test(cli-repl): add tests for --tlsAllow flags (MONGOSH-571)

packages/cli-repl/test/e2e-tls.spec.ts

@@ -14,6 +14,7 @@ const CLIENT_CERT = getCertPath('client.bundle.pem');
 const CLIENT_CERT_PFX = getCertPath('client.bundle.pfx');
 const INVALID_CLIENT_CERT = getCertPath('invalid-client.bundle.pem');
 const SERVER_KEY = getCertPath('server.bundle.pem');
+const SERVER_INVALIDHOST_KEY = getCertPath('server-invalidhost.bundle.pem');
 const CRL_INCLUDING_SERVER = getCertPath('ca-server.crl');
 
 describe('e2e TLS', () => {
@@ -49,7 +50,7 @@ describe('e2e TLS', () => {
   });
 
   function registerTlsTests({ tlsMode: serverTlsModeOption, tlsModeValue: serverTlsModeValue, tlsCertificateFile: serverTlsCertificateKeyFileOption, tlsCaFile: serverTlsCAFileOption }) {
-    context('connecting without client cert', () => {
+    context('connecting without client cert to server with valid cert', () => {
       after(async() => {
         // mlaunch has some trouble interpreting all the server options correctly,
         // and subsequently can't connect to the server to find out if it's up,
@@ -153,7 +154,7 @@ describe('e2e TLS', () => {
       });
     });
 
-    context('connecting with client cert', () => {
+    context('connecting with client cert to server with valid cert', () => {
       const tmpdir = useTmpdir();
 
       after(async() => {
@@ -302,5 +303,62 @@ describe('e2e TLS', () => {
         }
       });
     });
+
+    context('connecting to server with invalid cert', () => {
+      after(async() => {
+        // mlaunch has some trouble interpreting all the server options correctly,
+        // and subsequently can't connect to the server to find out if it's up,
+        // then thinks it isn't and doesn't shut it down cleanly. We shut it down
+        // here to work around that.
+        const shell = TestShell.start({ args:
+          [
+            await server.connectionString(),
+            '--tls', '--tlsCAFile', CA_CERT, '--tlsAllowInvalidCertificates'
+          ]
+        });
+        await shell.waitForPrompt();
+        await shell.executeLine('db.shutdownServer({ force: true })');
+        await TestShell.killall();
+      });
+
+      const server = startTestServer(
+        'not-shared', '--hostname', 'localhost',
+        serverTlsModeOption, serverTlsModeValue,
+        serverTlsCertificateKeyFileOption, SERVER_INVALIDHOST_KEY
+      );
+
+      it('works with allowInvalidCertificates', async() => {
+        const shell = TestShell.start({
+          args: [
+            await server.connectionString(),
+            '--tls', '--tlsCAFile', CA_CERT, '--tlsAllowInvalidCertificates'
+          ]
+        });
+        const result = await shell.waitForPromptOrExit();
+        expect(result.state).to.equal('prompt');
+      });
+
+      it('works with allowInvalidHostnames', async() => {
+        const shell = TestShell.start({
+          args: [
+            await server.connectionString(),
+            '--tls', '--tlsCAFile', CA_CERT, '--tlsAllowInvalidHostnames'
+          ]
+        });
+        const result = await shell.waitForPromptOrExit();
+        expect(result.state).to.equal('prompt');
+      });
+
+      it('fails when no additional args are provided', async() => {
+        const shell = TestShell.start({
+          args: [
+            await server.connectionString(),
+            '--tls', '--tlsCAFile', CA_CERT
+          ]
+        });
+        const result = await shell.waitForPromptOrExit();
+        expect(result.state).to.equal('exit');
+      });
+    });
   }
 });

packages/cli-repl/test/fixtures/certificates/README.md

@@ -70,6 +70,28 @@ To recreate the certificates follow the steps outlined below.
    cat server.pem server.key > server.bundle.pem
    ```
 
