Bug#1103927: bookworm-pu: package mosquitto/2.0.11-1.2+deb12u2 2025-05-11

[Philippe Coval <rzr@users.sf.net>]

Thank for feedback,

I have rebased the changes on the debian/stable/master branch:

https://salsa.debian.org/debian-iot-team/mosquitto/-/merge_requests/31

I have also updated the debdiff with those changes:

diff --git a/debian/changelog b/debian/changelog
index c3ae680f..befb8576 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,9 @@
-mosquitto (2.0.11-1.2+deb12u2) bookworm-security; urgency=high
+mosquitto (2.0.11-1.2+deb12u2) bookworm; urgency=medium
 
   [ Philippe Coval ]
-  * debian/gbp.conf: Build for stable-sec
+  * debian/gbp.conf: Build on tag
+  * debian/gbp.conf: Use debian orig import as upstream
+  * debian/gbp.conf: Adjust path for stable
   * Rediff patches
   * d/p/series: Add patches for CVE-2024-8376
 
@@ -20,7 +22,7 @@ mosquitto (2.0.11-1.2+deb12u2) bookworm-security; urgency=high
   * debian/tests: Check ssl certs before running tests
   * d/patches: Remove generated ssl certs
 
- -- Philippe Coval <rzr@users.sf.net>  Wed, 12 Mar 2025 01:52:26 +0100
+ -- Philippe Coval <rzr@users.sf.net>  Sun, 11 May 2025 21:31:01 +0200
 
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 3d70443f..cead8ced 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch=debian/stable-sec/master
+debian-branch=debian/stable/master
 upstream-branch=master
 filter=*/.git
 upstream-tag=upstream/%(version)s

