Merge pull request #3027 from zarinn3pal/error_details

Added error status details example

examples/data/x509/README.md

@@ -0,0 +1,6 @@
+This directory contains x509 certificates and associated private keys used in
+examples.
+
+How were these test certs/keys generated ?
+------------------------------------------
+Run `./create.sh`

examples/data/x509/ca_cert.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGAjCCA+qgAwIBAgIUIPV2ERZ/WS8Fl2Ab+ZPlT/iNSfUwDQYJKoZIhvcNAQEL
+BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3Qtc2VydmVyX2NhMB4XDTI1MDkxNzE3
+MDkwNFoXDTM1MDkxNTE3MDkwNFowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB
+MQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3Qtc2Vy
+dmVyX2NhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyBG+PaCnirTV
+AdUhttmGPcSxxWknq+v5eHc5Niyqb889RH021lCOYxn8/wvvhBF9+2WtJeQDrW0I
+apRl6HcdzDQ4pOwE7QLC1fY6IAr6icz1i5AMDJxNjvWBxO0FRgthqFM4awMYO8Mi
+Z5Fqx0qAQc1iOlfqvdkWYeZBF4OP2+81G6gan6sWotu/o16ZPo2NvFPuY+o0LNIm
+3Ji33ugyfXjA3x04QqB86/eYQR934xHU0/Ju5Tn+AT35UcsZFzJuHpV37qADt3Sg
++RyDkY/JdoQmlzeN6Lund84ZGvJk0Tc5LSPwYbLQC9pU5leQxmo6ph3HdtAKdZK+
+u2pGqt2e4/Xj2sRT2UROzWMH3DICAELSbuhaoTyHtZ7EJ3I4imPWki42aBFulklu
+EWU1kV4uAFcm443DNFRuTqMpM8XRmOqb0UIzzGD5IJF4ia53QLhoqR0dO5+PnMnP
+5pft17DcXnQ8e1mNzMp0JXNQ0GqSA09mo9SaYdoy2ECp53bJcj96/Ea8gBUiYT+F
+X2ZmBySSpGh15/Mfgn40JWVEkywMbh3G8TYoQNUv22cXeXBvdZqtwxFIpI4Q5fQd
+wSyvHcWIH1DbVOycKN3FVZ67n72oWA2THKmpSpoUWE0vw61Psgyx+WVbscHofN+b
+gdAJ773nlbbdoFMG+iLw4Av6ssab7l8CAwEAAaOB0zCB0DAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBQNs6EYijW5kEZkMu0Oy+F4p8ncMTCBjQYDVR0jBIGFMIGC
+gBQNs6EYijW5kEZkMu0Oy+F4p8ncMaFUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRl
+c3Qtc2VydmVyX2NhghQg9XYRFn9ZLwWXYBv5k+VP+I1J9TAOBgNVHQ8BAf8EBAMC
+AgQwDQYJKoZIhvcNAQELBQADggIBACjqjFPBf1uElwi3iG/5Z5HsDteu5tkUtjLH
+vHeqEpgezNUnrMCsIdTQMDxVsRuYI9EErs9yEr+zFRdDFsuXRtcuV2abn/W4MEB1
+9U+9ixuKz/dAmJbNPwQJrg/fQeMqNH/9Q/e/LhwygZw77f3Hv2VL5XRbU3Pi7dT8
+/An3GdjIzYet5xYXgyZtHBSuzCK55+hvH+gmSbJeodwhp1l1qsuz7YvT77K67ftY
+0p9u4nEl1mfbgOt0Kf1/huDjpW82vcO2K890gsvnpxLa3Id4FY78x4wYXkHKGsrJ
+zc6SAYnFmuSaofc5hTea5/ixsMYAavrtL36r7EKxxoZuxNBttGIlkwYSOa8p68hb
+u7eRrc5ea/UGVKkIGZLXzFjFKlVl8zeEbm4xFV9Q7M8Qiv3Q8cEODapS/ka5ZM26
+xEggUiM6yu3im027e3n4gb5SKOzYGh8g9O+pBYo6KET/UawkV0+jml3IBhpPE1oJ
+YDc7m8IS+JDaa7ogSekF2S90d5HEXgltQ6rBg5rMxyT4cYWp8oFxWBMfT99wyc4W
+X+7YzOKyiLXFxyv058/txLfdF8iDzK6i1gAZyAswJ6z4gXzz10Wwd1e2PEto6bP7
+0nkALQmRZ0jXiDKyJVe8tpghDWhdutzzCRyBJ59qbyInCOYbJHFpMA6ceSUdBTFM
+QBn8XBLE
+-----END CERTIFICATE-----

examples/data/x509/ca_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDIEb49oKeKtNUB
+1SG22YY9xLHFaSer6/l4dzk2LKpvzz1EfTbWUI5jGfz/C++EEX37Za0l5AOtbQhq
+lGXodx3MNDik7ATtAsLV9jogCvqJzPWLkAwMnE2O9YHE7QVGC2GoUzhrAxg7wyJn
+kWrHSoBBzWI6V+q92RZh5kEXg4/b7zUbqBqfqxai27+jXpk+jY28U+5j6jQs0ibc
+mLfe6DJ9eMDfHThCoHzr95hBH3fjEdTT8m7lOf4BPflRyxkXMm4elXfuoAO3dKD5
+HIORj8l2hCaXN43ou6d3zhka8mTRNzktI/BhstAL2lTmV5DGajqmHcd20Ap1kr67
+akaq3Z7j9ePaxFPZRE7NYwfcMgIAQtJu6FqhPIe1nsQncjiKY9aSLjZoEW6WSW4R
+ZTWRXi4AVybjjcM0VG5OoykzxdGY6pvRQjPMYPkgkXiJrndAuGipHR07n4+cyc/m
+l+3XsNxedDx7WY3MynQlc1DQapIDT2aj1Jph2jLYQKnndslyP3r8RryAFSJhP4Vf
+ZmYHJJKkaHXn8x+CfjQlZUSTLAxuHcbxNihA1S/bZxd5cG91mq3DEUikjhDl9B3B
+LK8dxYgfUNtU7Jwo3cVVnrufvahYDZMcqalKmhRYTS/DrU+yDLH5ZVuxweh835uB
+0AnvveeVtt2gUwb6IvDgC/qyxpvuXwIDAQABAoIB/z6nIYYLwURdWEzMJyR2D+qE
+c1WTJyhlBR4TTB12wj4WI0BvjWJigGjKJiQ0nGSsAALTpjN25p7AGhhdcD+Qh4uZ
+k/g/8rEzluFiyDjNsEF9EPsZjrzXLZ3mZEKwWBCPIFmUoHpdu614y5INXigBHz1H
+0zZaPnclDqJb7VlF8dARNVbyAOz6UHL746jII+J5pUB/XUbFQChXpdhWjTs2kvc2
+3fSCBfq5ldF/+CIvgtzXDcS4FQSK0Qx26bwnP82eX9cWL6SzA9W7A+MLFtXNFFyu
+qqsIVTQly6BM0QUHB0p3X4bKzRAn4mg8UMb9kmZZHiESjhjrq8EXDsGdqwKOviGj
+xvRw4bxNoGuF0/rMrhNdxBo2C9dOmpe1ZER7rsFf5FJBTREpEmxl7d97dBVbkE2Y
+BlZHlrP9/S80dEZHi50bmWnQ4VdyE7RNa6mXMfNKGH0sPXh08d+ooEedMbWy+v2r
+myIQqZjvbVYswIihNVIFjOVsUS6UK5W4oXwGbGOnKhXzN13jQf1CUdwk5d9ID485
+P1hX30WAnQeaAF2zDwJwMv5VNViqavdjtXjHssJcYLo6L10YpebKTqg8k1pKEa8d
+21ySdKXSMB5Tvrw6oBAgdMWSna+3Gqmx2XebCG4uqrQNWlJZ3qRlumTqO5WDINtQ
+kwq2wG1Wqf8JkKI7zrECggEBAPuY/IlN7dzzvWEAKlKYK/+oEKH5BFMCgUz6xruL
+0N/yEyb7LEjuwPbUYJBBJ3wKzi6W9NQpe3KuMEjrsWw0ywCJhIrlSlTD4tEI+L+b
+Cc1lzeHvBzSsac+ei10VvGMLASlz2CUwpg8btQwpjkJhwRJFUhp4flSxUIX5KlBl
+t3MXB9lWuzJn5OwE1EB+SbPx/+bE8YeiO3Yrtuw01x04/FiHt/VXZpHbBFrvCw5b
+jo4lV1DS5WoqWSYYKUWV0A1BUh/RUETz9tSCluuKiMR5ztjuyp6x5+2UFUh23UbW
+Wf0V/sixAM0U8yzxJ6qWYXB+nVNZ/l4KiAWW50SBMNl8RBMCggEBAMuR8HhbMSXz
+0QjMJ9pdcgblm8+d4qjGSJXV2tRKPQmsgplyPYyj+wshNomhNkSbdnuG0yoOwSpa
+jZva7IWbv76YKscuwIl5lvAkAitaiwCACR5Df9EffsShO6ENCpkzk3t3jbAhC5WS
+bV9/K5vuop1ZgVtR9/2to4CdydIh6JA45yFsn8oOPO704U8Sz4raYKunDApy6F/k
+yf2K4EKGvVVzJLFSdqjadKmlR9MkSbYVD5bWEX/OdDutCNM5VlWdX9BciiV5vGh5
+muNnwMEvzPZu9HsJk/Hd3XLgvaHIC6hJSrBfhaSw77yUjZ+8GvyZGMSueSmrHyMj
+wNmYnBjGPgUCggEBAPNf2rFq67O3JzMEuOvqfW0xgt1bh15Q5wiy8LiMmAF5JiOo
+Bf+KzKg3ai1AiVRJE4cnyS7N7bdSXiy7qYW1T8V2QPsmr49taSOxnQWjkIjaeJyb
+3omKWlRW1hK2KuRXycjyYVwgQhINSEW6kP0PmHb3DWPDuNhuKSlfjBn3Osyes53+
+cthgfaX9SeAVCXCCoHr3eXgta3107d5xgsCm1htBNaai4/olNYJNB5Hc6PoBjwQE
+7ZyT2GasKohAUd/wluNmU1JP+C07IYg5GvGLrpZT7zYxe9tqSmgtawDR6nyR4UL7
+TX4UTOLlZ+xwyVLLd54gSJlpcIiPn6i5m6pVtXcCggEAVjDAQ/U4Zf1JcBQge5A9
+CzaENe9/XD431Vjqgh+8oC/uS9HWxYlYbWnukW80bu/zxnFbTt9YYfpdIrQamKdN
+FAGReywMUSiuA5b7ZCe92sRbF/k0UPKo1c/+Uz4WUq9Hrmr8DqqvIPESZfCOIkNz
+jnOrFWMrQLkYFQi5vsKkmQu+sKQxM3e7zODZ1IT+Yqf7bjIYIwRr5s4Tx8nZEdHC
+sD9ENd/YZb24z2svcfJXU0SviQmx9w8On4Wvyt7n8u/i9XF4/E0CvKlgLxBqyGDY
+wy5PTRjNDwcFD/Kf17O/W81MVkjbaNORbaLoI82dD34ywnOs0Tumv1YP/RFkZgjp
+kQKCAQAkocVT/fzx7pqCD8Sbqj8UmwonWY1gAXjtVMEbShIsvd6tC17Zt8zaASF0
+9MTPOxj9a9wHRZMIKJyJSCfxy0iAPxBbPsIzmbrWdSjrd8MHY0Yo/C81g16tQLvd
+jk2Q/Stbz+pFD79KZs/euS+4CTuLAEw5dVm5URitc3HKFJND4rRHx0t6XOqIGUdu
+1VCiCLQEUntAAn89TDDQ61uW8hmVSnjRMmkgkeu0vtjCBa4wilayALjApY4p04Cy
+wiLKmDQf8R0DvzqK/Gqk1CMtTbvcMQwbH8wwTvSXYCBj3rg5hNVAf2ddIzY9mVRl
+rjzlPgeLBZae1+7UCXeioQniof5q
+-----END PRIVATE KEY-----

examples/data/x509/client_ca_cert.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGAjCCA+qgAwIBAgIURGfUPy0ORjQXQL1XjhKGh9t9CEUwDQYJKoZIhvcNAQEL
+BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3QtY2xpZW50X2NhMB4XDTI1MDkxNzE3
+MDkwNFoXDTM1MDkxNTE3MDkwNFowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB
+MQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3QtY2xp
+ZW50X2NhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwh9DwaR9Eyuq
+9V706Hgthxmm19Sh1Pxet5I+cZ3CRclgt2hwHEbuSs+R/Vbwq+OyiCv18LXgOzfS
+VPP+xgklxSeRTT5hvplC08g+BvLwC6TVaeaQiDDfft5uVt2XUjZ35wzE/grIS+eW
+ej7osM9h6JZ3QDTLUi3VwU02GIMC6GMa42gy1Qosz5oln1e3qzAPuCLHce1cFg9W
+ZOVDcJ03bQFFLZACSu46UZ2310PNsjbb2h52nWrvbS8ut4r7REu24EhzsQ94NHRY
+NNUTVKGuIv7pO3ZPRVCcHvnfGJEkjuc2MKUMIo5W9TLxbOXFJRSh1Md74QeSw+9K
+4OCbtLz4odfJXQ/gtOvHJoKubUQ27CJcr5pbj+Vm1IA/bNYP9GDd5KjtJvupbcy+
+EfdeTYUWJ+TKLLwl8WqSUCm/Sl1+XqKYBThX6BexJKfuMkMTSmjUKr+vYVlq/gE0
+hy9agPXU4C/jEYL23KEuAoITyTW0QmXCEAJBsdW9YurxXMyT6MVeKJS3gVsXLS5d
+FoP0WMILIoqdyBX7S26MIXbl1E+Bwt7oc9h7Tkh2EZ5NGQUUxAm1lPQ/JlGONMZg
+HH7VmxTpWM9AeiskYKJ2a03i7omcnKi3j9PflTSMxUk2/Dkhl+5cT1vPsMceVu6K
+WSWWCg/+NqLyQYMyElXivmh6Rv+/+qECAwEAAaOB0zCB0DAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBQ6JhLgDsFLcVRm388mhm+vMyuNLDCBjQYDVR0jBIGFMIGC
+gBQ6JhLgDsFLcVRm388mhm+vMyuNLKFUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRl
+c3QtY2xpZW50X2NhghREZ9Q/LQ5GNBdAvVeOEoaH230IRTAOBgNVHQ8BAf8EBAMC
+AgQwDQYJKoZIhvcNAQELBQADggIBAIy307WBMjb1nuro4G09qzoS0AwjPqhHUIbk
+lxmN0QYmd4Y2TrdqALiwP1ocwupmYCVFCRiSwzrs17GaZ2YopMrPo7M+XoLU44dY
+FPmsV+y/2El4IlKh8HUr2VO7VJX2Ev6lWnsotTnsNoQMCSvJBdBWTZwfEpsnNoiB
+iLOcZaD9tdNzwzBc+bkqJ0x812KmLbxaPboM6HFH6ObEnK0IkrhuoPTnuvMilie5
+LOjO2vVgdkznUtKzKD8JoPb1oT8voqmMlXhT8cwMrXi2Kbh7k1Iur16ak9vPI0Ua
+DqIwlni8cpCWuHZYNrwHVdQREgUC+pvsrkNE4g/tHMGXhkg/p4RszmQ2RAt5f17g
+iPZ1G+unoCLkQyNJ/Ghtv7iaZyrzQ0b9Ib9MERkxu6DYRPjgKe3oWRRXVzxqg9uz
+45dauNEpHBfArrcT0cNm2bm6xCTWoZJL1Pb8GJHJ8/0j4JmdyYEjsDloI8+QL4CO
+Hs656/zGNLBRj0idR3Nq9OmbW1bgQwmblTiyTL2iAb01u0O64avmIQDZDiWblqvk
+qZcnt6/6wK/2SMDwrb/trjKKIGyz8mlmRA+kZF97oBhlfEDpwBEilv0UR+nQdvEE
+rjgaxZkaPodMXRvi8v+TPn5QdjxW83iB3LSFlsGb/oBFBDXjmmqg+TUdktmH9P4S
+x+6k0BbS
+-----END CERTIFICATE-----