+## Setup Server Certificate with invalid hostname
+1. Create a new key to use for the server:
+   ```
+   openssl genrsa -out server-invalidhost.key 4096
+   ```
+2. Generate a Certificate Signing Request (CSR) with validity 99.999 days:
+   ```
+   openssl req -new -key server-invalidhost.key -out server-invalidhost.csr -days 99999
+   ```
+   * Organization Name: `MongoDB`
+   * Organizational Unit Name: `DevTools`
+   * Common Name: `invalidhost`
+3. Sign the CSR to generate server certificate:
+   ```
+   openssl ca -create_serial -config ca.cnf -in server-invalidhost.csr -out server-invalidhost.pem -days 99999
+   ```
+   This will also generate a `<FINGERPRINT>.pem` file which can be removed.
+4. Create a bundle with server key and certificate to use for `mongod`:
+   ```
+   cat server-invalidhost.pem server-invalidhost.key > server-invalidhost.bundle.pem
+   ```
+
 ## Setup "Non-CA" for testing invalid CA cert
 1. Create a new key to use for the Non CA:
    ```

packages/cli-repl/test/fixtures/certificates/ca.db

@@ -6,3 +6,4 @@ V	22941006122725Z		F349920F8B55BB11	unknown	/O=MongoDB/OU=DevTools/CN=127.0.0.1
 R	22941006125419Z	201222130941Z	F349920F8B55BB12	unknown	/O=MongoDB/OU=DevTools/CN=localhost
 V	22941006125605Z		F349920F8B55BB13	unknown	/O=MongoDB/OU=DevTools/CN=Wonderwoman/emailAddress=tester@example.com
 V	22941006152405Z		F349920F8B55BB14	unknown	/O=MongoDB/OU=DevTools Testers/CN=Wonderwoman/emailAddress=tester@example.com
+V	22941218081417Z		F349920F8B55BB15	unknown	/O=MongoDB/OU=DevTools/CN=invalidhost

