGCCqG
-SM49AwEHA0IABEW8F+k/avvdBm/KRsuDnTZ3p+VuVdsqDF+aD9nIYeOhx5sj574y
-hEIZOpgbEsi3BvqY63y2jYyPFodf25+CA9GjXjBcMA4GA1UdDwEB/wQEAwIFoDAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-HQ4EFgQUzDpu+HN89EC1M8aNl7f0Ln5JnnIwCgYIKoZIzj0EAwIDSAAwRQIgC4/r
-urbw/pzE3LDA6GpIts6TVyzgftLLEfU2BzQsjp0CIQDo+sn8t7XC6JN4KKRr2ABl
-ZI+JifgG+2KCy9ln2LxGJQ==
-----END CERTIFICATE-----
-
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/ecdsa256.csr
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/ecdsa256.csr
@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
-z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
-PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
-d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
-cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
-VLcv28Q=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/empty.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/empty.pem
@ -1 +0,0 @@
-
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/empty_pkcs7.der
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/empty_pkcs7.der
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/empty_pkcs7.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/empty_pkcs7.pem
@ -1,3 +0,0 @@
-----BEGIN PKCS7-----
-MCcGCSqGSIb3DQEHAqAaMBgCAQExADALBgkqhkiG9w0BBwGgAKEAMQA=
-----END PKCS7-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/emptycert.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/emptycert.pem
@ -1,2 +0,0 @@
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----LSKFSKLF
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/emptypasswordpkcs12.p12
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/emptypasswordpkcs12.p12
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/enc_priv_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/enc_priv_key.pem
@ -1,30 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,90B8A5792FA2FE75B2053582F3DF394F
-
-yVY2xuth5fdJBg9gg+6eP3qTsr0CJ2mGEDW6rvYmYuATSRF1hVERrsznxJYjYLaw
-JHec8FVr78y4aXxI/aFzlxLkS8f12WjTtIhzHwhzgSJDwVOXSRphnLAeHWnhEKLe
-7kO+vzoTPIc3ECwdvtr6//z2tP1/sac+yIhL6C+x2rS5hFHhmDUXtILPxxfHJCiM
-qtKiiOZz3W6008CeJMC9ZPlKHDvpq7aIL4rfVP/GkZ+/teQkgWNpMxac7+gWLKuK
-109v6pu+8KT49D6SMsaZPvAb5PXcIB79ZCPI1JX0V26CKcswba4RHG/h1xifwyAF
-OIvmK29mmFqbx5GPlUefRUuPwRJKCXFiK6LTdhCwLYodtXde4ibvOFYy4onGoVax
-I5WVaOhQMqp+mxA6z7odrIvuFcQGixIA+peaaSbpNZSZGuxRvVefcdxPbJ+26Ijs
-wq8uyalbwhKtjPTPNkMaaYzJdWS7wd2DS4RM9JT8Y1h6NTftCY3c+/txOlt5pQzW
-T8n+NTd4o+PFOHzMnmEnrtf9Y/SSzXDB2OPCD95YdIXItQDdKcjK0NmnY8GNfkWL
-G30NJNy3/DR7Sa5u4xuqNgcgTFhgZaOQ1IVB3p5VjknqAX3gWFu2DrqzbH45071A
-He7VbdbzBpMHI2EdiCVOuK9fD/5sv25u9vVC2NHtG/YcoEQv+RB52TNHn9kdiMj1
-gLaywPqGjFmaPxI0xX07BrL+D9RruUT1GAEyw4JAHuJZIyq3+V98wmV/pEqwc7hp
-8WuSi6YddetfF4NPA5cGWt8qZ1it+wD/1ydQEAQsxdANqi0XVudYpYox02EoRS02
-up0sd9zqz83pN9RyOOKtGcHdt85gb9DYRVeff1UszMaoVULxqxYetwtzpiHn6grL
-DmnSk+DYgvXKOVt8tmSJysDTumhK1VN3xb34TYYJxeBOQJLzWFjGSELEpphZAQSj
-rS4OM1FwoP48wvASGiWD4VUJ6v+6F+NDvJr01S+zWGLg1EeUZJmXGHW5GrGd4Kgx
-3rdeOsrED9oXKp2cpgx9avXJ9upixja9MbAPp7RkSyeHMPvsuaI44xvOP3f0crmG
-d/5CdBKVT7nFaeTGSx/78kHb3VJyopAMm9k0V3CheKwBXXSbXmV1+0muBxMHsEI3
-aEKaI0y5cDfTewzo/U0l0kGtxF6kUPN1pdjFpAvssRlkGttFOC2nWxHwaNHpn7Kq
-gFAlN6P4cyB6kb+LvckIYTZ/tV39dx7PfL0KG5TWjJ4a9GSoL1IrAhQq+Qv6oUEt
-1vlejZoKyZ/35fni0fmeYNho+pCPimm6l+sHTuXkrWgGLr0S9O00HFLz11D7R4o9
-7mF4JkMNztT+ENOdT4xQBi3OGjRGMwtE6PsQPfDeu13Vq6eDtdEGUdhW1kAsGnBi
-eJRuysnGpnoWofJ7yS0+DhnS4GAVi907TMrQWwmez9V4CXl4NBc8X9T69TFL2LsW
-2KU9NUXdiCRZqZHD41gd3+RuRA/oXh50V9oaow+uepwYKTFyzde5IH1/DgBd7tOd
-Fa2fM5/zSA0uFPRb3yCVhRg5d6J9t5yaPAz7Jp0D1mDDGsMBD1O/FYJvWoANEwUX
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/messed_up_bundle.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/messed_up_bundle.pem
@ -1,48 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIEczCCAl2gAwIBAgIIDARj8BWNsscwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
-EwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdp
-bmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
-cm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5jb20wHhcNMTQwMzAyMDAw
-MDAwWhcNMTkwNDAxMDAwMDAwWjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNs
-b3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcT
-FHsHEDAfBgNVHREEGDAWghRjbG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0B
-AQsDggIBACRqAC5EJEe+8ihv1WzCUMEMb7KtS0BqoNbdXE32ia66PgJSQmHcmeJd
-FI1UjL0DlljTM2tc+8KxR/1/qnKiI+W/D4wFTWOY/JWFOd15q7lXuKGl+8PMkAHF
-A145JCr6oZoO9G9wUwVUrbmXAbyPCOfzsEQ2+mD9F1ZpoEjzVhtGf0R+vnYrRw8j
-4WCv5AIcYRAf7HZxbhMILF1bccNlqyUtdH+/MTHXpjkjJjA5KbsHBrAEfjAXkD7c
-WWOay6m7mVWb3PPFmGorP6t29baEETK9ZTZSrfD9rnExjjUCftWJEn0M4Pp98DvT
-br6+bg8jwtq73qdyOfNsC/Sod18UuHH7MTQA22yqAF5jIlcYtAHGlNnl+sDPZACs
-369/Z9rOL9vPFL+Z3F/uJtqZzvN1QiCkj8jWzR0u9fh3eQwZADM2RwgwS4Gs2Ygh
-PsypDo33sFOwfX93KqKBsTHssn8SSDDaSnZ8bu1ATEdshbVieecuQx40UadPuJpw
-EPVqTR5AhviXQ9bKrTnU5T7EgkW9vNydkpLQQlMg3QE8hsndv4loGZbZGfNtqQHS
-/mg1t07S+7OEa4YaMW+wVOBOqTdW7OXlZFLfCcF5SYLM0SnlTMklRMxiqI4JqZXH
-0thnUGD0JjfLX4rTaZUzT3lrXXWzpS2jzutXQkjGv4nhGGprIDuT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIEkDCCA/ugAwIBAgIIWnP9jF/2nogwCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
-MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
-A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDAzMDEwMDAwMDBaFw0xNDA0MTUwMDAw
-MDBaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
-CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
-MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
-b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlCnV+vj0sVPy8SqHL
-AlI+xwnPhWgzj2VevD6Nz1Zu1BeQ5m5y4CWCf+GmRGTP7+a/C510Fw6rpmInB0Ng
-xxwQ2rC08fJtCnijlGH/VjEPIHY5lRaAomcM8Rgx6JOuv9BpZJKpr9pyUMV53JeW
-RbWuLH5nEMdyk9NpetS2gWxt4/D20QlhK/tHkROrcLmEUddwIGdwE8JzI88c77Fu
-u6pgMtHKvl4GGH0yvb4T7PvCdH8V2tCH7bt8roXd9MSyFVy7uORkfouip7EsVREU
-mlcY5EvpR141KXbZqiOQiusJ+u76mEUQNk8wCR1/CW/ii9v1BKOVjXwCfEtIXjg0
-APJx1VNSSH6XoDpUETL+eQ4J0FL9XNbsDuYar7+zD0N1/5vSo3HLNRQR9f0lbsys
-sWBEN+CxK19xyPumr21Z0bU0f1B5H52VSF0q3I1Ju9wRo994a7YipdGcmZ2lChmT
-7r3mzlBTYl3poU26q34v8wG9U7Jv4fsZJ+RGebDI+TR3QG6Yod06l9oEYZxWXBY7
-STOs8wuTu3huSnan/IpWnV017Vsc61D5G+QrqcxZdXckt3anZKCF75JpUnJ7vuow
-TmmHlb8KIMa9mOvcuGX4P6mz8gTi2arl/aL27kj9Q0Jgv/y1ebe2Bx2P9TF6+VND
-DL3J/vSVlFeqLt2reAIBKnytLwIDAQABo4GIMIGFMA4GA1UdDwEB/wQEAwIApDAS
-BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTXXUgpaSwO9HOrQBxGqOOSFHsH
-EDAfBgNVHSMEGDAWgBS4Xu+uZ1C31vMH5Wq+VbNnOg2SPjAfBgNVHREEGDAWghRj
-bG91ZGZsYXJlLWludGVyLmNvbTALBgkqhkiG9w0BAQsDgYEAfPLKCAHnPzgMYLX/
-fWznVvOEFAAYZByPFx4QdMBbDZUtxHyvJIBs6PdxrdSuDwSiMqE7qQIi+jzzwGl9
-fC7vf45B2zCX0OW51QL2oWNBdKlGgB+b2pwyME82lX/Pr7V1GY10u+ep1xdZDnch
-DaMsXjQQTJu0iuG3qKEuCmUwOmc=
-----END CERTIFICATE-----
-SDFSDKjkfdlsdfj
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/messed_up_priv_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/messed_up_priv_key.pem
@ -1,20 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvGKyz9ZzIXI/BFrtqbVQMmKQkPZGndyfV3AzeSb2ulbS/s5k
-yNJMH/jKZiSCvZiJNnW+JNlJrgLxORMmPStPz/N/0L0vCTotQKZUiaBttFgHgobQ
-LFsbMnumt9It5W/uOwgWI9binuzvqyPXywLlYwOq3jkOmA22ymhflzRrl6a3jzcY
-hT9evxHl0gV4bN7KZ5p4wK/UUuG1uMEQLw87lUwRRHeW3ZG52VL38+redka+f5pa
-SGKyG5j0oe1NPLqAjckNgqvDdPMY2gicmCq0VSLzTNpHRsURTUSJvC/iv34vVfba
-gIYgTvm8BvGbJSlZqP4kEVlOfd3vmB0ttUeoDwIDAQABAoIBAHZdpXCFlA1d1U6N
-O2s4a01dNOyAcVpa9xtfelgTLU9jomtLj3PG/uHP1oxbQHKUVxKK5JAOnwbg/mQY
-LhydDCbjHlovpFAt56UJXXCkBoocDYvr3P0huXL80oIJY6EXtR4ONKsMJ5Qn12c2
-vC3ogey2rzO1sf/EDigbcIR3AWtk1Tx8ZDUooktOFypIsDQgjjxXiURGssAlMPSh
-6GVgO4JRRG6oRxEna7yDe7izmh/hC5sxSYLsEikCgYEAsBHhb/Qef5obRCSrfFuQ
-41P7MCtGrXVxKD3iCDGQCzVbEbYGpmZnGsXSaHljp2FtnamaGGEudYziozGKPHjs
-pbTbsLIDbmNwxz1WcaZ1iyIjtOxcAEqDod8hY4hL6SaxypwTHn4Ydbw2NGzp11Eg
-Di4SVL82utjycATdKFvBzdsCgYB/3M+GMrt0Sh87rKcQLdL709Kzjcfhvm4HjIbJ
-GSXGPCZaYMKaXRTdNAjtRKxMawc9qcf0xSBEHL0GkB158TzusDQtjP1anTcYOnl6
-GsO4bRivp314iNlP4r3S3bIXqBxCGH3HbrvpdPFAN//qjYmAki2lFQZywfvbQOE8
-oFQHwQKBgHqJkTck2DGlXQIwA7jirLggISXjSPlsG4w4LuhY9ivyNKLUi4x5k1cE
-bX7SrRtJErQ1WaDN4TFG25xnysi5h+aPinuySatd0XmA5+dE1YjTqqShMO+lUpzi
-PrOQl6Eva/uw5BDAcUH4AaXTNRvvtXQptUil9qXyOh6fszikA9Mm
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/messedupcert.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/messedupcert.pem
@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
-bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
-MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
-MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
-cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
-MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
-dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
-uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
-aq+K7aVrgHkPnWeRiG6tl+ZA
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/multiplecerts.p12
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/multiplecerts.p12
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/noheadercert.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/noheadercert.pem
@ -1,9 +0,0 @@
-MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
-bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
-MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
-MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
-cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
-MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
-dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
-uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
-aq+K7aVrgHkPnWeRiG6tl+ZA
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/passwordpkcs12.p12
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/passwordpkcs12.p12