examples/data/x509/client_ca_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDCH0PBpH0TK6r1
+XvToeC2HGabX1KHU/F63kj5xncJFyWC3aHAcRu5Kz5H9VvCr47KIK/XwteA7N9JU
+8/7GCSXFJ5FNPmG+mULTyD4G8vALpNVp5pCIMN9+3m5W3ZdSNnfnDMT+CshL55Z6
+Puiwz2HolndANMtSLdXBTTYYgwLoYxrjaDLVCizPmiWfV7erMA+4Isdx7VwWD1Zk
+5UNwnTdtAUUtkAJK7jpRnbfXQ82yNtvaHnadau9tLy63ivtES7bgSHOxD3g0dFg0
+1RNUoa4i/uk7dk9FUJwe+d8YkSSO5zYwpQwijlb1MvFs5cUlFKHUx3vhB5LD70rg
+4Ju0vPih18ldD+C068cmgq5tRDbsIlyvmluP5WbUgD9s1g/0YN3kqO0m+6ltzL4R
+915NhRYn5MosvCXxapJQKb9KXX5eopgFOFfoF7Ekp+4yQxNKaNQqv69hWWr+ATSH
+L1qA9dTgL+MRgvbcoS4CghPJNbRCZcIQAkGx1b1i6vFczJPoxV4olLeBWxctLl0W
+g/RYwgsiip3IFftLbowhduXUT4HC3uhz2HtOSHYRnk0ZBRTECbWU9D8mUY40xmAc
+ftWbFOlYz0B6KyRgonZrTeLuiZycqLeP09+VNIzFSTb8OSGX7lxPW8+wxx5W7opZ
+JZYKD/42ovJBgzISVeK+aHpG/7/6oQIDAQABAoICABWJcHQActv4oUv90AAmrS5q
++ybA8X92zG9ja0ghr5ccg311udJ5UCC+rLzFs4fuiDUxY2TkWM9ZHx3LwD1qcGVS
+QX2naSLDUDW85pzQwS8Zh4/rQ6fIfFNQDD/Y79vwLRdWRFjHC3fYZsqDRj+vknZC
+k1JtSQ2CBlAe59yKVH1B2Y7XVaRrL5OMz5XBHqCAgY31Vdle8zODWhtxkCzjVG3k
+kS8/5fE4QwIhFG9ul1ipW3T0okZOweeEL5OveLcYC18Qyr0fMT/olIywAygFlBNP
+4sJ1GtBe5CNPp5/LIpo0Lr/w38rJrf4gO8bQKzI0+stnomfR9keEufL/GGdR++eO
+5tn47F6RcQwjyElwDj2py26RtB42H7OJytbLTtprv9hk1ujda/eG+WIshRGvCEJp
+bhEVv/bB4CV6eaCk5x6u0fvf9Ggdl8LLLYX+G4B79EGyDj/TzGrB1km5Bn8KiROE
+KIawdtOX4cbU1ZwnDufAXpJc8A5M7BdhH/LKfIXzt9Ngw/KHmBf7qGYMViSiJeq4
+IdDTdPDzGpK44wG1nyRGahV9gx4bDu3dD6LNZV3LDWYUZ7lYkiWNsvTbIw5rI8k8
+o2DwMsFn8Yy9ZcozcTxySMT04SnQw7FhM1zZs9LC/iEQzIxfnljtZ4qLuZWUnYi7
+3gW4yK2QQPX0D4WCCvZdAoIBAQD+9DkFL24CPIn/gGNv95QCiqEDAQrriZSsCYIX
+yE8zOxfODtVHxJOBxGH4iTOgBju0eiNDYc/MQEVL9HBei0LhwR3/d4s9UQXKQKdI
+xXbqPztnfJS4oJj00HT5bDltaJ/rUmbW4QRTDEvrXAPb/zyj2Fl4QwNlasDHqxvQ
+l8fR4raHJpNCeOWwdOBTQ0c8WqR5m/nuvt7iEljhA6stFmGO2P6sdVAxxKWCJZ5s
+XRkWdP6Ucu2p8RDHO1pF0HGDgjxF8AfR4Zixz2wueTedUvOxcBuQWOP75HZVnDJq
+1CtIL+195MWqVbw28LLfedRtjclFReMUhZBM/haIkdkoUA2fAoIBAQDC6yaDqAj8
+x1xMYW9Snx7x1ca5520hpxxbU7fBoxdEcQu2hdDUFI/USoVKhZfv6ItFYrbqIqXd
+3/13Hv7OH7tj3ayIMOG6uj2I2YweDuxV49lmEo12bSS2ujTPOGQD7f32VKRMwhUM
+xZ5GATdL3kIYTYnFcnAn66xpOM6lv6AUevMAGua38wpqADvwQO5NuVWcPL7c/WMB
+dGccz7nIkq0hyLE3aNX66ZUXxVKiScab9sk41DjtEAVn8OCRrYtesg6LMZ56yj3U
+B4yOege3z9fPWGGClIEzHKG67aG8iKDnoSqXnsGzl0IbQjGVgB6999OGxSKDtuHW
+zvXKPPG/Vo+/AoIBAEFvBMNj7OP+DZzZoqu16vLMCY7v0ZGp+dI9jnn0Gv+XBwEH
+pY2J0iHX+R0EeY90ihZD0pEUpXRSenaIAd8B9uRh4AUU9VODW+0Qst5mb6KnH+Pr
+gW/xJ9CNP7hUIlkGJSUMPQChN67o1QNO1l68HyAeArhu2oxI3blhHP5oNgyUFyyQ
+pfLFfI3RMVGtTrcavGPJuFeh/Sogc1cszd4AhIFZB+PTKAXd5myEoyhErI+q7zvC
+U2TuTdQUU5LfcILEBhwdAqTHNZ1NEwLKcY+bHphHoYtmhPy9IfHO6NGqKoGYa2eI
+M4MIBgpDtGTOq8qCPUneKe22adaYz8e1RvqlsRkCggEAU+8opZbtT9SVVTq70ks8
+6wyQR6t1XgF0/4q8XUDamxlG3vEerMSx7susPBvtAl0T4+wPMiF7ZWC359zMAny9
+l9J0Ii1SdrMOHmj3olXwxUeZbQ/eJLn5Dkp+xSDWSK7qJnHqUjddEyPh9Ok/I4dw
+1MBG7GRMEZS1qJXSvqMWztrm2wu6gEnDGURCi0GanJOLXvz1f3oJcS3r3QdCTDGF
+JkAit+aIBkUhc5v/6mx0fuK1YahZXxQAD/M08OZXVo68HopeYSfHmg8qIow/2JJC
+r0Gys6U5QYY5yqHbfLElALlw+ttdM/WVfOFzMpp6Inmed7FaHHfbJkH2q4C05Rzk
+RwKCAQEAgdErs3lLSdgC2dSu4BtrVww7S9raDsUVG0UHGd5b34UhaovJwuwV50l1
+VIVyqLbObfij04j/Xx8WcRjNA5jkhS3GlzaD9Jt3ZXbxh+neXXlRi71OhFhS4hFk
+yE7f+u9lZjfmrWALbSYHAYZ0EXccZ87GXnx10ZurUYCvGPQL2yeLjswKkzLFbqrk
+MRymUse9r9nG5QFYY7lF+MCwN7uxlCEg6CEHR7g1slJuNjVdXrorKdQy/cPGWlc3
+OUQ4+iW8M8dOWapQt1Njz6ilCVUEaQnhiSX5/sK63Flmmbi1g4CWq5TgGnUf4NKg
+qexnJsLQLNgIy+am0ldF2ZffQgZI7w==
+-----END PRIVATE KEY-----

examples/data/x509/client_cert.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFkjCCA3qgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV
+BAMMDnRlc3QtY2xpZW50X2NhMB4XDTI1MDkxNzE3MDkwNVoXDTM1MDkxNTE3MDkw
+NVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAPikucha+hzH8Ggx6PVIzHnG0Oo6aOyDzvZr6jy4
+jofYEsyo7iyXgYovATtSsJ6WfL18LEotk+8F/uHjKbmaEFPlBtx3k5I5MMGeWuR5
+b1rFqcVV4PjYJ7Nrw4XFTUgDEYjnq/mG54q1yc07/WoOQF0GBnffdBfJNk/89XdN
+JRTKs383eVjrReR3vOFzL8wEw3G4fG8TDLf69wCCotGgZmcBqcsQGrVi5NWiYgyN
+Gy5oHy28s4Og9gaMFZPIlOnPAVR3Z4CAIvwK9KwhYG/CXpB15SkQ4htZ2dUaumFy
+tK9KPUGLp/4rQNy+5GNPzvY4dL0Yh4txcMH+DJFQamJU0RpNGe0JEIkgQy4nBuKh
+19jP3+lV/6relvJxqgcp69oHlYaeSfoyMMzaPvfWIA/KPyQO/HUTwytVM1hmVVZD
+YB3knM37dy6Q2m5htA8+QJ8eOnq/7QZy3Z7SekCZblATv+SghjDxT6idWsfpLMxS
+qO2E3UxxVYtbSjdAYsbXV+MxaUkUckSOiq5zYXvUjcopQ+Bfpn0bA6aUSonqtJl1
+jbBf19thQD2kJFrYUBgyYjLNnA4obSfqJRIOhlMHWUoQg55S4mvqg2G+ic5I2NWa
+g+w57DmHj5ywV4wSk7d81CLYHkTkI0hSGRXtlShEZqcHrmAYC5ZMZLBcANkHkk/3
+bQ+9AgMBAAGjeDB2MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOXgJmPdd9x77it2
+HeHf3ikgOGYWMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
+AjAfBgNVHSMEGDAWgBQ6JhLgDsFLcVRm388mhm+vMyuNLDANBgkqhkiG9w0BAQsF
+AAOCAgEATg8Mr8F5zRShU0NamUuclvW8cmXxTv7hhPGgknKd1Jn3ZkYEyJZDFoFW
+fJlcYwVYNdWxle+NwTQEGpjYhW9cH95qlRyTL/KzFdOZAY8AbjDN2osHGdRpWHKZ
+KbjJgI8F+0rFxoTYlUPM/WSChHbiwKAQJmKKMYrUZ9DqRqK775z2Aanej5OC54hP
+0c/O+3enwsx2evzbD2SJqQg1eWfPmhkLciVOD1+nfxeB3v/U7+lRcGaIjOrXX3Hw
+IQ0sJkcdMOIcMCrTpDhF6QzGZXlCMBzy8+/Tn6uZTuxzCINvHd+CHKRE6OWxXTw7
+pN2V4i01xO6lC9VvYKjbwKANtUYbgpNs8UHvbSMXetdls5GgREFUuXLCTyBoramd
++isRO1To4PH0S5WKN16+w6OVUbD9OMtrHT2bGPpBRSnNR+mAT3I0ziFEFoo9jwoe
+CyAhIQn0HeCrDC5kNpon7O1ju1ew/b2/7xGZ5mD4J0mlU2mh/KCUqqqQPed1TLi9
+j0pj2mYlTYVM/UFaPBolZK4Qg7JgJWvMfuMJvCEFpr90trWlxl23eGAUlq2HtwMA
+7m7euYRUNp0YTzhJU9grxq2bxjyQIaV02xKDPpEJED1byiXOdHc1L+WKPCbS6534
+QmnOTy5duo6peNcIZDA8uhl4MkFpCsl9fUiWLPMLBfkf4GVC5xE=
+-----END CERTIFICATE-----

examples/data/x509/client_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQD4pLnIWvocx/Bo
+Mej1SMx5xtDqOmjsg872a+o8uI6H2BLMqO4sl4GKLwE7UrCelny9fCxKLZPvBf7h
+4ym5mhBT5Qbcd5OSOTDBnlrkeW9axanFVeD42Ceza8OFxU1IAxGI56v5hueKtcnN
+O/1qDkBdBgZ333QXyTZP/PV3TSUUyrN/N3lY60Xkd7zhcy/MBMNxuHxvEwy3+vcA
+gqLRoGZnAanLEBq1YuTVomIMjRsuaB8tvLODoPYGjBWTyJTpzwFUd2eAgCL8CvSs
+IWBvwl6QdeUpEOIbWdnVGrphcrSvSj1Bi6f+K0DcvuRjT872OHS9GIeLcXDB/gyR
+UGpiVNEaTRntCRCJIEMuJwbiodfYz9/pVf+q3pbycaoHKevaB5WGnkn6MjDM2j73
+1iAPyj8kDvx1E8MrVTNYZlVWQ2Ad5JzN+3cukNpuYbQPPkCfHjp6v+0Gct2e0npA
+mW5QE7/koIYw8U+onVrH6SzMUqjthN1McVWLW0o3QGLG11fjMWlJFHJEjoquc2F7
+1I3KKUPgX6Z9GwOmlEqJ6rSZdY2wX9fbYUA9pCRa2FAYMmIyzZwOKG0n6iUSDoZT
+B1lKEIOeUuJr6oNhvonOSNjVmoPsOew5h4+csFeMEpO3fNQi2B5E5CNIUhkV7ZUo
+RGanB65gGAuWTGSwXADZB5JP920PvQIDAQABAoICADrTNgT5ySyf/PeZv0SwuXei
+GvEfao1yTbetJljBTS9EZoY2/Updec9IeaEgWhra/Z4Sz6OpDtPA9mFYzhlUIsLG
+b44fWDGDCE72eQiO1lKCazz9qWEWOqZPO43ddQAxgaeDMAOz7/m4Mos0wyqhPocD
+kuovWpb6Crh331cfUEOQBVF2vWXVG88GqRApoUhCZD72Z7IbrqmkXWWogn7X1QJP
+uW0KXVdGk18bsNjJVYHwLlgyycG9hhdccwporRp32Be0vC8BocVBjktfBiLKuHay
+/clubiAMbOXnEetWKPtDtCRatx8B+rF/FCeOzSchijTmpcLOzt+GjFCg1tp2uJVq
+AFzPYPDrlSSa1tHSqHVfkNqrP0VP5Ho2kN2jKN6uy8ZcehrN36LHQfHUnKFVED81
+PJhss4PtfSzih8JmO5yY3BI24biV/5QiVS0pGb612HULPSQUrEd8rdKDs8ZS2qQI
+vY53BwtJgsFLm8Z3q4T7ZFjOdRbjZz9YxbGZdDhV1CFOo7KLUA8kteK7KwqdH+Nq
+h7BDoC12u6Im8KFAPk6nOteDnAwBnf7vBZPywZNIL2a6xle4Dj8yTikahaTuiQDR
+bCzcQNC7FDcFM4Biw/Vkzc5VXgk4uc85Gz9sLd+eoEXv2gfRfaWk5Ll4I7HjisPQ
+V3Be4996KUVWytGFoYhBAoIBAQD+GdRS2v2HEE0Qs0MZokXPIkZBhE8qYfcm9X0x
+K/OPqEDBZmv3tpTG0yyK/HuJhJBDyioZ5oOuCbDK8rpu0+pj0QtvfSQ21qIdR06v
+Qc1P8eEoMNko9gJ36hWe7/1GXLm5Au8AGlZPR0OIGWMpgftyK0cT9C/GL7nKw6wk
+sxb+11f7ExhhvjEtMve6n8Q2OxptWTzR7Gt5k7gNSIIfIwjsF/Vt3WpRw/Vn/uaa
+pc8uJxTBBlRjPAZ4IRMT14uFq/vYWiXezvhYYzd8Lmp/WbOVo8m58hE7pW9wIrtZ
+A2yWVQzh7cuxG1QkPzpbNh2rU4DOzxbwkNUKF1gict/KvaKxAoIBAQD6gHRiTiyr
+T1+xPZIAeCUwa5MQF0skEjVG7EasWIMg5A6pv0sQFkB7S4wMRlXUn37AQMdH7Q5m
+Tnvw1Z/Gxwgv/18aXfCIiiCsBmTBAheBMR+Zcvqvp6UwDypxBQ0ZjWM3ZhRhF/XJ
+KeA9Q0IBm+W5cvaCHlnoHhfzYjTQwy5WQj3tfGkAKP3p4sYPoXuWCYHdlDfLNIDI
+Cv5mz+3ILu+tlCpUvbDWFUvH2VegyqudKsroFe6D/Q1cjWF9aMGHIOMk+TPtIdAD
+8gRbuSLmZAXf+5Og9s8WiLyTeYuYYGzf7aHfs68xXtrTDe+uB1d2EWjm4JYr056X
+uVVOMeiY0EjNAoIBAQCFgwbX/i7GP99uTfKMzoHFoymtFRsPlufo9YYxRvmz2uEj
+fXBveOTVT3IRGTbD+/5dUCUs9LztvjPBfyZMQ1bd2aIbk3Jqyf3mSmhil72MKvh2
+SKxh5FlJrpprp4e559DCEHOJ50zAXR5zrXs3/Q8kXu764gwUI1GI46VYpy0G/BlD
+WDYwbWGjcStPSNEs+YMaP5BAcOvLtr03ZYjRWXQ/sRsI/hT2H3ObkAiU61hf1LMH
+9Q50Eb8IccB3ZYLu2n36oOtTFgbRUlh+DFlyzqwYjTXaWQGLCJL0JZuw2qa8mrWp
+JGwpg8WDQiGkeVu/gKGmiJNyFXeK1Nc/SoKiIWARAoIBAEYpfG+cXb6NuMu35xDi
+lef9+W7kV1N/FhULULAtCm1H8yNwROH4mY7vFgbKHHg1RBctDaQDrajSCrzl2J6g
+WJa4/DYyYZCcv5HvKIE2yMaSr7sXDUftuMLBPK3zMDwb8dIucT7QqzLw27HNCMvS
+koFixdCkF6J/601sEEb4pB3c5+OAmRhGYvgDYF44aJkZiJo7TXVI+1kMWz0IuBz9
+qHwBp+mcR89un48WPQj4OyEGP1bJ7chiND/cCZZKpQnoGDbe5cBhXBX+z2GxdSj6
+kvqtSCgpeM9i9Q6JWKQRPe1qbZBuj39QhhHfMWaY/9I+BhfEh8s2tpDghBgmunMy
+w3ECggEBANd6XGIMmB0pmdinVU7gBsXlMYcnQEdtJWcMeJKRaZjhrmnSEQGfl5se
+U9AGGxaVZg32+q7/AXEY2p0RRYDpG1mAYFisa2hglrsBU1hkQWHZ7xdHBKgQOgCG
+wMOO5hZH94uyF2PPh5YG6XvZCudEfdkFNNlU3yFepG3/lNHXh4bEGOJvLSz/77XW
+gshQRyggqDJ2B9K/iobO4wg0f2U/MmX3VOljwPxrp74M2JJkplmrCJ6JNbD7dFo9
++bW6K7QplpsPAfYQMV3oOeitgtu5RycR/ADW4sIZw2JBa/2T3JNIgsgyG/Wz9SAR
+DC5I2TQD/DsjdPJFAk94MNL1SxrgOu4=
+-----END PRIVATE KEY-----