packages/cli-repl/test/fixtures/certificates/ca.serial

@@ -1 +1 @@
-F349920F8B55BB15
+F349920F8B55BB16

packages/cli-repl/test/fixtures/certificates/server-invalidhost.bundle.pem

@@ -0,0 +1,160 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 17530703619976182549 (0xf349920f8b55bb15)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=MongoDB, OU=DevTools, CN=DevTools CA
+        Validity
+            Not Before: Mar  5 08:14:17 2021 GMT
+            Not After : Dec 18 08:14:17 2294 GMT
+        Subject: O=MongoDB, OU=DevTools, CN=invalidhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:cd:cf:d8:99:66:12:ca:6b:14:6a:97:81:33:
+                    71:d6:37:13:70:a9:78:02:69:b0:d0:6c:48:75:8d:
+                    a4:53:7c:d1:f7:82:19:c6:4a:a6:36:cb:e9:ca:d8:
+                    c5:81:61:08:57:e0:0c:72:cd:00:c5:d5:77:8d:8a:
+                    ea:c1:b2:e1:89:09:5e:29:92:38:91:1a:30:b5:9b:
+                    13:4c:96:d1:c9:a9:ae:71:98:c9:3e:32:f5:e9:d4:
+                    f9:e9:c1:41:32:58:21:6b:32:55:c4:6d:5e:64:0d:
+                    81:23:0c:b7:9e:a0:8a:73:51:7d:e4:d5:45:9c:f4:
+                    4a:78:a7:97:0b:ed:12:53:b1:ca:11:ff:85:ff:58:
+                    11:9e:7e:33:13:c3:33:22:47:06:eb:8f:fa:3c:3a:
+                    5f:91:8e:6f:97:eb:c5:aa:62:51:66:ca:90:b9:88:
+                    00:30:ba:86:33:59:e0:ce:5e:35:a4:78:ed:87:75:
+                    46:db:fb:2d:0a:77:79:eb:5f:57:22:68:82:fa:90:
+                    f0:68:01:b9:b1:26:8b:a6:2c:a1:06:5a:26:c4:3a:
+                    e8:12:cb:dd:8c:a4:07:65:9a:6c:60:9e:e7:02:ec:
+                    86:4e:a8:74:c8:de:bb:a0:79:b2:68:56:c9:b7:67:
+                    77:4f:16:ab:b6:8b:4a:35:03:d1:01:66:78:ff:0d:
+                    98:e4:6d:4a:78:71:b9:ee:c3:b8:67:95:fb:50:f0:
+                    fa:30:13:64:d5:1a:02:fb:be:28:53:08:45:d5:3b:
+                    9f:28:c0:67:d2:36:2c:25:9a:58:5d:f2:e4:fc:99:
+                    1a:88:28:0c:8f:9a:66:20:8d:45:d8:31:1c:02:20:
+                    13:b9:3a:1e:2b:02:57:2d:44:d2:7e:d4:4a:d1:7e:
+                    10:91:75:eb:63:63:f2:c9:23:dc:f9:12:3a:8a:44:
+                    b5:ec:f9:ab:6b:8b:fe:3f:98:42:cb:23:fa:7f:e0:
+                    47:52:65:41:4c:b9:67:37:4e:69:a5:99:e7:a9:d8:
+                    32:b1:4c:15:4b:63:58:1c:1b:ed:d4:95:0b:f4:23:
+                    6d:d2:d0:23:a7:e0:b3:bd:79:75:9a:93:ec:3c:91:
+                    15:ed:d8:5b:64:53:22:d9:70:45:a5:e7:d4:b0:3d:
+                    55:8e:0b:9f:31:29:95:2a:94:e7:7e:7c:5f:77:51:
+                    e5:db:30:d1:e1:07:b6:0e:56:8d:9b:43:bc:43:47:
+                    27:60:33:e3:c8:0a:79:7f:5b:da:30:42:17:9b:6a:
+                    64:7a:30:fb:89:ed:91:4b:60:a9:58:3e:6f:af:b1:
+                    d2:44:c0:71:cb:1e:b1:3e:71:c0:8d:4b:55:72:33:
+                    13:77:64:86:b8:80:e5:7e:a0:f3:d6:c7:25:ba:10:
+                    03:63:8f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha256WithRSAEncryption
+         1e:d8:8a:82:4d:05:2a:20:a8:cf:4b:d2:b0:28:5b:7b:de:47:
+         d8:c8:1c:f5:cb:60:45:ab:81:b8:69:9d:71:75:81:4b:81:5b:
+         ce:1e:3a:d8:39:6c:70:25:31:0f:11:32:a2:fb:a3:d3:de:22:
+         6b:ed:0f:e9:2a:c4:c6:34:c3:44:f6:0c:b7:09:50:29:bb:b2:
+         16:ed:9e:69:e6:0f:34:cd:f2:ed:5d:ad:92:30:22:de:d9:23:
+         8c:f6:22:1b:d9:d1:cc:f7:e4:75:f3:cc:f0:7a:78:e7:d1:8b:
+         b1:ef:be:16:d4:77:eb:49:10:ac:96:1e:51:7f:04:19:fb:11:
+         3d:2c:62:92:db:9e:87:13:a3:24:d1:82:ac:9e:13:52:b5:31:
+         a8:91:98:2b:d1:84:12:3c:89:71:6d:a0:93:ea:c2:20:51:89:
+         c8:56:75:bd:75:6f:ba:0c:67:76:60:54:23:5f:99:f8:9e:15:
+         d4:cb:b0:25:da:e3:b5:2f:fc:f5:f2:e7:e9:08:f6:28:e6:42:
+         0b:0e:40:6b:15:61:fe:ed:dc:4f:c6:cc:67:82:b2:8f:d0:b4:
+         b4:23:13:0a:d4:8d:d3:54:fa:01:d0:b8:91:08:2c:52:c0:9f:
+         cb:95:4d:ab:20:e2:7c:d6:09:98:b0:d5:84:20:f1:34:4b:01:
+         db:8c:63:c5:d4:1d:22:ea:b6:02:a1:68:2a:4d:d1:7c:e1:25:
+         5e:10:43:f3:33:7a:d9:08:f5:84:d3:e0:4d:5a:c3:99:62:a7:
+         84:50:a3:a1:3f:88:ed:96:5b:34:e9:e2:a1:a5:9f:e3:c2:1e:
+         04:19:26:85:63:77:0e:c1:9d:f6:03:e9:05:35:65:5b:1f:86:
+         21:b5:ac:bf:a6:6f:d0:28:15:ae:53:a5:b2:ad:c9:52:52:89:
+         49:11:fa:ca:d3:24:a4:d8:a0:0f:ff:7e:a8:a6:3f:7d:79:7f:
+         95:2d:24:75:ce:67:9b:75:46:b6:de:62:a3:a6:d9:e5:18:c8:
+         44:20:a8:00:25:f1:2d:8a:d2:41:25:39:5f:b1:0d:72:ab:f0:
+         61:fa:ac:85:f3:c0:c3:78:e5:d3:ed:d2:d7:78:01:f0:54:20:
+         54:63:7b:72:ce:93:43:2f:e2:39:ee:d2:84:f7:af:6b:0b:6a:
+         7c:97:53:58:b5:0f:51:d4:83:30:c6:b2:9c:ab:85:53:cb:69:
+         9e:7c:17:a1:14:b2:4f:8b:ca:62:d9:5d:51:ab:ee:11:02:5d:
+         db:26:7b:16:52:58:db:22:15:10:00:e7:61:ea:7e:19:f9:29:
+         5d:05:0a:16:62:26:c1:9e:6d:1e:c5:be:d3:9d:de:08:76:da:
+         b1:a8:a0:63:34:50:82:5e
+-----BEGIN CERTIFICATE-----
+MIIE9DCCAtwCCQDzSZIPi1W7FTANBgkqhkiG9w0BAQsFADA7MRAwDgYDVQQKDAdN
+b25nb0RCMREwDwYDVQQLDAhEZXZUb29sczEUMBIGA1UEAwwLRGV2VG9vbHMgQ0Ew