diff -Nru mosquitto-2.0.11/debian/changelog mosquitto-2.0.11/debian/changelog
--- mosquitto-2.0.11/debian/changelog	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/changelog	2025-05-11 21:31:41.000000000 +0200
@@ -1,3 +1,29 @@
+mosquitto (2.0.11-1.2+deb12u2) bookworm; urgency=medium
+
+  [ Philippe Coval ]
+  * debian/gbp.conf: Build on tag
+  * debian/gbp.conf: Use debian orig import as upstream
+  * debian/gbp.conf: Adjust path for stable
+  * Rediff patches
+  * d/p/series: Add patches for CVE-2024-8376
+
+  [ Andreas Henriksson ]
+  * d/p/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch
+    - cherry-pick upstream commit fixing regression in CVE-2024-8376 fix
+  * d/p/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch
+    - cherry-pick upstream fix for CVE-2024-3935
+  * debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch
+    - cherry-pick upstream fix for CVE-2024-10525
+
+  [ Philippe Coval ]
+  * d/patches: Further fix for CVE-2023-28366.
+  * d/patches: Fixed issue in CA cert. creation
+  * d/patches: t/Makefile: Generate test certs if not present in sources
+  * debian/tests: Check ssl certs before running tests
+  * d/patches: Remove generated ssl certs
+
+ -- Philippe Coval <rzr@users.sf.net>  Sun, 11 May 2025 21:31:41 +0200
+
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 
   * Non-maintainer upload.
diff -Nru mosquitto-2.0.11/debian/gbp.conf mosquitto-2.0.11/debian/gbp.conf
--- mosquitto-2.0.11/debian/gbp.conf	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/gbp.conf	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,5 @@
+[DEFAULT]
+debian-branch=debian/stable/master
+upstream-branch=master
+filter=*/.git
+upstream-tag=upstream/%(version)s
diff -Nru mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch
--- mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,60 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Wed, 9 Oct 2024 00:54:30 +0100
+Subject: Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
+
+Closes #3128.
+
+(cherry picked from commit b979feb92aa5b22d557b3e60cc191ba18755558e
+with ChangeLog.txt changes dropped to avoid conflict)
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ src/subs.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/src/subs.c b/src/subs.c
+index aaa5aa8..7b3337e 100644
+--- a/src/subs.c
++++ b/src/subs.c
+@@ -659,6 +659,7 @@ int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason)
+ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, int retain, struct mosquitto_msg_store **stored)
+ {
+ 	int rc = MOSQ_ERR_SUCCESS, rc2;
++	int rc_normal = MOSQ_ERR_NO_SUBSCRIBERS, rc_shared = MOSQ_ERR_NO_SUBSCRIBERS;
+ 	struct mosquitto__subhier *subhier;
+ 	char **split_topics = NULL;
+ 	char *local_topic = NULL;
+@@ -675,12 +676,24 @@ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, i
+ 
+ 	HASH_FIND(hh, db.normal_subs, split_topics[0], strlen(split_topics[0]), subhier);
+ 	if(subhier){
+-		rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored);
++		rc_normal = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored);
++		if(rc_normal > 0){
++			rc = rc_normal;
++			goto end;
++		}
+ 	}
+ 
+ 	HASH_FIND(hh, db.shared_subs, split_topics[0], strlen(split_topics[0]), subhier);
+ 	if(subhier){
+-		rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored);
++		rc_shared = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored);
++		if(rc_shared > 0){
++			rc = rc_shared;
++			goto end;
++		}
++	}
++
++	if(rc_normal == MOSQ_ERR_NO_SUBSCRIBERS && rc_shared == MOSQ_ERR_NO_SUBSCRIBERS){
++		rc = MOSQ_ERR_NO_SUBSCRIBERS;
+ 	}
+ 
+ 	if(retain){
+@@ -688,6 +701,7 @@ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, i
+ 		if(rc2) rc = rc2;
+ 	}
+ 
++end:
+ 	mosquitto__free(split_topics);
+ 	mosquitto__free(local_topic);
+ 	/* Remove our reference and free if needed. */
diff -Nru mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch
--- mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,188 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Tue, 16 Jul 2024 16:43:16 +0100
+Subject: Fix crash on bridge using remapped topic being sent a crafted
+ packet.
+
+Closes Eclipse #197.
+
+(cherry picked from commit ae7a804dadac8f2aaedb24336df8496a9680fda9,
+dropped ChangeLog.txt changes to avoid conflicts)
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+
+Fix crash on bridge using remapped topic being sent a crafted packet.
+
+Closes Eclipse #197.
+
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ src/bridge_topic.c                              |   3 +
+ test/broker/06-bridge-remap-receive-wildcard.py | 106 ++++++++++++++++++++++++
+ test/broker/Makefile                            |   1 +
+ test/broker/test.py                             |   1 +
+ 4 files changed, 111 insertions(+)
+ create mode 100755 test/broker/06-bridge-remap-receive-wildcard.py
+
+diff --git a/src/bridge_topic.c b/src/bridge_topic.c
+index dc19fda..4059116 100644
+--- a/src/bridge_topic.c
++++ b/src/bridge_topic.c
+@@ -205,6 +205,7 @@ int bridge__remap_topic_in(struct mosquitto *context, char **topic)
+ 				rc = mosquitto_topic_matches_sub(cur_topic->remote_topic, *topic, &match);
+ 				if(rc){
+ 					mosquitto__free(*topic);
++					*topic = NULL;
+ 					return rc;
+ 				}
+ 				if(match){
+@@ -214,6 +215,7 @@ int bridge__remap_topic_in(struct mosquitto *context, char **topic)
+ 							topic_temp = mosquitto__strdup((*topic)+strlen(cur_topic->remote_prefix));
+ 							if(!topic_temp){
+ 								mosquitto__free(*topic);
++								*topic = NULL;
+ 								return MOSQ_ERR_NOMEM;
+ 							}
+ 							mosquitto__free(*topic);
+@@ -227,6 +229,7 @@ int bridge__remap_topic_in(struct mosquitto *context, char **topic)
+ 						topic_temp = mosquitto__malloc(len+1);
+ 						if(!topic_temp){
+ 							mosquitto__free(*topic);
++							*topic = NULL;
+ 							return MOSQ_ERR_NOMEM;
+ 						}
+ 						snprintf(topic_temp, len, "%s%s", cur_topic->local_prefix, *topic);
+diff --git a/test/broker/06-bridge-remap-receive-wildcard.py b/test/broker/06-bridge-remap-receive-wildcard.py
+new file mode 100755
+index 0000000..a836f83
+--- /dev/null
++++ b/test/broker/06-bridge-remap-receive-wildcard.py
+@@ -0,0 +1,106 @@
++#!/usr/bin/env python3
++
++# Does a bridge resend a QoS=1 message correctly after a disconnect?
++
++from mosq_test_helper import *
++
++def write_config(filename, port1, port2):
++    with open(filename, 'w') as f:
++        f.write(f"listener {port2}\n")
++        f.write("allow_anonymous true\n")
++        f.write("connection bridge1\n")
++        f.write(f"address 127.0.0.1:{port1}\n")
++        f.write("keepalive_interval 60\n")
++        f.write("topic room1/# both 2 sensor/ myhouse/\n")
++        f.write("topic tst/ba both 2\n")
++        f.write("topic # both 2\n")
++        f.write("keepalive_interval 600\n")
++        f.write("remote_clientid mosquitto\n")
++        f.write("bridge_protocol_version mqttv50\n")
++        f.write("notifications false\n")
++
++def do_test(proto_ver):
++    (port1, port2) = mosq_test.get_port(2)
++    conf_file = os.path.basename(__file__).replace('.py', '.conf')
++    write_config(conf_file, port1, port2)
++
++    rc = 1
++    keepalive = 600
++    client_id = "mosquitto"
++    connect_packet = mosq_test.gen_connect(client_id, keepalive=keepalive, clean_session=False, proto_ver=proto_ver)
++    connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
++
++    if proto_ver == 5:
++        opts = mqtt5_opts.MQTT_SUB_OPT_NO_LOCAL | mqtt5_opts.MQTT_SUB_OPT_RETAIN_AS_PUBLISHED
++    else:
++        opts = 0
++
++    mid = 1
++    subscribe_packet = mosq_test.gen_subscribe(mid, "myhouse/room1/#", 2 | opts, proto_ver=proto_ver)
++    suback_packet = mosq_test.gen_suback(mid, 2, proto_ver=proto_ver)
++
++    mid = 2
++    subscribe_packet2 = mosq_test.gen_subscribe(mid, "tst/ba", 2 | opts, proto_ver=proto_ver)
++    suback_packet2= mosq_test.gen_suback(mid, 2, proto_ver=proto_ver)
++
++    mid = 3
++    subscribe_packet3 = mosq_test.gen_subscribe(mid, "#", 2 | opts, proto_ver=proto_ver)
++    suback_packet3 = mosq_test.gen_suback(mid, 2, proto_ver=proto_ver)
++
++    ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
++    ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
++    ssock.settimeout(40)
++    ssock.bind(('', port1))
++    ssock.listen(5)
++
++    broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
++
++    try:
++        (bridge, address) = ssock.accept()
++        bridge.settimeout(20)
++
++        mosq_test.expect_packet(bridge, "connect", connect_packet)
++        bridge.send(connack_packet)
++
++        mosq_test.expect_packet(bridge, "subscribe1", subscribe_packet)
++        bridge.send(suback_packet)
++
++        mosq_test.expect_packet(bridge, "subscribe2", subscribe_packet2)
++        bridge.send(suback_packet2)
++
++        mosq_test.expect_packet(bridge, "subscribe3", subscribe_packet3)
++        bridge.send(suback_packet3)
++
++        try:
++            bridge.send(bytes.fromhex("320c00062b2b2b2b2b2b00040033"))
++            #bridge.send(bytes.fromhex("320c00062b2b2b2b2b2b00040033"))
++            #bridge.send(bytes.fromhex("320c00062b2b2b2b2b2b00040033"))
++            mosq_test.do_ping(bridge)
++        except ConnectionResetError:
++            #expected behaviour
++            rc = 0
++
++        bridge.close()
++    except mosq_test.TestError:
++        pass
++    except Exception as e:
++        print(e)
++    finally:
++        os.remove(conf_file)
++        try:
++            bridge.close()
++        except NameError:
++            pass
++
++        broker.terminate()
++        broker.wait()
++        (stdo, stde) = broker.communicate()
++        ssock.close()
++        if rc:
++            print(stde.decode('utf-8'))
++            exit(rc)
++
++
++do_test(proto_ver=5)
++
++exit(0)
+diff --git a/test/broker/Makefile b/test/broker/Makefile
+index 841e148..22bed0e 100644
+--- a/test/broker/Makefile
++++ b/test/broker/Makefile
+@@ -137,6 +137,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
+ 	./06-bridge-outgoing-retain.py
+ 	./06-bridge-per-listener-settings.py
+ 	./06-bridge-reconnect-local-out.py
++	./06-bridge-remap-receive-wildcard.py
+ 
+ 07 :
+ 	#./07-will-delay-invalid-573191.py
+diff --git a/test/broker/test.py b/test/broker/test.py
+index 622083b..a2b806e 100755
+--- a/test/broker/test.py
++++ b/test/broker/test.py
+@@ -117,6 +117,7 @@ tests = [
+     (2, './06-bridge-outgoing-retain.py'),
+     (3, './06-bridge-per-listener-settings.py'),
+     (2, './06-bridge-reconnect-local-out.py'),
++    (2, './06-bridge-remap-receive-wildcard.py'),
+ 
+     (1, './07-will-delay-invalid-573191.py'),
+     (1, './07-will-delay-reconnect.py'),
diff -Nru mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch
--- mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,25 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Wed, 17 Jul 2024 13:38:34 +0100
+Subject: Don't allow SUBACK with missing reason codes.
+
+Closes Eclipse #190
+
+(cherry picked from commit 8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c,
+with changes to ChangeLog.txt dropped to avoid conflicts)
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ lib/handle_suback.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/handle_suback.c b/lib/handle_suback.c
+index 770558b..05c163a 100644
+--- a/lib/handle_suback.c
++++ b/lib/handle_suback.c
+@@ -66,6 +66,7 @@ int handle__suback(struct mosquitto *mosq)
+ 	}
+ 
+ 	qos_count = (int)(mosq->in_packet.remaining_length - mosq->in_packet.pos);
++	if(qos_count == 0) return MOSQ_ERR_PROTOCOL;
+ 	granted_qos = mosquitto__malloc((size_t)qos_count*sizeof(int));
+ 	if(!granted_qos){
+ #ifdef WITH_BROKER
diff -Nru mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch
--- mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0018-Further-fix-for-CVE-2023-28366.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,23 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Thu, 27 Feb 2025 16:31:00 +0000
+Subject: Further fix for CVE-2023-28366.
+
+(cherry picked from commit 664ca4eb16c81f37f4a50f15ec33404bf2edd2e6)
+Last-Update: 2025-03-10
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ lib/packet_mosq.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/packet_mosq.c b/lib/packet_mosq.c
+index beb14e2..c7e6fff 100644
+--- a/lib/packet_mosq.c
++++ b/lib/packet_mosq.c
+@@ -155,6 +155,7 @@ int packet__queue(struct mosquitto *mosq, struct mosquitto__packet *packet)
+ 
+ #ifdef WITH_BROKER
+ 	if(db.config->max_queued_messages > 0 && mosq->out_packet_count >= db.config->max_queued_messages){
++		packet__cleanup(packet);
+ 		mosquitto__free(packet);
+ 		if(mosq->is_dropping == false){
+ 			mosq->is_dropping = true;
diff -Nru mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch
--- mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0019-Fixed-issue-in-CA-cert.-creation.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,31 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 15 Jan 2025 06:58:57 +0100
+Subject: Fixed issue in CA cert. creation
+
+(cherry picked from commit 59c9d132258f0a09bc02416da16958ebd4555ae6)
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ test/ssl/openssl.cnf | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/test/ssl/openssl.cnf b/test/ssl/openssl.cnf
+index 0612f44..cbbb701 100644
+--- a/test/ssl/openssl.cnf
++++ b/test/ssl/openssl.cnf
+@@ -291,14 +291,12 @@ authorityKeyIdentifier=keyid:always,issuer
+ 
+ # This is what PKIX recommends but some broken software chokes on critical
+ # extensions.
+-#basicConstraints = critical,CA:true
+-# So we do this instead.
+-basicConstraints = CA:true
++basicConstraints = critical,CA:true
+ 
+ # Key usage: this is typical for a CA certificate. However since it will
+ # prevent it being used as an test self-signed certificate it is best
+ # left out by default.
+-# keyUsage = cRLSign, keyCertSign
++keyUsage = cRLSign, keyCertSign
+ 
+ # Some might want this also
+ # nsCertType = sslCA, emailCA
diff -Nru mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch
--- mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,55 @@
+From: Philippe Coval <rzr@users.sf.net>
+Date: Tue, 11 Mar 2025 21:05:11 +0100
+Subject: t/Makefile: Generate test certs if not present in sources
+
+Since generated keys have expiration date,
+it means that the tests are not reproductible over time.
+Integrator may be tempted to not rely on upstream files
+and generate them on the fly at built time.
+
+If need files are present this rule will be skip.
+
+This change was motivated for maintenance of 2.0.11
+in Debian 12 (stable).
+
+I noticed that upstream regerated certs in master branch since,
+but still they will expire in future.
+
+Origin: https://github.com/eclipse-mosquitto/mosquitto/pull/3234
+Relate-to: https://salsa.debian.org/debian-iot-team/mosquitto/-/merge_requests/21
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ test/Makefile | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/test/Makefile b/test/Makefile
+index 54b15ee..9ee028c 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -1,17 +1,23 @@
+ include ../config.mk
+ 
+-.PHONY: all check test ptest clean
++.PHONY: all check test ptest clean ssl
+ 
+ all :
+ 
+ check : test
+ 
+-test : utest
++ssl: ssl/all-ca.crt
++
++ssl/all-ca.crt: ssl/gen.sh
++	cd "${<D}" && "${CURDIR}/${<}"
++	test -e "$@"
++
++test : utest ssl
+ 	$(MAKE) -C broker test
+ 	$(MAKE) -C lib test
+ 	$(MAKE) -C client test
+ 
+-ptest : utest
++ptest : utest ssl
+ 	$(MAKE) -C broker ptest
+ 	$(MAKE) -C lib ptest
+ 	$(MAKE) -C client test
diff -Nru mosquitto-2.0.11/debian/patches/0021-Remove-generated-ssl-certs.patch mosquitto-2.0.11/debian/patches/0021-Remove-generated-ssl-certs.patch
--- mosquitto-2.0.11/debian/patches/0021-Remove-generated-ssl-certs.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/0021-Remove-generated-ssl-certs.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,1354 @@
+From: Philippe Coval <rzr@users.sf.net>
+Date: Tue, 11 Mar 2025 20:59:48 +0100
+Subject: Remove generated ssl certs
+
+Forwarded: not-needed
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ test/ssl/all-ca.crt            | 102 -----------------------------------------
+ test/ssl/client-encrypted.crt  |  82 ---------------------------------
+ test/ssl/client-encrypted.key  |  30 ------------
+ test/ssl/client-expired.crt    |  82 ---------------------------------
+ test/ssl/client-expired.key    |  27 -----------
+ test/ssl/client-revoked.crt    |  82 ---------------------------------
+ test/ssl/client-revoked.key    |  27 -----------
+ test/ssl/client.crt            |  82 ---------------------------------
+ test/ssl/client.key            |  27 -----------
+ test/ssl/crl-empty.pem         |  12 -----
+ test/ssl/crl.pem               |  12 -----
+ test/ssl/server-expired.crt    |  82 ---------------------------------
+ test/ssl/server-expired.key    |  27 -----------
+ test/ssl/server.crt            |  82 ---------------------------------
+ test/ssl/server.key            |  27 -----------
+ test/ssl/test-alt-ca.crt       |  79 -------------------------------
+ test/ssl/test-alt-ca.key       |  27 -----------
+ test/ssl/test-bad-root-ca.crt  |  23 ----------
+ test/ssl/test-bad-root-ca.key  |  27 -----------
+ test/ssl/test-fake-root-ca.crt |  23 ----------
+ test/ssl/test-fake-root-ca.key |  27 -----------
+ test/ssl/test-root-ca.crt      |  23 ----------
+ test/ssl/test-root-ca.key      |  27 -----------
+ test/ssl/test-signing-ca.crt   |  79 -------------------------------
+ test/ssl/test-signing-ca.key   |  27 -----------
+ 25 files changed, 1145 deletions(-)
+ delete mode 100644 test/ssl/all-ca.crt
+ delete mode 100644 test/ssl/client-encrypted.crt
+ delete mode 100644 test/ssl/client-encrypted.key
+ delete mode 100644 test/ssl/client-expired.crt
+ delete mode 100644 test/ssl/client-expired.key
+ delete mode 100644 test/ssl/client-revoked.crt
+ delete mode 100644 test/ssl/client-revoked.key
+ delete mode 100644 test/ssl/client.crt
+ delete mode 100644 test/ssl/client.key
+ delete mode 100644 test/ssl/crl-empty.pem
+ delete mode 100644 test/ssl/crl.pem
+ delete mode 100644 test/ssl/server-expired.crt
+ delete mode 100644 test/ssl/server-expired.key
+ delete mode 100644 test/ssl/server.crt
+ delete mode 100644 test/ssl/server.key
+ delete mode 100644 test/ssl/test-alt-ca.crt
+ delete mode 100644 test/ssl/test-alt-ca.key
+ delete mode 100644 test/ssl/test-bad-root-ca.crt
+ delete mode 100644 test/ssl/test-bad-root-ca.key
+ delete mode 100644 test/ssl/test-fake-root-ca.crt
+ delete mode 100644 test/ssl/test-fake-root-ca.key
+ delete mode 100644 test/ssl/test-root-ca.crt
+ delete mode 100644 test/ssl/test-root-ca.key
+ delete mode 100644 test/ssl/test-signing-ca.crt
+ delete mode 100644 test/ssl/test-signing-ca.key
+
+diff --git a/test/ssl/all-ca.crt b/test/ssl/all-ca.crt
+deleted file mode 100644
+index 8744727..0000000
+--- a/test/ssl/all-ca.crt
++++ /dev/null
+@@ -1,102 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 1 (0x1)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, L=Derby, O=Mosquitto Project, OU=Testing, CN=Root CA
+-        Validity
+-            Not Before: Feb 25 14:54:18 2020 GMT
+-            Not After : Feb 23 14:54:18 2025 GMT
+-        Subject: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:c1:a1:1a:6e:76:1f:98:b7:1c:7e:d6:67:d5:dc:
+-                    92:34:ef:48:22:62:94:56:cb:21:29:c1:88:7c:7a:
+-                    62:eb:6d:b9:af:8b:80:75:f4:8e:32:e2:20:e2:fa:
+-                    3a:49:c8:20:74:53:83:0f:c1:48:e2:13:3e:48:27:
+-                    f2:e5:7d:55:c5:87:8c:41:9e:e2:90:58:8c:09:97:
+-                    1e:bc:5a:ce:10:71:b2:66:02:02:9b:0c:d0:24:47:
+-                    7a:3a:4d:3a:2e:c0:f0:65:6b:6a:cf:13:13:8a:f0:
+-                    6d:a0:a5:80:5f:6b:58:77:ae:91:6e:ba:ab:c5:c0:
+-                    24:f7:22:27:a4:bf:47:52:2d:a0:fc:56:b0:19:16:
+-                    84:e9:53:ac:1d:7f:29:af:c2:86:44:f5:9b:04:e4:
+-                    bf:8f:e1:b8:61:a0:63:55:0a:7a:93:2a:d8:4a:20:
+-                    b8:6b:b6:e9:20:c6:2c:c2:93:c2:dc:7a:69:90:8e:
+-                    ea:00:5b:0c:66:8a:90:74:b4:d9:01:98:9d:fe:5b:
+-                    66:e0:39:19:22:50:0d:76:3d:1c:04:fb:93:4d:6e:
+-                    45:da:e8:cc:27:35:2a:a6:35:a8:87:e1:99:32:42:
+-                    e8:71:eb:7c:f9:69:70:c7:cf:c5:cc:61:c5:ae:47:
+-                    dc:20:86:2b:2b:fe:1c:dd:2c:e9:b0:38:b6:72:8e:
+-                    09:e9
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Subject Key Identifier: 
+-                AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-            X509v3 Authority Key Identifier: 
+-                keyid:7A:89:5D:1E:C9:B1:72:2F:38:DB:DE:E7:D3:49:80:2C:01:FA:3B:74
+-
+-            X509v3 Basic Constraints: 
+-                CA:TRUE
+-    Signature Algorithm: sha256WithRSAEncryption
+-         d3:8d:e3:33:87:f3:1e:4f:ff:da:1d:f8:61:3f:4a:ae:21:49:
+-         cd:ee:b1:e0:62:ab:44:70:a8:29:92:83:8d:33:45:4c:ac:b0:
+-         66:a0:e8:32:23:76:ef:aa:89:7d:bc:e1:04:17:a5:d7:39:59:
+-         99:ab:d9:bf:0c:fd:c5:b6:ad:6f:45:39:c9:27:f1:3e:c0:af:
+-         c3:8e:b1:1f:8f:fc:34:66:31:f4:f1:11:a0:27:99:a2:65:e2:
+-         aa:20:a7:98:b6:0e:ff:71:5e:10:e7:ab:1e:33:e7:fb:c8:59:
+-         d7:89:7a:3b:d9:a9:9f:48:2f:2e:ff:02:61:cd:86:47:60:61:
+-         8e:81:71:68:f0:cd:63:72:b8:d2:7d:22:9d:6b:07:49:3a:0a:
+-         f7:8b:94:b3:98:90:3c:9f:e5:78:1b:84:a9:2e:fb:85:64:59:
+-         ce:6f:33:05:18:bc:21:df:f5:7c:10:79:d6:58:34:61:0e:1f:
+-         d5:af:b6:a0:8f:86:ce:56:d1:67:4f:b8:7e:50:2d:ba:77:37:
+-         50:0f:91:06:dc:a8:7f:3c:8b:2b:8b:47:df:e3:7e:2f:79:81:
+-         22:70:eb:f9:14:f3:66:73:17:33:e4:26:7e:47:df:80:89:de:
+-         a5:e8:5a:a9:c0:4b:3e:1b:9b:11:4b:3b:b4:8b:6a:9d:6c:ce:
+-         39:f5:04:c9
+------BEGIN CERTIFICATE-----
+-MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1v
+-c3F1aXR0byBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdSb290
+-IENBMB4XDTIwMDIyNTE0NTQxOFoXDTI1MDIyMzE0NTQxOFowZTELMAkGA1UEBhMC
+-R0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9q
+-ZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMIIBIjAN
+-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaEabnYfmLccftZn1dySNO9IImKU