examples/data/x509/create.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Create the server CA certs.
+openssl req -x509                                     \
+  -newkey rsa:4096                                    \
+  -nodes                                              \
+  -days 3650                                          \
+  -keyout ca_key.pem                                  \
+  -out ca_cert.pem                                    \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/   \
+  -config ./openssl.cnf                               \
+  -extensions test_ca                                 \
+  -sha256
+
+# Create the client CA certs.
+openssl req -x509                                     \
+  -newkey rsa:4096                                    \
+  -nodes                                              \
+  -days 3650                                          \
+  -keyout client_ca_key.pem                           \
+  -out client_ca_cert.pem                             \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/   \
+  -config ./openssl.cnf                               \
+  -extensions test_ca                                 \
+  -sha256
+
+# Generate a server cert.
+openssl genrsa -out server_key.pem 4096
+openssl req -new                                    \
+  -key server_key.pem                               \
+  -days 3650                                        \
+  -out server_csr.pem                               \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/   \
+  -config ./openssl.cnf                             \
+  -reqexts test_server
+openssl x509 -req           \
+  -in server_csr.pem        \
+  -CAkey ca_key.pem         \
+  -CA ca_cert.pem           \
+  -days 3650                \
+  -set_serial 1000          \
+  -out server_cert.pem      \
+  -extfile ./openssl.cnf    \
+  -extensions test_server   \
+  -sha256
+openssl verify -verbose -CAfile ca_cert.pem  server_cert.pem
+
+# Generate a client cert.
+openssl genrsa -out client_key.pem 4096
+openssl req -new                                    \
+  -key client_key.pem                               \
+  -days 3650                                        \
+  -out client_csr.pem                               \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/   \
+  -config ./openssl.cnf                             \
+  -reqexts test_client
+openssl x509 -req           \
+  -in client_csr.pem        \
+  -CAkey client_ca_key.pem  \
+  -CA client_ca_cert.pem    \
+  -days 3650                \
+  -set_serial 1000          \
+  -out client_cert.pem      \
+  -extfile ./openssl.cnf    \
+  -extensions test_client   \
+  -sha256
+openssl verify -verbose -CAfile client_ca_cert.pem  client_cert.pem
+
+rm *_csr.pem

examples/data/x509/openssl.cnf

@@ -0,0 +1,28 @@
+[req]
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+
+[req_distinguished_name]
+
+[req_attributes]
+
+[test_ca]
+basicConstraints        = critical,CA:TRUE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+keyUsage                = critical,keyCertSign
+
+[test_server]
+basicConstraints        = critical,CA:FALSE
+subjectKeyIdentifier    = hash
+keyUsage                = critical,digitalSignature,keyEncipherment,keyAgreement
+subjectAltName          = @server_alt_names
+
+[server_alt_names]
+DNS.1 = *.test.example.com
+
+[test_client]
+basicConstraints        = critical,CA:FALSE
+subjectKeyIdentifier    = hash
+keyUsage                = critical,nonRepudiation,digitalSignature,keyEncipherment
+extendedKeyUsage        = critical,clientAuth

examples/data/x509/server_cert.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFmTCCA4GgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV
+BAMMDnRlc3Qtc2VydmVyX2NhMB4XDTI1MDkxNzE3MDkwNVoXDTM1MDkxNTE3MDkw
+NVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3Qtc2VydmVyMTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAJKa94AjQ+jMqv4RdMjogvrqb8y4NMoFPHb/A/Eo
+0ahQsLu8enexiCAHq3QenIIvSp6KxvL5ERoYfsv1c9jG5B4/Z7wD1Tkut7bOiAG1
+cO3sgkz6+ttSWYDomBxHw19h2qJl/XIIgz4FO84tBMJIU2lXQejRd6a+/rKyvk5e
+IZIeBf82ujO1I/9O04rNkZGHRhX/AoGmF5LuUAoex2yWU5/8V2y7svJb0+AOOJH9
+tCW/mEVwb/5Gz3iD04cqhJKDtwMXYIa41BnkgQfr+AsGE0H2sdlYmCDVp/DbLMOU
+pqjWuCzYA37ef4mGTH20eFbIoaZ7lVDxY8S0jV5DH+nsrj74keBG4azj2SL7rf/H
+bniycFukSx+GFRAWpxTPD8vp4TGpV1qFyef3IANAPSlrhIwFfAPz8mUnHWE1n6wb
+gWt2rtgGu8abbOF6U0F2aRGUPH3jijUIJD6Mr3cy8slkRZ1w8nv2nxMspnJcpR3V
+tN+Mkm6y0o4lTFzsYvjRPNWNLNROA4md+cTgfhSOKVzsYGXUqRDNn3NGOPgYzXDS
+Cw0AXIHlaGgVLb33enkU26vWdkNHR1RmlSpWc07jCvBuvoF/lz/FB+8Y0wNeZAgv
+tWv6NCwaBWFkMG2StiGFweOdszk+cwyCaGXPeNe+d73Atauk4s/+T08jRwdhseLU
+T5/DAgMBAAGjfzB9MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJtMvOAJdZ4zZgZa
+plJQO1JJC1cgMA4GA1UdDwEB/wQEAwIDqDAdBgNVHREEFjAUghIqLnRlc3QuZXhh
+bXBsZS5jb20wHwYDVR0jBBgwFoAUDbOhGIo1uZBGZDLtDsvheKfJ3DEwDQYJKoZI
+hvcNAQELBQADggIBAHJO/nRYCkq9HxunWeDZjY0A6paBb0Ys/NMpv27+vvljzJ0w
+zsh3vRqb54GFsSNUM6sDuG0ujxFKPNRmMXChdZkZVVhO9RFzw4+vdetq3mT4pPVt
+mq6PkK82RCP2v/b6vmZcJk6lqb9W5FkM9GoAWwUrFQSzgXGOi25IfFWXXqlNukso
+XCHI6bpwqYFIeiWoKJKSoTXbyZYrlKIGJOEedVn1tbynl+IaEsndA4Oa0+TTxLFT
+3TNCyBOVroMz61iI1MRelyLMWE+3fY///l9OJG2cm0qvoXh1IPqexeQHeJd14AGI
+sHUjNQFgV3dNV2El8Lk56bUOebjclmZOXZCXsfol3pJ8PMSfLYl3rlv9Hurmc+oR
+7TmaP9SRPjYLWdzcicwsZn/PRrbl4siUa1PH8XkaPASE8VQiIoovtMz1y/GlO4e0
+cMYRYHDJ/dDtD1VDvDZGgTZauCp+dMJof9IGSWR+X4dyzMo7MQ4ErgY57gcmLGYa
+JW27X9wh+rpIsGu3csGCGHFmWaD2vBWrSLMrx6gmhbqUUIgHNQYpelDV024wiLj2
+BS/zTQUNWFZgkuzHnAF1abHvFHCd12+AeVBV1NZoDgjcPokJGDWVeqHWbJwsquy1
+sqP79Pup+LHd32yCIEZZlMb8M3o08aqemoqjVcVb57puKNyfwk8sT5tBq9Hv
+-----END CERTIFICATE-----

examples/data/x509/server_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCSmveAI0PozKr+
+EXTI6IL66m/MuDTKBTx2/wPxKNGoULC7vHp3sYggB6t0HpyCL0qeisby+REaGH7L
+9XPYxuQeP2e8A9U5Lre2zogBtXDt7IJM+vrbUlmA6JgcR8NfYdqiZf1yCIM+BTvO
+LQTCSFNpV0Ho0Xemvv6ysr5OXiGSHgX/NroztSP/TtOKzZGRh0YV/wKBpheS7lAK
+HsdsllOf/Fdsu7LyW9PgDjiR/bQlv5hFcG/+Rs94g9OHKoSSg7cDF2CGuNQZ5IEH
+6/gLBhNB9rHZWJgg1afw2yzDlKao1rgs2AN+3n+Jhkx9tHhWyKGme5VQ8WPEtI1e
+Qx/p7K4++JHgRuGs49ki+63/x254snBbpEsfhhUQFqcUzw/L6eExqVdahcnn9yAD
+QD0pa4SMBXwD8/JlJx1hNZ+sG4Frdq7YBrvGm2zhelNBdmkRlDx944o1CCQ+jK93
+MvLJZEWdcPJ79p8TLKZyXKUd1bTfjJJustKOJUxc7GL40TzVjSzUTgOJnfnE4H4U
+jilc7GBl1KkQzZ9zRjj4GM1w0gsNAFyB5WhoFS2993p5FNur1nZDR0dUZpUqVnNO
+4wrwbr6Bf5c/xQfvGNMDXmQIL7Vr+jQsGgVhZDBtkrYhhcHjnbM5PnMMgmhlz3jX
+vne9wLWrpOLP/k9PI0cHYbHi1E+fwwIDAQABAoICAAgdEXODACAjK5dyCd+Qlqci
+UFupGirQDV+cj3BKTQgepxlMvg5fwePb6M49X3YI/f02Ovp5dEvYbTQGeonVwAw4
+gBo0sBlBD6PLXFWT4BMa0r9F6Jo4vYFX3gs6oYJm3P293T/xXqoRChVIAopqDEu5
+K4miBhgxW9Ex+TxHE16N0NEmCzoPXVWk3CpDZDoEnYlcGpxoP8e+7qkQuQK2cxxY
+j9IRtT6afGhbASB7RPwN1XSKW3hcHOFTkmJZpQqixX8jTRFHq11fexCgK5MYm/o7
+l+4qbAjtKiU3TAvq7ypK79hzgAYGdFJ9H0CZu0s6QVAAaOwY3+ekAmrkFiERGzeF
+gqe7EQaWr/5GzcGNOmv/4AOr6kDhdleAdpHXzyDX+BliNqg5T6kkT8UOa8MtkJfG
+sL2moh/4P93KoTp4mBpmbzAAnaq34yCNCnleK5CILLPqVyR5z1E1QT3pCFNQwhjO
+GEYgEeA384cVQulJhWzQPWDt9vEl4BcnLxzGTnn/xn7o6sdOjuJx7HzC4tP1uN+b
+8PDxNo8imXhAkpw2umUplPFrZup/PPcozz/IzdA9x6zfNyOQTw/QHNDdQkJ1d32F
+3nUExzAEccWhrWiXS/qX99PUDvhC3aPc9N/b/ihSdrZpzR3e4v2B59KV09RrXjWI
+lfg/QkhxWvi1nyGE96n5AoIBAQDCnSEqDxdq0+NVvXTiDSyzyQ41p9yEi8WBo5Wy
+9XVQP7Ygg3w4sgRvqFB4sgdHGEp2VxjBy0PJU4UtvVFFesOxxm0Sf5mq+sQBRbIL
+/PPFWMaT58VPQp92l9fb3KrqMrVL9VYqOYjL9DITMUcnH7OzLvc6DZ10q7ItcLqE
+hQLBZHadNICUkH0mZtMvRwW5VpXvKleVYzfZ69ojkIZYX4IceIXv50tXxwaxHItc
+3GnRBFjEej4cLL/o4Isv601uBZD8FqJpY5P0t73rDN62Hj7c44RYOUP11zcW/AY1
+Xq5w+HCGMf+e3tHve4UsJqls9Tw+2yy4snwHQ3oHoFP2cEAtAoIBAQDA2TPf225R
+8p4Z1SG69ll0dBeVUmO0liPGoKkURTS2yPvCa2BisxDqSctUFaSf9QT64tSDRGET
+RAiaeyg9z6wtigToHku+jiz9LiPfzfa5aoVWDam+ZrzCxijQZliPSjQBnzAUP7A4
+w9LUW5cgu9OTN3t4fvxZTRifTpE0I0w/2s9eZCiiNQyp3J/IXL2BCv0U9Sr8ju3p
+wL2KUPnopvZjSH4WXyto8+wD6692PkjBVuhmtXUxBl58xkpvWzpHYNqttjG0RzPa
+XQxRdVogZ9LYHX92gDeO0rQBkYkB5kF7kSZGXktaejvL2bb2p5hfJD6kGzNiOzss
+Jdmt7lPsimWvAoIBAGMw6SVhucLGKnmZ7cgFhQJBeI+adgfMoacYtIUZHGkBgBeE
+TL0s5pvugs1xl8oBtHoqnECyFGO5wQh2FMU/9BxZEWC7TpxZ4arwVfZMQAcW32el
+WuiyAUrVy7yQ9UAXBlanvfoZhwLE/PzRQf3L57BtQK8DH3zGwjLs4PQIQ0ZEqTwo
+9VxDZLY89GiFX4J+gj77KtbGUkItNuqnkAHc9BkEyOdk0P71PxDohpOW+AwDlibW
+U2/S0yGjyO1slfN8vM/vzWm/yjqRqCf0UFMsiUfWYq8AyQW1YqvBWny7PFfyGJAd
+TbcwxHm2UEMXlYUmXUWAOoQM3LBrEPhwHDtgLSUCggEAcCLcgyK5N3V4cVT5VBnD
+Um/e9rj9uRhEnU72gg7r5A1iN17woPO2tkVKsg4Tt99lke0r3Vh5ihZZWlqav7Zu
+S9yhlcdoC9noVx/pRE4jVRWXir5PIaPjxu4q9WNNw6RGMVs7Pcr60Ucs5MaNTj9p
+e4UbiqlsWxD1bEznKgYMZGT7h8t9xTRLtMnRL1Sd7NdS6kjVQh5qQS4OCMulRZ8w
+TfLtPl0AhPqxFmaJlJwK+kFqya5iAqvNbYhv5+iILtEm1zPGGyn8ANFyRDuUuJsm
+gvxEDcfohmgGu5LAtBYLpap1Mx3Je0bwVky2kx5I/6m3sv0OF+SRN86akQSwUC75
+iQKCAQEAp2OlklCIQjyp4z7Amqyh5YZm0XrXPn09ihxnAqn2Ie5zb8BVSnoNYDpl
+dsZQLPOLrDAU/haAl9RNIibravCh+zMEZ12t+PD33TWWRxqQ/Di6biNfYzDGv/Y4
+MhGWF7RXeUobU9ShI/jyfWMVOa2Zg5YcAVFlHNbqfy7uMREovvSFXCG2Mmq1RZ4Y
+s1rWh7ZsfbXbF5mFoqlK4CaASdicsxOaoSy+yhXJLvg95O/wftyaboTqbRq165Ae
+sPBsgNq5oOulS0d+CO53+V0mRYLWBZpuPTdk9qierTuERklGbLGTdeQpDvZLeB/U
+dqcVC951MqK11/LGybm+ojj5JFsbog==
+-----END PRIVATE KEY-----