+IBcNMjEwMzA1MDgxNDE3WhgPMjI5NDEyMTgwODE0MTdaMDsxEDAOBgNVBAoMB01v
+bmdvREIxETAPBgNVBAsMCERldlRvb2xzMRQwEgYDVQQDDAtpbnZhbGlkaG9zdDCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDNz9iZZhLKaxRql4EzcdY3
+E3CpeAJpsNBsSHWNpFN80feCGcZKpjbL6crYxYFhCFfgDHLNAMXVd42K6sGy4YkJ
+XimSOJEaMLWbE0yW0cmprnGYyT4y9enU+enBQTJYIWsyVcRtXmQNgSMMt56ginNR
+feTVRZz0SninlwvtElOxyhH/hf9YEZ5+MxPDMyJHBuuP+jw6X5GOb5frxapiUWbK
+kLmIADC6hjNZ4M5eNaR47Yd1Rtv7LQp3eetfVyJogvqQ8GgBubEmi6YsoQZaJsQ6
+6BLL3YykB2WabGCe5wLshk6odMjeu6B5smhWybdnd08Wq7aLSjUD0QFmeP8NmORt
+Snhxue7DuGeV+1Dw+jATZNUaAvu+KFMIRdU7nyjAZ9I2LCWaWF3y5PyZGogoDI+a
+ZiCNRdgxHAIgE7k6HisCVy1E0n7UStF+EJF162Nj8skj3PkSOopEtez5q2uL/j+Y
+Qssj+n/gR1JlQUy5ZzdOaaWZ56nYMrFMFUtjWBwb7dSVC/QjbdLQI6fgs715dZqT
+7DyRFe3YW2RTItlwRaXn1LA9VY4LnzEplSqU5358X3dR5dsw0eEHtg5WjZtDvENH
+J2Az48gKeX9b2jBCF5tqZHow+4ntkUtgqVg+b6+x0kTAccsesT5xwI1LVXIzE3dk
+hriA5X6g89bHJboQA2OPAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAB7YioJNBSog
+qM9L0rAoW3veR9jIHPXLYEWrgbhpnXF1gUuBW84eOtg5bHAlMQ8RMqL7o9PeImvt
+D+kqxMY0w0T2DLcJUCm7shbtnmnmDzTN8u1drZIwIt7ZI4z2IhvZ0cz35HXzzPB6
+eOfRi7HvvhbUd+tJEKyWHlF/BBn7ET0sYpLbnocToyTRgqyeE1K1MaiRmCvRhBI8
+iXFtoJPqwiBRichWdb11b7oMZ3ZgVCNfmfieFdTLsCXa47Uv/PXy5+kI9ijmQgsO
+QGsVYf7t3E/GzGeCso/QtLQjEwrUjdNU+gHQuJEILFLAn8uVTasg4nzWCZiw1YQg
+8TRLAduMY8XUHSLqtgKhaCpN0XzhJV4QQ/MzetkI9YTT4E1aw5lip4RQo6E/iO2W
+WzTp4qGln+PCHgQZJoVjdw7BnfYD6QU1ZVsfhiG1rL+mb9AoFa5TpbKtyVJSiUkR
++srTJKTYoA//fqimP315f5UtJHXOZ5t1RrbeYqOm2eUYyEQgqAAl8S2K0kElOV+x
+DXKr8GH6rIXzwMN45dPt0td4AfBUIFRje3LOk0Mv4jnu0oT3r2sLanyXU1i1D1HU
+gzDGspyrhVPLaZ58F6EUsk+LymLZXVGr7hECXdsmexZSWNsiFRAA52Hqfhn5KV0F
+ChZiJsGebR7FvtOd3gh22rGooGM0UIJe
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwM3P2JlmEsprFGqXgTNx1jcTcKl4Ammw0GxIdY2kU3zR94IZ
+xkqmNsvpytjFgWEIV+AMcs0AxdV3jYrqwbLhiQleKZI4kRowtZsTTJbRyamucZjJ
+PjL16dT56cFBMlghazJVxG1eZA2BIwy3nqCKc1F95NVFnPRKeKeXC+0SU7HKEf+F
+/1gRnn4zE8MzIkcG64/6PDpfkY5vl+vFqmJRZsqQuYgAMLqGM1ngzl41pHjth3VG
+2/stCnd5619XImiC+pDwaAG5sSaLpiyhBlomxDroEsvdjKQHZZpsYJ7nAuyGTqh0
+yN67oHmyaFbJt2d3TxartotKNQPRAWZ4/w2Y5G1KeHG57sO4Z5X7UPD6MBNk1RoC
++74oUwhF1TufKMBn0jYsJZpYXfLk/JkaiCgMj5pmII1F2DEcAiATuToeKwJXLUTS
+ftRK0X4QkXXrY2PyySPc+RI6ikS17Pmra4v+P5hCyyP6f+BHUmVBTLlnN05ppZnn
+qdgysUwVS2NYHBvt1JUL9CNt0tAjp+CzvXl1mpPsPJEV7dhbZFMi2XBFpefUsD1V
+jgufMSmVKpTnfnxfd1Hl2zDR4Qe2DlaNm0O8Q0cnYDPjyAp5f1vaMEIXm2pkejD7
+ie2RS2CpWD5vr7HSRMBxyx6xPnHAjUtVcjMTd2SGuIDlfqDz1scluhADY48CAwEA
+AQKCAgBIMombRU4IyU2xtnyHQBlnqvYXoQ40cRlp4rJ7eo/HR51kfo5iR3/YUyF3