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/priv_rsa_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/priv_rsa_key.pem
@ -1,28 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvGKyz9ZzIXI/BFrtqbVQMmKQkPZGndyfV3AzeSb2ulbS/s5k
-yNJMH/jKZiSCvZiJNnW+JNlJrgLxORMmPStPz/N/0L0vCTotQKZUiaBttFgHgobQ
-LFsbMnumt9It5W/uOwgWI9binuzvqyPXywLlYwOq3jkOmA22ymhflzRrl6a3jzcY
-hT9evxHl0gV4bN7KZ5p4wK/UUuG1uMEQLw87lUwRRHeW3ZG52VL38+redka+f5pa
-SGKyG5j0oe1NPLqAjckNgqvDdPMY2gicmCq0VSLzTNpHRsURTUSJvC/iv34vVfba
-gIYgTvm8BvGbJSlZqP4kEVlOfd3vmB0ttUeoDwIDAQABAoIBAHZdpXCFlA1d1U6N
-O2s4a01dNOyAcVpa9xtfelgTLU9jomtLj3PG/uHP1oxbQHKUVxKK5JAOnwbg/mQY
-LhydDCbjHlovpFAt56UJXXCkBoocDYvr3P0huXL80oIJY6EXtR4ONKsMJ5Qn12c2
-vC3ogey2rzO1sf/EDigbcIR3AWtk1Tx8ZDUooktOFypIsDQgjjxXiURGssAlMPSh
-1BFz4StRUK4bESaja0GiHwbuxHa+XYEBlK5OqMo/fpWqpgHhV/42+7wdcBMJsMr8
-rFBe6m+r6TTbLSGJNowyd05XrjoAI35qduckpJ3Voun90i4ynTudjdJ/vHpIqB74
-qQLFW2ECgYEA+GSRVqobaKKakNUFGmK0I5T5Tikz5f137YXXER6aLtDQNiSrlXNi
-0aphkC/EfRO3oNvamq5+55bmmgDVoNNPDfpajKz+LZyG8GC2EXlTKO0hZS64KRRl
-C+bd+ZsYiUDImNVRbIHN82f+BQgsgXlTaWpBOrEqmoePO/J44O4eX3cCgYEAwieq
-amY4UaY+MhWPJFRK1y9M3hM8+N9N/35CFewQUdFJosC6vVQ4t8jNkSOxVQdgbNwE
-i/bTBgIwg82JJYbBUPuCVeTT3i6zxymf/FLumrI73URD81IN6FiH1skg0hSFrvs0
-6GVgO4JRRG6oRxEna7yDe7izmh/hC5sxSYLsEikCgYEAsBHhb/Qef5obRCSrfFuQ
-41P7MCtGrXVxKD3iCDGQCzVbEbYGpmZnGsXSaHljp2FtnamaGGEudYziozGKPHjs
-pbTbsLIDbmNwxz1WcaZ1iyIjtOxcAEqDod8hY4hL6SaxypwTHn4Ydbw2NGzp11Eg
-Di4SVL82utjycATdKFvBzdsCgYB/3M+GMrt0Sh87rKcQLdL709Kzjcfhvm4HjIbJ
-GSXGPCZaYMKaXRTdNAjtRKxMawc9qcf0xSBEHL0GkB158TzusDQtjP1anTcYOnl6
-GsO4bRivp314iNlP4r3S3bIXqBxCGH3HbrvpdPFAN//qjYmAki2lFQZywfvbQOE8
-oFQHwQKBgHqJkTck2DGlXQIwA7jirLggISXjSPlsG4w4LuhY9ivyNKLUi4x5k1cE
-bX7SrRtJErQ1WaDN4TFG25xnysi5h+aPinuySatd0XmA5+dE1YjTqqShMO+lUpzi
-PrOQl6Eva/uw5BDAcUH4AaXTNRvvtXQptUil9qXyOh6fszikA9Mm
-----END RSA PRIVATE KEY-----
-
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/private_ecdsa_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/private_ecdsa_key.pem
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MGgCAQEEHCGXsrNo2xfy8+zd4Pzj8rcQ5KqQO43au1t/7nugBwYFK4EEACGhPAM6
-AASJodCTtj5aYXnWxMiYhwjEgNQJJbNzJFEbsGJX9pCWZC673ammTWFHMjnMPkS/
-9eU5YeW40BHqfw==
-----END EC PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/rsa-old.csr
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/rsa-old.csr
@ -1,19 +0,0 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
-WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
-f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
-A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
-C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
-+anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
-OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
-bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
-gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
-AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
-iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
-QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
-anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
-cJZNboDRsItpccZuRQ==
-----END NEW CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/secp256k1-key.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/secp256k1-key.pem
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHQCAQEEIJLKycmoCAk4HqlJGdsuFyHsxfIheKsLH91tS/TNP5OOoAcGBSuBBAAK
-oUQDQgAEBkmL7cvC2cgchzfSuUZPGnzH0FqBtf3kGhSllQiIzGDn4envPXNqp+93
-V2NZ8VT+Aba4ln2Vbp9gYrKquut5Zg==
-----END EC PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/test.bad.csr.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/test.bad.csr.pem
@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICzDCCAbQCAQAwgYYxCzAJBgNVBAYTAkVOMQ0wCwYDVQQIDARub25lMQ0wCwYD
-VQQHDARub25lMRIwEAYDVQQKDAlXaWtpcGVkaWExDTALBgNVBAsMBG5vbmUxGDAW
-BgNVBAMMDyoud2lraXBlZGlhLm9yZzEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25l
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP/U8RlcCD6E8AL
-PT8LLUR9ygyygPCaSmIEC8zXGJung3ykElXFRz/Jc/bu0hxCxi2YDz5IjxBBOpB/
-kieG83HsSmZZtR+drZIQ6vOsr/ucvpnB9z4XzKuabNGZ5ZiTSQ9L7Mx8FzvUTq5y
-57HhA7ECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBn8OCVOIx+n0AS6WbEmYDR
-SspR9xOCoOwYfamB+2Bpmt82R01zJ/kaqzUtZUjaGvQvAaz5lUwoMdaO0X7I5Xfl
-sllMFDaYoGD4Rru4s8gz2qG/QHWA8uPXzJVAj6X0olbIdLTEqTKsnBj4Zr1AJCNy
-/YcG4ouLJr140o26MhwBpoCRpPjAgdYMH60BYfnc4/DILxMVqR9xqK1s98d6Ob/+
-3wHFK+S7BRWrJQXcM8veAexXuk9lHQ+FgGfD0eSYGz0kyP26Qa2pLTwumjt+nBPl
-rfJxaLHwTQ/1988G0H35ED0f9Md5fzoKi5evU1wG5WRxdEUPyt3QUXxdQ69i0C+7
-----END CERTIFICATE REQUEST-----
-
--- a/vendor/github.com/cloudflare/cfssl/helpers/testdata/test.csr.pem
+++ b/vendor/github.com/cloudflare/cfssl/helpers/testdata/test.csr.pem
@ -1,18 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICzDCCAbQCAQAwgYYxCzAJBgNVBAYTAkVOMQ0wCwYDVQQIDARub25lMQ0wCwYD
-VQQHDARub25lMRIwEAYDVQQKDAlXaWtpcGVkaWExDTALBgNVBAsMBG5vbmUxGDAW
-BgNVBAMMDyoud2lraXBlZGlhLm9yZzEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25l
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP/U8RlcCD6E8AL
-PT8LLUR9ygyygPCaSmIEC8zXGJung3ykElXFRz/Jc/bu0hxCxi2YDz5IjxBBOpB/
-kieG83HsSmZZtR+drZIQ6vOsr/ucvpnB9z4XzKuabNGZ5ZiTSQ9L7Mx8FzvUTq5y
-/ArIuM+FBeuno/IV8zvwAe/VRa8i0QjFXT9vBBp35aeatdnJ2ds50yKCsHHcjvtr
-9/8zPVqqmhl2XFS3Qdqlsprzbgksom67OobJGjaV+fNHNQ0o/rzP//Pl3i7vvaEG
-7Ff8tQhEwR9nJUR1T6Z7ln7S6cOr23YozgWVkEJ/dSr6LAopb+cZ88FzW5NszU6i
-57HhA7ECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBn8OCVOIx+n0AS6WbEmYDR
-SspR9xOCoOwYfamB+2Bpmt82R01zJ/kaqzUtZUjaGvQvAaz5lUwoMdaO0X7I5Xfl
-sllMFDaYoGD4Rru4s8gz2qG/QHWA8uPXzJVAj6X0olbIdLTEqTKsnBj4Zr1AJCNy
-/YcG4ouLJr140o26MhwBpoCRpPjAgdYMH60BYfnc4/DILxMVqR9xqK1s98d6Ob/+
-3wHFK+S7BRWrJQXcM8veAexXuk9lHQ+FgGfD0eSYGz0kyP26Qa2pLTwumjt+nBPl
-rfJxaLHwTQ/1988G0H35ED0f9Md5fzoKi5evU1wG5WRxdEUPyt3QUXxdQ69i0C+7
-----END CERTIFICATE REQUEST-----
-
--- a/vendor/github.com/cloudflare/cfssl/initca/initca_test.go
+++ b/vendor/github.com/cloudflare/cfssl/initca/initca_test.go
@ -1,385 +0,0 @@
-package initca
-
-import (
-	"bytes"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"io/ioutil"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/cloudflare/cfssl/config"
-	"github.com/cloudflare/cfssl/csr"
-	"github.com/cloudflare/cfssl/helpers"
-	"github.com/cloudflare/cfssl/signer"
-	"github.com/cloudflare/cfssl/signer/local"
-)
-
-var validKeyParams = []csr.BasicKeyRequest{
-	{A: "rsa", S: 2048},
-	{A: "rsa", S: 3072},
-	{A: "rsa", S: 4096},
-	{A: "ecdsa", S: 256},
-	{A: "ecdsa", S: 384},
-	{A: "ecdsa", S: 521},
-}
-
-var validCAConfigs = []csr.CAConfig{
-	{PathLength: 0, PathLenZero: true},
-	{PathLength: 0, PathLenZero: false},
-	{PathLength: 2},
-	{PathLength: 2, Expiry: "1h"},
-	// invalid PathLenZero value will be ignored
-	{PathLength: 2, PathLenZero: true},
-}
-
-var invalidCAConfig = csr.CAConfig{
-	PathLength: 2,
-	// Expiry must be a duration string
-	Expiry: "2116/12/31",
-}
-var csrFiles = []string{
-	"testdata/rsa2048.csr",
-	"testdata/rsa3072.csr",
-	"testdata/rsa4096.csr",
-	"testdata/ecdsa256.csr",
-	"testdata/ecdsa384.csr",
-	"testdata/ecdsa521.csr",
-}
-
-var testRSACAFile = "testdata/5min-rsa.pem"
-var testRSACAKeyFile = "testdata/5min-rsa-key.pem"
-var testECDSACAFile = "testdata/5min-ecdsa.pem"
-var testECDSACAKeyFile = "testdata/5min-ecdsa-key.pem"
-
-var invalidCryptoParams = []csr.BasicKeyRequest{
-	// Weak Key
-	{A: "rsa", S: 1024},
-	// Bad param
-	{A: "rsaCrypto", S: 2048},
-	{A: "ecdsa", S: 2000},
-}
-
-func TestInitCA(t *testing.T) {
-	var req *csr.CertificateRequest
-	hostname := "cloudflare.com"
-	for _, param := range validKeyParams {
-		for _, caconfig := range validCAConfigs {
-			req = &csr.CertificateRequest{
-				Names: []csr.Name{
-					{
-						C:  "US",
-						ST: "California",
-						L:  "San Francisco",
-						O:  "CloudFlare",
-						OU: "Systems Engineering",
-					},
-				},
-				CN:         hostname,
-				Hosts:      []string{hostname, "www." + hostname},
-				KeyRequest: &param,
-				CA:         &caconfig,
-			}
-			certBytes, _, keyBytes, err := New(req)
-			if err != nil {
-				t.Fatal("InitCA failed:", err)
-			}
-			key, err := helpers.ParsePrivateKeyPEM(keyBytes)
-			if err != nil {
-				t.Fatal("InitCA private key parsing failed:", err)
-			}
-			cert, err := helpers.ParseCertificatePEM(certBytes)
-			if err != nil {
-				t.Fatal("InitCA cert parsing failed:", err)
-			}
-
-			// Verify key parameters.
-			switch req.KeyRequest.Algo() {
-			case "rsa":
-				if cert.PublicKey.(*rsa.PublicKey).N.BitLen() != param.Size() {
-					t.Fatal("Cert key length mismatch.")
-				}
-				if key.(*rsa.PrivateKey).N.BitLen() != param.Size() {
-					t.Fatal("Private key length mismatch.")
-				}
-			case "ecdsa":
-				if cert.PublicKey.(*ecdsa.PublicKey).Curve.Params().BitSize != param.Size() {
-					t.Fatal("Cert key length mismatch.")
-				}
-				if key.(*ecdsa.PrivateKey).Curve.Params().BitSize != param.Size() {
-					t.Fatal("Private key length mismatch.")
-				}
-			}
-
-			// Verify CA MaxPathLen
-			if caconfig.PathLength == 0 && cert.MaxPathLenZero != caconfig.PathLenZero {
-				t.Fatalf("fail to init a CA cert with specified CA pathlen zero: expect %v, got %v", caconfig.PathLenZero, cert.MaxPathLenZero)
-			}
-
-			if caconfig.PathLength != 0 {
-				if cert.MaxPathLen != caconfig.PathLength {
-					t.Fatalf("fail to init a CA cert with specified CA pathlen: expect %d, got %d", caconfig.PathLength, cert.MaxPathLen)
-				}
-				if cert.MaxPathLenZero != false {
-					t.Fatalf("fail to init a CA cert with specified CA pathlen zero: expect false, got %t", cert.MaxPathLenZero)
-				}
-			}
-
-			// Replace the default CAPolicy with a test (short expiry) version.