examples/data/x509/x509/README.md

@@ -0,0 +1,6 @@
+This directory contains x509 certificates and associated private keys used in
+examples.
+
+How were these test certs/keys generated ?
+------------------------------------------
+Run `./create.sh`

examples/data/x509/x509/ca_cert.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF6jCCA9KgAwIBAgIJANQvyb7tgLDkMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBD
+MRcwFQYDVQQDDA50ZXN0LXNlcnZlcl9jYTAeFw0yMjAzMTgyMTQ0NTZaFw0zMjAz
+MTUyMTQ0NTZaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwD
+U1ZMMQ0wCwYDVQQKDARnUlBDMRcwFQYDVQQDDA50ZXN0LXNlcnZlcl9jYTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANGmhBQQ5f3n4UhgJLsXHh3CE3ej
+Ox36ob+Hnny9Gb/OquA4FMKjTTaSrhKIQapqlCLODai50XKSRBJcgsvsqWk9UdL2
+3zf7CzAPmg5CmzpWWwgpKPTuK5W+gLA1+uMKecBdH5gqSswQ3TD1fMfnJuq9mNfC
+GsMkplaqS5VATNFPVnqS7us3OXKEITmBaQP4wOpGP1PgqX7K08aZEeAyQJaTS5um
+4MNlBLYa/nQ9Wca0Uk5tzoNjE6mWH7bTuwdoZgOIwKFmBbmsC9y/HzwV/zRsL8Yp
++7FwfIYuZ5j8gBNqSFQjDFkm6Q7RcQ/lyHHj9YduOgTciIFVgx+j8aZvFqH127h8
+WIb7Jppy0DEDJE1hRP6iV2uVoaUxhXWrCWLBUU+naLix7SJ8rqw8gHwRNWfM/Lwg
+I3rGXdw5WIHVQcuxevN6qVSZeWVYAlAgfxjKtM5cKZyM+W80CSdVKEku1XA0sq6h
+jaiJdo6hpm8BLIB2k7LWafc5MASst7XULk4uDC/OYcEz3+C3Ryn1qBltr1gA3+5K
+ANuhjYCZH4P0pX08I1MpeVP6h8XhbBPEZg2txbVGlnDXEFoJN9Eg5iEKRBo/HKhf
+lP84ljtBSmCnsF6K/y3vnRiu+BVNP5KMq179DNqEy7tSygzgY41m3pSFojdvA59N
+JWJoy9/NZzdlU4nzAgMBAAGjgcYwgcMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUW5AMXXg/zPSaLHwSO/7LwoBeZYUwgYAGA1UdIwR5MHeAFFuQDF14P8z0mix8
+Ejv+y8KAXmWFoVSkUjBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNV
+BAcMA1NWTDENMAsGA1UECgwEZ1JQQzEXMBUGA1UEAwwOdGVzdC1zZXJ2ZXJfY2GC
+CQDUL8m+7YCw5DAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggIBAKTh
+Ofg4WospSN7Gg/q3bQqfSMT5XTFC7cj0j3cWDZBnmqb0HAFPmzHT+w3kBVNCyx1r
+iatOhaZRH7RA0vacZQT5pD2MGU48/zFfwBV/qHENQWuRLD2WOOEU3cjjoINBclfP
+im7ml/xgz0ACOgUyf+/2hkS7VLq4p9QQVGf2TQt65DZA9mUylZTdsBf4AfEg7IXv
+gaYpq6tYmNi7fXDzR/LT+fPd4ejQARy9U7uVhecyH9zTUMzm2Fr/p7HhydSXNwhF
+JUfPWw7XYO0lyA+8PxUSAKXOfsT44WNtHAeRm/Gkmn8inBdedFia/+M67k45b/wY
+RF11QzvaMR33jmrdZWxCc0Xjg8oZIP7T9MfGFULEGCpB3NY4YjnRrid/JZ/edhPR
+2iOiEiek4qAaxeIne3CR2dqCM+n+FV1zCs4n3S0os4+kknnS5aNR5wZpqpZfG0Co
+FyWE+dE51cGcub1wT1oi5Xrxg/iRteCfd33Ky668FYKA/tHHdqkVfBflATU6iOtw
+dIzvFJk1H1mUwpJrH/aNOHzVCQ5KSpcc+kXcOQPafTHFB6zMVJ6O+Vm7SrqiSENM
+2b1fBKxHIsxOtwrKuzbRhU5+eAICqwMd6gcIpT/JSR1r+UfHVcrXalbeazmT2DS5
+CFOeinj4WQvtPYOdbYsWg8Y9zGN4L9zH6GovM1wD
+-----END CERTIFICATE-----

examples/data/x509/x509/ca_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDRpoQUEOX95+FI
+YCS7Fx4dwhN3ozsd+qG/h558vRm/zqrgOBTCo002kq4SiEGqapQizg2oudFykkQS
+XILL7KlpPVHS9t83+wswD5oOQps6VlsIKSj07iuVvoCwNfrjCnnAXR+YKkrMEN0w
+9XzH5ybqvZjXwhrDJKZWqkuVQEzRT1Z6ku7rNzlyhCE5gWkD+MDqRj9T4Kl+ytPG
+mRHgMkCWk0ubpuDDZQS2Gv50PVnGtFJObc6DYxOplh+207sHaGYDiMChZgW5rAvc
+vx88Ff80bC/GKfuxcHyGLmeY/IATakhUIwxZJukO0XEP5chx4/WHbjoE3IiBVYMf
+o/Gmbxah9du4fFiG+yaactAxAyRNYUT+oldrlaGlMYV1qwliwVFPp2i4se0ifK6s
+PIB8ETVnzPy8ICN6xl3cOViB1UHLsXrzeqlUmXllWAJQIH8YyrTOXCmcjPlvNAkn
+VShJLtVwNLKuoY2oiXaOoaZvASyAdpOy1mn3OTAErLe11C5OLgwvzmHBM9/gt0cp
+9agZba9YAN/uSgDboY2AmR+D9KV9PCNTKXlT+ofF4WwTxGYNrcW1RpZw1xBaCTfR
+IOYhCkQaPxyoX5T/OJY7QUpgp7Beiv8t750YrvgVTT+SjKte/QzahMu7UsoM4GON
+Zt6UhaI3bwOfTSViaMvfzWc3ZVOJ8wIDAQABAoICAQCxi7A9AhaUUWRzE6DnpGtH
+zk0IO39cIx4KAsNQZiDBVDdXzYafUwaX2d57KVNbDAlJ9HCS3FKpEX9+gUPviQvr
+aRe7boCZewv9dqkDvJqS7AEJxzm9O1pD5WI8WGqRDhUPuI2CIwbXDM0VokA7VuGZ
+WFlxFxvs+UO5D10VF7A2blcRVQ/quQj4lzc/6P1TdL2DaVxGH3PLQd/ZR1ZhJI2Y
+N0OHnOqp7wnvYqrtK+u0oI83hjym/ifvrYhMH8E7Q8lo4s4noSvmEvK0zlKYYxSO
+g7RtwK47lcSPKgtn/yZDyvVX85qIgbBLcUmrqfB3qxMKz2lpJo6f4Rg7mm6SgW+K
+zxYnGNCTPfiyPKiufM3rQPfJ4giqQ1XDKiZEKUJBo4mzzV6LcAoDaEqhHBlySpi3
+Z38I0rmAT62PRJ1sMkQl6j1Ben9TpwTzJmLX1sEO1Jsabsk8rRdV+ni5oRRUdW4H
++ratyQ8pmegLYyhAZqkD7FzKBLdznLmWXVTcBQkRoD5lQkCP2OF78TdL4twNvoTH
+X4kQ3cNysWFXsm+yf4jSCHl4BEtGA2jOU690T0trtMf13aI3wEULmcBgc2ix+tch
+wX79hwBYcjGGDfTMb39r/DrcgWMVFXawru78QFoN9vVxznit9LrOERBm6zN2ok4X
+E1kD4YZGr8dxUHax0or4CQKCAQEA7W1Sxeqc0gV0ANQf3eCsFNjvT97z/RSzzUYF
+wCe4rpzQ9ZNsY2UYMYmEzUuRBuQxYKCNTWot3hu+6OPMCp4pLuu2l8ha/wCM2TkY
+6hceduvXkdUNUG1xZNSR8waw4PTXNeoOD30+GB4OpHdjzsF5pEzx853/Qo/ERJFx
+A+aZZJy/Sfw82KTseYTniWYjH4iYUbC8TVLfRjPw6V2VcF78pYkdAQenGglqw/sI
+4a3FhJspN9xV/PoPbb7PjBJFHUt7ZRQt+D3WPuhLSjyPxwV+3u2OsQ1/J/sxcih6
+rW2g+OJYrK4YkOqX9tLRB39RjO4H6Eiv5eUAw/+vHHufKRu1HwKCAQEA4gzxZNzm
+r1X/5GAwwyBJ4eQUHFvEQsC2L4GTJnNNAvmJzSIWnmxGfFLhfJSabnlCMYelMhKS
+Ntxokk5ItOhxlUbA1CucEtQgehJwREpUljlk7cii5MLZEkz11QxIVoAhGlq3svFG
+B/gwYWNVWl2CXcK2o6BBD9sIgzgp7qhmdJej16h8YkWn7HibKs+OBcdCu+ri7wU+
+VdLpdhN3uqo1b1tO58Gv+40vuQE3ZKDdMy55V30+0qEqg6dXvDQ9nwYFkw6C31Ad
+Wpa9ZB0A0HNSou1xTWyl/hDie6dlN84RHGX8on4sjgPrb8A8WVis+R2abvh9ApZA
+fRZ3H/ZYXB1crQKCAQBgjgEHc+3qi0UtwRZkiSXyJHbOKIFY/r5QUJWuG3lDqYph
+FF8T3N0F6EMVqhGEl/Bst14/iVq15Nqyo1ErUD63UiyjdVtsMLEW9d1n9ZbyDd9Q
+8y/C8X8X3kqsZqAwG+IZjuHA8tH5xN93iwYP4yaw5onO5QYV75mFuRAY4gKnpAc2
+81lbUVbJ5H60pdDK1iX7ssAhQf6C8kSa4vAPDtH4D9a3wID4WbQNl115Sc31q5QL
+n5NomdkEbIDDGfr5euTnqlk3hw5F7voPaqmd6mI6Dqnk3vRDMihdoJCjTt4T2Rju
+wK5E4OKEAh/3yJNFmNemY0kFWSgCjUyNbMjBUv9JAoIBAQCYS9QO+m1JUA2ZVd1E
+eWqNkFakTIdL2f5kv03ep+wIxwq6c+79SUGr3UMh5hStvXCFYjhAJhbwc0rY13lQ
+uRJdWk/sIn2CifxfgjC1MccPdxeyxGxK56PMGqG9qgrKjITA9sGxA7EFCYe+9We5
+/Coq9VaLoxpyjkWL8rj9m+N7RfcTAubaZseeIBuamj+7UOZ7KOM/2i6HMBQugys1
+Thu2LLRanDnups6yPEmPuHmPVA5YjX9X9VFpZcNMf33MuAflbe9qeNVuBQUQgCHe
+TvQr5QFjAoJLTCDq4nrlQCZzFZtB9vQZsjZbEg8WuxG+vN0hSrUemxBTtmEH3bbm
+SLn5AoIBABGxznQFXXlF3eLIZqLvItDMSTpFp8YPk8GQWPT2V3pNNjvK/j7eg+tn
+VouXv5LjyLTzWLKnPjIU4t+qwu6R9nohZ62OjGl6lssVdjPnf4R6UKzRa0iIZtH4
+BlGncnAbzb6TJuLX7dNwICoUCGyvk9tdnThH1FY3ZAEhOi1G8LEh7aBrj9/vUZ2d
+S5jzZ7kLh04AB8OP1MXM3sZE7VlIxUtT/NLlwC8zRsg84pAjg3U7PygIDYQDzCRB
+4yIvDziTPqDB/vdCKt7/Xary5Xj4NwqcPCRf6HvdHYCVeW7V+mWcMKZgodQARQhv
+qQCK9iiN08MAFNia/0/Bj4D7XKurNRY=
+-----END PRIVATE KEY-----