+-VsshKcGIfHpi6225r4uAdfSOMuIg4vo6ScggdFODD8FI4hM+SCfy5X1VxYeMQZ7i
+-kFiMCZcevFrOEHGyZgICmwzQJEd6Ok06LsDwZWtqzxMTivBtoKWAX2tYd66Rbrqr
+-xcAk9yInpL9HUi2g/FawGRaE6VOsHX8pr8KGRPWbBOS/j+G4YaBjVQp6kyrYSiC4
+-a7bpIMYswpPC3HppkI7qAFsMZoqQdLTZAZid/ltm4DkZIlANdj0cBPuTTW5F2ujM
+-JzUqpjWoh+GZMkLocet8+Wlwx8/FzGHFrkfcIIYrK/4c3SzpsDi2co4J6QIDAQAB
+-o1AwTjAdBgNVHQ4EFgQUqlpbHJEymz+bw0Js0mj2p+DPvuAwHwYDVR0jBBgwFoAU
+-eoldHsmxci84297n00mALAH6O3QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+-AAOCAQEA043jM4fzHk//2h34YT9KriFJze6x4GKrRHCoKZKDjTNFTKywZqDoMiN2
+-76qJfbzhBBel1zlZmavZvwz9xbatb0U5ySfxPsCvw46xH4/8NGYx9PERoCeZomXi
+-qiCnmLYO/3FeEOerHjPn+8hZ14l6O9mpn0gvLv8CYc2GR2BhjoFxaPDNY3K40n0i
+-nWsHSToK94uUs5iQPJ/leBuEqS77hWRZzm8zBRi8Id/1fBB51lg0YQ4f1a+2oI+G
+-zlbRZ0+4flAtunc3UA+RBtyofzyLK4tH3+N+L3mBInDr+RTzZnMXM+QmfkffgIne
+-pehaqcBLPhubEUs7tItqnWzOOfUEyQ==
+------END CERTIFICATE-----
+------BEGIN CERTIFICATE-----
+-MIIDwjCCAqqgAwIBAgIURMxcSM9J+pY3g2SE3qoM34dHwPkwDQYJKoZIhvcNAQEL
+-BQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM
+-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz
+-dGluZzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMDAyMjUxNDU0MThaFw0zMDAyMjIx
+-NDU0MThaMHIxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYD
+-VQQHDAVEZXJieTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNVBAsM
+-B1Rlc3RpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+-DwAwggEKAoIBAQDdpftss7fN4lzDhppzwj2WfRehR95WYmiWnXoEsKyEfuh1hINs
+-vvI3tz1FWEb/usORr6XGZhgYwjIpSORMoBxuOZh8RDNPmO9KpLYXN1i4g+CfkGAK
+-QoBUr7FGGlKDaK4fRg6xx8BKQ1Lxqrx+iAOpIT7tU9YYPYrwiYbdhaYwfMTKXyCl
+-V+JypRRKWgzUkua4YRb2TnEH33NaXS0Tw+A0tRxSN26vwRheCrVfo+6CUB0kEaON
+-+syuiHP1mGrHj3bMh/MTd3H5u2lu+1GW/Re3HdGFLuHhEq6EkF0fnPCaPS+iJKwU
+-1LgQZwGc+UHglTmmqUS6xhpm++/950fYoaiHAgMBAAGjUDBOMB0GA1UdDgQWBBR6
+-iV0eybFyLzjb3ufTSYAsAfo7dDAfBgNVHSMEGDAWgBR6iV0eybFyLzjb3ufTSYAs
+-Afo7dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB7/Zn0VBciDCXo
+-JA4ZX5boZyQMx7Lm62O+ixChT2hW0VNlouacgfSq455sNxFJKam0ZQKzusMzssNQ
+-ticyZUwIosGx36f8qBaGksx0EbgAh9QdOulsYDLW5UsB4Rh94C36NoTd9+BJF6D4
+-89IpuxQehDKKuRG0NUChEkLvJ2AAPi/+iDHZQMB/sAzaT4gJ4eMeY4p4XBb/a9P2
+-w05RCpVNyLg32S7ynLNUrz+/lZUfZ8sYhpdECbFDpb0e1iVc1vst8Pur+cSGFO3f
+-HabwuWTdF9Xx8MaH/n32Pv8BxZ/hBdjsXa/CiMyT4POs6XGTpZ2iLcmHo8WS4Uls
+-5gKvsjuj
+------END CERTIFICATE-----
+diff --git a/test/ssl/client-encrypted.crt b/test/ssl/client-encrypted.crt
+deleted file mode 100644
+index e0d0eb0..0000000
+--- a/test/ssl/client-encrypted.crt
++++ /dev/null
+@@ -1,82 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 6 (0x6)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Validity
+-            Not Before: Feb 25 14:54:19 2020 GMT
+-            Not After : Feb 23 14:54:19 2025 GMT
+-        Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client encrypted
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:b3:5c:d2:08:93:da:a7:4e:a7:39:74:b0:a2:cd:
+-                    ce:f7:02:03:74:5d:f1:de:db:ff:51:68:d8:02:51:
+-                    1e:80:ac:aa:7c:90:c1:32:c9:7a:e5:ac:c4:bb:c5:
+-                    6a:c4:2b:96:3f:14:db:a2:b3:89:b6:24:ec:2f:80:
+-                    8a:a3:3b:89:89:29:c1:6a:de:ec:70:b0:9b:cb:92:
+-                    cf:a1:25:0f:d1:9e:cf:be:71:63:b6:82:85:42:83:
+-                    e9:bf:38:56:8c:f1:75:a7:7f:76:14:50:4c:67:bb:
+-                    53:a2:97:cf:5e:35:bd:fc:bb:c6:fd:aa:6e:fb:d7:
+-                    fc:9e:64:74:61:6f:ea:48:c0:c1:01:2c:69:f9:20:
+-                    0e:6a:d1:d3:a1:a3:3f:f7:0d:88:71:93:27:47:5f:
+-                    94:d4:27:c5:9f:4b:be:86:0b:7f:73:dd:97:28:91:
+-                    f0:aa:f0:09:de:a7:b6:1b:d7:ca:91:34:b0:b9:95:
+-                    2c:0f:14:1a:ce:da:84:bd:60:5e:f4:f0:f0:87:71:
+-                    93:44:70:88:3e:1c:2f:4e:16:a5:3c:9c:40:09:a0:
+-                    22:bd:b4:96:61:cb:e7:58:40:98:6e:61:d3:7f:ae:
+-                    bf:6d:9a:d1:6b:04:c3:55:bd:93:da:95:0d:06:65:
+-                    65:19:3e:bc:d8:80:12:8f:d8:74:9a:20:5e:db:b6:
+-                    b1:29
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Basic Constraints: 
+-                CA:FALSE
+-            Netscape Comment: 
+-                OpenSSL Generated Certificate
+-            X509v3 Subject Key Identifier: 
+-                A4:B3:5E:21:A5:51:C7:37:ED:86:36:79:88:D7:36:88:FE:D0:3F:5D
+-            X509v3 Authority Key Identifier: 
+-                keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-
+-    Signature Algorithm: sha256WithRSAEncryption
+-         79:90:68:9b:1f:92:48:63:e4:bd:4d:1c:65:a5:b2:25:71:92:
+-         b4:13:41:b9:9b:fc:50:0b:38:65:34:17:da:22:9c:9f:8e:2b:
+-         a9:25:06:02:00:49:89:c4:cb:cc:6e:3d:b5:09:15:9f:f9:25:
+-         e7:a1:61:51:20:9f:68:f3:42:e3:41:70:a8:4a:7a:11:31:3d:
+-         55:f5:20:49:d2:12:f5:1d:f6:c5:11:48:e5:c2:e8:47:bc:e1:
+-         d6:e1:a9:d9:f8:d7:78:18:b5:f5:9b:dd:cf:05:88:9e:06:59:
+-         54:a5:b8:1e:db:3e:51:12:28:f4:c3:ff:cb:a3:77:19:b2:86:
+-         05:6e:e0:82:77:7f:5f:cd:79:48:c1:bb:39:3b:67:a9:7d:0a:
+-         65:24:de:ba:3e:01:a0:be:af:10:88:88:ec:24:b7:8f:ad:49:
+-         b0:b6:cf:ee:65:bd:78:39:c7:53:0e:a1:32:58:62:af:4c:54:
+-         7d:3d:4a:20:ea:c7:b7:15:08:1a:29:f7:40:ab:a2:46:10:b5:
+-         e5:39:31:88:97:6d:54:fd:d5:9c:24:d1:88:e7:3f:97:b8:75:
+-         54:f6:83:c3:de:13:c5:55:5a:df:da:af:d2:f8:d9:3a:c1:83:
+-         75:a7:1c:c3:17:13:b8:94:54:73:65:11:87:11:e3:d8:5e:48:
+-         df:32:95:95
+------BEGIN CERTIFICATE-----
+-MIID3jCCAsagAwIBAgIBBjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx
+-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1
+-MTQ1NDE5WhcNMjUwMjIzMTQ1NDE5WjCBgjELMAkGA1UEBhMCR0IxGDAWBgNVBAgM
+-D05vdHRpbmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwG
+-U2VydmVyMRMwEQYDVQQLDApQcm9kdWN0aW9uMR4wHAYDVQQDDBV0ZXN0IGNsaWVu
+-dCBlbmNyeXB0ZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzXNII
+-k9qnTqc5dLCizc73AgN0XfHe2/9RaNgCUR6ArKp8kMEyyXrlrMS7xWrEK5Y/FNui
+-s4m2JOwvgIqjO4mJKcFq3uxwsJvLks+hJQ/Rns++cWO2goVCg+m/OFaM8XWnf3YU
+-UExnu1Oil89eNb38u8b9qm771/yeZHRhb+pIwMEBLGn5IA5q0dOhoz/3DYhxkydH
+-X5TUJ8WfS76GC39z3ZcokfCq8Anep7Yb18qRNLC5lSwPFBrO2oS9YF708PCHcZNE
+-cIg+HC9OFqU8nEAJoCK9tJZhy+dYQJhuYdN/rr9tmtFrBMNVvZPalQ0GZWUZPrzY
+-gBKP2HSaIF7btrEpAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W
+-HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSks14hpVHH
+-N+2GNnmI1zaI/tA/XTAfBgNVHSMEGDAWgBSqWlsckTKbP5vDQmzSaPan4M++4DAN
+-BgkqhkiG9w0BAQsFAAOCAQEAeZBomx+SSGPkvU0cZaWyJXGStBNBuZv8UAs4ZTQX
+-2iKcn44rqSUGAgBJicTLzG49tQkVn/kl56FhUSCfaPNC40FwqEp6ETE9VfUgSdIS
+-9R32xRFI5cLoR7zh1uGp2fjXeBi19ZvdzwWIngZZVKW4Hts+URIo9MP/y6N3GbKG
+-BW7ggnd/X815SMG7OTtnqX0KZSTeuj4BoL6vEIiI7CS3j61JsLbP7mW9eDnHUw6h
+-Mlhir0xUfT1KIOrHtxUIGin3QKuiRhC15TkxiJdtVP3VnCTRiOc/l7h1VPaDw94T
+-xVVa39qv0vjZOsGDdaccwxcTuJRUc2URhxHj2F5I3zKVlQ==
+------END CERTIFICATE-----
+diff --git a/test/ssl/client-encrypted.key b/test/ssl/client-encrypted.key
+deleted file mode 100644
+index 926e731..0000000
+--- a/test/ssl/client-encrypted.key
++++ /dev/null
+@@ -1,30 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-Proc-Type: 4,ENCRYPTED
+-DEK-Info: DES-EDE3-CBC,D72CFBC7CD65D7FB
+-
+-vNK1aAAQQ+mBvJuQh9hM34Vn+yqj+ISIP5bkrtwfGIjTnnN3KNbCqUPhVTaO1uz9
+-YA1qpCpr+64oLjpcPBZ1tIVhVwcIoq8/nCJKiWEA7/zICDq1f2x7t3JP5NoP9TlD
+-GaAm77JmriUZY0/DEyVBLhRyRIasO3tQSKnmHY1IHI1xalmxK46FTF8YsNpUr5bu
+-UdhUyfslVVFxgSArrrQfPi6GS/ik/4Kr9RZUb3U3Zx1xxACGIDudQIYlkSzy0Ye5
+-7ff6JS3Y3UzPi//RKBUVWxqSwPlv6KqfNLQ+vNB4mnILSMmxHrOVY2bB+6c5OdP9
+-LSqDF/Rt+Xga9FraibHtvkrZsr3zQ6IlFt6sjvnN5K2v8d70wep2+lS8o7ljaQkp
+-dgvP5YcWhdpMA5ye7JlVQOq7ApmIP1/MhlpLeH7gSZpazKvjQHzPLhjMTjJgDZLj
+-lHn3z0+iLIY7Jt9O0NCKHcGvc96A0y+CPt5OaXYLzbnAZXr3HXwB0t85L9FXtZfp
+-DL0uFgzQavqQagR6fQvN+F2D/jK3aMA1BmOAlTXl19OgEeXRulltKQfKrE+66W99
+-HVfRxapJMdtIvbZ4unzC4AHmLoDhTF2ryA0U97JeIta3NAk0D1gR9Q3uTWL3FKaO
+-4zyTnkUmhEe1xOkXu69n6FannSE0HlyuceX/9VvnPobEXAfs1C5Z3GQ+6WlXtQPh
+-+Aaa0mkEG9zukXf1txDoOokXuKHFqQj731MxMj6ah99FBTvr+FNHIj0TpmmQKUBU
+-8oufr1E2tUiRwcGD9jGOd7RUJ9Yg4haSeEF5fJfyfIiEa2Vfd+FwuZ31xkC1pf0r
+-un456DMT+TwcoCjgGabD5WrRlrIWwcBanwpktiGuDb0B42SZjo6Hb0UxIuialtis
+-l/bF1HdTQU8uNwA85M2zKWW8nELQxtp8+sebkOJW+hocNuGNMa8R+2rLXrrKnaIY
+-JcWSXHEKbNSVFHohEDHJlC8OTHqhOWf1dqBg23po9PJGcNGmRXnsW1s5I3LMVIuV
+-+wy8boQZHY/3OYeHmVfvHpnR1XIz1uOGEyX3jl/pvrlmNnkfF8ZWewcpSarORwSa
+-PGulUbsVbG6gXtn4A0cgf2XsbnlB5id1IGzbmeVO/7NMSbqrvucOeHTJWWMNItEk
+-6DNnU4k8i0LI/qXSld9d67nqEaYPQlesENASnhAAekMNC6qwrn0CeK/Hw6kKv/y7
+-TsMMsC8bSVCUgHDu1s3GeJ/ziAbmAebw3mdsO6r9HDszlhpqU4htJWmZG8PT9XKy
+-f5RoIM039FZFF34T4dZQTJ6AdgIRjtTE/ViOBoQxRd6sHlsBQjX2i2NqHwIifGpS
+-y9l4F/AzkpCCxxdey2ueupU9EEGWTifIFH3L0nwKbtDU/PUbSUx0wQTfD4PoB3ll
+-1EI+jJGvFqkvlPmKBroMbo6ckd7j7PZba7koiDV4QA2ALDHUruSM8rbVGbF4fplg
+-a29WU16BNWPIjrjVYwKBh0571jl8tleun63tvRQ3Cma+QOFJtyYaX01LqYed48od
+-19o/XiAarErs077YcrBsiNASBLILTr0QR87oLDNQWLbJghRUCUGV5TVifUnAr2tO
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/client-expired.crt b/test/ssl/client-expired.crt
+deleted file mode 100644
+index 3c3891d..0000000
+--- a/test/ssl/client-expired.crt
++++ /dev/null
+@@ -1,82 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 4 (0x4)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Validity
+-            Not Before: Aug 20 00:00:00 2012 GMT
+-            Not After : Aug 21 00:00:00 2012 GMT
+-        Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client expired
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:d0:5a:fb:75:01:67:ef:ce:6a:66:1b:44:11:68:
+-                    0d:49:d1:8e:68:39:f3:a8:71:38:c3:1f:7b:ff:77:
+-                    b7:0f:2e:e8:87:db:be:48:5c:12:6f:ba:fd:3c:22:
+-                    ec:7b:dd:2f:47:42:c5:db:9a:1b:8e:c3:9e:3e:c1:
+-                    59:53:19:69:7d:37:f8:70:75:b4:eb:28:09:4e:88:
+-                    dd:b1:0f:21:fc:4b:33:98:2a:9a:e6:ed:8d:2a:7b:
+-                    b4:b7:c9:53:28:c8:76:69:35:f2:2e:3d:31:2c:4b:
+-                    51:f9:2c:73:b9:ab:26:01:7e:8c:ef:7f:33:ee:99:
+-                    ca:ad:61:9f:60:3d:ac:11:c8:09:7b:fd:31:dd:7e:
+-                    7e:d8:68:69:49:a8:2e:29:f0:9f:61:24:b7:63:5d:
+-                    98:93:73:96:7e:6f:a6:c2:3b:05:05:9c:82:eb:87:
+-                    dd:f4:56:02:c2:ef:1e:34:02:0a:9c:9d:9a:7e:0c:
+-                    67:9b:91:74:a0:6e:5e:f6:52:5b:f7:f3:b7:0e:fe:
+-                    4e:0e:10:e4:fa:dc:4b:91:62:b4:49:42:6d:ea:84:
+-                    87:4a:89:8e:0d:8a:42:f2:6c:82:a1:93:bd:4d:a2:
+-                    f0:ad:0f:ba:f7:6f:60:b7:7a:1b:9a:b5:e6:41:92:
+-                    d7:3b:37:c6:79:b1:70:9a:6b:35:6a:42:3a:f1:20:
+-                    90:b7
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Basic Constraints: 
+-                CA:FALSE
+-            Netscape Comment: 
+-                OpenSSL Generated Certificate
+-            X509v3 Subject Key Identifier: 
+-                74:67:BC:4D:15:27:BF:FF:E6:FF:20:B2:FE:9E:D5:B4:A2:57:D1:78
+-            X509v3 Authority Key Identifier: 
+-                keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-
+-    Signature Algorithm: sha256WithRSAEncryption
+-         62:fd:1a:03:bc:1a:45:d0:ac:c1:4c:61:08:d0:df:d4:3f:8e:
+-         85:f5:6c:ca:f0:ac:75:f9:56:54:f2:e2:17:95:e2:40:be:b3:
+-         cf:6e:c9:ff:db:12:cb:cd:c9:21:9a:79:35:45:2b:98:e7:38:
+-         4d:a8:f1:39:db:5f:e4:fd:7e:f3:da:24:77:86:3a:1c:ab:f1:
+-         60:af:33:ed:5b:7a:e8:cb:18:0c:7c:d7:32:af:50:8b:9d:74:
+-         53:38:2f:31:9b:16:fc:99:c5:36:b7:4a:bd:96:38:27:96:b2:
+-         ba:9b:87:8e:48:2a:d7:3d:40:00:8f:54:8e:00:c7:8d:b8:97:
+-         0c:3d:d5:67:5c:31:8d:ac:40:7a:27:86:a7:88:ac:90:ac:eb:
+-         ae:e3:35:dd:b2:03:ae:8b:c0:9d:a3:32:ac:d7:39:f2:b7:d2:
+-         f8:d2:f8:76:4d:77:cf:df:fd:e6:d6:7c:df:67:3d:21:01:e2:
+-         45:d2:59:47:e6:f6:08:99:13:7b:ac:f9:ec:51:0d:8e:68:83:
+-         7c:82:84:3d:03:24:dd:db:4c:8d:5a:44:8f:93:de:ea:14:b5:
+-         8e:e4:65:02:a4:98:4a:20:eb:07:01:b0:80:9e:2c:52:00:c8:
+-         f2:9e:60:8e:72:67:57:97:44:7f:65:f7:2b:19:95:e6:c3:38:
+-         80:39:66:cd
+------BEGIN CERTIFICATE-----
+-MIID3DCCAsSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx
+-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMTIwODIw
+-MDAwMDAwWhcNMTIwODIxMDAwMDAwWjCBgDELMAkGA1UEBhMCR0IxGDAWBgNVBAgM
+-D05vdHRpbmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwG
+-U2VydmVyMRMwEQYDVQQLDApQcm9kdWN0aW9uMRwwGgYDVQQDDBN0ZXN0IGNsaWVu
+-dCBleHBpcmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fr7dQFn
+-785qZhtEEWgNSdGOaDnzqHE4wx97/3e3Dy7oh9u+SFwSb7r9PCLse90vR0LF25ob
+-jsOePsFZUxlpfTf4cHW06ygJTojdsQ8h/EszmCqa5u2NKnu0t8lTKMh2aTXyLj0x
+-LEtR+SxzuasmAX6M738z7pnKrWGfYD2sEcgJe/0x3X5+2GhpSaguKfCfYSS3Y12Y
+-k3OWfm+mwjsFBZyC64fd9FYCwu8eNAIKnJ2afgxnm5F0oG5e9lJb9/O3Dv5ODhDk
+-+txLkWK0SUJt6oSHSomODYpC8myCoZO9TaLwrQ+6929gt3obmrXmQZLXOzfGebFw
+-mms1akI68SCQtwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P
+-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdGe8TRUnv//m
+-/yCy/p7VtKJX0XgwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJ
+-KoZIhvcNAQELBQADggEBAGL9GgO8GkXQrMFMYQjQ39Q/joX1bMrwrHX5VlTy4heV
+-4kC+s89uyf/bEsvNySGaeTVFK5jnOE2o8TnbX+T9fvPaJHeGOhyr8WCvM+1beujL
+-GAx81zKvUIuddFM4LzGbFvyZxTa3Sr2WOCeWsrqbh45IKtc9QACPVI4Ax424lww9
+-1WdcMY2sQHonhqeIrJCs667jNd2yA66LwJ2jMqzXOfK30vjS+HZNd8/f/ebWfN9n
+-PSEB4kXSWUfm9giZE3us+exRDY5og3yChD0DJN3bTI1aRI+T3uoUtY7kZQKkmEog
+-6wcBsICeLFIAyPKeYI5yZ1eXRH9l9ysZlebDOIA5Zs0=
+------END CERTIFICATE-----
+diff --git a/test/ssl/client-expired.key b/test/ssl/client-expired.key
+deleted file mode 100644
+index 8b85aaf..0000000
+--- a/test/ssl/client-expired.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEogIBAAKCAQEA0Fr7dQFn785qZhtEEWgNSdGOaDnzqHE4wx97/3e3Dy7oh9u+
+-SFwSb7r9PCLse90vR0LF25objsOePsFZUxlpfTf4cHW06ygJTojdsQ8h/EszmCqa
+-5u2NKnu0t8lTKMh2aTXyLj0xLEtR+SxzuasmAX6M738z7pnKrWGfYD2sEcgJe/0x
+-3X5+2GhpSaguKfCfYSS3Y12Yk3OWfm+mwjsFBZyC64fd9FYCwu8eNAIKnJ2afgxn
+-m5F0oG5e9lJb9/O3Dv5ODhDk+txLkWK0SUJt6oSHSomODYpC8myCoZO9TaLwrQ+6
+-929gt3obmrXmQZLXOzfGebFwmms1akI68SCQtwIDAQABAoIBAHz1ZAQbcMOA740H
+-Yz5xQi74kEjwILLwHJPhqRNhMBfaETmRz8BEAAakhcXwSBZNZFJ/uHxpI4fuyFRo
+-z3KoNf0UeVqxLW0vWM2SBitvoPlX/LyRKM/Avr4w7QSgqNA30dRtty6GIpynG6Wu
+-REWhYKzawhnNF09NSyHK/7PPqQgL8+3et4naoyTBfHryA1rSlAZmOAH9xWhbfTzH
+-mWUazRp0kRQWQ/HCwQF4ZvXpE52K6U3OWhei440tJEPZDmrdKNrgFwxrBCUBWHuV
+-ZP9N/SST52uzJS2t5oQ89jb8aH3zBz0bwwWNQgMBo1MV73JCsrO3RMyaWWSXNGCE
+-fJ99JKkCgYEA+C/S61CAEd7eLBguQrY6EkyROf+SMVxD5DjXShpk/SsSuXY76Wu2
+-tpY0dNOjIGk1DIPmGdRtMcOg1RYDFcPF67lj6gwBgXk2qREUtdIzQ/X+3nVCaTCU
+-/JuXQHTVnWYuYqT8Nd+IytKc4LrFWNpPDar0a6DSvd3QWQ95Tyg/f2UCgYEA1uom
+-myPZxQRmXOwvm+u5ogA1NzCGOxMzpV/Ay2ahqC4as5AsnsL5xgIwYmGCpITYelQp
+-8FcQLgvHIHKZjHSSH/qxUvJelcthHp3WDoj2yeiH88AI56xN4pbSYHEZzq6/jyhN
+-qykopsLpz67Qz2tn/on3DmjSrMcPqV1nblkHs+sCgYBnlM4al8ZbrwBattzXyuYB
+-rSMPabLCFxfesDpqGwn6/3cZIFdw3ButqJLMD2gNptsVFhd6wEWyd0swo7c15jc8
+-Ymtoywn113kQpqhWGhx7SLfOcHH/JN+JbgZ6SEi/IF5LnUAF2/1jaPNAd7LVmodT
+-1P2dzckmpOTHxsWCW/HkYQKBgGn7uKQjLt5gyBYlB2lt+vJwBc48qMVzN7HjIZFt
+-AGWOru5EOCzm3AQQykmJ6sI1HQhefvweA0Wh20YeHajNR85rc40DJy/ZxwAxOAGc
+-+48glALZfcq6BwKp+/9BZ0esl50CdCLnPjvWvTUE8caIIhW9dc9uVA6OcCPGgx5A
+-23KXAoGAB1+qBe3rZZ7ke5PFNstASj4PqcwmZRxu7P7Xy6ziHsLTKvyx665IWd+F
+-fdrFYWWP5tj+7CGzvLtD0nruAdGyECtmSCclH3iCmjjAWHQiqiZT4ShGzprkQj9d
+-bsuhZ95e3mK7liSVujXl5neFWetyoj4MqA1OWjiNaEEUQ02NOlo=
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/client-revoked.crt b/test/ssl/client-revoked.crt
+deleted file mode 100644
+index 8e336b0..0000000
+--- a/test/ssl/client-revoked.crt
++++ /dev/null
+@@ -1,82 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 5 (0x5)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Validity
+-            Not Before: Feb 25 14:54:19 2020 GMT
+-            Not After : Feb 23 14:54:19 2025 GMT
+-        Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client revoked
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:d3:04:65:0d:da:e3:e6:66:d2:cc:40:05:24:fe:
+-                    17:67:40:bb:6c:35:dd:18:2c:70:7e:20:d1:00:26:
+-                    56:b7:1b:4e:e6:3e:8c:6c:0d:e4:d2:c0:dd:71:30:
+-                    02:f7:a0:83:79:0f:15:94:cd:a3:aa:c7:d4:e3:15:
+-                    af:0a:1a:b3:b8:54:b8:eb:f3:6b:72:3b:d3:f4:0b:
+-                    c6:4c:a9:79:58:95:53:a3:4a:31:81:97:31:a1:67:
+-                    f7:4d:9c:8b:02:b2:8d:79:b2:b1:87:3f:35:75:7e:
+-                    d1:04:6b:fb:7f:44:d7:3c:c2:4b:73:99:ee:61:a0:
+-                    54:2f:47:a4:62:e3:e6:0c:bb:1a:88:8c:a1:94:8f:
+-                    b5:79:d5:bb:be:75:f8:a7:e1:56:8b:dc:0f:90:9b:
+-                    94:45:50:fd:0b:7c:a9:bf:17:5a:0a:02:b4:15:3c:
+-                    88:fa:93:5f:1b:20:8a:c3:aa:c8:18:d1:02:27:38:
+-                    34:38:8c:ed:f7:58:50:20:53:9e:29:5e:3c:e9:f6:
+-                    cc:98:37:1c:e4:24:7f:2f:44:39:42:31:7c:30:13:
+-                    0f:42:2c:c8:e1:53:ac:05:4b:e3:bd:7b:05:7a:d3:
+-                    c1:14:ee:c3:06:75:64:5d:11:a6:be:4d:53:8d:06:
+-                    04:1f:1e:14:a7:8b:53:b9:aa:c3:97:c9:3c:8a:45:
+-                    6b:05
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Basic Constraints: 
+-                CA:FALSE
+-            Netscape Comment: 
+-                OpenSSL Generated Certificate
+-            X509v3 Subject Key Identifier: 
+-                4B:8F:CC:F4:64:26:0C:0A:37:2B:D1:18:76:9D:AF:B7:D6:19:47:92
+-            X509v3 Authority Key Identifier: 
+-                keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-
+-    Signature Algorithm: sha256WithRSAEncryption
+-         13:0e:0b:71:b7:f3:53:f9:4e:7b:19:20:89:4e:a2:bf:e3:a2:
+-         5d:66:35:ba:02:ca:b5:b7:39:3f:4f:5b:47:b9:7a:14:c6:83:
+-         28:02:2a:fe:68:56:d1:08:8d:e1:a0:c0:8b:8a:38:92:41:ba:
+-         79:11:d4:df:8b:f5:1a:bd:ae:59:97:41:8c:4c:de:28:87:ce:
+-         fb:9e:ad:fb:22:48:d4:3d:9c:60:96:e5:35:71:b9:bc:24:ec:
+-         11:e5:c8:96:1c:b1:ec:96:26:32:91:ef:a9:d9:d9:b8:3f:92:
+-         9e:61:54:d7:b5:2d:f5:ac:89:4a:49:3e:8f:a9:b7:e2:39:7d:
+-         98:5f:21:25:0c:71:16:e7:12:d5:e5:9c:01:6b:a8:50:65:ab:
+-         48:db:a8:04:c1:ec:3e:ea:2f:54:30:f8:38:0c:90:fc:71:68:
+-         56:98:a9:d4:b7:0e:bb:66:a9:fc:24:50:0b:b9:46:cf:45:56:
+-         86:0c:7d:b9:e2:9b:ec:36:e4:c9:fd:96:a6:b0:f7:f3:c9:d4:
+-         74:8e:6a:68:5a:2e:6d:6f:78:26:af:93:7d:9c:53:73:92:b5:
+-         1d:c1:77:52:ea:2d:21:06:b6:3a:71:be:59:c9:51:a8:fe:89:
+-         fc:6c:e3:7e:5e:46:93:4c:eb:4f:14:1d:e8:05:99:95:7c:49:
+-         40:c9:db:81
+------BEGIN CERTIFICATE-----
+-MIID3DCCAsSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx
+-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1
+-MTQ1NDE5WhcNMjUwMjIzMTQ1NDE5WjCBgDELMAkGA1UEBhMCR0IxGDAWBgNVBAgM
+-D05vdHRpbmdoYW1zaGlyZTETMBEGA1UEBwwKTm90dGluZ2hhbTEPMA0GA1UECgwG
+-U2VydmVyMRMwEQYDVQQLDApQcm9kdWN0aW9uMRwwGgYDVQQDDBN0ZXN0IGNsaWVu
+-dCByZXZva2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wRlDdrj
+-5mbSzEAFJP4XZ0C7bDXdGCxwfiDRACZWtxtO5j6MbA3k0sDdcTAC96CDeQ8VlM2j
+-qsfU4xWvChqzuFS46/NrcjvT9AvGTKl5WJVTo0oxgZcxoWf3TZyLArKNebKxhz81
+-dX7RBGv7f0TXPMJLc5nuYaBUL0ekYuPmDLsaiIyhlI+1edW7vnX4p+FWi9wPkJuU
+-RVD9C3ypvxdaCgK0FTyI+pNfGyCKw6rIGNECJzg0OIzt91hQIFOeKV486fbMmDcc
+-5CR/L0Q5QjF8MBMPQizI4VOsBUvjvXsFetPBFO7DBnVkXRGmvk1TjQYEHx4Up4tT
+-uarDl8k8ikVrBQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P
+-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS4/M9GQmDAo3
+-K9EYdp2vt9YZR5IwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJ
+-KoZIhvcNAQELBQADggEBABMOC3G381P5TnsZIIlOor/jol1mNboCyrW3OT9PW0e5
+-ehTGgygCKv5oVtEIjeGgwIuKOJJBunkR1N+L9Rq9rlmXQYxM3iiHzvuerfsiSNQ9
+-nGCW5TVxubwk7BHlyJYcseyWJjKR76nZ2bg/kp5hVNe1LfWsiUpJPo+pt+I5fZhf
+-ISUMcRbnEtXlnAFrqFBlq0jbqATB7D7qL1Qw+DgMkPxxaFaYqdS3DrtmqfwkUAu5
+-Rs9FVoYMfbnim+w25Mn9lqaw9/PJ1HSOamhaLm1veCavk32cU3OStR3Bd1LqLSEG
+-tjpxvlnJUaj+ifxs435eRpNM608UHegFmZV8SUDJ24E=
+------END CERTIFICATE-----
+diff --git a/test/ssl/client-revoked.key b/test/ssl/client-revoked.key
+deleted file mode 100644
+index bf25ba1..0000000
+--- a/test/ssl/client-revoked.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEowIBAAKCAQEA0wRlDdrj5mbSzEAFJP4XZ0C7bDXdGCxwfiDRACZWtxtO5j6M
+-bA3k0sDdcTAC96CDeQ8VlM2jqsfU4xWvChqzuFS46/NrcjvT9AvGTKl5WJVTo0ox
+-gZcxoWf3TZyLArKNebKxhz81dX7RBGv7f0TXPMJLc5nuYaBUL0ekYuPmDLsaiIyh
+-lI+1edW7vnX4p+FWi9wPkJuURVD9C3ypvxdaCgK0FTyI+pNfGyCKw6rIGNECJzg0
+-OIzt91hQIFOeKV486fbMmDcc5CR/L0Q5QjF8MBMPQizI4VOsBUvjvXsFetPBFO7D
+-BnVkXRGmvk1TjQYEHx4Up4tTuarDl8k8ikVrBQIDAQABAoIBAC8u5mGothjImQ3u
+-qrfQ0O7XfJD/okZLeYPaVqFP8UfUJVo6Vi+7E5VEZr9uWtt/2qXxB4RUTupa8HEu
+-YgtCWTk4SHkJ3taWJhiFoXt20ZlLGn6CkntFkWVj19pUzIh34EZ7/FIfghaZmqcA
+-diXJAM+nKjPZEYJm1SwVOt6Z0tC5hRW9R3eCf8dxC6YlPJv9sebi6C9AqKVe6IsG
+-98CNFJG7hdgdsMFCzjDfasHreXGZ9w/pG9O+szAloqyM6k8R/3gT1Cx8Qwh6KIMt
+-xL1KZyBw3dm7rCBxtozZC8nRzGFNoHWYS44wFxYaN11Y96h+ACLJYD7q6oOL4Oz9
+-Kh8hn+kCgYEA/6X8WDbjEv9akZurMa3AOOAsAHb+K/kSyc3pV3C3RMxR2y4z6W4x
+-4ZiJePpwsFZR0Ss/wXPnVBo1CEAJxHrBIb5zrzQwYIPFrNL7lPO4oalN0+Xpvo5r
+-GIP354Yh1Eb98eLotBpcppI2MiE6z++lvUJ8HGcIuOMNeFEmIRl1E18CgYEA006x
+-vMGrzv36ZPPsTkaAU8gLVinqseEggNd90fuOAi9UQ/9k/MjeTYtL/c/3VcIWgHA1
+-4Emvt5UUI0Gr3/it+O2cr5snIglrsnAFADaWrzjSMHLpLdHzUfMHCbAJLYO9vYec
+-l2vpIcASvR7C1cQzFuBhNZC13uRWtV8O4BvPoBsCgYA/+Tl8mb+ZMW1oopvkgqZn
+-lTFtrFlOh7W76ltKFlrGTJrvTlCPSZQR8Cn2rDUm63Lt9PSvZGGvGh/LQLsw/8b0
+-usQYQ+cXP+JnrSRn0dWSHtvq+s3TcbA7IksXFOnCRUGnFjFFYJNu24fUY5xkDIRd
+-KBYGxYHZQnhMc4InJke14QKBgQCXSb6DkH48IydFZEcJ+/whABbtx/EbDj5BQQf6
+-cYrJEa3ZSV+6hO50wojT3jQNmHqX1r8cKGXAoOHcJEa0gs28bhNCv2kTO396MC3E
+-a1ETfzEuMve0MJ9vSvr8+qZ3id0td4yr9TzjRyujcAS7HFAfzuKKgWNVhFJ4ZOi3
+-l/HdhQKBgE7V2j71No6xkjj9jOguI3TpCFXqQoSa9KhWOVXJrbpfE0K2QxvfQ6WO
+-usWDGw9102OdFqfaFf2LE1cbIQe9M35QRrT9AjsZxtoc60XpZEwYS+FFh7po/t2t
+-Apb8jiyBBAI9aYNRlWVo/1emnG6QUR45gX0Bu7glr+P4A+aopBi2
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/client.crt b/test/ssl/client.crt
+deleted file mode 100644
+index 6a325f6..0000000
+--- a/test/ssl/client.crt
++++ /dev/null
+@@ -1,82 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 3 (0x3)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Validity
+-            Not Before: Feb 25 14:54:19 2020 GMT
+-            Not After : Feb 23 14:54:19 2025 GMT
+-        Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=test client
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:bf:6a:a5:cd:66:6a:1d:20:48:3a:f1:ff:61:9d:
+-                    fd:1f:18:26:a0:43:4c:b0:4c:b9:8d:4e:7d:d0:81:
+-                    e0:43:81:9e:70:75:cb:c4:57:49:3c:84:34:51:45:
+-                    a2:9f:00:50:20:d6:5f:34:3c:02:bb:69:2f:64:4a:
+-                    28:21:e3:95:41:e8:50:04:f3:bf:f2:5a:9e:27:64:
+-                    5b:b3:bc:49:96:36:10:56:06:47:1a:ca:db:ad:6f:
+-                    e3:f7:83:dc:42:37:28:07:58:a7:6f:26:45:b7:69:
+-                    6f:af:28:62:f8:7e:98:98:21:0a:a6:da:ae:d5:4b:
+-                    fe:db:09:1a:b4:75:d5:09:3b:13:9e:33:9e:b4:d6:
+-                    5e:21:e6:fb:37:09:bb:1a:56:e1:5d:64:bc:5a:77:
+-                    99:ac:81:cc:2b:b7:9b:49:b6:e8:ba:2e:32:d9:9e:
+-                    8e:4d:2e:fc:17:d0:37:44:0f:35:a9:af:f1:44:bb:
+-                    cb:2c:2a:75:f0:7e:ba:b6:1a:73:32:d6:1f:4c:3b:
+-                    9b:38:f0:e9:22:06:3c:94:6b:5f:69:e4:be:2f:fa:
+-                    9c:c4:9e:7c:c0:dd:c2:3c:53:b8:28:ca:77:a0:96:
+-                    6b:9c:cb:3f:44:b1:c5:51:75:89:a0:16:ba:82:63:
+-                    f7:c4:24:7f:06:89:58:45:10:69:e4:97:f5:35:fe:
+-                    7e:97
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Basic Constraints: 
+-                CA:FALSE
+-            Netscape Comment: 
+-                OpenSSL Generated Certificate
+-            X509v3 Subject Key Identifier: 
+-                36:51:2B:BB:3E:B7:6B:2B:7F:D4:86:AE:67:75:C2:01:54:5B:72:3C
+-            X509v3 Authority Key Identifier: 
+-                keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-
+-    Signature Algorithm: sha256WithRSAEncryption
+-         32:70:51:f0:c2:35:6f:83:e3:bc:f3:f2:6f:e9:79:e6:a9:51:
+-         d0:69:fa:fb:a8:a8:d4:59:c4:c4:ee:9b:59:9a:ce:a8:2e:7e:
+-         71:a5:23:4c:27:76:e5:b6:e1:6d:bd:a4:24:f1:38:01:7d:d8:
+-         d6:f2:c4:d8:58:b5:59:0d:b9:05:45:62:59:34:54:56:49:c4:
+-         2c:f4:bd:17:a0:f2:72:e3:63:c3:69:40:55:e8:a4:57:23:38:
+-         e5:5e:f2:b0:3a:ee:27:b4:0e:ca:5e:a9:55:60:db:4d:30:ad:
+-         c5:13:d3:a4:ed:49:ff:c3:4a:e5:82:9d:5d:c6:ad:62:d9:49:
+-         90:d1:0f:5e:89:1b:d7:f3:c1:3c:45:dc:84:09:b2:77:c2:fe:
+-         47:9d:90:d4:f1:6c:54:20:a9:0d:9e:f8:a4:b9:55:c9:22:ef:
+-         30:d1:d2:59:ba:ae:c1:d2:60:44:83:7f:0a:eb:36:ed:e2:0e:
+-         7c:67:b3:c2:0d:25:bd:75:36:d8:af:ad:62:f8:f4:80:8f:ae:
+-         ec:e7:1c:a6:1f:f5:ff:8e:8b:c8:28:03:d3:de:08:4e:26:e1:
+-         61:ce:3d:24:93:9b:da:d7:f7:8e:15:5d:32:55:5e:c9:7f:6b:
+-         0d:a8:f7:b2:73:85:2a:63:25:93:37:14:ce:64:cc:f6:07:a1:
+-         dc:29:f6:53
+------BEGIN CERTIFICATE-----
+-MIID0zCCArugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx
+-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1
+-MTQ1NDE5WhcNMjUwMjIzMTQ1NDE5WjB4MQswCQYDVQQGEwJHQjEYMBYGA1UECAwP
+-Tm90dGluZ2hhbXNoaXJlMRMwEQYDVQQHDApOb3R0aW5naGFtMQ8wDQYDVQQKDAZT
+-ZXJ2ZXIxEzARBgNVBAsMClByb2R1Y3Rpb24xFDASBgNVBAMMC3Rlc3QgY2xpZW50
+-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2qlzWZqHSBIOvH/YZ39
+-HxgmoENMsEy5jU590IHgQ4GecHXLxFdJPIQ0UUWinwBQINZfNDwCu2kvZEooIeOV
+-QehQBPO/8lqeJ2Rbs7xJljYQVgZHGsrbrW/j94PcQjcoB1inbyZFt2lvryhi+H6Y
+-mCEKptqu1Uv+2wkatHXVCTsTnjOetNZeIeb7Nwm7GlbhXWS8WneZrIHMK7ebSbbo
+-ui4y2Z6OTS78F9A3RA81qa/xRLvLLCp18H66thpzMtYfTDubOPDpIgY8lGtfaeS+
+-L/qcxJ58wN3CPFO4KMp3oJZrnMs/RLHFUXWJoBa6gmP3xCR/BolYRRBp5Jf1Nf5+
+-lwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl
+-bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNlEruz63ayt/1IauZ3XCAVRb
+-cjwwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJKoZIhvcNAQEL
+-BQADggEBADJwUfDCNW+D47zz8m/peeapUdBp+vuoqNRZxMTum1mazqgufnGlI0wn
+-duW24W29pCTxOAF92NbyxNhYtVkNuQVFYlk0VFZJxCz0vReg8nLjY8NpQFXopFcj
+-OOVe8rA67ie0DspeqVVg200wrcUT06TtSf/DSuWCnV3GrWLZSZDRD16JG9fzwTxF
+-3IQJsnfC/kedkNTxbFQgqQ2e+KS5Vcki7zDR0lm6rsHSYESDfwrrNu3iDnxns8IN
+-Jb11NtivrWL49ICPruznHKYf9f+Oi8goA9PeCE4m4WHOPSSTm9rX944VXTJVXsl/
+-aw2o97JzhSpjJZM3FM5kzPYHodwp9lM=
+------END CERTIFICATE-----
+diff --git a/test/ssl/client.key b/test/ssl/client.key
+deleted file mode 100644
+index d2c60ef..0000000
+--- a/test/ssl/client.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEpQIBAAKCAQEAv2qlzWZqHSBIOvH/YZ39HxgmoENMsEy5jU590IHgQ4GecHXL
+-xFdJPIQ0UUWinwBQINZfNDwCu2kvZEooIeOVQehQBPO/8lqeJ2Rbs7xJljYQVgZH
+-GsrbrW/j94PcQjcoB1inbyZFt2lvryhi+H6YmCEKptqu1Uv+2wkatHXVCTsTnjOe
+-tNZeIeb7Nwm7GlbhXWS8WneZrIHMK7ebSbboui4y2Z6OTS78F9A3RA81qa/xRLvL
+-LCp18H66thpzMtYfTDubOPDpIgY8lGtfaeS+L/qcxJ58wN3CPFO4KMp3oJZrnMs/
+-RLHFUXWJoBa6gmP3xCR/BolYRRBp5Jf1Nf5+lwIDAQABAoIBAQCxu6DAG3wkFzl6
+-IgFy7nN9T7tty4+Fk3gm0N7Zn/5QMCahXX8ai8Ggw1CgtfvNj0jXdLVplt8ijQRI
+-JuMktGB+lerW7k0oByQah4DuXsIlC4YXmjSjmABqBh6yUGlPwk8Uoyi0d+D78JaX
+-GPTsrv+ZIfT2AM+dlbbKQqXdMhvhOLHn+p8+j5iX4UMt5UY3wbVH9gu4nTSG2Sce
+-+OKRbOynCleYtlhpkVx2J2f3szxz/FBGjywX/9EMmJvOg3uvJ74lxYEB3e5RQdnZ
+-FAxRlh+S54u1AjqFjUjLtWFgYjrQfmwtEA+GYGDwQK8CZJKEN8ARkNl4SzNu+qj0
+-mDfWIzjBAoGBAOhhBCY/k6rwa6RjwArEX4KpTkAISo3esBC8IF7rIDWrvK0c+hqY
+-QO8Zdt2vnJNO2e94c7WXLZ90FGan2vD7E9ICEU4fC2Rk3xdMUSpTFToKRvWvD7Z1
+-RhOYkOLz904t391UdQrhT3DnIZ+05XbheR9GJWS2SImbCqjlzI3aFTOfAoGBANLf
+-tIwf6k676mOigJ0ueNI3/Hz3UbnJFWeqwclgQbpCQpzLeexyKrkTZqslxnge29hb
+-JrQrem97WSVC8EqXU3PI/0chRYUUL2UdGX6nKlBL+MDLbGoUkRNqrBxhUajBT2Yq
+-3tONIlHsFFd843dAr90DZxoj8WYA4NnaW4xR0ZIJAoGAeBWiek2CduSVC7eMh0Ph
+-g3kQeeCO/m9kltFQ/RwOYg3ki6Uczd9+NtD27yqQBEPMNYcObHm6Vts6q630Y3Gs
+-VWtCHBfI4FGMQ9LpYrDamEq1TsLvoL9LvlaqEM44L4tfU1YQwdWbIuIeKxTlO6Da
+-4cFzE29rXsjjIlLWeTuIl0sCgYEA0Mak5VqvyzXnUK/RsE0TV+YQN9VQ96SraZC4
+-/dwsFvGFK+GUm9FIlSYtLuNehQzgUmukfRrSxE8WKnsEloUOHYNxooXBY4lhhzVx
+-SWDN1uPwq0h71Ob534RsVEjR5UdGifuF02NXCE64sQm31xiXRTUaPdo6JOhXtbin
+-jNxwpakCgYEAoGkfZxUd6yZtNLmEKUwFT4/1edMg9XdyZggbfkaM2acn6cCk/XdJ
+-zZSDcvnNyui30Amuiiin40QWX0OizeTnUS73knPTitQIb0+YEXp6NTKKsc1Frn6w
+-pGjTOoVH4PDwBGs7vSO8uip6gdeGI1bCAK5zKeWR5gHE/UCrP/WQXy8=
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/crl-empty.pem b/test/ssl/crl-empty.pem
+deleted file mode 100644
+index b3791b2..0000000
+--- a/test/ssl/crl-empty.pem
++++ /dev/null
+@@ -1,12 +0,0 @@
+------BEGIN X509 CRL-----
+-MIIBwDCBqQIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjETMBEGA1UE
+-CAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNV
+-BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EXDTIwMDIyNTE0NTQxOVoY
+-DzIxMDIwNDE2MTQ1NDE5WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQAD
+-ggEBADXrRSpMfj+Iuz/Uy/ti4k0Qx+H/e93pown8Cgx/w9FwtsTsaTKOff0r3uKb
+-KpKJJ4BSkysUOaZ72cLoooNYoEcYgpcqx3PlhmjuBGcOH1YG5ca+nzIayZgQe3Nl
+-hGBvYfpX+YMpG7gHy5WPxi0T+uUF7XfTEfpmw8asVSZvZNy0nMB3cZCCA4yiICay
+-vaOIrrHshSlDPw6iafhcBNLAdq5Xz+KF4Pv78Wfs+zwnm0BzRGtVB7cWCaGvUi3v
+-dAqzzBsdP0naFYVaZ1BJcE06Dn5O6LSA6snOswCTGOYI50zMZzRXkUo3pZ/xqVPc
+-Cdo6QspVlxGedSxXD13KbGPAoak=
+------END X509 CRL-----
+diff --git a/test/ssl/crl.pem b/test/ssl/crl.pem
+deleted file mode 100644
+index 06aa07b..0000000
+--- a/test/ssl/crl.pem
++++ /dev/null
+@@ -1,12 +0,0 @@
+------BEGIN X509 CRL-----
+-MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjETMBEGA1UE
+-CAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNV
+-BAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EXDTIwMDIyNTE0NTQxOVoY
+-DzIxMDIwNDE2MTQ1NDE5WjAUMBICAQUXDTIwMDIyNTE0NTQxOVqgDjAMMAoGA1Ud
+-FAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQCMM5PyBAY5BuNVk0k2Bqn5FvlIrSnS
+-LMZaoUVG/OtgjMD6g47dSXVHgIXmuFu3Bp44mRM85ZVd1URjmjR4ZwfVfcprkqo7
+-L655K+nyPUoq5IZh7y4MKVYwbEfetu0HjWuOqFI9T7zalOF9MfeoOx6u93CTgUvy
+-1s5EVnG0d0qon3CEHTJwpzYQDgXVesUX0ZqNwvKnMGQhB8YQ/NOX807xQR5Ckl7s
+-6CYkAySe84lMascnwe1nFp3nGIxbOTxXqohWkvscM6933+veisgh6F4p63oF4rKs
+-Xr93Bf9FsvwfitI/PfMWkKzFEEaZTjAM26ioLgBBcBxxIJleLysyudd2
+------END X509 CRL-----
+diff --git a/test/ssl/server-expired.crt b/test/ssl/server-expired.crt
+deleted file mode 100644
+index 9a938e7..0000000
+--- a/test/ssl/server-expired.crt
++++ /dev/null
+@@ -1,82 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 2 (0x2)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Validity
+-            Not Before: Aug 20 00:00:00 2012 GMT
+-            Not After : Aug 21 00:00:00 2012 GMT
+-        Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production-expired, CN=localhost
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:95:0d:f4:ee:f2:c8:f8:84:23:78:af:73:53:78:
+-                    78:95:fd:cd:a6:fd:fd:0f:c7:ee:1c:39:e7:3c:d5:
+-                    2b:ac:1d:ab:92:e9:8d:df:c1:15:37:40:3d:d1:b6:
+-                    96:78:ec:4e:63:54:53:14:d4:9d:bc:42:6d:d9:5d:
+-                    3b:ce:d4:d0:a5:f1:ef:32:5a:c7:63:1b:2c:01:a7:
+-                    f4:9e:9a:39:95:c4:70:02:fa:8f:d2:d1:fc:0c:51:
+-                    4e:e1:91:54:88:ee:0d:c1:f0:6a:17:7d:05:9e:f2:
+-                    2e:b8:ed:49:b3:41:70:21:94:b4:02:22:bf:ff:79:
+-                    0d:fb:38:bb:a1:3d:c0:a9:60:5e:39:18:8e:07:48:
+-                    15:10:7b:b0:01:2b:2b:35:8c:67:be:85:70:cf:ba:
+-                    99:bc:a8:1d:50:3f:ac:d9:32:91:ea:59:c4:4a:7a:
+-                    72:5d:28:1e:43:5b:0b:b5:c0:d0:9d:ac:c5:68:c9:
+-                    e5:ef:3e:cf:58:04:e6:99:4e:21:7c:c0:80:9d:88:
+-                    f4:89:ca:d3:17:e1:77:fa:31:8c:7d:14:3e:af:e0:
+-                    16:f8:67:28:4b:18:bb:fd:c3:4a:64:1f:c7:26:3b:
+-                    0c:db:04:e7:11:35:13:99:ca:9c:25:87:48:e6:60:
+-                    f2:a1:ef:7c:c2:5f:c3:02:ee:4c:27:32:da:20:76:
+-                    70:79
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Basic Constraints: 
+-                CA:FALSE
+-            Netscape Comment: 
+-                OpenSSL Generated Certificate
+-            X509v3 Subject Key Identifier: 
+-                75:36:7F:77:C7:7D:8D:B8:2B:7C:7D:8B:D8:0C:AD:59:3C:B0:85:E6
+-            X509v3 Authority Key Identifier: 
+-                keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-
+-    Signature Algorithm: sha256WithRSAEncryption
+-         74:c7:1f:42:e3:00:94:1a:16:ec:c9:17:02:1f:4f:e6:b0:4a:
+-         4b:b1:2d:d2:3f:04:54:54:23:d1:b6:da:fa:fc:ac:3e:32:35:
+-         a9:68:6b:b7:bc:06:ee:58:d5:95:a5:48:56:cb:ea:9d:d3:5e:
+-         68:ce:8f:65:60:40:42:a6:8d:c5:e4:33:d3:ef:ed:e4:fd:23:
+-         fe:28:34:ca:eb:2f:69:45:8e:61:dc:e2:0c:50:96:35:94:90:
+-         25:61:55:d5:9c:d8:00:63:e0:6e:a1:67:f2:3f:34:a5:9d:33:
+-         2a:7d:de:c0:89:8c:46:b1:fc:d4:19:7e:be:83:e0:f1:34:ff:
+-         41:d3:cd:fb:e5:71:9d:05:00:67:af:f3:03:be:f6:e9:db:76:
+-         58:89:72:68:7f:32:84:ff:c0:38:95:89:60:1b:99:fc:5e:37:
+-         81:fa:ce:e7:78:7f:6c:3e:b9:70:74:62:62:d3:c2:8e:8e:2c:
+-         11:fc:e6:fa:9a:cd:1e:79:67:51:01:54:1e:7d:db:32:09:13:
+-         14:91:a3:56:2d:8e:fa:f8:3d:49:67:fe:b2:c8:11:8a:09:0e:
+-         05:b0:0e:6b:39:4e:c5:7e:13:ea:40:41:26:d1:c0:c3:a2:cb:
+-         cc:3d:cf:fe:59:0a:e1:b8:0d:50:47:0a:86:b4:72:21:89:b7:
+-         5b:e2:37:2d
+------BEGIN CERTIFICATE-----
+-MIID2TCCAsGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx
+-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMTIwODIw
+-MDAwMDAwWhcNMTIwODIxMDAwMDAwWjB+MQswCQYDVQQGEwJHQjEYMBYGA1UECAwP
+-Tm90dGluZ2hhbXNoaXJlMRMwEQYDVQQHDApOb3R0aW5naGFtMQ8wDQYDVQQKDAZT
+-ZXJ2ZXIxGzAZBgNVBAsMElByb2R1Y3Rpb24tZXhwaXJlZDESMBAGA1UEAwwJbG9j
+-YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ307vLI+IQj
+-eK9zU3h4lf3Npv39D8fuHDnnPNUrrB2rkumN38EVN0A90baWeOxOY1RTFNSdvEJt
+-2V07ztTQpfHvMlrHYxssAaf0npo5lcRwAvqP0tH8DFFO4ZFUiO4NwfBqF30FnvIu
+-uO1Js0FwIZS0AiK//3kN+zi7oT3AqWBeORiOB0gVEHuwASsrNYxnvoVwz7qZvKgd
+-UD+s2TKR6lnESnpyXSgeQ1sLtcDQnazFaMnl7z7PWATmmU4hfMCAnYj0icrTF+F3
+-+jGMfRQ+r+AW+GcoSxi7/cNKZB/HJjsM2wTnETUTmcqcJYdI5mDyoe98wl/DAu5M
+-JzLaIHZweQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
+-U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdTZ/d8d9jbgrfH2L
+-2AytWTywheYwHwYDVR0jBBgwFoAUqlpbHJEymz+bw0Js0mj2p+DPvuAwDQYJKoZI
+-hvcNAQELBQADggEBAHTHH0LjAJQaFuzJFwIfT+awSkuxLdI/BFRUI9G22vr8rD4y
+-Naloa7e8Bu5Y1ZWlSFbL6p3TXmjOj2VgQEKmjcXkM9Pv7eT9I/4oNMrrL2lFjmHc
+-4gxQljWUkCVhVdWc2ABj4G6hZ/I/NKWdMyp93sCJjEax/NQZfr6D4PE0/0HTzfvl
+-cZ0FAGev8wO+9unbdliJcmh/MoT/wDiViWAbmfxeN4H6zud4f2w+uXB0YmLTwo6O
+-LBH85vqazR55Z1EBVB592zIJExSRo1Ytjvr4PUln/rLIEYoJDgWwDms5TsV+E+pA
+-QSbRwMOiy8w9z/5ZCuG4DVBHCoa0ciGJt1viNy0=
+------END CERTIFICATE-----
+diff --git a/test/ssl/server-expired.key b/test/ssl/server-expired.key
+deleted file mode 100644
+index 799477a..0000000
+--- a/test/ssl/server-expired.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEogIBAAKCAQEAlQ307vLI+IQjeK9zU3h4lf3Npv39D8fuHDnnPNUrrB2rkumN
+-38EVN0A90baWeOxOY1RTFNSdvEJt2V07ztTQpfHvMlrHYxssAaf0npo5lcRwAvqP
+-0tH8DFFO4ZFUiO4NwfBqF30FnvIuuO1Js0FwIZS0AiK//3kN+zi7oT3AqWBeORiO
+-B0gVEHuwASsrNYxnvoVwz7qZvKgdUD+s2TKR6lnESnpyXSgeQ1sLtcDQnazFaMnl
+-7z7PWATmmU4hfMCAnYj0icrTF+F3+jGMfRQ+r+AW+GcoSxi7/cNKZB/HJjsM2wTn
+-ETUTmcqcJYdI5mDyoe98wl/DAu5MJzLaIHZweQIDAQABAoIBAGp3BJtkaS4xXBDI
+-6UwWwbMJDUqZIpeSC763kTZ/YOlYbAPMtNy80oWbakyP6ZzH1RnX0lwPnfcpT8Mx
+-eBW9JqdRTrQd6UsdzmoEaJKcwEL8g7Fs/SvtduXpcblmkAYaW1NKgMz0LP6iJ8NJ
+-IhpaxFgIGidoYNF+ywDFPifmruWLa9OOQNv3fFrLHfLaZnoO/jdk6uMPMuoTsaV2
+-VgkzTlyQ+6VkBKB0j1VKGJIPsQglrw2kTdlucyWD6J5Lymex38nfuu8hVwIMZYxj
+-eC0lxLllNagu6RgRx4PYmOv4041dP39MxAuLfawWz61/gXxzhaiBvUI9SXvLmWY+
+-hhyfFXECgYEAw3v+dBXCUSsQ/TU0AQCukGvzWYdgksZN5mK2Jq1dkdvVbgWYdrcv
+-sY05n0ejrojouLShVdXY7hktzG122nZLuZSN8Vb8enV/FjM5s+JZi6DRSZJ/9KQN
+-sklutALXyDsfxcvqnAZkznx/BRF2Ny1ZPuWewInFNP5B+OJ4u+GLjK0CgYEAwzJt
+-3VvfVNsqagHWM94L+tiDBHQjz0Wiv69wZzcCJcaVfGly8F0Uyt/DHs4cl1l3aKS3
+-04wgVHkowvm//MoApRYNt4LS80BnL42NFinPT+L+/eNETRUheSOEFzdi2aXAmD2G
+-ojaVON9BKvr69BfSHNtSQFpX3qZYyczS8c41wH0CgYBYs+jwb/cusaYR35RraA3O
+-Bs3zsBRIRaePhPc2cbBlwSUFuZBHPjRsErM07WL+ja1cMsqKknDPCanYe0tVMhyG
+-ZzxJaLlEMBCs2C20zF7plt2gztM1BUQZxGxxTmDvwLRYIoGgrt4LPD6+4/+KZg97
+-FOKGZ32O4Fi7QLicOGoEOQKBgCxcU5eQ/4pbXKJG1JVpCzPw7KWgd1rtqnUBu/vZ
+-BoXrQaHKnTJ/FPCeNcvUb679yCNh+9z55YcNGfRlqfobNlZOUsO32ZUqt8iY1M2K
+-pvCy19x/P9B80uSi66wTDEYGY2S15tkKqpMIOdk4vLuohjnEpka1wW56Q4dpIy+M
+-+65JAoGAYV8oukeeucSAIB74AdP6F9NP1HQc2RQT6lVYQRkSwuhRi1rEyelati/Y
+-bezK5vsHPaNQcTM0IJup0MSQjslm7NU06xiW+jE5YCbaqTzwto1YB9U9NnOI3Cd7
+-2kwcJzEAvgJNEbGvHVE1c0TQh7/5YePfY+smrlpLdGF5IwsU0Fw=
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/server.crt b/test/ssl/server.crt
+deleted file mode 100644
+index d8db1d0..0000000
+--- a/test/ssl/server.crt
++++ /dev/null
+@@ -1,82 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 1 (0x1)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Validity
+-            Not Before: Feb 25 14:54:18 2020 GMT
+-            Not After : Feb 23 14:54:18 2025 GMT
+-        Subject: C=GB, ST=Nottinghamshire, L=Nottingham, O=Server, OU=Production, CN=localhost
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:f0:01:ba:97:f8:35:4c:d0:d4:1e:22:9a:d8:af:
+-                    f6:a8:1d:75:05:a8:8d:aa:04:a9:3b:b8:fc:c6:bd:
+-                    2d:23:23:b1:fe:73:c4:24:75:aa:b2:55:9c:c8:27:
+-                    37:66:15:8d:10:4b:46:52:dd:f7:0c:e3:07:90:35:
+-                    35:64:f4:c1:34:89:14:9e:7f:5a:da:ba:6a:80:29:
+-                    19:9e:38:55:85:f1:bb:b0:1e:61:7d:99:03:28:2f:
+-                    75:4b:eb:06:aa:bc:da:d0:c2:97:cb:63:f8:83:94:
+-                    c0:e6:22:da:37:18:99:68:b0:cf:b7:5e:03:bd:8b:
+-                    3e:f2:b7:47:cb:fe:c8:e8:45:73:e3:23:6e:93:14:
+-                    6a:b0:af:86:e1:b4:83:30:b5:da:df:a0:08:ac:d6:
+-                    9f:d1:4e:bd:bb:f7:7e:b4:28:c0:16:35:cb:c4:18:
+-                    7a:5b:92:cd:0e:d9:0d:d6:57:ca:6c:59:ef:ad:2e:
+-                    99:8d:41:07:87:70:0b:27:a9:1b:65:a4:f9:75:15:
+-                    81:cc:c8:d8:d2:b5:49:c9:77:01:21:ad:a7:44:3d:
+-                    4a:88:c9:5f:dd:70:6a:f6:14:0a:4c:d2:b4:d2:8c:
+-                    f6:5f:cf:bd:03:0a:dd:ac:08:c2:54:5d:77:e5:96:
+-                    f1:a3:06:31:5f:4f:d8:b7:f9:ce:8f:18:20:74:0e:
+-                    66:43
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Basic Constraints: 
+-                CA:FALSE
+-            Netscape Comment: 
+-                OpenSSL Generated Certificate
+-            X509v3 Subject Key Identifier: 
+-                21:93:75:73:22:5F:FA:88:1E:8C:4E:00:A8:B1:AD:67:B2:A7:7C:E3
+-            X509v3 Authority Key Identifier: 
+-                keyid:AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-
+-    Signature Algorithm: sha256WithRSAEncryption
+-         5e:71:9a:51:b5:47:5b:a5:1a:fd:05:26:b6:98:50:47:d1:f3:
+-         c7:b9:1e:23:09:68:2c:23:74:48:55:2f:69:f7:e0:06:31:c0:
+-         0c:14:4a:9a:e4:43:b4:1d:ec:80:3b:14:e7:2e:63:db:d5:99:
+-         0a:64:5f:4e:0b:1e:e8:2d:db:7f:71:ad:b7:a6:51:a0:c9:e1:
+-         f4:52:19:30:c1:8d:ab:36:3c:77:85:da:f7:c0:5f:0b:54:d8:
+-         48:c8:2b:98:ae:e0:f6:34:85:a1:17:5e:a5:cb:65:ea:cc:cc:
+-         67:40:64:bf:0d:fd:21:de:1f:13:01:13:51:88:de:33:f9:94:
+-         d9:a3:13:9f:ba:6f:b4:bd:8b:61:1f:b7:43:24:97:30:f6:ab:
+-         67:0e:ee:8d:6a:11:ba:4b:b1:1f:61:bd:d9:a0:c7:38:b1:5a:
+-         4c:e6:51:36:03:5a:d6:56:85:b3:2f:32:0f:8d:96:da:5a:42:
+-         85:10:ba:bb:cf:75:c9:ff:73:95:bc:34:c1:99:76:ca:b1:b5:
+-         63:88:2c:98:51:b4:b5:61:ea:0e:20:6a:22:cf:09:65:26:b8:
+-         dc:72:d3:a1:fa:78:5c:b5:09:d9:b6:e6:d7:05:1b:35:72:e0:
+-         d8:ee:a3:39:95:5e:24:55:8c:1e:7e:87:17:40:b3:4f:4c:90:
+-         c9:2b:f2:43
+------BEGIN CERTIFICATE-----
+-MIID0TCCArmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3Qx
+-EDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAMMClNpZ25pbmcgQ0EwHhcNMjAwMjI1
+-MTQ1NDE4WhcNMjUwMjIzMTQ1NDE4WjB2MQswCQYDVQQGEwJHQjEYMBYGA1UECAwP
+-Tm90dGluZ2hhbXNoaXJlMRMwEQYDVQQHDApOb3R0aW5naGFtMQ8wDQYDVQQKDAZT
+-ZXJ2ZXIxEzARBgNVBAsMClByb2R1Y3Rpb24xEjAQBgNVBAMMCWxvY2FsaG9zdDCC
+-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPABupf4NUzQ1B4imtiv9qgd
+-dQWojaoEqTu4/Ma9LSMjsf5zxCR1qrJVnMgnN2YVjRBLRlLd9wzjB5A1NWT0wTSJ
+-FJ5/Wtq6aoApGZ44VYXxu7AeYX2ZAygvdUvrBqq82tDCl8tj+IOUwOYi2jcYmWiw
+-z7deA72LPvK3R8v+yOhFc+MjbpMUarCvhuG0gzC12t+gCKzWn9FOvbv3frQowBY1
+-y8QYeluSzQ7ZDdZXymxZ760umY1BB4dwCyepG2Wk+XUVgczI2NK1Scl3ASGtp0Q9
+-SojJX91wavYUCkzStNKM9l/PvQMK3awIwlRdd+WW8aMGMV9P2Lf5zo8YIHQOZkMC
+-AwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l
+-cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFCGTdXMiX/qIHoxOAKixrWeyp3zj
+-MB8GA1UdIwQYMBaAFKpaWxyRMps/m8NCbNJo9qfgz77gMA0GCSqGSIb3DQEBCwUA
+-A4IBAQBecZpRtUdbpRr9BSa2mFBH0fPHuR4jCWgsI3RIVS9p9+AGMcAMFEqa5EO0
+-HeyAOxTnLmPb1ZkKZF9OCx7oLdt/ca23plGgyeH0UhkwwY2rNjx3hdr3wF8LVNhI
+-yCuYruD2NIWhF16ly2XqzMxnQGS/Df0h3h8TARNRiN4z+ZTZoxOfum+0vYthH7dD
+-JJcw9qtnDu6NahG6S7EfYb3ZoMc4sVpM5lE2A1rWVoWzLzIPjZbaWkKFELq7z3XJ
+-/3OVvDTBmXbKsbVjiCyYUbS1YeoOIGoizwllJrjcctOh+nhctQnZtubXBRs1cuDY
+-7qM5lV4kVYwefocXQLNPTJDJK/JD
+------END CERTIFICATE-----
+diff --git a/test/ssl/server.key b/test/ssl/server.key
+deleted file mode 100644
+index 7404d13..0000000
+--- a/test/ssl/server.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEpQIBAAKCAQEA8AG6l/g1TNDUHiKa2K/2qB11BaiNqgSpO7j8xr0tIyOx/nPE
+-JHWqslWcyCc3ZhWNEEtGUt33DOMHkDU1ZPTBNIkUnn9a2rpqgCkZnjhVhfG7sB5h
+-fZkDKC91S+sGqrza0MKXy2P4g5TA5iLaNxiZaLDPt14DvYs+8rdHy/7I6EVz4yNu
+-kxRqsK+G4bSDMLXa36AIrNaf0U69u/d+tCjAFjXLxBh6W5LNDtkN1lfKbFnvrS6Z
+-jUEHh3ALJ6kbZaT5dRWBzMjY0rVJyXcBIa2nRD1KiMlf3XBq9hQKTNK00oz2X8+9
+-AwrdrAjCVF135ZbxowYxX0/Yt/nOjxggdA5mQwIDAQABAoIBAQC26PpluxoT0sr1
+-tHXCUkhu0xROHajpO+glxdOPOrldoGSUgXGoP6y5gJmdyJVlzWLWWifcG6GeRp+K
+-/aIVsJpWCWqXaIO7Unq79Za6iEBVdmcNz/mImMZZJ+IC27kXAhrZIpRAw42v6fwg
+-58raVnsD2ExVeObs22Q74gZrp19B88KFc8Ce3ZTJMhvIkrAbG38ilnlxZVCdxCzM
+-Yl8NAxgHDlKUBDI9omKgksbWYwMWanZxQYwJ1i5rxJuDmGlmwqTe0z2W+2v0GxYj
+-EldVDq9mK9dqQZQI0mQIJzGmG+weFlPoj8+GbU3aySULt8q6L/4U1nbmPfPlu5sp
+-C1vbbsExAoGBAPtRG11qK1CP6AiYFAVUY4WF/OEzVlB2VEhyeXSm9QixZG1BbdHW
+-vHWRxSwPwTtHwbih+hEuOXjAG8sg+JI60Iz8auhf3EVS6DjXpqN7+dua8x3ttJ9s
+-c6PHDqRHxRcBKBGdC3Wx5IvxGGCqEb/4Aa5t3JUVPH8PvQaxCTJcJKzXAoGBAPR6
+-qvynjR75CqH/tDtSbR5CrUrXaup6s4xw/nUTbxXTb3PsVKklI+unFFDEs+PhmIyE
+-xdCC2xuWbRzVSkF5vgbqraGqjGK04DGFjMdHA1oN9YskAoDaFudWp9vHAXKB0rFe
+-HOYNuWEy2dR7qMvA9No2QbEN7Z2FWGcdTgVReth1AoGBAIxwe5lNLh1b/a9nxLBh
+-wyeng3QZax+VsG23wtWEQyPzdYp0aLk9hZ0xs3x25WWKKOBTa9nT+fvXZvCxYRbe
+-VRKkL93hS8dVmD3DjPSI4ExvH3LXFfuM8GZSY4U8MhAz7j9Bgljn6y6ksRm7kCW1
+-osLl08Ff16mtktU9c0U4JqqLAoGAc2OCWIVsYfYBQrzBgE5DGkk2KWDLIaiQHfUm
+-5HMrtw14SSp+OudAsPTG7egpT6EmswvnoaZha//vt/AjgAvJ2NHi6a7pW50rQ7RY
+-4aVuu45jGi0A0Xgd30pTJ7Qhxr3nh7d3xE0t9eZeUZ+b569G4cdB8iM0x2gsdV6r
+-eG8goBECgYEAg2hxFf/moUr9XGUPvKgEnHHpnKflsqa93YApEP+zgMdr1yLXTKNw
+-5YL7tRyExXFmuNOAD3R8l0yUItX+uP01lzNrkdKl2S+yU3cYEaAvRSWH5SKqilrB
+-e2/sVivHAthr8uIqjSnaLdpkQ3pyb7X5auSf/VfruQjHhuHCsXToRxU=
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/test-alt-ca.crt b/test/ssl/test-alt-ca.crt
+deleted file mode 100644
+index 6a04ff9..0000000
+--- a/test/ssl/test-alt-ca.crt
++++ /dev/null
+@@ -1,79 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 2 (0x2)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, L=Derby, O=Mosquitto Project, OU=Testing, CN=Root CA
+-        Validity
+-            Not Before: Feb 25 14:54:18 2020 GMT
+-            Not After : Feb 23 14:54:18 2025 GMT
+-        Subject: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Alternative Signing CA
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:ce:93:cf:ac:4e:f4:14:e1:4b:aa:b9:e8:dd:c0:
+-                    7f:eb:ab:55:16:da:8f:01:1b:55:6e:7e:b3:e0:4e:
+-                    03:68:5f:48:b4:8c:d3:d2:44:ac:3b:3a:78:88:ac:
+-                    90:f9:22:d3:b9:8a:24:35:e4:c9:2e:a0:25:b1:a6:
+-                    ca:d8:86:97:8b:63:34:73:12:8c:f6:bb:38:ea:40:
+-                    db:d6:ce:06:33:bb:ea:9b:3b:60:c2:af:22:07:08:
+-                    41:e4:8c:d4:ef:9d:57:b3:73:8c:28:3a:22:15:1b:
+-                    63:67:a5:cc:00:ca:a3:7c:c8:ef:d9:64:72:c2:ef:
+-                    31:a1:a6:b4:d9:ad:15:66:42:32:5c:8f:6e:dd:bc:
+-                    97:7a:5a:07:a4:a1:e2:cd:27:c3:95:5b:1d:7b:d5:
+-                    27:65:b4:34:da:6c:59:40:3a:c0:78:41:8c:48:64:
+-                    e9:dd:8d:f6:a6:ff:b3:3b:63:f7:9e:f8:f9:d1:a0:
+-                    0d:0a:34:3c:2f:51:73:05:58:76:cd:ca:62:61:cb:
+-                    bc:9d:76:d6:e6:ca:1b:3b:95:a2:2f:24:6c:20:84:
+-                    d2:fa:28:4f:b1:d5:85:eb:f6:47:49:d5:77:a3:03:
+-                    05:cb:fa:c9:c6:b0:bf:38:ca:8e:9f:44:98:28:ee:
+-                    a5:fe:d5:bc:85:7a:40:6e:e1:6b:f3:43:a2:22:0f:
+-                    28:7b
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Subject Key Identifier: 