-			CAPolicy = func() *config.Signing {
-				return &config.Signing{
-					Default: &config.SigningProfile{
-						Usage:        []string{"cert sign", "crl sign"},
-						ExpiryString: "300s",
-						Expiry:       300 * time.Second,
-						CAConstraint: config.CAConstraint{IsCA: true},
-					},
-				}
-			}
-
-			// Start a signer
-			s, err := local.NewSigner(key, cert, signer.DefaultSigAlgo(key), nil)
-			if err != nil {
-				t.Fatal("Signer Creation error:", err)
-			}
-			s.SetPolicy(CAPolicy())
-
-			// Sign RSA and ECDSA customer CSRs.
-			for _, csrFile := range csrFiles {
-				csrBytes, err := ioutil.ReadFile(csrFile)
-				if err != nil {
-					t.Fatal("CSR loading error:", err)
-				}
-				req := signer.SignRequest{
-					Request: string(csrBytes),
-					Hosts:   signer.SplitHosts(hostname),
-					Profile: "",
-					Label:   "",
-				}
-
-				bytes, err := s.Sign(req)
-				if err != nil {
-					t.Fatal(err)
-				}
-				customerCert, _ := helpers.ParseCertificatePEM(bytes)
-				if customerCert.SignatureAlgorithm != s.SigAlgo() {
-					t.Fatal("Signature Algorithm mismatch")
-				}
-				err = customerCert.CheckSignatureFrom(cert)
-				if err != nil {
-					t.Fatal("Signing CSR failed.", err)
-				}
-			}
-		}
-	}
-}
-func TestInvalidCAConfig(t *testing.T) {
-	hostname := "example.com"
-	req := &csr.CertificateRequest{
-		Names: []csr.Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         hostname,
-		Hosts:      []string{hostname, "www." + hostname},
-		KeyRequest: &validKeyParams[0],
-		CA:         &invalidCAConfig,
-	}
-
-	_, _, _, err := New(req)
-	if err == nil {
-		t.Fatal("InitCA with bad CAConfig should fail:", err)
-	}
-}
-func TestInvalidCryptoParams(t *testing.T) {
-	var req *csr.CertificateRequest
-	hostname := "cloudflare.com"
-	for _, invalidParam := range invalidCryptoParams {
-		req = &csr.CertificateRequest{
-			Names: []csr.Name{
-				{
-					C:  "US",
-					ST: "California",
-					L:  "San Francisco",
-					O:  "CloudFlare",
-					OU: "Systems Engineering",
-				},
-			},
-			CN:         hostname,
-			Hosts:      []string{hostname, "www." + hostname},
-			KeyRequest: &invalidParam,
-		}
-		_, _, _, err := New(req)
-		if err == nil {
-			t.Fatal("InitCA with bad params should fail:", err)
-		}
-
-		if !strings.Contains(err.Error(), `"code":2400`) {
-			t.Fatal(err)
-		}
-	}
-}
-
-type validation struct {
-	r *csr.CertificateRequest
-	v bool
-}
-
-var testValidations = []validation{
-	{&csr.CertificateRequest{}, false},
-	{&csr.CertificateRequest{
-		CN: "test CA",
-	}, true},
-	{&csr.CertificateRequest{
-		Names: []csr.Name{{}},
-	}, false},
-	{&csr.CertificateRequest{
-		Names: []csr.Name{
-			{O: "Example CA"},
-		},
-	}, true},
-}
-
-func TestValidations(t *testing.T) {
-	for i, tv := range testValidations {
-		err := validator(tv.r)
-		if tv.v && err != nil {
-			t.Fatalf("%v", err)
-		}
-
-		if !tv.v && err == nil {
-			t.Fatalf("%d: expected error, but no error was reported", i)
-		}
-	}
-}
-
-func TestRenewRSA(t *testing.T) {
-	certPEM, err := RenewFromPEM(testRSACAFile, testRSACAKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// must parse ok
-	cert, err := helpers.ParseCertificatePEM(certPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !cert.IsCA {
-		t.Fatal("renewed CA certificate is not CA")
-	}
-
-	// cert expiry must be 5 minutes
-	expiry := cert.NotAfter.Sub(cert.NotBefore).Seconds()
-	if expiry >= 301 || expiry <= 299 {
-		t.Fatal("expiry is not correct:", expiry)
-	}
-
-	// check subject
-
-	if cert.Subject.CommonName != "" {
-		t.Fatal("Bad CommonName")
-	}
-
-	if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "US" {
-		t.Fatal("Bad Subject")
-	}
-
-	if len(cert.Subject.Organization) != 1 || cert.Subject.Organization[0] != "CloudFlare, Inc." {
-		t.Fatal("Bad Subject")
-	}
-}
-
-func TestRenewECDSA(t *testing.T) {
-	certPEM, err := RenewFromPEM(testECDSACAFile, testECDSACAKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// must parse ok
-	cert, err := helpers.ParseCertificatePEM(certPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !cert.IsCA {
-		t.Fatal("renewed CA certificate is not CA")
-	}
-
-	// cert expiry must be 5 minutes
-	expiry := cert.NotAfter.Sub(cert.NotBefore).Seconds()
-	if expiry >= 301 || expiry <= 299 {
-		t.Fatal("expiry is not correct:", expiry)
-	}
-
-	// check subject
-
-	if cert.Subject.CommonName != "" {
-		t.Fatal("Bad CommonName")
-	}
-
-	if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "US" {
-		t.Fatal("Bad Subject")
-	}
-
-	if len(cert.Subject.Organization) != 1 || cert.Subject.Organization[0] != "CloudFlare, Inc." {
-		t.Fatal("Bad Subject")
-	}
-}
-
-func TestRenewMismatch(t *testing.T) {
-	_, err := RenewFromPEM(testECDSACAFile, testRSACAKeyFile)
-	if err == nil {
-		t.Fatal("Fail to detect cert/key mismatch")
-	}
-}
-
-func TestRenew(t *testing.T) {
-	in, err := ioutil.ReadFile(testECDSACAFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	cert, err := helpers.ParseCertificatePEM(in)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	in, err = ioutil.ReadFile(testECDSACAKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	priv, err := helpers.ParsePrivateKeyPEM(in)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	renewed, err := Update(cert, priv)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	newCert, err := helpers.ParseCertificatePEM(renewed)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !bytes.Equal(newCert.RawSubjectPublicKeyInfo, cert.RawSubjectPublicKeyInfo) {
-		t.Fatal("Update returned a certificate with different subject public key info")
-	}
-
-	if !bytes.Equal(newCert.RawSubject, cert.RawSubject) {
-		t.Fatal("Update returned a certificate with different subject info")
-	}
-
-	if !bytes.Equal(newCert.RawIssuer, cert.RawIssuer) {
-		t.Fatal("Update returned a certificate with different issuer info")
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa-key.pem
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa-key.pem
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIA8OzPeVZT0cXTAPdcXYefLRIqyUXa0f0SgYMJ2J1AVcoAoGCCqGSM49
-AwEHoUQDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI
-7LzfGbMU+KqWTgOwGhrPvpusep3fjw+dAQ==
-----END EC PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa.pem
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa.pem
@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIICUDCCAfagAwIBAgIIec5PjdpJcNYwCgYIKoZIzj0EAwIwejELMAkGA1UEBhMC
-VVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3QgQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYD
-VQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIzMDEwMFoXDTE1MTAwODIzMDYwMFow
-ejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNV
-BAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0D
-AQcDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI7Lzf
-GbMU+KqWTgOwGhrPvpusep3fjw+dAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud
-EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFDpLhSKBN3njfb6cXQCdRLzCZt0ZMB8G
-A1UdIwQYMBaAFDpLhSKBN3njfb6cXQCdRLzCZt0ZMAoGCCqGSM49BAMCA0gAMEUC
-IFU3BmzntGGeXZu2qWZx249nYn37S0AkCnQ3rUtI31bdAiEAsPICnZ+GB8yCN26N
-OL+N8dHvXiOvZ9/Vl488pyWOccY=
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa-key.pem
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa-key.pem
@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAtrYWs9ao2CpLWWLMyJJr3Bw7eJu3vSImzoqsBuhAREMaeuHm
-vAwqbByVpdxu1o+t0u6cMp/1M4YwDSxD4Ny3zEUUGse6yZpyph0+whdHSn1LOCxY
-KVwMtcYaEswenm0a+s/b9BYpbLv6lPoJ8+6bQNDuyyracDzlvGgk/HabemqDly4+
-W64tlrMUDHBuHHIm5EMF1sqVcinLCS8KsVDVfg4qKfzsZbTw0dDo5GZh1lPslkk9
-y8NzRltZjfJ3y5acv7SvIlETpy41VxScplR+Ot/6sXNJY3aEBT10smPXPABDeWjx
-FbnU5xacL/pC7pnKy734sL4lkvzKPDWZPsNMEwIDAQABAoIBAHIFHBHKib+sVS1I
-7MbWKR1JOQvBEV6kK1eFTmlZEpIG1kWNJ/J+HRMum2zQLRMUwsL5SNyG2fv3Z5Ew
-6IMw+joteahkr/oTuixT39A7uq+PlRtPAQ1+digRoj/MxebT65xNjtO56MwEWxIR
-H5jsdFJ0kDCVY4/bUPrMexhZ5Bj1xM3j8wpCPlVv2b9Ic/FUD9p6tOZDFhfSluiE
-87VsFHUImNvu4p/BAKUuKiz58cPNDHPAABsPrJR2SVU59roC4QtEmaxbmDkXUtB1
-+o+ypJQ0saqoffzHq7URebrJU9u+AV51UWaqHjg5OAe8eElOou6MHYX8R9cWZmJX
-UQKPyVECgYEAyLqstNHtA7R7+r4bW8Tr/kF7z+VvCfV9wB6TPT+ycuv3aU5+HYgR
-YRs2RBRtwI625hPk7AXEdbMt3SKoKjcMNMSD3qUK+fJFEyvOqRXiMJ2pLg04GlYZ
-cOInJd0T1q3O2cNLZwcWB1L0/KiV0dYHc4p+p5hisai3T9w7QthTUr8CgYEA6QVW
-jcsSBRFCokf/GKpTCVXIeqDSwrcEwoZh/RN6PlvgDwjw08G2IxKdAFs3/wxbKWHT
-xss+LQiMyBL8aRJvBUfotj5e5ZYESaSDqdeYv0Sydl1vfxcknHpTBRUdbyDtsOQn
-4X1ZEmfa9vFWS5P9fTFBC0BU2zzrhSlfQb6g360CgYBmnT+zBGo07aw/p7XWuRmn
-lhRUWEbmgXAyqa69rfVs2IJXfD/umuO/j6izLvpYaNzJS7xIiD5BqUK1/ISZaCC+
-TQPY6uhslFSJk2iHed9y2PZmy2010XQaCBLZQWZl5d6L5lGCrtWtEtSY4RoN9mtC
-vrc2uCkkB0sG8V/+MRaPgwKBgBiML2oQkn1mLBbcbssyZjz9hHkmqA1LKn0zmu8G
-NkKLezcaQgSMy5s2QsPe2C9OJexeGek/T/V+iRYqqdyHzJpJ0QIh3+1fuGPpqNUj
-mTvNCN/fR/ejgH/bgxNt/gPO/Ds+TdU7Vz7RIggRtH2RwYqGvctpo4bVDBqjGR3b
-7yahAoGAAgH97uN2FU1ffK0OAfMA1N58ikq/bg07KnJxO2CP5hrgsWK2ZVfeHUmU
-3k+xqQHCIuew55yO0tARTrFAh3Rj+zarA+PrtnzqW82wCIn8Fym3PFzbK2qrIMie
-yp0p4nBXsRmzinrPWKUYlFyRNY3Tcbstm5gUw2S4czSwwQeM/No=
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa.pem
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa.pem
@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID3DCCAsSgAwIBAgIIfbm2I1hwBa8wDQYJKoZIhvcNAQELBQAwejELMAkGA1UE
-BhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3Qg
-Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
-EQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIwMjEwMFoXDTE1MTAwODIwMjYw
-MFowejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAh
-BgNVBAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4g
-RnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAtrYWs9ao2CpLWWLMyJJr3Bw7eJu3vSImzoqsBuhAREMa
-euHmvAwqbByVpdxu1o+t0u6cMp/1M4YwDSxD4Ny3zEUUGse6yZpyph0+whdHSn1L
-OCxYKVwMtcYaEswenm0a+s/b9BYpbLv6lPoJ8+6bQNDuyyracDzlvGgk/HabemqD
-ly4+W64tlrMUDHBuHHIm5EMF1sqVcinLCS8KsVDVfg4qKfzsZbTw0dDo5GZh1lPs
-lkk9y8NzRltZjfJ3y5acv7SvIlETpy41VxScplR+Ot/6sXNJY3aEBT10smPXPABD
-eWjxFbnU5xacL/pC7pnKy734sL4lkvzKPDWZPsNMEwIDAQABo2YwZDAOBgNVHQ8B
-Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUCHoGEI1RZ8JN
-7UZ4zcTRll8nnnAwHwYDVR0jBBgwFoAUCHoGEI1RZ8JN7UZ4zcTRll8nnnAwDQYJ
-KoZIhvcNAQELBQADggEBAHRcbd6cSXV6IuT4jLV8k6OUUlxzobbiRnXJrLjy9Anx
-tyIUWv2XSh/4IEJa+/MLNIb28gU9Sa2y4GV1qAgOM5qUM2iQJyLem0pTg0WTVKlj
-ytEK1kUwQCNkc/xpDrPo5CbN3aDuW/VPntOJL1GSQzS7jzK3NeQ9sah9YYhk4Wsk
-jzHVI1sX+qzcuUqCIPhqmGR0JE8ZI5YzbMTZ4/B+oWxZ7EyzB8O+v6HVD4eQFBSq
-tyGhGbh7mUvuMpVJ8FIX4BA7QL+RwqNNtAMZKcxPjhy5I23nVclbTCz/NC2Dgp8H
-13uQsEpUZ65clgiTo4LuPzPiIouZh5cBWP4gGqbyyS4=
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/README.md
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/README.md
@ -1,11 +0,0 @@
-1. To generate 5min-rsa.pem and 5min-rsa-key.pem
-```
-$ GOPATH/bin/cfssl gencert -initca ca_csr_rsa.json | GOPATH/bin/cfssljson -bare 5min-rsa
-```
-2. To generate 5min-ecdsa.pem and 5min-ecdsa-key.pem
-```
-$ GOPATH/bin/cfssl gencert -initca ca_csr_ecdsa.json | GOPATH/bin/cfssljson -bare 5min-ecdsa
-```
-
-The above commands will generate 5min-rsa.csr and 5min-ecdsa.csr as well, but those
-files can be ignored.