examples/data/x509/x509/client_ca_cert.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF6jCCA9KgAwIBAgIJAOhoXtjjP6JdMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBD
+MRcwFQYDVQQDDA50ZXN0LWNsaWVudF9jYTAeFw0yMjAzMTgyMTQ0NThaFw0zMjAz
+MTUyMTQ0NThaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwD
+U1ZMMQ0wCwYDVQQKDARnUlBDMRcwFQYDVQQDDA50ZXN0LWNsaWVudF9jYTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO7fTqeU+8OfKMwXABNF90+RYL4X
+YS4ULx4rpf14Ntp1SF6o3itCSM3jJfHzexj2Pm16aL+OQll8ODtvTadqVSMndMCn
+UN/jVjxiMmjkSNKpwUGG69CsQzCKoueKBCEy/CZSopQae6Wxn7mqTAzhFlh3idNL
+J+12UtdqDxnPDsiG2XBET3UrKyJeBxMgRyPi/g4wHfhH9oJ97jkdacUlLko8l22s
+ZiMSSwwOlWxtTY5t0FbHu08ufP4eYTqC0LL3z1Fon4v+4BqUyK7BT3dISwPBmSd1
+uTD7Wbaa/QmfU6Y18dkNlK00GUAcKWgPfLcm7EH/AAz5XkqozVR3z5FLBYFTxVrA
+Ly/Gu5HLx/uwoYWeYRWBOSkqvdgf9PT57imO4fOi1CTQuq/1LAdaxGkm7yXaz0YP
+ySTiT6PvcLWFEbjrbufxdBrF4/ZsQz5vdJiKq2IQmCIKONJOFHWqgoF4AA7Ze1cl
+mrK0eLzUlG1WmSy5mpjByRanahQWYvK1s0tc8IwMRRJY4DS6Dp99EVyteKZP/jc0
+x+ILet2ThDhjY3AxtkzlejyylABgl2AyGoGzZzbaf1q/0LfM6SfYBSVZK3TFR3Kt
+8lQnG0tztoM+bnM/JZ8UZ61s16jJVxWzlZ+rx8rCpIvh3Cnl52DGo6oA4Kt60uDP
+3iiTLGNYqEyHmzgnAgMBAAGjgcYwgcMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUdOqNqaSjcn7BRN3fLs4eTIp1W9MwgYAGA1UdIwR5MHeAFHTqjamko3J+wUTd
+3y7OHkyKdVvToVSkUjBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNV
+BAcMA1NWTDENMAsGA1UECgwEZ1JQQzEXMBUGA1UEAwwOdGVzdC1jbGllbnRfY2GC
+CQDoaF7Y4z+iXTAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggIBAOnH
+CrwiJd51oBic5PwjQBhQcUtGOfR1BJe/PACpLXTf1Fbo8bLT5GxZLATlw9+EVO9P
+JhhH+oiUuvA7dE2SRiZXpY7faqtDgvVfssyCrvACkM7pcP9A5kM4LiunX7dpY2xp
+naJAqDV5Av1mOohHuVEZHqV6xQSREQFW2IusfpCsPP+P+RPKM2o571e6oz5RGbuP
+dQ39QycBTK8ezccxaDaH614peAnBi4Q1GuxzgNmXq2FPDcf7F1QcWMrW3jUI8npi
+Q9rXRwrqUYP7Yzz+dIziGdpOfZd7x/MyCXuqRdFdA+bulGM2Es5lvtguPOFhcWp0
+3hzLJ+yolxyqxnNNdaU0r+TDbgxOBjw0VxahuhzFDeZsP6Civzp+Y6MRdvofNXBm
+IBD4uqmQtUUyE2uoznXvZkXaSc+0VIGgs04AMS9irBC2oVEGDp0AbelcIhdgToam
+/NTuOmxgadwDuEn3TIFYkzx84J81kL8g0HQ1N09nSXChkSVb+XlxC+Wosxoazydr
+M4FOvaa1V4vnmIdA2aF1nWTzJNcc9FC23zTmQkV2YJ1IKNmxGd3xBZzUtUBu5OgZ
+vPXECtUjRcraNuXeL6gSX0qBaaVkcdxhp8CpI8k6Qb+mgOaq/ixrVEKtczBVXjHD
+pO6QmwMZtqR8JsStbMCYXa2owt4k8F3yMlIKE6qX
+-----END CERTIFICATE-----

examples/data/x509/x509/client_ca_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDu306nlPvDnyjM
+FwATRfdPkWC+F2EuFC8eK6X9eDbadUheqN4rQkjN4yXx83sY9j5temi/jkJZfDg7
+b02nalUjJ3TAp1Df41Y8YjJo5EjSqcFBhuvQrEMwiqLnigQhMvwmUqKUGnulsZ+5
+qkwM4RZYd4nTSyftdlLXag8Zzw7IhtlwRE91KysiXgcTIEcj4v4OMB34R/aCfe45
+HWnFJS5KPJdtrGYjEksMDpVsbU2ObdBWx7tPLnz+HmE6gtCy989RaJ+L/uAalMiu
+wU93SEsDwZkndbkw+1m2mv0Jn1OmNfHZDZStNBlAHCloD3y3JuxB/wAM+V5KqM1U
+d8+RSwWBU8VawC8vxruRy8f7sKGFnmEVgTkpKr3YH/T0+e4pjuHzotQk0Lqv9SwH
+WsRpJu8l2s9GD8kk4k+j73C1hRG4627n8XQaxeP2bEM+b3SYiqtiEJgiCjjSThR1
+qoKBeAAO2XtXJZqytHi81JRtVpksuZqYwckWp2oUFmLytbNLXPCMDEUSWOA0ug6f
+fRFcrXimT/43NMfiC3rdk4Q4Y2NwMbZM5Xo8spQAYJdgMhqBs2c22n9av9C3zOkn
+2AUlWSt0xUdyrfJUJxtLc7aDPm5zPyWfFGetbNeoyVcVs5Wfq8fKwqSL4dwp5edg
+xqOqAOCretLgz94okyxjWKhMh5s4JwIDAQABAoICAAmMq9xPPHFpn3vpP3uFxIlN
+yoxO6veonumZ3Rzw/WBmZ+pA3gDkuXxhpFaz4SvyTDScPCvMSCLDsIvPu08CFT0+
+ipBZIAaTVBM96b3/wlmJp8wy1KKXAGikYjbXcarSGvp9OzqohGDvZO9LO5cYOIh4
+3u2vh30ayd0KxGfHu1OQ8IhocrTAcQ0CrU26cJ2iqX1vtwMB/XziA/AMmPnkrqER
+IwyjY8HrLUziGF8pT3xuL3IIshhMR3rxQ/nO2QEOnx8mC5rRKaxmXk9+MusV3Mnd
+p33IWwr2QXPnZk5ILFPsvCptPJBgENJbTdx3IglAaRmKVDowjfB2Jx9FWur4ENQy
++yCzf0ygRoXnugtwE48/L7P8mlqZlZsxQbUUjXEPtht8rtM4CR5b0v7PHXiLh1oM
+igfy1RDAQAZQRGIlWCOeV2soiyKLnCGyAaVXcM2ksDkYOSH4ObE4KwF1Ph87lNaG
+ywolsPvQD0ygymXcuStrYHWamTp8qRjNvZBcThs3SaKN+lxXxPng2tBPUwU0S6nj
+e0pjWco74elBk+fjjd0wNolKjUD7FhRXlWiXz9BgcCjRD9TLoVk8mp9cFL7OLzJc
+735JmNKP8C5Qs91Ugo6Z9tWQQTdGHZe9ElUY0fWP0bs+4iBaadl63R26tchLncZE
+LnYsi2AjDdV908cEkAiBAoIBAQD6LbGeyFHZA42nuSw/NFsMVldqU6QwmADQI3Tw
+JEdw2thS8VIX2c8aeJkVL++dNmSPcqs4NqhzgJSm9o1xNqGZovAPK/B3NmLl1kzG
+JPwSr8QwNxmKwUlbt1K48qIV0JmetOgRG/ll5ux2CxgWHzwgRwtvpbnxDa7Gf7BA
+UfH7AfZJ3iV+HlJSxr9XxNgFoNEtpP9sqbOgt10f5JJlIELCTa38iMBojAGxlzyj
+7DGYY/diQDr+6mRNnv2pY57dOnmdvN1w+p1W7saaeRCeltva/G+5n5AWMFl5qBjT
+LDktBE+okH5wapkUsZzZTByTgFXdBC2wY2qBrOexBAyS8/F3AoIBAQD0bkNBc1ya
+KYmWlCsVSUZxUGSOp9g7ZdzlB/1G523s3PltXSphsC4mACs7ZAs5OAO/bu05kurp
+dOqEAxsC05IxD2/gGoarC6QfTum9CMNoKrvtczA7Gl+6D5djum17lULY6YSBO75J
+L0FQK6nCVGfAbBRAqhiFi+9kXvNThuqjgoiCNwQYxaG8aovoAKTFdkzQjDw2tUgM
+jqCM6ifOBJIRolFq2CBom8nB+wpsI1naFLaOdg0Luz/Ds03gD9nWa6a4XIowKCml
+Tek1Q+S2hZoTgfOlKRbCcM1KyoaI9LKI/pbKmpNyyrADw/kZKevfsKnYwMpHlaTR
+NSuQ2VJKuxrRAoIBAQCBQ3bQ+eQAYyugC7dm+OBKYZpNH+ZoDUHuSUO0iKo5D3pS
+cMnf9PRjUwiVv+zoqCARVkhNhUBIXZlxI1c1teqNfXjX/fYDQqCa7L1Ca/2qkhKm
+bvHNlc0XjIM7eHJzHxMgw4xcur2D/2sSGu1ZEM56RvsLtu96M32opnUk5rJG5V6i
+EBwDLBuRFYvsB5MuZUdvdB9dv9lGIzgEsI9LnP2hc42APBBedGizn9b/Q5zkhlJd
++53/9I/a41lhWk3NNNd9vwYTyAnfzwPi8Ma7imsSnPgFSwKh1F2G1GnvQpxQPDgE
+epQ59XofDR5j0EW7mMXEqtIIn3V6hyI3fkYY795FAoIBAQCsx7x26YsN1krRzA7g
+TxmiQ8exJ2gsJIcOxqT8l98WTeVqry6kOxuD9R6aLs/YNIZBrbG2vuma+PBFPMS9
+LLzsPRNCAL4s7l+nWerTmvw2B+8rm/796Fi+dwL2lfOKJipIllj52TdbGDI874Bi
+Q7PLSxrN0u7eh9pCwvORmY8G4eCI20bkE9+OBmq7JqlSg5ss19RAf8hcR/2pXmOg
+t45hNLIEqp3OFEF8A26MnjiHdZjN/xidsFEUjwx/U/USIqqJK7Dq9ZjqprYw1rs3
+Yh1VqMiHeRIDhCU5twt+iCojuILy2G1d+XSOVNsiNIXtaz3EYBMcouUMlV8kVtpa
+xQPhAoIBAEr8U7ZaAxN2Ptgb6B8M1CVNE6q7S1VuX+T8xkciadW2aRjJ3PufFfsk
+Zo12fP9K/NeOPTIz0dQB6Gy/CKzDLb8NnJCJnCUUaO8E45C2L9r6qvIJpXWHp3vo
+neGO49y/5st7suOZkWU2B6ZGwNWH90296mfSKcUNxSRMaHCotPdVDyvOgLC24ZWR
+6teRaxB2sVZYqmoz+4+G8SOK40bHJKf1kwujbrS3OqzDzEeC/STtqYZWPW03MFkk
+MBPQvwCWMJINv4zz4YrnOaA9COc1/fTXCG5kKYyalPD8VKxi1usas1pZwIqZkuwm
+D6kBMuZ4gkKW24IYzXzOni0/BOnpOfM=
+-----END PRIVATE KEY-----

examples/data/x509/x509/client_cert.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFcTCCA1mgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV
+BAMMDnRlc3QtY2xpZW50X2NhMB4XDTIyMDMxODIxNDQ1OVoXDTMyMDMxNTIxNDQ1
+OVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAL2ec6a93OYIioefCs3KRz752E5VfJPyVuxalBMc
+7Dx84NsdwpbUyDT6fO7ePYM8IvYAsLc5coLCP1HKGGRmYm423WZf8Kn93BDl0XcN
+4bgtW9ZrekvYcXqSzygz3ifdQeZljZrqW43dkkYR2vWc+uJXs+vrRVZyUSLLbe97
+9zUbWbOfHBc1jK1vTUakl08VhllYbO0m0SYZIni0sioItVdVWTz9XE2COavLqwwL
+MIq8N7JXEdYJC49JWfdzvqZYTxOn5FSTCWen7/mcZmuLYPwUCkSu05M5T2o1ygkd
+ohA+/X9yjToPJ7NO509lKHWo7+sp9if6jZsiOU45/t84pD6juVZSZ20/A9i6hjtj
+C0SqYk2iQEtRp+lT6yYa5ffeNllFUGtM+xq2are2n93PnXwMTUlYGuTtkyRPG717
+ZtQjKQuwfdJNoNbJl2cfQpmtLdm4Jzrg5cWiiFro+aqnZxIfUEEDkIBaUjYmwMkS
+Qq+S32L4f4u7rtbnzdo/jVwq0wpSjTGQJEab+v2wZpDhVbQblTyI30A+TvBIzLil
+09OX49/teZCp05kOJy0V/yXdQtPwlQGXdsCUmD6dnGav17fB1witXDdG+4SNoyF/
+PN+8wtlMQ8fWvLdxLsd/Rq6CEZQV9mBhrQxXUmFFDhd0O6wfxR/lVFxIWg70Fz7P
++z7tAgMBAAGjVzBVMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFG0psrHrGny8ziVm
+RtulG3f9ROrhMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
+AjANBgkqhkiG9w0BAQsFAAOCAgEAtr1dzSQswIOlEGlLtoAwkL7ys/gP2fcdh7Jl
+ggiPs266yzZFyGGdd2GKo6tcjdBNjfnO8T5h8eLzj7QlzKPqA/l0BgAW7s7WX9QF
+wCivw1DHE815ujlQNo3yve38pd2/I0hdf9GtQLGyOirYpwW5YcHvpmLezrW6J3UU
+CWIfYhqO6bSs+HCLkvQdsCG1TpveWYXfC9aXHjw+ZGOjBMEt6AgdWctwzTjQfZub
+VjZosBC3ZkDjkA9LTqKP5f8XSWt89J4JCYkiFRiJuYYiNYcZpb0Ug93XjEHIHXMG
+N/cD9fCB2HovoVu8YnezpSrqEhqEikHSq80fwbf+NaT0CEbPMx3UMzt8d8gwUiwE
+nzzf/o4uOwoofNWfka0J1VPY1AtjUDvz44LyVhp4uvkEJEK1WQ46mM68H/EOUmpd
+fHANEbV8HLq2iOjR78n5+MCHRcX7duScp5wT0ajfDg41VrhvV/u7YctFj8ynQJg5
+cqbH+GgTrEfAFFm5mZH1SGqNPyxr1eQFWXMRGE7R/NoyQo2uqrSRmz6JFXlnWtxF
+YmLhnOdQaytcpiYN2YVyC/rLK3l3Tbh4u5axvlZP/hi+nQluiZzkH97iUqXcBU/9
+jYNohnJzXMHTIZM8FQY+9uGw9ErdDo7FmX5Xkp4TzEz9k10m1fnt0njSEzITtqpg
+MoO9n00=
+-----END CERTIFICATE-----