+-                75:A1:3D:93:BD:A7:31:3D:0F:D2:0B:8D:04:43:49:BF:BC:B7:BD:87
+-            X509v3 Authority Key Identifier: 
+-                keyid:7A:89:5D:1E:C9:B1:72:2F:38:DB:DE:E7:D3:49:80:2C:01:FA:3B:74
+-
+-            X509v3 Basic Constraints: 
+-                CA:TRUE
+-    Signature Algorithm: sha256WithRSAEncryption
+-         b1:d6:97:e3:46:14:82:1e:c6:8c:50:b8:e8:13:4b:62:70:62:
+-         0c:f9:3d:07:19:cf:d0:78:2c:53:1f:10:87:0f:f9:2a:95:2e:
+-         6f:c6:d3:87:d7:69:8d:7e:42:ee:c3:50:e6:13:56:65:6d:0f:
+-         7c:cb:9c:35:d6:12:ff:e1:57:63:98:e0:80:53:9d:2b:8e:45:
+-         c4:34:e4:c0:60:79:d6:53:85:bc:5d:26:e4:ce:1b:6b:c4:ef:
+-         47:e5:87:a9:9c:ea:a8:dc:35:cd:f0:b2:95:60:e2:67:89:56:
+-         e0:1e:95:71:2b:6a:77:91:15:ad:a1:50:27:5d:03:1c:13:0f:
+-         2f:7d:ea:41:3d:1b:9f:e4:b4:b5:92:99:ca:32:dc:17:d9:54:
+-         52:f9:b9:e0:9b:ed:23:b7:78:d3:07:36:34:2f:25:19:5f:49:
+-         e6:35:c6:d9:99:07:e9:52:dd:01:09:a9:d7:bf:e7:f4:74:6f:
+-         e2:0b:ce:da:7f:fa:38:95:43:d0:6c:f3:c4:1b:14:1c:47:50:
+-         14:a9:48:4d:0c:d0:c6:be:a3:bc:17:9c:e3:92:24:e6:b3:51:
+-         91:64:f4:55:1d:d1:5f:1b:69:90:ac:7e:69:e5:92:f7:d6:d2:
+-         8a:f5:b2:5d:9b:79:8b:19:1c:6f:5a:9b:17:e5:c1:44:89:13:
+-         0f:69:17:7c
+------BEGIN CERTIFICATE-----
+-MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1v
+-c3F1aXR0byBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdSb290
+-IENBMB4XDTIwMDIyNTE0NTQxOFoXDTI1MDIyMzE0NTQxOFowcTELMAkGA1UEBhMC
+-R0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9q
+-ZWN0MRAwDgYDVQQLDAdUZXN0aW5nMR8wHQYDVQQDDBZBbHRlcm5hdGl2ZSBTaWdu
+-aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpPPrE70FOFL
+-qrno3cB/66tVFtqPARtVbn6z4E4DaF9ItIzT0kSsOzp4iKyQ+SLTuYokNeTJLqAl
+-sabK2IaXi2M0cxKM9rs46kDb1s4GM7vqmztgwq8iBwhB5IzU751Xs3OMKDoiFRtj
+-Z6XMAMqjfMjv2WRywu8xoaa02a0VZkIyXI9u3byXeloHpKHizSfDlVsde9UnZbQ0
+-2mxZQDrAeEGMSGTp3Y32pv+zO2P3nvj50aANCjQ8L1FzBVh2zcpiYcu8nXbW5sob
+-O5WiLyRsIITS+ihPsdWF6/ZHSdV3owMFy/rJxrC/OMqOn0SYKO6l/tW8hXpAbuFr
+-80OiIg8oewIDAQABo1AwTjAdBgNVHQ4EFgQUdaE9k72nMT0P0guNBENJv7y3vYcw
+-HwYDVR0jBBgwFoAUeoldHsmxci84297n00mALAH6O3QwDAYDVR0TBAUwAwEB/zAN
+-BgkqhkiG9w0BAQsFAAOCAQEAsdaX40YUgh7GjFC46BNLYnBiDPk9BxnP0HgsUx8Q
+-hw/5KpUub8bTh9dpjX5C7sNQ5hNWZW0PfMucNdYS/+FXY5jggFOdK45FxDTkwGB5
+-1lOFvF0m5M4ba8TvR+WHqZzqqNw1zfCylWDiZ4lW4B6VcStqd5EVraFQJ10DHBMP
+-L33qQT0bn+S0tZKZyjLcF9lUUvm54JvtI7d40wc2NC8lGV9J5jXG2ZkH6VLdAQmp
+-17/n9HRv4gvO2n/6OJVD0GzzxBsUHEdQFKlITQzQxr6jvBec45Ik5rNRkWT0VR3R
+-XxtpkKx+aeWS99bSivWyXZt5ixkcb1qbF+XBRIkTD2kXfA==
+------END CERTIFICATE-----
+diff --git a/test/ssl/test-alt-ca.key b/test/ssl/test-alt-ca.key
+deleted file mode 100644
+index 33e199b..0000000
+--- a/test/ssl/test-alt-ca.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEogIBAAKCAQEAzpPPrE70FOFLqrno3cB/66tVFtqPARtVbn6z4E4DaF9ItIzT
+-0kSsOzp4iKyQ+SLTuYokNeTJLqAlsabK2IaXi2M0cxKM9rs46kDb1s4GM7vqmztg
+-wq8iBwhB5IzU751Xs3OMKDoiFRtjZ6XMAMqjfMjv2WRywu8xoaa02a0VZkIyXI9u
+-3byXeloHpKHizSfDlVsde9UnZbQ02mxZQDrAeEGMSGTp3Y32pv+zO2P3nvj50aAN
+-CjQ8L1FzBVh2zcpiYcu8nXbW5sobO5WiLyRsIITS+ihPsdWF6/ZHSdV3owMFy/rJ
+-xrC/OMqOn0SYKO6l/tW8hXpAbuFr80OiIg8oewIDAQABAoIBAEgNoHMeet5JkwXy
+-oHmwai3+bchx5U1ihlLrGLyVGXUvPwHS2RNPZq+l/mLVph9v+V+PAoBV06JSs7Ma
+-VUhe8b7plGLKxqZMuVZj1wo+hEVJN1R7yo09XuYLCEi6oo8NV4i9NdbWKAsqqWp+
+-lwBzrcCZqacu9SRvH+Wdaxk92Of4cHcbP8nHSw9uGg6xmMONXntdJyFgX84DVC3P
+-hRbl8SbhxzcVGGanhMvuag3lK/rJdoZGM9HRuXVUDY4vMNHzeyH783OOp3+U7TOI
+-MQzG3gAnVzdUIqP2OxiAL8lqdPgsNPyl6z+fYnVe+8GzbkzSr7GxrEv6KqUQTX9Y
+-IOn0cRECgYEA61OMoEeTHSaoIfPMAOYx+gq6s71x0xk5OI7kKDwitFuuxR+kA/Fi
+-uzwomYSq8yUMAxxX97WCVQfeF5SiDYZ4ETnLjuNwh4i4mZbhwET6KeEfZz0MFQMM
+-tBOB8e+SaNUbf1Of8l3qeFrCitYn1sY2BCGhz7DPUDwN2tqL6+Oot1kCgYEA4Lmz
+-w9XLWe5aP2ix30qHnDjGzEouO30JxZMhk0iH/iu0QD7NEO4KPugLMATVdu5yfKnT
+-9Xr6gOfj2nUsMSiLBzyvOgo7OaCbznEMTdF7s3hfkh8nhKyOqYVGjzvjJP5tlnmq
+-i+j/PAeB/my9eTof6msxJdlmVj34WXmBHQoNN/MCgYA56yxXXoZkzFjhUmHJbt6q
+-De35wwy6yiB9PR4GkRZxkYcoWStDFSwZrSrI7hAtG9cjBNzZyMC1MOSGpTxlW809
+-YB4rourVUN8uXiZd7hwsJo5WGH5axY9g2tRGuZItXxYPdoONYXQN/ziWdzMC93Hf
+-/m8W8Qt1UfKPBO8fNb8WsQKBgFTwe+ziazkzqTLcXJbcccNvhlyDEVR033OpOACW
+-YqiEVl4OHq5uerrqNAhTW2fXmrhZ7H6VnAeLHolcznZKL7ptioGyik4u0ZVHD3J+
+-YnYkYmM1mVdBba7PbCsJZMJ/1GYS2I6HY6mJ4O2MplUizhtppqr6r/6a77rJ/S4/
+-tV1XAoGAV/73Onjr9h5TNdhzyvNYoyh9+DB8lCqMZW4oyb51m1IbhcOaHXvgiEoR
+-WLW+iIKllTX0S0N3bwc1hzf5719FuhRN8a7KnokJ61sRwS6gdfKWTHF1j3kSlzRP
+-+i7PEoxbRSqeA9lE/fKWprV5Iq4BP0xc1nujii8W4IjcXkp/cE8=
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/test-bad-root-ca.crt b/test/ssl/test-bad-root-ca.crt
+deleted file mode 100644
+index cfe40c3..0000000
+--- a/test/ssl/test-bad-root-ca.crt
++++ /dev/null
+@@ -1,23 +0,0 @@
+------BEGIN CERTIFICATE-----
+-MIIDyjCCArKgAwIBAgIUdyk9NtFrh5WnXWwmIarH9aqo+2cwDQYJKoZIhvcNAQEL
+-BQAwdjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM
+-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz
+-dGluZzEUMBIGA1UEAwwLQmFkIFJvb3QgQ0EwHhcNMjAwMjI1MTQ1NDE4WhcNMzAw
+-MjIyMTQ1NDE4WjB2MQswCQYDVQQGEwJHQjETMBEGA1UECAwKRGVyYnlzaGlyZTEO
+-MAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9qZWN0MRAwDgYD
+-VQQLDAdUZXN0aW5nMRQwEgYDVQQDDAtCYWQgUm9vdCBDQTCCASIwDQYJKoZIhvcN
+-AQEBBQADggEPADCCAQoCggEBAMsMhOIsSRKAopYjV/0lG252A4Xd1qUQlcwOPq3Z
+-1JYuBsa2We19xT427tSTXoDR2zdUH9nB1709wes7oTM8q1WWHszV/8DLBHotZZzf
+-aNFy9ipwqjaJXMG5hWO1p+wg2q2BspoOpRcWhNO4ZrR5dPT1cm/N+A8TxtYd4WtO
+-PWxXQj84rppeEUJjyE1QIRTGuQMiQxzsiyiTvyzKjuCELFcPjNwpqjEfxKaoHCD/
+-5GWH1C8r2pOVIpRnP9qDVX4jQvSyAdfWeuPT0h2qHWp751e5w/inXkavzqYqI9xE
+-vImUgW5/rVY8DrOf8huFXpfMwMBYuzxjbnObPhD85xRcc58CAwEAAaNQME4wHQYD
+-VR0OBBYEFBuIpb/fFNJ54niM+oiZMHEDFPiNMB8GA1UdIwQYMBaAFBuIpb/fFNJ5
+-4niM+oiZMHEDFPiNMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAH71
+-WiPLeVumxVuB40cuaKpNDcMGFg3snkKi9d9eEVTP1gtfWt1dclXYnaPwYr8a3d5D
+-iZnIVC5LUtFdWHaO6SHwsNmb59LFfXPtYxO3mOxUbSW3kTuB/N0B6laOcViPVpVt
+-nLJ3FKKcRAjTuBfP191hbG6uG1bdAh5VLrDgA0taXcwiRd7zlKp+MdoxbetnLw3R
+-GyzdAlWjJUGm5b7cE5sJZ0t3UoJsDeJckYJzUeDRV/90395pay3E9bd3ooa+1K9Q
+-AJk8MuGRY7W4qtC1JioqCTJJpkyryNql2pXiN4RqChTElYa1mbOP1qet1xLMEQY6
+-8D9qi22Al8++KQ+gw0o=
+------END CERTIFICATE-----
+diff --git a/test/ssl/test-bad-root-ca.key b/test/ssl/test-bad-root-ca.key
+deleted file mode 100644
+index b0ac5d8..0000000
+--- a/test/ssl/test-bad-root-ca.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEpAIBAAKCAQEAywyE4ixJEoCiliNX/SUbbnYDhd3WpRCVzA4+rdnUli4GxrZZ
+-7X3FPjbu1JNegNHbN1Qf2cHXvT3B6zuhMzyrVZYezNX/wMsEei1lnN9o0XL2KnCq
+-NolcwbmFY7Wn7CDarYGymg6lFxaE07hmtHl09PVyb834DxPG1h3ha049bFdCPziu
+-ml4RQmPITVAhFMa5AyJDHOyLKJO/LMqO4IQsVw+M3CmqMR/EpqgcIP/kZYfULyva
+-k5UilGc/2oNVfiNC9LIB19Z649PSHaodanvnV7nD+KdeRq/Opioj3ES8iZSBbn+t
+-VjwOs5/yG4Vel8zAwFi7PGNuc5s+EPznFFxznwIDAQABAoIBAAduwuKAmoAp40m5
+-q3vhwtpNSZ253CSYsdMRZmv4wFZrAuZ9QFd4NiMr4Zw4dMokZHDnDG9tMBeGTjXt
+-Ld5xRxhP8XqwDreg9t3+EW0npG+eVLKDA0gRySpyPxbCTI5ROZAGYmJPTO3GbkBN
+-zLyogYaCAZlkIcNzhuDJoTnLWGZBzrsvwCGqwHdjGras31FSf+HYC8KcjQysQmUV
+-F/puNldvV5rXo8rDOIdtrCC9oYvGMJDSk9X0qsHLWWqVnrruy7SmHMJ2kn6wUFfj
+-qjm9OTdaHJOrswNmW/xLyQzj5gQOh45y7/e1W2X08HpUBzuraOnDJM2ty0dTetEW
+-sb2+eUECgYEA8iGLJcHOWmK3cws/mAfI4GCvI1FcwYKXJzVCs+lozlzd7kioM4dW
+-h4Mg30LbBDDsytxMNcaq5Aglwdg5CLg657vreQeZk6HUuFcwf//sJoBRAbwScE6r
+-pI5fSSce9K+xzQzjpKiWy+Q3eC3Sax5yeeEKBSolUSKgVmDQ/lgv+D8CgYEA1q3m
+-YK2RukYOEdcT2BpZmJI8vmeKRl6rswj6q4eSzRnruCrLxgNsDIQUkhX6zQ+a5Lhy
+-g8USSqnpAZdBTXYIFo8fztx5abzXZpXrrUXpZTjNLncHrYE0/ztaBhEjVhoRRZ4P
+-4LMNnPKWNX+E5g+IhvzA8D9spSWTD1L1SorZrKECgYEAkkaBcYXry97nRLD+8jGB
+-wUungoacqqrh9eXPLjFMB59C07lBJCAWvjcRnM8e0SFdbBA6WiJzCt+BL+IYUpQ5
+-wdVdI/jbZrzVbaf+vNU3LOtIBOxBl2dvejIojmD76oZZu66Vt9vBfduZRxknjV8P
+-eWHiU8xqTuHES2qh14YfNLECgYB8GYkMqCmO0cJ+Y6OQECNtBFRjCT2w0jdVRsKJ
+-d9TQBcTy8KJddEr4rT2q+VPDSNsUjt979udNDA2rIsHYQnwIdnI/xcnV6xllrxLP
+-VpPGNOC/lIV2sjNtu+SdjzirJGSJpwassTUUXlOg13d++snEpsXt2+w1R5RMjntH
+-vR56IQKBgQCF+kqRYtwBIXXyQDpxFV7ISKhfIdI2wnmEKHekXsg6APm2Hzqt8xGq
+-nIqJIMUJvNp4mgBjw7drVuyuLu/xAsHg9zd2e85wnM5nyxTSlrD4EyN7oSSzEl4n
+-qMI+y868gX0ZHjejFTRHiEPjERO9TndYlsXpbl8sUxs6TYzZNjB7FQ==
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/test-fake-root-ca.crt b/test/ssl/test-fake-root-ca.crt
+deleted file mode 100644
+index ef4d582..0000000
+--- a/test/ssl/test-fake-root-ca.crt
++++ /dev/null
+@@ -1,23 +0,0 @@
+------BEGIN CERTIFICATE-----
+-MIIDwjCCAqqgAwIBAgIUJtJNmR2IUunoKAPzp6GCdwpeRGkwDQYJKoZIhvcNAQEL
+-BQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM
+-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz
+-dGluZzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMDAyMjUxNDU0MThaFw0zMDAyMjIx
+-NDU0MThaMHIxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYD
+-VQQHDAVEZXJieTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNVBAsM
+-B1Rlc3RpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+-DwAwggEKAoIBAQDPeAsCyQPsV8X9jdcGSomKHUlqTSotEKCgZQDd6/flheJ386n5
+-Ay6g/37wH+qvP5l6bpTGxPLkiXrPcHKs0iYb65e4vzIUX0MmxWJjlqRnRmSflZHR
+-lLDb/2TXGAFOnKX7p7jJ2PNaA3A3HdRby5UUQKW2y4To6RpWgMUwZE2Rv3rSwkaU
+-+Yzfg+F2GxZo1lSo0KtEZ8aSnP/QC+BhGH+pD+YeOLgS806aa0U82mIGKY5ovgyU
+-1mn9cKGCwSj9vGIidOivP9w0JYwxEXLjXvp2ZS2o3asquITF0VhMIws7UrvynyFF
+-OLmjxmVRjoNoEUakx0/zuHe0YCz8kbkg0yuhAgMBAAGjUDBOMB0GA1UdDgQWBBRU
+-Cz3bp0AtTrVrLL/JDJwIXvG3WTAfBgNVHSMEGDAWgBRUCz3bp0AtTrVrLL/JDJwI
+-XvG3WTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC8iqJSyJOCPJak
+-f6DEinKJzQde5aYvkswyJ1gVKVQztF50bPUsXHHrQNP6Vvk8U/EFWWqYqJQ3Mk6/
+-t262FxS1wTllhddNu9+YfXA7yO38GDfcsr4uBTylxOTJY7lI+aRn5oOn6A9OuQcV
+-m1HjE5QQiV8JXAl80JX29FYxSVDmDjLG+48GMhIHNhtYH4IS/jZFyfwbn+JeolEB
+-NeGUtwryMAJqnptsIXen85mW/6j33/d7n1nabVa6Mo7V/07eE0uC45Ngmi2isOxB
+-23WEhOkJRANNbm9fK6qn8YMAzsGvx9O4SeQEUdp2Yd/jTvdgIBB+Ewzem8Pmn53C
+-7fgo0LjB
+------END CERTIFICATE-----
+diff --git a/test/ssl/test-fake-root-ca.key b/test/ssl/test-fake-root-ca.key
+deleted file mode 100644
+index 348d7eb..0000000
+--- a/test/ssl/test-fake-root-ca.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEowIBAAKCAQEAz3gLAskD7FfF/Y3XBkqJih1Jak0qLRCgoGUA3ev35YXid/Op
+-+QMuoP9+8B/qrz+Zem6UxsTy5Il6z3ByrNImG+uXuL8yFF9DJsViY5akZ0Zkn5WR
+-0ZSw2/9k1xgBTpyl+6e4ydjzWgNwNx3UW8uVFECltsuE6OkaVoDFMGRNkb960sJG
+-lPmM34PhdhsWaNZUqNCrRGfGkpz/0AvgYRh/qQ/mHji4EvNOmmtFPNpiBimOaL4M
+-lNZp/XChgsEo/bxiInTorz/cNCWMMRFy4176dmUtqN2rKriExdFYTCMLO1K78p8h
+-RTi5o8ZlUY6DaBFGpMdP87h3tGAs/JG5INMroQIDAQABAoIBAEoBBuRycYzPbldY
+-Tff3hIIYmkRpy/6RLMqp3JpMfnuHu1WQO/QP94UEPfJHYD4s0IFEipswS3fLtlvi
+-P3V37JIPAmqrAKEVre1ZgRQG+xO/n0rxXjdE86U1v3GeJXE2HVrb4+VUFtHn4hI2
+-+LXZs46q1LGUfQ9bfsKWYkA1txmicBMcWho5ugTe0h/LucwOFE1CUg6bBr1BJhpK
+-t2HCOE3vAnYZA9Zv/KowECP0PL5nw37Fpqvqpkr67j12q7z8XGAeqnl6HtLUZOVU
+-AwSvgLcGgKsRaDTmLLwnwEvOWe3yZvC80uO8FpI4JYiRH+O0e6v5S5yW+KS+Ogl0
+-cAD3WAECgYEA75AZzAtOG8P19mfcPzYydR2RYw1gEVGYXVeCZFlcSpBHhgQUXFaU
+-TJmTHZoIQ5Mmf7csjzc9FSExACLWmuQDzg6+c9Y7lETcBKLf/5/za/q1x1ExXQ+3
+-pAA3SYBsFAFy2npI5NOGx2y118Z+eXYRTeW6oJQhdncdDXH339jiwEECgYEA3bQ2
+-8q9i90LQsnGKC45/d+laS2nXbroU+DNtfIz390m9rAjjmy4625BIXY7oaEua3D9s
+-1QK8S6eYEVUsoXzFaLHxPAstKyJhxFYPR4++EUZ7ro7BZMJ2AJSq7aFWpOpjlsAU
+-Olt51Ijh1sOpK/X1xbAifi7c3ocpGGILYg3Dk2ECgYEA11tghXiIQBearmdRrJWp
+-KHVrNHNasFb8tLStaE6Y1AL9+TEDqLrAWFga05qb4TuQeXGOojSTOcJ7zVaEO/vM
+-m9nPRk0JhFGexKAy5BbDeoeIEGUiDjnJ6am0CeRjxFxFBri1fNfXKsHEevRa0A/e
+-oHtrmV1w85FC0cppfZb4yMECgYARY1T7662DXwYnOKhvB5oPuYmPaJmw4X9LiB0K
+-K7Q2/N2XZIsVXKbZGZPTYqXvqB5ZL9BFVJWYCWjv0xJRCAwjjfExmF7Ohz/LukQw
+-hKGPkUuaATBBys6edQqC4Kh+/rMY26+6c/o2JRYxVd8qx3ujKZFK/DnuagNbGjVy
+-V0oDgQKBgBKjvOnQhFx5yGKiHUNoAFcq7y5QdpvMHUfAtsz7qHHdCEkUbJ9DqjRk
+-j3Pwn/iR7pAXYVN1s+jmLfFTlFjLqFNXe9+TYKgnMWkKZA+9dTsryD77BJj3fhLH
+-SbvXQs/GvYAc8xIrB5pSTIRe8r2B8PaEUjiG5rtjIHT5F5G0y92M
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/test-root-ca.crt b/test/ssl/test-root-ca.crt
+deleted file mode 100644
+index f450148..0000000
+--- a/test/ssl/test-root-ca.crt
++++ /dev/null
+@@ -1,23 +0,0 @@
+------BEGIN CERTIFICATE-----
+-MIIDwjCCAqqgAwIBAgIURMxcSM9J+pY3g2SE3qoM34dHwPkwDQYJKoZIhvcNAQEL
+-BQAwcjELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxDjAMBgNVBAcM
+-BURlcmJ5MRowGAYDVQQKDBFNb3NxdWl0dG8gUHJvamVjdDEQMA4GA1UECwwHVGVz
+-dGluZzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMDAyMjUxNDU0MThaFw0zMDAyMjIx
+-NDU0MThaMHIxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApEZXJieXNoaXJlMQ4wDAYD
+-VQQHDAVEZXJieTEaMBgGA1UECgwRTW9zcXVpdHRvIFByb2plY3QxEDAOBgNVBAsM
+-B1Rlc3RpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+-DwAwggEKAoIBAQDdpftss7fN4lzDhppzwj2WfRehR95WYmiWnXoEsKyEfuh1hINs
+-vvI3tz1FWEb/usORr6XGZhgYwjIpSORMoBxuOZh8RDNPmO9KpLYXN1i4g+CfkGAK
+-QoBUr7FGGlKDaK4fRg6xx8BKQ1Lxqrx+iAOpIT7tU9YYPYrwiYbdhaYwfMTKXyCl
+-V+JypRRKWgzUkua4YRb2TnEH33NaXS0Tw+A0tRxSN26vwRheCrVfo+6CUB0kEaON
+-+syuiHP1mGrHj3bMh/MTd3H5u2lu+1GW/Re3HdGFLuHhEq6EkF0fnPCaPS+iJKwU
+-1LgQZwGc+UHglTmmqUS6xhpm++/950fYoaiHAgMBAAGjUDBOMB0GA1UdDgQWBBR6
+-iV0eybFyLzjb3ufTSYAsAfo7dDAfBgNVHSMEGDAWgBR6iV0eybFyLzjb3ufTSYAs
+-Afo7dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB7/Zn0VBciDCXo
+-JA4ZX5boZyQMx7Lm62O+ixChT2hW0VNlouacgfSq455sNxFJKam0ZQKzusMzssNQ
+-ticyZUwIosGx36f8qBaGksx0EbgAh9QdOulsYDLW5UsB4Rh94C36NoTd9+BJF6D4
+-89IpuxQehDKKuRG0NUChEkLvJ2AAPi/+iDHZQMB/sAzaT4gJ4eMeY4p4XBb/a9P2
+-w05RCpVNyLg32S7ynLNUrz+/lZUfZ8sYhpdECbFDpb0e1iVc1vst8Pur+cSGFO3f
+-HabwuWTdF9Xx8MaH/n32Pv8BxZ/hBdjsXa/CiMyT4POs6XGTpZ2iLcmHo8WS4Uls
+-5gKvsjuj
+------END CERTIFICATE-----
+diff --git a/test/ssl/test-root-ca.key b/test/ssl/test-root-ca.key
+deleted file mode 100644
+index 8c50ba3..0000000
+--- a/test/ssl/test-root-ca.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEpAIBAAKCAQEA3aX7bLO3zeJcw4aac8I9ln0XoUfeVmJolp16BLCshH7odYSD
+-bL7yN7c9RVhG/7rDka+lxmYYGMIyKUjkTKAcbjmYfEQzT5jvSqS2FzdYuIPgn5Bg
+-CkKAVK+xRhpSg2iuH0YOscfASkNS8aq8fogDqSE+7VPWGD2K8ImG3YWmMHzEyl8g
+-pVficqUUSloM1JLmuGEW9k5xB99zWl0tE8PgNLUcUjdur8EYXgq1X6PuglAdJBGj
+-jfrMrohz9Zhqx492zIfzE3dx+btpbvtRlv0Xtx3RhS7h4RKuhJBdH5zwmj0voiSs
+-FNS4EGcBnPlB4JU5pqlEusYaZvvv/edH2KGohwIDAQABAoIBAQDQTYhPrUqlJAJY
+-Ay0uczLcNi259cffWVa/jbm5pKxNTNN8dg/paD5M3FmpzP/UoBnh1bgvD42/3umz
+-YPylgqeVc216A8JRIQJqHQfAI9Sue8njS5Tmr37Zl9A7eMtpEjzpyTZQH9D4OfM+
+-iV3icEM4dLUl529Ckrv7uNPVZiA8WZUNa3NQ4lsuLHms12FOAi17wBMJOu0xTse/
+-vK7wucJ+p4wgXT8QZbOvqHmm3THMxKhhFYOoJK5S32jjy3kB4I56YzV6DRArLPNr
+-RTjdXHtzNYUT4dYkDubekIDaebMKQi7nUofP6ZduJ7SAC9D118iKqChDTYP35Vmk
+-kqqO2kgpAoGBAP47G+KhqT4tMLGs96r65Ve5KeRyLPLEgKfGXiEgrK1+lO9CFoTv
+-7hmZ3cF61IccilP/Tw1MG5uRrnXJWVi/u1jvdZEg74dGO2PivYhmdEgw/ZfJCAcn
+-r8W+KKfrUQCcL/h++IrcLUVcRF4xjbhyvaCBc0zSpvxA5pn724caTm5NAoGBAN8w
+-1IUGpajJg8xHXca5y8UQeZwozjEn5oHdjivYL+lT2sKSKE49xzLmMPqhRtuIeiEe
+-wBTo85PJ6SCjJPGc6wvbqPAq6CNC3BjZdh4i/+O87+fUloFAuXJn2TPAbulwFkvq
+-5GjeTbrJL+pd+x8VYalWSYusyxTdnlJyPE3KXOQjAoGBAJnrM4DMm2i3d2m67N+p
+-szyfMEvNDIWWjsYFBWxNGf6YSpdojbXChYcebvH66b07fExKoJPOZlCTrOpHEz72
+-Jfk8UROiuyJNVRuuZU21qeUjNAW3gpLCZlr0PC0d/Ra/eROb2+JGV2pM6F+W5NSt
+-Mz1/4ky6pLrImFTV9R0gwidpAoGAL7ZGmDF1lIGPtUnEWEk7sGL3PFTUz1lSQ4zT
+-abgLdfvBFjscdq1qOg1PhySW+zNPuGjUcyPhfkR5m8qEiUocTSqmEMF7Yp5WYtGK
+-GKMuxMaNGqgtjHADtNtSaWfHzgtyGMScE3cCct2zaoywtFJj0Elr63oC5/EAeWuG
+-TLLn7LUCgYBB/Vy6WRhI8Eg+aI4vScgssdtx8FxGTYl/ZRQvgvK3iUnQdjcibY71
+-oPy7L1yzbOokoGZJWfcsvefTbO62DEi3k9uYlCd6T32RMbR/s1UQFZDWKcpNKzbo
+-5N21GE7lQp55F01nDE81RU4mcNhg1mf7792DobM7H+vM4wXW54sG9w==
+------END RSA PRIVATE KEY-----
+diff --git a/test/ssl/test-signing-ca.crt b/test/ssl/test-signing-ca.crt
+deleted file mode 100644
+index 8d66125..0000000
+--- a/test/ssl/test-signing-ca.crt
++++ /dev/null
+@@ -1,79 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 1 (0x1)
+-        Signature Algorithm: sha256WithRSAEncryption
+-        Issuer: C=GB, ST=Derbyshire, L=Derby, O=Mosquitto Project, OU=Testing, CN=Root CA
+-        Validity
+-            Not Before: Feb 25 14:54:18 2020 GMT
+-            Not After : Feb 23 14:54:18 2025 GMT
+-        Subject: C=GB, ST=Derbyshire, O=Mosquitto Project, OU=Testing, CN=Signing CA
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:c1:a1:1a:6e:76:1f:98:b7:1c:7e:d6:67:d5:dc:
+-                    92:34:ef:48:22:62:94:56:cb:21:29:c1:88:7c:7a:
+-                    62:eb:6d:b9:af:8b:80:75:f4:8e:32:e2:20:e2:fa:
+-                    3a:49:c8:20:74:53:83:0f:c1:48:e2:13:3e:48:27:
+-                    f2:e5:7d:55:c5:87:8c:41:9e:e2:90:58:8c:09:97:
+-                    1e:bc:5a:ce:10:71:b2:66:02:02:9b:0c:d0:24:47:
+-                    7a:3a:4d:3a:2e:c0:f0:65:6b:6a:cf:13:13:8a:f0:
+-                    6d:a0:a5:80:5f:6b:58:77:ae:91:6e:ba:ab:c5:c0:
+-                    24:f7:22:27:a4:bf:47:52:2d:a0:fc:56:b0:19:16:
+-                    84:e9:53:ac:1d:7f:29:af:c2:86:44:f5:9b:04:e4:
+-                    bf:8f:e1:b8:61:a0:63:55:0a:7a:93:2a:d8:4a:20:
+-                    b8:6b:b6:e9:20:c6:2c:c2:93:c2:dc:7a:69:90:8e:
+-                    ea:00:5b:0c:66:8a:90:74:b4:d9:01:98:9d:fe:5b:
+-                    66:e0:39:19:22:50:0d:76:3d:1c:04:fb:93:4d:6e:
+-                    45:da:e8:cc:27:35:2a:a6:35:a8:87:e1:99:32:42:
+-                    e8:71:eb:7c:f9:69:70:c7:cf:c5:cc:61:c5:ae:47:
+-                    dc:20:86:2b:2b:fe:1c:dd:2c:e9:b0:38:b6:72:8e:
+-                    09:e9
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Subject Key Identifier: 
+-                AA:5A:5B:1C:91:32:9B:3F:9B:C3:42:6C:D2:68:F6:A7:E0:CF:BE:E0
+-            X509v3 Authority Key Identifier: 
+-                keyid:7A:89:5D:1E:C9:B1:72:2F:38:DB:DE:E7:D3:49:80:2C:01:FA:3B:74
+-
+-            X509v3 Basic Constraints: 
+-                CA:TRUE
+-    Signature Algorithm: sha256WithRSAEncryption
+-         d3:8d:e3:33:87:f3:1e:4f:ff:da:1d:f8:61:3f:4a:ae:21:49:
+-         cd:ee:b1:e0:62:ab:44:70:a8:29:92:83:8d:33:45:4c:ac:b0:
+-         66:a0:e8:32:23:76:ef:aa:89:7d:bc:e1:04:17:a5:d7:39:59:
+-         99:ab:d9:bf:0c:fd:c5:b6:ad:6f:45:39:c9:27:f1:3e:c0:af:
+-         c3:8e:b1:1f:8f:fc:34:66:31:f4:f1:11:a0:27:99:a2:65:e2:
+-         aa:20:a7:98:b6:0e:ff:71:5e:10:e7:ab:1e:33:e7:fb:c8:59:
+-         d7:89:7a:3b:d9:a9:9f:48:2f:2e:ff:02:61:cd:86:47:60:61:
+-         8e:81:71:68:f0:cd:63:72:b8:d2:7d:22:9d:6b:07:49:3a:0a:
+-         f7:8b:94:b3:98:90:3c:9f:e5:78:1b:84:a9:2e:fb:85:64:59:
+-         ce:6f:33:05:18:bc:21:df:f5:7c:10:79:d6:58:34:61:0e:1f:
+-         d5:af:b6:a0:8f:86:ce:56:d1:67:4f:b8:7e:50:2d:ba:77:37:
+-         50:0f:91:06:dc:a8:7f:3c:8b:2b:8b:47:df:e3:7e:2f:79:81:
+-         22:70:eb:f9:14:f3:66:73:17:33:e4:26:7e:47:df:80:89:de:
+-         a5:e8:5a:a9:c0:4b:3e:1b:9b:11:4b:3b:b4:8b:6a:9d:6c:ce:
+-         39:f5:04:c9
+------BEGIN CERTIFICATE-----
+-MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJHQjET
+-MBEGA1UECAwKRGVyYnlzaGlyZTEOMAwGA1UEBwwFRGVyYnkxGjAYBgNVBAoMEU1v
+-c3F1aXR0byBQcm9qZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRAwDgYDVQQDDAdSb290
+-IENBMB4XDTIwMDIyNTE0NTQxOFoXDTI1MDIyMzE0NTQxOFowZTELMAkGA1UEBhMC
+-R0IxEzARBgNVBAgMCkRlcmJ5c2hpcmUxGjAYBgNVBAoMEU1vc3F1aXR0byBQcm9q
+-ZWN0MRAwDgYDVQQLDAdUZXN0aW5nMRMwEQYDVQQDDApTaWduaW5nIENBMIIBIjAN
+-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaEabnYfmLccftZn1dySNO9IImKU
+-VsshKcGIfHpi6225r4uAdfSOMuIg4vo6ScggdFODD8FI4hM+SCfy5X1VxYeMQZ7i
+-kFiMCZcevFrOEHGyZgICmwzQJEd6Ok06LsDwZWtqzxMTivBtoKWAX2tYd66Rbrqr
+-xcAk9yInpL9HUi2g/FawGRaE6VOsHX8pr8KGRPWbBOS/j+G4YaBjVQp6kyrYSiC4
+-a7bpIMYswpPC3HppkI7qAFsMZoqQdLTZAZid/ltm4DkZIlANdj0cBPuTTW5F2ujM
+-JzUqpjWoh+GZMkLocet8+Wlwx8/FzGHFrkfcIIYrK/4c3SzpsDi2co4J6QIDAQAB
+-o1AwTjAdBgNVHQ4EFgQUqlpbHJEymz+bw0Js0mj2p+DPvuAwHwYDVR0jBBgwFoAU
+-eoldHsmxci84297n00mALAH6O3QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+-AAOCAQEA043jM4fzHk//2h34YT9KriFJze6x4GKrRHCoKZKDjTNFTKywZqDoMiN2
+-76qJfbzhBBel1zlZmavZvwz9xbatb0U5ySfxPsCvw46xH4/8NGYx9PERoCeZomXi
+-qiCnmLYO/3FeEOerHjPn+8hZ14l6O9mpn0gvLv8CYc2GR2BhjoFxaPDNY3K40n0i
+-nWsHSToK94uUs5iQPJ/leBuEqS77hWRZzm8zBRi8Id/1fBB51lg0YQ4f1a+2oI+G
+-zlbRZ0+4flAtunc3UA+RBtyofzyLK4tH3+N+L3mBInDr+RTzZnMXM+QmfkffgIne
+-pehaqcBLPhubEUs7tItqnWzOOfUEyQ==
+------END CERTIFICATE-----
+diff --git a/test/ssl/test-signing-ca.key b/test/ssl/test-signing-ca.key
+deleted file mode 100644
+index 37c287b..0000000
+--- a/test/ssl/test-signing-ca.key
++++ /dev/null
+@@ -1,27 +0,0 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIIEowIBAAKCAQEAwaEabnYfmLccftZn1dySNO9IImKUVsshKcGIfHpi6225r4uA
+-dfSOMuIg4vo6ScggdFODD8FI4hM+SCfy5X1VxYeMQZ7ikFiMCZcevFrOEHGyZgIC
+-mwzQJEd6Ok06LsDwZWtqzxMTivBtoKWAX2tYd66RbrqrxcAk9yInpL9HUi2g/Faw
+-GRaE6VOsHX8pr8KGRPWbBOS/j+G4YaBjVQp6kyrYSiC4a7bpIMYswpPC3HppkI7q
+-AFsMZoqQdLTZAZid/ltm4DkZIlANdj0cBPuTTW5F2ujMJzUqpjWoh+GZMkLocet8
+-+Wlwx8/FzGHFrkfcIIYrK/4c3SzpsDi2co4J6QIDAQABAoIBAEdv26OTWxbpv86f
+-5dFGPn7fJRriid33tXWFXIioUqSPZ+l3K17ZajklqoJzVVvxROAGC52dbvlRpjHS
+-4099zU5CMyHmr6oXsRq8sW9GhS4V9H6kETgJIyWvZU3rPiMPteGFHvPlEtm42Ilj
+-ZhhOL2aAdlGG92bO/BRdeojStUqAvJn+5jYBpskZqw/4lLNlmpR8TpFOoGGE+eOC
+-uXnf7Gz9+drPkoOg1/024Jygr721Klimkd6idf4v0hYt+g9GN+RVyxHKv2zYBGCV
+-xCTYg2j7bKDgIUhBOtNGGZbpYLu5nPpZbWg9X0KEFFR7EBikSTYoBpaElCAkk3dp
+-rGwLJr0CgYEA6oCtYouVcVabSVfvKpKep/RAYWFrz2VR5kakmRiis0Rpd1OLvwYt
+-+Lz3c0j3ghHilcuVbB6pTjhdqa95whcPbsLzm5TcNovz3jz6sBrVJRH0wCfh+YGM
+-hsU3SbeRDLaXCsvzmKeYrUG6SojNWsKOST+Iw93n6VlcR5nzXGobXYcCgYEA02E1
+-PQa+030IJt7Ord/ogOC7zK9D2s8vqK5hB5tEVpzw+NtK++HyezRgQ87/O8zm9Yka
+-HhT6RcfhBu+UuPKZy3q+kQ5Lf3AXaj5kmfxgC9B83IwLmKINsusuBuzT4eHkVUor
+-Lme+tNmztKogyITqDm7Bs8N98Xt8URzFMHf7uQ8CgYBx9hDMyDra9pTGouZG0TQr
+-OQcki/yhsIKJnyEUiaVf60o5xC8wqSckL2kt7HLkEh8EXwiBn7D1o2zZLr7ENQK5
+-+CH9JO2T0JW2FfpaJOAagMxpqbgm0e9h+2uv9naWMBHdHFqIgEIxSLTozezGQ7B0
+-Jl0nmqq+ez/eSBG9go9D9wKBgBOCmGhelARvOO5liEwSK6Khm5Pj5W5vyyVVmw0Z
+-rrAT4kYF76DaFQh8KBp6I6LAYdzt36RBKWyBa2q5eE+tzLY0SRyYZi2IChE7Wwu/
+-eJn+j1fH8VYQNxV5kZEAEPp7YBjjNKMe3kJRCb42Kbp4UiYs4OIXvCsqy6ms7yJv
+-IKPPAoGBANxTT4FCNVISIvbNUSr1irLHbRfDg9m/3L7M/fU4dXO8RRY5L1LYi0hb
+-fY3jV2nykLXbcUimJOPp0uwWMcFGM+LxVOwHGgYVBhd7mWeEAt3mLXXrNuP03gzw
+-s4EBEKX/zGIt9YPxbhPKY5pJp0kyJ7WDxptPi+arTZA5SwJp9yyu
+------END RSA PRIVATE KEY-----
diff -Nru mosquitto-2.0.11/debian/patches/1571.patch mosquitto-2.0.11/debian/patches/1571.patch
--- mosquitto-2.0.11/debian/patches/1571.patch	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/1571.patch	2025-05-11 21:31:40.000000000 +0200
@@ -1,5 +1,3 @@
-Upstream-Status: Submitted [https://github.com/eclipse/mosquitto/pull/1571]
-From 3fe5468f1bdca1bff1d18cf43c9e338f41aa9e32 Mon Sep 17 00:00:00 2001
 From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
 Date: Wed, 22 Jan 2020 12:39:49 +0100
 Subject: [PATCH] Add dynamic symbols linking with cmake too
@@ -9,9 +7,11 @@
  lib/CMakeLists.txt | 2 ++
  1 file changed, 2 insertions(+)
 
+diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
+index 5da221d..0f239a3 100644
 --- a/lib/CMakeLists.txt
 +++ b/lib/CMakeLists.txt
-@@ -94,6 +94,8 @@
+@@ -94,6 +94,8 @@ set_target_properties(libmosquitto PROPERTIES
  	OUTPUT_NAME mosquitto
  	VERSION ${VERSION}
  	SOVERSION 1
diff -Nru mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch
--- mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/CVE-2024-8376-1of3.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,211 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Sat, 8 Jun 2024 08:50:35 +0100
+Subject: CVE-2024-8376-1of3
+
+Remove superfluous function arguments.
+
+Origin: https://github.com/eclipse-mosquitto/mosquitto/commit/3bb6c9ad51f712864dea63529e0b55661c2a9e84
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ apps/db_dump/stubs.c            |  3 +--
+ src/bridge.c                    |  3 +--
+ src/handle_subscribe.c          |  2 +-
+ src/handle_unsubscribe.c        |  2 +-
+ src/mosquitto_broker_internal.h |  4 ++--
+ src/persist_read.c              |  2 +-
+ src/plugin_public.c             |  2 +-
+ src/subs.c                      | 13 +++++--------
+ test/unit/persist_read_stubs.c  |  3 +--
+ test/unit/subs_test.c           |  2 +-
+ 10 files changed, 15 insertions(+), 21 deletions(-)
+
+diff --git a/apps/db_dump/stubs.c b/apps/db_dump/stubs.c
+index 42a1429..845053d 100644
+--- a/apps/db_dump/stubs.c
++++ b/apps/db_dump/stubs.c
+@@ -96,14 +96,13 @@ int retain__store(const char *topic, struct mosquitto_msg_store *stored, char **
+ 	return 0;
+ }
+ 
+-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root)
++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options)
+ {
+ 	UNUSED(context);
+ 	UNUSED(sub);
+ 	UNUSED(qos);
+ 	UNUSED(identifier);
+ 	UNUSED(options);
+-	UNUSED(root);
+ 	return 0;
+ }
+ 
+diff --git a/src/bridge.c b/src/bridge.c
+index 9ca367a..0ec5284 100644
+--- a/src/bridge.c
++++ b/src/bridge.c
+@@ -380,8 +380,7 @@ int bridge__connect(struct mosquitto *context)
+ 						context->bridge->topics[i].local_topic,
+ 						qos,
+ 						0,
+-						MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED,
+-						&db.subs) > 0){
++						MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED) > 0){
+ 
+ 				return 1;
+ 			}
+diff --git a/src/handle_subscribe.c b/src/handle_subscribe.c
+index 2a72c59..5540dc6 100644
+--- a/src/handle_subscribe.c
++++ b/src/handle_subscribe.c
+@@ -185,7 +185,7 @@ int handle__subscribe(struct mosquitto *context)
+ 			}
+ 
+ 			if(allowed){
+-				rc2 = sub__add(context, sub, qos, subscription_identifier, subscription_options, &db.subs);
++				rc2 = sub__add(context, sub, qos, subscription_identifier, subscription_options);
+ 				if(rc2 > 0){
+ 					mosquitto__free(sub);
+ 					return rc2;
+diff --git a/src/handle_unsubscribe.c b/src/handle_unsubscribe.c
+index 2162b46..ede49e2 100644
+--- a/src/handle_unsubscribe.c
++++ b/src/handle_unsubscribe.c
+@@ -126,7 +126,7 @@ int handle__unsubscribe(struct mosquitto *context)
+ 
+ 		log__printf(NULL, MOSQ_LOG_DEBUG, "\t%s", sub);
+ 		if(allowed){
+-			rc = sub__remove(context, sub, db.subs, &reason);
++			rc = sub__remove(context, sub, &reason);
+ 		}else{
+ 			rc = MOSQ_ERR_SUCCESS;
+ 		}
+diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h
+index 657c1ce..339304c 100644
+--- a/src/mosquitto_broker_internal.h
++++ b/src/mosquitto_broker_internal.h
+@@ -672,9 +672,9 @@ int db__message_write_queued_in(struct mosquitto *context);
+ /* ============================================================
+  * Subscription functions
+  * ============================================================ */
+-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root);
++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options);
+ struct mosquitto__subhier *sub__add_hier_entry(struct mosquitto__subhier *parent, struct mosquitto__subhier **sibling, const char *topic, uint16_t len);
+-int sub__remove(struct mosquitto *context, const char *sub, struct mosquitto__subhier *root, uint8_t *reason);
++int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason);
+ void sub__tree_print(struct mosquitto__subhier *root, int level);
+ int sub__clean_session(struct mosquitto *context);
+ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, int retain, struct mosquitto_msg_store **stored);
+diff --git a/src/persist_read.c b/src/persist_read.c
+index 4fedfea..b58533e 100644
+--- a/src/persist_read.c
++++ b/src/persist_read.c
+@@ -556,7 +556,7 @@ static int persist__restore_sub(const char *client_id, const char *sub, uint8_t
+ 
+ 	context = persist__find_or_add_context(client_id, 0);
+ 	if(!context) return 1;
+-	return sub__add(context, sub, qos, identifier, options, &db.subs);
++	return sub__add(context, sub, qos, identifier, options);
+ }
+ 
+ #endif
+diff --git a/src/plugin_public.c b/src/plugin_public.c
+index 754793b..95904d9 100644
+--- a/src/plugin_public.c
++++ b/src/plugin_public.c
+@@ -283,7 +283,7 @@ static void check_subscription_acls(struct mosquitto *context)
+ 				MOSQ_ACL_SUBSCRIBE);
+ 
+ 		if(rc != MOSQ_ERR_SUCCESS){
+-			sub__remove(context, context->subs[i]->topic_filter, db.subs, &reason);
++			sub__remove(context, context->subs[i]->topic_filter, &reason);
+ 		}
+ 	}
+ }
+diff --git a/src/subs.c b/src/subs.c
+index 2ccafbc..8e1a848 100644
+--- a/src/subs.c
++++ b/src/subs.c
+@@ -575,7 +575,7 @@ struct mosquitto__subhier *sub__add_hier_entry(struct mosquitto__subhier *parent
+ }
+ 
+ 
+-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root)
++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options)
+ {
+ 	int rc = 0;
+ 	struct mosquitto__subhier *subhier;
+@@ -584,8 +584,6 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i
+ 	char **topics;
+ 	size_t topiclen;
+ 
+-	assert(root);
+-	assert(*root);
+ 	assert(sub);
+ 
+ 	rc = sub__topic_tokenise(sub, &local_sub, &topics, &sharename);
+@@ -597,9 +595,9 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i
+ 		mosquitto__free(topics);
+ 		return MOSQ_ERR_INVAL;
+ 	}
+-	HASH_FIND(hh, *root, topics[0], topiclen, subhier);
++	HASH_FIND(hh, db.subs, topics[0], topiclen, subhier);
+ 	if(!subhier){
+-		subhier = sub__add_hier_entry(NULL, root, topics[0], (uint16_t)topiclen);
++		subhier = sub__add_hier_entry(NULL, &db.subs, topics[0], (uint16_t)topiclen);
+ 		if(!subhier){
+ 			mosquitto__free(local_sub);
+ 			mosquitto__free(topics);
+@@ -616,7 +614,7 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i
+ 	return rc;
+ }
+ 
+-int sub__remove(struct mosquitto *context, const char *sub, struct mosquitto__subhier *root, uint8_t *reason)
++int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason)
+ {
+ 	int rc = 0;
+ 	struct mosquitto__subhier *subhier;
+@@ -624,13 +622,12 @@ int sub__remove(struct mosquitto *context, const char *sub, struct mosquitto__su
+ 	char *local_sub = NULL;
+ 	char **topics = NULL;
+ 
+-	assert(root);
+ 	assert(sub);
+ 
+ 	rc = sub__topic_tokenise(sub, &local_sub, &topics, &sharename);
+ 	if(rc) return rc;
+ 
+-	HASH_FIND(hh, root, topics[0], strlen(topics[0]), subhier);
++	HASH_FIND(hh, db.subs, topics[0], strlen(topics[0]), subhier);
+ 	if(subhier){
+ 		*reason = MQTT_RC_NO_SUBSCRIPTION_EXISTED;
+ 		rc = sub__remove_recurse(context, subhier, topics, reason, sharename);
+diff --git a/test/unit/persist_read_stubs.c b/test/unit/persist_read_stubs.c
+index 62b0356..c0c5d88 100644
+--- a/test/unit/persist_read_stubs.c
++++ b/test/unit/persist_read_stubs.c
+@@ -149,11 +149,10 @@ int acl__find_acls(struct mosquitto *context)
+ }
+ 
+ 
+-int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options, struct mosquitto__subhier **root)
++int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t identifier, int options)
+ {
+ 	UNUSED(context);
+ 	UNUSED(options);
+-	UNUSED(root);
+ 
+ 	last_sub = strdup(sub);
+ 	last_qos = qos;
+diff --git a/test/unit/subs_test.c b/test/unit/subs_test.c
+index a596e8b..6095d62 100644
+--- a/test/unit/subs_test.c
++++ b/test/unit/subs_test.c
+@@ -58,7 +58,7 @@ static void TEST_sub_add_single(void)
+ 
+ 	db__open(&config);
+ 
+-	rc = sub__add(&context, "a/b/c/d/e", 0, 0, 0, &db.subs);
++	rc = sub__add(&context, "a/b/c/d/e", 0, 0, 0);
+ 	CU_ASSERT_EQUAL(rc, MOSQ_ERR_SUCCESS);
+ 	CU_ASSERT_PTR_NOT_NULL(db.subs);
+ 	if(db.subs){
diff -Nru mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch
--- mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/CVE-2024-8376-2of3.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,188 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Sat, 8 Jun 2024 09:41:08 +0100
+Subject: CVE-2024-8376-2of3
+
+Fixes Eclipse #217, #218.
+
+Origin: https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17
+Last-Update: 2024-11-01
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ src/database.c                  | 13 +++++++++----
+ src/loop.c                      |  3 ++-
+ src/mosquitto_broker_internal.h |  3 ++-
+ src/persist_write.c             |  8 +++++++-
+ src/subs.c                      | 42 +++++++++++++++++++++++++++++++----------
+ test/unit/subs_test.c           |  9 +++++----
+ 6 files changed, 57 insertions(+), 21 deletions(-)
+
+diff --git a/src/database.c b/src/database.c
+index b6ea83b..bf7d108 100644
+--- a/src/database.c
++++ b/src/database.c
+@@ -157,12 +157,16 @@ int db__open(struct mosquitto__config *config)
+ 	/* Initialize the hashtable */
+ 	db.clientid_index_hash = NULL;
+ 
+-	db.subs = NULL;
++	db.normal_subs = NULL;
++	db.shared_subs = NULL;
+ 
+-	subhier = sub__add_hier_entry(NULL, &db.subs, "", 0);
++	subhier = sub__add_hier_entry(NULL, &db.shared_subs, "", 0);
+ 	if(!subhier) return MOSQ_ERR_NOMEM;
+ 
+-	subhier = sub__add_hier_entry(NULL, &db.subs, "$SYS", (uint16_t)strlen("$SYS"));
++	subhier = sub__add_hier_entry(NULL, &db.normal_subs, "", 0);
++	if(!subhier) return MOSQ_ERR_NOMEM;
++
++	subhier = sub__add_hier_entry(NULL, &db.normal_subs, "$SYS", (uint16_t)strlen("$SYS"));
+ 	if(!subhier) return MOSQ_ERR_NOMEM;
+ 
+ 	retain__init();
+@@ -198,7 +202,8 @@ static void subhier_clean(struct mosquitto__subhier **subhier)
+ 
+ int db__close(void)
+ {
+-	subhier_clean(&db.subs);
++	subhier_clean(&db.normal_subs);
++	subhier_clean(&db.shared_subs);
+ 	retain__clean(&db.retains);
+ 	db__msg_store_clean();
+ 
+diff --git a/src/loop.c b/src/loop.c
+index 34d0049..381e3b0 100644
+--- a/src/loop.c
++++ b/src/loop.c
+@@ -241,7 +241,8 @@ int mosquitto_main_loop(struct mosquitto__listener_sock *listensock, int listens
+ 			flag_reload = false;
+ 		}
+ 		if(flag_tree_print){
+-			sub__tree_print(db.subs, 0);
++			sub__tree_print(db.normal_subs, 0);
++			sub__tree_print(db.shared_subs, 0);
+ 			flag_tree_print = false;
+ #ifdef WITH_XTREPORT
+ 			xtreport();
+diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h
+index 339304c..935fd30 100644
+--- a/src/mosquitto_broker_internal.h
++++ b/src/mosquitto_broker_internal.h
+@@ -442,7 +442,8 @@ struct mosquitto_message_v5{
+ 
+ struct mosquitto_db{
+ 	dbid_t last_db_id;
+-	struct mosquitto__subhier *subs;
++	struct mosquitto__subhier *normal_subs;
++	struct mosquitto__subhier *shared_subs;
+ 	struct mosquitto__retainhier *retains;
+ 	struct mosquitto *contexts_by_id;
+ 	struct mosquitto *contexts_by_sock;
+diff --git a/src/persist_write.c b/src/persist_write.c
+index 3ac4f4a..7c146f6 100644
+--- a/src/persist_write.c
++++ b/src/persist_write.c
+@@ -254,7 +254,13 @@ static int persist__subs_save_all(FILE *db_fptr)
+ {
+ 	struct mosquitto__subhier *subhier, *subhier_tmp;
+ 
+-	HASH_ITER(hh, db.subs, subhier, subhier_tmp){
++	HASH_ITER(hh, db.normal_subs, subhier, subhier_tmp){
++		if(subhier->children){
++			persist__subs_save(db_fptr, subhier->children, "", 0);
++		}
++	}
++
++	HASH_ITER(hh, db.shared_subs, subhier, subhier_tmp){
+ 		if(subhier->children){
+ 			persist__subs_save(db_fptr, subhier->children, "", 0);
+ 		}
+diff --git a/src/subs.c b/src/subs.c
+index 8e1a848..aaa5aa8 100644
+--- a/src/subs.c
++++ b/src/subs.c
+@@ -595,16 +595,29 @@ int sub__add(struct mosquitto *context, const char *sub, uint8_t qos, uint32_t i
+ 		mosquitto__free(topics);
+ 		return MOSQ_ERR_INVAL;
+ 	}
+-	HASH_FIND(hh, db.subs, topics[0], topiclen, subhier);
+-	if(!subhier){
+-		subhier = sub__add_hier_entry(NULL, &db.subs, topics[0], (uint16_t)topiclen);
++
++	if(sharename){
++		HASH_FIND(hh, db.shared_subs, topics[0], topiclen, subhier);
+ 		if(!subhier){
+-			mosquitto__free(local_sub);
+-			mosquitto__free(topics);
+-			log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory.");
+-			return MOSQ_ERR_NOMEM;
++			subhier = sub__add_hier_entry(NULL, &db.shared_subs, topics[0], (uint16_t)topiclen);
++			if(!subhier){
++				mosquitto__free(local_sub);
++				mosquitto__free(topics);
++				log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory.");
++				return MOSQ_ERR_NOMEM;
++			}
++		}
++	}else{
++		HASH_FIND(hh, db.normal_subs, topics[0], topiclen, subhier);
++		if(!subhier){
++			subhier = sub__add_hier_entry(NULL, &db.normal_subs, topics[0], (uint16_t)topiclen);
++			if(!subhier){
++				mosquitto__free(local_sub);
++				mosquitto__free(topics);
++				log__printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory.");
++				return MOSQ_ERR_NOMEM;
++			}
+ 		}
+-
+ 	}
+ 	rc = sub__add_context(context, sub, qos, identifier, options, subhier, topics, sharename);
+ 
+@@ -627,7 +640,11 @@ int sub__remove(struct mosquitto *context, const char *sub, uint8_t *reason)
+ 	rc = sub__topic_tokenise(sub, &local_sub, &topics, &sharename);
+ 	if(rc) return rc;
+ 
+-	HASH_FIND(hh, db.subs, topics[0], strlen(topics[0]), subhier);
++	if(sharename){
++		HASH_FIND(hh, db.shared_subs, topics[0], strlen(topics[0]), subhier);
++	}else{
++		HASH_FIND(hh, db.normal_subs, topics[0], strlen(topics[0]), subhier);
++	}
+ 	if(subhier){
+ 		*reason = MQTT_RC_NO_SUBSCRIPTION_EXISTED;
+ 		rc = sub__remove_recurse(context, subhier, topics, reason, sharename);
+@@ -656,7 +673,12 @@ int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, i
+ 	*/
+ 	db__msg_store_ref_inc(*stored);
+ 
+-	HASH_FIND(hh, db.subs, split_topics[0], strlen(split_topics[0]), subhier);
++	HASH_FIND(hh, db.normal_subs, split_topics[0], strlen(split_topics[0]), subhier);
++	if(subhier){
++		rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored);
++	}
++
++	HASH_FIND(hh, db.shared_subs, split_topics[0], strlen(split_topics[0]), subhier);
+ 	if(subhier){
+ 		rc = sub__search(subhier, split_topics, source_id, topic, qos, retain, *stored);
+ 	}
+diff --git a/test/unit/subs_test.c b/test/unit/subs_test.c
+index 6095d62..45c0791 100644
+--- a/test/unit/subs_test.c
++++ b/test/unit/subs_test.c
+@@ -60,10 +60,11 @@ static void TEST_sub_add_single(void)
+ 
+ 	rc = sub__add(&context, "a/b/c/d/e", 0, 0, 0);
+ 	CU_ASSERT_EQUAL(rc, MOSQ_ERR_SUCCESS);
+-	CU_ASSERT_PTR_NOT_NULL(db.subs);
+-	if(db.subs){
+-		sub = db.subs;
+-		
++	CU_ASSERT_PTR_NOT_NULL(db.shared_subs);
++	CU_ASSERT_PTR_NOT_NULL(db.normal_subs);
++	if(db.normal_subs){
++		sub = db.normal_subs;
++
+ 		hier_quick_check(&sub, NULL, "");
+ 		hier_quick_check(&sub, NULL, "");
+ 		hier_quick_check(&sub, NULL, "a");
diff -Nru mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch
--- mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch	1970-01-01 01:00:00.000000000 +0100
+++ mosquitto-2.0.11/debian/patches/CVE-2024-8376-3of3.patch	2025-05-11 21:31:40.000000000 +0200
@@ -0,0 +1,24 @@
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Wed, 2 Oct 2024 11:08:06 +0100
+Subject: CVE-2024-8376-3of3
+
+Origin: https://github.com/eclipse-mosquitto/mosquitto/commit/5eb40ee3d691fb3c2dc222685e7ffcf6e6a69a79
+Signed-off-by: Philippe Coval <rzr@users.sf.net>
+---
+ src/bridge.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/bridge.c b/src/bridge.c
+index 0ec5284..cb39ad3 100644
+--- a/src/bridge.c
++++ b/src/bridge.c
+@@ -189,8 +189,7 @@ int bridge__connect_step1(struct mosquitto *context)
+ 						context->bridge->topics[i].local_topic,
+ 						qos,
+ 						0,
+-						MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED,
+-						&db.subs) > 0){
++						MQTT_SUB_OPT_NO_LOCAL | MQTT_SUB_OPT_RETAIN_AS_PUBLISHED) > 0){
+ 				return 1;
+ 			}
+ 			retain__queue(context,
diff -Nru mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch
--- mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/Fix-CONNECT-performance-with-many-user-properties.patch	2025-05-11 21:31:40.000000000 +0200
@@ -1,27 +1,29 @@
 From: "Roger A. Light" <roger@atchoo.org>
 Date: Tue, 10 Aug 2021 20:48:21 +0100
 Subject: Fix CONNECT performance with many user-properties.
+
 Origin: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f
 Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
+Bug: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/637
 Bug-Debian: https://bugs.debian.org/1001028
 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-41039
-Bug: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/637
 