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_ecdsa.json
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_ecdsa.json
@ -1,18 +0,0 @@
-{
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-    {
-    "C": "US",
-    "L": "San Francisco",
-    "ST": "California",
-    "O": "CloudFlare, Inc.",
-    "OU": "Test Certificate Authority"
-    }
-  ],
-  "ca": {
-    "expiry": "5m"
-  }
-}
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_rsa.json
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_rsa.json
@ -1,18 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-    "C": "US",
-    "L": "San Francisco",
-    "ST": "California",
-    "O": "CloudFlare, Inc.",
-    "OU": "Test Certificate Authority"
-    }
-  ],
-  "ca": {
-    "expiry": "5m"
-  }
-}
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa256.csr
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa256.csr
@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
-z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
-PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
-d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
-cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
-VLcv28Q=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa384.csr
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa384.csr
@ -1,12 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBvzCCAUUCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBk/Q+zMsZOJGkufRzGCWtSUtRjq
-0QqChDGWbHLaa0h6ODVeEoKYOMvFJTg4V186tuuBe97KEey0OPDegzCBp5kBIiwg
-HB/0xWoKdnfdRk6VyjmubPx399cGoZn8aCqgC6A/MD0GCSqGSIb3DQEJDjEwMC4w
-LAYDVR0RBCUwI4IOY2xvdWRmbGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAoG
-CCqGSM49BAMDA2gAMGUCMQC57VfwMXDyL5kM7vmO2ynbpgSAuFZT6Yd3C3NnV2jz
-Biozw3eqIDXqCb2LI09stZMCMGIwCuVARr2IRctxf7AmX7/O2SIaIhCpMFKRedQ7
-RiWGZIucp5r6AfT9381PB29bHA==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa521.csr
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa521.csr
@ -1,13 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICCjCCAWsCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAHt/s9KTZETzu94JIAjZ3BaS
-toSG65hGIc1e0Gt7PhdQxPp5FP2D8rQ1wc+pcZhD2O8525kPxopaqTd+fWKBuD3O
-AULzoH2OX+atIuumTQzLNbTsIbP0tY3dh7d8LItuERkZn1NfsNl3z6bnNAaR137m
-f4aWv49ImbA/Tkv8VmoKX279oD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAj
-gg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xvdWRmbGFyZS5jb20wCgYIKoZIzj0EAwQD
-gYwAMIGIAkIA8OX9LxWOVnyfB25DFBz6JkjhyDpBM/PXlgLnWb/n2mEuMMB44DOG
-pljDV768PSW11AC3DtULoIyR92z0TyLEKYoCQgHdGd6PwUtDW5mrAMJQDgebjsxu
-MwfcdthzKlFlSmRpHMBnRMOJjlg5f9CTBg9d6wEdv7ZIrQSO6eqQHDQRM0VMnw==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/rsa2048.csr
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/rsa2048.csr
@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
-WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
-f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
-A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
-C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
-+anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
-OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
-bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
-gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
-AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
-iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
-QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
-anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
-cJZNboDRsItpccZuRQ==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/rsa3072.csr
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/rsa3072.csr
@ -1,24 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIECTCCAnMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL0zzgBv+VTwZOPy
-LtuLFweQrj5Lfrje2hnNB7Y3TD4+yCM/cA4yTILixCe/B+N7LQysJgVDbW8u6BZQ
-8ZqeDKOP6KCt37WhmcbT45tLpHmH+Z/uAnCz0hVc/7AyJ3CJXo6PaDCcJjgLuUun
-W47iy4h79AxyuzELmUeZZGYcO8nqClqcnAzQ6sClGZvJwSbYg2QAFGoA2lHqZ9uN
-ygAxNLd+rX9cP+yFwAeKzuKtOnVPiJD5lT3wufSkAbd6M7lOoqmTYnbv0A1WfA/e
-upXno9lbgB6iwF5U0V7OtxdA1bTbvgJgNLlxFF1do0sB28CWmqCFNwLfzcPzt5A4
-gLnOyLhNZOmUMXn35KOtp1Zv/yethlgZHxUYGcl6OYwMEFye3Du6dgnTwONzaLhA
-7hMI8R60p2YrTLkgSKdFohAY/mKuxHyXxugOHHthlRCOn9m49edcdZ1HrkJXm9jd
-P9katjCXgTwSdTQlvaMJkfH7wF3ZMjAxPcDf4RKFEpF2wABeNQIDAQABoD8wPQYJ
-KoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjgg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xv
-dWRmbGFyZS5jb20wCwYJKoZIhvcNAQEMA4IBgQBF/RCHNAAOAaRI4VyO0tRPA5Dw
-0/1/pgmBm/VejHIwDJnMFCl9njh0RSo1RgsVLhw6ovYbk3ORb4OD4UczPTq3GrFp
-KP9uPR+2pR4FWJpCVfCl76YabQv6fUDdiT7ojzyRhsAmkd5rOdiMvWV3Rp+YmBuU
-KH/dwkukfn+OeJIbERS5unzOBtQL+g5dU4CHWAqJQIqHr373w38OlYN+JY9QLrYy
-sWU9Ye6RjdySXPJ5UzyfOEfc9Ji89RJsVeceB1+As5u5vBvtzGgIMSFUzN947RZo
-DZ48JiB71VpmKXbn9LIRn25dlbVMzxRdSeZ194L3JFVAf9OxJTsc1QNFhOacoFgy
-hqvtN2iKntEyPo2nacYhpz/FAdJ2JThNH+4WtpPWAqx8Lw/e1OttiDt+6M0FEuVz
-svkSHnK206yo+a9Md37nUDDYxtlJEB+9F2qUZNQ7Hv+dxjmJOIgHOXxy1pLEdpVU
-rGdGLVXeJNPCh9x+GK21QjdxZABmYAaF8k36Pv4=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/initca/testdata/rsa4096.csr
+++ b/vendor/github.com/cloudflare/cfssl/initca/testdata/rsa4096.csr
@ -1,29 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIFCTCCAvMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkKL22jMn3eFCpj
-T6lbeq4nC3aEqwTGrLARidAmO29WIhzs6LxRpM6xSMoPI6DvJVUGpMFEKF4xNTc5
-X9/gSFrw2eI5Q3U3aGcaToSCxH4hXejwIzX8Ftlb/LfpXhbSsFr5MS3kiTY4zZxM
-n3dSy2gZljD/g0tlQf5BdHdR4WKRhWnqRiGng+BmW4rjbcO7SoN33jSXsMcguCg5
-8dmYuf5G5KVXsqwEoCQBeKGnca9orcm4i90VnGt4qZUpfAn1cADzYGpRzX79USJ6
-tol4ovgGPN08LJFqcVl+dK8VzJ03JWBhI1jePbWS4Bz5oNtkhQQXilU+G6FQxc6a
-UPf6KcFyOB+qMJmEwJZD9yaNK1YbsKfSztQEsb1JEezQnVHxp91Ch3AcWoikuOiY
-yCg0V5lcK15SLv1+5sj9YzF7ngMmThcIJ6B5gS3swpD5AX6FJaI1BrGwT/RXKKQP
-tRX1BySLx8RcINjFb5wv3q9QIE8vrW1BOk9f4dfmxiFYnc+6bCCbIrg7APQVtKTa
-ixNJFSqZz7fm9loeNPHHXfUT5RoW5yzVa8igc+yv4qeYsWHcZ4c/Y91OJp19HMjM
-bYm2alt8XagBgJjO0FW8wvsKwhhlhWK0WO6sQ7Fkl7fH1GtxEpc248hAW24SZMmS
-led3LblCT8IC3a9BLhqJ2q8cfPp9AgMBAAGgPzA9BgkqhkiG9w0BCQ4xMDAuMCwG
-A1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3d3djbG91ZGZsYXJlLmNvbTALBgkq
-hkiG9w0BAQ0DggIBAAgz3NuN43+F+8+WhQ9hb7DOp6Amut7XubOkEBtBVgP3R8U1
-uSsgocR1rvnZ1/bhkeGyTly0eQPhcSEdMo/GgIrcn+co0KLcDyV6Rf3Cgksx9dUZ
-TzHSkxmFkxlxYfIGes6abH+2OPiacwK2gLvvmXFYIxEhv+LKzzteQi0xlinewv7R
-FnSykZ4QialsFyCgOjOxa11aEdRv6T8qKwhjUOk0VedtzOkt/k95aydTNLjXl2OV
-jloeTsbB00yWIqdyhG12+TgcJOa0pNP1zTjgFPodMuRUuiAcbT7Mt7sLCefKNzvZ
-Ln6b4y7e6N3YLOHALTIP+LI4y8ar47WlXCNw/zeOM2sW8udjYrukN6WOV3X68oMf
-Zsv6jqyGSaCDwdImR4VECUVvkabg9Sq4pz+ijTT+9cNA66omYL+/QAh0GahlROgW
-kDGI8zeEUoAC8RkAbFGMJA8jEbAfbT000ZwnLX2SZ8YRQX4Jd1FTmAH99FkvvT8N
-ovaGRSQQI5rWQGQYqF67So7PywEaEXeUHTBrv41Msva6CdaWHn7bh/fj4B21ETS7
-VJvrk5DLJTyruqon7EVJU1pn38ppaXF4Z6a9n3C8TqudT/gdJUYn/SBo5jx20uGJ
-d9k6vDqixntvk/TRZ848k1AXiv5uUJTdnoPPhzSGjxEaeKuB0R1ZHomVdjU4
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/log/log_test.go
+++ b/vendor/github.com/cloudflare/cfssl/log/log_test.go
@ -1,186 +0,0 @@
-package log
-
-import (
-	"bytes"
-	"log"
-	"strings"
-	"testing"
-)
-
-const teststring = "asdf123"
-
-func TestOutputf(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Level = LevelDebug
-	outputf(LevelDebug, teststring, nil)
-
-	// outputf correctly prints string
-	if !strings.Contains(buf.String(), teststring) {
-		t.Fail()
-	}
-	return
-}
-
-func TestOutput(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Level = LevelDebug
-	output(LevelDebug, nil)
-
-	// outputf correctly prints string with proper Debug prefix
-	if !strings.Contains(buf.String(), levelPrefix[LevelDebug]) {
-		t.Fail()
-	}
-	return
-}
-
-func TestCriticalf(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Criticalf(teststring, nil)
-
-	// outputf correctly prints string
-	// should never fail because critical > debug
-	if !strings.Contains(buf.String(), teststring) {
-		t.Fail()
-	}
-	return
-}
-
-func TestCritical(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Critical(nil)
-
-	// outputf correctly prints string
-	if !strings.Contains(buf.String(), levelPrefix[LevelCritical]) {
-		t.Fail()
-	}
-	return
-}
-
-func TestWarningf(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Warningf(teststring, nil)
-
-	// outputf correctly prints string
-	// should never fail because fatal critical > debug
-	if !strings.Contains(buf.String(), teststring) {
-		t.Fail()
-	}
-	return
-}
-
-func TestWarning(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Warning(nil)
-
-	// outputf correctly prints string
-	if !strings.Contains(buf.String(), levelPrefix[LevelWarning]) {
-		t.Fail()
-	}
-	return
-}
-
-func TestInfof(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Infof(teststring, nil)
-
-	// outputf correctly prints string
-	// should never fail because fatal info > debug
-	if !strings.Contains(buf.String(), teststring) {
-		t.Fail()
-	}
-	return
-}
-
-func TestInfo(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Info(nil)
-
-	// outputf correctly prints string
-	if !strings.Contains(buf.String(), levelPrefix[LevelInfo]) {