examples/data/x509/x509/client_key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAvZ5zpr3c5giKh58KzcpHPvnYTlV8k/JW7FqUExzsPHzg2x3C
+ltTINPp87t49gzwi9gCwtzlygsI/UcoYZGZibjbdZl/wqf3cEOXRdw3huC1b1mt6
+S9hxepLPKDPeJ91B5mWNmupbjd2SRhHa9Zz64lez6+tFVnJRIstt73v3NRtZs58c
+FzWMrW9NRqSXTxWGWVhs7SbRJhkieLSyKgi1V1VZPP1cTYI5q8urDAswirw3slcR
+1gkLj0lZ93O+plhPE6fkVJMJZ6fv+Zxma4tg/BQKRK7TkzlPajXKCR2iED79f3KN
+Og8ns07nT2Uodajv6yn2J/qNmyI5Tjn+3zikPqO5VlJnbT8D2LqGO2MLRKpiTaJA
+S1Gn6VPrJhrl9942WUVQa0z7GrZqt7af3c+dfAxNSVga5O2TJE8bvXtm1CMpC7B9
+0k2g1smXZx9Cma0t2bgnOuDlxaKIWuj5qqdnEh9QQQOQgFpSNibAyRJCr5LfYvh/
+i7uu1ufN2j+NXCrTClKNMZAkRpv6/bBmkOFVtBuVPIjfQD5O8EjMuKXT05fj3+15
+kKnTmQ4nLRX/Jd1C0/CVAZd2wJSYPp2cZq/Xt8HXCK1cN0b7hI2jIX8837zC2UxD
+x9a8t3Eux39GroIRlBX2YGGtDFdSYUUOF3Q7rB/FH+VUXEhaDvQXPs/7Pu0CAwEA
+AQKCAgAtlwQ9adbLo/ASrYV+dwzsMkv0gY9DTvfhOeHyOnj+DhRN+njHpP9B5ZvW
+Hq7xd6r8NKxIUVKb57Irqwh0Uz2FPEG9FIIbjQK1OVxEYJ0NmDJFem/b/n1CODwA
+cYAPW541k+MZBRHgKQ67NB3OAeE8PFPw/A8euruRPxH+i3KjXSETE8VAO0rIhEMz
+Ie2TQRydLKp71mJg45grJ17Sxmc7STT8efoQVKgjCwPkEGiqYpiNk2uhZ2lVGRC9
+cyG6gu74TdyTDQss1e7Xt+fUIZ2+3d6eJt6NvjC+25Ho4SwO9eYjF1qnQ++KqATr
+TOoOaADPLLaXZCFZ1D+s9Dq4Vrj+QGk8Fajotj4gBpUtc0JxtvYM9EhlW7DpchYm
+Cxe8vmEi/54YErXKawTUXYBB8IeDzwtvi3v3ktmH8BsGJ6Y3RXDI9KIG/6IE5Xeu
+hkPCJnB0e3G2nlaffNSrVknxF+z74DB3T2kj0zC/4H4/hHo4W5D/pswcGWlhREWG
+E7ViXJjBRkc5tpS9HfNdZ2wHiccioDIdGSHGqGMF4rLCUE2n+zc4m6pvvNCjN5KB
+S4+zps50Gqtbp3DH2h1YLtkzuzvDhgpMPyJ1qZsdgelRSi2IaE5oekuBGP2WeXFw
+DLI/cijc13cCacH+kpllQL//zBP8mMGmussWGgrVXdm9ZqD+rQKCAQEA6OG+s8sa
+QZJ8W1nukcaS5rSvJBeZO6neCd6EB4oew5UGJsSz+x4RtJ7aJhdTGtyCXqiR2uFw
+SBYdTcOgNbBUXg39vWAv+k2lmxiMGuLnAcNcGYyDLXr1SUJwe4Be984WNFdqzY0z
+LCd9NvutWWX0Xd1VBdhlDuu3eBenzPBKIxTk3N2gLvzYxC/62e29Trsm7Sur11ut
+Jay/CRdomjaqIiZ8q8qgdSU+pPe2DZYzUOutySJhLUegrrgWvPS/i8FHf7AGRgki
+wpFn3gy5zCsFzr6n/TzJ5zQvlz+PcbUHHb06U1cnT45fkFNAJJvBYa4vi/tRx92E
+Bi8d4bn40fUo3wKCAQEA0HFDHzhRxN/RbzBkymGlgfrsKcBdaAzgClo5uAXr8sdi
+efsgBFo228I5lK6ywfzOfD/UxGB6ucdkZb/tRLtoK0OqOGiNx2Q1yazRVbuhrBrR
+Y7DDbh7164o/MAYqPGxTMUxzXia7WBtNm00Tv9pDsw+NTzbrk7OxkLZWbjQEj99T
+A9pcqXYA1RJtD/6io/43/oVscWPdRrbrNrJz+27Bsau20MBheVmX5sLTO2iWKTN4
+/ofrvOv0ru0I3ACHiLIaQFXs4snQjlhJm5MJ6kuZVdYKAzyNE+YOPnAxoiQAlHau
+E1aV8ON7jmjhwxa2QICCwVcUNmwXU4UztGyGZ5a1swKCAQAi90Ia3LPkhIoHbUlU
+uev0l8x0LtbjDm44LSDFwQc9dnKl/4LGgY1HAVLfxUDFF7a7X7QGmTKyoB9mPakg
+ZolEVfVzKa4Kdv4We2kN4GOu8BYz/9TyTzPk/ATHhk68BkVvNnDizACS8JrsVn2A
+nr5CGalaZ1NFGj9B2MtpCesXuVtjjiMu6ufhDRMtBXUXDSKbGaODglBNB9LnGoyq
+GusQlZbCdHoDHMR7IHZFM/ggfkJpoK/WjJqjoSBI3raj1TFXCqbmfRiq/goKXP7I
+mO0WTaoLa8Uk4cEDhJeVCwk2feL0AHH2j/npQZav6HLwp6ab7fApgikAhLKH4dRq
+MdUhAoIBAQC7svJVf7qqRT3sGTD5yXpnlJPreOzj0IxC5kKJgtOYuJDl9Qw8vxwd
+QkXlrHcOFl++JSCsgZCiEHpI4c6AER5Zr0HuL8BUJ9oDtJqA0EhimXeqhLdHR5v9
+sWz7CuInrQgxIX3V75zOVy/IRF0fayWBbeS6y2LRi4O/I2KrNC5TfC/eDVlZxAg1
+1rTdLVg5wqebi3w+k0Xj8r3WcFXeuTq0ikNCsapUwyf1RcU+/wwRJ+exlKXkZrnc
+d1h9/AAQSQk4m+eHxWIHfFs0O/E2yULXt7kmdvU3UPfMo+0d67uV9VUF1veIhuBx
+OeLqcV5GsTKNdaOe6jELJayMsRlK2LzfAoIBAEoWFSUdf3ruvj+ONju0TDtdvvTb
++i+3ttqMK/duYM2TlD3Lvqyx3kNxlMTAArfvnwtKVSw0ZIGSPc/5KHnxldcdALgT
+4Ub1YesUv5585thMw1EWyXAPognLhfTEVSLYKcMPoBNCv7FvAT3Mk5SZPReRkbT9
+oqDAzg7r+0+pjD9LmnIXfCxfbSV6zcBFF8/iGAmzh3CanDqVkUds1+Ia8018cfDS
+KW5PQAEnJC/BZAI7SQsxH0J9M7NYxJRN0bua5Be0N+uuYSOa+d9yecugfmvga6jf
+9nEcohJShacCSkQvIXlq5Uy/WBb6sbiTmHjjW14FG25B0rrQUjmFAUiYceI=
+-----END RSA PRIVATE KEY-----

examples/data/x509/x509/create.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Create the server CA certs.
+openssl req -x509                                     \
+  -newkey rsa:4096                                    \
+  -nodes                                              \
+  -days 3650                                          \
+  -keyout ca_key.pem                                  \
+  -out ca_cert.pem                                    \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/   \
+  -config ./openssl.cnf                               \
+  -extensions test_ca                                 \
+  -sha256
+
+# Create the client CA certs.
+openssl req -x509                                     \
+  -newkey rsa:4096                                    \
+  -nodes                                              \
+  -days 3650                                          \
+  -keyout client_ca_key.pem                           \
+  -out client_ca_cert.pem                             \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/   \
+  -config ./openssl.cnf                               \
+  -extensions test_ca                                 \
+  -sha256
+
+# Generate a server cert.
+openssl genrsa -out server_key.pem 4096
+openssl req -new                                    \
+  -key server_key.pem                               \
+  -days 3650                                        \
+  -out server_csr.pem                               \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/   \
+  -config ./openssl.cnf                             \
+  -reqexts test_server
+openssl x509 -req           \
+  -in server_csr.pem        \
+  -CAkey ca_key.pem         \
+  -CA ca_cert.pem           \
+  -days 3650                \
+  -set_serial 1000          \
+  -out server_cert.pem      \
+  -extfile ./openssl.cnf    \
+  -extensions test_server   \
+  -sha256
+openssl verify -verbose -CAfile ca_cert.pem  server_cert.pem
+
+# Generate a client cert.
+openssl genrsa -out client_key.pem 4096
+openssl req -new                                    \
+  -key client_key.pem                               \
+  -days 3650                                        \
+  -out client_csr.pem                               \
+  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/   \
+  -config ./openssl.cnf                             \
+  -reqexts test_client
+openssl x509 -req           \
+  -in client_csr.pem        \
+  -CAkey client_ca_key.pem  \
+  -CA client_ca_cert.pem    \
+  -days 3650                \
+  -set_serial 1000          \
+  -out client_cert.pem      \
+  -extfile ./openssl.cnf    \
+  -extensions test_client   \
+  -sha256
+openssl verify -verbose -CAfile client_ca_cert.pem  client_cert.pem
+
+rm *_csr.pem

examples/data/x509/x509/openssl.cnf

@@ -0,0 +1,28 @@
+[req]
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+
+[req_distinguished_name]
+
+[req_attributes]
+
+[test_ca]
+basicConstraints        = critical,CA:TRUE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+keyUsage                = critical,keyCertSign
+
+[test_server]
+basicConstraints        = critical,CA:FALSE
+subjectKeyIdentifier    = hash
+keyUsage                = critical,digitalSignature,keyEncipherment,keyAgreement
+subjectAltName          = @server_alt_names
+
+[server_alt_names]
+DNS.1 = *.test.example.com
+
+[test_client]
+basicConstraints        = critical,CA:FALSE
+subjectKeyIdentifier    = hash
+keyUsage                = critical,nonRepudiation,digitalSignature,keyEncipherment
+extendedKeyUsage        = critical,clientAuth

examples/data/x509/x509/server_cert.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFeDCCA2CgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV
+BAMMDnRlc3Qtc2VydmVyX2NhMB4XDTIyMDMxODIxNDQ1OFoXDTMyMDMxNTIxNDQ1
+OFowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3Qtc2VydmVyMTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAL5GBWw+qfXyelelYL/RDA/Fk4GA8DlcBQgBOjBa
+XCVDMAJj63sN+ubKBtphWe6Y9SWLJa2mt8a/ZTQZm2R5FPSp9rwdr04UQgmL11wh
+DCmO+wkRUeTYwsqcidEHRwOxoctyO+lwgYw983T/fp83qtNS4bw+1kJwrLtFdgok
+Kd9UGIugs8BTFqE/7CxFRXTYsNy/gj0pp411Dtgknl1UefPdjco2Qon8f3Dm5iDf
+AyUM1oL8+fnRQj/r6P3XC4AOiBsF3duxiBzUp87YgmwDOaa8paKOx2UNLA/eP/aP
+Uhd7HkygqOX+tc3H8dvYONo6lhwQD1JqyG6IOOWe2uf5YXKK2TphPPRnCW4QIED4
+PuXYHjIvGYA4Kf0Wmb2hPk6bxJidNoLp9lsJyqGfk3QnT5PRJVgO0mlzo/UsZo77
+5j+yq87yLe5OL2HrZd1KTfg7SKOtMJ9N6tm2Hw2jwypKz+x2jlEZOgXHmYb5aUaI
++4xG+9fqc8x3ScoHQGNujF3qHO5SxnXkufNUSVbWbv1Ble8peiKyG6AFQvtcs7KG
+pEoFztGSlaABwSvxO8J3aJPAEok4OI5IAGJNy92XaBMLtyt270FC8JtUnL+JEubV
+t8tY5cCcGK7EtRHb47mM0K8HEq+IU2nAq6/29Ka0IZlkb5fPoWzQAZEIVKgLNHt4
+96g9AgMBAAGjXjBcMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNx36JXsCIzVWCOw
+1ETtaxlN79XrMA4GA1UdDwEB/wQEAwIDqDAdBgNVHREEFjAUghIqLnRlc3QuZXhh
+bXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAAEEZln7lsS/HIysNPJktc0Gdu3n
+X1BcA3wXh95YTugcxSSeLLx2SykXnwX+cJncc1OKbboO9DA5mZ+huCesGIOKeUkg
+azQZL6FAdw9PQKdqKg3RgSQ4XhK990fPcmmBhSXY24jNNhRHxGw5lGBrD6X2SdW3
+m66yYzn9hMXL4yrweGO7OC4bdyISDrJiP+St/xeCoIcXP2s07dE6jl2VorJCWn4J
+SxKfDhPPohZKl6dL9npkmPcpz2zRAYpo4tsVdAAQDBRui44Vvm1eBPUo7EH2UOEh
+/3JtTeDUpldM8fDaKE0kTa1Ttxzs2e0Jm3M4/FMOxqSesyJldw54F4+4m24e/iQU
+gceArYMFVFTipgrLfUuRvRxx/7D7V92pqTyuD3T78+KdTqrlxvCTOqSHhFE05jWD
+RdynS6Ev/1QZLlnWgMwhQAnjhc1NKkso+namF1ZmHH9owiTRBlWDMNcHMDReaELd
+QmFUvutHUpjidt1z+G6lzbP0XB5w+0vW4BsT0FqaYsFbK5ftryj1/K0VctrSd/ke
+GI0vxrErAyLG2B8bdK88u2w7DCuXjAOp+CeA7HUmk93TsPEAhrxQ6lR51IC6LcK0
+gACSdnQDPGtkoRX00DTvdcOpzmkSgaGr/mXTqp2lR9IuZIhwKbhS3lDKsAZ/hinB
+yaBwLiXfcvZrZOwy
+-----END CERTIFICATE-----