 An MQTT v5 client connecting with a large number of user-property properties
 could cause excessive CPU usage, leading to a loss of performance and
 possible denial of service. This has been fixed.
 ---
- ChangeLog.txt                    |  3 ++
- lib/property_mosq.c              | 14 ++++-----
- test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++
+ lib/property_mosq.c              | 14 ++++++------
+ test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++++++++++
  test/broker/Makefile             |  1 +
  test/broker/test.py              |  1 +
- 5 files changed, 61 insertions(+), 7 deletions(-)
- create mode 100755 test/broker/01-connect-575314.py
+ 4 files changed, 58 insertions(+), 7 deletions(-)
+ create mode 100644 test/broker/01-connect-575314.py
 
+diff --git a/lib/property_mosq.c b/lib/property_mosq.c
+index 0cfc9f9..5f0f24c 100644
 --- a/lib/property_mosq.c
 +++ b/lib/property_mosq.c
-@@ -959,14 +959,14 @@ int mosquitto_property_check_all(int com
+@@ -959,14 +959,14 @@ int mosquitto_property_check_all(int command, const mosquitto_property *properti
  		if(rc) return rc;
  
  		/* Check for duplicates */
@@ -43,6 +45,9 @@
  		}
  
  		p = p->next;
+diff --git a/test/broker/01-connect-575314.py b/test/broker/01-connect-575314.py
+new file mode 100644
+index 0000000..4a8f314
 --- /dev/null
 +++ b/test/broker/01-connect-575314.py
 @@ -0,0 +1,49 @@
@@ -95,6 +100,8 @@
 +
 +do_test()
 +exit(0)
+diff --git a/test/broker/Makefile b/test/broker/Makefile
+index e1501b4..1ee2dd2 100644
 --- a/test/broker/Makefile
 +++ b/test/broker/Makefile
 @@ -20,6 +20,7 @@ ptest : test-compile
@@ -105,6 +112,8 @@
  	./01-connect-allow-anonymous.py
  	./01-connect-bad-packet.py
  	./01-connect-connack-2163.py
+diff --git a/test/broker/test.py b/test/broker/test.py
+index 91a4ca4..3dc0058 100755
 --- a/test/broker/test.py
 +++ b/test/broker/test.py
 @@ -5,6 +5,7 @@ import ptest
diff -Nru mosquitto-2.0.11/debian/patches/deb-test.patch mosquitto-2.0.11/debian/patches/deb-test.patch
--- mosquitto-2.0.11/debian/patches/deb-test.patch	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/deb-test.patch	2025-05-11 21:31:40.000000000 +0200
@@ -1,111 +1,37 @@
-Description: Fix test paths for Debian.
-Author: Roger Light <roger@atchoo.org>
+From: Roger Light <roger@atchoo.org>
+Date: Mon, 10 Mar 2025 22:52:17 +0100
+Subject: Fix test paths for Debian.
+
 Forwarded: in-progress
---- a/test/mosq_test.py
-+++ b/test/mosq_test.py
-@@ -26,16 +26,16 @@
-     delay = 0.1
- 
-     if use_conf == True:
--        cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
-+        cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
- 
-         if port == 0:
-             port = 1888
-     else:
-         if cmd is None and port != 0:
--            cmd = ['../../src/mosquitto', '-v', '-p', str(port)]
-+            cmd = ['/usr/sbin/mosquitto', '-v', '-p', str(port)]
-         elif cmd is None and port == 0:
-             port = 1888
--            cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
-+            cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
-         elif cmd is not None and port == 0:
-             port = 1888
- 
---- a/test/broker/c/Makefile
-+++ b/test/broker/c/Makefile
-@@ -34,7 +34,7 @@
- 
- 
- ${TESTS} : %.test: %.c
--	$(CC) ${CFLAGS} $< -o $@ ../../../lib/libmosquitto.so.1
-+	$(CC) ${CFLAGS} $< -o $@ -lmosquitto
- 
- 
- reallyclean : clean
---- a/test/lib/c/Makefile
-+++ b/test/lib/c/Makefile
-@@ -1,7 +1,7 @@
- .PHONY: all clean reallyclean
- 
- CFLAGS=-I../../../include -Werror
--LIBS=../../../lib/libmosquitto.so.1
-+LIBS=-lmosquitto
- 
- SRC = \
- 	01-con-discon-success.c \
---- a/test/lib/cpp/Makefile
-+++ b/test/lib/cpp/Makefile
-@@ -1,7 +1,7 @@
- .PHONY: all test 01 02 03 04 08 09 clean reallyclean
- 
- CFLAGS=-I../../../include -I../../../lib/cpp -DDEBUG
--LIBS=../../../lib/libmosquitto.so.1 ../../../lib/cpp/libmosquittopp.so.1
-+LIBS=-lmosquitto -lmosquittopp
- 
- all : 01 02 03 04 08 09
- 
---- a/test/client/test.sh
-+++ b/test/client/test.sh
-@@ -11,7 +11,7 @@
- export SUB_TIMEOUT=1
- 
- # Start broker
--../../src/mosquitto -p ${PORT} 2>/dev/null &
-+/usr/sbin/mosquitto -p ${PORT} 2>/dev/null &
- export MOSQ_PID=$!
- sleep 0.5
- 
-@@ -20,28 +20,28 @@
- 
- 
- # Simple subscribe test - single message from $SYS
--${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null
-+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null
- echo "Simple subscribe ok"
- 
- # Simple publish/subscribe test - single message from mosquitto_pub
--${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null &
-+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null &
- export SUB_PID=$!
--${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test'
-+/usr/bin/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test'
- kill ${SUB_PID} 2>/dev/null || true
- echo "Simple publish/subscribe ok"
- 
- # Publish a file and subscribe, do we get at least that many lines?
- export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1)
--${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
-+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
- export SUB_PID=$!
--${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh
-+/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh
- kill ${SUB_PID} 2>/dev/null || true
- echo "File publish ok"
- 
- # Publish a file from stdin and subscribe, do we get at least that many lines?
- export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1)
--${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
-+/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
- export SUB_PID=$!
--${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh
-+/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh
- kill ${SUB_PID} 2>/dev/null || true
- echo "stdin publish ok"
+---
+ .../04-retain-check-source-persist-diff-port.py    | 10 +++---
+ test/broker/04-retain-check-source-persist.py      | 10 +++---
+ test/broker/04-retain-check-source.py              |  6 ++--
+ test/broker/04-retain-upgrade-outgoing-qos.py      |  4 +--
+ .../06-bridge-b2br-late-connection-retain.py       |  8 ++---
+ test/broker/06-bridge-clean-session.py             |  8 ++---
+ test/broker/06-bridge-reconnect-local-out.py       |  4 +--
+ test/broker/08-tls-psk-bridge.py                   | 10 +++---
+ test/broker/11-message-expiry.py                   | 15 ++++----
+ test/broker/11-persistent-subscription-no-local.py | 15 ++++----
+ test/broker/11-persistent-subscription-v5.py       | 15 ++++----
+ test/broker/11-persistent-subscription.py          | 15 ++++----
+ test/broker/11-pub-props.py                        | 15 ++++----
+ test/broker/11-subscription-id.py                  | 17 +++++----
+ test/broker/Makefile                               | 40 +++++++++++-----------
+ test/broker/c/Makefile                             |  2 +-
+ test/client/test.sh                                | 16 ++++-----
+ test/lib/Makefile                                  |  4 +--
+ test/lib/c/Makefile                                |  2 +-
+ test/lib/cpp/Makefile                              |  2 +-
+ test/mosq_test.py                                  |  6 ++--
+ 21 files changed, 114 insertions(+), 110 deletions(-)
+
+diff --git a/test/broker/04-retain-check-source-persist-diff-port.py b/test/broker/04-retain-check-source-persist-diff-port.py
+index efe1cfb..dacc617 100755
 --- a/test/broker/04-retain-check-source-persist-diff-port.py
 +++ b/test/broker/04-retain-check-source-persist-diff-port.py
-@@ -32,16 +32,16 @@
+@@ -32,16 +32,16 @@ def write_acl_2(filename, username):
  
  
  def do_test(proto_ver, per_listener, username):
@@ -125,7 +51,7 @@
      write_acl_1(acl_file, username)
  
  
-@@ -65,7 +65,7 @@
+@@ -65,7 +65,7 @@ def do_test(proto_ver, per_listener, username):
      subscribe_packet = mosq_test.gen_subscribe(mid, "test/topic", 0, proto_ver=proto_ver)
      suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=proto_ver)
  
@@ -134,7 +60,7 @@
  
      try:
          sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port1)
-@@ -85,7 +85,7 @@
+@@ -85,7 +85,7 @@ def do_test(proto_ver, per_listener, username):
          if os.path.isfile(persistence_file) == False:
              raise FileNotFoundError("Persistence file not written")
  
@@ -143,9 +69,11 @@
  
          sock = mosq_test.do_client_connect(connect2_packet, connack2_packet, port=port2)
          mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback 2")
+diff --git a/test/broker/04-retain-check-source-persist.py b/test/broker/04-retain-check-source-persist.py
+index 9e59441..21d6ab9 100755
 --- a/test/broker/04-retain-check-source-persist.py
 +++ b/test/broker/04-retain-check-source-persist.py
-@@ -29,16 +29,16 @@
+@@ -29,16 +29,16 @@ def write_acl_2(filename, username):
  
  
  def do_test(proto_ver, per_listener, username):
@@ -165,7 +93,7 @@
      write_acl_1(acl_file, username)
  
  
-@@ -52,7 +52,7 @@
+@@ -52,7 +52,7 @@ def do_test(proto_ver, per_listener, username):
      subscribe_packet = mosq_test.gen_subscribe(mid, "test/topic", 0, proto_ver=proto_ver)
      suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=proto_ver)
  
@@ -174,7 +102,7 @@
  
      try:
          sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
-@@ -70,7 +70,7 @@
+@@ -70,7 +70,7 @@ def do_test(proto_ver, per_listener, username):
          broker.terminate()
          broker.wait()
  
@@ -183,9 +111,11 @@
  
          sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
          mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback 2")
+diff --git a/test/broker/04-retain-check-source.py b/test/broker/04-retain-check-source.py
+index 5a7ed29..70a0cc1 100755
 --- a/test/broker/04-retain-check-source.py
 +++ b/test/broker/04-retain-check-source.py
-@@ -23,10 +23,10 @@
+@@ -23,10 +23,10 @@ def write_acl_2(filename):
  
  
  def do_test(proto_ver, per_listener):
@@ -198,7 +128,7 @@
      write_acl_1(acl_file)
  
  
-@@ -40,7 +40,7 @@
+@@ -40,7 +40,7 @@ def do_test(proto_ver, per_listener):
      subscribe_packet = mosq_test.gen_subscribe(mid, "test/topic", 0, proto_ver=proto_ver)
      suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=proto_ver)
  
@@ -207,9 +137,11 @@
  
      try:
          sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
+diff --git a/test/broker/04-retain-upgrade-outgoing-qos.py b/test/broker/04-retain-upgrade-outgoing-qos.py
+index e2720bc..942507f 100755
 --- a/test/broker/04-retain-upgrade-outgoing-qos.py
 +++ b/test/broker/04-retain-upgrade-outgoing-qos.py
-@@ -14,7 +14,7 @@
+@@ -14,7 +14,7 @@ def write_config(filename, port):
  
  def do_test(proto_ver):
      port = mosq_test.get_port()
@@ -218,7 +150,7 @@
      write_config(conf_file, port)
  
      rc = 1
-@@ -29,7 +29,7 @@
+@@ -29,7 +29,7 @@ def do_test(proto_ver):
  
      publish_packet2 = mosq_test.gen_publish("retain/qos0/test", mid=1, qos=1, payload="retained message", retain=True, proto_ver=proto_ver)
  
@@ -227,9 +159,11 @@
  
      try:
          sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
+diff --git a/test/broker/06-bridge-b2br-late-connection-retain.py b/test/broker/06-bridge-b2br-late-connection-retain.py
+index 4beeb7c..5126abf 100755
 --- a/test/broker/06-bridge-b2br-late-connection-retain.py
 +++ b/test/broker/06-bridge-b2br-late-connection-retain.py
-@@ -35,8 +35,8 @@
+@@ -35,8 +35,8 @@ def do_test(proto_ver):
          proto_ver_connect = 5
  
      (port1, port2) = mosq_test.get_port(2)
@@ -240,7 +174,7 @@
  
      rc = 1
      keepalive = 60
-@@ -64,7 +64,7 @@
+@@ -64,7 +64,7 @@ def do_test(proto_ver):
      write_config1(conf_file, persistence_file, port1, port2)
  
      try:
@@ -249,7 +183,7 @@
          client = mosq_test.do_client_connect(c_connect_packet, c_connack_packet, timeout=20, port=port2)
          mosq_test.do_send_receive(client, publish_packet, puback_packet, "puback")
          client.close()
-@@ -74,7 +74,7 @@
+@@ -74,7 +74,7 @@ def do_test(proto_ver):
  
          # Restart, with retained message in place
          write_config2(conf_file, persistence_file, port1, port2, bridge_protocol)
@@ -258,9 +192,11 @@
  
          (bridge, address) = ssock.accept()
          bridge.settimeout(20)
+diff --git a/test/broker/06-bridge-clean-session.py b/test/broker/06-bridge-clean-session.py
+index f61d504..be10416 100755
 --- a/test/broker/06-bridge-clean-session.py
 +++ b/test/broker/06-bridge-clean-session.py
-@@ -84,12 +84,12 @@
+@@ -84,12 +84,12 @@ def do_test(proto_ver, cs, lcs=None):
  
  
      (port_a_listen, port_b_listen) = mosq_test.get_port(2)
@@ -277,9 +213,11 @@
      write_config_core(conf_file_b, port_b_listen, persistence_file_b)
  
      AckedPair = namedtuple("AckedPair", "p ack")
+diff --git a/test/broker/06-bridge-reconnect-local-out.py b/test/broker/06-bridge-reconnect-local-out.py
+index 887470b..2a198e8 100755
 --- a/test/broker/06-bridge-reconnect-local-out.py
 +++ b/test/broker/06-bridge-reconnect-local-out.py
-@@ -11,7 +11,7 @@
+@@ -11,7 +11,7 @@ def write_config(filename, port1, port2, protocol_version):
          f.write("allow_anonymous true\n")
          f.write("\n")
          f.write("persistence true\n")
@@ -288,7 +226,7 @@
          f.write("\n")
          f.write("connection bridge_sample\n")
          f.write("address 127.0.0.1:%d\n" % (port1))
-@@ -48,7 +48,7 @@
+@@ -48,7 +48,7 @@ def do_test(proto_ver):
  
      broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port1, use_conf=False)
  
@@ -297,6 +235,36 @@
      local_broker = mosq_test.start_broker(cmd=local_cmd, filename=os.path.basename(__file__)+'_local1', use_conf=False, port=port2)
      if os.environ.get('MOSQ_USE_VALGRIND') is not None:
          time.sleep(5)
+diff --git a/test/broker/08-tls-psk-bridge.py b/test/broker/08-tls-psk-bridge.py
+index 56d3c19..cb23f51 100755
+--- a/test/broker/08-tls-psk-bridge.py
++++ b/test/broker/08-tls-psk-bridge.py
+@@ -29,8 +29,8 @@ def write_config2(filename, port2, port3):
+         f.write("bridge_psk deadbeef\n")
+ 
+ (port1, port2, port3) = mosq_test.get_port(3)
+-conf_file1 = "08-tls-psk-bridge.conf"
+-conf_file2 = "08-tls-psk-bridge.conf2"
++conf_file1 = "/tmp/08-tls-psk-bridge.conf"
++conf_file2 = "/tmp/08-tls-psk-bridge.conf2"
+ write_config1(conf_file1, port1, port2)
+ write_config2(conf_file2, port2, port3)
+ 
+@@ -54,9 +54,9 @@ suback_packet = mosq_test.gen_suback(mid, 0)
+ 
+ publish_packet = mosq_test.gen_publish(topic="psk/test", payload="message", qos=0)
+ 
+-bridge_cmd = ['../../src/mosquitto', '-c', '08-tls-psk-bridge.conf2']
+-broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port1)
+-bridge = mosq_test.start_broker(filename=os.path.basename(__file__)+'_bridge', cmd=bridge_cmd, port=port3)
++bridge_cmd = ['/usr/sbin/mosquitto', '-c', '/tmp/08-tls-psk-bridge.conf2']
++broker = mosq_test.start_broker(filename=conf_file1, use_conf=True, port=port1)
++bridge = mosq_test.start_broker(filename=conf_file2+'_bridge', cmd=bridge_cmd, port=port3)
+ 
+ pub = None
+ try:
+diff --git a/test/broker/11-message-expiry.py b/test/broker/11-message-expiry.py
+index 6523e82..21d7004 100755
 --- a/test/broker/11-message-expiry.py
 +++ b/test/broker/11-message-expiry.py
 @@ -11,16 +11,17 @@
@@ -320,7 +288,7 @@
  
  
  rc = 1
-@@ -53,8 +54,8 @@
+@@ -53,8 +54,8 @@ publish3_packet = mosq_test.gen_publish("subpub/qos1", mid=mid, qos=1, payload="
  puback3_packet = mosq_test.gen_puback(mid)
  
  
@@ -331,7 +299,7 @@
  
  port = mosq_test.get_port()
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
-@@ -97,8 +98,8 @@
+@@ -97,8 +98,8 @@ finally:
      (stdo, stde) = broker.communicate()
      if rc:
          print(stde.decode('utf-8'))
@@ -342,6 +310,8 @@
  
  exit(rc)
  
+diff --git a/test/broker/11-persistent-subscription-no-local.py b/test/broker/11-persistent-subscription-no-local.py
+index 350ba5c..63059ad 100755
 --- a/test/broker/11-persistent-subscription-no-local.py
 +++ b/test/broker/11-persistent-subscription-no-local.py
 @@ -5,16 +5,17 @@
@@ -365,7 +335,7 @@
  
  rc = 1
  keepalive = 60
-@@ -48,8 +49,8 @@
+@@ -48,8 +49,8 @@ mid = 2
  publish2b_packet = mosq_test.gen_publish("subpub/local", qos=1, mid=mid, payload="message", proto_ver=5)
  puback2b_packet = mosq_test.gen_puback(mid, proto_ver=5)
  
@@ -376,7 +346,7 @@
  
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
  
-@@ -90,8 +91,8 @@
+@@ -90,8 +91,8 @@ finally:
      (stdo, stde) = broker.communicate()
      if rc:
          print(stde.decode('utf-8'))
@@ -387,6 +357,8 @@
  
  
  exit(rc)
+diff --git a/test/broker/11-persistent-subscription-v5.py b/test/broker/11-persistent-subscription-v5.py
+index 7cd9ae6..8bc4d8e 100755
 --- a/test/broker/11-persistent-subscription-v5.py
 +++ b/test/broker/11-persistent-subscription-v5.py
 @@ -4,16 +4,17 @@
@@ -410,7 +382,7 @@
  
  rc = 1
  mid = 530
-@@ -35,8 +36,8 @@
+@@ -35,8 +36,8 @@ puback_packet = mosq_test.gen_puback(mid, proto_ver=5)
  mid = 1
  publish_packet2 = mosq_test.gen_publish("subpub/qos1", qos=1, mid=mid, payload="message", proto_ver=5)
  
@@ -421,7 +393,7 @@
  
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
  
-@@ -67,8 +68,8 @@
+@@ -67,8 +68,8 @@ finally:
      (stdo, stde) = broker.communicate()
      if rc:
          print(stde.decode('utf-8'))
@@ -432,6 +404,8 @@
  
  
  exit(rc)
+diff --git a/test/broker/11-persistent-subscription.py b/test/broker/11-persistent-subscription.py
+index 2ec2871..a54b5b9 100755
 --- a/test/broker/11-persistent-subscription.py
 +++ b/test/broker/11-persistent-subscription.py
 @@ -4,17 +4,18 @@
@@ -456,7 +430,7 @@
  
      rc = 1
      mid = 530
-@@ -35,8 +36,8 @@
+@@ -35,8 +36,8 @@ def do_test(proto_ver):
      mid = 1
      publish_packet2 = mosq_test.gen_publish("subpub/qos1", qos=1, mid=mid, payload="message", proto_ver=proto_ver)
  
@@ -467,7 +441,7 @@
  
      broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
  
-@@ -65,8 +66,8 @@
+@@ -65,8 +66,8 @@ def do_test(proto_ver):
          broker.terminate()
          broker.wait()
          (stdo, stde) = broker.communicate()
@@ -478,6 +452,8 @@
          if rc:
              print(stde.decode('utf-8'))
              print("proto_ver=%d" % (proto_ver))
+diff --git a/test/broker/11-pub-props.py b/test/broker/11-pub-props.py
+index 1b76fa2..541719f 100755
 --- a/test/broker/11-pub-props.py
 +++ b/test/broker/11-pub-props.py
 @@ -4,16 +4,17 @@
@@ -501,7 +477,7 @@
  
  rc = 1
  keepalive = 60
-@@ -37,8 +38,8 @@
+@@ -37,8 +38,8 @@ mid = 1
  subscribe_packet = mosq_test.gen_subscribe(mid, "subpub/qos1", 0, proto_ver=5)
  suback_packet = mosq_test.gen_suback(mid, 0, proto_ver=5)
  