++RZ0bT5vkZF3x7Z7XoVHNnbUE8UKyLw++uc9xr3os2pVqsBiMK0HEryBExos9rii
+xOBCFuhkuNOPG5lWBAyQcGmt99YAesqWzxojPQNKDQ+twpezSYcumC24QWVPoVhF
+FTpnoos/2IlO1lkFK340OHCrbeeng0EQiJHxrVclkYlyHaserL3dlJf1NihWnAjG
+j8wUMWiipXWwrLy5ToLKtjmSJF4R6zEOINMUoDO440ukHrzIxoNAnyokMeu2mvuo
+wJ8Gk7MEpaulTqF6GrTAPnwenhva/3GO3XKfLrbM4SSeN/SXfMRgwI1PVDZuWT+e
+Kn15+0c0oP39rWVLo2p60OClNF5Mi1g/NgsWWJJwvCaUinBOwOEBR0N0JTQR/0Vi
+anF7i9nq9OGnHQCa8Tt81T851uY2MhF9easnuxxFsJ9eqqhBf3/5GlkVZjgMfNLL
+m/tM9o0NFZCDQHppFJ4+BJpEeWqZsBsdKMAHSswXz2zoYZiyQxwWSHUiigTj5VOG
+z266UC1M7S09EzijFC9+F8dTbk4HQmHdMyBvNp3PfbfljON0L0MCV20wcb2N9dDJ
+HACVvc37rtHDy5fydVkCtmUSNkewRoJYzAKtLWL3yxbCjJSIYQKCAQEA5JVYop+f
+SksyM7HrFI5SGVchQpruou71/dJE+HNyqSdo51kUUrxr/9S4sEl8pF/Tk3nj4q4k
+OynBLnMYQ1Oc52mMHjM+q3M7ryuJ2cb24JI7H0FUzRmUUDkmai2HhVzonHJfE4i/
+RCk+D/xFvfjLs1AM7dWmTHlKHC9nlwU/qLpdz/hrcaNooeyme5JwNaRlE7RXI1o+
+I/oeD8lODVk7F4HLkgoGLAposmmqbPd2E4hU8cHqwPKm6d3AGTPugH2V2jCg3pCR
+HlrVYGP3Qc4NKJ+TMiDeuRpJhlQYH+DUSgOZZma2Cb1J4SwSbJE5Ub7JqbU2jgzQ
+bl7VmUNk1BfrEQKCAQEA1+3bq5QPg+EQtRDq+MFeoquJVW3U3VNvt3K5hJcurom8
+SeJHtRaZPiiphOi5QvvOa+mc5ObVGvBPaqk/mJNGxcHjc2lLZdqWXjBBNEQoHDcK
+D7Nk8aCZ+LfWlgrJ1L8EN48KxzgKgQQwwpS4mXLnfkB9PoxAyT6jNh9nnPnWzt+D
+zYUFOeJEDZI+S79JUzlLK5GQFE/q98jSZQ6V6BTB5eyA9X13a9bGFbmDkUpXWIo4
+ua7Purid6Ah/ERhsahpJUgnvcY57n7K9A6gtKeC1K2GOgBhfYQHqoOD7Q1pro1py
+WHP5r1eYwPzgxYDsDw2dAYb19C/oKjbmY/c90noknwKCAQEA4ReQKNQ279oMnYte
+iud7QSjjv8sBo8DczA37jQ1io+ADFY5KzQ5u64Z2OGKlMtiKaHdnSRli5D/B1BPS
+mLoFkHwHVtXvqLXY2C5vmNysz4gwYB7devrtafJdOcGL6nALP8QAjCPk9SIH04YA
+x4nwTatOkAYLtNLbf9XOlJC+l1CugNWIOGdJ6eo4JweVJ72zKywzgsSi3Jq4b6M0
+EUEFR6iw5iao3UWCw+35vUQSKjneLBNhMI/Cfhm3yRmyiyUgI7QvNfv2a4XXCQxn
+t41It/Ar6vkjWfPg4z58Yyfq5NeWf5g1OnIEBpB3tCFt6GmP/GZOSqOjvIv2mu4a
+pCDJgQKCAQA5B3RWK6OxZBcCi3ZTvtacxgteicSHtAq0e9NtpnRI2s3lAaOIu3A7
+z4d+N+z+OP062Rd8CU9Nbxy6gfru9C7j+iJ1j+C/BO1j8QC3qiyhzxOUNAA8JPul
+igBd3nmR++VEOz5QgYecrZunOJpMxOFJIgUyKN7PiACZQdAe0ImgV7464KARuqXY
+o8BaRyo5lc85sZdJFhZr3RlcYW7MPfc8H6urqriIvc/RWw7Zp7XMB62VtQreOPZT
+mzLcNAQmPc0RotgfuM8DzbRIK/nJrrSKwZheUpGWUGhEl0clcdMt8Kx0miTe35bT
+mbZP044FJ8ZI6fk5xhFeXOOakWk9ls7nAoIBAQDe4EpU7o87AQ5QKhAjx7YTzkRy
+pOT0wZOHwOJefeTg280QJ5ks+p+ehxFjslphKqNFoa5RIclcfwN5nyBDddHp2Cmr
+HScxMHECVSfuZ/0OOnQ4DVdDS+aMHGJUp0dZl1OYXmNwjq6sMNV8s87TIwUB4cbp
+eubm4RQcg+sQRxCwyH5FavJZaxD7rYjkIhLD9IwtBzotSr9PThVQwSlWC2ydjCHv
+mKiCiGDZM1a9xZtTghN6dEzJ/ZsjSbpLV2mx0XW1+cGbbQhh2G7n4xhhrAxk3Juu
+wfjhXoNX5S2Rz4ISZGQZQiAnrwS0e7vgap8bQRL6GbTfQo/hpxMXXpuQIUlT
+-----END RSA PRIVATE KEY-----