examples/data/x509/x509/server_key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAvkYFbD6p9fJ6V6Vgv9EMD8WTgYDwOVwFCAE6MFpcJUMwAmPr
+ew365soG2mFZ7pj1JYslraa3xr9lNBmbZHkU9Kn2vB2vThRCCYvXXCEMKY77CRFR
+5NjCypyJ0QdHA7Ghy3I76XCBjD3zdP9+nzeq01LhvD7WQnCsu0V2CiQp31QYi6Cz
+wFMWoT/sLEVFdNiw3L+CPSmnjXUO2CSeXVR5892NyjZCifx/cObmIN8DJQzWgvz5
++dFCP+vo/dcLgA6IGwXd27GIHNSnztiCbAM5pryloo7HZQ0sD94/9o9SF3seTKCo
+5f61zcfx29g42jqWHBAPUmrIbog45Z7a5/lhcorZOmE89GcJbhAgQPg+5dgeMi8Z
+gDgp/RaZvaE+TpvEmJ02gun2WwnKoZ+TdCdPk9ElWA7SaXOj9SxmjvvmP7KrzvIt
+7k4vYetl3UpN+DtIo60wn03q2bYfDaPDKkrP7HaOURk6BceZhvlpRoj7jEb71+pz
+zHdJygdAY26MXeoc7lLGdeS581RJVtZu/UGV7yl6IrIboAVC+1yzsoakSgXO0ZKV
+oAHBK/E7wndok8ASiTg4jkgAYk3L3ZdoEwu3K3bvQULwm1Scv4kS5tW3y1jlwJwY
+rsS1EdvjuYzQrwcSr4hTacCrr/b0prQhmWRvl8+hbNABkQhUqAs0e3j3qD0CAwEA
+AQKCAgBnR3CoGbd9hZl8u4qxc5IdeXwgflFmgRlGCAyCtHlxzG9hzMTD7Ymz/hMM
+NG1xQltGfqn8AROd8MPJLOEY/1QtnZgM8fv24K4bqmlCW7nTUQXYHSubkUDiY2e3
+K0ETszaETMRSaLwY2IOujQQ4/ilePY3D9UOtmqVXnVN+G7USwP31xEvtZ+xPqHfU
+a+FQlFIj8FuMQXDuKozdK7s+I51yjl7pVNx3M7QlH1/olcSKNta1EQXK4RgZxD6a
+kkBuyPR93ohXOJ0OMSvI7eKVKIcBh0JM4z0+D5FMJ7IGbjL8Bdsjcs1a0g/y28Xf
+NBVf9w8Fun3mmYmj3ZMsqDZgVg/bAfP2z7O9kMzbuqmjelOz8HXxTm/+GIHuseMx
+b/nDZgB0ZN+FhATv/onshJcjr2L3SJYzEWqjYiqaCQo5qtib+/kxh6SHPhAY2o8l
+zzMhKFsJMhmwW91FXqeDS9FTlcRXtYH1EJxNGa01GpyVa6plvvFTGBNkEUJnVuEp
+ULohJw0NJQYQOz5omYaQVJ49lpzVhwLEolgSlIBiM3s9nSDvVBYu+bB1ovw5OTIJ
+Wlc9cBrYmdxYdAj5n6JzIC1wixgxrFw1jBm8cL/2FQYtR7daZabTMyZj5vAUqjxr
+OV+uvkSFcIyBs1ty9TnnKC3yd5Ma+5chR5u7JPc1lSSor6AwQQKCAQEA4d5XrCq5
+EikGII/unhkVZsh9xmILp/4PRKc+fV7TFEpGyn8HFCBToZk6nXv99roUBdeZFobw
+gDuZqBa4ougm2zgBbhdQXGaW4yZdChJlSs9yY7OAVvnG9gjuHGmWsLhvmhaeXSr2
+auxVGRaltr3r8hP9eHhloDM6qdSSAQpsdeTBQD8Ep3//aL/BLqGcF0gLrZLPwo0+
+cku8jQoVXSSOW1+YSaXRGxueuIR8lldU4I3yp2DO++DGLsOZoGFT/+ZXc2B4nE1h
+o1hCWt6RKw0q2rCkZ+i6SiPGsVgb9xn6W8wHFIPA/0sOwOdtbKqKd0xwn5DnX+vt
+d8shlRRUDF7HDQKCAQEA16gR/2n59HZiQQhHU9BCvGFi4nxlsuij+nqDx9fUerDU
+fK79NaOuraWNkCqz+2lqfu5o3e3XNFHlVsj98SyfmTdMZ8Fj19awqN20nCOmfRkk
+/MDuEzRzvNlOYBa0PpMkKJn2sahEiXGNVI4g3cGip1c5wJ1HL3jF61io4F/auBLP
+grLtw8CoTqc6VpJUvsWFjopTmNdAze8WMf3vK6AKu7PKkXH7mFQZusacpO/E61Ud
+euiG9BYDIIkrnWIQdLpODgliLZzPNcJDTKTFJAfIzr3WQvUaFc1+tHyX3XhpicvP
+J4zyNfHd2dZMK1csXQJvFSnPgXpy531Wca0riAYZ8QKCAQEAhaVEBxE4dLBlebrw
+nAeHjEuxcELvVrWTXzH+XbxP9T+F56eGDriaA5JhBnIpcWXlFxfc82FgyN97KeRX
+17y50Riwb+3HlQT23u0CPEVqPfvFWY0KsWwV99qM2a74hRR8pJYhmksjh1zTdYbb
+AugZxiFh53iF2Wa2nWq0AX2jc5apalRfcqTgAaEEs4zYiUYN8uRdnmZovsRliqae
+wYAx44sK1vkQY5PSNKff+C0wgbY8ECHOF2eGnIEMU8ODKnWm5RP+Ca4Xyckdahsr
+lmeyJbhDb2BbaicFGEZkNa/fXZW50r+q4OQOlMHbE2NNjw1hzmi1HyLAXhOJiWZ/
+3NnvuQKCAQEAg04a/zeocBcwhcYjn717FLX6/kmdpkwNo3G7EQ+xmK5YAj6Nf35U
+2fel9PR7N4WcyQIiKZYp5PpEOA4SyChSWHiZ9caDIyTd1UOAN11hfmOz6I0Tp+/U
+1FQ/azQHtN3kMzBjSxJYAJN56NTM4BiJD3iFemiIsjfH0h7eXBcg1djmLf8B06FX
+GOSrGZDpNmqPghVpBvNwyrJbAj9Jw3cjcdvrZ5lOBhaWv+kz8Rzn+h2N4Ir5uF46
+szGxs5bEzD2vTs6Zz4ndhC7uyRi9y81Nj8t4TLZtln7TOdNup/Mr1zGXxM4Fn6DP
+YlYfdHgUU+Eqf2lApeZHVfkzi+1TRvPoEQKCAQAELU/d33TNwQ/Ylo2VhwAscY3s
+hv31O4tpu5koHHjOo3RDPzjuEfwy006u8NVAoj97LrU2n+XTIlnXf14TKuKWQ+8q
+ajIVNj+ZAbD3djCmYXbIEL+u6aL4K1ENdjo6DNTGgPMfISE79WrmGBIKtB//uMqy
+fGTUSPeo+R5WmTGN29YxAnRE/jtwOgAcicACTc0e9nghHj3c2raI0IazY5XFP0/h
+LszTNUQzWx6DjWsbB+Ymuhu4fHZTYftCrIMpjmjC9pkNggeJnkxylQz/pwO73uWg
+ycDgJhRyaVhM8sJXiBk+OC/ySP2Lxo60aPa514LEYJKQxUCukCTXth/6p0Qo
+-----END RSA PRIVATE KEY-----

examples/encryption/README.md

@@ -0,0 +1,48 @@
+# Encryption
+
+This directory contains two related examples: one for TLS and one for mTLS.
+
+## Try it
+
+In each example's subdirectory:
+
+```
+node server.js
+```
+
+```
+node client.js
+```
+
+## Explanation
+
+### TLS
+
+TLS is a commonly used cryptographic protocol to provide end-to-end communication security. In the example, we show how to set up a server authenticated TLS connection to transmit RPC.
+
+The function [`grpc.credentials.createSsl`](https://grpc.github.io/grpc/node/grpc.credentials.html#.createSsl__anchor) can be used to create client TLS credentials, and the function [`grpc.ServerCredentials.createSsl`](https://grpc.github.io/grpc/node/grpc.ServerCredentials.html#.createSsl__anchor) can be used to create server TLS credentials.
+
+This example uses public/private keys created in advance (found in `examples/data/x509`):
+
+ - `server_cert.pem` contains the server certificate (public key).
+ - `server_key.pem` contains the server private key.
+ - `ca_cert.pem` contains the certificate (certificate authority) that can verify the server's certificate.
+
+The server credentials can be passed to the `Server#bindAsync` method, and the client credentials can be passed to the `Client` constructor.
+
+### mTLS
+
+In mutual TLS (mTLS), the client and the server authenticate each other. gRPC allows users to configure mutual TLS at the connection level.
+
+This example uses public/private keys created in advance (found in `examples/data/x509`):
+
+ - `server_cert.pem` contains the server's certificate (public key).
+ - `server_key.pem` contains the server's private key.
+ - `ca_cert.pem` contains the certificate of the certificate authority that can verify the server's certificate.
+ - `client_cert.pem` contains the client's certificate (public key).
+ - `client_key.pem` contains the client's private key.
+ - `client_ca_cert.pem` contains the certificate of the certificate authority that can verify the client's certificate.
+
+In normal TLS, the server is only concerned with presenting the server certificate for clients to verify. In mutual TLS, the server also loads in a list of trusted CA files for verifying the client's presented certificates. This is done by passing the CA file as the first argument to `grpc.ServerCredentials.createSsl`, and by setting the last argument `checkClientCertificate` to `true`.
+
+In normal TLS, the client is only concerned with authenticating the server by using one or more trusted CA file. In mutual TLS, the client also presents its client certificate to the server for authentication. This is done by passing the key and cert files as the second and third arguments to `grpc.credentials.createSsl`.

examples/encryption/TLS/client.js

@@ -0,0 +1,64 @@
+/*
+ *
+ * Copyright 2025 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const grpc = require('@grpc/grpc-js');
+const protoLoader = require('@grpc/proto-loader');
+const parseArgs = require('minimist');
+const fs = require('fs');
+
+const PROTO_PATH = __dirname + '/../../protos/echo.proto';
+
+const packageDefinition = protoLoader.loadSync(
+  PROTO_PATH,
+  {keepCase: true,
+   longs: String,
+   enums: String,
+   defaults: true,
+   oneofs: true
+  });
+const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo;
+
+const DATA_DIR = `${__dirname}/../../data/x509`;
+
+function callUnaryEcho(client, message) {
+  return new Promise((resolve, reject) => {
+    const deadline = new Date();
+    deadline.setSeconds(deadline.getSeconds() + 10);
+    client.unaryEcho({message: message}, {deadline}, (error, value) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      console.log(`UnaryEcho: ${JSON.stringify(value)}`);
+      resolve();
+    });
+  });
+}
+
+async function main() {
+  let argv = parseArgs(process.argv.slice(2), {
+    string: 'target',
+    default: {target: 'localhost:50051'}
+  });
+  const caFile = fs.readFileSync(`${DATA_DIR}/ca_cert.pem`);
+  const credentials = grpc.credentials.createSsl(caFile)
+  const client = new echoProto.Echo(argv.target, credentials, {'grpc.ssl_target_name_override': 'x.test.example.com'});
+  await callUnaryEcho(client, 'hello world');
+}
+
+main()

examples/encryption/TLS/server.js

@@ -0,0 +1,61 @@
+/*
+ *
+ * Copyright 2025 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const grpc = require('@grpc/grpc-js');
+const protoLoader = require('@grpc/proto-loader');
+const parseArgs = require('minimist');
+const fs = require('fs');
+
+const PROTO_PATH = __dirname + '/../../protos/echo.proto';
+
+const packageDefinition = protoLoader.loadSync(
+  PROTO_PATH,
+  {keepCase: true,
+   longs: String,
+   enums: String,
+   defaults: true,
+   oneofs: true
+  });
+const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo;
+
+const DATA_DIR = `${__dirname}/../../data/x509`;
+
+function unaryEcho(call, callback) {
+  console.log(`unary echoing message ${call.request.message}`);
+  callback(null, call.request);
+}
+
+function main() {
+  const argv = parseArgs(process.argv.slice(2), {
+    string: 'port',
+    default: {port: '50051'}
+  });
+  const server = new grpc.Server();
+  server.addService(echoProto.Echo.service, { unaryEcho });
+  const keyFile = fs.readFileSync(`${DATA_DIR}/server_key.pem`);
+  const certFile = fs.readFileSync(`${DATA_DIR}/server_cert.pem`);
+  const credentials = grpc.ServerCredentials.createSsl(null, [{ private_key: keyFile, cert_chain: certFile }]);
+  server.bindAsync(`0.0.0.0:${argv.port}`, credentials, (err, port) => {
+    if (err != null) {
+      return console.error(err);
+    }
+    console.log(`gRPC listening on ${port}`)
+  });
+}
+
+main();

examples/encryption/mTLS/client.js

@@ -0,0 +1,66 @@
+/*
+ *
+ * Copyright 2025 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const grpc = require('@grpc/grpc-js');
+const protoLoader = require('@grpc/proto-loader');
+const parseArgs = require('minimist');
+const fs = require('fs');
+
+const PROTO_PATH = __dirname + '/../../protos/echo.proto';
+
+const packageDefinition = protoLoader.loadSync(
+  PROTO_PATH,
+  {keepCase: true,
+   longs: String,
+   enums: String,
+   defaults: true,
+   oneofs: true
+  });
+const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo;
+
+const DATA_DIR = `${__dirname}/../../data/x509`;
+
+function callUnaryEcho(client, message) {
+  return new Promise((resolve, reject) => {
+    const deadline = new Date();
+    deadline.setSeconds(deadline.getSeconds() + 10);
+    client.unaryEcho({message: message}, {deadline}, (error, value) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      console.log(`UnaryEcho: ${JSON.stringify(value)}`);
+      resolve();
+    });
+  });
+}
+
+async function main() {
+  let argv = parseArgs(process.argv.slice(2), {
+    string: 'target',
+    default: {target: 'localhost:50051'}
+  });
+  const caFile = fs.readFileSync(`${DATA_DIR}/ca_cert.pem`);
+  const keyFile = fs.readFileSync(`${DATA_DIR}/client_key.pem`);
+  const certFile = fs.readFileSync(`${DATA_DIR}/client_cert.pem`);
+  const credentials = grpc.credentials.createSsl(caFile, keyFile, certFile);
+  const client = new echoProto.Echo(argv.target, credentials, {'grpc.ssl_target_name_override': 'x.test.example.com'});
+  await callUnaryEcho(client, 'hello world');
+}
+
+main()

examples/encryption/mTLS/server.js

@@ -0,0 +1,62 @@
+/*
+ *
+ * Copyright 2025 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const grpc = require('@grpc/grpc-js');
+const protoLoader = require('@grpc/proto-loader');
+const parseArgs = require('minimist');
+const fs = require('fs');
+
+const PROTO_PATH = __dirname + '/../../protos/echo.proto';
+
+const packageDefinition = protoLoader.loadSync(
+  PROTO_PATH,
+  {keepCase: true,
+   longs: String,
+   enums: String,
+   defaults: true,
+   oneofs: true
+  });
+const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo;
+
+const DATA_DIR = `${__dirname}/../../data/x509`;
+
+function unaryEcho(call, callback) {
+  console.log(`unary echoing message ${call.request.message}`);
+  callback(null, call.request);
+}
+
+function main() {
+  const argv = parseArgs(process.argv.slice(2), {
+    string: 'port',
+    default: {port: '50051'}
+  });
+  const server = new grpc.Server();
+  server.addService(echoProto.Echo.service, { unaryEcho });
+  const clientCaFile = fs.readFileSync(`${DATA_DIR}/client_ca_cert.pem`);
+  const keyFile = fs.readFileSync(`${DATA_DIR}/server_key.pem`);
+  const certFile = fs.readFileSync(`${DATA_DIR}/server_cert.pem`);
+  const credentials = grpc.ServerCredentials.createSsl(clientCaFile, [{ private_key: keyFile, cert_chain: certFile }], true);
+  server.bindAsync(`0.0.0.0:${argv.port}`, credentials, (err, port) => {
+    if (err != null) {
+      return console.error(err);
+    }
+    console.log(`gRPC listening on ${port}`)
+  });
+}
+
+main();

examples/error_details/README.md

@@ -0,0 +1,54 @@
+# Error Details
+
+This example demonstrates how to send and receive rich error details in gRPC using the standard `google.rpc` error model.
+
+## Overview
+
+The example uses the `@q42philips/node-grpc-error-details` package to:
+- **Server**: Serialize error details (like `BadRequest`) into the `grpc-status-details-bin` metadata
+- **Client**: Deserialize error details from the metadata
+
+This follows the official gRPC error model specification.
+
+## Start the server
+
+Run the server, which sends a rich error if the name field is empty:
+
+```bash
+node server.js
+```
+
+## Run the client
+
+In another terminal, run the client which makes two calls:
+1. A successful call with a valid name
+2. A failing call with an empty name that receives rich error details
+
+```bash
+node client.js
+```
+
+## Expected Output
+
+The client makes two calls and displays both results:
+
+**Successful call:**
+```
+Greeting: Hello World
+```
+
+**Failed call with standard error and rich error details:**
+```
+--- Standard gRPC Error Received ---
+Code: 3
+Status: INVALID_ARGUMENT
+Message: Simple Error: The name field was empty.
+
+--- Rich Error Details---
+Violation: [
+  {
+    "field": "name",
+    "description": "Name field is required"
+  }
+]
+```

