From 6a2f012a11d2fd7a515c16a80bc12e628cc29853 Mon Sep 17 00:00:00 2001
From: spurreiter <spurreiter@users.noreply.github.com>
Date: Mon, 20 Apr 2020 17:19:00 +0200
Subject: [PATCH] feat: cache.clear

fix failing tests
rename ocsp.js to index.js
fix failing gen-certs.js
---
 lib/{ocsp.js => index.js}       |  0
 lib/ocsp/agent.js               |  9 +--
 lib/ocsp/api.js                 |  2 +-
 lib/ocsp/cache.js               | 10 +++-
 lib/ocsp/check.js               |  2 +-
 lib/ocsp/request.js             |  2 +-
 lib/ocsp/server.js              |  2 +-
 lib/ocsp/utils.js               |  8 ++-
 lib/ocsp/verify.js              |  2 +-
 package-lock.json               | 40 +++++++++++++
 package.json                    |  9 ++-
 scripts/certs.js                | 15 +++++
 test/api-test.js                | 12 ++--
 test/cache-test.js              |  5 +-
 test/fixtures/gen-certs.js      | 12 ++--
 test/fixtures/google-cert.pem   | 99 ++++++++++++++++++---------------
 test/fixtures/google-issuer.pem | 47 ++++++++--------
 test/fixtures/index.js          | 12 ++--
 18 files changed, 186 insertions(+), 102 deletions(-)
 rename lib/{ocsp.js => index.js} (100%)
 create mode 100644 scripts/certs.js

diff --git a/lib/ocsp.js b/lib/index.js
similarity index 100%
rename from lib/ocsp.js
rename to lib/index.js
diff --git a/lib/ocsp/agent.js b/lib/ocsp/agent.js
index 6d223d9..46db58e 100644
--- a/lib/ocsp/agent.js
+++ b/lib/ocsp/agent.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 var util = require('util')
 var http = require('http')
@@ -33,7 +33,7 @@ Agent.prototype.createConnection = function createConnection (port,
 
   if (typeof host === 'string') { options.host = host }
 
-  var ocspOptions = Object.assign({ requestOCSP: true }, options)
+  var ocspOptions = Object.assign({}, options, { requestOCSP: true })
   var socket = https.Agent.prototype.createConnection.call(
     this, port, host, ocspOptions)
 
@@ -60,8 +60,9 @@ Agent.prototype.createConnection = function createConnection (port,
 
 Agent.prototype.handleOCSPResponse = function handleOCSPResponse (socket,
   stapling,
-  cb) {
-  var cert = socket.ssl.getPeerCertificate(true)
+  cb
+) {
+  var cert = (socket.ssl || socket).getPeerCertificate(true) || {}
   var issuer = cert.issuerCertificate
 
   cert = cert.raw
diff --git a/lib/ocsp/api.js b/lib/ocsp/api.js
index 39a6083..47d0870 100644
--- a/lib/ocsp/api.js
+++ b/lib/ocsp/api.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 var rfc2560 = require('asn1.js-rfc2560')
 var rfc5280 = require('asn1.js-rfc5280')
 
diff --git a/lib/ocsp/cache.js b/lib/ocsp/cache.js
index 2ec3424..55febee 100644
--- a/lib/ocsp/cache.js
+++ b/lib/ocsp/cache.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 function Cache (options) {
   this.options = options || {}
@@ -99,3 +99,11 @@ Cache.prototype.getMaxStoreTime = function getMaxStoreTime (response, callback)
 
   return callback(null, Math.max(0, nextUpdate - new Date()))
 }
+
+Cache.prototype.clear = function clear () {
+  var cacheIds = Object.keys(this.cache)
+  cacheIds.forEach((cacheId) => {
+    clearTimeout(this.cache[cacheId].timer)
+  })
+  this.cache.length = 0
+}
diff --git a/lib/ocsp/check.js b/lib/ocsp/check.js
index 5813eb7..85c6451 100644
--- a/lib/ocsp/check.js
+++ b/lib/ocsp/check.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 var rfc2560 = require('asn1.js-rfc2560')
 