-		t.Fail()
-	}
-	return
-}
-
-func TestDebugf(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Level = LevelDebug
-	Debugf(teststring, nil)
-
-	// outputf correctly prints string
-	// should never fail because fatal debug >= debug
-	if !strings.Contains(buf.String(), teststring) {
-		t.Fail()
-	}
-	return
-}
-
-func TestDebug(t *testing.T) {
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	Level = LevelDebug
-	Debug(nil)
-
-	// outputf correctly prints string
-	if !strings.Contains(buf.String(), levelPrefix[LevelDebug]) {
-		t.Fail()
-	}
-	return
-}
-
-type testSyslogger struct {
-	*bytes.Buffer
-}
-
-func (l testSyslogger) Debug(s string) {
-	l.WriteString("[DEBUG] ")
-	_, _ = l.WriteString(s)
-}
-
-func (l testSyslogger) Info(s string) {
-	l.WriteString("[INFO] ")
-	_, _ = l.WriteString(s)
-}
-
-func (l testSyslogger) Warning(s string) {
-	l.WriteString("[WARN] ")
-	_, _ = l.WriteString(s)
-}
-
-func (l testSyslogger) Err(s string) {
-	l.WriteString("[ERROR] ")
-	_, _ = l.WriteString(s)
-}
-
-func (l testSyslogger) Crit(s string) {
-	l.WriteString("[CRIT] ")
-	_, _ = l.WriteString(s)
-}
-
-func (l testSyslogger) Emerg(s string) {
-	l.WriteString("[FATAL] ")
-	_, _ = l.WriteString(s)
-}
-
-func TestSetLogger(t *testing.T) {
-	buf := new(bytes.Buffer)
-	SetLogger(testSyslogger{buf})
-	Level = LevelDebug
-	outputf(LevelDebug, teststring, nil)
-
-	// outputf correctly prints string
-	if !strings.Contains(buf.String(), teststring) {
-		t.Fail()
-	}
-	SetLogger(nil)
-	return
-}
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/ca-key.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/ca-key.pem
@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAvKOCXwP8Y6x1YkjcimQafnP1bRCF/iWY+z4ffuTWA150RRpA
-GnhwOen8muU5wxOEm1A2IkWhNfXQ9GYVdOnzXumTx9Go4Gm8/1nRCYG69GZbQAEr
-pNGx/l4wReLVj2iizCf/xkcch5ZM/5zplXWZXCQiavmKz6M+1aSYdsGP0mrLu31c
-yod2iJmlISt+nuP5yXkgoKxzGrKjP5qrs6XniVXrKMt+5g1Ta5blWUoft2pwM6yp
-8+IAtxh+iYTIJc8dDHbVl9AjVfsfaYeS8SkHcIRyIuD8/3HgLmP/gMLDzuLXvH+W
-slOEYqLGMkSo2JPOwLguggDyjt1rI2cEcFkgJwIDAQABAoIBAQCTAZW6+D87ag28
-f22nR+XBwBp2WVcivSggO8SNvkXuMDDKHW/xcQR8jZW3HIZMOSyxYOwe/0Zn595k
-aB22lA9+Wuc45HIIGT8ZfGREVV5d0lqwYXkio+xjgAF8pQ6rCO89zLouSgK4w2/U
-D/OU7yWJwfs0hK4hrGVuVywd+DBd2Fc7UfZ4oEcy89mwUIRVK8+eXrRCav6lGDrz
-I+GmW6GL16U8lS8vsUNciYyNYCzgSIIa/yyiZO/Aje93yJRVpmujAK2p6/w/7vmK
-OareeixlpNYpiY7Nk6o3w6sKEEVzf+AquDgeH5IkzD1nkYbd+JY7bdg1cgjz3kJg
-IhsiIER5AoGBAOkZpicTIsiAMxz43bzMt1IMYu1ezAEw4Vk2sVEbSfFXdbO5J9gW
-/Ou+AhwxhsDeO6vgh3mYkG+2s5U+ztk68X1BVIf87kYBQiz175XvxcLmDBFm5S6g
-eyTCwsop9J4XlgQQ5HNm80G9oHnF50oujCqpUiC5xj5fEd8vULmua5jTAoGBAM8r
-rTTpVBHKArDlzYF5EpyXDkcFT2uAgw9Xpc6xIl/UWQ+XU1qD5Te0fmjpdwo3VZTL
-W2e8eg0U9O2skrxBcRLREnh1U2znCMSIGTkwYQ2JDjhz2Jjbh8r/NhvSdydql9wQ
-LGyPOIpcURaD+ohOExF82EtEqWgNp4QfQHH70cbdAoGAPBoy7yxN8aishTHd6opW
-Uj+DWnTw4PW7hQdHHQSOQj4syRRao6r5t8ccQCy89AnZFO4lwEKIK2XOVBMHvpcm
-IQexRgb/YOl+KJ2ZEu3p7eDnB62iNi2G0ums0/eRbRnjwlSgsui+nBrKv9s5UbVC
-ytUxqeJ8rSRSNVu70sSYVaUCgYALYUrSbT7A+2fKb9UqF4x+LY4LOK90KEsKvLXO
-9Mv+l5uMz7M0dapRtQh8mtZ/KSr6UXFj8WaC8XPC2of072NWtUVeeJNsmARTR2ab
-TZ0HMVAmqbZsLyL2c651OMpyz9gnrnvCOtvQPeH2aqmIc0F45HK9L7hejuF00IKp
-wDt1wQKBgQC8sjlF/8e03m3AfLs2ZW/w0Rsggz52TgBdH24BMUmvd5McVZlH8uZq
-zwx5ht3ppVjObG28JPEj8c/FtAmsUjURDD7EVdjb5bDxrMtH++8sHrXUuMMBeUxl
-DN2IU+xL9MwMh5H0cyJbXnE+LWGpSefCccDnH5qlEjwNXE5/RggOrw==
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/ca.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/ca.pem
@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDvjCCAqigAwIBAgIIWhorb65IXvUwCwYJKoZIhvcNAQELMG0xCzAJBgNVBAYT
-AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
-ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
-bmlhMB4XDTE1MDQxOTE2MTAwMFoXDTIwMDQxNzE2MTAwMFowbTELMAkGA1UEBhMC
-VVMxEzARBgNVBAoTCkNsb3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5l
-ZXJpbmcxFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3Ju
-aWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8o4JfA/xjrHViSNyK
-ZBp+c/VtEIX+JZj7Ph9+5NYDXnRFGkAaeHA56fya5TnDE4SbUDYiRaE19dD0ZhV0
-6fNe6ZPH0ajgabz/WdEJgbr0ZltAASuk0bH+XjBF4tWPaKLMJ//GRxyHlkz/nOmV
-dZlcJCJq+YrPoz7VpJh2wY/Sasu7fVzKh3aImaUhK36e4/nJeSCgrHMasqM/mquz
-peeJVesoy37mDVNrluVZSh+3anAzrKnz4gC3GH6JhMglzx0MdtWX0CNV+x9ph5Lx
-KQdwhHIi4Pz/ceAuY/+AwsPO4te8f5ayU4RiosYyRKjYk87AuC6CAPKO3WsjZwRw
-WSAnAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEC
-MB0GA1UdDgQWBBSrzjPP4Y5PLsqeyp6iddofBjoRmTAfBgNVHSMEGDAWgBSrzjPP
-4Y5PLsqeyp6iddofBjoRmTALBgkqhkiG9w0BAQsDggEBAH7McpSm7+DeIZPQKYpF
-kFUlNn3N4MRvek5lxOw6jLE1QmzG3lTB79g6iBiGKsYLPoJqNS6VxMoLrMC+qFhM
-0QM5eIzRpdfYa83IDIYcbUYx7fLG/azX+FMFh/O5yPtS+bqbxGinxofRIyuKGs9r
-dks6I5lGncRs0Liysp4mHJAjyj9G2W2onI3Y00BYhiOy4mYvZ5/S31KI4550HZ+p
-dnexuC29CsWGkOTXTOS7+e7Zmbh8UjsYcA5YOojew+EjJfETPVO+Pn7WGg/+XrFX
-8UOG3o9k8M0ePQof4R6FTJ+BQxtSkWWdp1HrMQbZ1TXfZx84XkmFdcmy8FjYiHbP
-M+M=
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/cert.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/cert.pem
@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID4TCCAsugAwIBAgIIEoDcqfKl/s4wCwYJKoZIhvcNAQELMG0xCzAJBgNVBAYT
-AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
-ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
-bmlhMB4XDTE1MDQxOTE2MTkwMFoXDTE2MDQxODE2MTkwMFowXTELMAkGA1UEBhMC
-VVMxEDAOBgNVBAoTB0V4YW1wbGUxDzANBgNVBAsTBlRoaW5nczEWMBQGA1UEBxMN
-U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAK7jUnRUeD5QY9YPjbW6aiGkVWRWAebi4nZl++C+
-HEBHSyB0jXX+J93y97PuhgeguCuMM6KZU7C0tPZKjwdxBSqpXeyFpvcj+UWMjZjz
-9FrBAzZ1DIYquqfYuKUtavoFv29IomRqzyZ4FrMJ2qy0RudnWMTqn4P6/7DrWos+
-oJMCpl/mdWl+YXMXypgW5JwM7ladx8GkEKQwGMtXrG9pop7qS6LNikN76tLPYWjR
-DhrWLBe8gCGjuXkwvxw78CeeJNyWF+P/+x4lVsWphip3jX57SUx/bjaRjsWSfpMz
-xHueHtuCrGffgCkFzYH1/Z60FZNxuHYqJeL4V3gcR8IIaZECAwEAAaOBmDCBlTAO
-BgNVHQ8BAf8EBAMCAKAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
-A1UdEwEB/wQCMAAwHQYDVR0OBBYEFBnFrxc1gkG2CYImTYKL0DAaGxRBMB8GA1Ud
-IwQYMBaAFKvOM8/hjk8uyp7KnqJ12h8GOhGZMBYGA1UdEQQPMA2CC2V4YW1wbGUu
-Y29tMAsGCSqGSIb3DQEBCwOCAQEAX31Jk7R9gDMw/gepIxxeKx9m+c7eOYDxjJ12
-bfXQVKNNPLZsO9M9r2/0BCTFsNTF2jh6ZTeIf7qy+Jw08YqTcO5m8jhiGzCjOYu5
-tiGxCUe+cYjXcCRk83+XGkVrQm3fQ0cVtic0yfm/fez3iv915jH0GYO5X8/d7bKa
-0kWJ3uOjur6tenfnisypEsuYYjPRcQdXSG6/qgHEc4r279Z2ltjy1bFFr86hHUbj
-DX7XNWH/MXFgqLzfQm5VzmqBj9om+0/tgTWdkgI1DK/Hnvm9A4YZfaxh4fxv7ITo
-Ce8FWW13Wj55x64peb8ZiW1jUyoaJQcxQxFpRHIVu26nXApWtg==
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/db-config.json
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/db-config.json
@ -1 +0,0 @@
-{"driver":"sqlite3","data_source":"sqlite_test.db"}
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/resp64.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/resp64.pem
@ -1,2 +0,0 @@
-MIIFCAoBAKCCBQEwggT9BgkrBgEFBQcwAQEEggTuMIIE6jCBrKADAgEAoS0wKzEpMCcGA1UEAwwgY2Fja2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QYDzIwMTUxMDIxMjEyNjAwWjBlMGMwOzAJBgUrDgMCGgUABBSwLsMRhyg1dJUwnXWk++D57lvgagQU6aQ/7p6l5vLV13lgPJOmLiSOl6oCAhJNgAAYDzIwMTUwOTAxMDAwMDAwWqARGA8yMDE0MDEwMTAwMDAwMFowDQYJKoZIhvcNAQELBQADggEBAHlFcNKa7mZDJeWzJt1S45kx4gDqOLzyeZzflFbSjsrHRrLA7Y3RKoy0i4Y9Vi6Jfhe7xj6dgDMJy1Z1qayI/Q8QvnaU6V2kFcnaD7pah9uALu2xNYMJPllq8KsQYvDLa1E2PMvQTqDhY2/QrIuxw3jkqtzeI5aG0idFm3aF1z/v3dt6XPWjE8IlAJfXY4CeUorLvA+mK2YHJ3V7MSgymVXZdyth1rg0/0cP9v77Rlb8hmWA/EUMcIPKQqErVQK+gZiVC0SfElaMO25CD9cjY+fd904oC5+ahvhHXxOSEbXVZBT1FY2teFCKEpx86gAVcZWpGmVwJO+dpsrkgwpN786gggMjMIIDHzCCAxswggIDoAMCAQICCQDNMc/iNkPNdTANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDDCBjYWNrbGluZyBjcnlwdG9ncmFwaGVyIGZha2UgUk9PVDAeFw0xNTEwMjEyMDExNTJaFw0yMDEwMTkyMDExNTJaMCsxKTAnBgNVBAMMIGNhY2tsaW5nIGNyeXB0b2dyYXBoZXIgZmFrZSBST09UMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+TbvalHXQYO6GhJUJZI5mF2k4+nZDIvqWyrjw+2k9+UAcekuLKPpSclu9aBRvUggw3XFHAW95qW6Dv2+5gvinUmTq9Ry7kVTUYAxyZu1ydHt+wDETmFJfeY6/fpBHHIsuGLItqpUGmr8D6LROGEqfFY2B9+08O7Zs+FufDRgLHWEvLTdpPkrzeDJs9Oo6g38jfT9b4+9Ahs+FvvwqneAkbeZgBC2NWKB+drMuNBTPbF/W1a8czAzHeOs6qy0dBlTHNjL62/o9cRKNiKe3IqwHJdd01V1aLSUgIbe2HrP9EC1djnUXWR3jx3ursaKt7PTKsC52UJkRqnai80MzQj0WwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU6aQ/7p6l5vLV13lgPJOmLiSOl6owDQYJKoZIhvcNAQELBQADggEBACuwILDTvaBrdorv2zMsYnZuKvXtknWAf/DTcvF4N5PMOPBNkeHuGfv0VDe6VXpBHiU5G9E2RdU435W7o0kRSn27YcqrxaXGt9m2kArW6e49136+MnFx47jjk0p4T48s6MeaL5JVLJzxYouu1ZOZqlVokwNPO+8bxn6ALumIVUOD1jSBN7Y9pgLUS2rzO5pe5pxS2Ak/eO7Q7M21r1sEuG/uPuWqBFogk+4Z9omKVZdRDbzm9vYUATgEZdlTe2tct3BVBQ2zWbe0R2svIuCs8XzERykvfv1JawxI68I9vN0Dh9vj/xDM6udorfALlhjgQdftmbHovRLpJ1ZSOMIUNGY=