examples/error_details/client.js

@@ -0,0 +1,79 @@
+/*
+ *
+ * Copyright 2025 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+var PROTO_PATH = __dirname + '/../protos/helloworld.proto';
+
+var grpc = require('@grpc/grpc-js');
+var protoLoader = require('@grpc/proto-loader');
+var packageDefinition = protoLoader.loadSync(
+  PROTO_PATH,
+  {
+    keepCase: true,
+    longs: String,
+    enums: String,
+    defaults: true,
+    oneofs: true
+  });
+var hello_proto = grpc.loadPackageDefinition(packageDefinition).helloworld;
+
+var {deserializeGoogleGrpcStatusDetails, BadRequest} =
+  require('@q42philips/node-grpc-error-details');
+
+var client = new hello_proto.Greeter('localhost:50051', grpc.credentials.createInsecure());
+
+function main() {
+  // Successful call
+  client.sayHello({name: 'World'}, function (err, response) {
+    if (err) {
+      console.error('Successful call failed:', err.message);
+      return;
+    }
+    console.log('Greeting:', response.message);
+
+    // Failing call with empty name
+    client.sayHello({name: ''}, function (err, response) {
+      if (err) {
+        console.log('\n--- Standard gRPC Error Received ---');
+        console.log('Code:', err.code);
+        console.log('Status:', grpc.status[err.code] || 'UNKNOWN');
+        console.log('Message:', err.details);
+
+        // Deserialize rich error details
+        var grpcErrorDetails = deserializeGoogleGrpcStatusDetails(err);
+        if (grpcErrorDetails) {
+          console.log('\n--- Rich Error Details---');
+          grpcErrorDetails.details.forEach(function(detail) {
+            if (detail instanceof BadRequest) {
+              var violations = detail.getFieldViolationsList().map(function(violation) {
+                return {
+                  field: violation.getField(),
+                  description: violation.getDescription()
+                };
+              });
+              console.log('Violation:', JSON.stringify(violations, null, 2));
+            }
+          });
+        }
+      } else {
+        console.log('Expected error but got success:', response.message);
+      }
+    });
+  });
+}
+
+main();

examples/error_details/server.js

@@ -0,0 +1,86 @@
+/*
+ *
+ * Copyright 2025 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+var PROTO_PATH = __dirname + '/../protos/helloworld.proto';
+
+var grpc = require('@grpc/grpc-js');
+var protoLoader = require('@grpc/proto-loader');
+var packageDefinition = protoLoader.loadSync(
+  PROTO_PATH,
+  {
+    keepCase: true,
+    longs: String,
+    enums: String,
+    defaults: true,
+    oneofs: true
+  });
+var hello_proto = grpc.loadPackageDefinition(packageDefinition).helloworld;
+
+var {Status, BadRequest} = require('@q42philips/node-grpc-error-details');
+var {Any} = require('google-protobuf/google/protobuf/any_pb');
+
+/**
+ * Implements the SayHello RPC method.
+ */
+function sayHello(call, callback) {
+  if (call.request.name === '') {
+    // Create BadRequest detail
+    var fieldViolation = new BadRequest.FieldViolation();
+    fieldViolation.setField('name');
+    fieldViolation.setDescription('Name field is required');
+
+    var badRequest = new BadRequest();
+    badRequest.setFieldViolationsList([fieldViolation]);
+
+    // Pack into Any
+    var anyMessage = new Any();
+    anyMessage.pack(badRequest.serializeBinary(), 'google.rpc.BadRequest');
+
+    // Create Status
+    var status = new Status();
+    status.setCode(3); // INVALID_ARGUMENT
+    status.setMessage('Request argument invalid');
+    status.setDetailsList([anyMessage]);
+
+    // Attach as metadata
+    var metadata = new grpc.Metadata();
+    metadata.add('grpc-status-details-bin', Buffer.from(status.serializeBinary()));
+
+    callback({
+      code: grpc.status.INVALID_ARGUMENT,
+      details: 'Simple Error: The name field was empty.',
+      metadata: metadata
+    });
+    return;
+  }
+
+  callback(null, {message: 'Hello ' + call.request.name});
+}
+
+/**
+ * Starts an RPC server.
+ */
+function main() {
+  var server = new grpc.Server();
+  server.addService(hello_proto.Greeter.service, {sayHello: sayHello});
+  server.bindAsync('0.0.0.0:50051', grpc.ServerCredentials.createInsecure(), () => {
+    console.log('Server running at http://0.0.0.0:50051');
+  });
+}
+
+main();

examples/package.json

@@ -8,6 +8,7 @@
     "@grpc/grpc-js": "^1.10.2",
     "@grpc/grpc-js-xds": "^1.10.0",
     "@grpc/reflection": "^1.0.0",
+    "@q42philips/node-grpc-error-details": "^2.1.0",
     "lodash": "^4.6.1",
     "minimist": "^1.2.0"
   }

examples/routeguide/dynamic_codegen/route_guide_server.js

@@ -237,7 +237,6 @@ if (require.main === module) {
     fs.readFile(path.resolve(argv.db_path), function(err, data) {
       if (err) throw err;
       feature_list = JSON.parse(data);
-      routeServer.start();
     });
   });
 }

packages/grpc-js/src/channel-options.ts

@@ -36,6 +36,7 @@ export interface ChannelOptions {
   'grpc.max_send_message_length'?: number;
   'grpc.max_receive_message_length'?: number;
   'grpc.enable_http_proxy'?: number;
+  'grpc.http_proxy'?: string;
   /* http_connect_target and http_connect_creds are used for passing data
    * around internally, and should not be documented as public-facing options
    */

packages/grpc-js/src/http_proxy.ts

@@ -41,30 +41,36 @@ interface ProxyInfo {
   creds?: string;
 }
 
-function getProxyInfo(): ProxyInfo {
+function getProxyInfo(options: ChannelOptions): ProxyInfo {
-  let proxyEnv = '';
+  let proxyUrlString = '';
   let envVar = '';
-  /* Prefer using 'grpc_proxy'. Fallback on 'http_proxy' if it is not set.
+  /* Prefer using 'grpc.http_proxy' option. Fallback on 'grpc_proxy' env var if it is not set.
    * Also prefer using 'https_proxy' with fallback on 'http_proxy'. The
    * fallback behavior can be removed if there's a demand for it.
    */
-  if (process.env.grpc_proxy) {
+  if (options['grpc.http_proxy']) {
+    proxyUrlString = options['grpc.http_proxy'];
+  } else if (process.env.grpc_proxy) {
     envVar = 'grpc_proxy';
-    proxyEnv = process.env.grpc_proxy;
+    proxyUrlString = process.env.grpc_proxy;
   } else if (process.env.https_proxy) {
     envVar = 'https_proxy';
-    proxyEnv = process.env.https_proxy;
+    proxyUrlString = process.env.https_proxy;
   } else if (process.env.http_proxy) {
     envVar = 'http_proxy';
-    proxyEnv = process.env.http_proxy;
+    proxyUrlString = process.env.http_proxy;
   } else {
     return {};
   }
   let proxyUrl: URL;
   try {
-    proxyUrl = new URL(proxyEnv);
+    proxyUrl = new URL(proxyUrlString);
   } catch (e) {
+    if (envVar) {
       log(LogVerbosity.ERROR, `cannot parse value of "${envVar}" env var`);
+    } else {
+      log(LogVerbosity.ERROR, `cannot parse value of "grpc.http_proxy" channel option`);
+    }
     return {};
   }
   if (proxyUrl.protocol !== 'http:') {
@@ -97,9 +103,15 @@ function getProxyInfo(): ProxyInfo {
   if (userCred) {
     result.creds = userCred;
   }
+  if (envVar) {
     trace(
       'Proxy server ' + result.address + ' set by environment variable ' + envVar
     );
+  } else {
+    trace(
+      'Proxy server ' + result.address + ' set by channel option grpc.http_proxy'
+    );
+  }
   return result;
 }
 
@@ -190,7 +202,7 @@ export function mapProxyName(
   if (target.scheme === 'unix') {
     return noProxyResult;
   }
-  const proxyInfo = getProxyInfo();
+  const proxyInfo = getProxyInfo(options);
   if (!proxyInfo.address) {
     return noProxyResult;
   }

packages/grpc-js/src/retrying-call.ts

@@ -760,11 +760,10 @@ export class RetryingCall implements Call, DeadlineInfoProvider {
     this.maybeStartHedgingTimer();
   }
 
-  private handleChildWriteCompleted(childIndex: number) {
+  private handleChildWriteCompleted(childIndex: number, messageIndex: number) {
-    const childCall = this.underlyingCalls[childIndex];
-    const messageIndex = childCall.nextMessageToSend;
     this.getBufferEntry(messageIndex).callback?.();
     this.clearSentMessages();
+    const childCall = this.underlyingCalls[childIndex];
     childCall.nextMessageToSend += 1;
     this.sendNextChildMessage(childIndex);
   }
@@ -774,19 +773,33 @@ export class RetryingCall implements Call, DeadlineInfoProvider {
     if (childCall.state === 'COMPLETED') {
       return;
     }
-    if (this.getBufferEntry(childCall.nextMessageToSend)) {
+    const messageIndex = childCall.nextMessageToSend;
-      const bufferEntry = this.getBufferEntry(childCall.nextMessageToSend);
+    if (this.getBufferEntry(messageIndex)) {
+      const bufferEntry = this.getBufferEntry(messageIndex);
       switch (bufferEntry.entryType) {
         case 'MESSAGE':
           childCall.call.sendMessageWithContext(
             {
               callback: error => {
                 // Ignore error
-                this.handleChildWriteCompleted(childIndex);
+                this.handleChildWriteCompleted(childIndex, messageIndex);
               },
             },
             bufferEntry.message!.message
           );
+          // Optimization: if the next entry is HALF_CLOSE, send it immediately
+          // without waiting for the message callback. This is safe because the message
+          // has already been passed to the underlying transport.
+          const nextEntry = this.getBufferEntry(messageIndex + 1);
+          if (nextEntry.entryType === 'HALF_CLOSE') {
+            this.trace(
+              'Sending halfClose immediately after message to child [' +
+                childCall.call.getCallNumber() +
+                '] - optimizing for unary/final message'
+            );
+            childCall.nextMessageToSend += 1;
+            childCall.call.halfClose();
+          }
           break;
         case 'HALF_CLOSE':
           childCall.nextMessageToSend += 1;
@@ -813,7 +826,11 @@ export class RetryingCall implements Call, DeadlineInfoProvider {
     };
     this.writeBuffer.push(bufferEntry);
     if (bufferEntry.allocated) {
+      // Run this in next tick to avoid suspending the current execution context
+      // otherwise it might cause half closing the call before sending message
+      process.nextTick(() => {
         context.callback?.();
+      });
       for (const [callIndex, call] of this.underlyingCalls.entries()) {
         if (
           call.state === 'ACTIVE' &&
@@ -823,7 +840,7 @@ export class RetryingCall implements Call, DeadlineInfoProvider {
             {
               callback: error => {
                 // Ignore error
-                this.handleChildWriteCompleted(callIndex);
+                this.handleChildWriteCompleted(callIndex, messageIndex);
               },
             },
             message
@@ -843,7 +860,7 @@ export class RetryingCall implements Call, DeadlineInfoProvider {
           {
             callback: error => {
               // Ignore error
-              this.handleChildWriteCompleted(this.committedCallIndex!);
+              this.handleChildWriteCompleted(this.committedCallIndex!, messageIndex);
             },
           },
           message
@@ -868,13 +885,22 @@ export class RetryingCall implements Call, DeadlineInfoProvider {
       allocated: false,
     });
     for (const call of this.underlyingCalls) {
-      if (
+      if (call?.state === 'ACTIVE') {
-        call?.state === 'ACTIVE' &&
+        // Send halfClose to call when either:
-        call.nextMessageToSend === halfCloseIndex
+        // - nextMessageToSend === halfCloseIndex - 1: last message sent, callback pending (optimization)
-      ) {
+        // - nextMessageToSend === halfCloseIndex: all messages sent and acknowledged
+        if (call.nextMessageToSend === halfCloseIndex 
+          || call.nextMessageToSend === halfCloseIndex - 1) {
+          this.trace(
+            'Sending halfClose immediately to child [' +
+              call.call.getCallNumber() +
+              '] - all messages already sent'
+          );
           call.nextMessageToSend += 1;
           call.call.halfClose();
         }
+        // Otherwise, halfClose will be sent by sendNextChildMessage when message callbacks complete
+      }
     }
   }
   setCredentials(newCredentials: CallCredentials): void {

packages/grpc-js/src/server.ts

@@ -1609,7 +1609,7 @@ export class Server {
               if (err) {
                 this.keepaliveTrace('Ping failed with error: ' + err.message);
                 sessionClosedByServer = true;
-                session.close();
+                session.destroy();
               } else {
                 this.keepaliveTrace('Received ping response');
                 maybeStartKeepalivePingTimer();
@@ -1631,7 +1631,7 @@ export class Server {
             'Connection dropped due to ping send error: ' + pingSendError
           );
           sessionClosedByServer = true;
-          session.close();
+          session.destroy();
           return;
         }
 
@@ -1640,7 +1640,7 @@ export class Server {
           this.keepaliveTrace('Ping timeout passed without response');
           this.trace('Connection dropped by keepalive timeout');
           sessionClosedByServer = true;
-          session.close();
+          session.destroy();
         }, this.keepaliveTimeoutMs);
         keepaliveTimer.unref?.();
       };
@@ -1803,7 +1803,7 @@ export class Server {
                     duration
                 );
                 sessionClosedByServer = true;
-                session.close();
+                session.destroy();
               } else {
                 this.keepaliveTrace('Received ping response');
                 maybeStartKeepalivePingTimer();
@@ -1826,7 +1826,7 @@ export class Server {
             'Connection dropped due to ping send error: ' + pingSendError
           );
           sessionClosedByServer = true;
-          session.close();
+          session.destroy();
           return;
         }
 
@@ -1840,7 +1840,7 @@ export class Server {
             'Connection dropped by keepalive timeout from ' + clientAddress
           );
           sessionClosedByServer = true;
-          session.close();
+          session.destroy();
         }, this.keepaliveTimeoutMs);
         keepaliveTimeout.unref?.();
       };

packages/grpc-js/test/test-end-to-end.ts

@@ -18,7 +18,7 @@
 import * as assert from 'assert';
 import * as path from 'path';
 import { loadProtoFile } from './common';
-import { Metadata, Server, ServerDuplexStream, ServerUnaryCall, ServiceClientConstructor, ServiceError, experimental, sendUnaryData } from '../src';
+import { Metadata, Server, ServerCredentials, ServerDuplexStream, ServerReadableStream, ServerUnaryCall, ServiceClientConstructor, ServiceError, credentials, experimental, sendUnaryData } from '../src';
 import { ServiceClient } from '../src/make-client';
 
 const protoFile = path.join(__dirname, 'fixtures', 'echo_service.proto');
@@ -36,6 +36,15 @@ const echoServiceImplementation = {
       call.end();
     });
   },
+  echoClientStream(call: ServerReadableStream<any, any>, callback: sendUnaryData<any>) {
+    const messages: any[] = [];
+    call.on('data', (message: any) => {
+      messages.push(message);
+    });
+    call.on('end', () => {
+      callback(null, { value: messages.map(m => m.value).join(','), value2: messages.length });
+    });
+  },
 };
 
 describe('Client should successfully communicate with server', () => {
@@ -77,4 +86,20 @@ describe('Client should successfully communicate with server', () => {
       });
     });
   }).timeout(5000);
+
+  it('Client streaming with one message should work', done => {
+    server = new Server();
+    server.addService(EchoService.service, echoServiceImplementation);
+    server.bindAsync('localhost:0', ServerCredentials.createInsecure(), (error, port) => {
+      assert.ifError(error);
+      client = new EchoService(`localhost:${port}`, credentials.createInsecure());
+      const call = client.echoClientStream((error: ServiceError, response: any) => {
+        assert.ifError(error);
+        assert.deepStrictEqual(response, { value: 'test value', value2: 1 });
+        done();
+      });
+      call.write({ value: 'test value', value2: 42 });
+      call.end();
+    });
+  });
 });

packages/grpc-tools/package.json

@@ -1,6 +1,6 @@
 {
   "name": "grpc-tools",
-  "version": "1.13.0",
+  "version": "1.13.1",
   "author": "Google Inc.",
   "description": "Tools for developing with gRPC on Node.js",
   "homepage": "https://grpc.io/",
@@ -24,7 +24,7 @@
     "prepublishOnly": "git submodule update --init --recursive && node copy_well_known_protos.js"
   },
   "dependencies": {
-    "@mapbox/node-pre-gyp": "^1.0.5"
+    "@mapbox/node-pre-gyp": "^2.0.0"
   },
   "binary": {
     "module_name": "grpc_tools",