diff --git a/lib/ocsp/request.js b/lib/ocsp/request.js
index bb1b78d..be6c742 100644
--- a/lib/ocsp/request.js
+++ b/lib/ocsp/request.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 var crypto = require('crypto')
 var rfc2560 = require('asn1.js-rfc2560')
 var rfc5280 = require('asn1.js-rfc5280')
diff --git a/lib/ocsp/server.js b/lib/ocsp/server.js
index dd0b2f6..2114911 100644
--- a/lib/ocsp/server.js
+++ b/lib/ocsp/server.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 var http = require('http')
 var util = require('util')
diff --git a/lib/ocsp/utils.js b/lib/ocsp/utils.js
index bfbbd4c..014e1c0 100644
--- a/lib/ocsp/utils.js
+++ b/lib/ocsp/utils.js
@@ -60,11 +60,15 @@ exports.parseResponse = function parseResponse (raw) {
   })
 
   var status = response.responseStatus
-  if (status !== 'successful') { throw new Error('Bad OCSP response status: ' + status) }
+  if (status !== 'successful') {
+    throw new Error('Bad OCSP response status: ' + status)
+  }
 
   // Unknown response type
   var responseType = response.responseBytes.responseType
-  if (responseType !== 'id-pkix-ocsp-basic') { throw new Error('Unknown OCSP response type: ' + responseType) }
+  if (responseType !== 'id-pkix-ocsp-basic') {
+    throw new Error('Unknown OCSP response type: ' + responseType)
+  }
 
   var bytes = response.responseBytes.response
 
diff --git a/lib/ocsp/verify.js b/lib/ocsp/verify.js
index 8a14101..ecf2880 100644
--- a/lib/ocsp/verify.js
+++ b/lib/ocsp/verify.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 var rfc5280 = require('asn1.js-rfc5280')
 var crypto = require('crypto')
 
diff --git a/package-lock.json b/package-lock.json
index f73dba3..213c303 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1014,6 +1014,20 @@
       "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
       "dev": true
     },
+    "glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
     "glob-parent": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz",
@@ -1261,6 +1275,12 @@
         }
       }
     },
+    "interpret": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.2.0.tgz",
+      "integrity": "sha512-mT34yGKMNceBQUoVn7iCDKDntA7SC6gycMAWzGx1z/CMCTV7b2AAtXlo3nRyHZ1FelRkQbQjprHSYGwzLtkVbw==",
+      "dev": true
+    },
     "is-arrayish": {
       "version": "0.2.1",
       "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
@@ -1968,6 +1988,15 @@
         "picomatch": "^2.0.4"
       }
     },
+    "rechoir": {
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.6.2.tgz",
+      "integrity": "sha1-hSBLVNuoLVdC4oyWdW70OvUOM4Q=",
+      "dev": true,
+      "requires": {
+        "resolve": "^1.1.6"
+      }
+    },
     "regexpp": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz",
@@ -2098,6 +2127,17 @@
       "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=",
       "dev": true
     },
+    "shelljs": {
+      "version": "0.8.3",
+      "resolved": "https://registry.npmjs.org/shelljs/-/shelljs-0.8.3.tgz",
+      "integrity": "sha512-fc0BKlAWiLpwZljmOvAOTE/gXawtCoNrP5oaY7KIaQbbyHeQVg01pSEuEGvGh3HEdBU4baCD7wQBwADmM/7f7A==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.0.0",
+        "interpret": "^1.0.0",
+        "rechoir": "^0.6.2"
+      }
+    },
     "signal-exit": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz",
diff --git a/package.json b/package.json
index 2d7e266..f36078a 100644
--- a/package.json
+++ b/package.json
@@ -13,11 +13,15 @@
   },
   "license": "MIT",
   "author": "Fedor Indutny <fedor@indutny.com>",
-  "main": "lib/ocsp.js",
+  "main": "lib/index.js",
   "scripts": {
+    "certs": "node scripts/certs.js",
     "lint": "eslint lib test",
     "test": "mocha"
   },
+  "mocha": {
+    "exit": true
+  },
   "dependencies": {
     "asn1.js": "^5.3.0",
     "asn1.js-rfc2560": "^5.0.1",
@@ -33,6 +37,7 @@
     "eslint-plugin-promise": "^4.2.1",
     "eslint-plugin-standard": "^4.0.1",
     "mocha": "^7.1.1",
-    "selfsigned.js": "^3.0.2"
+    "selfsigned.js": "^3.0.2",
+    "shelljs": "^0.8.3"
   }
 }
diff --git a/scripts/certs.js b/scripts/certs.js
new file mode 100644
index 0000000..bda0ebb
--- /dev/null
+++ b/scripts/certs.js
@@ -0,0 +1,15 @@
+const { exec } = require('shelljs')
+const fs = require('fs')
+
+const dir = `${__dirname}/../test/fixtures`
+
+function getCerts (domain, file) {
+  const { stdout } = exec(`openssl s_client -showcerts -verify 5 -connect ${domain}:443 < /dev/null`)
+  const [cert, issuer] = stdout.match(/(-----BEGIN CERTIFICATE-----[^]+?-----END CERTIFICATE-----)/mg)
+  if (file) {
+    fs.writeFileSync(`${dir}/${file}-cert.pem`, cert, 'utf8')
+    fs.writeFileSync(`${dir}/${file}-issuer.pem`, issuer, 'utf8')
+  }
+}
+
+getCerts('google.com', 'google')
diff --git a/test/api-test.js b/test/api-test.js
index 700cbe0..6c94754 100644
--- a/test/api-test.js
+++ b/test/api-test.js
@@ -12,7 +12,6 @@ describe('OCSP Stapling Provider', function () {
         issuer: fixtures.googleIssuer
       }, function (err, res) {
         if (err) { throw err }
-
         assert.equal(res.type, 'good')
         cb()
       })
@@ -20,9 +19,9 @@ describe('OCSP Stapling Provider', function () {
   })
 