packages/cli-repl/test/fixtures/certificates/server-invalidhost.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwM3P2JlmEsprFGqXgTNx1jcTcKl4Ammw0GxIdY2kU3zR94IZ
+xkqmNsvpytjFgWEIV+AMcs0AxdV3jYrqwbLhiQleKZI4kRowtZsTTJbRyamucZjJ
+PjL16dT56cFBMlghazJVxG1eZA2BIwy3nqCKc1F95NVFnPRKeKeXC+0SU7HKEf+F
+/1gRnn4zE8MzIkcG64/6PDpfkY5vl+vFqmJRZsqQuYgAMLqGM1ngzl41pHjth3VG
+2/stCnd5619XImiC+pDwaAG5sSaLpiyhBlomxDroEsvdjKQHZZpsYJ7nAuyGTqh0
+yN67oHmyaFbJt2d3TxartotKNQPRAWZ4/w2Y5G1KeHG57sO4Z5X7UPD6MBNk1RoC
++74oUwhF1TufKMBn0jYsJZpYXfLk/JkaiCgMj5pmII1F2DEcAiATuToeKwJXLUTS
+ftRK0X4QkXXrY2PyySPc+RI6ikS17Pmra4v+P5hCyyP6f+BHUmVBTLlnN05ppZnn
+qdgysUwVS2NYHBvt1JUL9CNt0tAjp+CzvXl1mpPsPJEV7dhbZFMi2XBFpefUsD1V
+jgufMSmVKpTnfnxfd1Hl2zDR4Qe2DlaNm0O8Q0cnYDPjyAp5f1vaMEIXm2pkejD7
+ie2RS2CpWD5vr7HSRMBxyx6xPnHAjUtVcjMTd2SGuIDlfqDz1scluhADY48CAwEA
+AQKCAgBIMombRU4IyU2xtnyHQBlnqvYXoQ40cRlp4rJ7eo/HR51kfo5iR3/YUyF3
++RZ0bT5vkZF3x7Z7XoVHNnbUE8UKyLw++uc9xr3os2pVqsBiMK0HEryBExos9rii
+xOBCFuhkuNOPG5lWBAyQcGmt99YAesqWzxojPQNKDQ+twpezSYcumC24QWVPoVhF
+FTpnoos/2IlO1lkFK340OHCrbeeng0EQiJHxrVclkYlyHaserL3dlJf1NihWnAjG
+j8wUMWiipXWwrLy5ToLKtjmSJF4R6zEOINMUoDO440ukHrzIxoNAnyokMeu2mvuo
+wJ8Gk7MEpaulTqF6GrTAPnwenhva/3GO3XKfLrbM4SSeN/SXfMRgwI1PVDZuWT+e
+Kn15+0c0oP39rWVLo2p60OClNF5Mi1g/NgsWWJJwvCaUinBOwOEBR0N0JTQR/0Vi
+anF7i9nq9OGnHQCa8Tt81T851uY2MhF9easnuxxFsJ9eqqhBf3/5GlkVZjgMfNLL
+m/tM9o0NFZCDQHppFJ4+BJpEeWqZsBsdKMAHSswXz2zoYZiyQxwWSHUiigTj5VOG
+z266UC1M7S09EzijFC9+F8dTbk4HQmHdMyBvNp3PfbfljON0L0MCV20wcb2N9dDJ
+HACVvc37rtHDy5fydVkCtmUSNkewRoJYzAKtLWL3yxbCjJSIYQKCAQEA5JVYop+f
+SksyM7HrFI5SGVchQpruou71/dJE+HNyqSdo51kUUrxr/9S4sEl8pF/Tk3nj4q4k
+OynBLnMYQ1Oc52mMHjM+q3M7ryuJ2cb24JI7H0FUzRmUUDkmai2HhVzonHJfE4i/