-MIIFCAoBAKCCBQEwggT9BgkrBgEFBQcwAQEEggTuMIIE6jCBrKADAgEAoS0wKzEpMCcGA1UEAwwgY2Fja2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QYDzIwMTUxMDIxMjA1NTAwWjBlMGMwOzAJBgUrDgMCGgUABBSwLsMRhyg1dJUwnXWk++D57lvgagQU6aQ/7p6l5vLV13lgPJOmLiSOl6oCAhJNgAAYDzIwMTUxMDIwMDAwMDAwWqARGA8yMDMwMTAyMDAwMDAwMFowDQYJKoZIhvcNAQELBQADggEBAFgnZ/Ft1LTDYPwPlecOtLykgwS4HZTelUaSi841nq/tgfLM11G3D1AUXAT2V2jxiG+0YTxzkWd5v44KJGB9Mm+qjafPMKR3ULjQkJHJ8goFHpWkUtLrIYurj8N+4HpwZ+RJccieuZIX8SMeSWRq5w83okWZPGoUrl6GRdQDteE7imrNkBa35zrzUWozPqY8k90ttKfhZHRXNCJe8YbVfJRDh0vVZABzlfHeW8V+ie15HPVDx/M341KC3tBMM88e5/bt3sLyUU8SwxGH5nOe/ohVpjhkjk2Pz4TPdwD2ZK5Auc09VBfivdLYRE84BMhd8/yOEt53VWGPIMxWUVtrUyegggMjMIIDHzCCAxswggIDoAMCAQICCQDNMc/iNkPNdTANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDDCBjYWNrbGluZyBjcnlwdG9ncmFwaGVyIGZha2UgUk9PVDAeFw0xNTEwMjEyMDExNTJaFw0yMDEwMTkyMDExNTJaMCsxKTAnBgNVBAMMIGNhY2tsaW5nIGNyeXB0b2dyYXBoZXIgZmFrZSBST09UMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+TbvalHXQYO6GhJUJZI5mF2k4+nZDIvqWyrjw+2k9+UAcekuLKPpSclu9aBRvUggw3XFHAW95qW6Dv2+5gvinUmTq9Ry7kVTUYAxyZu1ydHt+wDETmFJfeY6/fpBHHIsuGLItqpUGmr8D6LROGEqfFY2B9+08O7Zs+FufDRgLHWEvLTdpPkrzeDJs9Oo6g38jfT9b4+9Ahs+FvvwqneAkbeZgBC2NWKB+drMuNBTPbF/W1a8czAzHeOs6qy0dBlTHNjL62/o9cRKNiKe3IqwHJdd01V1aLSUgIbe2HrP9EC1djnUXWR3jx3ursaKt7PTKsC52UJkRqnai80MzQj0WwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU6aQ/7p6l5vLV13lgPJOmLiSOl6owDQYJKoZIhvcNAQELBQADggEBACuwILDTvaBrdorv2zMsYnZuKvXtknWAf/DTcvF4N5PMOPBNkeHuGfv0VDe6VXpBHiU5G9E2RdU435W7o0kRSn27YcqrxaXGt9m2kArW6e49136+MnFx47jjk0p4T48s6MeaL5JVLJzxYouu1ZOZqlVokwNPO+8bxn6ALumIVUOD1jSBN7Y9pgLUS2rzO5pe5pxS2Ak/eO7Q7M21r1sEuG/uPuWqBFogk+4Z9omKVZdRDbzm9vYUATgEZdlTe2tct3BVBQ2zWbe0R2svIuCs8XzERykvfv1JawxI68I9vN0Dh9vj/xDM6udorfALlhjgQdftmbHovRLpJ1ZSOMIUNGY=
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/response.der
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/response.der
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/response_broken.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/response_broken.pem
@ -1 +0,0 @@
-MIICGAoBAKCCAhEwggINBgkrBgEFBQcwAQEEggH+OZ4ZSKS2J85Kr9UaI2LAEFKvOM8/hjk8uyp7KnqJ12h8GOhGZAgIBdaADAQH/GA8wMDAxMDEwMTAwMDAwMFqgERgPMDAwMTAxMDEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQCBGs+8UNwUdkEBladnajZIV+sHtmao/mMTIvpyPqnmV2Ab9KfNWlSDSDuMtZYKS4VsEwtbZ+4kKWI8DugE6egjP3o64R7VP2aqrh41IORwccLGVsexILBpxg4h602JbhXM0sxgXoh5WAt9f1oy6PsHAt/XAuJGSo7yMNv3nHKNFwjExmZt21sNLYlWlljjtX92rlo/mBTWKO0js4YRNyeNQhchARbn9oL18jW0yAVqB9a8rees+EippbTfoktFf0cIhnmkiknPZSZ+dN2qHkxiXIujWlymZzUZcqRTNtrmmhlOdt35QSg7Vw8eyw2rl8ZU94zaI5DPWn1QYn0dk7l9
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/response_mix.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/response_mix.pem
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server.crt
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server.crt
@ -1,13 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
-nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
-w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
-KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
-AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
-iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
-+LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server.key
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server.key
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EHLrhl
-dUETuSEoY7ZyczxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40Reip3
-MtQM86LHWoMNEG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QIDAQAB
-AoGAVxnsPojZ8X4g8LPk3d9dlXGhb/4tSmk9102jcHH/Y5ssy95Pe6ZJGr1uwbN+
-7m1l05PikpHeoxEryoW51cyfjDVkXUT0zPp2JC38DUA/0A8qWav/aENM64wg1I0P
-Dil8FywzZEonRNJst53+9cxFye70ely5br/tWxEp4/MsM1kCQQDqV4Lwn8BXOeKg
-xOwNmcL+0XPedvSPBSPUoGJCzu12rH6Z+UHXipXsqRNSyQ+KGlur14y0kCh5uiVA
-jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
-hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
-BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
-vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
-Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
-OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server_broken.crt
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server_broken.crt
@ -1,9 +0,0 @@
-----BEGIN CERTIFICATE-----
-IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
-nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
-w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
-KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
-AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
-iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
-+LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server_broken.key
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/server_broken.key
@ -1,8 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
-hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
-BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
-vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
-Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
-OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/sqlite_ca.pem
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/sqlite_ca.pem
@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDqjCCApKgAwIBAgIUFqT7NscPhQ5kfZTYNhWTKXVekrswDQYJKoZIhvcNAQEL
-BQAwbTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMQ8wDQYDVQQHEwZJ
-dGhhY2ExLDAqBgNVBAoTI1RoZSBCZXN0IE9wZW4tU291cmNlIEhhY2thdGhvbiBU
-ZWFtMQwwCgYDVQQLEwNXV1cwHhcNMTcwMjExMTQxMDAwWhcNMjIwMjEwMTQxMDAw
-WjBtMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxDzANBgNVBAcTBkl0
-aGFjYTEsMCoGA1UEChMjVGhlIEJlc3QgT3Blbi1Tb3VyY2UgSGFja2F0aG9uIFRl
-YW0xDDAKBgNVBAsTA1dXVzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ANR66Ky8dBV2FVyDOGXFM4bF63EJxI7PgCKg8yiJsYihwo5wsABpiI66offWsJNV
-rRKT8QhGohm4V1B/MOpdb3slOYVFXAInjoKyClPYDK3GMkJ8mo6mFysm3q/JqlEl
-KjvVIb8Yq7cgPAj/MOb4rBJu5+c3sM37CwpUbxCTdPiuVMGYDjVKauloJfTir0HQ
-RMwREsO6fyzSia4qvfj4ljWGzPtEVrRmzs7LguLr3DkUjXMSq7AI3L+oUdiYR6kV
-c3rLucMQKRCNGMcU3T8Sq9Pwt2sUeAFNqcXk9E1FqesYwFoEejStU24wpTd4ah0g
-tL1LyoEYG6etUehrxlRlMJsCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
-EwEB/wQFMAMBAf8wHQYDVR0OBBYEFANQ4+9iVQzAZdHhb0fNXtrb3krdMA0GCSqG
-SIb3DQEBCwUAA4IBAQA4SKVpdJj40xaeyVkHWtrY4O8wB2J7Z6rsUf9jlEySeQaH
-GWI4LUOKjrU0u/NtuvTybDHyfc1VrdgZmfaukE35VyQ1+xWa/47Q7KISSCH1x0cF
-L+WdJqKHD0q/tR2uz/fw9AUlV1LkBEeAZclhPxCLv32gLExQrNCBVa7c9Xkq1muB
-o0ootJF9sTZopqnsMldvMBWOl/9cb2dxPKu3AcNpCm28wt+rwqHIu+Fna9Fe/n+y
-SmWTaP3l/eiLskFUvmHKSUVwTEPC6kbK9rxKPz7ijQ3h/YuWxxz32L2CpsOfekgT
-7jER0Y/xxZq7XykdwZ1VKKfZGnsH8mU2rU335Gd1
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/ocsp/testdata/sqlite_test.db
+++ b/vendor/github.com/cloudflare/cfssl/ocsp/testdata/sqlite_test.db
--- a/vendor/github.com/cloudflare/cfssl/signer/local/local_test.go
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/local_test.go
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/build_inter_pathlen_csrs.sh
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/build_inter_pathlen_csrs.sh
@ -1,3 +0,0 @@
-echo '{ "CN": "Pathlen 0 Issuer", "ca": { "pathlen": 0, "pathlenzero": true } }' | cfssl genkey -initca - | cfssljson -bare inter_pathlen_0
-echo '{ "CN": "Pathlen 1 Issuer", "ca": { "pathlen": 1 } }' | cfssl genkey -initca - | cfssljson -bare inter_pathlen_1
-echo '{ "CN": "Pathlen Unspecified", "ca": {} }' | cfssl genkey -initca - | cfssljson -bare inter_pathlen_unspecified
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ca.pem
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ca.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIEmzCCA4OgAwIBAgIMAMSvNBgypwaaSQ5iMA0GCSqGSIb3DQEBBQUAMIGMMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVT
-VCBSb290IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTIx
-MjEyMDIxMDMxWhcNMjIxMDIxMDIxMDMxWjCBjDELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoT
-CkNGU1NMIFRFU1QxGzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqG
-SIb3DQEJARYPdGVzdEB0ZXN0LmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAsRp1xSfIDoD/40Bo4Hls3sFn4dav5NgxbZGpVyGF7dJI9u0eEnL4
-BUGssPaUFLWC83CZxujUEiEfE0oKX+uOhhGv3+j5xSTNM764m2eSiN53cdZtK05d
-hwq9uS8LtjKOQeN1mQ5qmiqxBMdjkKgMsVw5lMCgoYKo57kaKFyXzdpNVDzqw+pt
-HWmuNtDQjK3qT5Ma06mYPmIGYhIZYLY7oJGg9ZEaNR0GIw4zIT5JRsNiaSb5wTLw
-aa0n/4vLJyVjLJcYmJBvZWj8g+taK+C4INu/jGux+bmsC9hq14tbOaTNAn/NE0qN
-8oHwcRBEqfOdEYdZkxI5NWPiKNW/Q+AeXQIDAQABo4H6MIH3MB0GA1UdDgQWBBS3
-0veEuqg51fusEM4p/YuWpBPsvTCBxAYDVR0jBIG8MIG5gBS30veEuqg51fusEM4p
-/YuWpBPsvaGBkqSBjzCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
-aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoTCkNGU1NMIFRFU1Qx
-GzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqGSIb3DQEJARYPdGVz
-dEB0ZXN0LmxvY2FsggwAxK80GDKnBppJDmIwDwYDVR0TBAgwBgEB/wIBADANBgkq
-hkiG9w0BAQUFAAOCAQEAJ7r1EZYDwed6rS0+YKHdkRGRQ5Rz6A9DIVBPXrSMAGj3
-F5EF2m/GJbhpVbnNJTVlgP9DDyabOZNxzdrCr4cHMkYYnocDdgAodnkw6GZ/GJTc
-depbVTR4TpihFNzeDEGJePrEwM1DouGswpu97jyuCYZ3z1a60+a+3C1GwWaJ7Aet
-Uqm+yLTUrMISsfnDPqJdM1NeqW3jiZ4IgcqJkieCCSpag9Xuzrp9q6rjmePvlQkv
-qz020JGg6VijJ+c6Tf5y0XqbAhkBTqYtVamu9gEth9utn12EhdNjTZMPKMjjgFUd
-H0N6yOEuQMl4ky7RxZBM0iPyeob6i4z2LEQilgv9MQ==
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ca_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ca_key.pem
@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxGnXFJ8gOgP/j
-QGjgeWzewWfh1q/k2DFtkalXIYXt0kj27R4ScvgFQayw9pQUtYLzcJnG6NQSIR8T
-Sgpf646GEa/f6PnFJM0zvribZ5KI3ndx1m0rTl2HCr25Lwu2Mo5B43WZDmqaKrEE
-x2OQqAyxXDmUwKChgqjnuRooXJfN2k1UPOrD6m0daa420NCMrepPkxrTqZg+YgZi