   describe('.verify()', function () {
-    it('should verify reddit.com\'s stapling', function (cb) {
+    it('should verify wikipedia.org\'s stapling', function (cb) {
       var req = https.request({
-        host: 'reddit.com',
+        host: 'wikipedia.org',
         port: 443,
         requestOCSP: true
       }, function (res) {
@@ -35,19 +34,20 @@ describe('OCSP Stapling Provider', function () {
           onOCSPResponse(socket, stapling)
         })
       })
+      req.on('error', () => {})
 
       function onOCSPResponse (socket, stapling) {
         var cert = socket.getPeerCertificate(true)
 
-        var req = ocsp.request.generate(cert.raw, cert.issuerCertificate.raw)
+        var request = ocsp.request.generate(cert.raw, cert.issuerCertificate.raw)
         ocsp.verify({
-          request: req,
+          request,
           response: stapling
         }, function (err, res) {
           assert(!err)
 
           assert.equal(res.type, 'good')
-          socket.destroy()
+          socket.end()
           cb()
         })
       }
diff --git a/test/cache-test.js b/test/cache-test.js
index 72bcc9d..f847ff8 100644
--- a/test/cache-test.js
+++ b/test/cache-test.js
@@ -1,4 +1,4 @@
-var ocsp = require('../')
+var ocsp = require('..')
 var fixtures = require('./fixtures')
 
 var https = require('https')
@@ -64,10 +64,11 @@ describe('OCSP Cache', function () {
       https.get({
         agent: agent,
         ca: issuer.cert,
-        rejectUnauthorized: !/^v0.12/.test(process.version),
+        rejectUnauthorized: false,
         servername: 'local.host',
         port: 8001
       }, function (res) {
+        cache.clear()
         cb()
       })
     })
diff --git a/test/fixtures/gen-certs.js b/test/fixtures/gen-certs.js
index e64e860..b08c749 100755
--- a/test/fixtures/gen-certs.js
+++ b/test/fixtures/gen-certs.js
@@ -11,8 +11,8 @@ var options = {
 }
 