@@ -512,7 +488,7 @@
  
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
  
-@@ -72,8 +73,8 @@
+@@ -72,8 +73,8 @@ finally:
      (stdo, stde) = broker.communicate()
      if rc:
          print(stde.decode('utf-8'))
@@ -523,6 +499,8 @@
  
  
  exit(rc)
+diff --git a/test/broker/11-subscription-id.py b/test/broker/11-subscription-id.py
+index ed17842..4b9ad16 100755
 --- a/test/broker/11-subscription-id.py
 +++ b/test/broker/11-subscription-id.py
 @@ -4,16 +4,17 @@
@@ -546,7 +524,7 @@
  
  rc = 1
  keepalive = 60
-@@ -42,8 +43,8 @@
+@@ -42,8 +43,8 @@ helper_publish_packet = mosq_test.gen_publish("subpub/qos1", qos=1, mid=mid, pay
  helper_puback_packet = mosq_test.gen_puback(mid, proto_ver=5)
  
  
@@ -557,7 +535,7 @@
  
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
  
-@@ -77,10 +78,8 @@
+@@ -77,10 +78,8 @@ finally:
      (stdo, stde) = broker.communicate()
      if rc:
          print(stde.decode('utf-8'))
@@ -570,9 +548,11 @@
  
  exit(rc)
 -
+diff --git a/test/broker/Makefile b/test/broker/Makefile
+index d012c91..c935247 100644
 --- a/test/broker/Makefile
 +++ b/test/broker/Makefile
-@@ -120,13 +120,13 @@
+@@ -120,13 +120,13 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
  06 :
  	./06-bridge-b2br-disconnect-qos1.py
  	./06-bridge-b2br-disconnect-qos2.py
@@ -588,7 +568,7 @@
  	./06-bridge-fail-persist-resend-qos1.py
  	./06-bridge-fail-persist-resend-qos2.py
  	./06-bridge-no-local.py
-@@ -156,9 +156,9 @@
+@@ -156,9 +156,9 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
  ifeq ($(WITH_TLS),yes)
  	./08-ssl-bridge.py
  	./08-ssl-connect-cert-auth-crl.py
@@ -601,7 +581,7 @@
  	./08-ssl-connect-cert-auth.py
  	./08-ssl-connect-identity.py
  	./08-ssl-connect-no-auth-wrong-ca.py
-@@ -229,20 +229,20 @@
+@@ -229,20 +229,20 @@ endif
  14 :
  ifeq ($(WITH_TLS),yes)
  ifeq ($(WITH_CJSON),yes)
@@ -637,9 +617,73 @@
 +	#./14-dynsec-role-invalid.py
  endif
  endif
+diff --git a/test/broker/c/Makefile b/test/broker/c/Makefile
+index 6a561ba..1e8aa61 100644
+--- a/test/broker/c/Makefile
++++ b/test/broker/c/Makefile
+@@ -34,7 +34,7 @@ ${PLUGINS} : %.so: %.c
+ 
+ 
+ ${TESTS} : %.test: %.c
+-	$(CC) ${CFLAGS} $< -o $@ ../../../lib/libmosquitto.so.1
++	$(CC) ${CFLAGS} $< -o $@ -lmosquitto
+ 
+ 
+ reallyclean : clean
+diff --git a/test/client/test.sh b/test/client/test.sh
+index 53ee84b..ed97cad 100755
+--- a/test/client/test.sh
++++ b/test/client/test.sh
+@@ -11,7 +11,7 @@ export PORT=1888
+ export SUB_TIMEOUT=1
+ 
+ # Start broker
+-../../src/mosquitto -p ${PORT} 2>/dev/null &
++/usr/sbin/mosquitto -p ${PORT} 2>/dev/null &
+ export MOSQ_PID=$!
+ sleep 0.5
+ 
+@@ -20,28 +20,28 @@ trap "kill $MOSQ_PID" EXIT
+ 
+ 
+ # Simple subscribe test - single message from $SYS
+-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null
++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t '$SYS/broker/uptime' >/dev/null
+ echo "Simple subscribe ok"
+ 
+ # Simple publish/subscribe test - single message from mosquitto_pub
+-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null &
++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C 1 -t 'single/test' >/dev/null &
+ export SUB_PID=$!
+-${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test'
++/usr/bin/mosquitto_pub -p ${PORT} -t 'single/test' -m 'single-test'
+ kill ${SUB_PID} 2>/dev/null || true
+ echo "Simple publish/subscribe ok"
+ 
+ # Publish a file and subscribe, do we get at least that many lines?
+ export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1)
+-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
+ export SUB_PID=$!
+-${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh
++/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -f ./test.sh
+ kill ${SUB_PID} 2>/dev/null || true
+ echo "File publish ok"
+ 
+ # Publish a file from stdin and subscribe, do we get at least that many lines?
+ export TEST_LINES=$(wc -l test.sh | cut -d' ' -f1)
+-${BASE_PATH}/client/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
++/usr/bin/mosquitto_sub -p ${PORT} -W ${SUB_TIMEOUT} -C ${TEST_LINES} -t 'file-publish' >/dev/null &
+ export SUB_PID=$!
+-${BASE_PATH}/client/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh
++/usr/bin/mosquitto_pub -p ${PORT} -t 'file-publish' -l < ./test.sh
+ kill ${SUB_PID} 2>/dev/null || true
+ echo "stdin publish ok"
+diff --git a/test/lib/Makefile b/test/lib/Makefile
+index 93603f5..e742ae3 100644
 --- a/test/lib/Makefile
 +++ b/test/lib/Makefile
-@@ -33,7 +33,7 @@
+@@ -33,7 +33,7 @@ c : test-compile
  	./02-subscribe-qos0.py $@/02-subscribe-qos0.test
  	./02-subscribe-qos1.py $@/02-subscribe-qos1.test
  	./02-subscribe-qos1.py $@/02-subscribe-qos1-async1.test
@@ -648,7 +692,7 @@
  	./02-subscribe-qos2.py $@/02-subscribe-qos2.test
  	./02-unsubscribe-multiple-v5.py $@/02-unsubscribe-multiple-v5.test
  	./02-unsubscribe-v5.py $@/02-unsubscribe-v5.test
-@@ -50,7 +50,7 @@
+@@ -50,7 +50,7 @@ c : test-compile
  	./03-publish-c2b-qos2-disconnect.py $@/03-publish-c2b-qos2-disconnect.test
  	./03-publish-c2b-qos2-len.py $@/03-publish-c2b-qos2-len.test
  	./03-publish-c2b-qos2-maximum-qos-0.py $@/03-publish-c2b-qos2-maximum-qos-0.test
@@ -657,29 +701,53 @@
  	./03-publish-c2b-qos2-pubrec-error.py $@/03-publish-c2b-qos2-pubrec-error.test
  	./03-publish-c2b-qos2-receive-maximum-1.py $@/03-publish-c2b-qos2-receive-maximum-1.test
  	./03-publish-c2b-qos2-receive-maximum-2.py $@/03-publish-c2b-qos2-receive-maximum-2.test
---- a/test/broker/08-tls-psk-bridge.py
-+++ b/test/broker/08-tls-psk-bridge.py
-@@ -29,8 +29,8 @@
-         f.write("bridge_psk deadbeef\n")
+diff --git a/test/lib/c/Makefile b/test/lib/c/Makefile
+index 6c09e80..5dc3077 100644
+--- a/test/lib/c/Makefile
++++ b/test/lib/c/Makefile
+@@ -1,7 +1,7 @@
+ .PHONY: all clean reallyclean
  
- (port1, port2, port3) = mosq_test.get_port(3)
--conf_file1 = "08-tls-psk-bridge.conf"
--conf_file2 = "08-tls-psk-bridge.conf2"
-+conf_file1 = "/tmp/08-tls-psk-bridge.conf"
-+conf_file2 = "/tmp/08-tls-psk-bridge.conf2"
- write_config1(conf_file1, port1, port2)
- write_config2(conf_file2, port2, port3)
+ CFLAGS=-I../../../include -Werror
+-LIBS=../../../lib/libmosquitto.so.1
++LIBS=-lmosquitto
  
-@@ -54,9 +54,9 @@
+ SRC = \
+ 	01-con-discon-success.c \
+diff --git a/test/lib/cpp/Makefile b/test/lib/cpp/Makefile
+index c4ae14c..022d103 100644
+--- a/test/lib/cpp/Makefile
++++ b/test/lib/cpp/Makefile
+@@ -1,7 +1,7 @@
+ .PHONY: all test 01 02 03 04 08 09 clean reallyclean
  
- publish_packet = mosq_test.gen_publish(topic="psk/test", payload="message", qos=0)
+ CFLAGS=-I../../../include -I../../../lib/cpp -DDEBUG
+-LIBS=../../../lib/libmosquitto.so.1 ../../../lib/cpp/libmosquittopp.so.1
++LIBS=-lmosquitto -lmosquittopp
  
--bridge_cmd = ['../../src/mosquitto', '-c', '08-tls-psk-bridge.conf2']
--broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port1)
--bridge = mosq_test.start_broker(filename=os.path.basename(__file__)+'_bridge', cmd=bridge_cmd, port=port3)
-+bridge_cmd = ['/usr/sbin/mosquitto', '-c', '/tmp/08-tls-psk-bridge.conf2']
-+broker = mosq_test.start_broker(filename=conf_file1, use_conf=True, port=port1)
-+bridge = mosq_test.start_broker(filename=conf_file2+'_bridge', cmd=bridge_cmd, port=port3)
+ all : 01 02 03 04 08 09
+ 
+diff --git a/test/mosq_test.py b/test/mosq_test.py
+index 52dcca0..ed38044 100644
+--- a/test/mosq_test.py
++++ b/test/mosq_test.py
+@@ -26,16 +26,16 @@ def start_broker(filename, cmd=None, port=0, use_conf=False, expect_fail=False):
+     delay = 0.1
+ 
+     if use_conf == True:
+-        cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
++        cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
+ 
+         if port == 0:
+             port = 1888
+     else:
+         if cmd is None and port != 0:
+-            cmd = ['../../src/mosquitto', '-v', '-p', str(port)]
++            cmd = ['/usr/sbin/mosquitto', '-v', '-p', str(port)]
+         elif cmd is None and port == 0:
+             port = 1888
+-            cmd = ['../../src/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
++            cmd = ['/usr/sbin/mosquitto', '-v', '-c', filename.replace('.py', '.conf')]
+         elif cmd is not None and port == 0:
+             port = 1888
  
- pub = None
- try:
diff -Nru mosquitto-2.0.11/debian/patches/debian-config.patch mosquitto-2.0.11/debian/patches/debian-config.patch
--- mosquitto-2.0.11/debian/patches/debian-config.patch	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/debian-config.patch	2025-05-11 21:31:40.000000000 +0200
@@ -1,9 +1,19 @@
-Description: Set local configuration.
-Author: Roger Light <roger@atchoo.org>
+From: Roger Light <roger@atchoo.org>
+Date: Mon, 10 Mar 2025 22:52:16 +0100
+Subject: Set local configuration.
+
 Forwarded: not-needed
+---
+ Makefile    |  1 +
+ debian.conf | 10 ++++++++++
+ 2 files changed, 11 insertions(+)
+ create mode 100644 debian.conf
+
+diff --git a/Makefile b/Makefile
+index 3b206b3..4cc1d42 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -94,6 +94,7 @@
+@@ -94,6 +94,7 @@ ifeq ($(WITH_DOCS),yes)
  endif
  	$(INSTALL) -d "${DESTDIR}/etc/mosquitto"
  	$(INSTALL) -m 644 mosquitto.conf "${DESTDIR}/etc/mosquitto/mosquitto.conf.example"
@@ -11,6 +21,9 @@
  	$(INSTALL) -m 644 aclfile.example "${DESTDIR}/etc/mosquitto/aclfile.example"
  	$(INSTALL) -m 644 pwfile.example "${DESTDIR}/etc/mosquitto/pwfile.example"
  	$(INSTALL) -m 644 pskfile.example "${DESTDIR}/etc/mosquitto/pskfile.example"
+diff --git a/debian.conf b/debian.conf
+new file mode 100644
+index 0000000..4795129
 --- /dev/null
 +++ b/debian.conf
 @@ -0,0 +1,10 @@
diff -Nru mosquitto-2.0.11/debian/patches/missing-test.patch mosquitto-2.0.11/debian/patches/missing-test.patch
--- mosquitto-2.0.11/debian/patches/missing-test.patch	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/missing-test.patch	2025-05-11 21:31:40.000000000 +0200
@@ -1,9 +1,17 @@
-Description: Fix missing upstream test.
-Author: Roger Light <roger@atchoo.org>
+From: Roger Light <roger@atchoo.org>
+Date: Mon, 10 Mar 2025 22:52:17 +0100
+Subject: Fix missing upstream test.
+
 Forwarded: not-needed
+---
+ test/broker/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/broker/Makefile b/test/broker/Makefile
+index c935247..e1501b4 100644
 --- a/test/broker/Makefile
 +++ b/test/broker/Makefile
-@@ -135,7 +135,7 @@
+@@ -135,7 +135,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
  	./06-bridge-reconnect-local-out.py
  
  07 :
diff -Nru mosquitto-2.0.11/debian/patches/series mosquitto-2.0.11/debian/patches/series
--- mosquitto-2.0.11/debian/patches/series	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/series	2025-05-11 21:31:40.000000000 +0200
@@ -9,3 +9,13 @@
 CVE-2023-0809.patch
 CVE-2023-28366.patch
 CVE-2023-28366-regression.patch
+CVE-2024-8376-1of3.patch
+CVE-2024-8376-2of3.patch
+CVE-2024-8376-3of3.patch
+0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch
+0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch
+0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch
+0018-Further-fix-for-CVE-2023-28366.patch
+0019-Fixed-issue-in-CA-cert.-creation.patch
+0020-t-Makefile-Generate-test-certs-if-not-present-in-sou.patch
+0021-Remove-generated-ssl-certs.patch
diff -Nru mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch
--- mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/patches/ssl-sslcontext-wrap_socket.patch	2025-05-11 21:31:40.000000000 +0200
@@ -1,23 +1,44 @@
-Description: Replace uses of ssl.wrap_socket by ssl.SSLContext.wrap_socket
- The function ssl.wrap_socket() is deprecated starting Python 3.7 because it
- does not support hostname matching (which is considered insecure). In Python
- 3.10, the function now throws warnings at runtime, which makes autopkgtest
- fail.
- 
- The function ssl.SSLContext.wrap_socket comes in as the replacement and
- has support for SNI and hostname matching.
- 
- Replaced all uses of ssl.wrap_socket() by equivalent using
- ssl.SSLContext.wrap_socket().
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Mon, 10 Mar 2025 22:52:17 +0100
+Subject: Replace uses of ssl.wrap_socket by ssl.SSLContext.wrap_socket
+
+The function ssl.wrap_socket() is deprecated starting Python 3.7 because it
+does not support hostname matching (which is considered insecure). In Python
+3.10, the function now throws warnings at runtime, which makes autopkgtest
+fail.
+
+The function ssl.SSLContext.wrap_socket comes in as the replacement and
+has support for SNI and hostname matching.
 
+Replaced all uses of ssl.wrap_socket() by equivalent using
+ssl.SSLContext.wrap_socket().
 Author: Olivier Gayot <olivier.gayot@canonical.com>
 Bug-Ubuntu: https://launchpad.net/bugs/1960214
 Forwarded: https://github.com/eclipse/mosquitto/pull/2451
 Last-Update: 2022-02-07
+---
+ test/broker/08-ssl-bridge.py                    | 4 +++-
+ test/broker/08-ssl-connect-cert-auth-crl.py     | 4 +++-
+ test/broker/08-ssl-connect-cert-auth-expired.py | 4 +++-
+ test/broker/08-ssl-connect-cert-auth-revoked.py | 4 +++-
+ test/broker/08-ssl-connect-cert-auth-without.py | 3 ++-
+ test/broker/08-ssl-connect-cert-auth.py         | 4 +++-
+ test/broker/08-ssl-connect-identity.py          | 4 +++-
+ test/broker/08-ssl-connect-no-auth-wrong-ca.py  | 3 ++-
+ test/broker/08-ssl-connect-no-auth.py           | 3 ++-
+ test/broker/08-ssl-connect-no-identity.py       | 3 ++-
+ test/broker/08-ssl-hup-disconnect.py            | 4 +++-
+ test/lib/08-ssl-connect-cert-auth-enc.py        | 7 ++++---
+ test/lib/08-ssl-connect-cert-auth.py            | 7 ++++---
+ test/lib/08-ssl-connect-no-auth.py              | 4 +++-
+ test/lib/08-ssl-fake-cacert.py                  | 7 ++++---
+ 15 files changed, 44 insertions(+), 21 deletions(-)
 
---- mosquitto-2.0.11.orig/test/broker/08-ssl-bridge.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-bridge.py
-@@ -34,7 +34,9 @@ publish_packet = mosq_test.gen_publish("
+diff --git a/test/broker/08-ssl-bridge.py b/test/broker/08-ssl-bridge.py
+index c48e7de..4cbe52e 100755
+--- a/test/broker/08-ssl-bridge.py
++++ b/test/broker/08-ssl-bridge.py
+@@ -34,7 +34,9 @@ publish_packet = mosq_test.gen_publish("bridge/ssl/test", qos=0, payload="messag
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -28,9 +49,11 @@
  ssock.settimeout(20)
  ssock.bind(('', port1))
  ssock.listen(5)
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-crl.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-crl.py
-@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-cert-auth-crl.py b/test/broker/08-ssl-connect-cert-auth-crl.py
+index 6c348a3..0cb448e 100755
+--- a/test/broker/08-ssl-connect-cert-auth-crl.py
++++ b/test/broker/08-ssl-connect-cert-auth-crl.py
+@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -41,9 +64,11 @@
      ssock.settimeout(20)
      ssock.connect(("localhost", port1))
  
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-expired.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-expired.py
-@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-cert-auth-expired.py b/test/broker/08-ssl-connect-cert-auth-expired.py
+index c7be02a..41e6636 100755
+--- a/test/broker/08-ssl-connect-cert-auth-expired.py
++++ b/test/broker/08-ssl-connect-cert-auth-expired.py
+@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -54,9 +79,11 @@
      ssock.settimeout(20)
      try:
          ssock.connect(("localhost", port1))
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-revoked.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-revoked.py
-@@ -30,7 +30,9 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-cert-auth-revoked.py b/test/broker/08-ssl-connect-cert-auth-revoked.py
+index 76788bc..9273454 100755
+--- a/test/broker/08-ssl-connect-cert-auth-revoked.py
++++ b/test/broker/08-ssl-connect-cert-auth-revoked.py
+@@ -30,7 +30,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -67,9 +94,11 @@
      ssock.settimeout(20)
      try:
          ssock.connect(("localhost", port1))
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth-without.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth-without.py
-@@ -28,7 +28,8 @@ connect_packet = mosq_test.gen_connect("
+diff --git a/test/broker/08-ssl-connect-cert-auth-without.py b/test/broker/08-ssl-connect-cert-auth-without.py
+index 932dee2..3e6bf6a 100755
+--- a/test/broker/08-ssl-connect-cert-auth-without.py
++++ b/test/broker/08-ssl-connect-cert-auth-without.py
+@@ -28,7 +28,8 @@ connect_packet = mosq_test.gen_connect("connect-cert-test", keepalive=keepalive)
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -79,9 +108,11 @@
  ssock.settimeout(20)
  try:
      ssock.connect(("localhost", port1))
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-cert-auth.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-cert-auth.py
-@@ -32,7 +32,9 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-cert-auth.py b/test/broker/08-ssl-connect-cert-auth.py
+index bf7c67b..26651c3 100755
+--- a/test/broker/08-ssl-connect-cert-auth.py
++++ b/test/broker/08-ssl-connect-cert-auth.py
+@@ -32,7 +32,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -92,9 +123,11 @@
      ssock.settimeout(20)
      ssock.connect(("localhost", port1))
  
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-identity.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-identity.py
-@@ -33,7 +33,9 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-identity.py b/test/broker/08-ssl-connect-identity.py
+index f1bc53d..ba2cbb2 100755
+--- a/test/broker/08-ssl-connect-identity.py
++++ b/test/broker/08-ssl-connect-identity.py
+@@ -33,7 +33,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -105,9 +138,11 @@
      ssock.settimeout(20)
      ssock.connect(("localhost", port1))
  
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-no-auth-wrong-ca.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-no-auth-wrong-ca.py
-@@ -29,7 +29,8 @@ connack_packet = mosq_test.gen_connack(r
+diff --git a/test/broker/08-ssl-connect-no-auth-wrong-ca.py b/test/broker/08-ssl-connect-no-auth-wrong-ca.py
+index 30e3e31..7a18ae6 100755
+--- a/test/broker/08-ssl-connect-no-auth-wrong-ca.py
++++ b/test/broker/08-ssl-connect-no-auth-wrong-ca.py
+@@ -29,7 +29,8 @@ connack_packet = mosq_test.gen_connack(rc=0)
  broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -117,9 +152,11 @@
  ssock.settimeout(20)
  try:
      ssock.connect(("localhost", port1))
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-no-auth.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-no-auth.py
-@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-no-auth.py b/test/broker/08-ssl-connect-no-auth.py
+index 8990afe..7b70b32 100755
+--- a/test/broker/08-ssl-connect-no-auth.py
++++ b/test/broker/08-ssl-connect-no-auth.py
+@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -129,9 +166,11 @@
      ssock.settimeout(20)
      ssock.connect(("localhost", port1))
  
---- mosquitto-2.0.11.orig/test/broker/08-ssl-connect-no-identity.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-connect-no-identity.py
-@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename
+diff --git a/test/broker/08-ssl-connect-no-identity.py b/test/broker/08-ssl-connect-no-identity.py
+index fcb8f4f..ae34d59 100755
+--- a/test/broker/08-ssl-connect-no-identity.py
++++ b/test/broker/08-ssl-connect-no-identity.py
+@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
  
  try:
      sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -141,8 +180,10 @@
      ssock.settimeout(20)
      ssock.connect(("localhost", port1))
      
---- mosquitto-2.0.11.orig/test/broker/08-ssl-hup-disconnect.py
-+++ mosquitto-2.0.11/test/broker/08-ssl-hup-disconnect.py
+diff --git a/test/broker/08-ssl-hup-disconnect.py b/test/broker/08-ssl-hup-disconnect.py
+index b9bacd4..648556b 100755
+--- a/test/broker/08-ssl-hup-disconnect.py
++++ b/test/broker/08-ssl-hup-disconnect.py
 @@ -43,7 +43,9 @@ def do_test(option):
  
      try:
@@ -154,9 +195,11 @@
          ssock.settimeout(20)
          ssock.connect(("localhost", port))
          mosq_test.do_send_receive(ssock, connect_packet, connack_packet, "connack")
---- mosquitto-2.0.11.orig/test/lib/08-ssl-connect-cert-auth-enc.py
-+++ mosquitto-2.0.11/test/lib/08-ssl-connect-cert-auth-enc.py
-@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_discon
+diff --git a/test/lib/08-ssl-connect-cert-auth-enc.py b/test/lib/08-ssl-connect-cert-auth-enc.py
+index fad6b8b..ad51e12 100755
+--- a/test/lib/08-ssl-connect-cert-auth-enc.py
++++ b/test/lib/08-ssl-connect-cert-auth-enc.py
+@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect()
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -170,9 +213,11 @@
  ssock.settimeout(10)
  ssock.bind(('', port))
  ssock.listen(5)
---- mosquitto-2.0.11.orig/test/lib/08-ssl-connect-cert-auth.py
-+++ mosquitto-2.0.11/test/lib/08-ssl-connect-cert-auth.py
-@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_discon
+diff --git a/test/lib/08-ssl-connect-cert-auth.py b/test/lib/08-ssl-connect-cert-auth.py
+index dba818c..f96942e 100755
+--- a/test/lib/08-ssl-connect-cert-auth.py
++++ b/test/lib/08-ssl-connect-cert-auth.py
+@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect()
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -186,9 +231,11 @@
  ssock.settimeout(10)
  ssock.bind(('', port))
  ssock.listen(5)
---- mosquitto-2.0.11.orig/test/lib/08-ssl-connect-no-auth.py
-+++ mosquitto-2.0.11/test/lib/08-ssl-connect-no-auth.py
-@@ -25,7 +25,9 @@ disconnect_packet = mosq_test.gen_discon
+diff --git a/test/lib/08-ssl-connect-no-auth.py b/test/lib/08-ssl-connect-no-auth.py
+index d994a5b..17a68d1 100755
+--- a/test/lib/08-ssl-connect-no-auth.py
++++ b/test/lib/08-ssl-connect-no-auth.py
+@@ -25,7 +25,9 @@ disconnect_packet = mosq_test.gen_disconnect()
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -199,8 +246,10 @@
  ssock.settimeout(10)
  ssock.bind(('', port))
  ssock.listen(5)
---- mosquitto-2.0.11.orig/test/lib/08-ssl-fake-cacert.py
-+++ mosquitto-2.0.11/test/lib/08-ssl-fake-cacert.py
+diff --git a/test/lib/08-ssl-fake-cacert.py b/test/lib/08-ssl-fake-cacert.py
+index a130667..9b97870 100755
+--- a/test/lib/08-ssl-fake-cacert.py
++++ b/test/lib/08-ssl-fake-cacert.py
 @@ -10,9 +10,10 @@ if sys.version < '2.7':
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
diff -Nru mosquitto-2.0.11/debian/tests/broker mosquitto-2.0.11/debian/tests/broker
--- mosquitto-2.0.11/debian/tests/broker	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/tests/broker	2025-05-11 21:31:40.000000000 +0200
@@ -3,4 +3,5 @@
 # not executable. As workaround until rebaing to new upstream
 # version, make all py files executable
 chmod -c 755 -- test/broker/*.py
+make -C test ssl 2> /dev/null
 make -C test/broker test
diff -Nru mosquitto-2.0.11/debian/tests/client mosquitto-2.0.11/debian/tests/client
--- mosquitto-2.0.11/debian/tests/client	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/tests/client	2025-05-11 21:31:40.000000000 +0200
@@ -1 +1,2 @@
+make -C test ssl 2> /dev/null
 make -C test/client test
diff -Nru mosquitto-2.0.11/debian/tests/library mosquitto-2.0.11/debian/tests/library
--- mosquitto-2.0.11/debian/tests/library	2023-09-30 19:28:09.000000000 +0200
+++ mosquitto-2.0.11/debian/tests/library	2025-05-11 21:31:40.000000000 +0200
@@ -1 +1,2 @@
+make -C test ssl 2> /dev/null
 make -C test/lib test

Attachment: signature.asc
Description: PGP signature