-EhlgtjugkaD1kRo1HQYjDjMhPklGw2JpJvnBMvBprSf/i8snJWMslxiYkG9laPyD
-61or4Lgg27+Ma7H5uawL2GrXi1s5pM0Cf80TSo3ygfBxEESp850Rh1mTEjk1Y+Io
-1b9D4B5dAgMBAAECggEAKHhjcSomDSptTwDo9mLI/h40HudwSlsc8GzYxZBjinUD
-N2n39T9QbeMUE1xFenX/9qFEgq+xxnLLJx1EQacSapCgIAqdCO/f9HMgvGJumdg8
-c0cMq1i9Bp7tu+OESZ5D48qWlOM2eQRIb08g8W11eRIaFmPuUPoKnuktkQuXpPJc
-YbS/+JuA8SDwe6sV0cMCQuS+iHFfeGwWCKrDUkhLwcL3waW3od2XFyOeFFWFhl0h
-HmM/mWKRuRdqR7hrmArTwFZVkB+o/1ywVYXIv+JQm0eNZ5PKLNJGL2f5oxbMR/JI
-AoK0bAlJmYaFp96h1KpbPwLEL/0hHSWA7sAyJIgQAQKBgQDaEAZor/w4ZUTekT1+
-cbId0yA+ikDXQOfXaNCSh9Pex+Psjd5zVVOqyVFJ29daRju3d7rmpN4Cm5V4h0l1
-/2ad207rjCAnpCHtaddJWNyJzF2IL2IaoCZQRp0k7zOjBGQpoWDTwBaEin5CCv3P
-kkdQkKz6FDP1xskHSLZr21/QCQKBgQDP6jXutEgGjf3yKpMFk/69EamJdon8clbt
-hl7cOyWtobnZhdOWVZPe00Oo3Jag2aWgFFsm3EtwnUCnR4d4+fXRKS2LkhfIUZcz
-cKy17Ileggdd8UGhL4RDrF/En9tJL86WcVkcoOrqLcGB2FLWrVhVpHFK74eLMCH/
-uc/+ioPItQKBgHYoDsD08s7AGMQcoNx90MyWVLduhFnegoFW+wUa8jOZzieka6/E
-wVQeR5yksZjpy3vLNYu6M83n7eLkM2rrm/fXGHlLcTTpm7SgEBZfPwivotKjEh5p
-PrlqucWEk082lutz1RqHz+u7e1Rfzk2F7nx6GDBdeBYpw03eGXJx6QW5AoGBAIJq
-4puyAEAET1fZNtHX7IGCk7sDXTi6LCbgE57HhzHr8V0t4fQ6CABMuvMwM1gATjEk
-s6yjoLqqGUUUzDipanViBAy5fiuManC868lN7zkWDTLzQ3ytBqVAee4na/DziP27
-ae9YTSLJwskE/alloLRP6zTbHUXE0n7LelmrX1DFAoGBAMFLl+Lu+WFgCHxBjn43
-rHpJbQZQmsFhAMhkN4hsj6dJfAGn2gRLRiVRAika+8QF65xMZiVQWUVSUZADWERi
-0SXGjzN1wYxO3Qzy3LYwws6fxFAq5lo79eb38yFT2lHdqK3x/QgiDSRVl+R6cExV
-xQB518/lp2eIeMpglWByDwJX
-----END PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256-inter.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256-inter.csr
@ -1,10 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBezCCASECAQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJl
-LWludGVyLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLgOKlWwIAIeURde
-yvDMhgfn6xPp1gn8oUeLmsniBm7I+j84IsVzUso8/MpjMZ9nB8lQUanhv3Kmqcyj
-HNj+iFegMjAwBgkqhkiG9w0BCQ4xIzAhMB8GA1UdEQQYMBaCFGNsb3VkZmxhcmUt
-aW50ZXIuY29tMAoGCCqGSM49BAMCA0gAMEUCIEJcy2mn2YyK8lVE+HHmr2OsmdbH
-4CLDVXFBwxke8ObqAiEAx/il1cDKvQ/I36b4XjBnOX2jcQ5oaCNPFFBE74WQ/ps=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256-inter.key
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256-inter.key
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEILbwI4u4bw+HtafMqFnrL7LOrqNEZH5rW5ygSrigfrVLoAoGCCqGSM49
-AwEHoUQDQgAEuA4qVbAgAh5RF17K8MyGB+frE+nWCfyhR4uayeIGbsj6PzgixXNS
-yjz8ymMxn2cHyVBRqeG/cqapzKMc2P6IVw==
-----END EC PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256.csr
@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
-z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
-PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
-d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
-cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
-VLcv28Q=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256_ca.pem
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256_ca.pem
@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDUzCCAj2gAwIBAgIIbjeSyheUvjYwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
-EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
-bzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVTVCBSb290
-IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTQwNTI0MDQ1
-MTQwWhcNMTUwNTI0MDQ1NjQwWjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNs
-b3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcT
-DVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExHDAaBgNVBAMTE2Ns
-b3VkZmxhcmUtbGVhZi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASMRv3x
-vcv4I5QF7we+23hES2waKDffBRhQMVVAOSIJcpb4JnzcVJiPJjNlMPbczi5vbzkQ
-K2kkjOP+okqQia3go4GGMIGDMA4GA1UdDwEB/wQEAwIABDAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU
-4t+cr91ma5IxOPeiezgN8W9FBNowHwYDVR0jBBgwFoAUt9L3hLqoOdX7rBDOKf2L
-lqQT7L0wCwYJKoZIhvcNAQELA4IBAQAWloyDhrcYFSaZjzb8+UKxnukPUzd7BGaX
-BvLktbN7hrX+z+ntA5UgXWo7uNgf2L3VwS0mVnRowwmrGV8Pbw9FX5WSisBQ+JJJ
-JC4ABYT2N7N+B488zKZuMZY8NmSR/ples0Suz3oArUn4ZBGxANyOR6haBbYfupDF
-LaCtAdQwZzNPfHAo2NsENSOlzGVhV0r1ZqalzkBf70K0KuAoLRbNG3Og17UeMb8K
-5sXa7WvubgZ7/D3lr//F56yJYyfTq8SWcIi4e9AUWY5qK+Sr+7W9/gSY3baaHxY9
-T9SO4O1ENFJ8ecWRPdsiBNCpl53qMuYW2lh72N35Iyug6qKFDYg5
-----END CERTIFICATE-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256_ca_key.pem
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa256_ca_key.pem
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIC2qaVydr67HuwWMrPQ3ljCVSsnbV7HbN78KqEX6a0GuoAoGCCqGSM49
-AwEHoUQDQgAEjEb98b3L+COUBe8Hvtt4REtsGig33wUYUDFVQDkiCXKW+CZ83FSY
-jyYzZTD23M4ub285ECtpJIzj/qJKkImt4A==
-----END EC PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa384.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa384.csr
@ -1,12 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBvzCCAUUCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBk/Q+zMsZOJGkufRzGCWtSUtRjq
-0QqChDGWbHLaa0h6ODVeEoKYOMvFJTg4V186tuuBe97KEey0OPDegzCBp5kBIiwg
-HB/0xWoKdnfdRk6VyjmubPx399cGoZn8aCqgC6A/MD0GCSqGSIb3DQEJDjEwMC4w
-LAYDVR0RBCUwI4IOY2xvdWRmbGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAoG
-CCqGSM49BAMDA2gAMGUCMQC57VfwMXDyL5kM7vmO2ynbpgSAuFZT6Yd3C3NnV2jz
-Biozw3eqIDXqCb2LI09stZMCMGIwCuVARr2IRctxf7AmX7/O2SIaIhCpMFKRedQ7
-RiWGZIucp5r6AfT9381PB29bHA==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa521.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ecdsa521.csr
@ -1,13 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICCjCCAWsCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAHt/s9KTZETzu94JIAjZ3BaS
-toSG65hGIc1e0Gt7PhdQxPp5FP2D8rQ1wc+pcZhD2O8525kPxopaqTd+fWKBuD3O
-AULzoH2OX+atIuumTQzLNbTsIbP0tY3dh7d8LItuERkZn1NfsNl3z6bnNAaR137m
-f4aWv49ImbA/Tkv8VmoKX279oD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAj
-gg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xvdWRmbGFyZS5jb20wCgYIKoZIzj0EAwQD
-gYwAMIGIAkIA8OX9LxWOVnyfB25DFBz6JkjhyDpBM/PXlgLnWb/n2mEuMMB44DOG
-pljDV768PSW11AC3DtULoIyR92z0TyLEKYoCQgHdGd6PwUtDW5mrAMJQDgebjsxu
-MwfcdthzKlFlSmRpHMBnRMOJjlg5f9CTBg9d6wEdv7ZIrQSO6eqQHDQRM0VMnw==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ex.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ex.csr
@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBnzCCAQgCAQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQH
-DAZJdGhhY2ExHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMM
-C2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBPmzv1c1e
-QAa1yTtJ45oPOCARrhqDYV66urzNX1zHDZzi4lruIfI3q+1McACs4FIGJAkBUC2O
-ZCamsR6ym5PaL9+dGfgVvf6w/GoBb65bxuw/IgHnzhfEHsk9nV8WthTEHmT9m9lh
-kPMZBVDIVFW6iOCCpAwR6I9XXB30oKTINwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
-gYEAndd8OjJ+Jr74jqwuV9cUDqlItsLc84TYn+lly0EPezGQIIYz2KUoDyHQ+PQ9
-7JI3G3FWR8Wpow7HooLJRxHNWOw7u8ekLCP0LjkoHse+Dou5C0jzo99jfrjXNWGt
-DZO0Wrpu2eDclqwMJO/DtiovzcmOsGC52NHUW6+Moo9N2lM=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/inter_pathlen_0.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/inter_pathlen_0.csr
@ -1,8 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIH4MIGfAgEAMBsxGTAXBgNVBAMTEFBhdGhsZW4gMCBJc3N1ZXIwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAASpwsWOMhWxFRhj5Kejzx9oqsxaTR8sElCDHBALtYEy
-8eBZ7znb9cLWlJ8Kx6Jlw1pY7R7Ys9J9SuJ5jaBIBib1oCIwIAYJKoZIhvcNAQkO
-MRMwETAPBgNVHRMECDAGAQH/AgEAMAoGCCqGSM49BAMCA0gAMEUCIQDVsX+lxlvu
-JDEDEDnaVtN5NhxDYsomk9DpJwwoCa+A8wIgMboDaCkxGh4z+LejGkP+JvNKPX5E
-0mlgWQaOp/5qfbI=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/inter_pathlen_1.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/inter_pathlen_1.csr
@ -1,8 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIH5MIGfAgEAMBsxGTAXBgNVBAMTEFBhdGhsZW4gMSBJc3N1ZXIwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAARJV1R1nX2e3Ev2NxG9V9R67Gkg1T0VSXargQSUhHQj
-ZNyYaoUKkke6lL3sG7H2t8yoC0AJcE5r30OWQoK1rB8goCIwIAYJKoZIhvcNAQkO
-MRMwETAPBgNVHRMECDAGAQH/AgEBMAoGCCqGSM49BAMCA0kAMEYCIQCJdPdRGltY
-hIvSBob0vcb5JmQEVByxLwKrWAivXDvMfAIhAP8fO0+Xkx0rNB9KnINeZtMGYy3X
-tk1GxikrK7klEnvN
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/inter_pathlen_unspecified.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/inter_pathlen_unspecified.csr
@ -1,8 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIH3MIGfAgEAMB4xHDAaBgNVBAMTE1BhdGhsZW4gVW5zcGVjaWZpZWQwWTATBgcq
-hkjOPQIBBggqhkjOPQMBBwNCAAS01AiSXS4086rrC0SvnEoKz+tAj5+oAXomw/DQ
-PljnAeMdUvYSa0HxIoszeSGyx6prN3VnfuR/1nMRGtXAQGREoB8wHQYJKoZIhvcN
-AQkOMRAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIHPU8Jml1HUc
-L7v5mp4/njpWoVxPH0XkPYwdgk7nUnOZAiAaS3MpwrXz/l5v550T5nilkomRWeeX
-BdXmSA24AN562A==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ip.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/ip.csr
@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBlTCB/wIBADBWMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxDzANBgNVBAcM
-Bkl0aGFjYTEQMA4GA1UECgwHQ29ybmVsbDEXMBUGA1UEAwwOMTI4Ljg0LjEyNi4y
-MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAME+bO/VzV5ABrXJO0njmg84
-IBGuGoNhXrq6vM1fXMcNnOLiWu4h8jer7UxwAKzgUgYkCQFQLY5kJqaxHrKbk9ov
-350Z+BW9/rD8agFvrlvG7D8iAefOF8QeyT2dXxa2FMQeZP2b2WGQ8xkFUMhUVbqI