 fixtures.getOCSPCert(options, function (cert, key) {
-  fs.writeFileSync(resolve(__dirname, '/issuer-cert.pem', cert))
-  fs.writeFileSync(resolve(__dirname, '/issuer-key.pem', key))
+  fs.writeFileSync(resolve(__dirname, 'issuer-cert.pem'), cert)
+  fs.writeFileSync(resolve(__dirname, 'issuer-key.pem'), key)
 
   var options = {
     issuer: cert,
@@ -22,14 +22,14 @@ fixtures.getOCSPCert(options, function (cert, key) {
   }
 
   fixtures.getOCSPCert(options, function (cert, key) {
-    fs.writeFileSync(resolve(__dirname, '/good-cert.pem', cert))
-    fs.writeFileSync(resolve(__dirname, '/good-key.pem', key))
+    fs.writeFileSync(resolve(__dirname, 'good-cert.pem'), cert)
+    fs.writeFileSync(resolve(__dirname, 'good-key.pem'), key)
 
     options.serial++
 
     fixtures.getOCSPCert(options, function (cert, key) {
-      fs.writeFileSync(resolve(__dirname, '/revoked-cert.pem', cert))
-      fs.writeFileSync(resolve(__dirname, '/revoked-key.pem', key))
+      fs.writeFileSync(resolve(__dirname, 'revoked-cert.pem'), cert)
+      fs.writeFileSync(resolve(__dirname, 'revoked-key.pem'), key)
     })
   })
 })
diff --git a/test/fixtures/google-cert.pem b/test/fixtures/google-cert.pem
index d6db368..fe7bd54 100644
--- a/test/fixtures/google-cert.pem
+++ b/test/fixtures/google-cert.pem
@@ -1,47 +1,56 @@
 -----BEGIN CERTIFICATE-----
-MIIIPjCCByagAwIBAgIIPR3kTjRuzmgwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
-BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
-cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcxMTAxMTM0ODU2WhcNMTgwMTI0MTMzMTAw
-WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
-TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
-b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB7gUfrQ
-317Dpod3k7cwq/j7lNZsBD+YPVr29seRUotrIDn9PR1IzFFyA2YtiOZVRJIMf9FU
-lzYtsZng+HJv48eqGQI2e2eRnnZf2Eq5ORTzyWkx06KjRsYInsq3ZrEe5yj+dhgl
-SfDbs1wwJ1Yxea1i7JsiXUJp1wIuSw9mVJZzaQpN6YT30aD1KSBMFgORXXYKq0Z4
-W0qlbeIhVDs8fTuBzQeVaxLKDKZoEDweWHYwx34OCVj7hi8R0+keJ44259xrR6Sg
-63Yy5T4Z4morTRuIxlfJM8WVKeEJbWjyCTekV0rvuBC2fsjCEXzHmiJrAQj8EYLQ
-JEHr23uzaqbYXQIDAQABo4IFCzCCBQcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwggPh
-BgNVHREEggPYMIID1IIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFw
-cGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CFCouZGI4MzM5
-NTMuZ29vZ2xlLmNuggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tghYqLmdvb2dsZS1h
-bmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xl
-LmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xl
-LmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29v
-Z2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyou
-Z29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2ds
-ZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5n
-b29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29v
-Z2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xldmlkZW8u
-Y29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiouZ3Z0MS5jb22CCiou
+MIIKDjCCCPagAwIBAgIRAPcd4Ov5a9leCAAAAAA3jwcwDQYJKoZIhvcNAQELBQAw
+QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
+MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDA0MDExMjM2NDNaFw0yMDA2MjQxMjM2
+NDNaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
+Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwq
+Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWxiFq
+IY7+Pd1bTczEVLBgLMTCceE7s6xAmAtZdNDFe0LqhnmAcKX17K+BiO6XMjsYJWyl
+DeF6uFUYCN+oXz/R3VZVIQZ9a6ahkWEHboJXkRgKR2gmWoxx5SZOWtR0CiaJMKOk
+3eIuR6Sjwf5x/88nPe/NzLym6/oZs4LATjVTmchAu/a7hf+1Bq/DHEHPix3+BwIB
+E1SvEKjnFKEjJTlt+IINLb8ptIHCUoTay8kVKTPlhWJxBc59cQJrIbtuCd3StKLY
+F/jlNPHEpIeueJNPCFv+l/VYAePI/obcFcvCHb0bM5Dg0kztgg+9TJs3ahbUuCoS
+NtIeDDChpXnUFA43AgMBAAGjggbZMIIG1TAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU54y7UINjupFU
+T/VsoorK3Xvc0jswHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswZAYI
+KwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9n
+dHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5j
+cnQwggSdBgNVHREEggSUMIIEkIIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29t
+ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCou
+Y3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIR
+Ki5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYq
+Lmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yC
+DiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuC
+DyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20u
+YnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5j
+b20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVz
+ggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2ds
+ZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5j
+b22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xl
+Y29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0q
+LmdzdGF0aWMuY29tghIqLmdzdGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiou
 Z3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECou
-dXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CDSoueW91dHVi
-ZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CByoueXQuYmWCCyoueXRpbWcu
-Y29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2Rl
-dmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdv
-b2dsZS5jboIEZy5jb4IGZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIKZ29v