+RCk+D/xFvfjLs1AM7dWmTHlKHC9nlwU/qLpdz/hrcaNooeyme5JwNaRlE7RXI1o+
+I/oeD8lODVk7F4HLkgoGLAposmmqbPd2E4hU8cHqwPKm6d3AGTPugH2V2jCg3pCR
+HlrVYGP3Qc4NKJ+TMiDeuRpJhlQYH+DUSgOZZma2Cb1J4SwSbJE5Ub7JqbU2jgzQ
+bl7VmUNk1BfrEQKCAQEA1+3bq5QPg+EQtRDq+MFeoquJVW3U3VNvt3K5hJcurom8
+SeJHtRaZPiiphOi5QvvOa+mc5ObVGvBPaqk/mJNGxcHjc2lLZdqWXjBBNEQoHDcK
+D7Nk8aCZ+LfWlgrJ1L8EN48KxzgKgQQwwpS4mXLnfkB9PoxAyT6jNh9nnPnWzt+D
+zYUFOeJEDZI+S79JUzlLK5GQFE/q98jSZQ6V6BTB5eyA9X13a9bGFbmDkUpXWIo4
+ua7Purid6Ah/ERhsahpJUgnvcY57n7K9A6gtKeC1K2GOgBhfYQHqoOD7Q1pro1py
+WHP5r1eYwPzgxYDsDw2dAYb19C/oKjbmY/c90noknwKCAQEA4ReQKNQ279oMnYte
+iud7QSjjv8sBo8DczA37jQ1io+ADFY5KzQ5u64Z2OGKlMtiKaHdnSRli5D/B1BPS
+mLoFkHwHVtXvqLXY2C5vmNysz4gwYB7devrtafJdOcGL6nALP8QAjCPk9SIH04YA
+x4nwTatOkAYLtNLbf9XOlJC+l1CugNWIOGdJ6eo4JweVJ72zKywzgsSi3Jq4b6M0
+EUEFR6iw5iao3UWCw+35vUQSKjneLBNhMI/Cfhm3yRmyiyUgI7QvNfv2a4XXCQxn
+t41It/Ar6vkjWfPg4z58Yyfq5NeWf5g1OnIEBpB3tCFt6GmP/GZOSqOjvIv2mu4a
+pCDJgQKCAQA5B3RWK6OxZBcCi3ZTvtacxgteicSHtAq0e9NtpnRI2s3lAaOIu3A7
+z4d+N+z+OP062Rd8CU9Nbxy6gfru9C7j+iJ1j+C/BO1j8QC3qiyhzxOUNAA8JPul
+igBd3nmR++VEOz5QgYecrZunOJpMxOFJIgUyKN7PiACZQdAe0ImgV7464KARuqXY
+o8BaRyo5lc85sZdJFhZr3RlcYW7MPfc8H6urqriIvc/RWw7Zp7XMB62VtQreOPZT
+mzLcNAQmPc0RotgfuM8DzbRIK/nJrrSKwZheUpGWUGhEl0clcdMt8Kx0miTe35bT
+mbZP044FJ8ZI6fk5xhFeXOOakWk9ls7nAoIBAQDe4EpU7o87AQ5QKhAjx7YTzkRy
+pOT0wZOHwOJefeTg280QJ5ks+p+ehxFjslphKqNFoa5RIclcfwN5nyBDddHp2Cmr
+HScxMHECVSfuZ/0OOnQ4DVdDS+aMHGJUp0dZl1OYXmNwjq6sMNV8s87TIwUB4cbp
+eubm4RQcg+sQRxCwyH5FavJZaxD7rYjkIhLD9IwtBzotSr9PThVQwSlWC2ydjCHv
+mKiCiGDZM1a9xZtTghN6dEzJ/ZsjSbpLV2mx0XW1+cGbbQhh2G7n4xhhrAxk3Juu
+wfjhXoNX5S2Rz4ISZGQZQiAnrwS0e7vgap8bQRL6GbTfQo/hpxMXXpuQIUlT
+-----END RSA PRIVATE KEY-----