-4IKkDBHoj1dcHfSgpMg3AgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQBS7FBieNEN
-PfXQRhPeiZ86QatshBBrj+TmhdC4GjtJ9lQA2NSRg2HnSHDErxdezZ7tw1ordd5D
-hZpJ8XkPggsb7mghwPD7Zzgp0M/ldqbZ9fFEtNcpiEL05vKtap5uSGzNn32NDbQa
-g+4QnDavffTQuzfuOoGJ9bG3jQtxo9HZCA==
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/key.pem
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/key.pem
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCbp/6OQ/a3mr+8zRgBRlmSGr8QBgP4vUIxLn2Mk4uiZ8OcpRY4
-YqL+TtREGDUc0ve+bv8RINrNlYXL2X+eJtbE2RJQ+RAiu+saw2K+RFTNeTCA1fwg
-3ws5gBDcFbECqK1dOkuN/gV4JMHobn2/15iUBfeSJxdF1j5yqES8sVu7cwIDAQAB
-AoGBALZOnnBV3aLRlnw04kar9MCQnvLPeNteHyanQtjg/oxqZ8sR9+J2dFzSSv6u
-M5bc6Nmb+xY+msZqt9g3l6bN6n+qCvNnLauIY/YPjd577uMTpx/QTOQSK8oc5Dhi
-WgdU8GCtUmY+LE8qYx2NFitKCN4hubdrI76c+rnezIPVncZRAkEA9T5+vlfwk/Zl
-DOte+JtbXx3RtXKFJPMirOFqNVp1qnIlUm8XtBW6760ugiNYbVbGHgbd8JsZnkPH
-NC17TNLVJwJBAKJ7pDlJ2mvVr0cLrFhjAibz45dOipt8B4+dKtDIEuqbtKzJCGuP
-SCk4X2SgYz0gC5kH62S7rn6Bsa9lM98dztUCQASdLWNFYkhWXWZV006YFar/c5+X
-TPv5+xAHmajxT79qMFuRrX983Sx/NJ3MLnC4LjgIZwqM0HmSyt+nb2dtnAcCQCKi
-nIUhuw+Vg0FvuZM1t7W581/DfERckfgJFqFepLmh60eRqtvStR0kSSFYFw9mj1JV
-n9XfM/j/iHLM7du3rOkCQAw9R64yjcIBwcoSQxW/dr0Q9j+SnYgt+EhyXYXT30DS
-DdOJ06GXtb/P0peFBp26BnQU4CSS75yseZ1TdB4ZqaA=
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa-old.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa-old.csr
@ -1,19 +0,0 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
-WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
-f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
-A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
-C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
-+anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
-OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
-bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
-gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
-AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
-iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
-QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
-anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
-cJZNboDRsItpccZuRQ==
-----END NEW CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa2048-inter.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa2048-inter.csr
@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIDCjCCAfQCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLFLykOd2j31AQn
-kaToYtstGvw5wLb4YnlzipQ6aULlD0H0GHM9IwhdSmcTWUWPb/U83g/ma1uD3Pp2
-IdWd6xfjyOJF5XhgkyfRY65wS6vPZRm2MNSFXem+0AKHdhxIhb/QPMASqC/yaiPi
-nvtOpBiCNl1Q2N4y9pkV0oD/T4rrn3RXP6iL1k4CNRS54JPCd+aI5Om+axVPU8Id
-ZeUXQwXISaFrcC/bFXAHGX5hBMVu34lhCxvR4smweZkVmW++bIv26az8TSb5nVn4
-TstLJIaOoOqot0sis04+0oX/GXfTPfkWyzfTVFN7cb9H+gz0FZJKtXQZv6qdntji
-9FdR+pkCAwEAAaBAMD4GCSqGSIb3DQEJDjExMC8wLQYDVR0RBCYwJIIOY2xvdWRm
-bGFyZS5jb22CEnd3dy5jbG91ZGZsYXJlLmNvbTALBgkqhkiG9w0BAQsDggEBABfM
-9XTMqMqmfAAymWC4/W+vbh301KBoydcTnDQ/7B+ftHRE0O3FUsdL3wobj3qBieJo
-MiQwiL7+GksszHvN9+YOUi70wpFuKghLhadb7p5GzL0+JgK2eQnLYb37/lQSiWwn
-hht1YMOzErR/KHlxNUafk71bDEeytUcOvvtujf86nZiEnBpvp47zDjMkDersczM0
-wj7S50IY8/vRsc2Q8vy+Q7D2FPEwjs4wCGVSqzwX2NPn3fZb/2pWRCie9kxHUfUP
-L5xO4WoFGuirT6E2GnUWDdH661Pj5yEKvmr+qPl+eVoLjrtx0g5rAmA7rGlGrkqp
-r4idH/BbJUaDlRHM/Hk=
-----END CERTIFICATE REQUEST-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa2048-inter.key
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa2048-inter.key
@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4sUvKQ53aPfUBCeRpOhi2y0a/DnAtvhieXOKlDppQuUPQfQY
-cz0jCF1KZxNZRY9v9TzeD+ZrW4Pc+nYh1Z3rF+PI4kXleGCTJ9FjrnBLq89lGbYw
-1IVd6b7QAod2HEiFv9A8wBKoL/JqI+Ke+06kGII2XVDY3jL2mRXSgP9PiuufdFc/
-qIvWTgI1FLngk8J35ojk6b5rFU9Twh1l5RdDBchJoWtwL9sVcAcZfmEExW7fiWEL
-G9HiybB5mRWZb75si/bprPxNJvmdWfhOy0skho6g6qi3SyKzTj7Shf8Zd9M9+RbL
-N9NUU3txv0f6DPQVkkq1dBm/qp2e2OL0V1H6mQIDAQABAoIBAQCzT3HcCAlZoeUu
-p88dU3efkUnuOQhuZXcQS9E/JfTHpXHsF8Qhky0ZVxMW8BC91Q6VHt0EO5GWWm0o
-SrK0Q9t6F25npRcumUaizIoCi9756tMpgouX8CDzTCMUbOJyuNGxe0oeImKFDyzo
-VTCazHMqwgOUw/HHuQqOv9ekkrzlva8U+Z5MGZB4B2acHIAJHO9uYGzdeAjF3grm
-dQ3QFGXJM0JzPmXfnUiDeOWIoVbo4YROFhf7qNlcnyLdkrYe0/XsSYQM9dRGKRPK
-nkOkMv0sC8rOqNuJUn3tf1OOjzVQxlzB8Key6MOQ1c+kqsdCnL88/93CvI5NHazx
-hwUmesmBAoGBAPpkDtgeWjxeIjOfuxXDYb04XbVmKquKNOIEk5OADmaacSGzdemh
-XLRaNVMEYMcgMJViDDKW8g4k+zuZgzooMxNynlLNU5wfazwX2LLjReJFvZb/SxMM
-N9+vQo8fcGz+p5g1tbeE6w86mpsTiAGx9Wa4J4GnY8jF6XUjZHO0X91pAoGBAOfZ
-qrDkPMDSiVk62FP6LlPrj09bt1NTkBfv5dWhN/XeHjuus7unDhNiRmphhgF0VZse
-XPtT/PUO0YgYlyaYJDDDE0IxgHuoK9wvEb2sqEtkZSw7IUhehheZ/+YfXzSA5fwa
-vhXt0ghB0d9oVJuRoxb17MncjpjDAKy0QR5drR2xAoGBAMlNwkVseZ2JDLQ2WgHQ
-N/cZpvUc83dAQO3pQgBW9rz0s7mlf0naqh5xW+enYGsW7RhcYHQXuPk4MCelbsRF
-53JeNv1ZCDw/YkZI4bZIVDnrWdZY3zGsJAuY6skIPKnUPkd3/uVRXm267ut4U2MR
-gLsZmOF7AxU6UEwVrT/8pwnpAoGAKxbVFlMUx3FZfW/mTJUujwI0fDc7dw0MtqYr
-POzdjaBeVhE97h46C3g0Rgkh8ptAXbfi6ALP/GtonbaUQOP9teJLbf3tNw4mOKG2
-1l2EWZ6q/vFuWhjXKwO//3DNLODX3WbK9SBh7I7vBmpJbzA980J5Y3rONa3oLjDB
-+XbHecECgYEArOEv2D3fE3Hd6rEbxXinqekxMa+V1OCDO1IPz4wwr9RDMVUMxwqF
-f0es1PQ2eMJGrAMbySxPfSZG05ou/tA+zR0qPwc/+dX0BbaXCiNT3gbhvL1L2fBc
-7wr+MIUe2fi54JUWrUNMDHngRhXRKt2rZZRTfqVaFmZX02Y3fMZ2dWg=
-----END RSA PRIVATE KEY-----
--- a/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa2048.csr
+++ b/vendor/github.com/cloudflare/cfssl/signer/local/testdata/rsa2048.csr
@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
-WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
-f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
-A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
-C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
-+anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
-OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
-bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
-gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
-AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
-iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
-QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
-anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
-cJZNboDRsItpccZuRQ==
-----END CERTIFICATE REQUEST-----
--- a/Show More
+++ b/Show More
				`@ -1 +0,0 @@`
				{"token": "tSU1WTE/322iXrOBfJSQ9/u1dleqpwUmCj1LXYHw07Y=", "request": "ewoJImhvc3RuYW1lIjogImt5bGVpc29tLm5ldCIsCgkicmVxdWVzdCI6ICItLS0tLUJFR0lOIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQoJICAgIE1JSUQwVENDQWpzQ0FRQXdZREVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WQkFvVENXUnliM0J6YjI1a1pURVEKCSAgICBNQTRHQTFVRUN4TUhRMFl0UTJoaGRERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFCgkgICAgQ0JNS1EyRnNhV1p2Y201cFlUQ0NBYUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQU1jQwoJICAgIEdCbDVMVHJla0dGV2hvdGtkYlorUjFNbG9hcld4UXY5alA0QWVrdDhVT2ljeXBIdkZPNnhPdFN3SG8rcjMyaUUKCSAgICBxblM1eXYvMDFQMk1KdXlxbmRuY1RTTXNPbFQvN242N1RNMDB1MDFLLzljL3NvZ0tFS2pseXBsVFA3eUZkRy9jCgkgICAgT3UvOXFLYi9KYWxkMndFTEZZRTZ4cTJSREZ5eHlpWk9CM2c3WjdGeGE1ZDZhZGZHUndaek50VUw0LzhzK0x5aQoJICAgIHFkdzlJMWZrUWQ2MDRwb1pGTjB3clFzNGxmaFdUVWZnMHJIdWg1d2dHS1AzVnpacGJ0OEZiMXZOamZiSHRvaHgKCSAgICBHMlBDVTZKeStEYzFiU2ZVeldjUW5lbnA4NThXNEY4ejdwRjV5YmRuRlIzMTNIam9zcVhuRzI4eklUck9hZE1UCgkgICAgSGFKNnpPaGdFYWZVT1dYT3pqTm9mRkJGYTJJdUNBVCtJVFJZMXRDL2dxcHhHd0gveXVWTjE5Qkc4VXBuMCtIQQoJICAgIGllMm1LQ0hmU0JBS1QvWGU0dW1QZWF4U2JJcVdzVzhjaytkM2I0b3I5Ulp2NWNaUmNUM29pa0p0K1NRRzY5cFcKCSAgICA0T0FiYitBQnNzL05JdXJpNnowZTdERWVJTDV6bXlTSnFkdFlIZE5ZTjcrK3Y5eEJOc0w0SXNVNklFeTMrUUlECgkgICAgQVFBQm9DNHdMQVlKS29aSWh2Y05BUWtPTVI4d0hUQWJCZ05WSFJFRUZEQVNnaEJqWmk1a2NtOXdjMjl1WkdVdQoJICAgIGJtVjBNQXNHQ1NxR1NJYjNEUUVCREFPQ0FZRUFoTUFxQmlySStrMWFVM2xmQUdRaVNtOHl0T3paaWozODloSXIKCSAgICBuVXA4K1duVHVWVGI4WFozL1YrTDlFblRJbUY2dTF3ZWFqWGQzU3VlNDk1NzBMYlltSXV4QmtHcDUwL0JkVUR6CgkgICAgdUI2eHNoaEpXczEySnhVYjkxSW1tMGJUUncyek1xZXdnYTZmdHpaL0FLNG1zeFFBMlVJYmNXWmRzS2J1TTdzbwoJICAgIEpUZlZXOWlPd3FIdC82NFpqNHRCWmY5THpPRHI3a051S0tMbndqaXpIMTg3eGZJSWhkcmpGOFdTN0g5QVBCMU8KCSAgICBTdUVVRGZxaDBTV1IzbHRXdUF1VVdlbzZTS2NIVnVzeS9HNFlFK1BCeXcxZVY3RzRTYmVHNVowbytHT1VVSy9GCgkgICAgYjU1R21XMXhhNExBcnMxQSt6ZUZidkovQkFwc2JVMmI2V1ZtTmE3V3BIejdXWElGT0p1WUpnRWtWS1BKbkt1cwoJICAgIHFxczNGZ1VxejBadjdUSzhtTWlFVEpvWFpzNnpDdk15c1FldTNKL29qZ3RBanZNaHpRYzZQUy9udk90SmRJZysKCSAgICBIMHFYNDlmaHAxQnJZeXNsYWx6UUlGMCtIMHFTVWV5b1V5VjJ3YkxCQUxhcHhNZnZUVmxoTnduYWN0Y0tReHE0CgkgICAgK3dUKzJQVEowYk0vNUFWMFRPMVNQVDBBVmlKaAoJICAgIC0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLSIsCgkicHJvZmlsZSI6ICIiLAoJInJlbW90ZSI6ICIiLAoJImxhYmVsIjogInByaW1hcnkiCn0KCg=="}
				`@ -1 +0,0 @@`
				`{"driver":"sqlite3","data_source":"sqlite_test.db"}`
				`@ -1 +0,0 @@`
				MIICGAoBAKCCAhEwggINBgkrBgEFBQcwAQEEggH+OZ4ZSKS2J85Kr9UaI2LAEFKvOM8/hjk8uyp7KnqJ12h8GOhGZAgIBdaADAQH/GA8wMDAxMDEwMTAwMDAwMFqgERgPMDAwMTAxMDEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQCBGs+8UNwUdkEBladnajZIV+sHtmao/mMTIvpyPqnmV2Ab9KfNWlSDSDuMtZYKS4VsEwtbZ+4kKWI8DugE6egjP3o64R7VP2aqrh41IORwccLGVsexILBpxg4h602JbhXM0sxgXoh5WAt9f1oy6PsHAt/XAuJGSo7yMNv3nHKNFwjExmZt21sNLYlWlljjtX92rlo/mBTWKO0js4YRNyeNQhchARbn9oL18jW0yAVqB9a8rees+EippbTfoktFf0cIhnmkiknPZSZ+dN2qHkxiXIujWlymZzUZcqRTNtrmmhlOdt35QSg7Vw8eyw2rl8ZU94zaI5DPWn1QYn0dk7l9