-Z2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29n
-bGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJl
-LmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CBXl0LmJlMGgGCCsGAQUFBwEBBFww
-WjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDAr
-BggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNV
-HQ4EFgQUsbgPE1pb/BmfNpF5Q+t2JkU1JHEwDAYDVR0TAQH/BAIwADAfBgNVHSME
-GDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkC
-BQEwCAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xl
-LmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBAHYq722AH3tp2ORNJYz0
-tAV0p8r16tDEs4Pm/pVNVMu3UQpI31q8UNEs2VglSlDlExBOrczY30+FLkRE9K4/
-yv1ELw9LJtHChwSxzAggccK4UQIvxbqTMZsoXhsoo0YDEOrr2jzmVNbtljicKn5c
-7RTYhHKTTU+VUjznEu3K6T3QocvJaXBywX08UA/NIqQOLfKhFpeSgLnVKYq9P/b9
-9T11DxOutCwLXrwWYbCIAMuVHUMYEeaBtyhLII3Vr03pY2tjT9BFcyRdU1uMLbuM
-VRyCr/KpNJVlBwLC1nrhHK065ctsJXkbRmZ5jaDVQA/BuxGlq9MA4ikcqocPPZ48
-0i0=
------END CERTIFICATE-----
+dXJsLmdvb2dsZS5jb22CEyoud2Vhci5na2VjbmFwcHMuY26CFioueW91dHViZS1u
+b2Nvb2tpZS5jb22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5j
+b22CESoueW91dHViZWtpZHMuY29tggcqLnl0LmJlggsqLnl0aW1nLmNvbYIaYW5k
+cm9pZC5jbGllbnRzLmdvb2dsZS5jb22CC2FuZHJvaWQuY29tghtkZXZlbG9wZXIu
+YW5kcm9pZC5nb29nbGUuY26CHGRldmVsb3BlcnMuYW5kcm9pZC5nb29nbGUuY26C
+BGcuY2+CCGdncGh0LmNuggxna2VjbmFwcHMuY26CBmdvby5nbIIUZ29vZ2xlLWFu
+YWx5dGljcy5jb22CCmdvb2dsZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xl
+Y29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5j
+b22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVk
+dWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIFeXQuYmUwIQYDVR0gBBowGDAI
+BgZngQwBAgIwDAYKKwYBBAHWeQIFAzAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8v
+Y3JsLnBraS5nb29nL0dUUzFPMS5jcmwwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8A
+dgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXE19WDJAAAEAwBH
+MEUCIC8NrS7LobDQTi14yuGMmbzJTmuzxRr55pRNPElygM55AiEA40Ldzw3XeWQq
+ScPfMrB0Rlt4szIgurTozO76NFWxbEEAdQBep3P531bA57U2SH3QSeAyepGaDISh
+EhKEGHWWgXFFWAAAAXE19V/aAAAEAwBGMEQCIC3YbBEBkkOmGHSh6zf0I8H/5M9+
+Fpkc5l6skpDQq6zyAiBwXueaM0pFyhMqdKGEALUxbiBMTUBGhtPGaSt3lfe+hzAN
+BgkqhkiG9w0BAQsFAAOCAQEAXWNKhDW4BoU+DWaf4dQ3J73p5/cepsHD7rCIKA2H
+G6flImfOr2SgGS/R5TvRSZZdjXuu8MRCTMixGFhMhwWUWWoqEWXBsDT0SFVdOTgJ
+bk/BBtgGwPyR/zT3+xqSmH0X4BhiCLN3GTcf6jhxHHuSwt+BL6PTDZg4iaXNJ5Hi
+bQm0KsnYT2vhDStyl4otmh03cViiYtDfUY3+YJSiJBzXr+CWOtnMyGIft8msKcxA
+dlnAwaU8bOcu65kPSN0C/ASjOawDEc0AsfSXLGTKvKAifbl1spuqqL0n2HvqR5Dc
++iGKojNjiEVlY/lRRQtXk1DBKV0AMFTj/1kqQu5l1CqlKg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/fixtures/google-issuer.pem b/test/fixtures/google-issuer.pem
index 5273269..daed47b 100644
--- a/test/fixtures/google-issuer.pem
+++ b/test/fixtures/google-issuer.pem
@@ -1,24 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG
-EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
-bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
-VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
-h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
-ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
-EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
-DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7
-qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
-VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
-JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
-BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ
-MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE
-+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6
-8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS
-etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i
-vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP
-WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8
-VOBHBw==
------END CERTIFICATE-----
+MIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw
+HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
+U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
+MTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
+U2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv
+UA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr
+mBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac
+xGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK
+FsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X
+rJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV
+HQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G
+A1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl
+BggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp
+MCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g
+BDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y
+ZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H
+TgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN
+FvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz
+mqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW
+IRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ
+USpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/fixtures/index.js b/test/fixtures/index.js
index 8ee08d7..4b2bbdf 100644
--- a/test/fixtures/index.js
+++ b/test/fixtures/index.js
@@ -15,16 +15,16 @@ var keyGen = require('selfsigned.js').create()
            accessLocation        GeneralName  }
  */
 
-exports.google = fs.readFileSync(resolve(__dirname, './google-cert.pem'))
-exports.googleIssuer = fs.readFileSync(resolve(__dirname, './google-issuer.pem'))
-exports.noExts = fs.readFileSync(resolve(__dirname, './no-exts-cert.pem'))
+exports.google = fs.readFileSync(resolve(__dirname, 'google-cert.pem'))
+exports.googleIssuer = fs.readFileSync(resolve(__dirname, 'google-issuer.pem'))
+exports.noExts = fs.readFileSync(resolve(__dirname, 'no-exts-cert.pem'))
 
 exports.certs = {};
 
 ['issuer', 'good', 'revoked'].forEach(function (name) {
   exports.certs[name] = {
-    cert: fs.readFileSync(resolve(__dirname, './' + name + '-cert.pem')),
-    key: fs.readFileSync(resolve(__dirname, './' + name + '-key.pem'))
+    cert: fs.readFileSync(resolve(__dirname, name + '-cert.pem')),
+    key: fs.readFileSync(resolve(__dirname, name + '-key.pem'))
   }
 })
 
@@ -89,7 +89,7 @@ exports.getOCSPCert = function getOCSPCert (options, cb) {
       issuer: issuer,
       issuerKeyData: issuerKeyData,
       extensions: [{
-        extnID: rfc5280['id-pe-authorityInfoAccess'],
+        extnID: [1, 3, 6, 1, 5, 5, 7, 1, 1], // rfc5280['id-pe-authorityInfoAccess'],
         critical: false,
         extnValue: ext
       }]